From ed7d79f96177044949744da10f4431c1d6242241 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Tue, 23 Feb 2010 10:34:14 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.3.6) --- Doxyfile.in | 1180 +- Makefile.am | 3 + Makefile.in | 224 +- NEWS | 305 +- aclocal.m4 | 8270 +------------ config.guess | 51 +- config.sub | 54 +- configure | 11724 +++++++------------ configure.in | 977 +- depcomp | 87 +- install-sh | 5 +- ltmain.sh | 25 +- m4/config/libtool.m4 | 7376 ++++++++++++ m4/config/ltoptions.m4 | 368 + m4/config/ltsugar.m4 | 123 + m4/config/ltversion.m4 | 23 + m4/config/lt~obsolete.m4 | 92 + m4/macros/enable-disable.m4 | 32 + m4/macros/with.m4 | 24 + missing | 49 +- scripts/Makefile.am | 3 +- scripts/Makefile.in | 118 +- scripts/bin2array.c | 2 +- scripts/bin2sql.c | 2 +- scripts/dh_speed.c | 28 +- scripts/id2sql.c | 4 +- scripts/key2keyid.c | 50 +- scripts/keyid2sql.c | 49 +- scripts/pubkey_speed.c | 43 +- scripts/thread_analysis.c | 22 +- src/Makefile.am | 8 +- src/Makefile.in | 196 +- src/_copyright/Makefile.in | 262 +- src/_copyright/_copyright.c | 4 +- src/_updown/Makefile.am | 6 +- src/_updown/Makefile.in | 222 +- src/_updown/_updown.in | 26 +- src/_updown_espmark/Makefile.in | 216 +- src/charon/Makefile.am | 55 +- src/charon/Makefile.in | 839 +- src/charon/bus/bus.c | 164 +- src/charon/bus/bus.h | 49 +- src/charon/bus/listeners/file_logger.c | 16 +- src/charon/bus/listeners/file_logger.h | 6 +- src/charon/bus/listeners/listener.h | 29 +- src/charon/bus/listeners/sys_logger.c | 16 +- src/charon/bus/listeners/sys_logger.h | 6 +- src/charon/config/attributes/attribute_handler.h | 58 - src/charon/config/attributes/attribute_manager.c | 267 - src/charon/config/attributes/attribute_manager.h | 135 - src/charon/config/attributes/attribute_provider.h | 67 - src/charon/config/auth_cfg.c | 56 +- src/charon/config/auth_cfg.h | 24 +- src/charon/config/backend_manager.c | 67 +- src/charon/config/backend_manager.h | 14 +- src/charon/config/child_cfg.c | 143 +- src/charon/config/child_cfg.h | 146 +- src/charon/config/ike_cfg.c | 44 +- src/charon/config/ike_cfg.h | 48 +- src/charon/config/peer_cfg.c | 90 +- src/charon/config/peer_cfg.h | 90 +- src/charon/config/proposal.c | 131 +- src/charon/config/proposal.h | 63 +- src/charon/config/traffic_selector.c | 856 -- src/charon/config/traffic_selector.h | 304 - src/charon/control/controller.c | 62 +- src/charon/control/controller.h | 12 +- src/charon/credentials/credential_manager.c | 337 +- src/charon/credentials/credential_manager.h | 36 +- src/charon/credentials/credential_set.h | 12 +- src/charon/credentials/sets/auth_cfg_wrapper.c | 24 +- src/charon/credentials/sets/auth_cfg_wrapper.h | 8 +- src/charon/credentials/sets/cert_cache.c | 46 +- src/charon/credentials/sets/cert_cache.h | 6 +- .../credentials/sets/ocsp_response_wrapper.c | 14 +- .../credentials/sets/ocsp_response_wrapper.h | 8 +- src/charon/daemon.c | 160 +- src/charon/daemon.h | 119 +- src/charon/encoding/generator.c | 172 +- src/charon/encoding/generator.h | 10 +- src/charon/encoding/message.c | 480 +- src/charon/encoding/message.h | 114 +- src/charon/encoding/parser.c | 44 +- src/charon/encoding/parser.h | 16 +- src/charon/encoding/payloads/auth_payload.c | 30 +- src/charon/encoding/payloads/auth_payload.h | 20 +- src/charon/encoding/payloads/cert_payload.c | 43 +- src/charon/encoding/payloads/cert_payload.h | 30 +- src/charon/encoding/payloads/certreq_payload.c | 26 +- src/charon/encoding/payloads/certreq_payload.h | 10 +- .../encoding/payloads/configuration_attribute.c | 217 +- .../encoding/payloads/configuration_attribute.h | 99 +- src/charon/encoding/payloads/cp_payload.c | 159 +- src/charon/encoding/payloads/cp_payload.h | 61 +- src/charon/encoding/payloads/delete_payload.c | 34 +- src/charon/encoding/payloads/delete_payload.h | 10 +- src/charon/encoding/payloads/eap_payload.c | 197 +- src/charon/encoding/payloads/eap_payload.h | 16 +- src/charon/encoding/payloads/encodings.h | 378 +- src/charon/encoding/payloads/encryption_payload.c | 132 +- src/charon/encoding/payloads/encryption_payload.h | 44 +- src/charon/encoding/payloads/endpoint_notify.c | 90 +- src/charon/encoding/payloads/endpoint_notify.h | 62 +- src/charon/encoding/payloads/id_payload.c | 34 +- src/charon/encoding/payloads/id_payload.h | 26 +- src/charon/encoding/payloads/ike_header.c | 83 +- src/charon/encoding/payloads/ike_header.h | 41 +- src/charon/encoding/payloads/ke_payload.c | 54 +- src/charon/encoding/payloads/ke_payload.h | 22 +- src/charon/encoding/payloads/nonce_payload.c | 48 +- src/charon/encoding/payloads/nonce_payload.h | 10 +- src/charon/encoding/payloads/notify_payload.c | 96 +- src/charon/encoding/payloads/notify_payload.h | 54 +- src/charon/encoding/payloads/payload.h | 64 +- .../encoding/payloads/proposal_substructure.c | 106 +- .../encoding/payloads/proposal_substructure.h | 36 +- src/charon/encoding/payloads/sa_payload.c | 74 +- src/charon/encoding/payloads/sa_payload.h | 26 +- .../payloads/traffic_selector_substructure.c | 46 +- .../payloads/traffic_selector_substructure.h | 48 +- src/charon/encoding/payloads/transform_attribute.c | 50 +- src/charon/encoding/payloads/transform_attribute.h | 34 +- .../encoding/payloads/transform_substructure.c | 80 +- .../encoding/payloads/transform_substructure.h | 50 +- src/charon/encoding/payloads/ts_payload.c | 54 +- src/charon/encoding/payloads/ts_payload.h | 32 +- src/charon/encoding/payloads/unknown_payload.c | 28 +- src/charon/encoding/payloads/unknown_payload.h | 14 +- src/charon/encoding/payloads/vendor_id_payload.c | 99 +- src/charon/encoding/payloads/vendor_id_payload.h | 49 +- src/charon/kernel/kernel_interface.c | 53 +- src/charon/kernel/kernel_interface.h | 106 +- src/charon/kernel/kernel_ipsec.c | 2 - src/charon/kernel/kernel_ipsec.h | 82 +- src/charon/kernel/kernel_net.h | 26 +- src/charon/network/packet.c | 16 +- src/charon/network/packet.h | 46 +- src/charon/network/receiver.c | 84 +- src/charon/network/receiver.h | 12 +- src/charon/network/sender.c | 39 +- src/charon/network/sender.h | 10 +- src/charon/network/socket-raw.c | 106 +- src/charon/network/socket.c | 93 +- src/charon/network/socket.h | 28 +- src/charon/plugins/attr/Makefile.in | 143 +- src/charon/plugins/attr/attr_plugin.c | 14 +- src/charon/plugins/attr/attr_plugin.h | 2 +- src/charon/plugins/attr/attr_provider.c | 118 +- src/charon/plugins/attr/attr_provider.h | 6 +- src/charon/plugins/eap_aka/Makefile.am | 13 +- src/charon/plugins/eap_aka/Makefile.in | 183 +- src/charon/plugins/eap_aka/eap_aka.c | 1553 --- src/charon/plugins/eap_aka/eap_aka.h | 81 - src/charon/plugins/eap_aka/eap_aka_peer.c | 583 + src/charon/plugins/eap_aka/eap_aka_peer.h | 49 + src/charon/plugins/eap_aka/eap_aka_plugin.c | 19 +- src/charon/plugins/eap_aka/eap_aka_plugin.h | 7 +- src/charon/plugins/eap_aka/eap_aka_server.c | 700 ++ src/charon/plugins/eap_aka/eap_aka_server.h | 49 + src/charon/plugins/eap_aka_3gpp2/Makefile.am | 15 + src/charon/plugins/eap_aka_3gpp2/Makefile.in | 579 + .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c | 178 + .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h | 53 + .../eap_aka_3gpp2/eap_aka_3gpp2_functions.c | 394 + .../eap_aka_3gpp2/eap_aka_3gpp2_functions.h | 125 + .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c | 87 + .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h | 62 + .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c | 204 + .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h | 52 + src/charon/plugins/eap_gtc/Makefile.am | 6 +- src/charon/plugins/eap_gtc/Makefile.in | 169 +- src/charon/plugins/eap_gtc/eap_gtc.c | 54 +- src/charon/plugins/eap_gtc/eap_gtc_plugin.c | 8 +- src/charon/plugins/eap_identity/Makefile.am | 6 +- src/charon/plugins/eap_identity/Makefile.in | 171 +- src/charon/plugins/eap_identity/eap_identity.c | 32 +- .../plugins/eap_identity/eap_identity_plugin.c | 6 +- src/charon/plugins/eap_md5/Makefile.am | 6 +- src/charon/plugins/eap_md5/Makefile.in | 169 +- src/charon/plugins/eap_md5/eap_md5.c | 52 +- src/charon/plugins/eap_md5/eap_md5_plugin.c | 6 +- src/charon/plugins/eap_mschapv2/Makefile.am | 6 +- src/charon/plugins/eap_mschapv2/Makefile.in | 171 +- src/charon/plugins/eap_mschapv2/eap_mschapv2.c | 317 +- .../plugins/eap_mschapv2/eap_mschapv2_plugin.c | 6 +- src/charon/plugins/eap_radius/Makefile.am | 6 +- src/charon/plugins/eap_radius/Makefile.in | 169 +- src/charon/plugins/eap_radius/eap_radius.c | 76 +- src/charon/plugins/eap_radius/eap_radius_plugin.c | 8 +- src/charon/plugins/eap_radius/radius_client.c | 69 +- src/charon/plugins/eap_radius/radius_client.h | 8 +- src/charon/plugins/eap_radius/radius_message.c | 33 +- src/charon/plugins/eap_radius/radius_message.h | 20 +- src/charon/plugins/eap_sim/Makefile.am | 15 +- src/charon/plugins/eap_sim/Makefile.in | 184 +- src/charon/plugins/eap_sim/eap_sim.c | 1149 -- src/charon/plugins/eap_sim/eap_sim.h | 61 - src/charon/plugins/eap_sim/eap_sim_peer.c | 654 ++ src/charon/plugins/eap_sim/eap_sim_peer.h | 57 + src/charon/plugins/eap_sim/eap_sim_plugin.c | 19 +- src/charon/plugins/eap_sim/eap_sim_server.c | 611 + src/charon/plugins/eap_sim/eap_sim_server.h | 57 + src/charon/plugins/eap_sim_file/Makefile.am | 8 +- src/charon/plugins/eap_sim_file/Makefile.in | 173 +- .../plugins/eap_sim_file/eap_sim_file_card.c | 71 +- .../plugins/eap_sim_file/eap_sim_file_card.h | 4 +- .../plugins/eap_sim_file/eap_sim_file_plugin.c | 24 +- .../plugins/eap_sim_file/eap_sim_file_provider.c | 43 +- .../plugins/eap_sim_file/eap_sim_file_provider.h | 6 +- .../plugins/eap_sim_file/eap_sim_file_triplets.c | 58 +- .../plugins/eap_sim_file/eap_sim_file_triplets.h | 20 +- .../plugins/eap_simaka_pseudonym/Makefile.am | 13 + .../plugins/eap_simaka_pseudonym/Makefile.in | 577 + .../eap_simaka_pseudonym_card.c | 154 + .../eap_simaka_pseudonym_card.h | 49 + .../eap_simaka_pseudonym_plugin.c | 81 + .../eap_simaka_pseudonym_plugin.h | 47 + .../eap_simaka_pseudonym_provider.c | 182 + .../eap_simaka_pseudonym_provider.h | 49 + src/charon/plugins/eap_simaka_reauth/Makefile.am | 13 + src/charon/plugins/eap_simaka_reauth/Makefile.in | 576 + .../eap_simaka_reauth/eap_simaka_reauth_card.c | 170 + .../eap_simaka_reauth/eap_simaka_reauth_card.h | 49 + .../eap_simaka_reauth/eap_simaka_reauth_plugin.c | 79 + .../eap_simaka_reauth/eap_simaka_reauth_plugin.h | 47 + .../eap_simaka_reauth/eap_simaka_reauth_provider.c | 209 + .../eap_simaka_reauth/eap_simaka_reauth_provider.h | 49 + src/charon/plugins/kernel_klips/Makefile.am | 2 +- src/charon/plugins/kernel_klips/Makefile.in | 145 +- .../plugins/kernel_klips/kernel_klips_ipsec.c | 618 +- .../plugins/kernel_klips/kernel_klips_plugin.c | 6 +- src/charon/plugins/kernel_klips/pfkeyv2.h | 4 +- src/charon/plugins/kernel_netlink/Makefile.am | 6 +- src/charon/plugins/kernel_netlink/Makefile.in | 150 +- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 591 +- .../plugins/kernel_netlink/kernel_netlink_net.c | 384 +- .../plugins/kernel_netlink/kernel_netlink_plugin.c | 6 +- .../plugins/kernel_netlink/kernel_netlink_shared.c | 58 +- .../plugins/kernel_netlink/kernel_netlink_shared.h | 12 +- src/charon/plugins/kernel_pfkey/Makefile.am | 2 +- src/charon/plugins/kernel_pfkey/Makefile.in | 145 +- .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 392 +- .../plugins/kernel_pfkey/kernel_pfkey_plugin.c | 6 +- src/charon/plugins/kernel_pfroute/Makefile.am | 2 +- src/charon/plugins/kernel_pfroute/Makefile.in | 145 +- .../plugins/kernel_pfroute/kernel_pfroute_net.c | 131 +- .../plugins/kernel_pfroute/kernel_pfroute_plugin.c | 6 +- src/charon/plugins/load_tester/Makefile.in | 143 +- .../plugins/load_tester/load_tester_config.c | 75 +- .../plugins/load_tester/load_tester_config.h | 4 +- src/charon/plugins/load_tester/load_tester_creds.c | 65 +- src/charon/plugins/load_tester/load_tester_creds.h | 4 +- .../load_tester/load_tester_diffie_hellman.c | 8 +- .../load_tester/load_tester_diffie_hellman.h | 6 +- src/charon/plugins/load_tester/load_tester_ipsec.c | 29 +- .../plugins/load_tester/load_tester_listener.c | 20 +- .../plugins/load_tester/load_tester_listener.h | 4 +- .../plugins/load_tester/load_tester_plugin.c | 59 +- .../plugins/load_tester/load_tester_plugin.h | 2 +- src/charon/plugins/medcli/Makefile.in | 143 +- src/charon/plugins/medcli/medcli_config.c | 85 +- src/charon/plugins/medcli/medcli_config.h | 4 +- src/charon/plugins/medcli/medcli_creds.c | 18 +- src/charon/plugins/medcli/medcli_creds.h | 4 +- src/charon/plugins/medcli/medcli_listener.c | 10 +- src/charon/plugins/medcli/medcli_listener.h | 4 +- src/charon/plugins/medcli/medcli_plugin.c | 20 +- src/charon/plugins/medsrv/Makefile.in | 143 +- src/charon/plugins/medsrv/medsrv_config.c | 20 +- src/charon/plugins/medsrv/medsrv_config.h | 4 +- src/charon/plugins/medsrv/medsrv_creds.c | 12 +- src/charon/plugins/medsrv/medsrv_creds.h | 4 +- src/charon/plugins/medsrv/medsrv_plugin.c | 18 +- src/charon/plugins/nm/Makefile.am | 3 +- src/charon/plugins/nm/Makefile.in | 147 +- src/charon/plugins/nm/nm_creds.c | 240 +- src/charon/plugins/nm/nm_creds.h | 15 +- src/charon/plugins/nm/nm_handler.c | 69 +- src/charon/plugins/nm/nm_handler.h | 10 +- src/charon/plugins/nm/nm_plugin.c | 26 +- src/charon/plugins/nm/nm_service.c | 168 +- src/charon/plugins/resolv_conf/Makefile.am | 13 - src/charon/plugins/resolv_conf/Makefile.in | 518 - .../plugins/resolv_conf/resolv_conf_handler.c | 192 - .../plugins/resolv_conf/resolv_conf_handler.h | 49 - .../plugins/resolv_conf/resolv_conf_plugin.c | 64 - .../plugins/resolv_conf/resolv_conf_plugin.h | 47 - src/charon/plugins/resolve/Makefile.am | 13 + src/charon/plugins/resolve/Makefile.in | 574 + src/charon/plugins/resolve/resolve_handler.c | 251 + src/charon/plugins/resolve/resolve_handler.h | 49 + src/charon/plugins/resolve/resolve_plugin.c | 62 + src/charon/plugins/resolve/resolve_plugin.h | 47 + src/charon/plugins/smp/Makefile.in | 143 +- src/charon/plugins/smp/smp.c | 156 +- src/charon/plugins/sql/Makefile.am | 11 +- src/charon/plugins/sql/Makefile.in | 240 +- src/charon/plugins/sql/pool.c | 797 -- src/charon/plugins/sql/sql_attribute.c | 363 - src/charon/plugins/sql/sql_attribute.h | 49 - src/charon/plugins/sql/sql_config.c | 49 +- src/charon/plugins/sql/sql_config.h | 4 +- src/charon/plugins/sql/sql_cred.c | 20 +- src/charon/plugins/sql/sql_cred.h | 4 +- src/charon/plugins/sql/sql_logger.c | 20 +- src/charon/plugins/sql/sql_logger.h | 4 +- src/charon/plugins/sql/sql_plugin.c | 30 +- src/charon/plugins/stroke/Makefile.am | 2 +- src/charon/plugins/stroke/Makefile.in | 145 +- src/charon/plugins/stroke/stroke_attribute.c | 68 +- src/charon/plugins/stroke/stroke_attribute.h | 14 +- src/charon/plugins/stroke/stroke_ca.c | 77 +- src/charon/plugins/stroke/stroke_ca.h | 18 +- src/charon/plugins/stroke/stroke_config.c | 142 +- src/charon/plugins/stroke/stroke_config.h | 12 +- src/charon/plugins/stroke/stroke_control.c | 52 +- src/charon/plugins/stroke/stroke_control.h | 12 +- src/charon/plugins/stroke/stroke_cred.c | 357 +- src/charon/plugins/stroke/stroke_cred.h | 21 +- src/charon/plugins/stroke/stroke_list.c | 385 +- src/charon/plugins/stroke/stroke_list.h | 6 +- src/charon/plugins/stroke/stroke_plugin.c | 6 +- src/charon/plugins/stroke/stroke_plugin.h | 2 +- src/charon/plugins/stroke/stroke_shared_key.c | 12 +- src/charon/plugins/stroke/stroke_shared_key.h | 6 +- src/charon/plugins/stroke/stroke_socket.c | 95 +- src/charon/plugins/stroke/stroke_socket.h | 8 +- src/charon/plugins/uci/Makefile.in | 143 +- src/charon/plugins/uci/uci_config.c | 47 +- src/charon/plugins/uci/uci_config.h | 4 +- src/charon/plugins/uci/uci_control.c | 35 +- src/charon/plugins/uci/uci_control.h | 2 +- src/charon/plugins/uci/uci_creds.c | 14 +- src/charon/plugins/uci/uci_creds.h | 4 +- src/charon/plugins/uci/uci_parser.c | 24 +- src/charon/plugins/uci/uci_parser.h | 4 +- src/charon/plugins/uci/uci_plugin.c | 12 +- src/charon/plugins/unit_tester/Makefile.in | 221 +- src/charon/plugins/unit_tester/tests.h | 2 +- src/charon/plugins/unit_tester/tests/test_agent.c | 14 +- .../plugins/unit_tester/tests/test_auth_info.c | 17 +- src/charon/plugins/unit_tester/tests/test_cert.c | 12 +- src/charon/plugins/unit_tester/tests/test_chunk.c | 20 +- src/charon/plugins/unit_tester/tests/test_curl.c | 4 +- .../plugins/unit_tester/tests/test_enumerator.c | 34 +- src/charon/plugins/unit_tester/tests/test_id.c | 22 +- src/charon/plugins/unit_tester/tests/test_med_db.c | 16 +- src/charon/plugins/unit_tester/tests/test_mutex.c | 16 +- src/charon/plugins/unit_tester/tests/test_mysql.c | 5 +- src/charon/plugins/unit_tester/tests/test_pool.c | 21 +- .../plugins/unit_tester/tests/test_rsa_gen.c | 55 +- src/charon/plugins/unit_tester/tests/test_sqlite.c | 5 +- src/charon/plugins/unit_tester/unit_tester.c | 16 +- src/charon/plugins/unit_tester/unit_tester.h | 2 +- src/charon/plugins/updown/Makefile.am | 2 +- src/charon/plugins/updown/Makefile.in | 145 +- src/charon/plugins/updown/updown_listener.c | 102 +- src/charon/plugins/updown/updown_listener.h | 6 +- src/charon/plugins/updown/updown_plugin.c | 8 +- src/charon/processing/jobs/acquire_job.c | 12 +- src/charon/processing/jobs/acquire_job.h | 4 +- src/charon/processing/jobs/callback_job.c | 178 +- src/charon/processing/jobs/callback_job.h | 13 +- src/charon/processing/jobs/delete_child_sa_job.c | 20 +- src/charon/processing/jobs/delete_child_sa_job.h | 6 +- src/charon/processing/jobs/delete_ike_sa_job.c | 14 +- src/charon/processing/jobs/delete_ike_sa_job.h | 8 +- src/charon/processing/jobs/inactivity_job.c | 150 + src/charon/processing/jobs/inactivity_job.h | 53 + .../processing/jobs/initiate_mediation_job.c | 78 +- .../processing/jobs/initiate_mediation_job.h | 11 +- src/charon/processing/jobs/job.h | 2 +- src/charon/processing/jobs/mediation_job.c | 34 +- src/charon/processing/jobs/mediation_job.h | 10 +- src/charon/processing/jobs/migrate_job.c | 12 +- src/charon/processing/jobs/migrate_job.h | 18 +- src/charon/processing/jobs/process_message_job.c | 12 +- src/charon/processing/jobs/process_message_job.h | 2 +- src/charon/processing/jobs/rekey_child_sa_job.c | 20 +- src/charon/processing/jobs/rekey_child_sa_job.h | 2 +- src/charon/processing/jobs/rekey_ike_sa_job.c | 16 +- src/charon/processing/jobs/rekey_ike_sa_job.h | 2 +- src/charon/processing/jobs/retransmit_job.c | 10 +- src/charon/processing/jobs/retransmit_job.h | 2 +- src/charon/processing/jobs/roam_job.c | 16 +- src/charon/processing/jobs/roam_job.h | 4 +- src/charon/processing/jobs/send_dpd_job.c | 12 +- src/charon/processing/jobs/send_dpd_job.h | 4 +- src/charon/processing/jobs/send_keepalive_job.c | 10 +- src/charon/processing/jobs/send_keepalive_job.h | 4 +- src/charon/processing/jobs/update_sa_job.c | 14 +- src/charon/processing/jobs/update_sa_job.h | 2 +- src/charon/processing/processor.c | 87 +- src/charon/processing/processor.h | 16 +- src/charon/processing/scheduler.c | 86 +- src/charon/processing/scheduler.h | 15 +- src/charon/sa/authenticators/authenticator.c | 2 +- src/charon/sa/authenticators/authenticator.h | 34 +- src/charon/sa/authenticators/eap/eap_manager.c | 26 +- src/charon/sa/authenticators/eap/eap_manager.h | 12 +- src/charon/sa/authenticators/eap/eap_method.c | 28 +- src/charon/sa/authenticators/eap/eap_method.h | 24 +- src/charon/sa/authenticators/eap/sim_manager.c | 462 +- src/charon/sa/authenticators/eap/sim_manager.h | 459 +- src/charon/sa/authenticators/eap_authenticator.c | 175 +- src/charon/sa/authenticators/eap_authenticator.h | 2 +- src/charon/sa/authenticators/psk_authenticator.c | 30 +- src/charon/sa/authenticators/psk_authenticator.h | 2 +- .../sa/authenticators/pubkey_authenticator.c | 34 +- .../sa/authenticators/pubkey_authenticator.h | 2 +- src/charon/sa/child_sa.c | 185 +- src/charon/sa/child_sa.h | 71 +- src/charon/sa/connect_manager.c | 663 +- src/charon/sa/connect_manager.h | 105 +- src/charon/sa/ike_sa.c | 453 +- src/charon/sa/ike_sa.h | 351 +- src/charon/sa/ike_sa_id.h | 12 +- src/charon/sa/ike_sa_manager.c | 256 +- src/charon/sa/ike_sa_manager.h | 56 +- src/charon/sa/keymat.c | 113 +- src/charon/sa/keymat.h | 14 +- src/charon/sa/mediation_manager.c | 78 +- src/charon/sa/mediation_manager.h | 43 +- src/charon/sa/task_manager.c | 170 +- src/charon/sa/task_manager.h | 26 +- src/charon/sa/tasks/child_create.c | 325 +- src/charon/sa/tasks/child_create.h | 10 +- src/charon/sa/tasks/child_delete.c | 63 +- src/charon/sa/tasks/child_delete.h | 2 +- src/charon/sa/tasks/child_rekey.c | 173 +- src/charon/sa/tasks/child_rekey.h | 4 +- src/charon/sa/tasks/ike_auth.c | 363 +- src/charon/sa/tasks/ike_auth_lifetime.c | 44 +- src/charon/sa/tasks/ike_auth_lifetime.h | 4 +- src/charon/sa/tasks/ike_cert_post.c | 100 +- src/charon/sa/tasks/ike_cert_post.h | 2 +- src/charon/sa/tasks/ike_cert_pre.c | 101 +- src/charon/sa/tasks/ike_cert_pre.h | 2 +- src/charon/sa/tasks/ike_config.c | 276 +- src/charon/sa/tasks/ike_config.h | 2 +- src/charon/sa/tasks/ike_delete.c | 18 +- src/charon/sa/tasks/ike_dpd.c | 6 +- src/charon/sa/tasks/ike_init.c | 168 +- src/charon/sa/tasks/ike_init.h | 2 +- src/charon/sa/tasks/ike_me.c | 316 +- src/charon/sa/tasks/ike_me.h | 40 +- src/charon/sa/tasks/ike_mobike.c | 74 +- src/charon/sa/tasks/ike_mobike.h | 16 +- src/charon/sa/tasks/ike_natd.c | 80 +- src/charon/sa/tasks/ike_natd.h | 2 +- src/charon/sa/tasks/ike_reauth.c | 26 +- src/charon/sa/tasks/ike_rekey.c | 89 +- src/charon/sa/tasks/ike_rekey.h | 4 +- src/charon/sa/tasks/ike_vendor.c | 139 + src/charon/sa/tasks/ike_vendor.h | 49 + src/charon/sa/tasks/task.c | 2 + src/charon/sa/tasks/task.h | 12 +- src/charon/sa/trap_manager.c | 112 +- src/charon/sa/trap_manager.h | 12 +- src/checksum/Makefile.am | 5 +- src/checksum/Makefile.in | 160 +- src/checksum/checksum_builder.c | 18 +- src/dumm/Makefile.in | 199 +- src/dumm/bridge.c | 6 +- src/dumm/bridge.h | 12 +- src/dumm/cowfs.c | 115 +- src/dumm/cowfs.h | 4 +- src/dumm/dumm.c | 44 +- src/dumm/dumm.h | 18 +- src/dumm/ext/dumm.c | 93 +- src/dumm/guest.c | 76 +- src/dumm/guest.h | 40 +- src/dumm/iface.c | 18 +- src/dumm/iface.h | 20 +- src/dumm/irdumm.c | 8 +- src/dumm/main.c | 134 +- src/dumm/mconsole.c | 42 +- src/dumm/mconsole.h | 8 +- src/include/Makefile.in | 73 +- src/include/linux/netlink.h | 6 +- src/include/linux/rtnetlink.h | 18 +- src/include/linux/udp.h | 2 +- src/include/linux/xfrm.h | 10 +- src/ipsec/Makefile.in | 216 +- src/libfast/Makefile.am | 2 +- src/libfast/Makefile.in | 149 +- src/libfast/context.h | 2 +- src/libfast/controller.h | 6 +- src/libfast/dispatcher.c | 261 +- src/libfast/dispatcher.h | 34 +- src/libfast/filter.h | 4 +- src/libfast/request.c | 82 +- src/libfast/request.h | 36 +- src/libfast/session.c | 54 +- src/libfast/session.h | 12 +- src/libfreeswan/Makefile.in | 206 +- src/libfreeswan/addrtoa.c | 4 +- src/libfreeswan/addrtot.c | 10 +- src/libfreeswan/addrtypeof.c | 4 +- src/libfreeswan/anyaddr.c | 4 +- src/libfreeswan/atoaddr.c | 4 +- src/libfreeswan/atoasr.c | 4 +- src/libfreeswan/atosa.c | 4 +- src/libfreeswan/atosubnet.c | 4 +- src/libfreeswan/atoul.c | 4 +- src/libfreeswan/datatot.c | 4 +- src/libfreeswan/freeswan.h | 6 +- src/libfreeswan/goodmask.c | 6 +- src/libfreeswan/initaddr.c | 4 +- src/libfreeswan/initsaid.c | 4 +- src/libfreeswan/initsubnet.c | 4 +- src/libfreeswan/internal.h | 4 +- src/libfreeswan/ipsec_param.h | 16 +- src/libfreeswan/keyblobtoid.c | 4 +- src/libfreeswan/pfkey.h | 4 +- src/libfreeswan/pfkey_v2_build.c | 118 +- src/libfreeswan/pfkey_v2_debug.c | 6 +- src/libfreeswan/pfkey_v2_ext_bits.c | 4 +- src/libfreeswan/pfkey_v2_parse.c | 156 +- src/libfreeswan/pfkeyv2.h | 7 +- src/libfreeswan/portof.c | 4 +- src/libfreeswan/prng.c | 4 +- src/libfreeswan/rangetoa.c | 4 +- src/libfreeswan/rangetosubnet.c | 4 +- src/libfreeswan/sameaddr.c | 4 +- src/libfreeswan/satoa.c | 4 +- src/libfreeswan/satot.c | 6 +- src/libfreeswan/subnetof.c | 4 +- src/libfreeswan/subnettoa.c | 4 +- src/libfreeswan/subnettot.c | 4 +- src/libfreeswan/subnettypeof.c | 4 +- src/libfreeswan/ttoaddr.c | 10 +- src/libfreeswan/ttodata.c | 10 +- src/libfreeswan/ttoprotoport.c | 2 +- src/libfreeswan/ttosa.c | 4 +- src/libfreeswan/ttosubnet.c | 4 +- src/libfreeswan/ttoul.c | 4 +- src/libfreeswan/ultoa.c | 4 +- src/libfreeswan/ultot.c | 4 +- src/libsimaka/Makefile.am | 6 + src/libsimaka/Makefile.in | 516 + src/libsimaka/simaka_crypto.c | 241 + src/libsimaka/simaka_crypto.h | 110 + src/libsimaka/simaka_message.c | 909 ++ src/libsimaka/simaka_message.h | 273 + src/libstrongswan/Makefile.am | 41 +- src/libstrongswan/Makefile.in | 650 +- src/libstrongswan/asn1/asn1.c | 311 +- src/libstrongswan/asn1/asn1.h | 110 +- src/libstrongswan/asn1/asn1_parser.c | 38 +- src/libstrongswan/asn1/asn1_parser.h | 16 +- src/libstrongswan/asn1/oid.c | 566 +- src/libstrongswan/asn1/oid.h | 296 +- src/libstrongswan/asn1/oid.txt | 78 +- src/libstrongswan/asn1/pem.c | 393 - src/libstrongswan/asn1/pem.h | 29 - src/libstrongswan/attributes/attribute_handler.h | 72 + src/libstrongswan/attributes/attribute_manager.c | 374 + src/libstrongswan/attributes/attribute_manager.h | 149 + src/libstrongswan/attributes/attribute_provider.h | 67 + src/libstrongswan/attributes/attributes.c | 43 + src/libstrongswan/attributes/attributes.h | 62 + src/libstrongswan/chunk.c | 87 +- src/libstrongswan/chunk.h | 34 +- src/libstrongswan/credentials/builder.c | 31 +- src/libstrongswan/credentials/builder.h | 105 +- src/libstrongswan/credentials/certificates/ac.h | 24 +- .../credentials/certificates/certificate.c | 7 +- .../credentials/certificates/certificate.h | 42 +- src/libstrongswan/credentials/certificates/crl.c | 2 +- src/libstrongswan/credentials/certificates/crl.h | 28 +- .../credentials/certificates/ocsp_response.h | 10 +- .../credentials/certificates/pgp_certificate.h | 46 + .../credentials/certificates/pkcs10.h | 57 + src/libstrongswan/credentials/certificates/x509.c | 6 +- src/libstrongswan/credentials/certificates/x509.h | 56 +- src/libstrongswan/credentials/credential_factory.c | 159 +- src/libstrongswan/credentials/credential_factory.h | 39 +- .../credentials/ietf_attributes/ietf_attributes.c | 533 + .../credentials/ietf_attributes/ietf_attributes.h | 92 + src/libstrongswan/credentials/keys/key_encoding.c | 299 + src/libstrongswan/credentials/keys/key_encoding.h | 203 + src/libstrongswan/credentials/keys/private_key.c | 62 + src/libstrongswan/credentials/keys/private_key.h | 89 +- src/libstrongswan/credentials/keys/public_key.c | 56 +- src/libstrongswan/credentials/keys/public_key.h | 87 +- src/libstrongswan/credentials/keys/shared_key.c | 12 +- src/libstrongswan/credentials/keys/shared_key.h | 18 +- src/libstrongswan/crypto/crypters/crypter.h | 25 +- src/libstrongswan/crypto/crypto_factory.c | 62 +- src/libstrongswan/crypto/crypto_factory.h | 46 +- src/libstrongswan/crypto/crypto_tester.c | 90 +- src/libstrongswan/crypto/crypto_tester.h | 10 +- src/libstrongswan/crypto/diffie_hellman.h | 28 +- src/libstrongswan/crypto/hashers/hasher.c | 64 +- src/libstrongswan/crypto/hashers/hasher.h | 34 +- src/libstrongswan/crypto/pkcs9.c | 56 +- src/libstrongswan/crypto/pkcs9.h | 12 +- src/libstrongswan/crypto/prf_plus.c | 34 +- src/libstrongswan/crypto/prf_plus.h | 18 +- src/libstrongswan/crypto/prfs/prf.h | 22 +- .../crypto/proposal/proposal_keywords.c | 91 +- .../crypto/proposal/proposal_keywords.h | 6 +- .../crypto/proposal/proposal_keywords.txt | 4 +- src/libstrongswan/crypto/rngs/rng.h | 8 +- src/libstrongswan/crypto/signers/signer.c | 7 +- src/libstrongswan/crypto/signers/signer.h | 28 +- src/libstrongswan/database/database.h | 58 +- src/libstrongswan/database/database_factory.c | 14 +- src/libstrongswan/database/database_factory.h | 12 +- src/libstrongswan/debug.c | 43 +- src/libstrongswan/debug.h | 14 +- src/libstrongswan/enum.h | 6 +- src/libstrongswan/fetcher/fetcher.h | 22 +- src/libstrongswan/fetcher/fetcher_manager.c | 22 +- src/libstrongswan/fetcher/fetcher_manager.h | 12 +- src/libstrongswan/integrity_checker.c | 42 +- src/libstrongswan/integrity_checker.h | 14 +- src/libstrongswan/library.c | 22 +- src/libstrongswan/library.h | 34 +- src/libstrongswan/pgp/pgp.c | 93 - src/libstrongswan/pgp/pgp.h | 115 - src/libstrongswan/plugins/aes/Makefile.in | 143 +- src/libstrongswan/plugins/aes/aes_crypter.c | 136 +- src/libstrongswan/plugins/aes/aes_crypter.h | 4 +- src/libstrongswan/plugins/aes/aes_plugin.c | 6 +- src/libstrongswan/plugins/agent/Makefile.in | 143 +- src/libstrongswan/plugins/agent/agent_plugin.c | 10 +- src/libstrongswan/plugins/agent/agent_plugin.h | 2 +- .../plugins/agent/agent_private_key.c | 368 +- .../plugins/agent/agent_private_key.h | 15 +- src/libstrongswan/plugins/attr_sql/Makefile.am | 15 + src/libstrongswan/plugins/attr_sql/Makefile.in | 633 + .../plugins/attr_sql/attr_sql_plugin.c | 88 + .../plugins/attr_sql/attr_sql_plugin.h | 47 + src/libstrongswan/plugins/attr_sql/pool.c | 1050 ++ src/libstrongswan/plugins/attr_sql/sql_attribute.c | 384 + src/libstrongswan/plugins/attr_sql/sql_attribute.h | 50 + src/libstrongswan/plugins/blowfish/Makefile.am | 2 +- src/libstrongswan/plugins/blowfish/Makefile.in | 145 +- src/libstrongswan/plugins/blowfish/bf_enc.c | 12 +- src/libstrongswan/plugins/blowfish/bf_locl.h | 12 +- src/libstrongswan/plugins/blowfish/bf_pi.h | 524 +- src/libstrongswan/plugins/blowfish/bf_skey.c | 12 +- src/libstrongswan/plugins/blowfish/blowfish.h | 16 +- .../plugins/blowfish/blowfish_crypter.c | 32 +- .../plugins/blowfish/blowfish_crypter.h | 4 +- .../plugins/blowfish/blowfish_plugin.c | 6 +- src/libstrongswan/plugins/curl/Makefile.in | 143 +- src/libstrongswan/plugins/curl/curl_fetcher.c | 56 +- src/libstrongswan/plugins/curl/curl_fetcher.h | 5 - src/libstrongswan/plugins/curl/curl_plugin.c | 18 +- src/libstrongswan/plugins/des/Makefile.in | 143 +- src/libstrongswan/plugins/des/des_crypter.c | 52 +- src/libstrongswan/plugins/des/des_crypter.h | 4 +- src/libstrongswan/plugins/des/des_plugin.c | 6 +- src/libstrongswan/plugins/dnskey/Makefile.am | 12 + src/libstrongswan/plugins/dnskey/Makefile.in | 571 + src/libstrongswan/plugins/dnskey/dnskey_builder.c | 142 + src/libstrongswan/plugins/dnskey/dnskey_builder.h | 51 + src/libstrongswan/plugins/dnskey/dnskey_plugin.c | 60 + src/libstrongswan/plugins/dnskey/dnskey_plugin.h | 47 + src/libstrongswan/plugins/fips_prf/Makefile.in | 143 +- src/libstrongswan/plugins/fips_prf/fips_prf.c | 33 +- src/libstrongswan/plugins/fips_prf/fips_prf.h | 4 +- .../plugins/fips_prf/fips_prf_plugin.c | 6 +- src/libstrongswan/plugins/gcrypt/Makefile.am | 4 +- src/libstrongswan/plugins/gcrypt/Makefile.in | 150 +- src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c | 26 +- src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h | 4 +- src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 52 +- src/libstrongswan/plugins/gcrypt/gcrypt_dh.h | 4 +- src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c | 16 +- src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h | 4 +- src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 62 +- src/libstrongswan/plugins/gcrypt/gcrypt_rng.c | 12 +- src/libstrongswan/plugins/gcrypt/gcrypt_rng.h | 6 +- .../plugins/gcrypt/gcrypt_rsa_private_key.c | 496 +- .../plugins/gcrypt/gcrypt_rsa_private_key.h | 25 +- .../plugins/gcrypt/gcrypt_rsa_public_key.c | 315 +- .../plugins/gcrypt/gcrypt_rsa_public_key.h | 15 +- src/libstrongswan/plugins/gmp/Makefile.in | 143 +- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 78 +- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h | 4 +- src/libstrongswan/plugins/gmp/gmp_plugin.c | 36 +- src/libstrongswan/plugins/gmp/gmp_plugin.h | 2 +- .../plugins/gmp/gmp_rsa_private_key.c | 746 +- .../plugins/gmp/gmp_rsa_private_key.h | 24 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 544 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h | 14 +- src/libstrongswan/plugins/hmac/Makefile.in | 143 +- src/libstrongswan/plugins/hmac/hmac.c | 50 +- src/libstrongswan/plugins/hmac/hmac.h | 30 +- src/libstrongswan/plugins/hmac/hmac_plugin.c | 32 +- src/libstrongswan/plugins/hmac/hmac_prf.c | 14 +- src/libstrongswan/plugins/hmac/hmac_prf.h | 6 +- src/libstrongswan/plugins/hmac/hmac_signer.c | 22 +- src/libstrongswan/plugins/hmac/hmac_signer.h | 2 +- src/libstrongswan/plugins/ldap/Makefile.in | 143 +- src/libstrongswan/plugins/ldap/ldap_fetcher.c | 14 +- src/libstrongswan/plugins/ldap/ldap_plugin.c | 6 +- src/libstrongswan/plugins/md4/Makefile.in | 143 +- src/libstrongswan/plugins/md4/md4_hasher.c | 28 +- src/libstrongswan/plugins/md4/md4_hasher.h | 4 +- src/libstrongswan/plugins/md4/md4_plugin.c | 6 +- src/libstrongswan/plugins/md5/Makefile.in | 143 +- src/libstrongswan/plugins/md5/md5_hasher.c | 34 +- src/libstrongswan/plugins/md5/md5_hasher.h | 4 +- src/libstrongswan/plugins/md5/md5_plugin.c | 6 +- src/libstrongswan/plugins/mysql/Makefile.am | 4 +- src/libstrongswan/plugins/mysql/Makefile.in | 150 +- src/libstrongswan/plugins/mysql/mysql_database.c | 135 +- src/libstrongswan/plugins/mysql/mysql_plugin.c | 6 +- src/libstrongswan/plugins/openssl/Makefile.in | 143 +- .../plugins/openssl/openssl_crypter.c | 42 +- .../plugins/openssl/openssl_crypter.h | 4 +- .../plugins/openssl/openssl_diffie_hellman.c | 46 +- .../plugins/openssl/openssl_diffie_hellman.h | 4 +- .../plugins/openssl/openssl_ec_diffie_hellman.c | 64 +- .../plugins/openssl/openssl_ec_diffie_hellman.h | 4 +- .../plugins/openssl/openssl_ec_private_key.c | 461 +- .../plugins/openssl/openssl_ec_private_key.h | 23 +- .../plugins/openssl/openssl_ec_public_key.c | 413 +- .../plugins/openssl/openssl_ec_public_key.h | 11 +- src/libstrongswan/plugins/openssl/openssl_hasher.c | 28 +- src/libstrongswan/plugins/openssl/openssl_hasher.h | 4 +- src/libstrongswan/plugins/openssl/openssl_plugin.c | 106 +- .../plugins/openssl/openssl_rsa_private_key.c | 462 +- .../plugins/openssl/openssl_rsa_private_key.h | 36 +- .../plugins/openssl/openssl_rsa_public_key.c | 356 +- .../plugins/openssl/openssl_rsa_public_key.h | 10 +- src/libstrongswan/plugins/openssl/openssl_util.c | 33 +- src/libstrongswan/plugins/openssl/openssl_util.h | 10 +- src/libstrongswan/plugins/padlock/Makefile.in | 143 +- .../plugins/padlock/padlock_aes_crypter.c | 28 +- .../plugins/padlock/padlock_aes_crypter.h | 4 +- src/libstrongswan/plugins/padlock/padlock_plugin.c | 12 +- src/libstrongswan/plugins/padlock/padlock_rng.c | 18 +- src/libstrongswan/plugins/padlock/padlock_rng.h | 4 +- .../plugins/padlock/padlock_sha1_hasher.c | 24 +- .../plugins/padlock/padlock_sha1_hasher.h | 2 +- src/libstrongswan/plugins/pem/Makefile.am | 12 + src/libstrongswan/plugins/pem/Makefile.in | 569 + src/libstrongswan/plugins/pem/pem_builder.c | 566 + src/libstrongswan/plugins/pem/pem_builder.h | 57 + src/libstrongswan/plugins/pem/pem_plugin.c | 105 + src/libstrongswan/plugins/pem/pem_plugin.h | 47 + src/libstrongswan/plugins/pgp/Makefile.am | 15 + src/libstrongswan/plugins/pgp/Makefile.in | 576 + src/libstrongswan/plugins/pgp/pgp_builder.c | 275 + src/libstrongswan/plugins/pgp/pgp_builder.h | 45 + src/libstrongswan/plugins/pgp/pgp_cert.c | 501 + src/libstrongswan/plugins/pgp/pgp_cert.h | 48 + src/libstrongswan/plugins/pgp/pgp_encoder.c | 68 + src/libstrongswan/plugins/pgp/pgp_encoder.h | 32 + src/libstrongswan/plugins/pgp/pgp_plugin.c | 79 + src/libstrongswan/plugins/pgp/pgp_plugin.h | 47 + src/libstrongswan/plugins/pgp/pgp_utils.c | 180 + src/libstrongswan/plugins/pgp/pgp_utils.h | 130 + src/libstrongswan/plugins/pkcs1/Makefile.am | 13 + src/libstrongswan/plugins/pkcs1/Makefile.in | 572 + src/libstrongswan/plugins/pkcs1/pkcs1_builder.c | 299 + src/libstrongswan/plugins/pkcs1/pkcs1_builder.h | 45 + src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c | 160 + src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h | 32 + src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c | 70 + src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h | 47 + src/libstrongswan/plugins/plugin.h | 8 +- src/libstrongswan/plugins/plugin_loader.c | 64 +- src/libstrongswan/plugins/plugin_loader.h | 26 +- src/libstrongswan/plugins/pubkey/Makefile.am | 3 +- src/libstrongswan/plugins/pubkey/Makefile.in | 150 +- src/libstrongswan/plugins/pubkey/pubkey_cert.c | 175 +- src/libstrongswan/plugins/pubkey/pubkey_cert.h | 10 +- src/libstrongswan/plugins/pubkey/pubkey_plugin.c | 11 +- .../plugins/pubkey/pubkey_public_key.c | 184 - .../plugins/pubkey/pubkey_public_key.h | 34 - src/libstrongswan/plugins/random/Makefile.am | 4 +- src/libstrongswan/plugins/random/Makefile.in | 148 +- src/libstrongswan/plugins/random/random_plugin.c | 10 +- src/libstrongswan/plugins/random/random_plugin.h | 2 +- src/libstrongswan/plugins/random/random_rng.c | 10 +- src/libstrongswan/plugins/random/random_rng.h | 6 +- src/libstrongswan/plugins/sha1/Makefile.in | 143 +- src/libstrongswan/plugins/sha1/sha1_hasher.c | 190 +- src/libstrongswan/plugins/sha1/sha1_hasher.h | 2 +- src/libstrongswan/plugins/sha1/sha1_plugin.c | 6 +- src/libstrongswan/plugins/sha1/sha1_prf.c | 12 +- src/libstrongswan/plugins/sha1/sha1_prf.h | 2 +- src/libstrongswan/plugins/sha2/Makefile.in | 143 +- src/libstrongswan/plugins/sha2/sha2_hasher.c | 62 +- src/libstrongswan/plugins/sha2/sha2_hasher.h | 4 +- src/libstrongswan/plugins/sha2/sha2_plugin.c | 6 +- src/libstrongswan/plugins/sqlite/Makefile.in | 143 +- src/libstrongswan/plugins/sqlite/sqlite_database.c | 26 +- src/libstrongswan/plugins/sqlite/sqlite_plugin.c | 4 +- src/libstrongswan/plugins/test_vectors/Makefile.in | 275 +- .../plugins/test_vectors/test_vectors/blowfish.c | 2 +- .../plugins/test_vectors/test_vectors/rng.c | 18 +- .../plugins/test_vectors/test_vectors_plugin.c | 6 +- src/libstrongswan/plugins/x509/Makefile.am | 4 +- src/libstrongswan/plugins/x509/Makefile.in | 153 +- src/libstrongswan/plugins/x509/ietf_attr_list.c | 396 - src/libstrongswan/plugins/x509/ietf_attr_list.h | 79 - src/libstrongswan/plugins/x509/x509_ac.c | 416 +- src/libstrongswan/plugins/x509/x509_ac.h | 30 +- src/libstrongswan/plugins/x509/x509_cert.c | 1143 +- src/libstrongswan/plugins/x509/x509_cert.h | 27 +- src/libstrongswan/plugins/x509/x509_crl.c | 233 +- src/libstrongswan/plugins/x509/x509_crl.h | 11 +- src/libstrongswan/plugins/x509/x509_ocsp_request.c | 221 +- src/libstrongswan/plugins/x509/x509_ocsp_request.h | 12 +- .../plugins/x509/x509_ocsp_response.c | 212 +- .../plugins/x509/x509_ocsp_response.h | 11 +- src/libstrongswan/plugins/x509/x509_pkcs10.c | 707 ++ src/libstrongswan/plugins/x509/x509_pkcs10.h | 65 + src/libstrongswan/plugins/x509/x509_plugin.c | 41 +- src/libstrongswan/plugins/xcbc/Makefile.in | 143 +- src/libstrongswan/plugins/xcbc/xcbc.c | 54 +- src/libstrongswan/plugins/xcbc/xcbc.h | 20 +- src/libstrongswan/plugins/xcbc/xcbc_plugin.c | 8 +- src/libstrongswan/plugins/xcbc/xcbc_prf.c | 12 +- src/libstrongswan/plugins/xcbc/xcbc_prf.h | 6 +- src/libstrongswan/plugins/xcbc/xcbc_signer.c | 22 +- src/libstrongswan/plugins/xcbc/xcbc_signer.h | 2 +- src/libstrongswan/printf_hook.c | 77 +- src/libstrongswan/printf_hook.h | 19 +- src/libstrongswan/selectors/traffic_selector.c | 916 ++ src/libstrongswan/selectors/traffic_selector.h | 315 + src/libstrongswan/settings.c | 175 +- src/libstrongswan/settings.h | 56 +- src/libstrongswan/threading/condvar.h | 96 + src/libstrongswan/threading/lock_profiler.h | 102 + src/libstrongswan/threading/mutex.c | 375 + src/libstrongswan/threading/mutex.h | 68 + src/libstrongswan/threading/rwlock.c | 327 + src/libstrongswan/threading/rwlock.h | 80 + src/libstrongswan/threading/thread.c | 440 + src/libstrongswan/threading/thread.h | 187 + src/libstrongswan/threading/thread_value.c | 78 + src/libstrongswan/threading/thread_value.h | 68 + src/libstrongswan/utils.c | 70 +- src/libstrongswan/utils.h | 160 +- src/libstrongswan/utils/backtrace.c | 22 +- src/libstrongswan/utils/backtrace.h | 6 +- src/libstrongswan/utils/enumerator.c | 44 +- src/libstrongswan/utils/enumerator.h | 16 +- src/libstrongswan/utils/hashtable.c | 152 +- src/libstrongswan/utils/hashtable.h | 28 +- src/libstrongswan/utils/host.c | 44 +- src/libstrongswan/utils/host.h | 80 +- src/libstrongswan/utils/identification.c | 382 +- src/libstrongswan/utils/identification.h | 96 +- src/libstrongswan/utils/iterator.h | 34 +- src/libstrongswan/utils/leak_detective.c | 131 +- src/libstrongswan/utils/leak_detective.h | 8 +- src/libstrongswan/utils/lexparser.c | 24 +- src/libstrongswan/utils/lexparser.h | 2 +- src/libstrongswan/utils/linked_list.c | 64 +- src/libstrongswan/utils/linked_list.h | 76 +- src/libstrongswan/utils/mutex.c | 509 - src/libstrongswan/utils/mutex.h | 213 - src/libstrongswan/utils/optionsfrom.c | 4 +- src/libstrongswan/utils/optionsfrom.h | 4 +- src/manager/Makefile.am | 2 - src/manager/Makefile.in | 352 +- src/manager/controller/auth_controller.c | 12 +- src/manager/controller/config_controller.c | 10 +- src/manager/controller/control_controller.c | 12 +- src/manager/controller/gateway_controller.c | 14 +- src/manager/controller/ikesa_controller.c | 10 +- src/manager/gateway.c | 38 +- src/manager/gateway.h | 12 +- src/manager/main.c | 25 +- src/manager/manager.c | 20 +- src/manager/manager.h | 10 +- src/manager/storage.c | 16 +- src/manager/storage.h | 10 +- src/manager/xml.c | 20 +- src/manager/xml.h | 2 +- src/medsrv/Makefile.am | 6 +- src/medsrv/Makefile.in | 280 +- src/medsrv/controller/peer_controller.c | 50 +- src/medsrv/controller/user_controller.c | 26 +- src/medsrv/filter/auth_filter.c | 4 +- src/medsrv/main.c | 23 +- src/medsrv/user.h | 6 +- src/openac/Makefile.am | 6 +- src/openac/Makefile.in | 272 +- src/openac/openac.c | 146 +- src/pki/Makefile.am | 15 + src/pki/Makefile.in | 673 ++ src/pki/command.c | 256 + src/pki/command.h | 95 + src/pki/commands/gen.c | 125 + src/pki/commands/issue.c | 370 + src/pki/commands/keyid.c | 164 + src/pki/commands/pub.c | 157 + src/pki/commands/req.c | 184 + src/pki/commands/self.c | 238 + src/pki/commands/verify.c | 136 + src/pki/pki.c | 101 + src/pki/pki.h | 39 + src/pluto/Makefile.am | 16 +- src/pluto/Makefile.in | 382 +- src/pluto/ac.c | 994 +- src/pluto/ac.h | 90 +- src/pluto/alg_info.c | 59 +- src/pluto/alg_info.h | 4 +- src/pluto/builder.c | 150 + src/pluto/builder.h | 24 + src/pluto/ca.c | 486 +- src/pluto/ca.h | 56 +- src/pluto/certs.c | 408 +- src/pluto/certs.h | 47 +- src/pluto/connections.c | 1392 +-- src/pluto/connections.h | 190 +- src/pluto/constants.c | 80 +- src/pluto/constants.h | 258 +- src/pluto/crl.c | 756 +- src/pluto/crl.h | 55 +- src/pluto/crypto.c | 111 +- src/pluto/db_ops.c | 72 +- src/pluto/demux.c | 68 +- src/pluto/dnskey.c | 292 +- src/pluto/dnskey.h | 40 +- src/pluto/fetch.c | 331 +- src/pluto/fetch.h | 33 +- src/pluto/foodgroups.c | 36 +- src/pluto/id.c | 523 - src/pluto/id.h | 65 - src/pluto/ike_alg.c | 47 +- src/pluto/ipsec_doi.c | 1165 +- src/pluto/ipsec_doi.h | 8 +- src/pluto/kernel.c | 189 +- src/pluto/kernel_alg.c | 79 +- src/pluto/kernel_netlink.c | 90 +- src/pluto/kernel_noklips.c | 2 +- src/pluto/kernel_pfkey.c | 4 +- src/pluto/keys.c | 353 +- src/pluto/keys.h | 30 +- src/pluto/log.c | 23 +- src/pluto/modecfg.c | 252 +- src/pluto/modecfg.h | 2 +- src/pluto/myid.c | 121 + src/pluto/myid.h | 38 + src/pluto/nat_traversal.c | 18 +- src/pluto/ocsp.c | 441 +- src/pluto/ocsp.h | 17 +- src/pluto/packet.c | 6 +- src/pluto/pem.c | 127 - src/pluto/pem.h | 18 - src/pluto/pgpcert.c | 514 - src/pluto/pgpcert.h | 56 - src/pluto/pkcs7.c | 349 +- src/pluto/pkcs7.h | 20 +- src/pluto/plutomain.c | 42 +- src/pluto/rcv_whack.c | 204 +- src/pluto/rsaref/pkcs11.h | 6 +- src/pluto/rsaref/pkcs11f.h | 16 +- src/pluto/smartcard.c | 310 +- src/pluto/smartcard.h | 7 +- src/pluto/spdb.c | 130 +- src/pluto/state.c | 24 +- src/pluto/state.h | 1 + src/pluto/timer.c | 6 +- src/pluto/vendor.c | 14 +- src/pluto/vendor.h | 2 + src/pluto/virtual.c | 18 +- src/pluto/x509.c | 2072 +--- src/pluto/x509.h | 117 +- src/pluto/xauth.c | 4 +- src/pluto/xauth.h | 2 +- src/scepclient/Makefile.am | 41 +- src/scepclient/Makefile.in | 318 +- src/scepclient/loglite.c | 4 +- src/scepclient/pkcs10.c | 224 - src/scepclient/pkcs10.h | 60 - src/scepclient/scep.c | 63 +- src/scepclient/scep.h | 10 +- src/scepclient/scepclient.c | 274 +- src/starter/Makefile.am | 10 +- src/starter/Makefile.in | 353 +- src/starter/args.c | 44 +- src/starter/confread.c | 96 +- src/starter/confread.h | 13 +- src/starter/interfaces.c | 246 +- src/starter/interfaces.h | 1 + src/starter/invokecharon.c | 4 +- src/starter/invokepluto.c | 6 +- src/starter/ipsec.conf.5 | 163 +- src/starter/keywords.c | 262 +- src/starter/keywords.h | 7 +- src/starter/keywords.txt | 7 + src/starter/klips.c | 4 +- src/starter/klips.h | 2 +- src/starter/netkey.h | 2 +- src/starter/starter.c | 20 +- src/starter/starterstroke.c | 59 +- src/starter/starterwhack.c | 137 +- src/stroke/Makefile.in | 161 +- src/stroke/stroke.c | 66 +- src/stroke/stroke_msg.h | 13 +- src/whack/Makefile.in | 159 +- src/whack/whack.c | 72 +- src/whack/whack.h | 15 +- testing/INSTALL | 8 +- testing/Makefile.am | 2 +- testing/Makefile.in | 75 +- testing/do-tests.in | 29 +- .../alice/etc/ipsec.d/cacerts/strongswanCert.pem | 24 +- .../hosts/alice/etc/ipsec.d/certs/aliceCert.pem | 34 +- .../hosts/alice/etc/ipsec.d/private/aliceKey.pem | 50 +- testing/hosts/alice/etc/strongswan.conf | 2 +- .../bob/etc/ipsec.d/cacerts/strongswanCert.pem | 24 +- testing/hosts/bob/etc/ipsec.d/certs/bobCert.pem | 34 +- testing/hosts/bob/etc/ipsec.d/private/bobKey.pem | 50 +- testing/hosts/bob/etc/strongswan.conf | 2 +- .../carol/etc/ipsec.d/cacerts/strongswanCert.pem | 24 +- .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 34 +- .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 52 +- testing/hosts/carol/etc/strongswan.conf | 2 +- .../dave/etc/ipsec.d/cacerts/strongswanCert.pem | 24 +- testing/hosts/dave/etc/ipsec.d/certs/daveCert.pem | 34 +- testing/hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +- testing/hosts/dave/etc/strongswan.conf | 2 +- testing/hosts/default/etc/ipsec.d/tables.sql | 7 + .../moon/etc/ipsec.d/cacerts/strongswanCert.pem | 24 +- testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem | 37 +- testing/hosts/moon/etc/ipsec.d/private/moonKey.pem | 50 +- testing/hosts/moon/etc/strongswan.conf | 2 +- .../sun/etc/ipsec.d/cacerts/strongswanCert.pem | 24 +- testing/hosts/sun/etc/ipsec.d/certs/sunCert.pem | 37 +- testing/hosts/sun/etc/ipsec.d/private/sunKey.pem | 50 +- testing/hosts/sun/etc/strongswan.conf | 2 +- .../venus/etc/ipsec.d/cacerts/strongswanCert.pem | 24 +- .../hosts/venus/etc/ipsec.d/certs/venusCert.pem | 30 +- .../hosts/venus/etc/ipsec.d/private/venusKey.pem | 50 +- testing/hosts/venus/etc/strongswan.conf | 2 +- .../certs/160769ece9ead9c1c4d89c34aa004c3b66402081 | Bin 0 -> 1062 bytes .../certs/442b7162c7a4c27bd0f1076e345c5664bed53c7c | Bin 0 -> 1060 bytes .../certs/45b967b2f9b4a8855235b2d01249cd1e079348aa | Bin 0 -> 1062 bytes .../certs/644c5cc8c42a6c8cfe62f6a83bb0dbb43f0f0fb4 | Bin 0 -> 1059 bytes .../certs/c45be2b38883548967f4f959fd5ec0822f65237b | Bin 0 -> 1058 bytes .../certs/dbb808e4f319d815aadd8dab6f6ae5b717800e83 | Bin 0 -> 1043 bytes .../certs/de106e5254cbafddb683117f90174910f43b5ae3 | Bin 0 -> 1062 bytes .../certs/de216601f06d10a41171392fdfc9127f0bb9d5b0 | Bin 0 -> 1062 bytes .../certs/edde495f4fb6db4e3eff85bcaecda2a3ccc58fcf | Bin 0 -> 1076 bytes .../0b5362afd8838bafb66c854732b490d5d8318261 | Bin 0 -> 1190 bytes .../533394399c61128c957881790d70511537798da1 | Bin 0 -> 1212 bytes .../6b5aec8fe9dcb8d0f707490abc84ab0890a7d2da | Bin 0 -> 1188 bytes .../b8a73c3433f4e341cc7c4ae42989f0a23a956488 | Bin 0 -> 1210 bytes testing/hosts/winnetou/etc/openssl/crlnumber | 2 +- testing/hosts/winnetou/etc/openssl/crlnumber.old | 2 +- testing/hosts/winnetou/etc/openssl/duck/.rand | Bin 0 -> 1024 bytes testing/hosts/winnetou/etc/openssl/duck/crlnumber | 1 + .../hosts/winnetou/etc/openssl/duck/duckCert.pem | 23 + .../hosts/winnetou/etc/openssl/duck/duckKey.pem | 27 + .../hosts/winnetou/etc/openssl/duck/duckReq.pem | 16 + testing/hosts/winnetou/etc/openssl/duck/index.txt | 1 + .../hosts/winnetou/etc/openssl/duck/index.txt.attr | 1 + .../hosts/winnetou/etc/openssl/duck/index.txt.old | 0 .../winnetou/etc/openssl/duck/newcerts/01.pem | 24 + .../hosts/winnetou/etc/openssl/duck/openssl.cnf | 178 + testing/hosts/winnetou/etc/openssl/duck/serial | 1 + testing/hosts/winnetou/etc/openssl/duck/serial.old | 1 + testing/hosts/winnetou/etc/openssl/generate-crl | 4 + .../winnetou/etc/openssl/generate-hash-and-url | 13 + testing/hosts/winnetou/etc/openssl/index.txt | 33 +- testing/hosts/winnetou/etc/openssl/index.txt.old | 33 +- testing/hosts/winnetou/etc/openssl/newcerts/16.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/17.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/18.pem | 24 + testing/hosts/winnetou/etc/openssl/newcerts/19.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/1A.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/1B.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/1C.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/1D.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/1E.pem | 25 + testing/hosts/winnetou/etc/openssl/ocspCert.pem | 30 +- testing/hosts/winnetou/etc/openssl/ocspKey.pem | 50 +- testing/hosts/winnetou/etc/openssl/openssl.cnf | 9 +- .../hosts/winnetou/etc/openssl/research/index.txt | 1 + .../winnetou/etc/openssl/research/index.txt.old | 1 + .../winnetou/etc/openssl/research/newcerts/05.pem | 23 + testing/hosts/winnetou/etc/openssl/research/serial | 2 +- .../hosts/winnetou/etc/openssl/research/serial.old | 2 +- testing/hosts/winnetou/etc/openssl/rfc3779/.rand | Bin 0 -> 1024 bytes testing/hosts/winnetou/etc/openssl/rfc3779/crl.pem | 15 + .../hosts/winnetou/etc/openssl/rfc3779/crlnumber | 1 + .../winnetou/etc/openssl/rfc3779/crlnumber.old | 1 + .../hosts/winnetou/etc/openssl/rfc3779/index.txt | 4 + .../winnetou/etc/openssl/rfc3779/index.txt.attr | 1 + .../etc/openssl/rfc3779/index.txt.attr.old | 1 + .../winnetou/etc/openssl/rfc3779/index.txt.old | 3 + .../winnetou/etc/openssl/rfc3779/newcerts/01.pem | 28 + .../winnetou/etc/openssl/rfc3779/newcerts/02.pem | 28 + .../winnetou/etc/openssl/rfc3779/newcerts/03.pem | 27 + .../winnetou/etc/openssl/rfc3779/newcerts/04.pem | 27 + .../hosts/winnetou/etc/openssl/rfc3779/openssl.cnf | 214 + testing/hosts/winnetou/etc/openssl/rfc3779/serial | 1 + .../hosts/winnetou/etc/openssl/rfc3779/serial.old | 1 + .../etc/openssl/rfc3779/strongswanCert.pem | 26 + .../winnetou/etc/openssl/rfc3779/strongswanKey.pem | 27 + testing/hosts/winnetou/etc/openssl/serial | 2 +- testing/hosts/winnetou/etc/openssl/serial.old | 2 +- .../hosts/winnetou/etc/openssl/strongswanCert.pem | 24 +- testing/scripts/build-umlrootfs | 1 + testing/testing.conf | 6 +- .../gcrypt-ikev1/alg-camellia/description.txt | 4 + .../tests/gcrypt-ikev1/alg-camellia/evaltest.dat | 11 + .../alg-camellia/hosts/carol/etc/ipsec.conf | 24 + .../alg-camellia/hosts/carol/etc/strongswan.conf | 11 + .../alg-camellia/hosts/moon/etc/ipsec.conf | 24 + .../alg-camellia/hosts/moon/etc/strongswan.conf | 11 + .../tests/gcrypt-ikev1/alg-camellia/posttest.dat | 2 + .../tests/gcrypt-ikev1/alg-camellia/pretest.dat | 5 + testing/tests/gcrypt-ikev1/alg-camellia/test.conf | 22 + .../tests/gcrypt-ikev1/alg-serpent/description.txt | 2 +- .../tests/gcrypt-ikev1/alg-serpent/evaltest.dat | 9 +- .../alg-serpent/hosts/carol/etc/ipsec.conf | 2 +- .../alg-serpent/hosts/carol/etc/strongswan.conf | 2 +- .../alg-serpent/hosts/moon/etc/ipsec.conf | 2 +- .../alg-serpent/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev1/alg-serpent/test.conf | 2 +- .../tests/gcrypt-ikev1/alg-twofish/description.txt | 2 +- .../tests/gcrypt-ikev1/alg-twofish/evaltest.dat | 9 +- .../alg-twofish/hosts/carol/etc/ipsec.conf | 2 +- .../alg-twofish/hosts/carol/etc/strongswan.conf | 2 +- .../alg-twofish/hosts/moon/etc/ipsec.conf | 2 +- .../alg-twofish/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev1/alg-twofish/test.conf | 2 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../tests/gcrypt-ikev2/alg-camellia/evaltest.dat | 4 +- .../alg-camellia/hosts/carol/etc/strongswan.conf | 2 +- .../alg-camellia/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev2/alg-camellia/test.conf | 2 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../ike/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../ike/rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../ike/rw-cert/hosts/moon/etc/strongswan.conf | 4 +- .../rw_v1-net_v2/hosts/moon/etc/strongswan.conf | 4 +- .../ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf | 2 +- testing/tests/ikev1/alg-blowfish/description.txt | 2 +- testing/tests/ikev1/alg-blowfish/evaltest.dat | 9 +- .../ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf | 2 +- .../alg-blowfish/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf | 2 +- .../alg-blowfish/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev1/alg-blowfish/pretest.dat | 1 + testing/tests/ikev1/alg-blowfish/test.conf | 2 +- testing/tests/ikev1/alg-sha256-96/description.txt | 5 + testing/tests/ikev1/alg-sha256-96/evaltest.dat | 12 + .../ikev1/alg-sha256-96/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/alg-sha256-96/hosts/moon/etc/ipsec.conf | 24 + testing/tests/ikev1/alg-sha256-96/posttest.dat | 2 + testing/tests/ikev1/alg-sha256-96/pretest.dat | 5 + testing/tests/ikev1/alg-sha256-96/test.conf | 22 + testing/tests/ikev1/alg-sha256/description.txt | 4 + testing/tests/ikev1/alg-sha256/evaltest.dat | 12 + .../ikev1/alg-sha256/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/alg-sha256/hosts/moon/etc/ipsec.conf | 24 + testing/tests/ikev1/alg-sha256/posttest.dat | 2 + testing/tests/ikev1/alg-sha256/pretest.dat | 5 + testing/tests/ikev1/alg-sha256/test.conf | 22 + testing/tests/ikev1/alg-sha2_256/description.txt | 4 - testing/tests/ikev1/alg-sha2_256/evaltest.dat | 11 - .../ikev1/alg-sha2_256/hosts/carol/etc/ipsec.conf | 24 - .../ikev1/alg-sha2_256/hosts/moon/etc/ipsec.conf | 24 - testing/tests/ikev1/alg-sha2_256/posttest.dat | 2 - testing/tests/ikev1/alg-sha2_256/pretest.dat | 5 - testing/tests/ikev1/alg-sha2_256/test.conf | 22 - testing/tests/ikev1/alg-sha384/description.txt | 4 + testing/tests/ikev1/alg-sha384/evaltest.dat | 12 + .../ikev1/alg-sha384/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/alg-sha384/hosts/moon/etc/ipsec.conf | 24 + testing/tests/ikev1/alg-sha384/posttest.dat | 2 + testing/tests/ikev1/alg-sha384/pretest.dat | 5 + testing/tests/ikev1/alg-sha384/test.conf | 22 + testing/tests/ikev1/alg-sha512/description.txt | 4 + testing/tests/ikev1/alg-sha512/evaltest.dat | 12 + .../ikev1/alg-sha512/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/alg-sha512/hosts/moon/etc/ipsec.conf | 24 + testing/tests/ikev1/alg-sha512/posttest.dat | 2 + testing/tests/ikev1/alg-sha512/pretest.dat | 5 + testing/tests/ikev1/alg-sha512/test.conf | 22 + testing/tests/ikev1/attr-cert/evaltest.dat | 8 +- .../attr-cert/hosts/moon/etc/openac/carolCert.pem | 34 +- .../attr-cert/hosts/moon/etc/openac/daveCert.pem | 34 +- .../ikev1/attr-cert/hosts/moon/etc/strongswan.conf | 4 +- testing/tests/ikev1/crl-from-cache/evaltest.dat | 4 +- testing/tests/ikev1/crl-ldap/evaltest.dat | 8 +- .../ikev1/crl-ldap/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/crl-ldap/hosts/moon/etc/strongswan.conf | 2 +- .../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 34 +- .../carol/etc/ipsec.d/private/carolRevokedKey.pem | 50 +- .../default-keys/hosts/carol/etc/strongswan.conf | 4 +- .../default-keys/hosts/moon/etc/strongswan.conf | 4 +- .../hosts/dave/etc/ipsec.d/certs/carolCert.pem | 34 +- .../hosts/dave/etc/ipsec.d/private/carolKey.pem | 52 +- .../hosts/dave/etc/ipsec.d/certs/carolCert.pem | 34 +- .../hosts/dave/etc/ipsec.d/private/carolKey.pem | 52 +- testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat | 4 +- testing/tests/ikev1/esp-alg-aes-ccm/test.conf | 2 +- testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat | 4 +- testing/tests/ikev1/esp-alg-aes-ctr/test.conf | 2 +- testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat | 4 +- testing/tests/ikev1/esp-alg-aes-gcm/test.conf | 2 +- testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat | 5 +- testing/tests/ikev1/esp-alg-aesxcbc/test.conf | 2 +- .../tests/ikev1/esp-alg-camellia/description.txt | 4 - testing/tests/ikev1/esp-alg-camellia/evaltest.dat | 8 - .../esp-alg-camellia/hosts/carol/etc/ipsec.conf | 24 - .../esp-alg-camellia/hosts/moon/etc/ipsec.conf | 24 - testing/tests/ikev1/esp-alg-camellia/posttest.dat | 2 - testing/tests/ikev1/esp-alg-camellia/pretest.dat | 5 - testing/tests/ikev1/esp-alg-camellia/test.conf | 22 - testing/tests/ikev1/esp-alg-des/evaltest.dat | 5 +- testing/tests/ikev1/esp-alg-des/test.conf | 2 +- testing/tests/ikev1/esp-alg-null/evaltest.dat | 4 +- testing/tests/ikev1/esp-alg-null/test.conf | 2 +- .../tests/ikev1/ike-alg-sha2_384/description.txt | 4 - testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat | 8 - .../ike-alg-sha2_384/hosts/carol/etc/ipsec.conf | 23 - .../ike-alg-sha2_384/hosts/moon/etc/ipsec.conf | 24 - testing/tests/ikev1/ike-alg-sha2_384/posttest.dat | 2 - testing/tests/ikev1/ike-alg-sha2_384/pretest.dat | 5 - testing/tests/ikev1/ike-alg-sha2_384/test.conf | 22 - .../tests/ikev1/ike-alg-sha2_512/description.txt | 4 - testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat | 8 - .../ike-alg-sha2_512/hosts/carol/etc/ipsec.conf | 23 - .../ike-alg-sha2_512/hosts/moon/etc/ipsec.conf | 24 - testing/tests/ikev1/ike-alg-sha2_512/posttest.dat | 2 - testing/tests/ikev1/ike-alg-sha2_512/pretest.dat | 5 - testing/tests/ikev1/ike-alg-sha2_512/test.conf | 22 - .../tests/ikev1/ip-pool-db-push/description.txt | 4 + testing/tests/ikev1/ip-pool-db-push/evaltest.dat | 33 + .../ip-pool-db-push/hosts/carol/etc/ipsec.conf | 26 + .../hosts/carol/etc/strongswan.conf | 5 + .../ip-pool-db-push/hosts/dave/etc/ipsec.conf | 26 + .../ip-pool-db-push/hosts/dave/etc/strongswan.conf | 5 + .../ip-pool-db-push/hosts/moon/etc/ipsec.conf | 26 + .../ip-pool-db-push/hosts/moon/etc/strongswan.conf | 17 + testing/tests/ikev1/ip-pool-db-push/posttest.dat | 12 + testing/tests/ikev1/ip-pool-db-push/pretest.dat | 16 + testing/tests/ikev1/ip-pool-db-push/test.conf | 21 + testing/tests/ikev1/ip-pool-db/description.txt | 10 + testing/tests/ikev1/ip-pool-db/evaltest.dat | 33 + .../ikev1/ip-pool-db/hosts/carol/etc/ipsec.conf | 25 + .../ip-pool-db/hosts/carol/etc/strongswan.conf | 5 + .../ikev1/ip-pool-db/hosts/dave/etc/ipsec.conf | 25 + .../ip-pool-db/hosts/dave/etc/strongswan.conf | 5 + .../ikev1/ip-pool-db/hosts/moon/etc/ipsec.conf | 25 + .../ip-pool-db/hosts/moon/etc/strongswan.conf | 17 + testing/tests/ikev1/ip-pool-db/posttest.dat | 12 + testing/tests/ikev1/ip-pool-db/pretest.dat | 16 + testing/tests/ikev1/ip-pool-db/test.conf | 21 + .../ikev1/mode-config-multiple/description.txt | 6 + .../tests/ikev1/mode-config-multiple/evaltest.dat | 29 + .../hosts/carol/etc/ipsec.conf | 32 + .../mode-config-multiple/hosts/dave/etc/ipsec.conf | 32 + .../mode-config-multiple/hosts/moon/etc/ipsec.conf | 49 + .../hosts/moon/etc/strongswan.conf | 13 + .../tests/ikev1/mode-config-multiple/posttest.dat | 8 + .../tests/ikev1/mode-config-multiple/pretest.dat | 12 + testing/tests/ikev1/mode-config-multiple/test.conf | 21 + .../mode-config/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../tests/ikev1/multi-level-ca-loop/evaltest.dat | 2 +- .../ikev1/multi-level-ca-pathlen/description.txt | 5 + .../ikev1/multi-level-ca-pathlen/evaltest.dat | 4 + .../hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 24 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/moon/etc/ipsec.conf | 23 + .../hosts/moon/etc/ipsec.d/cacerts/duckCert.pem | 23 + .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 + .../ikev1/multi-level-ca-pathlen/posttest.dat | 3 + .../tests/ikev1/multi-level-ca-pathlen/pretest.dat | 5 + .../tests/ikev1/multi-level-ca-pathlen/test.conf | 21 + testing/tests/ikev1/nat-two-rw/evaltest.dat | 2 +- .../ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf | 3 +- .../net2net-pgp-v3/hosts/moon/etc/strongswan.conf | 11 + .../ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf | 1 + .../net2net-pgp-v3/hosts/sun/etc/strongswan.conf | 11 + .../ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf | 3 +- .../net2net-pgp-v4/hosts/moon/etc/strongswan.conf | 11 + .../ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf | 1 + .../net2net-pgp-v4/hosts/sun/etc/strongswan.conf | 11 + .../net2net-rsa/hosts/moon/etc/strongswan.conf | 11 + .../net2net-rsa/hosts/sun/etc/strongswan.conf | 11 + testing/tests/ikev1/no-priv-key/evaltest.dat | 1 - .../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 34 +- .../carol/etc/ipsec.d/private/carolRevokedKey.pem | 50 +- .../req-pkcs10/hosts/carol/etc/strongswan.conf | 4 +- .../req-pkcs10/hosts/moon/etc/strongswan.conf | 4 +- .../ikev1/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../self-signed/hosts/carol/etc/strongswan.conf | 4 +- .../self-signed/hosts/moon/etc/strongswan.conf | 4 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/alg-3des-md5/description.txt | 4 + testing/tests/ikev2/alg-3des-md5/evaltest.dat | 13 + .../ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf | 25 + .../alg-3des-md5/hosts/carol/etc/strongswan.conf | 5 + .../ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf | 24 + .../alg-3des-md5/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/alg-3des-md5/posttest.dat | 4 + testing/tests/ikev2/alg-3des-md5/pretest.dat | 6 + testing/tests/ikev2/alg-3des-md5/test.conf | 21 + testing/tests/ikev2/alg-aes-xcbc/description.txt | 4 +- testing/tests/ikev2/alg-aes-xcbc/evaltest.dat | 13 +- .../ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf | 4 +- .../alg-aes-xcbc/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf | 4 +- .../alg-aes-xcbc/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/alg-aes-xcbc/test.conf | 2 +- testing/tests/ikev2/alg-blowfish/evaltest.dat | 20 +- .../alg-blowfish/hosts/carol/etc/strongswan.conf | 2 +- .../alg-blowfish/hosts/dave/etc/strongswan.conf | 2 +- .../alg-blowfish/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/alg-sha256-96/description.txt | 5 + testing/tests/ikev2/alg-sha256-96/evaltest.dat | 13 + .../ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf | 25 + .../alg-sha256-96/hosts/carol/etc/strongswan.conf | 6 + .../ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf | 24 + .../alg-sha256-96/hosts/moon/etc/strongswan.conf | 6 + testing/tests/ikev2/alg-sha256-96/posttest.dat | 4 + testing/tests/ikev2/alg-sha256-96/pretest.dat | 6 + testing/tests/ikev2/alg-sha256-96/test.conf | 21 + testing/tests/ikev2/alg-sha256/description.txt | 4 + testing/tests/ikev2/alg-sha256/evaltest.dat | 11 + .../ikev2/alg-sha256/hosts/carol/etc/ipsec.conf | 25 + .../alg-sha256/hosts/carol/etc/strongswan.conf | 5 + .../ikev2/alg-sha256/hosts/moon/etc/ipsec.conf | 24 + .../alg-sha256/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/alg-sha256/posttest.dat | 4 + testing/tests/ikev2/alg-sha256/pretest.dat | 6 + testing/tests/ikev2/alg-sha256/test.conf | 21 + testing/tests/ikev2/alg-sha384/description.txt | 4 + testing/tests/ikev2/alg-sha384/evaltest.dat | 11 + .../ikev2/alg-sha384/hosts/carol/etc/ipsec.conf | 25 + .../alg-sha384/hosts/carol/etc/strongswan.conf | 5 + .../ikev2/alg-sha384/hosts/moon/etc/ipsec.conf | 24 + .../alg-sha384/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/alg-sha384/posttest.dat | 4 + testing/tests/ikev2/alg-sha384/pretest.dat | 6 + testing/tests/ikev2/alg-sha384/test.conf | 21 + testing/tests/ikev2/alg-sha512/description.txt | 4 + testing/tests/ikev2/alg-sha512/evaltest.dat | 11 + .../ikev2/alg-sha512/hosts/carol/etc/ipsec.conf | 25 + .../alg-sha512/hosts/carol/etc/strongswan.conf | 5 + .../ikev2/alg-sha512/hosts/moon/etc/ipsec.conf | 24 + .../alg-sha512/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/alg-sha512/posttest.dat | 4 + testing/tests/ikev2/alg-sha512/pretest.dat | 6 + testing/tests/ikev2/alg-sha512/test.conf | 21 + .../any-interface/hosts/alice/etc/strongswan.conf | 2 +- .../any-interface/hosts/bob/etc/strongswan.conf | 2 +- .../any-interface/hosts/moon/etc/strongswan.conf | 2 +- .../any-interface/hosts/sun/etc/strongswan.conf | 2 +- .../ikev2/compress/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/compress/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/config-payload/evaltest.dat | 4 +- .../config-payload/hosts/carol/etc/strongswan.conf | 2 +- .../config-payload/hosts/dave/etc/strongswan.conf | 2 +- .../config-payload/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/crl-from-cache/evaltest.dat | 4 +- .../crl-from-cache/hosts/carol/etc/strongswan.conf | 2 +- .../crl-from-cache/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/crl-ldap/evaltest.dat | 4 +- .../ikev2/crl-ldap/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/crl-ldap/hosts/moon/etc/strongswan.conf | 2 +- .../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 34 +- .../carol/etc/ipsec.d/private/carolRevokedKey.pem | 50 +- .../crl-revoked/hosts/carol/etc/strongswan.conf | 2 +- .../crl-revoked/hosts/moon/etc/strongswan.conf | 2 +- .../crl-to-cache/hosts/carol/etc/strongswan.conf | 2 +- .../crl-to-cache/hosts/moon/etc/strongswan.conf | 2 +- .../default-keys/hosts/carol/etc/strongswan.conf | 4 +- .../default-keys/hosts/moon/etc/strongswan.conf | 4 +- .../double-nat-net/hosts/alice/etc/strongswan.conf | 2 +- .../double-nat-net/hosts/bob/etc/strongswan.conf | 2 +- .../double-nat/hosts/alice/etc/strongswan.conf | 2 +- .../ikev2/double-nat/hosts/bob/etc/strongswan.conf | 2 +- .../dpd-clear/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/dpd-clear/hosts/moon/etc/strongswan.conf | 2 +- .../ikev2/dpd-hold/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/dpd-hold/hosts/moon/etc/strongswan.conf | 2 +- .../dpd-restart/hosts/carol/etc/strongswan.conf | 2 +- .../dpd-restart/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat | 4 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/esp-alg-aes-ccm/test.conf | 2 +- testing/tests/ikev2/esp-alg-aes-ctr/evaltest.dat | 5 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/esp-alg-aes-ctr/test.conf | 2 +- testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat | 4 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/esp-alg-aes-gcm/test.conf | 2 +- .../tests/ikev2/esp-alg-camellia/description.txt | 3 - testing/tests/ikev2/esp-alg-camellia/evaltest.dat | 7 - .../esp-alg-camellia/hosts/carol/etc/ipsec.conf | 25 - .../hosts/carol/etc/strongswan.conf | 5 - .../esp-alg-camellia/hosts/moon/etc/ipsec.conf | 24 - .../hosts/moon/etc/strongswan.conf | 5 - testing/tests/ikev2/esp-alg-camellia/posttest.dat | 4 - testing/tests/ikev2/esp-alg-camellia/pretest.dat | 7 - testing/tests/ikev2/esp-alg-camellia/test.conf | 21 - testing/tests/ikev2/esp-alg-null/evaltest.dat | 4 +- .../esp-alg-null/hosts/carol/etc/strongswan.conf | 2 +- .../esp-alg-null/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/esp-alg-null/pretest.dat | 1 + testing/tests/ikev2/esp-alg-null/test.conf | 2 +- .../hosts/alice/etc/strongswan.conf | 2 +- .../force-udp-encaps/hosts/sun/etc/strongswan.conf | 2 +- .../host2host-cert/hosts/moon/etc/strongswan.conf | 2 +- .../host2host-cert/hosts/sun/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/strongswan.conf | 2 +- .../tests/ikev2/inactivity-timeout/description.txt | 3 + .../tests/ikev2/inactivity-timeout/evaltest.dat | 8 + .../inactivity-timeout/hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/strongswan.conf | 5 + .../inactivity-timeout/hosts/moon/etc/ipsec.conf | 22 + .../hosts/moon/etc/strongswan.conf | 5 + .../tests/ikev2/inactivity-timeout/posttest.dat | 4 + testing/tests/ikev2/inactivity-timeout/pretest.dat | 7 + testing/tests/ikev2/inactivity-timeout/test.conf | 21 + testing/tests/ikev2/ip-pool-db/evaltest.dat | 8 + .../ip-pool-db/hosts/carol/etc/strongswan.conf | 2 +- .../ip-pool-db/hosts/dave/etc/strongswan.conf | 2 +- .../ip-pool-db/hosts/moon/etc/strongswan.conf | 9 +- testing/tests/ikev2/ip-pool-db/posttest.dat | 2 + testing/tests/ikev2/ip-pool-db/pretest.dat | 3 + .../ip-pool-wish/hosts/carol/etc/strongswan.conf | 2 +- .../ip-pool-wish/hosts/dave/etc/strongswan.conf | 2 +- .../ip-pool-wish/hosts/moon/etc/strongswan.conf | 2 +- .../ikev2/ip-pool/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/ip-pool/hosts/dave/etc/strongswan.conf | 2 +- .../ikev2/ip-pool/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 9 +- .../hosts/alice/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../ip-two-pools-db/hosts/dave/etc/strongswan.conf | 2 +- .../ip-two-pools-db/hosts/moon/etc/strongswan.conf | 9 +- .../hosts/venus/etc/strongswan.conf | 2 +- .../hosts/alice/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 9 +- .../ip-two-pools/hosts/alice/etc/strongswan.conf | 2 +- .../ip-two-pools/hosts/carol/etc/strongswan.conf | 2 +- .../ip-two-pools/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/mobike-nat/description.txt | 2 +- .../mobike-nat/hosts/alice/etc/init.d/iptables | 4 + .../ikev2/mobike-nat/hosts/alice/etc/ipsec.conf | 1 - .../mobike-nat/hosts/alice/etc/strongswan.conf | 2 +- .../ikev2/mobike-nat/hosts/sun/etc/init.d/iptables | 84 + .../ikev2/mobike-nat/hosts/sun/etc/ipsec.conf | 1 - .../ikev2/mobike-nat/hosts/sun/etc/strongswan.conf | 2 +- .../hosts/alice/etc/init.d/iptables | 4 + .../mobike-virtual-ip/hosts/alice/etc/ipsec.conf | 1 - .../hosts/alice/etc/strongswan.conf | 2 +- .../hosts/sun/etc/init.d/iptables | 84 + .../mobike-virtual-ip/hosts/sun/etc/ipsec.conf | 1 - .../hosts/sun/etc/strongswan.conf | 2 +- .../ikev2/mobike/hosts/alice/etc/strongswan.conf | 2 +- .../ikev2/mobike/hosts/sun/etc/init.d/iptables | 90 + .../tests/ikev2/mobike/hosts/sun/etc/ipsec.conf | 1 - .../ikev2/mobike/hosts/sun/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 6 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../tests/ikev2/multi-level-ca-loop/evaltest.dat | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../ikev2/multi-level-ca-pathlen/description.txt | 5 + .../ikev2/multi-level-ca-pathlen/evaltest.dat | 4 + .../hosts/carol/etc/ipsec.conf | 23 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 24 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 5 + .../hosts/moon/etc/ipsec.conf | 22 + .../hosts/moon/etc/ipsec.d/cacerts/duckCert.pem | 23 + .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 + .../hosts/moon/etc/strongswan.conf | 5 + .../ikev2/multi-level-ca-pathlen/posttest.dat | 3 + .../tests/ikev2/multi-level-ca-pathlen/pretest.dat | 5 + .../tests/ikev2/multi-level-ca-pathlen/test.conf | 21 + .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../multi-level-ca/hosts/carol/etc/strongswan.conf | 2 +- .../multi-level-ca/hosts/dave/etc/strongswan.conf | 2 +- .../multi-level-ca/hosts/moon/etc/strongswan.conf | 2 +- .../nat-one-rw/hosts/alice/etc/strongswan.conf | 2 +- .../ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf | 2 +- .../nat-two-rw-psk/hosts/alice/etc/strongswan.conf | 2 +- .../nat-two-rw-psk/hosts/sun/etc/strongswan.conf | 2 +- .../nat-two-rw-psk/hosts/venus/etc/strongswan.conf | 2 +- .../nat-two-rw/hosts/alice/etc/strongswan.conf | 2 +- .../ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf | 2 +- .../nat-two-rw/hosts/venus/etc/strongswan.conf | 2 +- .../net2net-cert/hosts/moon/etc/strongswan.conf | 2 +- .../net2net-cert/hosts/sun/etc/strongswan.conf | 2 +- testing/tests/ikev2/net2net-pgp-v3/description.txt | 6 + testing/tests/ikev2/net2net-pgp-v3/evaltest.dat | 5 + .../ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf | 22 + .../hosts/moon/etc/ipsec.d/certs/moonCert.asc | 15 + .../hosts/moon/etc/ipsec.d/certs/sunCert.asc | 15 + .../hosts/moon/etc/ipsec.d/private/moonKey.asc | 19 + .../net2net-pgp-v3/hosts/moon/etc/ipsec.secrets | 3 + .../net2net-pgp-v3/hosts/moon/etc/strongswan.conf | 6 + .../ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf | 22 + .../hosts/sun/etc/ipsec.d/certs/moonCert.asc | 15 + .../hosts/sun/etc/ipsec.d/certs/sunCert.asc | 15 + .../hosts/sun/etc/ipsec.d/private/sunKey.asc | 19 + .../net2net-pgp-v3/hosts/sun/etc/ipsec.secrets | 3 + .../net2net-pgp-v3/hosts/sun/etc/strongswan.conf | 6 + testing/tests/ikev2/net2net-pgp-v3/posttest.dat | 8 + testing/tests/ikev2/net2net-pgp-v3/pretest.dat | 8 + testing/tests/ikev2/net2net-pgp-v3/test.conf | 21 + testing/tests/ikev2/net2net-pgp-v4/description.txt | 6 + testing/tests/ikev2/net2net-pgp-v4/evaltest.dat | 5 + .../ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf | 22 + .../hosts/moon/etc/ipsec.d/certs/moonCert.asc | 24 + .../hosts/moon/etc/ipsec.d/certs/sunCert.asc | 24 + .../hosts/moon/etc/ipsec.d/private/moonKey.asc | 32 + .../net2net-pgp-v4/hosts/moon/etc/ipsec.secrets | 3 + .../net2net-pgp-v4/hosts/moon/etc/strongswan.conf | 6 + .../ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf | 22 + .../hosts/sun/etc/ipsec.d/certs/moonCert.asc | 24 + .../hosts/sun/etc/ipsec.d/certs/sunCert.asc | 24 + .../hosts/sun/etc/ipsec.d/private/sunKey.asc | 32 + .../net2net-pgp-v4/hosts/sun/etc/ipsec.secrets | 3 + .../net2net-pgp-v4/hosts/sun/etc/strongswan.conf | 6 + testing/tests/ikev2/net2net-pgp-v4/posttest.dat | 8 + testing/tests/ikev2/net2net-pgp-v4/pretest.dat | 8 + testing/tests/ikev2/net2net-pgp-v4/test.conf | 21 + .../net2net-psk/hosts/moon/etc/strongswan.conf | 2 +- .../net2net-psk/hosts/sun/etc/strongswan.conf | 2 +- .../tests/ikev2/net2net-rfc3779/description.txt | 11 + testing/tests/ikev2/net2net-rfc3779/evaltest.dat | 15 + .../net2net-rfc3779/hosts/moon/etc/ipsec.conf | 26 + .../moon/etc/ipsec.d/cacerts/strongswanCert.pem | 26 + .../hosts/moon/etc/ipsec.d/certs/moonCert.pem | 28 + .../hosts/moon/etc/ipsec.d/private/moonKey.pem | 27 + .../net2net-rfc3779/hosts/moon/etc/strongswan.conf | 6 + .../ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf | 26 + .../sun/etc/ipsec.d/cacerts/strongswanCert.pem | 26 + .../hosts/sun/etc/ipsec.d/certs/sunCert.pem | 28 + .../hosts/sun/etc/ipsec.d/private/sunKey.pem | 27 + .../net2net-rfc3779/hosts/sun/etc/strongswan.conf | 6 + testing/tests/ikev2/net2net-rfc3779/posttest.dat | 5 + testing/tests/ikev2/net2net-rfc3779/pretest.dat | 7 + testing/tests/ikev2/net2net-rfc3779/test.conf | 21 + .../net2net-route/hosts/moon/etc/strongswan.conf | 2 +- .../net2net-route/hosts/sun/etc/strongswan.conf | 2 +- .../net2net-start/hosts/moon/etc/strongswan.conf | 2 +- .../net2net-start/hosts/sun/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../ocsp-local-cert/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf | 2 +- .../carol/etc/ipsec.d/certs/carolCert-revoked.pem | 25 - .../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 25 + .../carol/etc/ipsec.d/private/carolKey-revoked.pem | 27 - .../carol/etc/ipsec.d/private/carolRevokedKey.pem | 27 + .../ocsp-revoked/hosts/carol/etc/ipsec.secrets | 2 +- .../ocsp-revoked/hosts/carol/etc/strongswan.conf | 2 +- .../ocsp-revoked/hosts/moon/etc/strongswan.conf | 2 +- .../ocsp-root-cert/hosts/carol/etc/strongswan.conf | 2 +- .../ocsp-root-cert/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../protoport-dual/hosts/carol/etc/strongswan.conf | 2 +- .../protoport-dual/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../protoport-route/hosts/moon/etc/strongswan.conf | 2 +- .../reauth-early/hosts/carol/etc/strongswan.conf | 2 +- .../reauth-early/hosts/moon/etc/strongswan.conf | 2 +- .../reauth-late/hosts/carol/etc/strongswan.conf | 2 +- .../reauth-late/hosts/moon/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat | 2 +- .../rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf | 2 +- .../rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 6 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 4 +- .../rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf | 2 +- .../rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/ipsec.d/triplets.dat | 6 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 6 +- .../ikev2/rw-eap-sim-only-radius/description.txt | 14 + .../ikev2/rw-eap-sim-only-radius/evaltest.dat | 15 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/eap.conf | 5 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 123 + .../hosts/alice/etc/raddb/sites-available/default | 62 + .../hosts/alice/etc/raddb/triplets.dat | 7 + .../hosts/alice/etc/raddb/users | 0 .../hosts/carol/etc/ipsec.conf | 21 + .../hosts/carol/etc/ipsec.d/triplets.dat | 3 + .../hosts/carol/etc/ipsec.secrets | 1 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/dave/etc/ipsec.conf | 21 + .../hosts/dave/etc/ipsec.d/triplets.dat | 3 + .../hosts/dave/etc/ipsec.secrets | 1 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/moon/etc/init.d/iptables | 84 + .../hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/ipsec.secrets | 1 + .../hosts/moon/etc/strongswan.conf | 12 + .../ikev2/rw-eap-sim-only-radius/posttest.dat | 7 + .../tests/ikev2/rw-eap-sim-only-radius/pretest.dat | 18 + .../tests/ikev2/rw-eap-sim-only-radius/test.conf | 21 + .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 4 +- testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat | 2 +- .../hosts/carol/etc/ipsec.d/triplets.dat | 6 +- .../rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf | 2 +- .../hosts/moon/etc/ipsec.d/triplets.dat | 6 +- .../rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../rw-hash-and-url/hosts/dave/etc/strongswan.conf | 2 +- .../rw-hash-and-url/hosts/moon/etc/strongswan.conf | 2 +- .../rw-psk-fqdn/hosts/carol/etc/strongswan.conf | 2 +- .../rw-psk-fqdn/hosts/dave/etc/strongswan.conf | 2 +- .../rw-psk-fqdn/hosts/moon/etc/strongswan.conf | 2 +- .../rw-psk-ipv4/hosts/carol/etc/strongswan.conf | 2 +- .../rw-psk-ipv4/hosts/dave/etc/strongswan.conf | 2 +- .../rw-psk-ipv4/hosts/moon/etc/strongswan.conf | 2 +- .../rw-psk-no-idr/hosts/carol/etc/strongswan.conf | 2 +- .../rw-psk-no-idr/hosts/dave/etc/strongswan.conf | 2 +- .../rw-psk-no-idr/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../two-certs/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/two-certs/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../virtual-ip/hosts/carol/etc/strongswan.conf | 2 +- .../virtual-ip/hosts/dave/etc/strongswan.conf | 2 +- .../virtual-ip/hosts/moon/etc/strongswan.conf | 2 +- .../wildcards/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/wildcards/hosts/dave/etc/strongswan.conf | 2 +- .../ikev2/wildcards/hosts/moon/etc/strongswan.conf | 2 +- .../host2host-ikev2/hosts/moon/etc/init.d/iptables | 9 +- .../ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf | 6 + .../host2host-ikev2/hosts/moon/etc/strongswan.conf | 3 +- .../host2host-ikev2/hosts/sun/etc/init.d/iptables | 9 +- .../ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf | 6 + .../host2host-ikev2/hosts/sun/etc/strongswan.conf | 3 +- testing/tests/ipv6/host2host-ikev2/pretest.dat | 1 + .../net2net-ikev2/hosts/moon/etc/init.d/iptables | 9 +- .../ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf | 6 + .../net2net-ikev2/hosts/moon/etc/strongswan.conf | 3 +- .../net2net-ikev2/hosts/sun/etc/init.d/iptables | 9 +- .../ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf | 6 + .../net2net-ikev2/hosts/sun/etc/strongswan.conf | 3 +- testing/tests/ipv6/net2net-ikev2/pretest.dat | 1 + .../ipv6/net2net-ip4-in-ip6-ikev1/description.txt | 4 + .../ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat | 5 + .../hosts/moon/etc/init.d/iptables | 107 + .../hosts/moon/etc/ipsec.conf | 28 + .../hosts/sun/etc/init.d/iptables | 107 + .../hosts/sun/etc/ipsec.conf | 28 + .../ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat | 2 + .../ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat | 7 + .../tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf | 21 + .../hosts/moon/etc/init.d/iptables | 9 +- .../hosts/moon/etc/ipsec.conf | 7 + .../hosts/moon/etc/strongswan.conf | 3 +- .../hosts/sun/etc/init.d/iptables | 9 +- .../hosts/sun/etc/ipsec.conf | 7 + .../hosts/sun/etc/strongswan.conf | 3 +- .../ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat | 2 + .../ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat | 5 +- .../ipv6/net2net-ip6-in-ip4-ikev1/description.txt | 6 + .../ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat | 5 + .../hosts/moon/etc/init.d/iptables | 107 + .../hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/strongswan.conf | 5 + .../hosts/sun/etc/init.d/iptables | 107 + .../hosts/sun/etc/ipsec.conf | 25 + .../hosts/sun/etc/strongswan.conf | 5 + .../ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat | 6 + .../ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat | 11 + .../tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf | 21 + .../hosts/moon/etc/init.d/iptables | 31 +- .../hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/init.d/iptables | 35 +- .../hosts/sun/etc/ipsec.conf | 1 + .../hosts/sun/etc/strongswan.conf | 2 +- .../ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat | 2 + .../ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat | 5 +- .../ipv6/net2net-rfc3779-ikev2/description.txt | 11 + .../tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat | 7 + .../hosts/moon/etc/init.d/iptables | 104 + .../hosts/moon/etc/ipsec.conf | 34 + .../moon/etc/ipsec.d/cacerts/strongswanCert.pem | 26 + .../hosts/moon/etc/ipsec.d/certs/moonCert.pem | 28 + .../hosts/moon/etc/ipsec.d/private/moonKey.pem | 27 + .../hosts/moon/etc/strongswan.conf | 6 + .../hosts/sun/etc/init.d/iptables | 104 + .../net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf | 34 + .../sun/etc/ipsec.d/cacerts/strongswanCert.pem | 26 + .../hosts/sun/etc/ipsec.d/certs/sunCert.pem | 28 + .../hosts/sun/etc/ipsec.d/private/sunKey.pem | 27 + .../hosts/sun/etc/strongswan.conf | 6 + .../tests/ipv6/net2net-rfc3779-ikev2/posttest.dat | 8 + .../tests/ipv6/net2net-rfc3779-ikev2/pretest.dat | 11 + testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf | 21 + .../ipv6/rw-ikev2/hosts/carol/etc/init.d/iptables | 9 +- .../tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf | 6 + .../ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf | 3 +- .../ipv6/rw-ikev2/hosts/dave/etc/init.d/iptables | 9 +- .../tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf | 6 + .../ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf | 3 +- .../ipv6/rw-ikev2/hosts/moon/etc/init.d/iptables | 9 +- .../tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf | 6 + .../ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf | 3 +- testing/tests/ipv6/rw-ikev2/pretest.dat | 1 + .../rw-psk-ikev2/hosts/carol/etc/init.d/iptables | 7 - .../rw-psk-ikev2/hosts/carol/etc/strongswan.conf | 2 +- .../rw-psk-ikev2/hosts/dave/etc/init.d/iptables | 7 - .../rw-psk-ikev2/hosts/dave/etc/strongswan.conf | 2 +- .../rw-psk-ikev2/hosts/moon/etc/init.d/iptables | 7 - .../rw-psk-ikev2/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ipv6/rw-psk-ikev2/pretest.dat | 1 + .../tests/ipv6/rw-rfc3779-ikev2/description.txt | 12 + testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat | 14 + .../hosts/carol/etc/init.d/iptables | 104 + .../rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf | 29 + .../carol/etc/ipsec.d/cacerts/strongswanCert.pem | 26 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 27 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../rw-rfc3779-ikev2/hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/dave/etc/init.d/iptables | 104 + .../rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf | 29 + .../dave/etc/ipsec.d/cacerts/strongswanCert.pem | 26 + .../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 27 + .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 27 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/moon/etc/init.d/iptables | 104 + .../rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf | 28 + .../moon/etc/ipsec.d/cacerts/strongswanCert.pem | 26 + .../hosts/moon/etc/ipsec.d/certs/moonCert.pem | 28 + .../hosts/moon/etc/ipsec.d/private/moonKey.pem | 27 + .../hosts/moon/etc/strongswan.conf | 6 + testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat | 9 + testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat | 13 + testing/tests/ipv6/rw-rfc3779-ikev2/test.conf | 21 + .../transport-ikev2/hosts/moon/etc/init.d/iptables | 9 +- .../ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf | 6 + .../transport-ikev2/hosts/moon/etc/strongswan.conf | 3 +- .../transport-ikev2/hosts/sun/etc/init.d/iptables | 9 +- .../ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf | 6 + .../transport-ikev2/hosts/sun/etc/strongswan.conf | 3 +- testing/tests/ipv6/transport-ikev2/pretest.dat | 1 + .../openssl-ikev1/alg-camellia/description.txt | 4 + .../tests/openssl-ikev1/alg-camellia/evaltest.dat | 11 + .../alg-camellia/hosts/carol/etc/ipsec.conf | 24 + .../alg-camellia/hosts/carol/etc/strongswan.conf | 11 + .../alg-camellia/hosts/moon/etc/ipsec.conf | 24 + .../alg-camellia/hosts/moon/etc/strongswan.conf | 11 + .../tests/openssl-ikev1/alg-camellia/posttest.dat | 2 + .../tests/openssl-ikev1/alg-camellia/pretest.dat | 5 + testing/tests/openssl-ikev1/alg-camellia/test.conf | 22 + .../alg-ecp-high/hosts/carol/etc/strongswan.conf | 2 +- .../alg-ecp-high/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-high/hosts/moon/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/carol/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/moon/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/carol/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/dave/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/moon/etc/strongswan.conf | 2 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../tests/openssl-ikev2/alg-blowfish/evaltest.dat | 20 +- .../alg-blowfish/hosts/carol/etc/strongswan.conf | 2 +- .../alg-blowfish/hosts/dave/etc/strongswan.conf | 2 +- .../alg-blowfish/hosts/moon/etc/strongswan.conf | 2 +- .../tests/openssl-ikev2/alg-camellia/evaltest.dat | 4 +- .../alg-camellia/hosts/carol/etc/strongswan.conf | 2 +- .../alg-camellia/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/openssl-ikev2/alg-camellia/test.conf | 2 +- .../alg-ecp-high/hosts/carol/etc/strongswan.conf | 2 +- .../alg-ecp-high/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-high/hosts/moon/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/carol/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/moon/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/carol/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/dave/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/moon/etc/strongswan.conf | 2 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/alice/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/venus/etc/strongswan.conf | 2 +- .../medsrv-psk/hosts/alice/etc/strongswan.conf | 2 +- .../medsrv-psk/hosts/bob/etc/strongswan.conf | 2 +- .../medsrv-psk/hosts/carol/etc/strongswan.conf | 2 +- testing/tests/pfkey/alg-aes-xcbc/description.txt | 4 +- testing/tests/pfkey/alg-aes-xcbc/evaltest.dat | 13 +- .../pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf | 4 +- .../alg-aes-xcbc/hosts/carol/etc/strongswan.conf | 2 +- .../pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf | 4 +- .../alg-aes-xcbc/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/pfkey/alg-aes-xcbc/test.conf | 2 +- testing/tests/pfkey/alg-sha384/description.txt | 4 + testing/tests/pfkey/alg-sha384/evaltest.dat | 11 + .../pfkey/alg-sha384/hosts/carol/etc/ipsec.conf | 25 + .../alg-sha384/hosts/carol/etc/strongswan.conf | 5 + .../pfkey/alg-sha384/hosts/moon/etc/ipsec.conf | 24 + .../alg-sha384/hosts/moon/etc/strongswan.conf | 5 + testing/tests/pfkey/alg-sha384/posttest.dat | 4 + testing/tests/pfkey/alg-sha384/pretest.dat | 6 + testing/tests/pfkey/alg-sha384/test.conf | 21 + testing/tests/pfkey/alg-sha512/description.txt | 4 + testing/tests/pfkey/alg-sha512/evaltest.dat | 11 + .../pfkey/alg-sha512/hosts/carol/etc/ipsec.conf | 25 + .../alg-sha512/hosts/carol/etc/strongswan.conf | 5 + .../pfkey/alg-sha512/hosts/moon/etc/ipsec.conf | 24 + .../alg-sha512/hosts/moon/etc/strongswan.conf | 5 + testing/tests/pfkey/alg-sha512/posttest.dat | 4 + testing/tests/pfkey/alg-sha512/pretest.dat | 6 + testing/tests/pfkey/alg-sha512/test.conf | 21 + testing/tests/pfkey/esp-alg-null/evaltest.dat | 4 +- .../esp-alg-null/hosts/carol/etc/strongswan.conf | 2 +- .../esp-alg-null/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/pfkey/esp-alg-null/test.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/strongswan.conf | 2 +- .../nat-two-rw/hosts/alice/etc/strongswan.conf | 2 +- .../pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf | 2 +- .../nat-two-rw/hosts/venus/etc/strongswan.conf | 2 +- .../net2net-route/hosts/moon/etc/strongswan.conf | 2 +- .../net2net-route/hosts/sun/etc/strongswan.conf | 2 +- .../protoport-dual/hosts/carol/etc/strongswan.conf | 2 +- .../protoport-dual/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../protoport-route/hosts/moon/etc/strongswan.conf | 2 +- .../pfkey/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../pfkey/rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../pfkey/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/ipsec.d/data.sql | 8 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/ipsec.d/data.sql | 8 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/ipsec.d/data.sql | 8 +- .../hosts/moon/etc/strongswan.conf | 10 +- .../hosts/carol/etc/ipsec.d/data.sql | 8 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/ipsec.d/data.sql | 8 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/ipsec.d/data.sql | 8 +- .../hosts/moon/etc/strongswan.conf | 10 +- testing/tests/sql/ip-pool-db/evaltest.dat | 11 + .../ip-pool-db/hosts/carol/etc/ipsec.d/data.sql | 8 +- .../sql/ip-pool-db/hosts/carol/etc/strongswan.conf | 2 +- .../sql/ip-pool-db/hosts/dave/etc/ipsec.d/data.sql | 8 +- .../sql/ip-pool-db/hosts/dave/etc/strongswan.conf | 2 +- .../sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql | 33 +- .../sql/ip-pool-db/hosts/moon/etc/strongswan.conf | 10 +- testing/tests/sql/ip-pool-db/pretest.dat | 1 + .../hosts/carol/etc/ipsec.d/data.sql | 8 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/ipsec.d/data.sql | 8 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/ipsec.d/data.sql | 8 +- .../hosts/moon/etc/strongswan.conf | 10 +- .../hosts/carol/etc/ipsec.d/data.sql | 8 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/ipsec.d/data.sql | 8 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/ipsec.d/data.sql | 8 +- .../hosts/moon/etc/strongswan.conf | 10 +- .../net2net-cert/hosts/moon/etc/ipsec.d/data.sql | 8 +- .../net2net-cert/hosts/moon/etc/strongswan.conf | 2 +- .../net2net-cert/hosts/sun/etc/ipsec.d/data.sql | 10 +- .../sql/net2net-cert/hosts/sun/etc/strongswan.conf | 2 +- .../sql/net2net-psk/hosts/moon/etc/strongswan.conf | 2 +- .../sql/net2net-psk/hosts/sun/etc/strongswan.conf | 2 +- .../sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql | 8 +- .../sql/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../sql/rw-cert/hosts/dave/etc/ipsec.d/data.sql | 8 +- .../sql/rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../sql/rw-cert/hosts/moon/etc/ipsec.d/data.sql | 8 +- .../sql/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/sql/rw-eap-aka-rsa/evaltest.dat | 2 +- .../hosts/carol/etc/ipsec.d/data.sql | 2 +- .../rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf | 4 +- .../rw-eap-aka-rsa/hosts/moon/etc/ipsec.d/data.sql | 18 +- .../rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf | 4 +- .../rw-psk-ipv4/hosts/carol/etc/strongswan.conf | 2 +- .../sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf | 2 +- .../sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf | 2 +- .../rw-psk-ipv6/hosts/carol/etc/strongswan.conf | 2 +- .../sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf | 2 +- .../sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/ipsec.d/data.sql | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/ipsec.d/data.sql | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/ipsec.d/data.sql | 8 +- .../hosts/moon/etc/strongswan.conf | 2 +- testing/tests/sql/rw-rsa-keyid/evaltest.dat | 8 +- .../rw-rsa-keyid/hosts/carol/etc/ipsec.d/data.sql | 10 +- .../rw-rsa-keyid/hosts/carol/etc/strongswan.conf | 2 +- .../rw-rsa-keyid/hosts/dave/etc/ipsec.d/data.sql | 13 +- .../rw-rsa-keyid/hosts/dave/etc/strongswan.conf | 2 +- .../rw-rsa-keyid/hosts/moon/etc/ipsec.d/data.sql | 14 +- .../rw-rsa-keyid/hosts/moon/etc/strongswan.conf | 2 +- .../sql/rw-rsa/hosts/carol/etc/ipsec.d/data.sql | 10 +- .../sql/rw-rsa/hosts/carol/etc/strongswan.conf | 2 +- .../sql/rw-rsa/hosts/dave/etc/ipsec.d/data.sql | 10 +- .../sql/rw-rsa/hosts/dave/etc/strongswan.conf | 2 +- .../sql/rw-rsa/hosts/moon/etc/ipsec.d/data.sql | 14 +- .../sql/rw-rsa/hosts/moon/etc/strongswan.conf | 2 +- 1990 files changed, 82586 insertions(+), 60030 deletions(-) create mode 100644 m4/config/libtool.m4 create mode 100644 m4/config/ltoptions.m4 create mode 100644 m4/config/ltsugar.m4 create mode 100644 m4/config/ltversion.m4 create mode 100644 m4/config/lt~obsolete.m4 create mode 100644 m4/macros/enable-disable.m4 create mode 100644 m4/macros/with.m4 delete mode 100644 src/charon/config/attributes/attribute_handler.h delete mode 100644 src/charon/config/attributes/attribute_manager.c delete mode 100644 src/charon/config/attributes/attribute_manager.h delete mode 100644 src/charon/config/attributes/attribute_provider.h delete mode 100644 src/charon/config/traffic_selector.c delete mode 100644 src/charon/config/traffic_selector.h delete mode 100644 src/charon/plugins/eap_aka/eap_aka.c delete mode 100644 src/charon/plugins/eap_aka/eap_aka.h create mode 100644 src/charon/plugins/eap_aka/eap_aka_peer.c create mode 100644 src/charon/plugins/eap_aka/eap_aka_peer.h create mode 100644 src/charon/plugins/eap_aka/eap_aka_server.c create mode 100644 src/charon/plugins/eap_aka/eap_aka_server.h create mode 100644 src/charon/plugins/eap_aka_3gpp2/Makefile.am create mode 100644 src/charon/plugins/eap_aka_3gpp2/Makefile.in create mode 100644 src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c create mode 100644 src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h create mode 100644 src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c create mode 100644 src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h create mode 100644 src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c create mode 100644 src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h create mode 100644 src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c create mode 100644 src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h delete mode 100644 src/charon/plugins/eap_sim/eap_sim.c delete mode 100644 src/charon/plugins/eap_sim/eap_sim.h create mode 100644 src/charon/plugins/eap_sim/eap_sim_peer.c create mode 100644 src/charon/plugins/eap_sim/eap_sim_peer.h create mode 100644 src/charon/plugins/eap_sim/eap_sim_server.c create mode 100644 src/charon/plugins/eap_sim/eap_sim_server.h create mode 100644 src/charon/plugins/eap_simaka_pseudonym/Makefile.am create mode 100644 src/charon/plugins/eap_simaka_pseudonym/Makefile.in create mode 100644 src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c create mode 100644 src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h create mode 100644 src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c create mode 100644 src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h create mode 100644 src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c create mode 100644 src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h create mode 100644 src/charon/plugins/eap_simaka_reauth/Makefile.am create mode 100644 src/charon/plugins/eap_simaka_reauth/Makefile.in create mode 100644 src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c create mode 100644 src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h create mode 100644 src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c create mode 100644 src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h create mode 100644 src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c create mode 100644 src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h delete mode 100644 src/charon/plugins/resolv_conf/Makefile.am delete mode 100644 src/charon/plugins/resolv_conf/Makefile.in delete mode 100644 src/charon/plugins/resolv_conf/resolv_conf_handler.c delete mode 100644 src/charon/plugins/resolv_conf/resolv_conf_handler.h delete mode 100644 src/charon/plugins/resolv_conf/resolv_conf_plugin.c delete mode 100644 src/charon/plugins/resolv_conf/resolv_conf_plugin.h create mode 100644 src/charon/plugins/resolve/Makefile.am create mode 100644 src/charon/plugins/resolve/Makefile.in create mode 100644 src/charon/plugins/resolve/resolve_handler.c create mode 100644 src/charon/plugins/resolve/resolve_handler.h create mode 100644 src/charon/plugins/resolve/resolve_plugin.c create mode 100644 src/charon/plugins/resolve/resolve_plugin.h delete mode 100644 src/charon/plugins/sql/pool.c delete mode 100644 src/charon/plugins/sql/sql_attribute.c delete mode 100644 src/charon/plugins/sql/sql_attribute.h create mode 100644 src/charon/processing/jobs/inactivity_job.c create mode 100644 src/charon/processing/jobs/inactivity_job.h create mode 100644 src/charon/sa/tasks/ike_vendor.c create mode 100644 src/charon/sa/tasks/ike_vendor.h create mode 100644 src/libsimaka/Makefile.am create mode 100644 src/libsimaka/Makefile.in create mode 100644 src/libsimaka/simaka_crypto.c create mode 100644 src/libsimaka/simaka_crypto.h create mode 100644 src/libsimaka/simaka_message.c create mode 100644 src/libsimaka/simaka_message.h delete mode 100755 src/libstrongswan/asn1/pem.c delete mode 100755 src/libstrongswan/asn1/pem.h create mode 100644 src/libstrongswan/attributes/attribute_handler.h create mode 100644 src/libstrongswan/attributes/attribute_manager.c create mode 100644 src/libstrongswan/attributes/attribute_manager.h create mode 100644 src/libstrongswan/attributes/attribute_provider.h create mode 100644 src/libstrongswan/attributes/attributes.c create mode 100644 src/libstrongswan/attributes/attributes.h create mode 100644 src/libstrongswan/credentials/certificates/pgp_certificate.h create mode 100644 src/libstrongswan/credentials/certificates/pkcs10.h create mode 100644 src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c create mode 100644 src/libstrongswan/credentials/ietf_attributes/ietf_attributes.h create mode 100644 src/libstrongswan/credentials/keys/key_encoding.c create mode 100644 src/libstrongswan/credentials/keys/key_encoding.h delete mode 100644 src/libstrongswan/pgp/pgp.c delete mode 100644 src/libstrongswan/pgp/pgp.h create mode 100644 src/libstrongswan/plugins/attr_sql/Makefile.am create mode 100644 src/libstrongswan/plugins/attr_sql/Makefile.in create mode 100644 src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c create mode 100644 src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h create mode 100644 src/libstrongswan/plugins/attr_sql/pool.c create mode 100644 src/libstrongswan/plugins/attr_sql/sql_attribute.c create mode 100644 src/libstrongswan/plugins/attr_sql/sql_attribute.h create mode 100644 src/libstrongswan/plugins/dnskey/Makefile.am create mode 100644 src/libstrongswan/plugins/dnskey/Makefile.in create mode 100644 src/libstrongswan/plugins/dnskey/dnskey_builder.c create mode 100644 src/libstrongswan/plugins/dnskey/dnskey_builder.h create mode 100644 src/libstrongswan/plugins/dnskey/dnskey_plugin.c create mode 100644 src/libstrongswan/plugins/dnskey/dnskey_plugin.h create mode 100644 src/libstrongswan/plugins/pem/Makefile.am create mode 100644 src/libstrongswan/plugins/pem/Makefile.in create mode 100644 src/libstrongswan/plugins/pem/pem_builder.c create mode 100644 src/libstrongswan/plugins/pem/pem_builder.h create mode 100644 src/libstrongswan/plugins/pem/pem_plugin.c create mode 100644 src/libstrongswan/plugins/pem/pem_plugin.h create mode 100644 src/libstrongswan/plugins/pgp/Makefile.am create mode 100644 src/libstrongswan/plugins/pgp/Makefile.in create mode 100644 src/libstrongswan/plugins/pgp/pgp_builder.c create mode 100644 src/libstrongswan/plugins/pgp/pgp_builder.h create mode 100644 src/libstrongswan/plugins/pgp/pgp_cert.c create mode 100644 src/libstrongswan/plugins/pgp/pgp_cert.h create mode 100644 src/libstrongswan/plugins/pgp/pgp_encoder.c create mode 100644 src/libstrongswan/plugins/pgp/pgp_encoder.h create mode 100644 src/libstrongswan/plugins/pgp/pgp_plugin.c create mode 100644 src/libstrongswan/plugins/pgp/pgp_plugin.h create mode 100644 src/libstrongswan/plugins/pgp/pgp_utils.c create mode 100644 src/libstrongswan/plugins/pgp/pgp_utils.h create mode 100644 src/libstrongswan/plugins/pkcs1/Makefile.am create mode 100644 src/libstrongswan/plugins/pkcs1/Makefile.in create mode 100644 src/libstrongswan/plugins/pkcs1/pkcs1_builder.c create mode 100644 src/libstrongswan/plugins/pkcs1/pkcs1_builder.h create mode 100644 src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c create mode 100644 src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h create mode 100644 src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c create mode 100644 src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h delete mode 100644 src/libstrongswan/plugins/pubkey/pubkey_public_key.c delete mode 100644 src/libstrongswan/plugins/pubkey/pubkey_public_key.h delete mode 100644 src/libstrongswan/plugins/x509/ietf_attr_list.c delete mode 100644 src/libstrongswan/plugins/x509/ietf_attr_list.h create mode 100644 src/libstrongswan/plugins/x509/x509_pkcs10.c create mode 100644 src/libstrongswan/plugins/x509/x509_pkcs10.h create mode 100644 src/libstrongswan/selectors/traffic_selector.c create mode 100644 src/libstrongswan/selectors/traffic_selector.h create mode 100644 src/libstrongswan/threading/condvar.h create mode 100644 src/libstrongswan/threading/lock_profiler.h create mode 100644 src/libstrongswan/threading/mutex.c create mode 100644 src/libstrongswan/threading/mutex.h create mode 100644 src/libstrongswan/threading/rwlock.c create mode 100644 src/libstrongswan/threading/rwlock.h create mode 100644 src/libstrongswan/threading/thread.c create mode 100644 src/libstrongswan/threading/thread.h create mode 100644 src/libstrongswan/threading/thread_value.c create mode 100644 src/libstrongswan/threading/thread_value.h delete mode 100644 src/libstrongswan/utils/mutex.c delete mode 100644 src/libstrongswan/utils/mutex.h create mode 100644 src/pki/Makefile.am create mode 100644 src/pki/Makefile.in create mode 100644 src/pki/command.c create mode 100644 src/pki/command.h create mode 100644 src/pki/commands/gen.c create mode 100644 src/pki/commands/issue.c create mode 100644 src/pki/commands/keyid.c create mode 100644 src/pki/commands/pub.c create mode 100644 src/pki/commands/req.c create mode 100644 src/pki/commands/self.c create mode 100644 src/pki/commands/verify.c create mode 100644 src/pki/pki.c create mode 100644 src/pki/pki.h create mode 100644 src/pluto/builder.c create mode 100644 src/pluto/builder.h delete mode 100644 src/pluto/id.c delete mode 100644 src/pluto/id.h create mode 100644 src/pluto/myid.c create mode 100644 src/pluto/myid.h delete mode 100644 src/pluto/pem.c delete mode 100644 src/pluto/pem.h delete mode 100644 src/pluto/pgpcert.c delete mode 100644 src/pluto/pgpcert.h delete mode 100644 src/scepclient/pkcs10.c delete mode 100644 src/scepclient/pkcs10.h create mode 100644 testing/hosts/winnetou/etc/openssl/certs/160769ece9ead9c1c4d89c34aa004c3b66402081 create mode 100644 testing/hosts/winnetou/etc/openssl/certs/442b7162c7a4c27bd0f1076e345c5664bed53c7c create mode 100644 testing/hosts/winnetou/etc/openssl/certs/45b967b2f9b4a8855235b2d01249cd1e079348aa create mode 100644 testing/hosts/winnetou/etc/openssl/certs/644c5cc8c42a6c8cfe62f6a83bb0dbb43f0f0fb4 create mode 100644 testing/hosts/winnetou/etc/openssl/certs/c45be2b38883548967f4f959fd5ec0822f65237b create mode 100644 testing/hosts/winnetou/etc/openssl/certs/dbb808e4f319d815aadd8dab6f6ae5b717800e83 create mode 100644 testing/hosts/winnetou/etc/openssl/certs/de106e5254cbafddb683117f90174910f43b5ae3 create mode 100644 testing/hosts/winnetou/etc/openssl/certs/de216601f06d10a41171392fdfc9127f0bb9d5b0 create mode 100644 testing/hosts/winnetou/etc/openssl/certs/edde495f4fb6db4e3eff85bcaecda2a3ccc58fcf create mode 100644 testing/hosts/winnetou/etc/openssl/certs/rfc3779/0b5362afd8838bafb66c854732b490d5d8318261 create mode 100644 testing/hosts/winnetou/etc/openssl/certs/rfc3779/533394399c61128c957881790d70511537798da1 create mode 100644 testing/hosts/winnetou/etc/openssl/certs/rfc3779/6b5aec8fe9dcb8d0f707490abc84ab0890a7d2da create mode 100644 testing/hosts/winnetou/etc/openssl/certs/rfc3779/b8a73c3433f4e341cc7c4ae42989f0a23a956488 create mode 100644 testing/hosts/winnetou/etc/openssl/duck/.rand create mode 100644 testing/hosts/winnetou/etc/openssl/duck/crlnumber create mode 100644 testing/hosts/winnetou/etc/openssl/duck/duckCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/duck/duckKey.pem create mode 100644 testing/hosts/winnetou/etc/openssl/duck/duckReq.pem create mode 100644 testing/hosts/winnetou/etc/openssl/duck/index.txt create mode 100644 testing/hosts/winnetou/etc/openssl/duck/index.txt.attr create mode 100644 testing/hosts/winnetou/etc/openssl/duck/index.txt.old create mode 100644 testing/hosts/winnetou/etc/openssl/duck/newcerts/01.pem create mode 100644 testing/hosts/winnetou/etc/openssl/duck/openssl.cnf create mode 100644 testing/hosts/winnetou/etc/openssl/duck/serial create mode 100644 testing/hosts/winnetou/etc/openssl/duck/serial.old create mode 100755 testing/hosts/winnetou/etc/openssl/generate-hash-and-url create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/16.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/17.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/18.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/19.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/1A.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/1B.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/1C.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/1D.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/1E.pem create mode 100644 testing/hosts/winnetou/etc/openssl/research/newcerts/05.pem create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/.rand create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/crl.pem create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/crlnumber create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/crlnumber.old create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/index.txt create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.attr create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.attr.old create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.old create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/01.pem create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/02.pem create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/03.pem create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/04.pem create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/serial create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/serial.old create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/strongswanCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/rfc3779/strongswanKey.pem create mode 100644 testing/tests/gcrypt-ikev1/alg-camellia/description.txt create mode 100644 testing/tests/gcrypt-ikev1/alg-camellia/evaltest.dat create mode 100755 testing/tests/gcrypt-ikev1/alg-camellia/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/gcrypt-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/gcrypt-ikev1/alg-camellia/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/gcrypt-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/gcrypt-ikev1/alg-camellia/posttest.dat create mode 100644 testing/tests/gcrypt-ikev1/alg-camellia/pretest.dat create mode 100644 testing/tests/gcrypt-ikev1/alg-camellia/test.conf create mode 100644 testing/tests/ikev1/alg-sha256-96/description.txt create mode 100644 testing/tests/ikev1/alg-sha256-96/evaltest.dat create mode 100755 testing/tests/ikev1/alg-sha256-96/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/alg-sha256-96/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/alg-sha256-96/posttest.dat create mode 100644 testing/tests/ikev1/alg-sha256-96/pretest.dat create mode 100644 testing/tests/ikev1/alg-sha256-96/test.conf create mode 100644 testing/tests/ikev1/alg-sha256/description.txt create mode 100644 testing/tests/ikev1/alg-sha256/evaltest.dat create mode 100755 testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/alg-sha256/posttest.dat create mode 100644 testing/tests/ikev1/alg-sha256/pretest.dat create mode 100644 testing/tests/ikev1/alg-sha256/test.conf delete mode 100644 testing/tests/ikev1/alg-sha2_256/description.txt delete mode 100644 testing/tests/ikev1/alg-sha2_256/evaltest.dat delete mode 100755 testing/tests/ikev1/alg-sha2_256/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/ikev1/alg-sha2_256/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev1/alg-sha2_256/posttest.dat delete mode 100644 testing/tests/ikev1/alg-sha2_256/pretest.dat delete mode 100644 testing/tests/ikev1/alg-sha2_256/test.conf create mode 100644 testing/tests/ikev1/alg-sha384/description.txt create mode 100644 testing/tests/ikev1/alg-sha384/evaltest.dat create mode 100755 testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/alg-sha384/posttest.dat create mode 100644 testing/tests/ikev1/alg-sha384/pretest.dat create mode 100644 testing/tests/ikev1/alg-sha384/test.conf create mode 100644 testing/tests/ikev1/alg-sha512/description.txt create mode 100644 testing/tests/ikev1/alg-sha512/evaltest.dat create mode 100755 testing/tests/ikev1/alg-sha512/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/alg-sha512/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/alg-sha512/posttest.dat create mode 100644 testing/tests/ikev1/alg-sha512/pretest.dat create mode 100644 testing/tests/ikev1/alg-sha512/test.conf delete mode 100644 testing/tests/ikev1/esp-alg-camellia/description.txt delete mode 100644 testing/tests/ikev1/esp-alg-camellia/evaltest.dat delete mode 100755 testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev1/esp-alg-camellia/posttest.dat delete mode 100644 testing/tests/ikev1/esp-alg-camellia/pretest.dat delete mode 100644 testing/tests/ikev1/esp-alg-camellia/test.conf delete mode 100644 testing/tests/ikev1/ike-alg-sha2_384/description.txt delete mode 100644 testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat delete mode 100755 testing/tests/ikev1/ike-alg-sha2_384/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/ikev1/ike-alg-sha2_384/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev1/ike-alg-sha2_384/posttest.dat delete mode 100644 testing/tests/ikev1/ike-alg-sha2_384/pretest.dat delete mode 100644 testing/tests/ikev1/ike-alg-sha2_384/test.conf delete mode 100644 testing/tests/ikev1/ike-alg-sha2_512/description.txt delete mode 100644 testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat delete mode 100755 testing/tests/ikev1/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/ikev1/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev1/ike-alg-sha2_512/posttest.dat delete mode 100644 testing/tests/ikev1/ike-alg-sha2_512/pretest.dat delete mode 100644 testing/tests/ikev1/ike-alg-sha2_512/test.conf create mode 100644 testing/tests/ikev1/ip-pool-db-push/description.txt create mode 100644 testing/tests/ikev1/ip-pool-db-push/evaltest.dat create mode 100755 testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev1/ip-pool-db-push/posttest.dat create mode 100644 testing/tests/ikev1/ip-pool-db-push/pretest.dat create mode 100644 testing/tests/ikev1/ip-pool-db-push/test.conf create mode 100644 testing/tests/ikev1/ip-pool-db/description.txt create mode 100644 testing/tests/ikev1/ip-pool-db/evaltest.dat create mode 100755 testing/tests/ikev1/ip-pool-db/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev1/ip-pool-db/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ikev1/ip-pool-db/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev1/ip-pool-db/posttest.dat create mode 100644 testing/tests/ikev1/ip-pool-db/pretest.dat create mode 100644 testing/tests/ikev1/ip-pool-db/test.conf create mode 100644 testing/tests/ikev1/mode-config-multiple/description.txt create mode 100644 testing/tests/ikev1/mode-config-multiple/evaltest.dat create mode 100755 testing/tests/ikev1/mode-config-multiple/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/mode-config-multiple/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev1/mode-config-multiple/posttest.dat create mode 100644 testing/tests/ikev1/mode-config-multiple/pretest.dat create mode 100644 testing/tests/ikev1/mode-config-multiple/test.conf create mode 100644 testing/tests/ikev1/multi-level-ca-pathlen/description.txt create mode 100644 testing/tests/ikev1/multi-level-ca-pathlen/evaltest.dat create mode 100755 testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-pathlen/posttest.dat create mode 100644 testing/tests/ikev1/multi-level-ca-pathlen/pretest.dat create mode 100644 testing/tests/ikev1/multi-level-ca-pathlen/test.conf create mode 100644 testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev1/net2net-rsa/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev1/net2net-rsa/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-3des-md5/description.txt create mode 100644 testing/tests/ikev2/alg-3des-md5/evaltest.dat create mode 100755 testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-3des-md5/posttest.dat create mode 100644 testing/tests/ikev2/alg-3des-md5/pretest.dat create mode 100644 testing/tests/ikev2/alg-3des-md5/test.conf create mode 100644 testing/tests/ikev2/alg-sha256-96/description.txt create mode 100644 testing/tests/ikev2/alg-sha256-96/evaltest.dat create mode 100755 testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-sha256-96/posttest.dat create mode 100644 testing/tests/ikev2/alg-sha256-96/pretest.dat create mode 100644 testing/tests/ikev2/alg-sha256-96/test.conf create mode 100644 testing/tests/ikev2/alg-sha256/description.txt create mode 100644 testing/tests/ikev2/alg-sha256/evaltest.dat create mode 100755 testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-sha256/posttest.dat create mode 100644 testing/tests/ikev2/alg-sha256/pretest.dat create mode 100644 testing/tests/ikev2/alg-sha256/test.conf create mode 100644 testing/tests/ikev2/alg-sha384/description.txt create mode 100644 testing/tests/ikev2/alg-sha384/evaltest.dat create mode 100755 testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-sha384/posttest.dat create mode 100644 testing/tests/ikev2/alg-sha384/pretest.dat create mode 100644 testing/tests/ikev2/alg-sha384/test.conf create mode 100644 testing/tests/ikev2/alg-sha512/description.txt create mode 100644 testing/tests/ikev2/alg-sha512/evaltest.dat create mode 100755 testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-sha512/posttest.dat create mode 100644 testing/tests/ikev2/alg-sha512/pretest.dat create mode 100644 testing/tests/ikev2/alg-sha512/test.conf delete mode 100644 testing/tests/ikev2/esp-alg-camellia/description.txt delete mode 100644 testing/tests/ikev2/esp-alg-camellia/evaltest.dat delete mode 100755 testing/tests/ikev2/esp-alg-camellia/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-camellia/hosts/carol/etc/strongswan.conf delete mode 100755 testing/tests/ikev2/esp-alg-camellia/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-camellia/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/esp-alg-camellia/posttest.dat delete mode 100644 testing/tests/ikev2/esp-alg-camellia/pretest.dat delete mode 100644 testing/tests/ikev2/esp-alg-camellia/test.conf create mode 100644 testing/tests/ikev2/inactivity-timeout/description.txt create mode 100644 testing/tests/ikev2/inactivity-timeout/evaltest.dat create mode 100755 testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/inactivity-timeout/posttest.dat create mode 100644 testing/tests/ikev2/inactivity-timeout/pretest.dat create mode 100644 testing/tests/ikev2/inactivity-timeout/test.conf create mode 100755 testing/tests/ikev2/mobike-nat/hosts/sun/etc/init.d/iptables create mode 100755 testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/init.d/iptables create mode 100755 testing/tests/ikev2/mobike/hosts/sun/etc/init.d/iptables create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/description.txt create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat create mode 100755 testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/posttest.dat create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat create mode 100644 testing/tests/ikev2/multi-level-ca-pathlen/test.conf create mode 100644 testing/tests/ikev2/net2net-pgp-v3/description.txt create mode 100644 testing/tests/ikev2/net2net-pgp-v3/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-pgp-v3/posttest.dat create mode 100644 testing/tests/ikev2/net2net-pgp-v3/pretest.dat create mode 100644 testing/tests/ikev2/net2net-pgp-v3/test.conf create mode 100644 testing/tests/ikev2/net2net-pgp-v4/description.txt create mode 100644 testing/tests/ikev2/net2net-pgp-v4/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc create mode 100644 testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-pgp-v4/posttest.dat create mode 100644 testing/tests/ikev2/net2net-pgp-v4/pretest.dat create mode 100644 testing/tests/ikev2/net2net-pgp-v4/test.conf create mode 100644 testing/tests/ikev2/net2net-rfc3779/description.txt create mode 100644 testing/tests/ikev2/net2net-rfc3779/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/certs/moonCert.pem create mode 100644 testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/private/moonKey.pem create mode 100644 testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/certs/sunCert.pem create mode 100644 testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/private/sunKey.pem create mode 100644 testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-rfc3779/posttest.dat create mode 100644 testing/tests/ikev2/net2net-rfc3779/pretest.dat create mode 100644 testing/tests/ikev2/net2net-rfc3779/test.conf delete mode 100644 testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolCert-revoked.pem create mode 100644 testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem delete mode 100644 testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolKey-revoked.pem create mode 100644 testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/description.txt create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/triplets.dat create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/users create mode 100755 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.d/triplets.dat create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.d/triplets.dat create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-sim-only-radius/test.conf create mode 100644 testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/description.txt create mode 100644 testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat create mode 100755 testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/init.d/iptables create mode 100755 testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat create mode 100644 testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat create mode 100644 testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf create mode 100644 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt create mode 100644 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat create mode 100755 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/init.d/iptables create mode 100755 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat create mode 100644 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat create mode 100644 testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat create mode 100755 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/init.d/iptables create mode 100755 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/certs/sunCert.pem create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/private/sunKey.pem create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat create mode 100644 testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/description.txt create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat create mode 100755 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/init.d/iptables create mode 100755 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/init.d/iptables create mode 100755 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat create mode 100644 testing/tests/ipv6/rw-rfc3779-ikev2/test.conf create mode 100644 testing/tests/openssl-ikev1/alg-camellia/description.txt create mode 100644 testing/tests/openssl-ikev1/alg-camellia/evaltest.dat create mode 100755 testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/openssl-ikev1/alg-camellia/posttest.dat create mode 100644 testing/tests/openssl-ikev1/alg-camellia/pretest.dat create mode 100644 testing/tests/openssl-ikev1/alg-camellia/test.conf create mode 100644 testing/tests/pfkey/alg-sha384/description.txt create mode 100644 testing/tests/pfkey/alg-sha384/evaltest.dat create mode 100755 testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/pfkey/alg-sha384/posttest.dat create mode 100644 testing/tests/pfkey/alg-sha384/pretest.dat create mode 100644 testing/tests/pfkey/alg-sha384/test.conf create mode 100644 testing/tests/pfkey/alg-sha512/description.txt create mode 100644 testing/tests/pfkey/alg-sha512/evaltest.dat create mode 100755 testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/pfkey/alg-sha512/posttest.dat create mode 100644 testing/tests/pfkey/alg-sha512/pretest.dat create mode 100644 testing/tests/pfkey/alg-sha512/test.conf diff --git a/Doxyfile.in b/Doxyfile.in index 54f6596f0..8cb6e50a5 100644 --- a/Doxyfile.in +++ b/Doxyfile.in @@ -14,211 +14,204 @@ # Project related configuration options #--------------------------------------------------------------------------- -# This tag specifies the encoding used for all characters in the config file -# that follow. The default is UTF-8 which is also the encoding used for all -# text before the first occurrence of this tag. Doxygen uses libiconv (or the -# iconv built into libc) for the transcoding. See +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See # http://www.gnu.org/software/libiconv for the list of possible encodings. DOXYFILE_ENCODING = UTF-8 -# The PROJECT_NAME tag is a single word (or a sequence of words surrounded +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded # by quotes) that should identify the project. PROJECT_NAME = "@PACKAGE_NAME@" -# The PROJECT_NUMBER tag can be used to enter a project or revision number. -# This could be handy for archiving the generated documentation or +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or # if some version control system is used. PROJECT_NUMBER = "@PACKAGE_VERSION@" -# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) -# base path where the generated documentation will be put. -# If a relative path is entered, it will be relative to the location +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. OUTPUT_DIRECTORY = apidoc -# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create -# 4096 sub-directories (in 2 levels) under the output directory of each output -# format and will distribute the generated files over these directories. -# Enabling this option can be useful when feeding doxygen a huge amount of -# source files, where putting all generated files in the same directory would +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would # otherwise cause performance problems for the file system. CREATE_SUBDIRS = NO -# The OUTPUT_LANGUAGE tag is used to specify the language in which all -# documentation generated by doxygen is written. Doxygen will use this -# information to generate all constant output in the proper language. -# The default language is English, other supported languages are: -# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, -# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, -# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), -# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, -# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, +# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), +# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, +# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, # and Ukrainian. OUTPUT_LANGUAGE = English -# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will -# include brief member descriptions after the members that are listed in -# the file and class documentation (similar to JavaDoc). +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). # Set to NO to disable this. BRIEF_MEMBER_DESC = YES -# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend -# the brief description of a member or function before the detailed description. -# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. REPEAT_BRIEF = YES -# This tag implements a quasi-intelligent brief description abbreviator -# that is used to form the text in various listings. Each string -# in this list, if found as the leading text of the brief description, will be -# stripped from the text and the result after processing the whole list, is -# used as the annotated text. Otherwise, the brief description is used as-is. -# If left blank, the following values are used ("$name" is automatically -# replaced with the name of the entity): "The $name class" "The $name widget" -# "The $name file" "is" "provides" "specifies" "contains" +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" # "represents" "a" "an" "the" -ABBREVIATE_BRIEF = +ABBREVIATE_BRIEF = -# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then -# Doxygen will generate a detailed section even if there is only a brief +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief # description. ALWAYS_DETAILED_SEC = NO -# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all -# inherited members of a class in the documentation of that class as if those -# members were ordinary class members. Constructors, destructors and assignment +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. INLINE_INHERITED_MEMB = NO -# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full -# path before files name in the file list and in the header files. If set +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set # to NO the shortest path that makes the file name unique will be used. FULL_PATH_NAMES = YES -# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag -# can be used to strip a user-defined part of the path. Stripping is -# only done if one of the specified strings matches the left-hand part of -# the path. The tag can be used to show relative paths in the file list. -# If left blank the directory from which doxygen is run is used as the +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the # path to strip. -STRIP_FROM_PATH = +STRIP_FROM_PATH = -# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of -# the path mentioned in the documentation of a class, which tells -# the reader which header file to include in order to use a class. -# If left blank only the name of the header file containing the class -# definition is used. Otherwise one should specify the include paths that +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that # are normally passed to the compiler using the -I flag. -STRIP_FROM_INC_PATH = +STRIP_FROM_INC_PATH = -# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter -# (but less readable) file names. This can be useful is your file systems +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful is your file systems # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO -# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen -# will interpret the first line (until the first dot) of a JavaDoc-style -# comment as the brief description. If set to NO, the JavaDoc -# comments will behave just like regular Qt-style comments +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments # (thus requiring an explicit @brief command for a brief description.) JAVADOC_AUTOBRIEF = YES -# If the QT_AUTOBRIEF tag is set to YES then Doxygen will -# interpret the first line (until the first dot) of a Qt-style -# comment as the brief description. If set to NO, the comments -# will behave just like regular Qt-style comments (thus requiring +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring # an explicit \brief command for a brief description.) QT_AUTOBRIEF = NO -# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen -# treat a multi-line C++ special comment block (i.e. a block of //! or /// -# comments) as a brief description. This used to be the default behaviour. -# The new default is to treat a multi-line C++ comment block as a detailed +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed # description. Set this tag to YES if you prefer the old behaviour instead. MULTILINE_CPP_IS_BRIEF = NO -# If the DETAILS_AT_TOP tag is set to YES then Doxygen -# will output the detailed description near the top, like JavaDoc. -# If set to NO, the detailed description appears after the member -# documentation. - -DETAILS_AT_TOP = YES - -# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented -# member inherits the documentation from any documented member that it +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it # re-implements. INHERIT_DOCS = YES -# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce -# a new page for each member. If set to NO, the documentation of a member will +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will # be part of the file/class/namespace that contains it. SEPARATE_MEMBER_PAGES = NO -# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# The TAB_SIZE tag can be used to set the number of spaces in a tab. # Doxygen uses this value to replace tabs by spaces in code fragments. TAB_SIZE = 4 -# This tag can be used to specify a number of aliases that acts -# as commands in the documentation. An alias has the form "name=value". -# For example adding "sideeffect=\par Side Effects:\n" will allow you to -# put the command \sideeffect (or @sideeffect) in the documentation, which -# will result in a user-defined paragraph with heading "Side Effects:". +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". # You can put \n's in the value part of an alias to insert newlines. -ALIASES = +ALIASES = -# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C -# sources only. Doxygen will then generate output that is more tailored for C. -# For instance, some of the names that are used will be different. The list +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list # of all members will be omitted, etc. OPTIMIZE_OUTPUT_FOR_C = NO -# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java -# sources only. Doxygen will then generate output that is more tailored for -# Java. For instance, namespaces will be presented as packages, qualified +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for +# Java. For instance, namespaces will be presented as packages, qualified # scopes will look different, etc. OPTIMIZE_OUTPUT_JAVA = NO -# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran -# sources only. Doxygen will then generate output that is more tailored for +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources only. Doxygen will then generate output that is more tailored for # Fortran. OPTIMIZE_FOR_FORTRAN = NO -# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL -# sources. Doxygen will then generate output that is tailored for +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for # VHDL. OPTIMIZE_OUTPUT_VHDL = NO -# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want -# to include (a tag file for) the STL sources as input, then you should -# set this tag to YES in order to let doxygen match functions declarations and -# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. -# func(std::string) {}). This also make the inheritance and collaboration +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also make the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. BUILTIN_STL_SUPPORT = NO @@ -228,42 +221,42 @@ BUILTIN_STL_SUPPORT = NO CPP_CLI_SUPPORT = NO -# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. -# Doxygen will parse them like normal C++ but will assume all classes use public +# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. +# Doxygen will parse them like normal C++ but will assume all classes use public # instead of private inheritance when no explicit protection keyword is present. SIP_SUPPORT = NO -# For Microsoft's IDL there are propget and propput attributes to indicate getter -# and setter methods for a property. Setting this option to YES (the default) -# will make doxygen to replace the get and set methods by a property in the -# documentation. This will only work if the methods are indeed getting or -# setting a simple type. If this is not the case, or you want to show the +# For Microsoft's IDL there are propget and propput attributes to indicate getter +# and setter methods for a property. Setting this option to YES (the default) +# will make doxygen to replace the get and set methods by a property in the +# documentation. This will only work if the methods are indeed getting or +# setting a simple type. If this is not the case, or you want to show the # methods anyway, you should set this option to NO. IDL_PROPERTY_SUPPORT = YES -# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC -# tag is set to YES, then doxygen will reuse the documentation of the first -# member in the group (if any) for the other members of the group. By default +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. DISTRIBUTE_GROUP_DOC = NO -# Set the SUBGROUPING tag to YES (the default) to allow class member groups of -# the same type (for instance a group of public functions) to be put as a -# subgroup of that type (e.g. under the Public Functions section). Set it to -# NO to prevent subgrouping. Alternatively, this can be done per class using +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using # the \nosubgrouping command. SUBGROUPING = YES -# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum -# is documented as struct, union, or enum with the name of the typedef. So -# typedef struct TypeS {} TypeT, will appear in the documentation as a struct -# with name TypeT. When disabled the typedef will appear as a member of a file, -# namespace, or class. And the struct will be named TypeS. This can typically -# be useful for C code in case the coding convention dictates that all compound +# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum +# is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically +# be useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. TYPEDEF_HIDES_STRUCT = YES @@ -272,371 +265,372 @@ TYPEDEF_HIDES_STRUCT = YES # Build related configuration options #--------------------------------------------------------------------------- -# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in -# documentation are documented, even if no documentation was available. -# Private class members and static file members will be hidden unless +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless # the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES EXTRACT_ALL = NO -# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class # will be included in the documentation. EXTRACT_PRIVATE = NO -# If the EXTRACT_STATIC tag is set to YES all static members of a file +# If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. EXTRACT_STATIC = NO -# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) -# defined locally in source files will be included in the documentation. +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. # If set to NO only classes defined in header files are included. EXTRACT_LOCAL_CLASSES = NO -# This flag is only useful for Objective-C code. When set to YES local -# methods, which are defined in the implementation section but not in -# the interface are included in the documentation. +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. # If set to NO (the default) only methods in the interface are included. EXTRACT_LOCAL_METHODS = NO -# If this flag is set to YES, the members of anonymous namespaces will be -# extracted and appear in the documentation as a namespace called -# 'anonymous_namespace{file}', where file will be replaced with the base -# name of the file that contains the anonymous namespace. By default +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base +# name of the file that contains the anonymous namespace. By default # anonymous namespace are hidden. EXTRACT_ANON_NSPACES = NO -# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all -# undocumented members of documented classes, files or namespaces. -# If set to NO (the default) these members will be included in the -# various overviews, but no documentation section is generated. +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. # This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_MEMBERS = NO -# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all -# undocumented classes that are normally visible in the class hierarchy. -# If set to NO (the default) these classes will be included in the various +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various # overviews. This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_CLASSES = NO -# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all -# friend (class|struct|union) declarations. -# If set to NO (the default) these declarations will be included in the +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the # documentation. HIDE_FRIEND_COMPOUNDS = NO -# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any -# documentation blocks found inside the body of a function. -# If set to NO (the default) these blocks will be appended to the +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the # function's detailed documentation block. HIDE_IN_BODY_DOCS = NO -# The INTERNAL_DOCS tag determines if documentation -# that is typed after a \internal command is included. If the tag is set -# to NO (the default) then the documentation will be excluded. +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. # Set it to YES to include the internal documentation. INTERNAL_DOCS = NO -# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate -# file names in lower-case letters. If set to YES upper-case letters are also -# allowed. This is useful if you have classes or files whose names only differ -# in case and if your file system supports case sensitive file names. Windows +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. CASE_SENSE_NAMES = YES -# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen -# will show members with their full class and namespace scopes in the +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the # documentation. If set to YES the scope will be hidden. HIDE_SCOPE_NAMES = NO -# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen -# will put a list of the files that are included by a file in the documentation +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation # of that file. SHOW_INCLUDE_FILES = NO -# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. INLINE_INFO = YES -# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen -# will sort the (detailed) documentation of file and class members -# alphabetically by member name. If set to NO the members will appear in +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in # declaration order. SORT_MEMBER_DOCS = NO -# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the -# brief documentation of file, namespace and class members alphabetically -# by member name. If set to NO (the default) the members will appear in +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in # declaration order. SORT_BRIEF_DOCS = NO -# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the -# hierarchy of group names into alphabetical order. If set to NO (the default) +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the +# hierarchy of group names into alphabetical order. If set to NO (the default) # the group names will appear in their defined order. SORT_GROUP_NAMES = NO -# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be -# sorted by fully-qualified names, including namespaces. If set to -# NO (the default), the class list will be sorted only by class name, -# not including the namespace part. +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. -# Note: This option applies only to the class list, not to the +# Note: This option applies only to the class list, not to the # alphabetical list. SORT_BY_SCOPE_NAME = NO -# The GENERATE_TODOLIST tag can be used to enable (YES) or -# disable (NO) the todo list. This list is created by putting \todo +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. GENERATE_TODOLIST = NO -# The GENERATE_TESTLIST tag can be used to enable (YES) or -# disable (NO) the test list. This list is created by putting \test +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test # commands in the documentation. GENERATE_TESTLIST = NO -# The GENERATE_BUGLIST tag can be used to enable (YES) or -# disable (NO) the bug list. This list is created by putting \bug +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug # commands in the documentation. GENERATE_BUGLIST = NO -# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or -# disable (NO) the deprecated list. This list is created by putting +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting # \deprecated commands in the documentation. GENERATE_DEPRECATEDLIST= NO -# The ENABLED_SECTIONS tag can be used to enable conditional +# The ENABLED_SECTIONS tag can be used to enable conditional # documentation sections, marked by \if sectionname ... \endif. -ENABLED_SECTIONS = +ENABLED_SECTIONS = -# The MAX_INITIALIZER_LINES tag determines the maximum number of lines -# the initial value of a variable or define consists of for it to appear in -# the documentation. If the initializer consists of more lines than specified -# here it will be hidden. Use a value of 0 to hide initializers completely. -# The appearance of the initializer of individual variables and defines in the -# documentation can be controlled using \showinitializer or \hideinitializer +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or define consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and defines in the +# documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. MAX_INITIALIZER_LINES = 30 -# Set the SHOW_USED_FILES tag to NO to disable the list of files generated -# at the bottom of the documentation of classes and structs. If set to YES the +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the # list will mention the files that were used to generate the documentation. SHOW_USED_FILES = NO -# If the sources in your project are distributed over multiple directories -# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy +# If the sources in your project are distributed over multiple directories +# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy # in the documentation. The default is NO. SHOW_DIRECTORIES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. -# This will remove the Files entry from the Quick Index and from the +# This will remove the Files entry from the Quick Index and from the # Folder Tree View (if specified). The default is YES. SHOW_FILES = NO -# Set the SHOW_NAMESPACES tag to NO to disable the generation of the +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the # Namespaces page. This will remove the Namespaces entry from the Quick Index # and from the Folder Tree View (if specified). The default is YES. SHOW_NAMESPACES = YES -# The FILE_VERSION_FILTER tag can be used to specify a program or script that -# doxygen should invoke to get the current version for each file (typically from -# the version control system). Doxygen will invoke the program by executing (via -# popen()) the command , where is the value of -# the FILE_VERSION_FILTER tag, and is the name of an input file -# provided by doxygen. Whatever the program writes to standard output +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command , where is the value of +# the FILE_VERSION_FILTER tag, and is the name of an input file +# provided by doxygen. Whatever the program writes to standard output # is used as the file version. See the manual for examples. -FILE_VERSION_FILTER = +FILE_VERSION_FILTER = #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- -# The QUIET tag can be used to turn on/off the messages that are generated +# The QUIET tag can be used to turn on/off the messages that are generated # by doxygen. Possible values are YES and NO. If left blank NO is used. QUIET = NO -# The WARNINGS tag can be used to turn on/off the warning messages that are -# generated by doxygen. Possible values are YES and NO. If left blank +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank # NO is used. WARNINGS = YES -# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings -# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will # automatically be disabled. WARN_IF_UNDOCUMENTED = NO -# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for -# potential errors in the documentation, such as not documenting some -# parameters in a documented function, or documenting parameters that +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that # don't exist or using markup commands wrongly. WARN_IF_DOC_ERROR = YES -# This WARN_NO_PARAMDOC option can be abled to get warnings for -# functions that are documented, but have no documentation for their parameters -# or return value. If set to NO (the default) doxygen will only warn about -# wrong or incomplete parameter documentation, but not about the absence of +# This WARN_NO_PARAMDOC option can be abled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of # documentation. WARN_NO_PARAMDOC = NO -# The WARN_FORMAT tag determines the format of the warning messages that -# doxygen can produce. The string should contain the $file, $line, and $text -# tags, which will be replaced by the file and line number from which the -# warning originated and the warning text. Optionally the format may contain -# $version, which will be replaced by the version of the file (if it could +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could # be obtained via FILE_VERSION_FILTER) WARN_FORMAT = "$file:$line: $text" -# The WARN_LOGFILE tag can be used to specify a file to which warning -# and error messages should be written. If left blank the output is written +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written # to stderr. -WARN_LOGFILE = +WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- -# The INPUT tag can be used to specify the files and/or directories that contain -# documented source files. You may enter file names like "myfile.cpp" or -# directories like "/usr/src/myproject". Separate the files or directories +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories # with spaces. -INPUT = src/libstrongswan \ - src/charon \ - src/libfast \ - src/manager +INPUT = @SRC_DIR@/src/libstrongswan \ + @SRC_DIR@/src/charon \ + @SRC_DIR@/src/libsimaka \ + @SRC_DIR@/src/libfast \ + @SRC_DIR@/src/manager -# This tag can be used to specify the character encoding of the source files -# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is -# also the default input encoding. Doxygen uses libiconv (or the iconv built -# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is +# also the default input encoding. Doxygen uses libiconv (or the iconv built +# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for # the list of possible encodings. INPUT_ENCODING = UTF-8 -# If the value of the INPUT tag contains directories, you can use the -# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left -# blank the following patterns are tested: -# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx # *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 FILE_PATTERNS = *.h -# The RECURSIVE tag can be used to turn specify whether or not subdirectories -# should be searched for input files as well. Possible values are YES and NO. +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. # If left blank NO is used. RECURSIVE = YES -# The EXCLUDE tag can be used to specify files and/or directories that should -# excluded from the INPUT source files. This way you can easily exclude a +# The EXCLUDE tag can be used to specify files and/or directories that should +# excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. -EXCLUDE = +EXCLUDE = -# The EXCLUDE_SYMLINKS tag can be used select whether or not files or -# directories that are symbolic links (a Unix filesystem feature) are excluded +# The EXCLUDE_SYMLINKS tag can be used select whether or not files or +# directories that are symbolic links (a Unix filesystem feature) are excluded # from the input. EXCLUDE_SYMLINKS = NO -# If the value of the INPUT tag contains directories, you can use the -# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude -# certain files from those directories. Note that the wildcards are matched -# against the file with absolute path, so to exclude all test directories +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* EXCLUDE_PATTERNS = */.svn/* -# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names -# (namespaces, classes, functions, etc.) that should be excluded from the -# output. The symbol name can be a fully qualified name, a word, or if the -# wildcard * is used, a substring. Examples: ANamespace, AClass, +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test -EXCLUDE_SYMBOLS = +EXCLUDE_SYMBOLS = -# The EXAMPLE_PATH tag can be used to specify one or more files or -# directories that contain example code fragments that are included (see +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see # the \include command). -EXAMPLE_PATH = +EXAMPLE_PATH = -# If the value of the EXAMPLE_PATH tag contains directories, you can use the -# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp -# and *.h) to filter out the source-files in the directories. If left +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left # blank all files are included. -EXAMPLE_PATTERNS = +EXAMPLE_PATTERNS = -# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be -# searched for input files to be used with the \include or \dontinclude -# commands irrespective of the value of the RECURSIVE tag. +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. # Possible values are YES and NO. If left blank NO is used. EXAMPLE_RECURSIVE = NO -# The IMAGE_PATH tag can be used to specify one or more files or -# directories that contain image that are included in the documentation (see +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see # the \image command). -IMAGE_PATH = +IMAGE_PATH = -# The INPUT_FILTER tag can be used to specify a program that doxygen should -# invoke to filter for each input file. Doxygen will invoke the filter program -# by executing (via popen()) the command , where -# is the value of the INPUT_FILTER tag, and is the name of an -# input file. Doxygen will then use the output that the filter program writes -# to standard output. If FILTER_PATTERNS is specified, this tag will be +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command , where +# is the value of the INPUT_FILTER tag, and is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. If FILTER_PATTERNS is specified, this tag will be # ignored. -INPUT_FILTER = +INPUT_FILTER = -# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern -# basis. Doxygen will compare the file name with each pattern and apply the -# filter if there is a match. The filters are a list of the form: -# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further -# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER # is applied to all files. -FILTER_PATTERNS = +FILTER_PATTERNS = -# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using -# INPUT_FILTER) will be used to filter the input files when producing source +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source # files to browse (i.e. when SOURCE_BROWSER is set to YES). FILTER_SOURCE_FILES = NO @@ -645,32 +639,32 @@ FILTER_SOURCE_FILES = NO # configuration options related to source browsing #--------------------------------------------------------------------------- -# If the SOURCE_BROWSER tag is set to YES then a list of source files will -# be generated. Documented entities will be cross-referenced with these sources. -# Note: To get rid of all source code in the generated output, make sure also +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also # VERBATIM_HEADERS is set to NO. SOURCE_BROWSER = NO -# Setting the INLINE_SOURCES tag to YES will include the body +# Setting the INLINE_SOURCES tag to YES will include the body # of functions and classes directly in the documentation. INLINE_SOURCES = NO -# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct -# doxygen to hide any special comment blocks from generated source code +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code # fragments. Normal C and C++ comments will always remain visible. STRIP_CODE_COMMENTS = NO -# If the REFERENCED_BY_RELATION tag is set to YES -# then for each documented function all documented +# If the REFERENCED_BY_RELATION tag is set to YES +# then for each documented function all documented # functions referencing it will be listed. REFERENCED_BY_RELATION = NO -# If the REFERENCES_RELATION tag is set to YES -# then for each documented function all documented entities +# If the REFERENCES_RELATION tag is set to YES +# then for each documented function all documented entities # called/used by that function will be listed. REFERENCES_RELATION = NO @@ -682,16 +676,16 @@ REFERENCES_RELATION = NO REFERENCES_LINK_SOURCE = YES -# If the USE_HTAGS tag is set to YES then the references to source code -# will point to the HTML generated by the htags(1) tool instead of doxygen -# built-in source browser. The htags tool is part of GNU's global source -# tagging system (see http://www.gnu.org/software/global/global.html). You +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see http://www.gnu.org/software/global/global.html). You # will need version 4.8.6 or higher. USE_HTAGS = NO -# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen -# will generate a verbatim copy of the header file for each class for +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for # which an include is specified. Set to NO to disable this. VERBATIM_HEADERS = YES @@ -700,129 +694,129 @@ VERBATIM_HEADERS = YES # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- -# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index -# of all compounds will be generated. Enable this if the project +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. ALPHABETICAL_INDEX = NO -# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then -# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns # in which this list will be split (can be a number in the range [1..20]) COLS_IN_ALPHA_INDEX = 5 -# In case all classes in a project start with a common prefix, all -# classes will be put under the same header in the alphabetical index. -# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that # should be ignored while generating the index headers. -IGNORE_PREFIX = +IGNORE_PREFIX = #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- -# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will # generate HTML output. GENERATE_HTML = YES -# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `html' will be used as the default path. HTML_OUTPUT = . -# The HTML_FILE_EXTENSION tag can be used to specify the file extension for -# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank # doxygen will generate files with .html extension. HTML_FILE_EXTENSION = .html -# The HTML_HEADER tag can be used to specify a personal HTML header for -# each generated HTML page. If it is left blank doxygen will generate a +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a # standard header. -HTML_HEADER = +HTML_HEADER = -# The HTML_FOOTER tag can be used to specify a personal HTML footer for -# each generated HTML page. If it is left blank doxygen will generate a +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a # standard footer. -HTML_FOOTER = +HTML_FOOTER = -# The HTML_STYLESHEET tag can be used to specify a user-defined cascading -# style sheet that is used by each HTML page. It can be used to -# fine-tune the look of the HTML output. If the tag is left blank doxygen -# will generate a default style sheet. Note that doxygen will try to copy -# the style sheet file to the HTML output directory, so don't put your own +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If the tag is left blank doxygen +# will generate a default style sheet. Note that doxygen will try to copy +# the style sheet file to the HTML output directory, so don't put your own # stylesheet in the HTML output directory as well, or it will be erased! -HTML_STYLESHEET = +HTML_STYLESHEET = -# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, -# files or namespaces will be aligned in HTML using tables. If set to +# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, +# files or namespaces will be aligned in HTML using tables. If set to # NO a bullet list will be used. HTML_ALIGN_MEMBERS = YES -# If the GENERATE_HTMLHELP tag is set to YES, additional index files -# will be generated that can be used as input for tools like the -# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) # of the generated HTML documentation. GENERATE_HTMLHELP = NO -# If the GENERATE_DOCSET tag is set to YES, additional index files -# will be generated that can be used as input for Apple's Xcode 3 -# integrated development environment, introduced with OSX 10.5 (Leopard). -# To create a documentation set, doxygen will generate a Makefile in the -# HTML output directory. Running make will produce the docset in that -# directory and running "make install" will install the docset in -# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find +# If the GENERATE_DOCSET tag is set to YES, additional index files +# will be generated that can be used as input for Apple's Xcode 3 +# integrated development environment, introduced with OSX 10.5 (Leopard). +# To create a documentation set, doxygen will generate a Makefile in the +# HTML output directory. Running make will produce the docset in that +# directory and running "make install" will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find # it at startup. GENERATE_DOCSET = NO -# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the -# feed. A documentation feed provides an umbrella under which multiple -# documentation sets from a single provider (such as a company or product suite) +# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the +# feed. A documentation feed provides an umbrella under which multiple +# documentation sets from a single provider (such as a company or product suite) # can be grouped. DOCSET_FEEDNAME = "Doxygen generated docs" -# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that -# should uniquely identify the documentation set bundle. This should be a -# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen +# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that +# should uniquely identify the documentation set bundle. This should be a +# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen # will append .docset to the name. DOCSET_BUNDLE_ID = org.doxygen.Project -# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML -# documentation will contain sections that can be hidden and shown after the -# page has loaded. For this to work a browser that supports -# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox # Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). HTML_DYNAMIC_SECTIONS = NO -# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can -# be used to specify the file name of the resulting .chm file. You -# can add a path in front of the file if the result should not be +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be # written to the html output directory. -CHM_FILE = +CHM_FILE = -# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can -# be used to specify the location (absolute path including file name) of -# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run # the HTML help compiler on the generated index.hhp. -HHC_LOCATION = +HHC_LOCATION = -# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag -# controls if a separate .chi index file is generated (YES) or that +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that # it should be included in the master .chm file (NO). GENERATE_CHI = NO @@ -831,26 +825,26 @@ GENERATE_CHI = NO # is used to encode HtmlHelp index (hhk), content (hhc) and project file # content. -CHM_INDEX_ENCODING = +CHM_INDEX_ENCODING = -# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag -# controls whether a binary table of contents is generated (YES) or a +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a # normal table of contents (NO) in the .chm file. BINARY_TOC = NO -# The TOC_EXPAND flag can be set to YES to add extra items for group members +# The TOC_EXPAND flag can be set to YES to add extra items for group members # to the contents of the HTML help documentation and to the tree view. TOC_EXPAND = NO -# The DISABLE_INDEX tag can be used to turn on/off the condensed index at -# top of each HTML page. The value NO (the default) enables the index and +# The DISABLE_INDEX tag can be used to turn on/off the condensed index at +# top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. DISABLE_INDEX = YES -# This tag can be used to set the number of enum values (range [1..20]) +# This tag can be used to set the number of enum values (range [1..20]) # that doxygen will group on one line in the generated HTML documentation. ENUM_VALUES_PER_LINE = 1 @@ -858,11 +852,11 @@ ENUM_VALUES_PER_LINE = 1 # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. # If the tag value is set to FRAME, a side panel will be generated -# containing a tree-like index structure (just like the one that -# is generated for HTML Help). For this to work a browser that supports -# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, -# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are -# probably better off using the HTML help feature. Other possible values +# containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, +# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are +# probably better off using the HTML help feature. Other possible values # for this tag are: HIERARCHIES, which will generate the Groups, Directories, # and Class Hiererachy pages using a tree view instead of an ordered list; # ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which @@ -872,16 +866,16 @@ ENUM_VALUES_PER_LINE = 1 GENERATE_TREEVIEW = YES -# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be -# used to set the initial width (in pixels) of the frame in which the tree +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 -# Use this tag to change the font size of Latex formulas included -# as images in the HTML documentation. The default is 10. Note that -# when you change the font size after a successful doxygen run you need -# to manually remove any form_*.png images from the HTML output directory +# Use this tag to change the font size of Latex formulas included +# as images in the HTML documentation. The default is 10. Note that +# when you change the font size after a successful doxygen run you need +# to manually remove any form_*.png images from the HTML output directory # to force them to be regenerated. FORMULA_FONTSIZE = 10 @@ -890,74 +884,74 @@ FORMULA_FONTSIZE = 10 # configuration options related to the LaTeX output #--------------------------------------------------------------------------- -# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will # generate Latex output. GENERATE_LATEX = NO -# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `latex' will be used as the default path. LATEX_OUTPUT = latex -# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. LATEX_CMD_NAME = latex -# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to -# generate index for LaTeX. If left blank `makeindex' will be used as the +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the # default command name. MAKEINDEX_CMD_NAME = makeindex -# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact -# LaTeX documents. This may be useful for small projects and may help to +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_LATEX = NO -# The PAPER_TYPE tag can be used to set the paper type that is used -# by the printer. Possible values are: a4, a4wide, letter, legal and +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, a4wide, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4wide -# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. -EXTRA_PACKAGES = +EXTRA_PACKAGES = -# The LATEX_HEADER tag can be used to specify a personal LaTeX header for -# the generated latex document. The header should contain everything until -# the first chapter. If it is left blank doxygen will generate a +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a # standard header. Notice: only use this tag if you know what you are doing! -LATEX_HEADER = +LATEX_HEADER = -# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated -# is prepared for conversion to pdf (using ps2pdf). The pdf file will -# contain links (just like the HTML output) instead of page references +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references # This makes the output suitable for online browsing using a pdf viewer. PDF_HYPERLINKS = NO -# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of -# plain latex in the generated Makefile. Set this option to YES to get a +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a # higher quality PDF documentation. USE_PDFLATEX = NO -# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. -# command to the generated LaTeX files. This will instruct LaTeX to keep -# running if errors occur, instead of asking the user for help. +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. # This option is also used when generating formulas in HTML. LATEX_BATCHMODE = NO -# If LATEX_HIDE_INDICES is set to YES then doxygen will not -# include the index chapters (such as File Index, Compound Index, etc.) +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) # in the output. LATEX_HIDE_INDICES = NO @@ -966,68 +960,68 @@ LATEX_HIDE_INDICES = NO # configuration options related to the RTF output #--------------------------------------------------------------------------- -# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output -# The RTF output is optimized for Word 97 and may not look very pretty with +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with # other RTF readers or editors. GENERATE_RTF = NO -# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `rtf' will be used as the default path. RTF_OUTPUT = rtf -# If the COMPACT_RTF tag is set to YES Doxygen generates more compact -# RTF documents. This may be useful for small projects and may help to +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_RTF = NO -# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated -# will contain hyperlink fields. The RTF file will -# contain links (just like the HTML output) instead of page references. -# This makes the output suitable for online browsing using WORD or other -# programs which support those fields. +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. # Note: wordpad (write) and others do not support links. RTF_HYPERLINKS = NO -# Load stylesheet definitions from file. Syntax is similar to doxygen's -# config file, i.e. a series of assignments. You only have to provide +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide # replacements, missing definitions are set to their default value. -RTF_STYLESHEET_FILE = +RTF_STYLESHEET_FILE = -# Set optional variables used in the generation of an rtf document. +# Set optional variables used in the generation of an rtf document. # Syntax is similar to doxygen's config file. -RTF_EXTENSIONS_FILE = +RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- -# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will # generate man pages GENERATE_MAN = NO -# The MAN_OUTPUT tag is used to specify where the man pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `man' will be used as the default path. MAN_OUTPUT = man -# The MAN_EXTENSION tag determines the extension that is added to +# The MAN_EXTENSION tag determines the extension that is added to # the generated man pages (default is the subroutine's section .3) MAN_EXTENSION = .3 -# If the MAN_LINKS tag is set to YES and Doxygen generates man output, -# then it will generate one additional man file for each entity -# documented in the real man page(s). These additional files -# only source the real man page, but without them the man command +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command # would be unable to find the correct page. The default is NO. MAN_LINKS = YES @@ -1036,33 +1030,33 @@ MAN_LINKS = YES # configuration options related to the XML output #--------------------------------------------------------------------------- -# If the GENERATE_XML tag is set to YES Doxygen will -# generate an XML file that captures the structure of +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of # the code including all documentation. GENERATE_XML = NO -# The XML_OUTPUT tag is used to specify where the XML pages will be put. -# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `xml' will be used as the default path. XML_OUTPUT = xml -# The XML_SCHEMA tag can be used to specify an XML schema, -# which can be used by a validating XML parser to check the +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the # syntax of the XML files. -XML_SCHEMA = +XML_SCHEMA = -# The XML_DTD tag can be used to specify an XML DTD, -# which can be used by a validating XML parser to check the +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the # syntax of the XML files. -XML_DTD = +XML_DTD = -# If the XML_PROGRAMLISTING tag is set to YES Doxygen will -# dump the program listings (including syntax highlighting -# and cross-referencing information) to the XML output. Note that +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that # enabling this will significantly increase the size of the XML output. XML_PROGRAMLISTING = YES @@ -1071,10 +1065,10 @@ XML_PROGRAMLISTING = YES # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- -# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will -# generate an AutoGen Definitions (see autogen.sf.net) file -# that captures the structure of the code including all -# documentation. Note that this feature is still experimental +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental # and incomplete at the moment. GENERATE_AUTOGEN_DEF = NO @@ -1083,338 +1077,338 @@ GENERATE_AUTOGEN_DEF = NO # configuration options related to the Perl module output #--------------------------------------------------------------------------- -# If the GENERATE_PERLMOD tag is set to YES Doxygen will -# generate a Perl module file that captures the structure of -# the code including all documentation. Note that this -# feature is still experimental and incomplete at the +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the # moment. GENERATE_PERLMOD = NO -# If the PERLMOD_LATEX tag is set to YES Doxygen will generate -# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able # to generate PDF and DVI output from the Perl module output. PERLMOD_LATEX = NO -# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be -# nicely formatted so it can be parsed by a human reader. This is useful -# if you want to understand what is going on. On the other hand, if this -# tag is set to NO the size of the Perl module output will be much smaller +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. This is useful +# if you want to understand what is going on. On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. PERLMOD_PRETTY = YES -# The names of the make variables in the generated doxyrules.make file -# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. -# This is useful so different doxyrules.make files included by the same +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same # Makefile don't overwrite each other's variables. -PERLMOD_MAKEVAR_PREFIX = +PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- -# Configuration options related to the preprocessor +# Configuration options related to the preprocessor #--------------------------------------------------------------------------- -# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will -# evaluate all C-preprocessor directives found in the sources and include +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include # files. ENABLE_PREPROCESSING = YES -# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro -# names in the source code. If set to NO (the default) only conditional -# compilation will be performed. Macro expansion can be done in a controlled +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. MACRO_EXPANSION = YES -# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES -# then the macro expansion is limited to the macros specified with the +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_DEFINED tags. EXPAND_ONLY_PREDEF = NO -# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # in the INCLUDE_PATH (see below) will be search if a #include is found. SEARCH_INCLUDES = YES -# The INCLUDE_PATH tag can be used to specify one or more directories that -# contain include files that are not input files but should be processed by +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by # the preprocessor. -INCLUDE_PATH = +INCLUDE_PATH = -# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard -# patterns (like *.h and *.hpp) to filter out the header-files in the -# directories. If left blank, the patterns specified with FILE_PATTERNS will +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will # be used. -INCLUDE_FILE_PATTERNS = +INCLUDE_FILE_PATTERNS = -# The PREDEFINED tag can be used to specify one or more macro names that -# are defined before the preprocessor is started (similar to the -D option of -# gcc). The argument of the tag is a list of macros of the form: name -# or name=definition (no spaces). If the definition and the = are -# omitted =1 is assumed. To prevent a macro definition from being -# undefined via #undef or recursively expanded use the := operator +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator # instead of the = operator. PREDEFINED = LEAK_DETECTIVE -# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then -# this tag can be used to specify a list of macro names that should be expanded. -# The macro definition that is found in the sources will be used. +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition. -EXPAND_AS_DEFINED = +EXPAND_AS_DEFINED = -# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then -# doxygen's preprocessor will remove all function-like macros that are alone -# on a line, have an all uppercase name, and do not end with a semicolon. Such -# function macros are typically used for boiler-plate code, and will confuse +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all function-like macros that are alone +# on a line, have an all uppercase name, and do not end with a semicolon. Such +# function macros are typically used for boiler-plate code, and will confuse # the parser if not removed. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- -# Configuration::additions related to external references +# Configuration::additions related to external references #--------------------------------------------------------------------------- -# The TAGFILES option can be used to specify one or more tagfiles. -# Optionally an initial location of the external documentation -# can be added for each tagfile. The format of a tag file without -# this location is as follows: -# TAGFILES = file1 file2 ... -# Adding location for the tag files is done as follows: -# TAGFILES = file1=loc1 "file2 = loc2" ... -# where "loc1" and "loc2" can be relative or absolute paths or -# URLs. If a location is present for each tag, the installdox tool +# The TAGFILES option can be used to specify one or more tagfiles. +# Optionally an initial location of the external documentation +# can be added for each tagfile. The format of a tag file without +# this location is as follows: +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths or +# URLs. If a location is present for each tag, the installdox tool # does not have to be run to correct the links. # Note that each tag file must have a unique name # (where the name does NOT include the path) -# If a tag file is not located in the directory in which doxygen +# If a tag file is not located in the directory in which doxygen # is run, you must also specify the path to the tagfile here. -TAGFILES = +TAGFILES = -# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# When a file name is specified after GENERATE_TAGFILE, doxygen will create # a tag file that is based on the input files it reads. -GENERATE_TAGFILE = +GENERATE_TAGFILE = -# If the ALLEXTERNALS tag is set to YES all external classes will be listed -# in the class index. If set to NO only the inherited external classes +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes # will be listed. ALLEXTERNALS = NO -# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed -# in the modules index. If set to NO, only the current project's groups will +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will # be listed. EXTERNAL_GROUPS = YES -# The PERL_PATH should be the absolute path and name of the perl script +# The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- -# Configuration options related to the dot tool +# Configuration options related to the dot tool #--------------------------------------------------------------------------- -# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will -# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base -# or super classes. Setting the tag to NO turns the diagrams off. Note that -# this option is superseded by the HAVE_DOT option below. This is only a -# fallback. It is recommended to install and use dot, since it yields more +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option is superseded by the HAVE_DOT option below. This is only a +# fallback. It is recommended to install and use dot, since it yields more # powerful graphs. CLASS_DIAGRAMS = YES -# You can define message sequence charts within doxygen comments using the \msc -# command. Doxygen will then run the mscgen tool (see -# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the -# documentation. The MSCGEN_PATH tag allows you to specify the directory where -# the mscgen tool resides. If left empty the tool is assumed to be found in the +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see +# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the +# documentation. The MSCGEN_PATH tag allows you to specify the directory where +# the mscgen tool resides. If left empty the tool is assumed to be found in the # default search path. -MSCGEN_PATH = +MSCGEN_PATH = -# If set to YES, the inheritance and collaboration graphs will hide -# inheritance and usage relations if the target is undocumented +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented # or is not a class. HIDE_UNDOC_RELATIONS = YES -# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is -# available from the path. This tool is part of Graphviz, a graph visualization -# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section # have no effect if this option is set to NO (the default) HAVE_DOT = NO -# By default doxygen will write a font called FreeSans.ttf to the output -# directory and reference it in all dot files that doxygen generates. This -# font does not include all possible unicode characters however, so when you need -# these (or just want a differently looking font) you can specify the font name -# using DOT_FONTNAME. You need need to make sure dot is able to find the font, -# which can be done by putting it in a standard location or by setting the -# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory +# By default doxygen will write a font called FreeSans.ttf to the output +# directory and reference it in all dot files that doxygen generates. This +# font does not include all possible unicode characters however, so when you need +# these (or just want a differently looking font) you can specify the font name +# using DOT_FONTNAME. You need need to make sure dot is able to find the font, +# which can be done by putting it in a standard location or by setting the +# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory # containing the font. DOT_FONTNAME = FreeSans -# By default doxygen will tell dot to use the output directory to look for the -# FreeSans.ttf font (which doxygen will put there itself). If you specify a -# different font using DOT_FONTNAME you can set the path where dot +# By default doxygen will tell dot to use the output directory to look for the +# FreeSans.ttf font (which doxygen will put there itself). If you specify a +# different font using DOT_FONTNAME you can set the path where dot # can find it using this tag. -DOT_FONTPATH = +DOT_FONTPATH = -# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect inheritance relations. Setting this tag to YES will force the +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the # the CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES -# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen -# will generate a graph for each documented class showing the direct and -# indirect implementation dependencies (inheritance, containment, and +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and # class references variables) of the class with other documented classes. COLLABORATION_GRAPH = YES -# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen # will generate a graph for groups, showing the direct groups dependencies GROUP_GRAPHS = YES -# If the UML_LOOK tag is set to YES doxygen will generate inheritance and -# collaboration diagrams in a style similar to the OMG's Unified Modeling +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling # Language. UML_LOOK = NO -# If set to YES, the inheritance and collaboration graphs will show the +# If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. TEMPLATE_RELATIONS = NO -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT -# tags are set to YES then doxygen will generate a graph for each documented -# file showing the direct and indirect include dependencies of the file with +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with # other documented files. INCLUDE_GRAPH = YES -# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and -# HAVE_DOT tags are set to YES then doxygen will generate a graph for each -# documented header file showing the documented files that directly or +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or # indirectly include this file. INCLUDED_BY_GRAPH = YES -# If the CALL_GRAPH and HAVE_DOT options are set to YES then -# doxygen will generate a call dependency graph for every global function -# or class method. Note that enabling this option will significantly increase -# the time of a run. So in most cases it will be better to enable call graphs +# If the CALL_GRAPH and HAVE_DOT options are set to YES then +# doxygen will generate a call dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable call graphs # for selected functions only using the \callgraph command. CALL_GRAPH = NO -# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then -# doxygen will generate a caller dependency graph for every global function -# or class method. Note that enabling this option will significantly increase -# the time of a run. So in most cases it will be better to enable caller +# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then +# doxygen will generate a caller dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable caller # graphs for selected functions only using the \callergraph command. CALLER_GRAPH = NO -# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen # will graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES -# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES -# then doxygen will show the dependencies a directory has on other directories +# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories # in a graphical way. The dependency relations are determined by the #include # relations between the files in the directories. DIRECTORY_GRAPH = YES -# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. Possible values are png, jpg, or gif # If left blank png will be used. DOT_IMAGE_FORMAT = png -# The tag DOT_PATH can be used to specify the path where the dot tool can be +# The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. -DOT_PATH = +DOT_PATH = -# The DOTFILE_DIRS tag can be used to specify one or more directories that -# contain dot files that are included in the documentation (see the +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the # \dotfile command). -DOTFILE_DIRS = +DOTFILE_DIRS = -# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of -# nodes that will be shown in the graph. If the number of nodes in a graph -# becomes larger than this value, doxygen will truncate the graph, which is -# visualized by representing a node as a red box. Note that doxygen if the -# number of direct children of the root node in a graph is already larger than -# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note +# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the +# number of direct children of the root node in a graph is already larger than +# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note # that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. DOT_GRAPH_MAX_NODES = 50 -# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the -# graphs generated by dot. A depth value of 3 means that only nodes reachable -# from the root by following a path via at most 3 edges will be shown. Nodes -# that lay further from the root node will be omitted. Note that setting this -# option to 1 or 2 may greatly reduce the computation time needed for large -# code bases. Also note that the size of a graph can be further restricted by +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by # DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. MAX_DOT_GRAPH_DEPTH = 0 -# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent -# background. This is enabled by default, which results in a transparent -# background. Warning: Depending on the platform used, enabling this option -# may lead to badly anti-aliased labels on the edges of a graph (i.e. they +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is enabled by default, which results in a transparent +# background. Warning: Depending on the platform used, enabling this option +# may lead to badly anti-aliased labels on the edges of a graph (i.e. they # become hard to read). DOT_TRANSPARENT = NO -# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output -# files in one run (i.e. multiple -o and -T options on the command line). This -# makes dot run faster, but since only newer versions of dot (>1.8.10) +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) # support this, this feature is disabled by default. DOT_MULTI_TARGETS = NO -# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will -# generate a legend page explaining the meaning of the various boxes and +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and # arrows in the dot generated graphs. GENERATE_LEGEND = YES -# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will -# remove the intermediate dot files that are used to generate +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate # the various graphs. DOT_CLEANUP = YES #--------------------------------------------------------------------------- -# Configuration::additions related to the search engine +# Configuration::additions related to the search engine #--------------------------------------------------------------------------- -# The SEARCHENGINE tag specifies whether or not a search engine should be +# The SEARCHENGINE tag specifies whether or not a search engine should be # used. If set to NO the values of all tags below this one will be ignored. SEARCHENGINE = NO diff --git a/Makefile.am b/Makefile.am index 172949977..fcb2f2e7a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,6 +4,8 @@ if USE_SCRIPTS SUBDIRS += scripts endif +ACLOCAL_AMFLAGS = -I m4/config + EXTRA_DIST = Doxyfile.in CREDITS CLEANFILES = apidoc Doxyfile @@ -11,6 +13,7 @@ Doxyfile : Doxyfile.in sed \ -e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \ -e "s:\@PACKAGE_NAME\@:$(PACKAGE_NAME):" \ + -e "s:\@SRC_DIR\@:$(srcdir):" \ $(srcdir)/$@.in > $@ apidoc : Doxyfile diff --git a/Makefile.in b/Makefile.in index bc83e3d31..6e97ac768 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -15,8 +16,9 @@ @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -39,13 +41,21 @@ DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ ChangeLog INSTALL NEWS TODO config.guess config.sub depcomp \ install-sh ltmain.sh missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = src/dumm/ext/extconf.rb +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ @@ -57,6 +67,9 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir dist dist-all distcheck ETAGS = etags CTAGS = ctags DIST_SUBDIRS = src testing scripts @@ -64,9 +77,34 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ - { test ! -d $(distdir) \ - || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ - && rm -fr $(distdir); }; } + { test ! -d "$(distdir)" \ + || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -fr "$(distdir)"; }; } +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best distuninstallcheck_listfiles = find . -type f -print @@ -104,25 +142,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -134,11 +169,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -167,9 +205,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -192,7 +230,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -200,6 +238,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -208,10 +247,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -219,9 +260,11 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ SUBDIRS = src testing $(am__append_1) +ACLOCAL_AMFLAGS = -I m4/config EXTRA_DIST = Doxyfile.in CREDITS CLEANFILES = apidoc Doxyfile all: all-recursive @@ -233,15 +276,15 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - echo ' cd $(srcdir) && $(AUTOMAKE) --gnu '; \ - cd $(srcdir) && $(AUTOMAKE) --gnu \ + echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \ && exit 0; \ exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -257,9 +300,10 @@ $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENC $(SHELL) ./config.status --recheck $(top_srcdir)/configure: $(am__configure_deps) - cd $(srcdir) && $(AUTOCONF) + $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): src/dumm/ext/extconf.rb: $(top_builddir)/config.status $(top_srcdir)/src/dumm/ext/extconf.rb.in cd $(top_builddir) && $(SHELL) ./config.status $@ @@ -296,7 +340,7 @@ $(RECURSIVE_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ @@ -330,16 +374,16 @@ $(RECURSIVE_CLEAN_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) @@ -354,7 +398,7 @@ tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ @@ -366,7 +410,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -375,36 +419,41 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) $(am__remove_distdir) - test -d $(distdir) || mkdir $(distdir) + test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -420,38 +469,54 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ + am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done - -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ - || chmod -R a+r $(distdir) + || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) @@ -464,6 +529,10 @@ dist-lzma: distdir tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma $(am__remove_distdir) +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz + $(am__remove_distdir) + dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__remove_distdir) @@ -492,6 +561,8 @@ distcheck: dist bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lzma*) \ unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ @@ -503,9 +574,11 @@ distcheck: dist mkdir $(distdir)/_build mkdir $(distdir)/_inst chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ - && cd $(distdir)/_build \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ @@ -527,13 +600,15 @@ distcheck: dist && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ - && $(MAKE) $(AM_MAKEFLAGS) distcleancheck + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 $(am__remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: - @cd $(distuninstallcheck_dir) \ + @$(am__cd) '$(distuninstallcheck_dir)' \ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ @@ -576,6 +651,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -596,6 +672,8 @@ dvi-am: html: html-recursive +html-am: + info: info-recursive info-am: @@ -604,18 +682,28 @@ install-data-am: install-dvi: install-dvi-recursive +install-dvi-am: + install-exec-am: install-html: install-html-recursive +install-html-am: + install-info: install-info-recursive +install-info-am: + install-man: install-pdf: install-pdf-recursive +install-pdf-am: + install-ps: install-ps-recursive +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-recursive @@ -638,34 +726,36 @@ ps-am: uninstall-am: -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-strip +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ + install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am am--refresh check check-am clean clean-generic \ clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \ - dist-gzip dist-lzma dist-shar dist-tarZ dist-zip distcheck \ - distclean distclean-generic distclean-libtool distclean-tags \ - distcleancheck distdir distuninstallcheck dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs installdirs-am maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ - uninstall uninstall-am + dist-gzip dist-lzma dist-shar dist-tarZ dist-xz dist-zip \ + distcheck distclean distclean-generic distclean-libtool \ + distclean-tags distcleancheck distdir distuninstallcheck dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs installdirs-am \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-recursive uninstall uninstall-am Doxyfile : Doxyfile.in sed \ -e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \ -e "s:\@PACKAGE_NAME\@:$(PACKAGE_NAME):" \ + -e "s:\@SRC_DIR\@:$(srcdir):" \ $(srcdir)/$@.in > $@ apidoc : Doxyfile doxygen + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/NEWS b/NEWS index 6cf4d080d..1ba8b7c49 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,116 @@ +strongswan-4.3.6 +---------------- + +- The IKEv2 daemon supports RFC 3779 IP address block constraints + carried as a critical X.509v3 extension in the peer certificate. + +- The ipsec pool --add|del dns|nbns command manages DNS and NBNS name + server entries that are sent via the IKEv1 Mode Config or IKEv2 + Configuration Payload to remote clients. + +- The Camellia cipher can be used as an IKEv1 encryption algorithm. + +- The IKEv1 and IKEV2 daemons now check certificate path length constraints. + +- The new ipsec.conf conn option "inactivity" closes a CHILD_SA if no traffic + was sent or received within the given interval. To close the complete IKE_SA + if its only CHILD_SA was inactive, set the global strongswan.conf option + "charon.inactivity_close_ike" to yes. + +- More detailed IKEv2 EAP payload information in debug output + +- IKEv2 EAP-SIM and EAP-AKA share joint libsimaka library + +- Added required userland changes for proper SHA256 and SHA384/512 in ESP that + will be introduced with Linux 2.6.33. The "sha256"/"sha2_256" keyword now + configures the kernel with 128 bit truncation, not the non-standard 96 + bit truncation used by previous releases. To use the old 96 bit truncation + scheme, the new "sha256_96" proposal keyword has been introduced. + +- Fixed IPComp in tunnel mode, stripping out the duplicated outer header. This + change makes IPcomp tunnel mode connections incompatible with previous + releases; disable compression on such tunnels. + +- Fixed BEET mode connections on recent kernels by installing SAs with + appropriate traffic selectors, based on a patch by Michael Rossberg. + +- Using extensions (such as BEET mode) and crypto algorithms (such as twofish, + serpent, sha256_96) allocated in the private use space now require that we + know its meaning, i.e. we are talking to strongSwan. Use the new + "charon.send_vendor_id" option in strongswan.conf to let the remote peer know + this is the case. + +- Experimental support for draft-eronen-ipsec-ikev2-eap-auth, where the + responder omits public key authentication in favor of a mutual authentication + method. To enable EAP-only authentication, set rightauth=eap on the responder + to rely only on the MSK constructed AUTH payload. This not-yet standardized + extension requires the strongSwan vendor ID introduced above. + +- The IKEv1 daemon ignores the Juniper SRX notification type 40001, thus + allowing interoperability. + + +strongswan-4.3.5 +---------------- + +- The IKEv1 pluto daemon can now use SQL-based address pools to deal out + virtual IP addresses as a Mode Config server. The pool capability has been + migrated from charon's sql plugin to a new attr-sql plugin which is loaded + by libstrongswan and which can be used by both daemons either with a SQLite + or MySQL database and the corresponding plugin. + +- Plugin names have been streamlined: EAP plugins now have a dash after eap + (e.g. eap-sim), as it is used with the --enable-eap-sim ./configure option. + Plugin configuration sections in strongswan.conf now use the same name as the + plugin itself (i.e. with a dash). Make sure to update "load" directives and + the affected plugin sections in existing strongswan.conf files. + +- The private/public key parsing and encoding has been split up into + separate pkcs1, pgp, pem and dnskey plugins. The public key implementation + plugins gmp, gcrypt and openssl can all make use of them. + +- The EAP-AKA plugin can use different backends for USIM/quintuplet + calculations, very similar to the EAP-SIM plugin. The existing 3GPP2 software + implementation has been migrated to a separate plugin. + +- The IKEv2 daemon charon gained basic PGP support. It can use locally installed + peer certificates and can issue signatures based on RSA private keys. + +- The new 'ipsec pki' tool provides a set of commands to maintain a public + key infrastructure. It currently supports operations to create RSA and ECDSA + private/public keys, calculate fingerprints and issue or verify certificates. + +- Charon uses a monotonic time source for statistics and job queueing, behaving + correctly if the system time changes (e.g. when using NTP). + +- In addition to time based rekeying, charon supports IPsec SA lifetimes based + on processed volume or number of packets. They new ipsec.conf paramaters + 'lifetime' (an alias to 'keylife'), 'lifebytes' and 'lifepackets' handle + SA timeouts, while the parameters 'margintime' (an alias to rekeymargin), + 'marginbytes' and 'marginpackets' trigger the rekeying before a SA expires. + The existing parameter 'rekeyfuzz' affects all margins. + +- If no CA/Gateway certificate is specified in the NetworkManager plugin, + charon uses a set of trusted root certificates preinstalled by distributions. + The directory containing CA certificates can be specified using the + --with-nm-ca-dir=path configure option. + +- Fixed the encoding of the Email relative distinguished name in left|rightid + statements. + +- Fixed the broken parsing of PKCS#7 wrapped certificates by the pluto daemon. + +- Fixed smartcard-based authentication in the pluto daemon which was broken by + the ECDSA support introduced with the 4.3.2 release. + +- A patch contributed by Heiko Hund fixes mixed IPv6 in IPv4 and vice versa + tunnels established with the IKEv1 pluto daemon. + +- The pluto daemon now uses the libstrongswan x509 plugin for certificates and + CRls and the struct id type was replaced by identification_t used by charon + and the libstrongswan library. + + strongswan-4.3.4 ---------------- @@ -51,7 +164,7 @@ strongswan-4.3.2 another two DoS vulnerabilities, one in the rather old ASN.1 parser of Relative Distinguished Names (RDNs) and a second one in the conversion of ASN.1 UTCTIME and GENERALIZEDTIME strings to a time_t value. - + strongswan-4.3.1 ---------------- @@ -88,7 +201,7 @@ strongswan-4.3.1 incomplete state which caused a null pointer dereference if a subsequent CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either a missing TSi or TSr payload caused a null pointer derefence because the - checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was + checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was developped by the Orange Labs vulnerability research team. The tool was initially written by Gabriel Campana and is now maintained by Laurent Butti. @@ -148,7 +261,7 @@ strongswan-4.2.14 time, i.e. Jan 19 03:14:07 UTC 2038. - Distinguished Names containing wildcards (*) are not sent in the - IDr payload anymore. + IDr payload anymore. strongswan-4.2.13 @@ -158,7 +271,7 @@ strongswan-4.2.13 IKEv1 pluto daemon which sporadically caused a segfault. - Fixed a crash in the IKEv2 charon daemon occuring with - mixed RAM-based and SQL-based virtual IP address pools. + mixed RAM-based and SQL-based virtual IP address pools. - Fixed ASN.1 parsing of algorithmIdentifier objects where the parameters field is optional. @@ -174,13 +287,13 @@ strongswan-4.2.12 either by --enable-md4 or --enable-openssl. - Assignment of up to two DNS and up to two WINS servers to peers via - the IKEv2 Configuration Payload (CP). The IPv4 or IPv6 nameserver + the IKEv2 Configuration Payload (CP). The IPv4 or IPv6 nameserver addresses are defined in strongswan.conf. - The strongSwan applet for the Gnome NetworkManager is now built and distributed as a separate tarball under the name NetworkManager-strongswan. - + strongswan-4.2.11 ----------------- @@ -278,9 +391,9 @@ strongswan-4.2.7 a KE payload containing zeroes only can cause a crash of the IKEv2 charon daemon due to a NULL pointer returned by the mpz_export() function of the GNU Multiprecision Library (GMP). Thanks go to Mu Dynamics Research Labs - for making us aware of this problem. + for making us aware of this problem. -- The new agent plugin provides a private key implementation on top of an +- The new agent plugin provides a private key implementation on top of an ssh-agent. - The NetworkManager plugin has been extended to support certificate client @@ -304,7 +417,7 @@ strongswan-4.2.6 - A new EAP-GTC plugin implements draft-sheffer-ikev2-gtc-00.txt and allows username/password authentication against any PAM service on the gateway. - The new EAP method interacts nicely with the NetworkManager plugin and allows + The new EAP method interacts nicely with the NetworkManager plugin and allows client authentication against e.g. LDAP. - Improved support for the EAP-Identity method. The new ipsec.conf eap_identity @@ -324,7 +437,7 @@ strongswan-4.2.6 strongswan-4.2.5 ---------------- -- Consistent logging of IKE and CHILD SAs at the audit (AUD) level. +- Consistent logging of IKE and CHILD SAs at the audit (AUD) level. - Improved the performance of the SQL-based virtual IP address pool by introducing an additional addresses table. The leases table @@ -338,12 +451,12 @@ strongswan-4.2.5 - management of different virtual IP pools for different network interfaces have become possible. -- fixed a bug which prevented the assignment of more than 256 +- fixed a bug which prevented the assignment of more than 256 virtual IP addresses from a pool managed by an sql database. - fixed a bug which did not delete own IPCOMP SAs in the kernel. - + strongswan-4.2.4 ---------------- @@ -361,7 +474,7 @@ strongswan-4.2.4 - Fixed a bug in stroke which caused multiple charon threads to close the file descriptors during packet transfers over the stroke socket. - + - ESP sequence numbers are now migrated in IPsec SA updates handled by MOBIKE. Works only with Linux kernels >= 2.6.17. @@ -369,7 +482,7 @@ strongswan-4.2.4 strongswan-4.2.3 ---------------- -- Fixed the strongswan.conf path configuration problem that occurred when +- Fixed the strongswan.conf path configuration problem that occurred when --sysconfig was not set explicitly in ./configure. - Fixed a number of minor bugs that where discovered during the 4th @@ -391,7 +504,7 @@ strongswan-4.2.2 the pool database. See ipsec pool --help for the available options - The Authenticated Encryption Algorithms AES-CCM-8/12/16 and AES-GCM-8/12/16 - for ESP are now supported starting with the Linux 2.6.25 kernel. The + for ESP are now supported starting with the Linux 2.6.25 kernel. The syntax is e.g. esp=aes128ccm12 or esp=aes256gcm16. @@ -409,12 +522,12 @@ strongswan-4.2.1 IKE_SAs with the same peer. The option value "keep" prefers existing connection setups over new ones, where the value "replace" replaces existing connections. - -- The crypto factory in libstrongswan additionaly supports random number + +- The crypto factory in libstrongswan additionaly supports random number generators, plugins may provide other sources of randomness. The default plugin reads raw random data from /dev/(u)random. -- Extended the credential framework by a caching option to allow plugins +- Extended the credential framework by a caching option to allow plugins persistent caching of fetched credentials. The "cachecrl" option has been re-implemented. @@ -469,10 +582,10 @@ strongswan-4.2.0 refactored to support modular credential providers, proper CERTREQ/CERT payload exchanges and extensible authorization rules. -- The framework of strongSwan Manager has envolved to the web application +- The framework of strongSwan Manager has envolved to the web application framework libfast (FastCGI Application Server w/ Templates) and is usable by other applications. - + strongswan-4.1.11 ----------------- @@ -482,7 +595,7 @@ strongswan-4.1.11 the next CHILD_SA rekeying. - Wrong type definition of the next_payload variable in id_payload.c - caused an INVALID_SYNTAX error on PowerPC platforms. + caused an INVALID_SYNTAX error on PowerPC platforms. - Implemented IKEv2 EAP-SIM server and client test modules that use triplets stored in a file. For details on the configuration see @@ -493,7 +606,7 @@ strongswan-4.1.10 ----------------- - Fixed error in the ordering of the certinfo_t records in the ocsp cache that - caused multiple entries of the same serial number to be created. + caused multiple entries of the same serial number to be created. - Implementation of a simple EAP-MD5 module which provides CHAP authentication. This may be interesting in conjunction with certificate @@ -506,7 +619,7 @@ strongswan-4.1.10 before using it. - Support for vendor specific EAP methods using Expanded EAP types. The - interface to EAP modules has been slightly changed, so make sure to + interface to EAP modules has been slightly changed, so make sure to check the changes if you're already rolling your own modules. @@ -527,7 +640,7 @@ strongswan-4.1.9 - Fixes and improvements to multithreading code. - IKEv2 plugins have been renamed to libcharon-* to avoid naming conflicts. - Make sure to remove the old plugins in $libexecdir/ipsec, otherwise they get + Make sure to remove the old plugins in $libexecdir/ipsec, otherwise they get loaded twice. @@ -573,18 +686,18 @@ strongswan-4.1.6 - the default ipsec routing table plus its corresponding priority used for inserting source routes has been changed from 100 to 220. It can be configured using the --with-ipsec-routing-table and - --with-ipsec-routing-table-prio options. - + --with-ipsec-routing-table-prio options. + - the --enable-integrity-test configure option tests the integrity of the libstrongswan crypto code during the charon startup. - + - the --disable-xauth-vid configure option disables the sending of the XAUTH vendor ID. This can be used as a workaround when interoperating with some Windows VPN clients that get into trouble upon reception of an XAUTH VID without eXtended AUTHentication having been configured. - + - ipsec stroke now supports the rereadsecrets, rereadaacerts, rereadacerts, and listacerts options. @@ -647,7 +760,7 @@ strongswan-4.1.4 of an argument string that is used with the PKCS#11 C_Initialize() function. This non-standard feature is required by the NSS softoken library. This patch was contributed by Robert Varga. - + - Fixed a bug in ipsec starter introduced by strongswan-2.8.5 which caused a segmentation fault in the presence of unknown or misspelt keywords in ipsec.conf. This bug fix was contributed @@ -660,7 +773,7 @@ strongswan-4.1.4 strongswan-4.1.3 ---------------- -- IKEv2 peer configuration selection now can be based on a given +- IKEv2 peer configuration selection now can be based on a given certification authority using the rightca= statement. - IKEv2 authentication based on RSA signatures now can handle multiple @@ -677,11 +790,11 @@ strongswan-4.1.3 improves the systems security, as a possible intruder may only get the CAP_NET_ADMIN capability. -- Further modularization of charon: Pluggable control interface and +- Further modularization of charon: Pluggable control interface and configuration backend modules provide extensibility. The control interface for stroke is included, and further interfaces using DBUS (NetworkManager) or XML are on the way. A backend for storing configurations in the daemon - is provided and more advanced backends (using e.g. a database) are trivial + is provided and more advanced backends (using e.g. a database) are trivial to implement. - Fixed a compilation failure in libfreeswan occuring with Linux kernel @@ -705,7 +818,7 @@ strongswan-4.1.2 - Removed the dependencies from the /usr/include/linux/ headers by including xfrm.h, ipsec.h, and pfkeyv2.h in the distribution. - + - crlNumber is now listed by ipsec listcrls - The xauth_modules.verify_secret() function now passes the @@ -754,7 +867,7 @@ strongswan-4.1.0 - Support for SHA2-256/384/512 PRF and HMAC functions in IKEv2. - Full support of CA information sections. ipsec listcainfos - now shows all collected crlDistributionPoints and OCSP + now shows all collected crlDistributionPoints and OCSP accessLocations. - Support of the Online Certificate Status Protocol (OCSP) for IKEv2. @@ -805,8 +918,8 @@ strongswan-4.0.6 with ISAKMP Main Mode RSA or PSK authentication. Both client and server side were implemented. Handling of user credentials can be done by a run-time loadable XAUTH module. By default user - credentials are stored in ipsec.secrets. - + credentials are stored in ipsec.secrets. + - IKEv2: Support for reauthentication when rekeying - IKEv2: Support for transport mode @@ -878,8 +991,8 @@ strongswan-4.0.3 ---------------- - Added support for the auto=route ipsec.conf parameter and the - ipsec route/unroute commands for IKEv2. This allows to set up IKE_SAs and - CHILD_SAs dynamically on demand when traffic is detected by the + ipsec route/unroute commands for IKEv2. This allows to set up IKE_SAs and + CHILD_SAs dynamically on demand when traffic is detected by the kernel. - Added support for rekeying IKE_SAs in IKEv2 using the ikelifetime parameter. @@ -899,9 +1012,9 @@ strongswan-4.0.2 default is leftsendcert=always, since CERTREQ payloads are not supported yet. Optional CRLs must be imported locally into /etc/ipsec.d/crls. -- Added support for leftprotoport/rightprotoport parameters in IKEv2. IKEv2 +- Added support for leftprotoport/rightprotoport parameters in IKEv2. IKEv2 would offer more possibilities for traffic selection, but the Linux kernel - currently does not support it. That's why we stick with these simple + currently does not support it. That's why we stick with these simple ipsec.conf rules for now. - Added Dead Peer Detection (DPD) which checks liveliness of remote peer if no @@ -913,8 +1026,8 @@ strongswan-4.0.2 to port 4500, uses UDP encapsulated ESP packets, handles peer address changes gracefully and sends keep alive message periodically. -- Reimplemented IKE_SA state machine for charon, which allows simultaneous - rekeying, more shared code, cleaner design, proper retransmission +- Reimplemented IKE_SA state machine for charon, which allows simultaneous + rekeying, more shared code, cleaner design, proper retransmission and a more extensible code base. - The mixed PSK/RSA roadwarrior detection capability introduced by the @@ -929,22 +1042,22 @@ strongswan-4.0.2 strongswan-4.0.1 ---------------- -- Added algorithm selection to charon: New default algorithms for +- Added algorithm selection to charon: New default algorithms for ike=aes128-sha-modp2048, as both daemons support it. The default for IPsec SAs is now esp=aes128-sha,3des-md5. charon handles the ike/esp parameter the same way as pluto. As this syntax does - not allow specification of a pseudo random function, the same + not allow specification of a pseudo random function, the same algorithm as for integrity is used (currently sha/md5). Supported algorithms for IKE: Encryption: aes128, aes192, aes256 Integrity/PRF: md5, sha (using hmac) DH-Groups: modp768, 1024, 1536, 2048, 4096, 8192 and for ESP: - Encryption: aes128, aes192, aes256, 3des, blowfish128, + Encryption: aes128, aes192, aes256, 3des, blowfish128, blowfish192, blowfish256 Integrity: md5, sha1 More IKE encryption algorithms will come after porting libcrypto into - libstrongswan. + libstrongswan. - initial support for rekeying CHILD_SAs using IKEv2. Currently no perfect forward secrecy is used. The rekeying parameters rekey, @@ -959,7 +1072,7 @@ strongswan-4.0.1 - new build environment featuring autotools. Features such as HTTP, LDAP and smartcard support may be enabled using - the ./configure script. Changing install directories + the ./configure script. Changing install directories is possible, too. See ./configure --help for more details. - better integration of charon with ipsec starter, which allows @@ -973,7 +1086,7 @@ strongswan-4.0.0 ---------------- - initial support of the IKEv2 protocol. Connections in - ipsec.conf designated by keyexchange=ikev2 are negotiated + ipsec.conf designated by keyexchange=ikev2 are negotiated by the new IKEv2 charon keying daemon whereas those marked by keyexchange=ikev1 or the default keyexchange=ike are handled thy the IKEv1 pluto keying daemon. Currently only @@ -1009,7 +1122,7 @@ strongswan-2.7.0 internal network interface which is part of the client subnet because an iptables INPUT and OUTPUT rule would be required. lefthostaccess=yes will cause this additional ACCEPT rules to - be inserted. + be inserted. - mixed PSK|RSA roadwarriors are now supported. The ISAKMP proposal payload is preparsed in order to find out whether the roadwarrior @@ -1023,7 +1136,7 @@ strongswan-2.6.4 - the new _updown_policy template allows ipsec policy based iptables firewall rules. Required are iptables version >= 1.3.5 and linux kernel >= 2.6.16. This script obsoletes - the _updown_espmark template, so that no INPUT mangle rules + the _updown_espmark template, so that no INPUT mangle rules are required any more. - added support of DPD restart mode @@ -1039,13 +1152,13 @@ strongswan-2.6.4 strongswan-2.6.3 ---------------- -- /etc/init.d/ipsec or /etc/rc.d/ipsec is now a copy of the ipsec +- /etc/init.d/ipsec or /etc/rc.d/ipsec is now a copy of the ipsec command and not of ipsec setup any more. - ipsec starter now supports AH authentication in conjunction with ESP encryption. AH authentication is configured in ipsec.conf via the auth=ah parameter. - + - The command ipsec scencrypt|scdecrypt is now an alias for ipsec whack --scencrypt|scdecrypt . @@ -1053,7 +1166,7 @@ strongswan-2.6.3 the exact time of the last use of an active eroute. This information is used by the Dead Peer Detection algorithm and is also displayed by the ipsec status command. - + strongswan-2.6.2 ---------------- @@ -1117,7 +1230,7 @@ strongswan-2.6.0 accelerated tremedously. - Added support of %defaultroute to the ipsec starter. If the IP address - changes, a HUP signal to the ipsec starter will automatically + changes, a HUP signal to the ipsec starter will automatically reload pluto's connections. - moved most compile time configurations from pluto/Makefile to @@ -1149,7 +1262,7 @@ strongswan-2.5.6 function (e.g. OpenSC), the RSA encryption is done in software using the public key fetched from the smartcard. -- The scepclient function now allows to define the +- The scepclient function now allows to define the validity of a self-signed certificate using the --days, --startdate, and --enddate options. The default validity has been changed from one year to five years. @@ -1172,7 +1285,7 @@ strongswan-2.5.5 [--outbase 16|hex|64|base64|256|text|ascii] [--keyid ] - The default setting for inbase and outbase is hex. + The default setting for inbase and outbase is hex. The new proxy interface can be used for securing symmetric encryption keys required by the cryptoloop or dm-crypt @@ -1218,7 +1331,7 @@ strongswan-2.5.3 always|yes (the default, always send a cert) ifasked (send the cert only upon a cert request) never|no (never send a cert, used for raw RSA keys and - self-signed certs) + self-signed certs) - fixed the initialization of the ESP key length to a default of 128 bits in the case that the peer does not send a key length @@ -1310,7 +1423,7 @@ strongswan-2.5.0 of ipsec.conf. The dynamically fetched CRLs are stored under a unique file name containing the issuer's subjectKeyID in /etc/ipsec.d/crls. - + - Applied a one-line patch courtesy of Michael Richardson from the Openswan project which fixes the kernel-oops in KLIPS when an snmp daemon is running on the same box. @@ -1347,19 +1460,19 @@ strongswan-2.4.2 - Added the _updown_espmark template which requires all incoming ESP traffic to be marked with a default mark value of 50. - + - Introduced the pkcs11keepstate parameter in the config setup section of ipsec.conf. With pkcs11keepstate=yes the PKCS#11 - session and login states are kept as long as possible during + session and login states are kept as long as possible during the lifetime of pluto. This means that a PIN entry via a key pad has to be done only once. - Introduced the pkcs11module parameter in the config setup section of ipsec.conf which specifies the PKCS#11 module to be used with smart cards. Example: - + pkcs11module=/usr/lib/pkcs11/opensc-pkcs11.lo - + - Added support of smartcard readers equipped with a PIN pad. - Added patch by Jay Pfeifer which detects when netkey @@ -1368,7 +1481,7 @@ strongswan-2.4.2 - Added two patches by Herbert Xu. The first uses ip xfrm instead of setkey to flush the IPsec policy database. The second sets the optional flag in inbound IPComp SAs only. - + - Applied Ulrich Weber's patch which fixes an interoperability problem between native IPsec and KLIPS systems caused by setting the replay window to 32 instead of 0 for ipcomp. @@ -1391,8 +1504,8 @@ strongswan-2.4.0a - updated copyright statement to include David Buechi and Michael Meier - - + + strongswan-2.4.0 ---------------- @@ -1409,10 +1522,10 @@ strongswan-2.4.0 always?] returns an XFRM_ACQUIRE message with an undefined protocol family field and the connection setup fails. As a workaround IPv4 (AF_INET) is now assumed. - -- the results of the UML test scenarios are now enhanced + +- the results of the UML test scenarios are now enhanced with block diagrams of the virtual network topology used - in a particular test. + in a particular test. strongswan-2.3.2 @@ -1420,13 +1533,13 @@ strongswan-2.3.2 - fixed IV used to decrypt informational messages. This bug was introduced with Mode Config functionality. - + - fixed NCP Vendor ID. - undid one of Ulrich Weber's maximum udp size patches because it caused a segmentation fault with NAT-ed Delete SA messages. - + - added UML scenarios wildcards and attr-cert which demonstrate the implementation of IPsec policies based on wildcard parameters contained in Distinguished Names and @@ -1440,15 +1553,15 @@ strongswan-2.3.1 - Added Mathieu Lafon's patch which upgrades the status of the NAT-Traversal implementation to RFC 3947. - + - The _startklips script now also loads the xfrm4_tunnel module. - + - Added Ulrich Weber's netlink replay window size and maximum udp size patches. - UML testing now uses the Linux 2.6.10 UML kernel by default. - + strongswan-2.3.0 ---------------- @@ -1460,22 +1573,22 @@ strongswan-2.3.0 subdirectory. - Full support of group attributes based on X.509 attribute - certificates. Attribute certificates can be generated + certificates. Attribute certificates can be generated using the openac facility. For more details see - + man ipsec_openac. - + The group attributes can be used in connection definitions in order to give IPsec access to specific user groups. This is done with the new parameter left|rightgroups as in - + rightgroups="Research, Sales" giving access to users possessing the group attributes Research or Sales, only. - In Quick Mode clients with subnet mask /32 are now - coded as IP_V4_ADDRESS or IP_V6_ADDRESS. This should + coded as IP_V4_ADDRESS or IP_V6_ADDRESS. This should fix rekeying problems with the SafeNet/SoftRemote and NCP Secure Entry Clients. @@ -1489,7 +1602,7 @@ strongswan-2.3.0 - Public RSA keys can now have identical IDs if either the issuing CA or the serial number is different. The serial number of a certificate is now shown by the command - + ipsec auto --listpubkeys @@ -1504,7 +1617,7 @@ strongswan-2.2.2 - Fixed a bug occuring with NAT-Traversal enabled when the responder suddenly turns initiator and the initiator cannot find a matching connection because of the floated IKE port 4500. - + - Removed misleading ipsec verify command from barf. - Running under the native IP stack, ipsec --version now shows @@ -1519,12 +1632,12 @@ strongswan-2.2.1 - Fixed a bug in the ESP algorithm selection occuring when the strict flag is set and the first proposed transform does not match. - + - Fixed another deadlock in the use of the lock_certs_and_keys() mutex, occuring when a smartcard is present. - Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event. - + - Fixed the printing of the notification names (null) - Applied another of Herbert Xu's Netlink patches. @@ -1536,15 +1649,15 @@ strongswan-2.2.0 - Support of Dead Peer Detection. The connection parameter dpdaction=clear|hold - + activates DPD for the given connection. - The default Opportunistic Encryption (OE) policy groups are not automatically included anymore. Those wishing to activate OE can include the policy group with the following statement in ipsec.conf: - + include /etc/ipsec.d/examples/oe.conf - + The default for [right|left]rsasigkey is now set to %cert. - strongSwan now has a Vendor ID of its own which can be activated @@ -1558,12 +1671,12 @@ strongswan-2.2.0 - Reapplied one of Herbert Xu's NAT-Traversal patches which got lost during the migration from SuperFreeS/WAN. - + - Fixed a deadlock in the use of the lock_certs_and_keys() mutex. - Fixed the unsharing of alg parameters when instantiating group connection. - + strongswan-2.1.5 ---------------- @@ -1605,7 +1718,7 @@ strongswan-2.1.3 - Fixed another PKCS#7 vulnerability which could lead to an endless loop while following the X.509 trust chain. - + strongswan-2.1.2 ---------------- @@ -1613,7 +1726,7 @@ strongswan-2.1.2 - Fixed the PKCS#7 vulnerability discovered by Thomas Walpuski that accepted end certificates having identical issuer and subject distinguished names in a multi-tier X.509 trust chain. - + strongswan-2.1.1 ---------------- @@ -1633,9 +1746,9 @@ strongswan-2.1.0 crluri=http://www.kool.net/kool.crl # crl distribution point crluri2="ldap:///O=Kool, C= .." # crl distribution point #2 auto=add # add, ignore - + The ca definitions can be monitored via the command - + ipsec auto --listcainfos - Fixed cosmetic corruption of /proc filesystem by integrating @@ -1647,10 +1760,10 @@ strongswan-2.0.2 - Added support for the 818043 NAT-Traversal update of Microsoft's Windows 2000/XP IPsec client which sends an ID_FQDN during Quick Mode. - -- A symbolic link to libcrypto is now added in the kernel sources + +- A symbolic link to libcrypto is now added in the kernel sources during kernel compilation - + - Fixed a couple of 64 bit issues (mostly casts to int). Thanks to Ken Bantoft who checked my sources on a 64 bit platform. @@ -1669,8 +1782,8 @@ strongswan-2.0.1 - applied Herbert Xu's NAT-T patches which fixes NAT-T under the native Linux 2.6 IPsec stack. - - + + strongswan-2.0.0 ---------------- diff --git a/aclocal.m4 b/aclocal.m4 index 9e6e86249..dea9d6f31 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,7 +1,7 @@ -# generated automatically by aclocal 1.10.2 -*- Autoconf -*- +# generated automatically by aclocal 1.11 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -13,8 +13,8 @@ m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.63],, -[m4_warning([this file was generated for autoconf 2.63. +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.64],, +[m4_warning([this file was generated for autoconf 2.64. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically `autoreconf'.])]) @@ -205,8077 +205,6 @@ AC_DEFUN([AC_LIB_PREPARE_MULTILIB], fi ]) -dnl Autoconf macros for libgcrypt -dnl Copyright (C) 2002, 2004 Free Software Foundation, Inc. -dnl -dnl This file is free software; as a special exception the author gives -dnl unlimited permission to copy and/or distribute it, with or without -dnl modifications, as long as this notice is preserved. -dnl -dnl This file is distributed in the hope that it will be useful, but -dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the -dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - -dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, -dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) -dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS. -dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed -dnl with the API version to also check the API compatibility. Example: -dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed -dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using -dnl this features allows to prevent build against newer versions of libgcrypt -dnl with a changed API. -dnl -AC_DEFUN([AM_PATH_LIBGCRYPT], -[ AC_ARG_WITH(libgcrypt-prefix, - AC_HELP_STRING([--with-libgcrypt-prefix=PFX], - [prefix where LIBGCRYPT is installed (optional)]), - libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") - if test x$libgcrypt_config_prefix != x ; then - if test x${LIBGCRYPT_CONFIG+set} != xset ; then - LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config - fi - fi - - AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) - tmp=ifelse([$1], ,1:1.2.0,$1) - if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then - req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` - min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` - else - req_libgcrypt_api=0 - min_libgcrypt_version="$tmp" - fi - - AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version) - ok=no - if test "$LIBGCRYPT_CONFIG" != "no" ; then - req_major=`echo $min_libgcrypt_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` - req_minor=`echo $min_libgcrypt_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` - req_micro=`echo $min_libgcrypt_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` - libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` - major=`echo $libgcrypt_config_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` - minor=`echo $libgcrypt_config_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` - micro=`echo $libgcrypt_config_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` - if test "$major" -gt "$req_major"; then - ok=yes - else - if test "$major" -eq "$req_major"; then - if test "$minor" -gt "$req_minor"; then - ok=yes - else - if test "$minor" -eq "$req_minor"; then - if test "$micro" -ge "$req_micro"; then - ok=yes - fi - fi - fi - fi - fi - fi - if test $ok = yes; then - AC_MSG_RESULT([yes ($libgcrypt_config_version)]) - else - AC_MSG_RESULT(no) - fi - if test $ok = yes; then - # If we have a recent libgcrypt, we should also check that the - # API is compatible - if test "$req_libgcrypt_api" -gt 0 ; then - tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` - if test "$tmp" -gt 0 ; then - AC_MSG_CHECKING([LIBGCRYPT API version]) - if test "$req_libgcrypt_api" -eq "$tmp" ; then - AC_MSG_RESULT([okay]) - else - ok=no - AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp]) - fi - fi - fi - fi - if test $ok = yes; then - LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` - LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` - ifelse([$2], , :, [$2]) - else - LIBGCRYPT_CFLAGS="" - LIBGCRYPT_LIBS="" - ifelse([$3], , :, [$3]) - fi - AC_SUBST(LIBGCRYPT_CFLAGS) - AC_SUBST(LIBGCRYPT_LIBS) -]) - -# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- -# -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008 Free Software Foundation, Inc. -# Written by Gordon Matzigkeit, 1996 -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. - -m4_define([_LT_COPYING], [dnl -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, -# 2006, 2007, 2008 Free Software Foundation, Inc. -# Written by Gordon Matzigkeit, 1996 -# -# This file is part of GNU Libtool. -# -# GNU Libtool is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# As a special exception to the GNU General Public License, -# if you distribute this file as part of a program or library that -# is built using GNU Libtool, you may include this file under the -# same distribution terms that you use for the rest of that program. -# -# GNU Libtool is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GNU Libtool; see the file COPYING. If not, a copy -# can be downloaded from http://www.gnu.org/licenses/gpl.html, or -# obtained by writing to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -]) - -# serial 56 LT_INIT - - -# LT_PREREQ(VERSION) -# ------------------ -# Complain and exit if this libtool version is less that VERSION. -m4_defun([LT_PREREQ], -[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, - [m4_default([$3], - [m4_fatal([Libtool version $1 or higher is required], - 63)])], - [$2])]) - - -# _LT_CHECK_BUILDDIR -# ------------------ -# Complain if the absolute build directory name contains unusual characters -m4_defun([_LT_CHECK_BUILDDIR], -[case `pwd` in - *\ * | *\ *) - AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; -esac -]) - - -# LT_INIT([OPTIONS]) -# ------------------ -AC_DEFUN([LT_INIT], -[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT -AC_BEFORE([$0], [LT_LANG])dnl -AC_BEFORE([$0], [LT_OUTPUT])dnl -AC_BEFORE([$0], [LTDL_INIT])dnl -m4_require([_LT_CHECK_BUILDDIR])dnl - -dnl Autoconf doesn't catch unexpanded LT_ macros by default: -m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl -m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl -dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 -dnl unless we require an AC_DEFUNed macro: -AC_REQUIRE([LTOPTIONS_VERSION])dnl -AC_REQUIRE([LTSUGAR_VERSION])dnl -AC_REQUIRE([LTVERSION_VERSION])dnl -AC_REQUIRE([LTOBSOLETE_VERSION])dnl -m4_require([_LT_PROG_LTMAIN])dnl - -dnl Parse OPTIONS -_LT_SET_OPTIONS([$0], [$1]) - -# This can be used to rebuild libtool when needed -LIBTOOL_DEPS="$ltmain" - -# Always use our own libtool. -LIBTOOL='$(SHELL) $(top_builddir)/libtool' -AC_SUBST(LIBTOOL)dnl - -_LT_SETUP - -# Only expand once: -m4_define([LT_INIT]) -])# LT_INIT - -# Old names: -AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) -AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_PROG_LIBTOOL], []) -dnl AC_DEFUN([AM_PROG_LIBTOOL], []) - - -# _LT_CC_BASENAME(CC) -# ------------------- -# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. -m4_defun([_LT_CC_BASENAME], -[for cc_temp in $1""; do - case $cc_temp in - compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; - distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; - \-*) ;; - *) break;; - esac -done -cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` -]) - - -# _LT_FILEUTILS_DEFAULTS -# ---------------------- -# It is okay to use these file commands and assume they have been set -# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. -m4_defun([_LT_FILEUTILS_DEFAULTS], -[: ${CP="cp -f"} -: ${MV="mv -f"} -: ${RM="rm -f"} -])# _LT_FILEUTILS_DEFAULTS - - -# _LT_SETUP -# --------- -m4_defun([_LT_SETUP], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_CANONICAL_BUILD])dnl -_LT_DECL([], [host_alias], [0], [The host system])dnl -_LT_DECL([], [host], [0])dnl -_LT_DECL([], [host_os], [0])dnl -dnl -_LT_DECL([], [build_alias], [0], [The build system])dnl -_LT_DECL([], [build], [0])dnl -_LT_DECL([], [build_os], [0])dnl -dnl -AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([LT_PATH_LD])dnl -AC_REQUIRE([LT_PATH_NM])dnl -dnl -AC_REQUIRE([AC_PROG_LN_S])dnl -test -z "$LN_S" && LN_S="ln -s" -_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl -dnl -AC_REQUIRE([LT_CMD_MAX_LEN])dnl -_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl -_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl -dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_CHECK_SHELL_FEATURES])dnl -m4_require([_LT_CMD_RELOAD])dnl -m4_require([_LT_CHECK_MAGIC_METHOD])dnl -m4_require([_LT_CMD_OLD_ARCHIVE])dnl -m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl - -_LT_CONFIG_LIBTOOL_INIT([ -# See if we are running on zsh, and set the options which allow our -# commands through without removal of \ escapes INIT. -if test -n "\${ZSH_VERSION+set}" ; then - setopt NO_GLOB_SUBST -fi -]) -if test -n "${ZSH_VERSION+set}" ; then - setopt NO_GLOB_SUBST -fi - -_LT_CHECK_OBJDIR - -m4_require([_LT_TAG_COMPILER])dnl -_LT_PROG_ECHO_BACKSLASH - -case $host_os in -aix3*) - # AIX sometimes has problems with the GCC collect2 program. For some - # reason, if we set the COLLECT_NAMES environment variable, the problems - # vanish in a puff of smoke. - if test "X${COLLECT_NAMES+set}" != Xset; then - COLLECT_NAMES= - export COLLECT_NAMES - fi - ;; -esac - -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' - -# Same as above, but do not quote variable references. -double_quote_subst='s/\([["`\\]]\)/\\\1/g' - -# Sed substitution to delay expansion of an escaped shell variable in a -# double_quote_subst'ed string. -delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' - -# Sed substitution to delay expansion of an escaped single quote. -delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' - -# Sed substitution to avoid accidental globbing in evaled expressions -no_glob_subst='s/\*/\\\*/g' - -# Global variables: -ofile=libtool -can_build_shared=yes - -# All known linkers require a `.a' archive for static linking (except MSVC, -# which needs '.lib'). -libext=a - -with_gnu_ld="$lt_cv_prog_gnu_ld" - -old_CC="$CC" -old_CFLAGS="$CFLAGS" - -# Set sane defaults for various variables -test -z "$CC" && CC=cc -test -z "$LTCC" && LTCC=$CC -test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS -test -z "$LD" && LD=ld -test -z "$ac_objext" && ac_objext=o - -_LT_CC_BASENAME([$compiler]) - -# Only perform the check for file, if the check method requires it -test -z "$MAGIC_CMD" && MAGIC_CMD=file -case $deplibs_check_method in -file_magic*) - if test "$file_magic_cmd" = '$MAGIC_CMD'; then - _LT_PATH_MAGIC - fi - ;; -esac - -# Use C for the default configuration in the libtool script -LT_SUPPORTED_TAG([CC]) -_LT_LANG_C_CONFIG -_LT_LANG_DEFAULT_CONFIG -_LT_CONFIG_COMMANDS -])# _LT_SETUP - - -# _LT_PROG_LTMAIN -# --------------- -# Note that this code is called both from `configure', and `config.status' -# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, -# `config.status' has no value for ac_aux_dir unless we are using Automake, -# so we pass a copy along to make sure it has a sensible value anyway. -m4_defun([_LT_PROG_LTMAIN], -[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl -_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) -ltmain="$ac_aux_dir/ltmain.sh" -])# _LT_PROG_LTMAIN - - - -# So that we can recreate a full libtool script including additional -# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS -# in macros and then make a single call at the end using the `libtool' -# label. - - -# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) -# ---------------------------------------- -# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. -m4_define([_LT_CONFIG_LIBTOOL_INIT], -[m4_ifval([$1], - [m4_append([_LT_OUTPUT_LIBTOOL_INIT], - [$1 -])])]) - -# Initialize. -m4_define([_LT_OUTPUT_LIBTOOL_INIT]) - - -# _LT_CONFIG_LIBTOOL([COMMANDS]) -# ------------------------------ -# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. -m4_define([_LT_CONFIG_LIBTOOL], -[m4_ifval([$1], - [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], - [$1 -])])]) - -# Initialize. -m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) - - -# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) -# ----------------------------------------------------- -m4_defun([_LT_CONFIG_SAVE_COMMANDS], -[_LT_CONFIG_LIBTOOL([$1]) -_LT_CONFIG_LIBTOOL_INIT([$2]) -]) - - -# _LT_FORMAT_COMMENT([COMMENT]) -# ----------------------------- -# Add leading comment marks to the start of each line, and a trailing -# full-stop to the whole comment if one is not present already. -m4_define([_LT_FORMAT_COMMENT], -[m4_ifval([$1], [ -m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], - [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) -)]) - - - - - -# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) -# ------------------------------------------------------------------- -# CONFIGNAME is the name given to the value in the libtool script. -# VARNAME is the (base) name used in the configure script. -# VALUE may be 0, 1 or 2 for a computed quote escaped value based on -# VARNAME. Any other value will be used directly. -m4_define([_LT_DECL], -[lt_if_append_uniq([lt_decl_varnames], [$2], [, ], - [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], - [m4_ifval([$1], [$1], [$2])]) - lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) - m4_ifval([$4], - [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) - lt_dict_add_subkey([lt_decl_dict], [$2], - [tagged?], [m4_ifval([$5], [yes], [no])])]) -]) - - -# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) -# -------------------------------------------------------- -m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) - - -# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) -# ------------------------------------------------ -m4_define([lt_decl_tag_varnames], -[_lt_decl_filter([tagged?], [yes], $@)]) - - -# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) -# --------------------------------------------------------- -m4_define([_lt_decl_filter], -[m4_case([$#], - [0], [m4_fatal([$0: too few arguments: $#])], - [1], [m4_fatal([$0: too few arguments: $#: $1])], - [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], - [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], - [lt_dict_filter([lt_decl_dict], $@)])[]dnl -]) - - -# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) -# -------------------------------------------------- -m4_define([lt_decl_quote_varnames], -[_lt_decl_filter([value], [1], $@)]) - - -# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) -# --------------------------------------------------- -m4_define([lt_decl_dquote_varnames], -[_lt_decl_filter([value], [2], $@)]) - - -# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) -# --------------------------------------------------- -m4_define([lt_decl_varnames_tagged], -[m4_assert([$# <= 2])dnl -_$0(m4_quote(m4_default([$1], [[, ]])), - m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), - m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) -m4_define([_lt_decl_varnames_tagged], -[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) - - -# lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) -# ------------------------------------------------ -m4_define([lt_decl_all_varnames], -[_$0(m4_quote(m4_default([$1], [[, ]])), - m4_if([$2], [], - m4_quote(lt_decl_varnames), - m4_quote(m4_shift($@))))[]dnl -]) -m4_define([_lt_decl_all_varnames], -[lt_join($@, lt_decl_varnames_tagged([$1], - lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl -]) - - -# _LT_CONFIG_STATUS_DECLARE([VARNAME]) -# ------------------------------------ -# Quote a variable value, and forward it to `config.status' so that its -# declaration there will have the same value as in `configure'. VARNAME -# must have a single quote delimited value for this to work. -m4_define([_LT_CONFIG_STATUS_DECLARE], -[$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`']) - - -# _LT_CONFIG_STATUS_DECLARATIONS -# ------------------------------ -# We delimit libtool config variables with single quotes, so when -# we write them to config.status, we have to be sure to quote all -# embedded single quotes properly. In configure, this macro expands -# each variable declared with _LT_DECL (and _LT_TAGDECL) into: -# -# ='`$ECHO "X$" | $Xsed -e "$delay_single_quote_subst"`' -m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], -[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), - [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) - - -# _LT_LIBTOOL_TAGS -# ---------------- -# Output comment and list of tags supported by the script -m4_defun([_LT_LIBTOOL_TAGS], -[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl -available_tags="_LT_TAGS"dnl -]) - - -# _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) -# ----------------------------------- -# Extract the dictionary values for VARNAME (optionally with TAG) and -# expand to a commented shell variable setting: -# -# # Some comment about what VAR is for. -# visible_name=$lt_internal_name -m4_define([_LT_LIBTOOL_DECLARE], -[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], - [description])))[]dnl -m4_pushdef([_libtool_name], - m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl -m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), - [0], [_libtool_name=[$]$1], - [1], [_libtool_name=$lt_[]$1], - [2], [_libtool_name=$lt_[]$1], - [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl -m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl -]) - - -# _LT_LIBTOOL_CONFIG_VARS -# ----------------------- -# Produce commented declarations of non-tagged libtool config variables -# suitable for insertion in the LIBTOOL CONFIG section of the `libtool' -# script. Tagged libtool config variables (even for the LIBTOOL CONFIG -# section) are produced by _LT_LIBTOOL_TAG_VARS. -m4_defun([_LT_LIBTOOL_CONFIG_VARS], -[m4_foreach([_lt_var], - m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), - [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) - - -# _LT_LIBTOOL_TAG_VARS(TAG) -# ------------------------- -m4_define([_LT_LIBTOOL_TAG_VARS], -[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), - [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) - - -# _LT_TAGVAR(VARNAME, [TAGNAME]) -# ------------------------------ -m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) - - -# _LT_CONFIG_COMMANDS -# ------------------- -# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of -# variables for single and double quote escaping we saved from calls -# to _LT_DECL, we can put quote escaped variables declarations -# into `config.status', and then the shell code to quote escape them in -# for loops in `config.status'. Finally, any additional code accumulated -# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. -m4_defun([_LT_CONFIG_COMMANDS], -[AC_PROVIDE_IFELSE([LT_OUTPUT], - dnl If the libtool generation code has been placed in $CONFIG_LT, - dnl instead of duplicating it all over again into config.status, - dnl then we will have config.status run $CONFIG_LT later, so it - dnl needs to know what name is stored there: - [AC_CONFIG_COMMANDS([libtool], - [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], - dnl If the libtool generation code is destined for config.status, - dnl expand the accumulated commands and init code now: - [AC_CONFIG_COMMANDS([libtool], - [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) -])#_LT_CONFIG_COMMANDS - - -# Initialize. -m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], -[ - -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -sed_quote_subst='$sed_quote_subst' -double_quote_subst='$double_quote_subst' -delay_variable_subst='$delay_variable_subst' -_LT_CONFIG_STATUS_DECLARATIONS -LTCC='$LTCC' -LTCFLAGS='$LTCFLAGS' -compiler='$compiler_DEFAULT' - -# Quote evaled strings. -for var in lt_decl_all_varnames([[ \ -]], lt_decl_quote_varnames); do - case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in - *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" - ;; - *) - eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" - ;; - esac -done - -# Double-quote double-evaled strings. -for var in lt_decl_all_varnames([[ \ -]], lt_decl_dquote_varnames); do - case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in - *[[\\\\\\\`\\"\\\$]]*) - eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" - ;; - *) - eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" - ;; - esac -done - -# Fix-up fallback echo if it was mangled by the above quoting rules. -case \$lt_ECHO in -*'\\\[$]0 --fallback-echo"')dnl " - lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\` - ;; -esac - -_LT_OUTPUT_LIBTOOL_INIT -]) - - -# LT_OUTPUT -# --------- -# This macro allows early generation of the libtool script (before -# AC_OUTPUT is called), incase it is used in configure for compilation -# tests. -AC_DEFUN([LT_OUTPUT], -[: ${CONFIG_LT=./config.lt} -AC_MSG_NOTICE([creating $CONFIG_LT]) -cat >"$CONFIG_LT" <<_LTEOF -#! $SHELL -# Generated by $as_me. -# Run this file to recreate a libtool stub with the current configuration. - -lt_cl_silent=false -SHELL=\${CONFIG_SHELL-$SHELL} -_LTEOF - -cat >>"$CONFIG_LT" <<\_LTEOF -AS_SHELL_SANITIZE -_AS_PREPARE - -exec AS_MESSAGE_FD>&1 -exec AS_MESSAGE_LOG_FD>>config.log -{ - echo - AS_BOX([Running $as_me.]) -} >&AS_MESSAGE_LOG_FD - -lt_cl_help="\ -\`$as_me' creates a local libtool stub from the current configuration, -for use in further configure time tests before the real libtool is -generated. - -Usage: $[0] [[OPTIONS]] - - -h, --help print this help, then exit - -V, --version print version number, then exit - -q, --quiet do not print progress messages - -d, --debug don't remove temporary files - -Report bugs to ." - -lt_cl_version="\ -m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl -m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) -configured by $[0], generated by m4_PACKAGE_STRING. - -Copyright (C) 2008 Free Software Foundation, Inc. -This config.lt script is free software; the Free Software Foundation -gives unlimited permision to copy, distribute and modify it." - -while test $[#] != 0 -do - case $[1] in - --version | --v* | -V ) - echo "$lt_cl_version"; exit 0 ;; - --help | --h* | -h ) - echo "$lt_cl_help"; exit 0 ;; - --debug | --d* | -d ) - debug=: ;; - --quiet | --q* | --silent | --s* | -q ) - lt_cl_silent=: ;; - - -*) AC_MSG_ERROR([unrecognized option: $[1] -Try \`$[0] --help' for more information.]) ;; - - *) AC_MSG_ERROR([unrecognized argument: $[1] -Try \`$[0] --help' for more information.]) ;; - esac - shift -done - -if $lt_cl_silent; then - exec AS_MESSAGE_FD>/dev/null -fi -_LTEOF - -cat >>"$CONFIG_LT" <<_LTEOF -_LT_OUTPUT_LIBTOOL_COMMANDS_INIT -_LTEOF - -cat >>"$CONFIG_LT" <<\_LTEOF -AC_MSG_NOTICE([creating $ofile]) -_LT_OUTPUT_LIBTOOL_COMMANDS -AS_EXIT(0) -_LTEOF -chmod +x "$CONFIG_LT" - -# configure is writing to config.log, but config.lt does its own redirection, -# appending to config.log, which fails on DOS, as config.log is still kept -# open by configure. Here we exec the FD to /dev/null, effectively closing -# config.log, so it can be properly (re)opened and appended to by config.lt. -if test "$no_create" != yes; then - lt_cl_success=: - test "$silent" = yes && - lt_config_lt_args="$lt_config_lt_args --quiet" - exec AS_MESSAGE_LOG_FD>/dev/null - $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false - exec AS_MESSAGE_LOG_FD>>config.log - $lt_cl_success || AS_EXIT(1) -fi -])# LT_OUTPUT - - -# _LT_CONFIG(TAG) -# --------------- -# If TAG is the built-in tag, create an initial libtool script with a -# default configuration from the untagged config vars. Otherwise add code -# to config.status for appending the configuration named by TAG from the -# matching tagged config vars. -m4_defun([_LT_CONFIG], -[m4_require([_LT_FILEUTILS_DEFAULTS])dnl -_LT_CONFIG_SAVE_COMMANDS([ - m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl - m4_if(_LT_TAG, [C], [ - # See if we are running on zsh, and set the options which allow our - # commands through without removal of \ escapes. - if test -n "${ZSH_VERSION+set}" ; then - setopt NO_GLOB_SUBST - fi - - cfgfile="${ofile}T" - trap "$RM \"$cfgfile\"; exit 1" 1 2 15 - $RM "$cfgfile" - - cat <<_LT_EOF >> "$cfgfile" -#! $SHELL - -# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. -# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: -# NOTE: Changes made to this file will be lost: look at ltmain.sh. -# -_LT_COPYING -_LT_LIBTOOL_TAGS - -# ### BEGIN LIBTOOL CONFIG -_LT_LIBTOOL_CONFIG_VARS -_LT_LIBTOOL_TAG_VARS -# ### END LIBTOOL CONFIG - -_LT_EOF - - case $host_os in - aix3*) - cat <<\_LT_EOF >> "$cfgfile" -# AIX sometimes has problems with the GCC collect2 program. For some -# reason, if we set the COLLECT_NAMES environment variable, the problems -# vanish in a puff of smoke. -if test "X${COLLECT_NAMES+set}" != Xset; then - COLLECT_NAMES= - export COLLECT_NAMES -fi -_LT_EOF - ;; - esac - - _LT_PROG_LTMAIN - - # We use sed instead of cat because bash on DJGPP gets confused if - # if finds mixed CR/LF and LF-only lines. Since sed operates in - # text mode, it properly converts lines to CR/LF. This bash problem - # is reportedly fixed, but why not run on old versions too? - sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \ - || (rm -f "$cfgfile"; exit 1) - - _LT_PROG_XSI_SHELLFNS - - sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \ - || (rm -f "$cfgfile"; exit 1) - - mv -f "$cfgfile" "$ofile" || - (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") - chmod +x "$ofile" -], -[cat <<_LT_EOF >> "$ofile" - -dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded -dnl in a comment (ie after a #). -# ### BEGIN LIBTOOL TAG CONFIG: $1 -_LT_LIBTOOL_TAG_VARS(_LT_TAG) -# ### END LIBTOOL TAG CONFIG: $1 -_LT_EOF -])dnl /m4_if -], -[m4_if([$1], [], [ - PACKAGE='$PACKAGE' - VERSION='$VERSION' - TIMESTAMP='$TIMESTAMP' - RM='$RM' - ofile='$ofile'], []) -])dnl /_LT_CONFIG_SAVE_COMMANDS -])# _LT_CONFIG - - -# LT_SUPPORTED_TAG(TAG) -# --------------------- -# Trace this macro to discover what tags are supported by the libtool -# --tag option, using: -# autoconf --trace 'LT_SUPPORTED_TAG:$1' -AC_DEFUN([LT_SUPPORTED_TAG], []) - - -# C support is built-in for now -m4_define([_LT_LANG_C_enabled], []) -m4_define([_LT_TAGS], []) - - -# LT_LANG(LANG) -# ------------- -# Enable libtool support for the given language if not already enabled. -AC_DEFUN([LT_LANG], -[AC_BEFORE([$0], [LT_OUTPUT])dnl -m4_case([$1], - [C], [_LT_LANG(C)], - [C++], [_LT_LANG(CXX)], - [Java], [_LT_LANG(GCJ)], - [Fortran 77], [_LT_LANG(F77)], - [Fortran], [_LT_LANG(FC)], - [Windows Resource], [_LT_LANG(RC)], - [m4_ifdef([_LT_LANG_]$1[_CONFIG], - [_LT_LANG($1)], - [m4_fatal([$0: unsupported language: "$1"])])])dnl -])# LT_LANG - - -# _LT_LANG(LANGNAME) -# ------------------ -m4_defun([_LT_LANG], -[m4_ifdef([_LT_LANG_]$1[_enabled], [], - [LT_SUPPORTED_TAG([$1])dnl - m4_append([_LT_TAGS], [$1 ])dnl - m4_define([_LT_LANG_]$1[_enabled], [])dnl - _LT_LANG_$1_CONFIG($1)])dnl -])# _LT_LANG - - -# _LT_LANG_DEFAULT_CONFIG -# ----------------------- -m4_defun([_LT_LANG_DEFAULT_CONFIG], -[AC_PROVIDE_IFELSE([AC_PROG_CXX], - [LT_LANG(CXX)], - [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) - -AC_PROVIDE_IFELSE([AC_PROG_F77], - [LT_LANG(F77)], - [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) - -AC_PROVIDE_IFELSE([AC_PROG_FC], - [LT_LANG(FC)], - [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) - -dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal -dnl pulling things in needlessly. -AC_PROVIDE_IFELSE([AC_PROG_GCJ], - [LT_LANG(GCJ)], - [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], - [LT_LANG(GCJ)], - [AC_PROVIDE_IFELSE([LT_PROG_GCJ], - [LT_LANG(GCJ)], - [m4_ifdef([AC_PROG_GCJ], - [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) - m4_ifdef([A][M_PROG_GCJ], - [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) - m4_ifdef([LT_PROG_GCJ], - [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) - -AC_PROVIDE_IFELSE([LT_PROG_RC], - [LT_LANG(RC)], - [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) -])# _LT_LANG_DEFAULT_CONFIG - -# Obsolete macros: -AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) -AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) -AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) -AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_CXX], []) -dnl AC_DEFUN([AC_LIBTOOL_F77], []) -dnl AC_DEFUN([AC_LIBTOOL_FC], []) -dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) - - -# _LT_TAG_COMPILER -# ---------------- -m4_defun([_LT_TAG_COMPILER], -[AC_REQUIRE([AC_PROG_CC])dnl - -_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl -_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl -_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl -_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# If no C compiler flags were specified, use CFLAGS. -LTCFLAGS=${LTCFLAGS-"$CFLAGS"} - -# Allow CC to be a program name with arguments. -compiler=$CC -])# _LT_TAG_COMPILER - - -# _LT_COMPILER_BOILERPLATE -# ------------------------ -# Check for compiler boilerplate output or warnings with -# the simple compiler test code. -m4_defun([_LT_COMPILER_BOILERPLATE], -[m4_require([_LT_DECL_SED])dnl -ac_outfile=conftest.$ac_objext -echo "$lt_simple_compile_test_code" >conftest.$ac_ext -eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_compiler_boilerplate=`cat conftest.err` -$RM conftest* -])# _LT_COMPILER_BOILERPLATE - - -# _LT_LINKER_BOILERPLATE -# ---------------------- -# Check for linker boilerplate output or warnings with -# the simple link test code. -m4_defun([_LT_LINKER_BOILERPLATE], -[m4_require([_LT_DECL_SED])dnl -ac_outfile=conftest.$ac_objext -echo "$lt_simple_link_test_code" >conftest.$ac_ext -eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err -_lt_linker_boilerplate=`cat conftest.err` -$RM -r conftest* -])# _LT_LINKER_BOILERPLATE - -# _LT_REQUIRED_DARWIN_CHECKS -# ------------------------- -m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ - case $host_os in - rhapsody* | darwin*) - AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) - AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) - AC_CHECK_TOOL([LIPO], [lipo], [:]) - AC_CHECK_TOOL([OTOOL], [otool], [:]) - AC_CHECK_TOOL([OTOOL64], [otool64], [:]) - _LT_DECL([], [DSYMUTIL], [1], - [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) - _LT_DECL([], [NMEDIT], [1], - [Tool to change global to local symbols on Mac OS X]) - _LT_DECL([], [LIPO], [1], - [Tool to manipulate fat objects and archives on Mac OS X]) - _LT_DECL([], [OTOOL], [1], - [ldd/readelf like tool for Mach-O binaries on Mac OS X]) - _LT_DECL([], [OTOOL64], [1], - [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) - - AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], - [lt_cv_apple_cc_single_mod=no - if test -z "${LT_MULTI_MODULE}"; then - # By default we will add the -single_module flag. You can override - # by either setting the environment variable LT_MULTI_MODULE - # non-empty at configure time, or by adding -multi_module to the - # link flags. - rm -rf libconftest.dylib* - echo "int foo(void){return 1;}" > conftest.c - echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ --dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD - $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ - -dynamiclib -Wl,-single_module conftest.c 2>conftest.err - _lt_result=$? - if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then - lt_cv_apple_cc_single_mod=yes - else - cat conftest.err >&AS_MESSAGE_LOG_FD - fi - rm -rf libconftest.dylib* - rm -f conftest.* - fi]) - AC_CACHE_CHECK([for -exported_symbols_list linker flag], - [lt_cv_ld_exported_symbols_list], - [lt_cv_ld_exported_symbols_list=no - save_LDFLAGS=$LDFLAGS - echo "_main" > conftest.sym - LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" - AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], - [lt_cv_ld_exported_symbols_list=yes], - [lt_cv_ld_exported_symbols_list=no]) - LDFLAGS="$save_LDFLAGS" - ]) - case $host_os in - rhapsody* | darwin1.[[012]]) - _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; - darwin1.*) - _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; - darwin*) # darwin 5.x on - # if running on 10.5 or later, the deployment target defaults - # to the OS version, if on x86, and 10.4, the deployment - # target defaults to 10.4. Don't you love it? - case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) - _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; - 10.[[012]]*) - _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; - 10.*) - _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; - esac - ;; - esac - if test "$lt_cv_apple_cc_single_mod" = "yes"; then - _lt_dar_single_mod='$single_module' - fi - if test "$lt_cv_ld_exported_symbols_list" = "yes"; then - _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' - else - _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' - fi - if test "$DSYMUTIL" != ":"; then - _lt_dsymutil='~$DSYMUTIL $lib || :' - else - _lt_dsymutil= - fi - ;; - esac -]) - - -# _LT_DARWIN_LINKER_FEATURES -# -------------------------- -# Checks for linker and compiler features on darwin -m4_defun([_LT_DARWIN_LINKER_FEATURES], -[ - m4_require([_LT_REQUIRED_DARWIN_CHECKS]) - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_automatic, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - _LT_TAGVAR(whole_archive_flag_spec, $1)='' - _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" - case $cc_basename in - ifort*) _lt_dar_can_shared=yes ;; - *) _lt_dar_can_shared=$GCC ;; - esac - if test "$_lt_dar_can_shared" = "yes"; then - output_verbose_link_cmd=echo - _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" - _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" - _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" - _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" - m4_if([$1], [CXX], -[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then - _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" - _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" - fi -],[]) - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi -]) - -# _LT_SYS_MODULE_PATH_AIX -# ----------------------- -# Links a minimal program and checks the executable -# for the system default hardcoded library path. In most cases, -# this is /usr/lib:/lib, but when the MPI compilers are used -# the location of the communication and MPI libs are included too. -# If we don't find anything, use the default library path according -# to the aix ld manual. -m4_defun([_LT_SYS_MODULE_PATH_AIX], -[m4_require([_LT_DECL_SED])dnl -AC_LINK_IFELSE(AC_LANG_PROGRAM,[ -lt_aix_libpath_sed=' - /Import File Strings/,/^$/ { - /^0/ { - s/^0 *\(.*\)$/\1/ - p - } - }' -aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` -# Check for a 64-bit object if we didn't find anything. -if test -z "$aix_libpath"; then - aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` -fi],[]) -if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi -])# _LT_SYS_MODULE_PATH_AIX - - -# _LT_SHELL_INIT(ARG) -# ------------------- -m4_define([_LT_SHELL_INIT], -[ifdef([AC_DIVERSION_NOTICE], - [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)], - [AC_DIVERT_PUSH(NOTICE)]) -$1 -AC_DIVERT_POP -])# _LT_SHELL_INIT - - -# _LT_PROG_ECHO_BACKSLASH -# ----------------------- -# Add some code to the start of the generated configure script which -# will find an echo command which doesn't interpret backslashes. -m4_defun([_LT_PROG_ECHO_BACKSLASH], -[_LT_SHELL_INIT([ -# Check that we are running under the correct shell. -SHELL=${CONFIG_SHELL-/bin/sh} - -case X$lt_ECHO in -X*--fallback-echo) - # Remove one level of quotation (which was required for Make). - ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','` - ;; -esac - -ECHO=${lt_ECHO-echo} -if test "X[$]1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X[$]1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then - # Yippee, $ECHO works! - : -else - # Restart under the correct shell. - exec $SHELL "[$]0" --no-reexec ${1+"[$]@"} -fi - -if test "X[$]1" = X--fallback-echo; then - # used as fallback echo - shift - cat <<_LT_EOF -[$]* -_LT_EOF - exit 0 -fi - -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -if test -z "$lt_ECHO"; then - if test "X${echo_test_string+set}" != Xset; then - # find a string as large as possible, as long as the shell can cope with it - for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do - # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... - if { echo_test_string=`eval $cmd`; } 2>/dev/null && - { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null - then - break - fi - done - fi - - if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && - echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - : - else - # The Solaris, AIX, and Digital Unix default echo programs unquote - # backslashes. This makes it impossible to quote backslashes using - # echo "$something" | sed 's/\\/\\\\/g' - # - # So, first we look for a working echo in the user's PATH. - - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR - for dir in $PATH /usr/ucb; do - IFS="$lt_save_ifs" - if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && - test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - ECHO="$dir/echo" - break - fi - done - IFS="$lt_save_ifs" - - if test "X$ECHO" = Xecho; then - # We didn't find a better echo, so look for alternatives. - if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' && - echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # This shell has a builtin print -r that does the trick. - ECHO='print -r' - elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } && - test "X$CONFIG_SHELL" != X/bin/ksh; then - # If we have ksh, try running configure again with it. - ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} - export ORIGINAL_CONFIG_SHELL - CONFIG_SHELL=/bin/ksh - export CONFIG_SHELL - exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"} - else - # Try using printf. - ECHO='printf %s\n' - if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && - echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # Cool, printf works - : - elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL - export CONFIG_SHELL - SHELL="$CONFIG_SHELL" - export SHELL - ECHO="$CONFIG_SHELL [$]0 --fallback-echo" - elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - ECHO="$CONFIG_SHELL [$]0 --fallback-echo" - else - # maybe with a smaller string... - prev=: - - for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do - if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null - then - break - fi - prev="$cmd" - done - - if test "$prev" != 'sed 50q "[$]0"'; then - echo_test_string=`eval $prev` - export echo_test_string - exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"} - else - # Oops. We lost completely, so just stick with echo. - ECHO=echo - fi - fi - fi - fi - fi -fi - -# Copy echo and quote the copy suitably for passing to libtool from -# the Makefile, instead of quoting the original, which is used later. -lt_ECHO=$ECHO -if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then - lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo" -fi - -AC_SUBST(lt_ECHO) -]) -_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) -_LT_DECL([], [ECHO], [1], - [An echo program that does not interpret backslashes]) -])# _LT_PROG_ECHO_BACKSLASH - - -# _LT_ENABLE_LOCK -# --------------- -m4_defun([_LT_ENABLE_LOCK], -[AC_ARG_ENABLE([libtool-lock], - [AS_HELP_STRING([--disable-libtool-lock], - [avoid locking (might break parallel builds)])]) -test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes - -# Some flags need to be propagated to the compiler or linker for good -# libtool support. -case $host in -ia64-*-hpux*) - # Find out which ABI we are using. - echo 'int i;' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.$ac_objext` in - *ELF-32*) - HPUX_IA64_MODE="32" - ;; - *ELF-64*) - HPUX_IA64_MODE="64" - ;; - esac - fi - rm -rf conftest* - ;; -*-*-irix6*) - # Find out which ABI we are using. - echo '[#]line __oline__ "configure"' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - if test "$lt_cv_prog_gnu_ld" = yes; then - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - LD="${LD-ld} -melf32bsmip" - ;; - *N32*) - LD="${LD-ld} -melf32bmipn32" - ;; - *64-bit*) - LD="${LD-ld} -melf64bmip" - ;; - esac - else - case `/usr/bin/file conftest.$ac_objext` in - *32-bit*) - LD="${LD-ld} -32" - ;; - *N32*) - LD="${LD-ld} -n32" - ;; - *64-bit*) - LD="${LD-ld} -64" - ;; - esac - fi - fi - rm -rf conftest* - ;; - -x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ -s390*-*linux*|s390*-*tpf*|sparc*-*linux*) - # Find out which ABI we are using. - echo 'int i;' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.o` in - *32-bit*) - case $host in - x86_64-*kfreebsd*-gnu) - LD="${LD-ld} -m elf_i386_fbsd" - ;; - x86_64-*linux*) - LD="${LD-ld} -m elf_i386" - ;; - ppc64-*linux*|powerpc64-*linux*) - LD="${LD-ld} -m elf32ppclinux" - ;; - s390x-*linux*) - LD="${LD-ld} -m elf_s390" - ;; - sparc64-*linux*) - LD="${LD-ld} -m elf32_sparc" - ;; - esac - ;; - *64-bit*) - case $host in - x86_64-*kfreebsd*-gnu) - LD="${LD-ld} -m elf_x86_64_fbsd" - ;; - x86_64-*linux*) - LD="${LD-ld} -m elf_x86_64" - ;; - ppc*-*linux*|powerpc*-*linux*) - LD="${LD-ld} -m elf64ppc" - ;; - s390*-*linux*|s390*-*tpf*) - LD="${LD-ld} -m elf64_s390" - ;; - sparc*-*linux*) - LD="${LD-ld} -m elf64_sparc" - ;; - esac - ;; - esac - fi - rm -rf conftest* - ;; - -*-*-sco3.2v5*) - # On SCO OpenServer 5, we need -belf to get full-featured binaries. - SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -belf" - AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, - [AC_LANG_PUSH(C) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) - AC_LANG_POP]) - if test x"$lt_cv_cc_needs_belf" != x"yes"; then - # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf - CFLAGS="$SAVE_CFLAGS" - fi - ;; -sparc*-*solaris*) - # Find out which ABI we are using. - echo 'int i;' > conftest.$ac_ext - if AC_TRY_EVAL(ac_compile); then - case `/usr/bin/file conftest.o` in - *64-bit*) - case $lt_cv_prog_gnu_ld in - yes*) LD="${LD-ld} -m elf64_sparc" ;; - *) - if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then - LD="${LD-ld} -64" - fi - ;; - esac - ;; - esac - fi - rm -rf conftest* - ;; -esac - -need_locks="$enable_libtool_lock" -])# _LT_ENABLE_LOCK - - -# _LT_CMD_OLD_ARCHIVE -# ------------------- -m4_defun([_LT_CMD_OLD_ARCHIVE], -[AC_CHECK_TOOL(AR, ar, false) -test -z "$AR" && AR=ar -test -z "$AR_FLAGS" && AR_FLAGS=cru -_LT_DECL([], [AR], [1], [The archiver]) -_LT_DECL([], [AR_FLAGS], [1]) - -AC_CHECK_TOOL(STRIP, strip, :) -test -z "$STRIP" && STRIP=: -_LT_DECL([], [STRIP], [1], [A symbol stripping program]) - -AC_CHECK_TOOL(RANLIB, ranlib, :) -test -z "$RANLIB" && RANLIB=: -_LT_DECL([], [RANLIB], [1], - [Commands used to install an old-style archive]) - -# Determine commands to create old-style static archives. -old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' -old_postinstall_cmds='chmod 644 $oldlib' -old_postuninstall_cmds= - -if test -n "$RANLIB"; then - case $host_os in - openbsd*) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" - ;; - *) - old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" - ;; - esac - old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" -fi -_LT_DECL([], [old_postinstall_cmds], [2]) -_LT_DECL([], [old_postuninstall_cmds], [2]) -_LT_TAGDECL([], [old_archive_cmds], [2], - [Commands used to build an old-style archive]) -])# _LT_CMD_OLD_ARCHIVE - - -# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, -# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) -# ---------------------------------------------------------------- -# Check whether the given compiler option works -AC_DEFUN([_LT_COMPILER_OPTION], -[m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_DECL_SED])dnl -AC_CACHE_CHECK([$1], [$2], - [$2=no - m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - lt_compiler_flag="$3" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - # The option is referenced via a variable to avoid confusing sed. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) - (eval "$lt_compile" 2>conftest.err) - ac_status=$? - cat conftest.err >&AS_MESSAGE_LOG_FD - echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD - if (exit $ac_status) && test -s "$ac_outfile"; then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings other than the usual output. - $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then - $2=yes - fi - fi - $RM conftest* -]) - -if test x"[$]$2" = xyes; then - m4_if([$5], , :, [$5]) -else - m4_if([$6], , :, [$6]) -fi -])# _LT_COMPILER_OPTION - -# Old name: -AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) - - -# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, -# [ACTION-SUCCESS], [ACTION-FAILURE]) -# ---------------------------------------------------- -# Check whether the given linker option works -AC_DEFUN([_LT_LINKER_OPTION], -[m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_DECL_SED])dnl -AC_CACHE_CHECK([$1], [$2], - [$2=no - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $3" - echo "$lt_simple_link_test_code" > conftest.$ac_ext - if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then - # The linker can only warn and ignore the option if not recognized - # So say no if there are warnings - if test -s conftest.err; then - # Append any errors to the config.log. - cat conftest.err 1>&AS_MESSAGE_LOG_FD - $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp - $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 - if diff conftest.exp conftest.er2 >/dev/null; then - $2=yes - fi - else - $2=yes - fi - fi - $RM -r conftest* - LDFLAGS="$save_LDFLAGS" -]) - -if test x"[$]$2" = xyes; then - m4_if([$4], , :, [$4]) -else - m4_if([$5], , :, [$5]) -fi -])# _LT_LINKER_OPTION - -# Old name: -AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) - - -# LT_CMD_MAX_LEN -#--------------- -AC_DEFUN([LT_CMD_MAX_LEN], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -# find the maximum length of command line arguments -AC_MSG_CHECKING([the maximum length of command line arguments]) -AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl - i=0 - teststring="ABCD" - - case $build_os in - msdosdjgpp*) - # On DJGPP, this test can blow up pretty badly due to problems in libc - # (any single argument exceeding 2000 bytes causes a buffer overrun - # during glob expansion). Even if it were fixed, the result of this - # check would be larger than it should be. - lt_cv_sys_max_cmd_len=12288; # 12K is about right - ;; - - gnu*) - # Under GNU Hurd, this test is not required because there is - # no limit to the length of command line arguments. - # Libtool will interpret -1 as no limit whatsoever - lt_cv_sys_max_cmd_len=-1; - ;; - - cygwin* | mingw* | cegcc*) - # On Win9x/ME, this test blows up -- it succeeds, but takes - # about 5 minutes as the teststring grows exponentially. - # Worse, since 9x/ME are not pre-emptively multitasking, - # you end up with a "frozen" computer, even though with patience - # the test eventually succeeds (with a max line length of 256k). - # Instead, let's just punt: use the minimum linelength reported by - # all of the supported platforms: 8192 (on NT/2K/XP). - lt_cv_sys_max_cmd_len=8192; - ;; - - amigaos*) - # On AmigaOS with pdksh, this test takes hours, literally. - # So we just punt and use a minimum line length of 8192. - lt_cv_sys_max_cmd_len=8192; - ;; - - netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) - # This has been around since 386BSD, at least. Likely further. - if test -x /sbin/sysctl; then - lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` - elif test -x /usr/sbin/sysctl; then - lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` - else - lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs - fi - # And add a safety zone - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` - ;; - - interix*) - # We know the value 262144 and hardcode it with a safety zone (like BSD) - lt_cv_sys_max_cmd_len=196608 - ;; - - osf*) - # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure - # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not - # nice to cause kernel panics so lets avoid the loop below. - # First set a reasonable default. - lt_cv_sys_max_cmd_len=16384 - # - if test -x /sbin/sysconfig; then - case `/sbin/sysconfig -q proc exec_disable_arg_limit` in - *1*) lt_cv_sys_max_cmd_len=-1 ;; - esac - fi - ;; - sco3.2v5*) - lt_cv_sys_max_cmd_len=102400 - ;; - sysv5* | sco5v6* | sysv4.2uw2*) - kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` - if test -n "$kargmax"; then - lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` - else - lt_cv_sys_max_cmd_len=32768 - fi - ;; - *) - lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` - if test -n "$lt_cv_sys_max_cmd_len"; then - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` - else - # Make teststring a little bigger before we do anything with it. - # a 1K string should be a reasonable start. - for i in 1 2 3 4 5 6 7 8 ; do - teststring=$teststring$teststring - done - SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} - # If test is not a shell built-in, we'll probably end up computing a - # maximum length that is only half of the actual maximum length, but - # we can't tell. - while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \ - = "XX$teststring$teststring"; } >/dev/null 2>&1 && - test $i != 17 # 1/2 MB should be enough - do - i=`expr $i + 1` - teststring=$teststring$teststring - done - # Only check the string length outside the loop. - lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` - teststring= - # Add a significant safety factor because C++ compilers can tack on - # massive amounts of additional arguments before passing them to the - # linker. It appears as though 1/2 is a usable value. - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` - fi - ;; - esac -]) -if test -n $lt_cv_sys_max_cmd_len ; then - AC_MSG_RESULT($lt_cv_sys_max_cmd_len) -else - AC_MSG_RESULT(none) -fi -max_cmd_len=$lt_cv_sys_max_cmd_len -_LT_DECL([], [max_cmd_len], [0], - [What is the maximum length of a command?]) -])# LT_CMD_MAX_LEN - -# Old name: -AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) - - -# _LT_HEADER_DLFCN -# ---------------- -m4_defun([_LT_HEADER_DLFCN], -[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl -])# _LT_HEADER_DLFCN - - -# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, -# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) -# ---------------------------------------------------------------- -m4_defun([_LT_TRY_DLOPEN_SELF], -[m4_require([_LT_HEADER_DLFCN])dnl -if test "$cross_compiling" = yes; then : - [$4] -else - lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 - lt_status=$lt_dlunknown - cat > conftest.$ac_ext <<_LT_EOF -[#line __oline__ "configure" -#include "confdefs.h" - -#if HAVE_DLFCN_H -#include -#endif - -#include - -#ifdef RTLD_GLOBAL -# define LT_DLGLOBAL RTLD_GLOBAL -#else -# ifdef DL_GLOBAL -# define LT_DLGLOBAL DL_GLOBAL -# else -# define LT_DLGLOBAL 0 -# endif -#endif - -/* We may have to define LT_DLLAZY_OR_NOW in the command line if we - find out it does not work in some platform. */ -#ifndef LT_DLLAZY_OR_NOW -# ifdef RTLD_LAZY -# define LT_DLLAZY_OR_NOW RTLD_LAZY -# else -# ifdef DL_LAZY -# define LT_DLLAZY_OR_NOW DL_LAZY -# else -# ifdef RTLD_NOW -# define LT_DLLAZY_OR_NOW RTLD_NOW -# else -# ifdef DL_NOW -# define LT_DLLAZY_OR_NOW DL_NOW -# else -# define LT_DLLAZY_OR_NOW 0 -# endif -# endif -# endif -# endif -#endif - -void fnord() { int i=42;} -int main () -{ - void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); - int status = $lt_dlunknown; - - if (self) - { - if (dlsym (self,"fnord")) status = $lt_dlno_uscore; - else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; - /* dlclose (self); */ - } - else - puts (dlerror ()); - - return status; -}] -_LT_EOF - if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then - (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null - lt_status=$? - case x$lt_status in - x$lt_dlno_uscore) $1 ;; - x$lt_dlneed_uscore) $2 ;; - x$lt_dlunknown|x*) $3 ;; - esac - else : - # compilation failed - $3 - fi -fi -rm -fr conftest* -])# _LT_TRY_DLOPEN_SELF - - -# LT_SYS_DLOPEN_SELF -# ------------------ -AC_DEFUN([LT_SYS_DLOPEN_SELF], -[m4_require([_LT_HEADER_DLFCN])dnl -if test "x$enable_dlopen" != xyes; then - enable_dlopen=unknown - enable_dlopen_self=unknown - enable_dlopen_self_static=unknown -else - lt_cv_dlopen=no - lt_cv_dlopen_libs= - - case $host_os in - beos*) - lt_cv_dlopen="load_add_on" - lt_cv_dlopen_libs= - lt_cv_dlopen_self=yes - ;; - - mingw* | pw32* | cegcc*) - lt_cv_dlopen="LoadLibrary" - lt_cv_dlopen_libs= - ;; - - cygwin*) - lt_cv_dlopen="dlopen" - lt_cv_dlopen_libs= - ;; - - darwin*) - # if libdl is installed we need to link against it - AC_CHECK_LIB([dl], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ - lt_cv_dlopen="dyld" - lt_cv_dlopen_libs= - lt_cv_dlopen_self=yes - ]) - ;; - - *) - AC_CHECK_FUNC([shl_load], - [lt_cv_dlopen="shl_load"], - [AC_CHECK_LIB([dld], [shl_load], - [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], - [AC_CHECK_FUNC([dlopen], - [lt_cv_dlopen="dlopen"], - [AC_CHECK_LIB([dl], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], - [AC_CHECK_LIB([svld], [dlopen], - [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], - [AC_CHECK_LIB([dld], [dld_link], - [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) - ]) - ]) - ]) - ]) - ]) - ;; - esac - - if test "x$lt_cv_dlopen" != xno; then - enable_dlopen=yes - else - enable_dlopen=no - fi - - case $lt_cv_dlopen in - dlopen) - save_CPPFLAGS="$CPPFLAGS" - test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" - - save_LDFLAGS="$LDFLAGS" - wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" - - save_LIBS="$LIBS" - LIBS="$lt_cv_dlopen_libs $LIBS" - - AC_CACHE_CHECK([whether a program can dlopen itself], - lt_cv_dlopen_self, [dnl - _LT_TRY_DLOPEN_SELF( - lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, - lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) - ]) - - if test "x$lt_cv_dlopen_self" = xyes; then - wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" - AC_CACHE_CHECK([whether a statically linked program can dlopen itself], - lt_cv_dlopen_self_static, [dnl - _LT_TRY_DLOPEN_SELF( - lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, - lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) - ]) - fi - - CPPFLAGS="$save_CPPFLAGS" - LDFLAGS="$save_LDFLAGS" - LIBS="$save_LIBS" - ;; - esac - - case $lt_cv_dlopen_self in - yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; - *) enable_dlopen_self=unknown ;; - esac - - case $lt_cv_dlopen_self_static in - yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; - *) enable_dlopen_self_static=unknown ;; - esac -fi -_LT_DECL([dlopen_support], [enable_dlopen], [0], - [Whether dlopen is supported]) -_LT_DECL([dlopen_self], [enable_dlopen_self], [0], - [Whether dlopen of programs is supported]) -_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], - [Whether dlopen of statically linked programs is supported]) -])# LT_SYS_DLOPEN_SELF - -# Old name: -AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) - - -# _LT_COMPILER_C_O([TAGNAME]) -# --------------------------- -# Check to see if options -c and -o are simultaneously supported by compiler. -# This macro does not hard code the compiler like AC_PROG_CC_C_O. -m4_defun([_LT_COMPILER_C_O], -[m4_require([_LT_DECL_SED])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_TAG_COMPILER])dnl -AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], - [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], - [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no - $RM -r conftest 2>/dev/null - mkdir conftest - cd conftest - mkdir out - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - - lt_compiler_flag="-o out/conftest2.$ac_objext" - # Insert the option either (1) after the last *FLAGS variable, or - # (2) before a word containing "conftest.", or (3) at the end. - # Note that $ac_compile itself does not contain backslashes and begins - # with a dollar sign (not a hyphen), so the echo should work correctly. - lt_compile=`echo "$ac_compile" | $SED \ - -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ - -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ - -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) - (eval "$lt_compile" 2>out/conftest.err) - ac_status=$? - cat out/conftest.err >&AS_MESSAGE_LOG_FD - echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD - if (exit $ac_status) && test -s out/conftest2.$ac_objext - then - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings - $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp - $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 - if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then - _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes - fi - fi - chmod u+w . 2>&AS_MESSAGE_LOG_FD - $RM conftest* - # SGI C++ compiler will create directory out/ii_files/ for - # template instantiation - test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files - $RM out/* && rmdir out - cd .. - $RM -r conftest - $RM conftest* -]) -_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], - [Does compiler simultaneously support -c and -o options?]) -])# _LT_COMPILER_C_O - - -# _LT_COMPILER_FILE_LOCKS([TAGNAME]) -# ---------------------------------- -# Check to see if we can do hard links to lock some files if needed -m4_defun([_LT_COMPILER_FILE_LOCKS], -[m4_require([_LT_ENABLE_LOCK])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -_LT_COMPILER_C_O([$1]) - -hard_links="nottested" -if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then - # do not overwrite the value of need_locks provided by the user - AC_MSG_CHECKING([if we can lock with hard links]) - hard_links=yes - $RM conftest* - ln conftest.a conftest.b 2>/dev/null && hard_links=no - touch conftest.a - ln conftest.a conftest.b 2>&5 || hard_links=no - ln conftest.a conftest.b 2>/dev/null && hard_links=no - AC_MSG_RESULT([$hard_links]) - if test "$hard_links" = no; then - AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) - need_locks=warn - fi -else - need_locks=no -fi -_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) -])# _LT_COMPILER_FILE_LOCKS - - -# _LT_CHECK_OBJDIR -# ---------------- -m4_defun([_LT_CHECK_OBJDIR], -[AC_CACHE_CHECK([for objdir], [lt_cv_objdir], -[rm -f .libs 2>/dev/null -mkdir .libs 2>/dev/null -if test -d .libs; then - lt_cv_objdir=.libs -else - # MS-DOS does not allow filenames that begin with a dot. - lt_cv_objdir=_libs -fi -rmdir .libs 2>/dev/null]) -objdir=$lt_cv_objdir -_LT_DECL([], [objdir], [0], - [The name of the directory that contains temporary libtool files])dnl -m4_pattern_allow([LT_OBJDIR])dnl -AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", - [Define to the sub-directory in which libtool stores uninstalled libraries.]) -])# _LT_CHECK_OBJDIR - - -# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) -# -------------------------------------- -# Check hardcoding attributes. -m4_defun([_LT_LINKER_HARDCODE_LIBPATH], -[AC_MSG_CHECKING([how to hardcode library paths into programs]) -_LT_TAGVAR(hardcode_action, $1)= -if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || - test -n "$_LT_TAGVAR(runpath_var, $1)" || - test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then - - # We can hardcode non-existent directories. - if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && - # If the only mechanism to avoid hardcoding is shlibpath_var, we - # have to relink, otherwise we might link with an installed library - # when we should be linking with a yet-to-be-installed one - ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && - test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then - # Linking always hardcodes the temporary library directory. - _LT_TAGVAR(hardcode_action, $1)=relink - else - # We can link without hardcoding, and we can hardcode nonexisting dirs. - _LT_TAGVAR(hardcode_action, $1)=immediate - fi -else - # We cannot hardcode anything, or else we can only hardcode existing - # directories. - _LT_TAGVAR(hardcode_action, $1)=unsupported -fi -AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) - -if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || - test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then - # Fast installation is not supported - enable_fast_install=no -elif test "$shlibpath_overrides_runpath" = yes || - test "$enable_shared" = no; then - # Fast installation is not necessary - enable_fast_install=needless -fi -_LT_TAGDECL([], [hardcode_action], [0], - [How to hardcode a shared library path into an executable]) -])# _LT_LINKER_HARDCODE_LIBPATH - - -# _LT_CMD_STRIPLIB -# ---------------- -m4_defun([_LT_CMD_STRIPLIB], -[m4_require([_LT_DECL_EGREP]) -striplib= -old_striplib= -AC_MSG_CHECKING([whether stripping libraries is possible]) -if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - AC_MSG_RESULT([yes]) -else -# FIXME - insert some real tests, host_os isn't really good enough - case $host_os in - darwin*) - if test -n "$STRIP" ; then - striplib="$STRIP -x" - old_striplib="$STRIP -S" - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - fi - ;; - *) - AC_MSG_RESULT([no]) - ;; - esac -fi -_LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) -_LT_DECL([], [striplib], [1]) -])# _LT_CMD_STRIPLIB - - -# _LT_SYS_DYNAMIC_LINKER([TAG]) -# ----------------------------- -# PORTME Fill in your ld.so characteristics -m4_defun([_LT_SYS_DYNAMIC_LINKER], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -m4_require([_LT_DECL_EGREP])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_DECL_OBJDUMP])dnl -m4_require([_LT_DECL_SED])dnl -AC_MSG_CHECKING([dynamic linker characteristics]) -m4_if([$1], - [], [ -if test "$GCC" = yes; then - case $host_os in - darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; - *) lt_awk_arg="/^libraries:/" ;; - esac - lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then - # if the path contains ";" then we assume it to be the separator - # otherwise default to the standard path separator (i.e. ":") - it is - # assumed that no part of a normal pathname contains ";" but that should - # okay in the real world where ";" in dirpaths is itself problematic. - lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'` - else - lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi - # Ok, now we have the path, separated by spaces, we can step through it - # and add multilib dir if necessary. - lt_tmp_lt_search_path_spec= - lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` - for lt_sys_path in $lt_search_path_spec; do - if test -d "$lt_sys_path/$lt_multi_os_dir"; then - lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" - else - test -d "$lt_sys_path" && \ - lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" - fi - done - lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk ' -BEGIN {RS=" "; FS="/|\n";} { - lt_foo=""; - lt_count=0; - for (lt_i = NF; lt_i > 0; lt_i--) { - if ($lt_i != "" && $lt_i != ".") { - if ($lt_i == "..") { - lt_count++; - } else { - if (lt_count == 0) { - lt_foo="/" $lt_i lt_foo; - } else { - lt_count--; - } - } - } - } - if (lt_foo != "") { lt_freq[[lt_foo]]++; } - if (lt_freq[[lt_foo]] == 1) { print lt_foo; } -}'` - sys_lib_search_path_spec=`$ECHO $lt_search_path_spec` -else - sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" -fi]) -library_names_spec= -libname_spec='lib$name' -soname_spec= -shrext_cmds=".so" -postinstall_cmds= -postuninstall_cmds= -finish_cmds= -finish_eval= -shlibpath_var= -shlibpath_overrides_runpath=unknown -version_type=none -dynamic_linker="$host_os ld.so" -sys_lib_dlsearch_path_spec="/lib /usr/lib" -need_lib_prefix=unknown -hardcode_into_libs=no - -# when you set need_version to no, make sure it does not cause -set_version -# flags to be left without arguments -need_version=unknown - -case $host_os in -aix3*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' - shlibpath_var=LIBPATH - - # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='${libname}${release}${shared_ext}$major' - ;; - -aix[[4-9]]*) - version_type=linux - need_lib_prefix=no - need_version=no - hardcode_into_libs=yes - if test "$host_cpu" = ia64; then - # AIX 5 supports IA64 - library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - else - # With GCC up to 2.95.x, collect2 would create an import file - # for dependence libraries. The import file would start with - # the line `#! .'. This would cause the generated library to - # depend on `.', always an invalid library. This was fixed in - # development snapshots of GCC prior to 3.0. - case $host_os in - aix4 | aix4.[[01]] | aix4.[[01]].*) - if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' - echo ' yes ' - echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then - : - else - can_build_shared=no - fi - ;; - esac - # AIX (on Power*) has no versioning support, so currently we can not hardcode correct - # soname into executable. Probably we can add versioning support to - # collect2, so additional links can be useful in future. - if test "$aix_use_runtimelinking" = yes; then - # If using run time linking (on AIX 4.2 or later) use lib.so - # instead of lib.a to let people know that these are not - # typical AIX shared libraries. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - else - # We preserve .a as extension for shared libraries through AIX4.2 - # and later when we are not doing run time linking. - library_names_spec='${libname}${release}.a $libname.a' - soname_spec='${libname}${release}${shared_ext}$major' - fi - shlibpath_var=LIBPATH - fi - ;; - -amigaos*) - case $host_cpu in - powerpc) - # Since July 2007 AmigaOS4 officially supports .so libraries. - # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - ;; - m68k) - library_names_spec='$libname.ixlibrary $libname.a' - # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' - ;; - esac - ;; - -beos*) - library_names_spec='${libname}${shared_ext}' - dynamic_linker="$host_os ld.so" - shlibpath_var=LIBRARY_PATH - ;; - -bsdi[[45]]*) - version_type=linux - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" - sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" - # the default ld.so.conf also contains /usr/contrib/lib and - # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow - # libtool to hard-code these into programs - ;; - -cygwin* | mingw* | pw32* | cegcc*) - version_type=windows - shrext_cmds=".dll" - need_version=no - need_lib_prefix=no - - case $GCC,$host_os in - yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*) - library_names_spec='$libname.dll.a' - # DLL is installed to $(libdir)/../bin by postinstall_cmds - postinstall_cmds='base_file=`basename \${file}`~ - dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog $dir/$dlname \$dldir/$dlname~ - chmod a+x \$dldir/$dlname~ - if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then - eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; - fi' - postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ - dlpath=$dir/\$dldll~ - $RM \$dlpath' - shlibpath_overrides_runpath=yes - - case $host_os in - cygwin*) - # Cygwin DLLs use 'cyg' prefix rather than 'lib' - soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" - ;; - mingw* | cegcc*) - # MinGW DLLs use traditional 'lib' prefix - soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` - if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then - # It is most probably a Windows format PATH printed by - # mingw gcc, but we are running on Cygwin. Gcc prints its search - # path with ; separators, and with drive letters. We can handle the - # drive letters (cygwin fileutils understands them), so leave them, - # especially as we might pass files found there to a mingw objdump, - # which wouldn't understand a cygwinified path. Ahh. - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` - else - sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` - fi - ;; - pw32*) - # pw32 DLLs use 'pw' prefix rather than 'lib' - library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' - ;; - esac - ;; - - *) - library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' - ;; - esac - dynamic_linker='Win32 ld.exe' - # FIXME: first we should search . and the directory the executable is in - shlibpath_var=PATH - ;; - -darwin* | rhapsody*) - dynamic_linker="$host_os dyld" - version_type=darwin - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' - soname_spec='${libname}${release}${major}$shared_ext' - shlibpath_overrides_runpath=yes - shlibpath_var=DYLD_LIBRARY_PATH - shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' -m4_if([$1], [],[ - sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) - sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' - ;; - -dgux*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -freebsd1*) - dynamic_linker=no - ;; - -freebsd* | dragonfly*) - # DragonFly does not have aout. When/if they implement a new - # versioning mechanism, adjust this. - if test -x /usr/bin/objformat; then - objformat=`/usr/bin/objformat` - else - case $host_os in - freebsd[[123]]*) objformat=aout ;; - *) objformat=elf ;; - esac - fi - version_type=freebsd-$objformat - case $version_type in - freebsd-elf*) - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - need_version=no - need_lib_prefix=no - ;; - freebsd-*) - library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' - need_version=yes - ;; - esac - shlibpath_var=LD_LIBRARY_PATH - case $host_os in - freebsd2*) - shlibpath_overrides_runpath=yes - ;; - freebsd3.[[01]]* | freebsdelf3.[[01]]*) - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ - freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - *) # from 4.6 on, and DragonFly - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - esac - ;; - -gnu*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - hardcode_into_libs=yes - ;; - -hpux9* | hpux10* | hpux11*) - # Give a soname corresponding to the major version so that dld.sl refuses to - # link against other versions. - version_type=sunos - need_lib_prefix=no - need_version=no - case $host_cpu in - ia64*) - shrext_cmds='.so' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.so" - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - if test "X$HPUX_IA64_MODE" = X32; then - sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" - else - sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" - fi - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - hppa*64*) - shrext_cmds='.sl' - hardcode_into_libs=yes - dynamic_linker="$host_os dld.sl" - shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" - sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec - ;; - *) - shrext_cmds='.sl' - dynamic_linker="$host_os dld.sl" - shlibpath_var=SHLIB_PATH - shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - ;; - esac - # HP-UX runs *really* slowly unless shared libraries are mode 555. - postinstall_cmds='chmod 555 $lib' - ;; - -interix[[3-9]]*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - -irix5* | irix6* | nonstopux*) - case $host_os in - nonstopux*) version_type=nonstopux ;; - *) - if test "$lt_cv_prog_gnu_ld" = yes; then - version_type=linux - else - version_type=irix - fi ;; - esac - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' - case $host_os in - irix5* | nonstopux*) - libsuff= shlibsuff= - ;; - *) - case $LD in # libtool.m4 will add one of these switches to LD - *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") - libsuff= shlibsuff= libmagic=32-bit;; - *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") - libsuff=32 shlibsuff=N32 libmagic=N32;; - *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") - libsuff=64 shlibsuff=64 libmagic=64-bit;; - *) libsuff= shlibsuff= libmagic=never-match;; - esac - ;; - esac - shlibpath_var=LD_LIBRARY${shlibsuff}_PATH - shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" - sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" - hardcode_into_libs=yes - ;; - -# No shared lib support for Linux oldld, aout, or coff. -linux*oldld* | linux*aout* | linux*coff*) - dynamic_linker=no - ;; - -# This must be Linux ELF. -linux* | k*bsd*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - # Some binutils ld are patched to set DT_RUNPATH - save_LDFLAGS=$LDFLAGS - save_libdir=$libdir - eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ - LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" - AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], - [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], - [shlibpath_overrides_runpath=yes])]) - LDFLAGS=$save_LDFLAGS - libdir=$save_libdir - - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. - hardcode_into_libs=yes - - # Append ld.so.conf contents to the search path - if test -f /etc/ld.so.conf; then - lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" - fi - - # We used to test for /lib/ld.so.1 and disable shared libraries on - # powerpc, because MkLinux only supported shared libraries with the - # GNU dynamic linker. Since this was broken with cross compilers, - # most powerpc-linux boxes support dynamic linking these days and - # people can always --disable-shared, the test was removed, and we - # assume the GNU/Linux dynamic linker is in use. - dynamic_linker='GNU/Linux ld.so' - ;; - -netbsdelf*-gnu) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='NetBSD ld.elf_so' - ;; - -netbsd*) - version_type=sunos - need_lib_prefix=no - need_version=no - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - dynamic_linker='NetBSD (a.out) ld.so' - else - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - dynamic_linker='NetBSD ld.elf_so' - fi - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - ;; - -newsos6) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -*nto* | *qnx*) - version_type=qnx - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - dynamic_linker='ldqnx.so' - ;; - -openbsd*) - version_type=sunos - sys_lib_dlsearch_path_spec="/usr/lib" - need_lib_prefix=no - # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. - case $host_os in - openbsd3.3 | openbsd3.3.*) need_version=yes ;; - *) need_version=no ;; - esac - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - case $host_os in - openbsd2.[[89]] | openbsd2.[[89]].*) - shlibpath_overrides_runpath=no - ;; - *) - shlibpath_overrides_runpath=yes - ;; - esac - else - shlibpath_overrides_runpath=yes - fi - ;; - -os2*) - libname_spec='$name' - shrext_cmds=".dll" - need_lib_prefix=no - library_names_spec='$libname${shared_ext} $libname.a' - dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH - ;; - -osf3* | osf4* | osf5*) - version_type=osf - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}${shared_ext}$major' - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" - ;; - -rdos*) - dynamic_linker=no - ;; - -solaris*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - # ldd complains unless libraries are executable - postinstall_cmds='chmod +x $lib' - ;; - -sunos4*) - version_type=sunos - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' - finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - if test "$with_gnu_ld" = yes; then - need_lib_prefix=no - fi - need_version=yes - ;; - -sysv4 | sysv4.3*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - case $host_vendor in - sni) - shlibpath_overrides_runpath=no - need_lib_prefix=no - runpath_var=LD_RUN_PATH - ;; - siemens) - need_lib_prefix=no - ;; - motorola) - need_lib_prefix=no - need_version=no - shlibpath_overrides_runpath=no - sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' - ;; - esac - ;; - -sysv4*MP*) - if test -d /usr/nec ;then - version_type=linux - library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' - soname_spec='$libname${shared_ext}.$major' - shlibpath_var=LD_LIBRARY_PATH - fi - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - version_type=freebsd-elf - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - if test "$with_gnu_ld" = yes; then - sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' - else - sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' - case $host_os in - sco3.2v5*) - sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" - ;; - esac - fi - sys_lib_dlsearch_path_spec='/usr/lib' - ;; - -tpf*) - # TPF is a cross-target only. Preferred cross-host = GNU/Linux. - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - -uts4*) - version_type=linux - library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' - soname_spec='${libname}${release}${shared_ext}$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -*) - dynamic_linker=no - ;; -esac -AC_MSG_RESULT([$dynamic_linker]) -test "$dynamic_linker" = no && can_build_shared=no - -variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test "$GCC" = yes; then - variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" -fi - -if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then - sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" -fi -if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then - sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" -fi - -_LT_DECL([], [variables_saved_for_relink], [1], - [Variables whose values should be saved in libtool wrapper scripts and - restored at link time]) -_LT_DECL([], [need_lib_prefix], [0], - [Do we need the "lib" prefix for modules?]) -_LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) -_LT_DECL([], [version_type], [0], [Library versioning type]) -_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) -_LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) -_LT_DECL([], [shlibpath_overrides_runpath], [0], - [Is shlibpath searched before the hard-coded library search path?]) -_LT_DECL([], [libname_spec], [1], [Format of library name prefix]) -_LT_DECL([], [library_names_spec], [1], - [[List of archive names. First name is the real one, the rest are links. - The last name is the one that the linker finds with -lNAME]]) -_LT_DECL([], [soname_spec], [1], - [[The coded name of the library, if different from the real name]]) -_LT_DECL([], [postinstall_cmds], [2], - [Command to use after installation of a shared archive]) -_LT_DECL([], [postuninstall_cmds], [2], - [Command to use after uninstallation of a shared archive]) -_LT_DECL([], [finish_cmds], [2], - [Commands used to finish a libtool library installation in a directory]) -_LT_DECL([], [finish_eval], [1], - [[As "finish_cmds", except a single script fragment to be evaled but - not shown]]) -_LT_DECL([], [hardcode_into_libs], [0], - [Whether we should hardcode library paths into libraries]) -_LT_DECL([], [sys_lib_search_path_spec], [2], - [Compile-time system search path for libraries]) -_LT_DECL([], [sys_lib_dlsearch_path_spec], [2], - [Run-time system search path for libraries]) -])# _LT_SYS_DYNAMIC_LINKER - - -# _LT_PATH_TOOL_PREFIX(TOOL) -# -------------------------- -# find a file program which can recognize shared library -AC_DEFUN([_LT_PATH_TOOL_PREFIX], -[m4_require([_LT_DECL_EGREP])dnl -AC_MSG_CHECKING([for $1]) -AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, -[case $MAGIC_CMD in -[[\\/*] | ?:[\\/]*]) - lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. - ;; -*) - lt_save_MAGIC_CMD="$MAGIC_CMD" - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR -dnl $ac_dummy forces splitting on constant user-supplied paths. -dnl POSIX.2 word splitting is done only on the output of word expansions, -dnl not every word. This closes a longstanding sh security hole. - ac_dummy="m4_if([$2], , $PATH, [$2])" - for ac_dir in $ac_dummy; do - IFS="$lt_save_ifs" - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$1; then - lt_cv_path_MAGIC_CMD="$ac_dir/$1" - if test -n "$file_magic_test_file"; then - case $deplibs_check_method in - "file_magic "*) - file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` - MAGIC_CMD="$lt_cv_path_MAGIC_CMD" - if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | - $EGREP "$file_magic_regex" > /dev/null; then - : - else - cat <<_LT_EOF 1>&2 - -*** Warning: the command libtool uses to detect shared libraries, -*** $file_magic_cmd, produces output that libtool cannot recognize. -*** The result is that libtool may fail to recognize shared libraries -*** as such. This will affect the creation of libtool libraries that -*** depend on shared libraries, but programs linked with such libtool -*** libraries will work regardless of this problem. Nevertheless, you -*** may want to report the problem to your system manager and/or to -*** bug-libtool@gnu.org - -_LT_EOF - fi ;; - esac - fi - break - fi - done - IFS="$lt_save_ifs" - MAGIC_CMD="$lt_save_MAGIC_CMD" - ;; -esac]) -MAGIC_CMD="$lt_cv_path_MAGIC_CMD" -if test -n "$MAGIC_CMD"; then - AC_MSG_RESULT($MAGIC_CMD) -else - AC_MSG_RESULT(no) -fi -_LT_DECL([], [MAGIC_CMD], [0], - [Used to examine libraries when file_magic_cmd begins with "file"])dnl -])# _LT_PATH_TOOL_PREFIX - -# Old name: -AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) - - -# _LT_PATH_MAGIC -# -------------- -# find a file program which can recognize a shared library -m4_defun([_LT_PATH_MAGIC], -[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) -if test -z "$lt_cv_path_MAGIC_CMD"; then - if test -n "$ac_tool_prefix"; then - _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) - else - MAGIC_CMD=: - fi -fi -])# _LT_PATH_MAGIC - - -# LT_PATH_LD -# ---------- -# find the pathname to the GNU or non-GNU linker -AC_DEFUN([LT_PATH_LD], -[AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_CANONICAL_BUILD])dnl -m4_require([_LT_DECL_SED])dnl -m4_require([_LT_DECL_EGREP])dnl - -AC_ARG_WITH([gnu-ld], - [AS_HELP_STRING([--with-gnu-ld], - [assume the C compiler uses GNU ld @<:@default=no@:>@])], - [test "$withval" = no || with_gnu_ld=yes], - [with_gnu_ld=no])dnl - -ac_prog=ld -if test "$GCC" = yes; then - # Check if gcc -print-prog-name=ld gives a path. - AC_MSG_CHECKING([for ld used by $CC]) - case $host in - *-*-mingw*) - # gcc leaves a trailing carriage return which upsets mingw - ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; - *) - ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; - esac - case $ac_prog in - # Accept absolute paths. - [[\\/]]* | ?:[[\\/]]*) - re_direlt='/[[^/]][[^/]]*/\.\./' - # Canonicalize the pathname of ld - ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` - while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do - ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` - done - test -z "$LD" && LD="$ac_prog" - ;; - "") - # If it fails, then pretend we aren't using GCC. - ac_prog=ld - ;; - *) - # If it is relative, then search for the first ld in PATH. - with_gnu_ld=unknown - ;; - esac -elif test "$with_gnu_ld" = yes; then - AC_MSG_CHECKING([for GNU ld]) -else - AC_MSG_CHECKING([for non-GNU ld]) -fi -AC_CACHE_VAL(lt_cv_path_LD, -[if test -z "$LD"; then - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR - for ac_dir in $PATH; do - IFS="$lt_save_ifs" - test -z "$ac_dir" && ac_dir=. - if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then - lt_cv_path_LD="$ac_dir/$ac_prog" - # Check to see if the program is GNU ld. I'd rather use --version, - # but apparently some variants of GNU ld only accept -v. - # Break only if it was the GNU/non-GNU ld that we prefer. - case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then - lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' - lt_cv_file_magic_cmd='func_win32_libid' - else - lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' - lt_cv_file_magic_cmd='$OBJDUMP -f' - fi - ;; - -cegcc) - # use the weaker test based on 'objdump'. See mingw*. - lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' - lt_cv_file_magic_cmd='$OBJDUMP -f' - ;; - -darwin* | rhapsody*) - lt_cv_deplibs_check_method=pass_all - ;; - -freebsd* | dragonfly*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then - case $host_cpu in - i*86 ) - # Not sure whether the presence of OpenBSD here was a mistake. - # Let's accept both of them until this is cleared up. - lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' - lt_cv_file_magic_cmd=/usr/bin/file - lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` - ;; - esac - else - lt_cv_deplibs_check_method=pass_all - fi - ;; - -gnu*) - lt_cv_deplibs_check_method=pass_all - ;; - -hpux10.20* | hpux11*) - lt_cv_file_magic_cmd=/usr/bin/file - case $host_cpu in - ia64*) - lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' - lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so - ;; - hppa*64*) - [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'] - lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl - ;; - *) - lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library' - lt_cv_file_magic_test_file=/usr/lib/libc.sl - ;; - esac - ;; - -interix[[3-9]]*) - # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' - ;; - -irix5* | irix6* | nonstopux*) - case $LD in - *-32|*"-32 ") libmagic=32-bit;; - *-n32|*"-n32 ") libmagic=N32;; - *-64|*"-64 ") libmagic=64-bit;; - *) libmagic=never-match;; - esac - lt_cv_deplibs_check_method=pass_all - ;; - -# This must be Linux ELF. -linux* | k*bsd*-gnu) - lt_cv_deplibs_check_method=pass_all - ;; - -netbsd* | netbsdelf*-gnu) - if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' - else - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' - fi - ;; - -newos6*) - lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' - lt_cv_file_magic_cmd=/usr/bin/file - lt_cv_file_magic_test_file=/usr/lib/libnls.so - ;; - -*nto* | *qnx*) - lt_cv_deplibs_check_method=pass_all - ;; - -openbsd*) - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' - else - lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' - fi - ;; - -osf3* | osf4* | osf5*) - lt_cv_deplibs_check_method=pass_all - ;; - -rdos*) - lt_cv_deplibs_check_method=pass_all - ;; - -solaris*) - lt_cv_deplibs_check_method=pass_all - ;; - -sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - lt_cv_deplibs_check_method=pass_all - ;; - -sysv4 | sysv4.3*) - case $host_vendor in - motorola) - lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' - lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` - ;; - ncr) - lt_cv_deplibs_check_method=pass_all - ;; - sequent) - lt_cv_file_magic_cmd='/bin/file' - lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' - ;; - sni) - lt_cv_file_magic_cmd='/bin/file' - lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" - lt_cv_file_magic_test_file=/lib/libc.so - ;; - siemens) - lt_cv_deplibs_check_method=pass_all - ;; - pc) - lt_cv_deplibs_check_method=pass_all - ;; - esac - ;; - -tpf*) - lt_cv_deplibs_check_method=pass_all - ;; -esac -]) -file_magic_cmd=$lt_cv_file_magic_cmd -deplibs_check_method=$lt_cv_deplibs_check_method -test -z "$deplibs_check_method" && deplibs_check_method=unknown - -_LT_DECL([], [deplibs_check_method], [1], - [Method to check whether dependent libraries are shared objects]) -_LT_DECL([], [file_magic_cmd], [1], - [Command to use when deplibs_check_method == "file_magic"]) -])# _LT_CHECK_MAGIC_METHOD - - -# LT_PATH_NM -# ---------- -# find the pathname to a BSD- or MS-compatible name lister -AC_DEFUN([LT_PATH_NM], -[AC_REQUIRE([AC_PROG_CC])dnl -AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, -[if test -n "$NM"; then - # Let the user override the test. - lt_cv_path_NM="$NM" -else - lt_nm_to_check="${ac_tool_prefix}nm" - if test -n "$ac_tool_prefix" && test "$build" = "$host"; then - lt_nm_to_check="$lt_nm_to_check nm" - fi - for lt_tmp_nm in $lt_nm_to_check; do - lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR - for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do - IFS="$lt_save_ifs" - test -z "$ac_dir" && ac_dir=. - tmp_nm="$ac_dir/$lt_tmp_nm" - if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then - # Check to see if the nm accepts a BSD-compat flag. - # Adding the `sed 1q' prevents false positives on HP-UX, which says: - # nm: unknown option "B" ignored - # Tru64's nm complains that /dev/null is an invalid object file - case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in - */dev/null* | *'Invalid file or object type'*) - lt_cv_path_NM="$tmp_nm -B" - break - ;; - *) - case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in - */dev/null*) - lt_cv_path_NM="$tmp_nm -p" - break - ;; - *) - lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but - continue # so that we can try to find one that supports BSD flags - ;; - esac - ;; - esac - fi - done - IFS="$lt_save_ifs" - done - : ${lt_cv_path_NM=no} -fi]) -if test "$lt_cv_path_NM" != "no"; then - NM="$lt_cv_path_NM" -else - # Didn't find any BSD compatible name lister, look for dumpbin. - AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :) - AC_SUBST([DUMPBIN]) - if test "$DUMPBIN" != ":"; then - NM="$DUMPBIN" - fi -fi -test -z "$NM" && NM=nm -AC_SUBST([NM]) -_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl - -AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], - [lt_cv_nm_interface="BSD nm" - echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD) - (eval "$ac_compile" 2>conftest.err) - cat conftest.err >&AS_MESSAGE_LOG_FD - (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) - (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) - cat conftest.err >&AS_MESSAGE_LOG_FD - (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD) - cat conftest.out >&AS_MESSAGE_LOG_FD - if $GREP 'External.*some_variable' conftest.out > /dev/null; then - lt_cv_nm_interface="MS dumpbin" - fi - rm -f conftest*]) -])# LT_PATH_NM - -# Old names: -AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) -AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AM_PROG_NM], []) -dnl AC_DEFUN([AC_PROG_NM], []) - - -# LT_LIB_M -# -------- -# check for math library -AC_DEFUN([LT_LIB_M], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -LIBM= -case $host in -*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*) - # These system don't have libm, or don't need it - ;; -*-ncr-sysv4.3*) - AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") - AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") - ;; -*) - AC_CHECK_LIB(m, cos, LIBM="-lm") - ;; -esac -AC_SUBST([LIBM]) -])# LT_LIB_M - -# Old name: -AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_CHECK_LIBM], []) - - -# _LT_COMPILER_NO_RTTI([TAGNAME]) -# ------------------------------- -m4_defun([_LT_COMPILER_NO_RTTI], -[m4_require([_LT_TAG_COMPILER])dnl - -_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= - -if test "$GCC" = yes; then - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' - - _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], - lt_cv_prog_compiler_rtti_exceptions, - [-fno-rtti -fno-exceptions], [], - [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) -fi -_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], - [Compiler flag to turn off builtin functions]) -])# _LT_COMPILER_NO_RTTI - - -# _LT_CMD_GLOBAL_SYMBOLS -# ---------------------- -m4_defun([_LT_CMD_GLOBAL_SYMBOLS], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -AC_REQUIRE([AC_PROG_CC])dnl -AC_REQUIRE([LT_PATH_NM])dnl -AC_REQUIRE([LT_PATH_LD])dnl -m4_require([_LT_DECL_SED])dnl -m4_require([_LT_DECL_EGREP])dnl -m4_require([_LT_TAG_COMPILER])dnl - -# Check for command to grab the raw symbol name followed by C symbol from nm. -AC_MSG_CHECKING([command to parse $NM output from $compiler object]) -AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], -[ -# These are sane defaults that work on at least a few old systems. -# [They come from Ultrix. What could be older than Ultrix?!! ;)] - -# Character class describing NM global symbol codes. -symcode='[[BCDEGRST]]' - -# Regexp to match symbols that can be accessed directly from C. -sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' - -# Define system-specific variables. -case $host_os in -aix*) - symcode='[[BCDT]]' - ;; -cygwin* | mingw* | pw32* | cegcc*) - symcode='[[ABCDGISTW]]' - ;; -hpux*) - if test "$host_cpu" = ia64; then - symcode='[[ABCDEGRST]]' - fi - ;; -irix* | nonstopux*) - symcode='[[BCDEGRST]]' - ;; -osf*) - symcode='[[BCDEGQRST]]' - ;; -solaris*) - symcode='[[BDRT]]' - ;; -sco3.2v5*) - symcode='[[DT]]' - ;; -sysv4.2uw2*) - symcode='[[DT]]' - ;; -sysv5* | sco5v6* | unixware* | OpenUNIX*) - symcode='[[ABDT]]' - ;; -sysv4) - symcode='[[DFNSTU]]' - ;; -esac - -# If we're using GNU nm, then use its standard symbol codes. -case `$NM -V 2>&1` in -*GNU* | *'with BFD'*) - symcode='[[ABCDGIRSTW]]' ;; -esac - -# Transform an extracted symbol line into a proper C declaration. -# Some systems (esp. on ia64) link data and code symbols differently, -# so use this general approach. -lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" - -# Transform an extracted symbol line into symbol name and symbol address -lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" -lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" - -# Handle CRLF in mingw tool chain -opt_cr= -case $build_os in -mingw*) - opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp - ;; -esac - -# Try without a prefix underscore, then with it. -for ac_symprfx in "" "_"; do - - # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. - symxfrm="\\1 $ac_symprfx\\2 \\2" - - # Write the raw and C identifiers. - if test "$lt_cv_nm_interface" = "MS dumpbin"; then - # Fake it for dumpbin and say T for any non-static function - # and D for any global variable. - # Also find C++ and __fastcall symbols from MSVC++, - # which start with @ or ?. - lt_cv_sys_global_symbol_pipe="$AWK ['"\ -" {last_section=section; section=\$ 3};"\ -" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ -" \$ 0!~/External *\|/{next};"\ -" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ -" {if(hide[section]) next};"\ -" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ -" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ -" s[1]~/^[@?]/{print s[1], s[1]; next};"\ -" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ -" ' prfx=^$ac_symprfx]" - else - lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" - fi - - # Check to see that the pipe works correctly. - pipe_works=no - - rm -f conftest* - cat > conftest.$ac_ext <<_LT_EOF -#ifdef __cplusplus -extern "C" { -#endif -char nm_test_var; -void nm_test_func(void); -void nm_test_func(void){} -#ifdef __cplusplus -} -#endif -int main(){nm_test_var='a';nm_test_func();return(0);} -_LT_EOF - - if AC_TRY_EVAL(ac_compile); then - # Now try to grab the symbols. - nlist=conftest.nm - if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then - # Try sorting and uniquifying the output. - if sort "$nlist" | uniq > "$nlist"T; then - mv -f "$nlist"T "$nlist" - else - rm -f "$nlist"T - fi - - # Make sure that we snagged all the symbols we need. - if $GREP ' nm_test_var$' "$nlist" >/dev/null; then - if $GREP ' nm_test_func$' "$nlist" >/dev/null; then - cat <<_LT_EOF > conftest.$ac_ext -#ifdef __cplusplus -extern "C" { -#endif - -_LT_EOF - # Now generate the symbol file. - eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' - - cat <<_LT_EOF >> conftest.$ac_ext - -/* The mapping between symbol names and symbols. */ -const struct { - const char *name; - void *address; -} -lt__PROGRAM__LTX_preloaded_symbols[[]] = -{ - { "@PROGRAM@", (void *) 0 }, -_LT_EOF - $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext - cat <<\_LT_EOF >> conftest.$ac_ext - {0, (void *) 0} -}; - -/* This works around a problem in FreeBSD linker */ -#ifdef FREEBSD_WORKAROUND -static const void *lt_preloaded_setup() { - return lt__PROGRAM__LTX_preloaded_symbols; -} -#endif - -#ifdef __cplusplus -} -#endif -_LT_EOF - # Now try linking the two files. - mv conftest.$ac_objext conftstm.$ac_objext - lt_save_LIBS="$LIBS" - lt_save_CFLAGS="$CFLAGS" - LIBS="conftstm.$ac_objext" - CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" - if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then - pipe_works=yes - fi - LIBS="$lt_save_LIBS" - CFLAGS="$lt_save_CFLAGS" - else - echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD - fi - else - echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD - fi - else - echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD - fi - else - echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD - cat conftest.$ac_ext >&5 - fi - rm -rf conftest* conftst* - - # Do not use the global_symbol_pipe unless it works. - if test "$pipe_works" = yes; then - break - else - lt_cv_sys_global_symbol_pipe= - fi -done -]) -if test -z "$lt_cv_sys_global_symbol_pipe"; then - lt_cv_sys_global_symbol_to_cdecl= -fi -if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then - AC_MSG_RESULT(failed) -else - AC_MSG_RESULT(ok) -fi - -_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], - [Take the output of nm and produce a listing of raw symbols and C names]) -_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], - [Transform the output of nm in a proper C declaration]) -_LT_DECL([global_symbol_to_c_name_address], - [lt_cv_sys_global_symbol_to_c_name_address], [1], - [Transform the output of nm in a C name address pair]) -_LT_DECL([global_symbol_to_c_name_address_lib_prefix], - [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], - [Transform the output of nm in a C name address pair when lib prefix is needed]) -]) # _LT_CMD_GLOBAL_SYMBOLS - - -# _LT_COMPILER_PIC([TAGNAME]) -# --------------------------- -m4_defun([_LT_COMPILER_PIC], -[m4_require([_LT_TAG_COMPILER])dnl -_LT_TAGVAR(lt_prog_compiler_wl, $1)= -_LT_TAGVAR(lt_prog_compiler_pic, $1)= -_LT_TAGVAR(lt_prog_compiler_static, $1)= - -AC_MSG_CHECKING([for $compiler option to produce PIC]) -m4_if([$1], [CXX], [ - # C++ specific cases for pic, static, wl, etc. - if test "$GXX" = yes; then - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - - case $host_os in - aix*) - # All AIX code is PIC. - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - fi - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - m68k) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' - ;; - esac - ;; - - beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - mingw* | cygwin* | os2* | pw32* | cegcc*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - # Although the cygwin gcc ignores -fPIC, still need this for old-style - # (--disable-auto-import) libraries - m4_if([$1], [GCJ], [], - [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) - ;; - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' - ;; - *djgpp*) - # DJGPP does not support shared libraries at all - _LT_TAGVAR(lt_prog_compiler_pic, $1)= - ;; - interix[[3-9]]*) - # Interix 3.x gcc -fpic/-fPIC options generate broken code. - # Instead, we relocate shared libraries at runtime. - ;; - sysv4*MP*) - if test -d /usr/nec; then - _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic - fi - ;; - hpux*) - # PIC is the default for 64-bit PA HP-UX, but not for 32-bit - # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag - # sets the default TLS model and affects inlining. - case $host_cpu in - hppa*64*) - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - ;; - *qnx* | *nto*) - # QNX uses GNU C++, but need to define -shared option too, otherwise - # it will coredump. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - else - case $host_os in - aix[[4-9]]*) - # All AIX code is PIC. - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - else - _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' - fi - ;; - chorus*) - case $cc_basename in - cxch68*) - # Green Hills C++ Compiler - # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" - ;; - esac - ;; - dgux*) - case $cc_basename in - ec++*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - ;; - ghcx*) - # Green Hills C++ Compiler - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - ;; - *) - ;; - esac - ;; - freebsd* | dragonfly*) - # FreeBSD uses GNU C++ - ;; - hpux9* | hpux10* | hpux11*) - case $cc_basename in - CC*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' - if test "$host_cpu" != ia64; then - _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' - fi - ;; - aCC*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' - ;; - esac - ;; - *) - ;; - esac - ;; - interix*) - # This is c89, which is MS Visual C++ (no shared libs) - # Anyone wants to do a port? - ;; - irix5* | irix6* | nonstopux*) - case $cc_basename in - CC*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - # CC pic flag -KPIC is the default. - ;; - *) - ;; - esac - ;; - linux* | k*bsd*-gnu) - case $cc_basename in - KCC*) - # KAI C++ Compiler - _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - ecpc* ) - # old Intel C++ for x86_64 which still supported -KPIC. - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - icpc* ) - # Intel C++, used to be incompatible with GCC. - # ICC 10 doesn't accept -KPIC any more. - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - pgCC* | pgcpp*) - # Portland Group C++ compiler - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - cxx*) - # Compaq C++ - # Make sure the PIC flag is empty. It appears that all Alpha - # Linux and Compaq Tru64 Unix objects are PIC. - _LT_TAGVAR(lt_prog_compiler_pic, $1)= - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - xlc* | xlC*) - # IBM XL 8.0 on PPC - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' - ;; - *) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C++ 5.9 - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' - ;; - esac - ;; - esac - ;; - lynxos*) - ;; - m88k*) - ;; - mvs*) - case $cc_basename in - cxx*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' - ;; - *) - ;; - esac - ;; - netbsd* | netbsdelf*-gnu) - ;; - *qnx* | *nto*) - # QNX uses GNU C++, but need to define -shared option too, otherwise - # it will coredump. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' - ;; - osf3* | osf4* | osf5*) - case $cc_basename in - KCC*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' - ;; - RCC*) - # Rational C++ 2.4.1 - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - ;; - cxx*) - # Digital/Compaq C++ - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # Make sure the PIC flag is empty. It appears that all Alpha - # Linux and Compaq Tru64 Unix objects are PIC. - _LT_TAGVAR(lt_prog_compiler_pic, $1)= - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - *) - ;; - esac - ;; - psos*) - ;; - solaris*) - case $cc_basename in - CC*) - # Sun C++ 4.2, 5.x and Centerline C++ - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' - ;; - gcx*) - # Green Hills C++ Compiler - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' - ;; - *) - ;; - esac - ;; - sunos4*) - case $cc_basename in - CC*) - # Sun C++ 4.x - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - lcc*) - # Lucid - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - ;; - *) - ;; - esac - ;; - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - case $cc_basename in - CC*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - esac - ;; - tandem*) - case $cc_basename in - NCC*) - # NonStop-UX NCC 3.20 - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - ;; - *) - ;; - esac - ;; - vxworks*) - ;; - *) - _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - ;; - esac - fi -], -[ - if test "$GCC" = yes; then - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - - case $host_os in - aix*) - # All AIX code is PIC. - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - fi - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - m68k) - # FIXME: we need at least 68020 code to build shared libraries, but - # adding the `-m68020' flag to GCC prevents building anything better, - # like `-m68040'. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' - ;; - esac - ;; - - beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) - # PIC is the default for these OSes. - ;; - - mingw* | cygwin* | pw32* | os2* | cegcc*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - # Although the cygwin gcc ignores -fPIC, still need this for old-style - # (--disable-auto-import) libraries - m4_if([$1], [GCJ], [], - [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) - ;; - - darwin* | rhapsody*) - # PIC is the default on this platform - # Common symbols not allowed in MH_DYLIB files - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' - ;; - - hpux*) - # PIC is the default for 64-bit PA HP-UX, but not for 32-bit - # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag - # sets the default TLS model and affects inlining. - case $host_cpu in - hppa*64*) - # +Z the default - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - ;; - - interix[[3-9]]*) - # Interix 3.x gcc -fpic/-fPIC options generate broken code. - # Instead, we relocate shared libraries at runtime. - ;; - - msdosdjgpp*) - # Just because we use GCC doesn't mean we suddenly get shared libraries - # on systems that don't support them. - _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - enable_shared=no - ;; - - *nto* | *qnx*) - # QNX uses GNU C++, but need to define -shared option too, otherwise - # it will coredump. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic - fi - ;; - - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - ;; - esac - else - # PORTME Check for flag to pass linker flags through the system compiler. - case $host_os in - aix*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - if test "$host_cpu" = ia64; then - # AIX 5 now supports IA64 processor - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - else - _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' - fi - ;; - - mingw* | cygwin* | pw32* | os2* | cegcc*) - # This hack is so that the source file can tell whether it is being - # built for inclusion in a dll (and should export symbols for example). - m4_if([$1], [GCJ], [], - [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) - ;; - - hpux9* | hpux10* | hpux11*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but - # not for PA HP-UX. - case $host_cpu in - hppa*64*|ia64*) - # +Z the default - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' - ;; - esac - # Is there a better lt_prog_compiler_static that works with the bundled CC? - _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' - ;; - - irix5* | irix6* | nonstopux*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # PIC (with -KPIC) is the default. - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - - linux* | k*bsd*-gnu) - case $cc_basename in - # old Intel for x86_64 which still supported -KPIC. - ecc*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - # icc used to be incompatible with GCC. - # ICC 10 doesn't accept -KPIC any more. - icc* | ifort*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' - ;; - # Lahey Fortran 8.1. - lf95*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' - _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' - ;; - pgcc* | pgf77* | pgf90* | pgf95*) - # Portland Group compilers (*not* the Pentium gcc compiler, - # which looks to be a dead project) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - ccc*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # All Alpha code is PIC. - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - xl*) - # IBM XL C 8.0/Fortran 10.1 on PPC - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' - ;; - *) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C 5.9 - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - ;; - *Sun\ F*) - # Sun Fortran 8.3 passes all unrecognized flags to the linker - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - _LT_TAGVAR(lt_prog_compiler_wl, $1)='' - ;; - esac - ;; - esac - ;; - - newsos6) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - *nto* | *qnx*) - # QNX uses GNU C++, but need to define -shared option too, otherwise - # it will coredump. - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' - ;; - - osf3* | osf4* | osf5*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - # All OSF/1 code is PIC. - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - - rdos*) - _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' - ;; - - solaris*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - case $cc_basename in - f77* | f90* | f95*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; - *) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; - esac - ;; - - sunos4*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - sysv4 | sysv4.2uw2* | sysv4.3*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - sysv4*MP*) - if test -d /usr/nec ;then - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - fi - ;; - - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - unicos*) - _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' - _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - ;; - - uts4*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' - _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' - ;; - - *) - _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no - ;; - esac - fi -]) -case $host_os in - # For platforms which do not support PIC, -DPIC is meaningless: - *djgpp*) - _LT_TAGVAR(lt_prog_compiler_pic, $1)= - ;; - *) - _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" - ;; -esac -AC_MSG_RESULT([$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) -_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], - [How to pass a linker flag through the compiler]) - -# -# Check to make sure the PIC flag actually works. -# -if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then - _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], - [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], - [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], - [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in - "" | " "*) ;; - *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; - esac], - [_LT_TAGVAR(lt_prog_compiler_pic, $1)= - _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) -fi -_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], - [Additional compiler flags for building library objects]) - -# -# Check to make sure the static flag actually works. -# -wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" -_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], - _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), - $lt_tmp_static_flag, - [], - [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) -_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], - [Compiler flag to prevent dynamic linking]) -])# _LT_COMPILER_PIC - - -# _LT_LINKER_SHLIBS([TAGNAME]) -# ---------------------------- -# See if the linker supports building shared libraries. -m4_defun([_LT_LINKER_SHLIBS], -[AC_REQUIRE([LT_PATH_LD])dnl -AC_REQUIRE([LT_PATH_NM])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_DECL_EGREP])dnl -m4_require([_LT_DECL_SED])dnl -m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl -m4_require([_LT_TAG_COMPILER])dnl -AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) -m4_if([$1], [CXX], [ - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - case $host_os in - aix[[4-9]]*) - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' - else - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' - fi - ;; - pw32*) - _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" - ;; - cygwin* | mingw* | cegcc*) - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' - ;; - linux* | k*bsd*-gnu) - _LT_TAGVAR(link_all_deplibs, $1)=no - ;; - *) - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - ;; - esac - _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] -], [ - runpath_var= - _LT_TAGVAR(allow_undefined_flag, $1)= - _LT_TAGVAR(always_export_symbols, $1)=no - _LT_TAGVAR(archive_cmds, $1)= - _LT_TAGVAR(archive_expsym_cmds, $1)= - _LT_TAGVAR(compiler_needs_object, $1)=no - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no - _LT_TAGVAR(export_dynamic_flag_spec, $1)= - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' - _LT_TAGVAR(hardcode_automatic, $1)=no - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_direct_absolute, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= - _LT_TAGVAR(hardcode_libdir_separator, $1)= - _LT_TAGVAR(hardcode_minus_L, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported - _LT_TAGVAR(inherit_rpath, $1)=no - _LT_TAGVAR(link_all_deplibs, $1)=unknown - _LT_TAGVAR(module_cmds, $1)= - _LT_TAGVAR(module_expsym_cmds, $1)= - _LT_TAGVAR(old_archive_from_new_cmds, $1)= - _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= - _LT_TAGVAR(thread_safe_flag_spec, $1)= - _LT_TAGVAR(whole_archive_flag_spec, $1)= - # include_expsyms should be a list of space-separated symbols to be *always* - # included in the symbol list - _LT_TAGVAR(include_expsyms, $1)= - # exclude_expsyms can be an extended regexp of symbols to exclude - # it will be wrapped by ` (' and `)$', so one must not match beginning or - # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', - # as well as any symbol that contains `d'. - _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] - # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out - # platforms (ab)use it in PIC code, but their linkers get confused if - # the symbol is explicitly referenced. Since portable code cannot - # rely on this symbol name, it's probably fine to never include it in - # preloaded symbol tables. - # Exclude shared library initialization/finalization symbols. -dnl Note also adjust exclude_expsyms for C++ above. - extract_expsyms_cmds= - - case $host_os in - cygwin* | mingw* | pw32* | cegcc*) - # FIXME: the MSVC++ port hasn't been tested in a loooong time - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - if test "$GCC" != yes; then - with_gnu_ld=no - fi - ;; - interix*) - # we just hope/assume this is gcc and not c89 (= MSVC++) - with_gnu_ld=yes - ;; - openbsd*) - with_gnu_ld=no - ;; - esac - - _LT_TAGVAR(ld_shlibs, $1)=yes - if test "$with_gnu_ld" = yes; then - # If archive_cmds runs LD, not CC, wlarc should be empty - wlarc='${wl}' - - # Set some defaults for GNU ld with shared library support. These - # are reset later if shared libraries are not supported. Putting them - # here allows them to be overridden if necessary. - runpath_var=LD_RUN_PATH - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - # ancient GNU ld didn't support --whole-archive et. al. - if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - else - _LT_TAGVAR(whole_archive_flag_spec, $1)= - fi - supports_anon_versioning=no - case `$LD -v 2>&1` in - *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 - *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... - *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... - *\ 2.11.*) ;; # other 2.11 versions - *) supports_anon_versioning=yes ;; - esac - - # See if GNU ld supports shared libraries. - case $host_os in - aix[[3-9]]*) - # On AIX/PPC, the GNU linker is very broken - if test "$host_cpu" != ia64; then - _LT_TAGVAR(ld_shlibs, $1)=no - cat <<_LT_EOF 1>&2 - -*** Warning: the GNU linker, at least up to release 2.9.1, is reported -*** to be unable to reliably create shared libraries on AIX. -*** Therefore, libtool is disabling shared libraries support. If you -*** really care for shared libraries, you may want to modify your PATH -*** so that a non-GNU linker is found, and then restart. - -_LT_EOF - fi - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='' - ;; - m68k) - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_minus_L, $1)=yes - ;; - esac - ;; - - beos*) - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - # Joseph Beckenbach says some releases of gcc - # support --undefined. This deserves some investigation. FIXME - _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - cygwin* | mingw* | pw32* | cegcc*) - # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, - # as there is no search path for DLLs. - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(always_export_symbols, $1)=no - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' - - if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - interix[[3-9]]*) - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. - # Instead, shared libraries are loaded at an image base (0x10000000 by - # default) and relocated if they conflict, which is a slow very memory - # consuming and fragmenting process. To avoid this, we pick a random, - # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link - # time. Moving up from 0x10000000 also allows more sbrk(2) space. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - ;; - - gnu* | linux* | tpf* | k*bsd*-gnu) - tmp_diet=no - if test "$host_os" = linux-dietlibc; then - case $cc_basename in - diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) - esac - fi - if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ - && test "$tmp_diet" = no - then - tmp_addflag= - tmp_sharedflag='-shared' - case $cc_basename,$host_cpu in - pgcc*) # Portland Group C compiler - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' - tmp_addflag=' $pic_flag' - ;; - pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' - tmp_addflag=' $pic_flag -Mnomain' ;; - ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 - tmp_addflag=' -i_dynamic' ;; - efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 - tmp_addflag=' -i_dynamic -nofor_main' ;; - ifc* | ifort*) # Intel Fortran compiler - tmp_addflag=' -nofor_main' ;; - lf95*) # Lahey Fortran 8.1 - _LT_TAGVAR(whole_archive_flag_spec, $1)= - tmp_sharedflag='--shared' ;; - xl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) - tmp_sharedflag='-qmkshrobj' - tmp_addflag= ;; - esac - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) # Sun C 5.9 - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' - _LT_TAGVAR(compiler_needs_object, $1)=yes - tmp_sharedflag='-G' ;; - *Sun\ F*) # Sun Fortran 8.3 - tmp_sharedflag='-G' ;; - esac - _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - - if test "x$supports_anon_versioning" = xyes; then - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' - fi - - case $cc_basename in - xlf*) - # IBM XL Fortran 10.1 on PPC cannot create shared libs itself - _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' - _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' - fi - ;; - esac - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - netbsd* | netbsdelf*-gnu) - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' - wlarc= - else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - fi - ;; - - solaris*) - if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then - _LT_TAGVAR(ld_shlibs, $1)=no - cat <<_LT_EOF 1>&2 - -*** Warning: The releases 2.8.* of the GNU linker cannot reliably -*** create shared libraries on Solaris systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.9.1 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -_LT_EOF - elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) - case `$LD -v 2>&1` in - *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) - _LT_TAGVAR(ld_shlibs, $1)=no - cat <<_LT_EOF 1>&2 - -*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not -*** reliably create shared libraries on SCO systems. Therefore, libtool -*** is disabling shared libraries support. We urge you to upgrade GNU -*** binutils to release 2.16.91.0.3 or newer. Another option is to modify -*** your PATH or compiler configuration so that the native linker is -*** used, and then restart. - -_LT_EOF - ;; - *) - # For security reasons, it is highly recommended that you always - # use absolute paths for naming shared libraries, and exclude the - # DT_RUNPATH tag from executables and libraries. But doing so - # requires that you compile everything twice, which is a pain. - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - - sunos4*) - _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' - wlarc= - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - *) - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - - if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then - runpath_var= - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= - _LT_TAGVAR(export_dynamic_flag_spec, $1)= - _LT_TAGVAR(whole_archive_flag_spec, $1)= - fi - else - # PORTME fill in a description of your system's linker (not GNU ld) - case $host_os in - aix3*) - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(always_export_symbols, $1)=yes - _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' - # Note: this linker hardcodes the directories in LIBPATH if there - # are no directories specified by -L. - _LT_TAGVAR(hardcode_minus_L, $1)=yes - if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then - # Neither direct hardcoding nor static linking is supported with a - # broken collect2. - _LT_TAGVAR(hardcode_direct, $1)=unsupported - fi - ;; - - aix[[4-9]]*) - if test "$host_cpu" = ia64; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - exp_sym_flag='-Bexport' - no_entry_flag="" - else - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' - else - _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' - fi - aix_use_runtimelinking=no - - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. - case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) - for ld_flag in $LDFLAGS; do - if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then - aix_use_runtimelinking=yes - break - fi - done - ;; - esac - - exp_sym_flag='-bexport' - no_entry_flag='-bnoentry' - fi - - # When large executables or shared objects are built, AIX ld can - # have problems creating the table of contents. If linking a library - # or program results in "error TOC overflow" add -mminimal-toc to - # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not - # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. - - _LT_TAGVAR(archive_cmds, $1)='' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' - - if test "$GCC" = yes; then - case $host_os in aix4.[[012]]|aix4.[[012]].*) - # We only want to do this on AIX 4.2 and lower, the check - # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` - if test -f "$collect2name" && - strings "$collect2name" | $GREP resolve_lib_name >/dev/null - then - # We have reworked collect2 - : - else - # We have old collect2 - _LT_TAGVAR(hardcode_direct, $1)=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)= - fi - ;; - esac - shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' - fi - _LT_TAGVAR(link_all_deplibs, $1)=no - else - # not using gcc - if test "$host_cpu" = ia64; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: - shared_flag='-G' - else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' - else - shared_flag='${wl}-bM:SRE' - fi - fi - fi - - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' - # It seems that -bexpall does not export symbols beginning with - # underscore (_), so it is better to generate a list of symbols to export. - _LT_TAGVAR(always_export_symbols, $1)=yes - if test "$aix_use_runtimelinking" = yes; then - # Warning - without using the other runtime loading flags (-brtl), - # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(allow_undefined_flag, $1)='-berok' - # Determine the default libpath from the value encoded in an - # empty executable. - _LT_SYS_MODULE_PATH_AIX - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" - else - if test "$host_cpu" = ia64; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' - _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" - else - # Determine the default libpath from the value encoded in an - # empty executable. - _LT_SYS_MODULE_PATH_AIX - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - # Warning - without using the other run time loading flags, - # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' - _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - # This is similar to how AIX traditionally builds its shared libraries. - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' - fi - fi - ;; - - amigaos*) - case $host_cpu in - powerpc) - # see comment about AmigaOS4 .so support - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='' - ;; - m68k) - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_minus_L, $1)=yes - ;; - esac - ;; - - bsdi[[45]]*) - _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic - ;; - - cygwin* | mingw* | pw32* | cegcc*) - # When not using gcc, we currently assume that we are using - # Microsoft Visual C++. - # hardcode_libdir_flag_spec is actually meaningless, as there is - # no search path for DLLs. - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - # Tell ltmain to make .lib files, not .a files. - libext=lib - # Tell ltmain to make .dll files, not .so files. - shrext_cmds=".dll" - # FIXME: Setting linknames here is a bad hack. - _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames=' - # The linker will automatically build a .lib file if we build a DLL. - _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' - # FIXME: Should let the user specify the lib program. - _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' - _LT_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`' - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - ;; - - darwin* | rhapsody*) - _LT_DARWIN_LINKER_FEATURES($1) - ;; - - dgux*) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - freebsd1*) - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor - # support. Future versions do this automatically, but an explicit c++rt0.o - # does not break anything, and helps significantly (at the cost of a little - # extra space). - freebsd2.2*) - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - # Unfortunately, older versions of FreeBSD 2 do not have this feature. - freebsd2*) - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | dragonfly*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - hpux9*) - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - else - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(hardcode_direct, $1)=yes - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - ;; - - hpux10*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' - fi - if test "$with_gnu_ld" = no; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - _LT_TAGVAR(hardcode_minus_L, $1)=yes - fi - ;; - - hpux11*) - if test "$GCC" = yes -a "$with_gnu_ld" = no; then - case $host_cpu in - hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - else - case $host_cpu in - hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - fi - if test "$with_gnu_ld" = no; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - case $host_cpu in - hppa*64*|ia64*) - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - *) - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - - # hardcode_minus_L: Not really in the search PATH, - # but as the default location of the library. - _LT_TAGVAR(hardcode_minus_L, $1)=yes - ;; - esac - fi - ;; - - irix5* | irix6* | nonstopux*) - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - # Try to use the -exported_symbol ld option, if it does not - # work, assume that -exports_file does not work either and - # implicitly export all symbols. - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" - AC_LINK_IFELSE(int foo(void) {}, - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' - ) - LDFLAGS="$save_LDFLAGS" - else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' - fi - _LT_TAGVAR(archive_cmds_need_lc, $1)='no' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(inherit_rpath, $1)=yes - _LT_TAGVAR(link_all_deplibs, $1)=yes - ;; - - netbsd* | netbsdelf*-gnu) - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out - else - _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF - fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - newsos6) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - *nto* | *qnx*) - ;; - - openbsd*) - if test -f /usr/libexec/ld.so; then - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - else - case $host_os in - openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - ;; - esac - fi - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - os2*) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' - _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' - ;; - - osf3*) - if test "$GCC" = yes; then - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - else - _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' - fi - _LT_TAGVAR(archive_cmds_need_lc, $1)='no' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - ;; - - osf4* | osf5*) # as osf3* with the addition of -msym flag - if test "$GCC" = yes; then - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - else - _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ - $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' - - # Both c and cxx compiler support -rpath directly - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' - fi - _LT_TAGVAR(archive_cmds_need_lc, $1)='no' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - ;; - - solaris*) - _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' - if test "$GCC" = yes; then - wlarc='${wl}' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' - else - case `$CC -V 2>&1` in - *"Compilers 5.0"*) - wlarc='' - _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' - ;; - *) - wlarc='${wl}' - _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' - ;; - esac - fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - case $host_os in - solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; - *) - # The compiler driver will combine and reorder linker options, - # but understands `-z linker_flag'. GCC discards it without `$wl', - # but is careful enough not to reorder. - # Supported since Solaris 2.6 (maybe 2.5.1?) - if test "$GCC" = yes; then - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' - else - _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' - fi - ;; - esac - _LT_TAGVAR(link_all_deplibs, $1)=yes - ;; - - sunos4*) - if test "x$host_vendor" = xsequent; then - # Use $CC to link under sequent, because it throws in some extra .o - # files that make .init and .fini sections work. - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' - fi - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - sysv4) - case $host_vendor in - sni) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? - ;; - siemens) - ## LD is ld it makes a PLAMLIB - ## CC just makes a GrossModule. - _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' - _LT_TAGVAR(hardcode_direct, $1)=no - ;; - motorola) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie - ;; - esac - runpath_var='LD_RUN_PATH' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - sysv4.3*) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' - ;; - - sysv4*MP*) - if test -d /usr/nec; then - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - runpath_var=LD_RUN_PATH - hardcode_runpath_var=yes - _LT_TAGVAR(ld_shlibs, $1)=yes - fi - ;; - - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - runpath_var='LD_RUN_PATH' - - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not - # link with -lc, and that would cause any symbols used from libc to - # always be unresolved, which means just about no library would - # ever link correctly. If we're not using GNU ld we use -z text - # though, which does catch some bad symbols but isn't as heavy-handed - # as -z defs. - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' - runpath_var='LD_RUN_PATH' - - if test "$GCC" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - else - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - fi - ;; - - uts4*) - _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - - *) - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - - if test x$host_vendor = xsni; then - case $host in - sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' - ;; - esac - fi - fi -]) -AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) -test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no - -_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld - -_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl -_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl -_LT_DECL([], [extract_expsyms_cmds], [2], - [The commands to extract the exported symbol list from a shared archive]) - -# -# Do we need to explicitly link libc? -# -case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in -x|xyes) - # Assume -lc should be added - _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - - if test "$enable_shared" = yes && test "$GCC" = yes; then - case $_LT_TAGVAR(archive_cmds, $1) in - *'~'*) - # FIXME: we may have to deal with multi-command sequences. - ;; - '$CC '*) - # Test whether the compiler implicitly links with -lc since on some - # systems, -lgcc has to come before -lc. If gcc already passes -lc - # to ld, don't add -lc before -lgcc. - AC_MSG_CHECKING([whether -lc should be explicitly linked in]) - $RM conftest* - echo "$lt_simple_compile_test_code" > conftest.$ac_ext - - if AC_TRY_EVAL(ac_compile) 2>conftest.err; then - soname=conftest - lib=conftest - libobjs=conftest.$ac_objext - deplibs= - wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) - pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) - compiler_flags=-v - linker_flags=-v - verstring= - output_objdir=. - libname=conftest - lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) - _LT_TAGVAR(allow_undefined_flag, $1)= - if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) - then - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - else - _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - fi - _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag - else - cat conftest.err 1>&5 - fi - $RM conftest* - AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)]) - ;; - esac - fi - ;; -esac - -_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], - [Whether or not to add -lc for building shared libraries]) -_LT_TAGDECL([allow_libtool_libs_with_static_runtimes], - [enable_shared_with_static_runtimes], [0], - [Whether or not to disallow shared libs when runtime libs are static]) -_LT_TAGDECL([], [export_dynamic_flag_spec], [1], - [Compiler flag to allow reflexive dlopens]) -_LT_TAGDECL([], [whole_archive_flag_spec], [1], - [Compiler flag to generate shared objects directly from archives]) -_LT_TAGDECL([], [compiler_needs_object], [1], - [Whether the compiler copes with passing no objects directly]) -_LT_TAGDECL([], [old_archive_from_new_cmds], [2], - [Create an old-style archive from a shared archive]) -_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], - [Create a temporary old-style archive to link instead of a shared archive]) -_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) -_LT_TAGDECL([], [archive_expsym_cmds], [2]) -_LT_TAGDECL([], [module_cmds], [2], - [Commands used to build a loadable module if different from building - a shared archive.]) -_LT_TAGDECL([], [module_expsym_cmds], [2]) -_LT_TAGDECL([], [with_gnu_ld], [1], - [Whether we are building with GNU ld or not]) -_LT_TAGDECL([], [allow_undefined_flag], [1], - [Flag that allows shared libraries with undefined symbols to be built]) -_LT_TAGDECL([], [no_undefined_flag], [1], - [Flag that enforces no undefined symbols]) -_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], - [Flag to hardcode $libdir into a binary during linking. - This must work even if $libdir does not exist]) -_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1], - [[If ld is used when linking, flag to hardcode $libdir into a binary - during linking. This must work even if $libdir does not exist]]) -_LT_TAGDECL([], [hardcode_libdir_separator], [1], - [Whether we need a single "-rpath" flag with a separated argument]) -_LT_TAGDECL([], [hardcode_direct], [0], - [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes - DIR into the resulting binary]) -_LT_TAGDECL([], [hardcode_direct_absolute], [0], - [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes - DIR into the resulting binary and the resulting library dependency is - "absolute", i.e impossible to change by setting ${shlibpath_var} if the - library is relocated]) -_LT_TAGDECL([], [hardcode_minus_L], [0], - [Set to "yes" if using the -LDIR flag during linking hardcodes DIR - into the resulting binary]) -_LT_TAGDECL([], [hardcode_shlibpath_var], [0], - [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR - into the resulting binary]) -_LT_TAGDECL([], [hardcode_automatic], [0], - [Set to "yes" if building a shared library automatically hardcodes DIR - into the library and all subsequent libraries and executables linked - against it]) -_LT_TAGDECL([], [inherit_rpath], [0], - [Set to yes if linker adds runtime paths of dependent libraries - to runtime path list]) -_LT_TAGDECL([], [link_all_deplibs], [0], - [Whether libtool must link a program against all its dependency libraries]) -_LT_TAGDECL([], [fix_srcfile_path], [1], - [Fix the shell variable $srcfile for the compiler]) -_LT_TAGDECL([], [always_export_symbols], [0], - [Set to "yes" if exported symbols are required]) -_LT_TAGDECL([], [export_symbols_cmds], [2], - [The commands to list exported symbols]) -_LT_TAGDECL([], [exclude_expsyms], [1], - [Symbols that should not be listed in the preloaded symbols]) -_LT_TAGDECL([], [include_expsyms], [1], - [Symbols that must always be exported]) -_LT_TAGDECL([], [prelink_cmds], [2], - [Commands necessary for linking programs (against libraries) with templates]) -_LT_TAGDECL([], [file_list_spec], [1], - [Specify filename containing input files]) -dnl FIXME: Not yet implemented -dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], -dnl [Compiler flag to generate thread safe objects]) -])# _LT_LINKER_SHLIBS - - -# _LT_LANG_C_CONFIG([TAG]) -# ------------------------ -# Ensure that the configuration variables for a C compiler are suitably -# defined. These variables are subsequently used by _LT_CONFIG to write -# the compiler configuration to `libtool'. -m4_defun([_LT_LANG_C_CONFIG], -[m4_require([_LT_DECL_EGREP])dnl -lt_save_CC="$CC" -AC_LANG_PUSH(C) - -# Source file extension for C test sources. -ac_ext=c - -# Object file extension for compiled C test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code="int some_variable = 0;" - -# Code to be used in simple link tests -lt_simple_link_test_code='int main(){return(0);}' - -_LT_TAG_COMPILER -# Save the default compiler, since it gets overwritten when the other -# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. -compiler_DEFAULT=$CC - -# save warnings/boilerplate of simple test code -_LT_COMPILER_BOILERPLATE -_LT_LINKER_BOILERPLATE - -if test -n "$compiler"; then - _LT_COMPILER_NO_RTTI($1) - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_SYS_DYNAMIC_LINKER($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - LT_SYS_DLOPEN_SELF - _LT_CMD_STRIPLIB - - # Report which library types will actually be built - AC_MSG_CHECKING([if libtool supports shared libraries]) - AC_MSG_RESULT([$can_build_shared]) - - AC_MSG_CHECKING([whether to build shared libraries]) - test "$can_build_shared" = "no" && enable_shared=no - - # On AIX, shared libraries and static libraries use the same namespace, and - # are all built from PIC. - case $host_os in - aix3*) - test "$enable_shared" = yes && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; - - aix[[4-9]]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no - fi - ;; - esac - AC_MSG_RESULT([$enable_shared]) - - AC_MSG_CHECKING([whether to build static libraries]) - # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes - AC_MSG_RESULT([$enable_static]) - - _LT_CONFIG($1) -fi -AC_LANG_POP -CC="$lt_save_CC" -])# _LT_LANG_C_CONFIG - - -# _LT_PROG_CXX -# ------------ -# Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++ -# compiler, we have our own version here. -m4_defun([_LT_PROG_CXX], -[ -pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes]) -AC_PROG_CXX -if test -n "$CXX" && ( test "X$CXX" != "Xno" && - ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || - (test "X$CXX" != "Xg++"))) ; then - AC_PROG_CXXCPP -else - _lt_caught_CXX_error=yes -fi -popdef([AC_MSG_ERROR]) -])# _LT_PROG_CXX - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([_LT_PROG_CXX], []) - - -# _LT_LANG_CXX_CONFIG([TAG]) -# -------------------------- -# Ensure that the configuration variables for a C++ compiler are suitably -# defined. These variables are subsequently used by _LT_CONFIG to write -# the compiler configuration to `libtool'. -m4_defun([_LT_LANG_CXX_CONFIG], -[AC_REQUIRE([_LT_PROG_CXX])dnl -m4_require([_LT_FILEUTILS_DEFAULTS])dnl -m4_require([_LT_DECL_EGREP])dnl - -AC_LANG_PUSH(C++) -_LT_TAGVAR(archive_cmds_need_lc, $1)=no -_LT_TAGVAR(allow_undefined_flag, $1)= -_LT_TAGVAR(always_export_symbols, $1)=no -_LT_TAGVAR(archive_expsym_cmds, $1)= -_LT_TAGVAR(compiler_needs_object, $1)=no -_LT_TAGVAR(export_dynamic_flag_spec, $1)= -_LT_TAGVAR(hardcode_direct, $1)=no -_LT_TAGVAR(hardcode_direct_absolute, $1)=no -_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= -_LT_TAGVAR(hardcode_libdir_separator, $1)= -_LT_TAGVAR(hardcode_minus_L, $1)=no -_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported -_LT_TAGVAR(hardcode_automatic, $1)=no -_LT_TAGVAR(inherit_rpath, $1)=no -_LT_TAGVAR(module_cmds, $1)= -_LT_TAGVAR(module_expsym_cmds, $1)= -_LT_TAGVAR(link_all_deplibs, $1)=unknown -_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds -_LT_TAGVAR(no_undefined_flag, $1)= -_LT_TAGVAR(whole_archive_flag_spec, $1)= -_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no - -# Source file extension for C++ test sources. -ac_ext=cpp - -# Object file extension for compiled C++ test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# No sense in running all these tests if we already determined that -# the CXX compiler isn't working. Some variables (like enable_shared) -# are currently assumed to apply to all compilers on this platform, -# and will be corrupted by setting them based on a non-working compiler. -if test "$_lt_caught_CXX_error" != yes; then - # Code to be used in simple compile tests - lt_simple_compile_test_code="int some_variable = 0;" - - # Code to be used in simple link tests - lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' - - # ltmain only uses $CC for tagged configurations so make sure $CC is set. - _LT_TAG_COMPILER - - # save warnings/boilerplate of simple test code - _LT_COMPILER_BOILERPLATE - _LT_LINKER_BOILERPLATE - - # Allow CC to be a program name with arguments. - lt_save_CC=$CC - lt_save_LD=$LD - lt_save_GCC=$GCC - GCC=$GXX - lt_save_with_gnu_ld=$with_gnu_ld - lt_save_path_LD=$lt_cv_path_LD - if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then - lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx - else - $as_unset lt_cv_prog_gnu_ld - fi - if test -n "${lt_cv_path_LDCXX+set}"; then - lt_cv_path_LD=$lt_cv_path_LDCXX - else - $as_unset lt_cv_path_LD - fi - test -z "${LDCXX+set}" || LD=$LDCXX - CC=${CXX-"c++"} - compiler=$CC - _LT_TAGVAR(compiler, $1)=$CC - _LT_CC_BASENAME([$compiler]) - - if test -n "$compiler"; then - # We don't want -fno-exception when compiling C++ code, so set the - # no_builtin_flag separately - if test "$GXX" = yes; then - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' - else - _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= - fi - - if test "$GXX" = yes; then - # Set up default GNU C++ configuration - - LT_PATH_LD - - # Check if GNU C++ uses GNU ld as the underlying linker, since the - # archiving commands below assume that GNU ld is being used. - if test "$with_gnu_ld" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - - # If archive_cmds runs LD, not CC, wlarc should be empty - # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to - # investigate it a little bit more. (MM) - wlarc='${wl}' - - # ancient GNU ld didn't support --whole-archive et. al. - if eval "`$CC -print-prog-name=ld` --help 2>&1" | - $GREP 'no-whole-archive' > /dev/null; then - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - else - _LT_TAGVAR(whole_archive_flag_spec, $1)= - fi - else - with_gnu_ld=no - wlarc= - - # A generic and very simple default shared library creation - # command for GNU C++ for the case where it uses the native - # linker, instead of GNU ld. If possible, this setting should - # overridden to take advantage of the native linker features on - # the platform it is being used on. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - fi - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' - - else - GXX=no - with_gnu_ld=no - wlarc= - fi - - # PORTME: fill in a description of your system's C++ link characteristics - AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) - _LT_TAGVAR(ld_shlibs, $1)=yes - case $host_os in - aix3*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - aix[[4-9]]*) - if test "$host_cpu" = ia64; then - # On IA64, the linker does run time linking by default, so we don't - # have to do anything special. - aix_use_runtimelinking=no - exp_sym_flag='-Bexport' - no_entry_flag="" - else - aix_use_runtimelinking=no - - # Test if we are trying to use run time linking or normal - # AIX style linking. If -brtl is somewhere in LDFLAGS, we - # need to do runtime linking. - case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) - for ld_flag in $LDFLAGS; do - case $ld_flag in - *-brtl*) - aix_use_runtimelinking=yes - break - ;; - esac - done - ;; - esac - - exp_sym_flag='-bexport' - no_entry_flag='-bnoentry' - fi - - # When large executables or shared objects are built, AIX ld can - # have problems creating the table of contents. If linking a library - # or program results in "error TOC overflow" add -mminimal-toc to - # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not - # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. - - _LT_TAGVAR(archive_cmds, $1)='' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' - - if test "$GXX" = yes; then - case $host_os in aix4.[[012]]|aix4.[[012]].*) - # We only want to do this on AIX 4.2 and lower, the check - # below for broken collect2 doesn't work under 4.3+ - collect2name=`${CC} -print-prog-name=collect2` - if test -f "$collect2name" && - strings "$collect2name" | $GREP resolve_lib_name >/dev/null - then - # We have reworked collect2 - : - else - # We have old collect2 - _LT_TAGVAR(hardcode_direct, $1)=unsupported - # It fails to find uninstalled libraries when the uninstalled - # path is not listed in the libpath. Setting hardcode_minus_L - # to unsupported forces relinking - _LT_TAGVAR(hardcode_minus_L, $1)=yes - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)= - fi - esac - shared_flag='-shared' - if test "$aix_use_runtimelinking" = yes; then - shared_flag="$shared_flag "'${wl}-G' - fi - else - # not using gcc - if test "$host_cpu" = ia64; then - # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release - # chokes on -Wl,-G. The following line is correct: - shared_flag='-G' - else - if test "$aix_use_runtimelinking" = yes; then - shared_flag='${wl}-G' - else - shared_flag='${wl}-bM:SRE' - fi - fi - fi - - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' - # It seems that -bexpall does not export symbols beginning with - # underscore (_), so it is better to generate a list of symbols to - # export. - _LT_TAGVAR(always_export_symbols, $1)=yes - if test "$aix_use_runtimelinking" = yes; then - # Warning - without using the other runtime loading flags (-brtl), - # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(allow_undefined_flag, $1)='-berok' - # Determine the default libpath from the value encoded in an empty - # executable. - _LT_SYS_MODULE_PATH_AIX - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" - else - if test "$host_cpu" = ia64; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' - _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" - else - # Determine the default libpath from the value encoded in an - # empty executable. - _LT_SYS_MODULE_PATH_AIX - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" - # Warning - without using the other run time loading flags, - # -berok will link without error, but may produce a broken library. - _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' - # Exported symbols can be pulled into shared objects from archives - _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' - _LT_TAGVAR(archive_cmds_need_lc, $1)=yes - # This is similar to how AIX traditionally builds its shared - # libraries. - _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' - fi - fi - ;; - - beos*) - if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - # Joseph Beckenbach says some releases of gcc - # support --undefined. This deserves some investigation. FIXME - _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - chorus*) - case $cc_basename in - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - cygwin* | mingw* | pw32* | cegcc*) - # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, - # as there is no search path for DLLs. - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' - _LT_TAGVAR(allow_undefined_flag, $1)=unsupported - _LT_TAGVAR(always_export_symbols, $1)=no - _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes - - if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - # If the export-symbols file already is a .def file (1st line - # is EXPORTS), use it as is; otherwise, prepend... - _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then - cp $export_symbols $output_objdir/$soname.def; - else - echo EXPORTS > $output_objdir/$soname.def; - cat $export_symbols >> $output_objdir/$soname.def; - fi~ - $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - darwin* | rhapsody*) - _LT_DARWIN_LINKER_FEATURES($1) - ;; - - dgux*) - case $cc_basename in - ec++*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - ghcx*) - # Green Hills C++ Compiler - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - freebsd[[12]]*) - # C++ shared libraries reported to be fairly broken before - # switch to ELF - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - freebsd-elf*) - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - ;; - - freebsd* | dragonfly*) - # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF - # conventions - _LT_TAGVAR(ld_shlibs, $1)=yes - ;; - - gnu*) - ;; - - hpux9*) - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, - # but as the default - # location of the library. - - case $cc_basename in - CC*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - aCC*) - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' - ;; - *) - if test "$GXX" = yes; then - _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' - else - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - - hpux10*|hpux11*) - if test $with_gnu_ld = no; then - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - case $host_cpu in - hppa*64*|ia64*) - ;; - *) - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - ;; - esac - fi - case $host_cpu in - hppa*64*|ia64*) - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - ;; - *) - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, - # but as the default - # location of the library. - ;; - esac - - case $cc_basename in - CC*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - aCC*) - case $host_cpu in - hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - esac - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' - ;; - *) - if test "$GXX" = yes; then - if test $with_gnu_ld = no; then - case $host_cpu in - hppa*64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - ia64*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - ;; - esac - fi - else - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - - interix[[3-9]]*) - _LT_TAGVAR(hardcode_direct, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. - # Instead, shared libraries are loaded at an image base (0x10000000 by - # default) and relocated if they conflict, which is a slow very memory - # consuming and fragmenting process. To avoid this, we pick a random, - # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link - # time. Moving up from 0x10000000 also allows more sbrk(2) space. - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' - ;; - irix5* | irix6*) - case $cc_basename in - CC*) - # SGI C++ - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' - - # Archives containing C++ object files must be created using - # "CC -ar", where "CC" is the IRIX C++ compiler. This is - # necessary to make sure instantiated templates are included - # in the archive. - _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' - ;; - *) - if test "$GXX" = yes; then - if test "$with_gnu_ld" = no; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - else - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib' - fi - fi - _LT_TAGVAR(link_all_deplibs, $1)=yes - ;; - esac - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - _LT_TAGVAR(inherit_rpath, $1)=yes - ;; - - linux* | k*bsd*-gnu) - case $cc_basename in - KCC*) - # Kuck and Associates, Inc. (KAI) C++ Compiler - - # KCC will only create a shared library if the output file - # ends with ".so" (or ".sl" for HP-UX), so rename the library - # to its proper name (with version) after linking. - _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - - # Archives containing C++ object files must be created using - # "CC -Bstatic", where "CC" is the KAI C++ compiler. - _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' - ;; - icpc* | ecpc* ) - # Intel C++ - with_gnu_ld=yes - # version 8.0 and above of icpc choke on multiply defined symbols - # if we add $predep_objects and $postdep_objects, however 7.1 and - # earlier do not add the objects themselves. - case `$CC -V 2>&1` in - *"Version 7."*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - ;; - *) # Version 8.0 or newer - tmp_idyn= - case $host_cpu in - ia64*) tmp_idyn=' -i_dynamic';; - esac - _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' - ;; - esac - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' - ;; - pgCC* | pgcpp*) - # Portland Group C++ compiler - case `$CC -V` in - *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*) - _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ - compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' - _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ - $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ - $RANLIB $oldlib' - _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ - rm -rf $tpldir~ - $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ - $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' - ;; - *) # Version 6 will use weak symbols - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' - ;; - esac - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' - ;; - cxx*) - # Compaq C++ - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' - - runpath_var=LD_RUN_PATH - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' - ;; - xl*) - # IBM XL 8.0 on PPC, with GNU ld - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' - _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' - if test "x$supports_anon_versioning" = xyes; then - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ - cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ - echo "local: *; };" >> $output_objdir/$libname.ver~ - $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' - fi - ;; - *) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C++ 5.9 - _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' - _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' - _LT_TAGVAR(compiler_needs_object, $1)=yes - - # Not sure whether something based on - # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 - # would be better. - output_verbose_link_cmd='echo' - - # Archives containing C++ object files must be created using - # "CC -xar", where "CC" is the Sun C++ compiler. This is - # necessary to make sure instantiated templates are included - # in the archive. - _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' - ;; - esac - ;; - esac - ;; - - lynxos*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - m88k*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - mvs*) - case $cc_basename in - cxx*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - netbsd*) - if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' - wlarc= - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - fi - # Workaround some broken pre-1.5 toolchains - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' - ;; - - *nto* | *qnx*) - _LT_TAGVAR(ld_shlibs, $1)=yes - ;; - - openbsd2*) - # C++ shared libraries are fairly broken - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - openbsd*) - if test -f /usr/libexec/ld.so; then - _LT_TAGVAR(hardcode_direct, $1)=yes - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_direct_absolute, $1)=yes - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' - _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' - fi - output_verbose_link_cmd=echo - else - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - - osf3* | osf4* | osf5*) - case $cc_basename in - KCC*) - # Kuck and Associates, Inc. (KAI) C++ Compiler - - # KCC will only create a shared library if the output file - # ends with ".so" (or ".sl" for HP-UX), so rename the library - # to its proper name (with version) after linking. - _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - # Archives containing C++ object files must be created using - # the KAI C++ compiler. - case $host in - osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; - *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; - esac - ;; - RCC*) - # Rational C++ 2.4.1 - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - cxx*) - case $host in - osf3*) - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - ;; - *) - _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' - _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ - echo "-hidden">> $lib.exp~ - $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~ - $RM $lib.exp' - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' - ;; - esac - - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - # - # There doesn't appear to be a way to prevent this compiler from - # explicitly linking system object files so we need to strip them - # from the output so that they don't get included in the library - # dependencies. - output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' - ;; - *) - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' - case $host in - osf3*) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' - ;; - esac - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=: - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' - - else - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - fi - ;; - esac - ;; - - psos*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - sunos4*) - case $cc_basename in - CC*) - # Sun C++ 4.x - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - lcc*) - # Lucid - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - solaris*) - case $cc_basename in - CC*) - # Sun C++ 4.2, 5.x and Centerline C++ - _LT_TAGVAR(archive_cmds_need_lc,$1)=yes - _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' - _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - case $host_os in - solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; - *) - # The compiler driver will combine and reorder linker options, - # but understands `-z linker_flag'. - # Supported since Solaris 2.6 (maybe 2.5.1?) - _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' - ;; - esac - _LT_TAGVAR(link_all_deplibs, $1)=yes - - output_verbose_link_cmd='echo' - - # Archives containing C++ object files must be created using - # "CC -xar", where "CC" is the Sun C++ compiler. This is - # necessary to make sure instantiated templates are included - # in the archive. - _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' - ;; - gcx*) - # Green Hills C++ Compiler - _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' - - # The C++ compiler must be used to create the archive. - _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' - ;; - *) - # GNU C++ compiler with Solaris linker - if test "$GXX" = yes && test "$with_gnu_ld" = no; then - _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' - if $CC --version | $GREP -v '^2\.7' > /dev/null; then - _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' - else - # g++ 2.7 appears to require `-G' NOT `-shared' on this - # platform. - _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' - _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ - $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' - - # Commands to make compiler produce verbose output that lists - # what "hidden" libraries, object files and flags are used when - # linking a shared library. - output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' - fi - - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' - case $host_os in - solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; - *) - _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' - ;; - esac - fi - ;; - esac - ;; - - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - runpath_var='LD_RUN_PATH' - - case $cc_basename in - CC*) - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - ;; - - sysv5* | sco3.2v5* | sco5v6*) - # Note: We can NOT use -z defs as we might desire, because we do not - # link with -lc, and that would cause any symbols used from libc to - # always be unresolved, which means just about no library would - # ever link correctly. If we're not using GNU ld we use -z text - # though, which does catch some bad symbols but isn't as heavy-handed - # as -z defs. - _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' - _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' - _LT_TAGVAR(archive_cmds_need_lc, $1)=no - _LT_TAGVAR(hardcode_shlibpath_var, $1)=no - _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' - _LT_TAGVAR(hardcode_libdir_separator, $1)=':' - _LT_TAGVAR(link_all_deplibs, $1)=yes - _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' - runpath_var='LD_RUN_PATH' - - case $cc_basename in - CC*) - _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - *) - _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' - ;; - esac - ;; - - tandem*) - case $cc_basename in - NCC*) - # NonStop-UX NCC 3.20 - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - ;; - - vxworks*) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - - *) - # FIXME: insert proper C++ library support - _LT_TAGVAR(ld_shlibs, $1)=no - ;; - esac - - AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) - test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no - - _LT_TAGVAR(GCC, $1)="$GXX" - _LT_TAGVAR(LD, $1)="$LD" - - ## CAVEAT EMPTOR: - ## There is no encapsulation within the following macros, do not change - ## the running order or otherwise move them around unless you know exactly - ## what you are doing... - _LT_SYS_HIDDEN_LIBDEPS($1) - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_SYS_DYNAMIC_LINKER($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - - _LT_CONFIG($1) - fi # test -n "$compiler" - - CC=$lt_save_CC - LDCXX=$LD - LD=$lt_save_LD - GCC=$lt_save_GCC - with_gnu_ld=$lt_save_with_gnu_ld - lt_cv_path_LDCXX=$lt_cv_path_LD - lt_cv_path_LD=$lt_save_path_LD - lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld - lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld -fi # test "$_lt_caught_CXX_error" != yes - -AC_LANG_POP -])# _LT_LANG_CXX_CONFIG - - -# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) -# --------------------------------- -# Figure out "hidden" library dependencies from verbose -# compiler output when linking a shared library. -# Parse the compiler output and extract the necessary -# objects, libraries and library flags. -m4_defun([_LT_SYS_HIDDEN_LIBDEPS], -[m4_require([_LT_FILEUTILS_DEFAULTS])dnl -# Dependencies to place before and after the object being linked: -_LT_TAGVAR(predep_objects, $1)= -_LT_TAGVAR(postdep_objects, $1)= -_LT_TAGVAR(predeps, $1)= -_LT_TAGVAR(postdeps, $1)= -_LT_TAGVAR(compiler_lib_search_path, $1)= - -dnl we can't use the lt_simple_compile_test_code here, -dnl because it contains code intended for an executable, -dnl not a library. It's possible we should let each -dnl tag define a new lt_????_link_test_code variable, -dnl but it's only used here... -m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF -int a; -void foo (void) { a = 0; } -_LT_EOF -], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF -class Foo -{ -public: - Foo (void) { a = 0; } -private: - int a; -}; -_LT_EOF -], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF - subroutine foo - implicit none - integer*4 a - a=0 - return - end -_LT_EOF -], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF - subroutine foo - implicit none - integer a - a=0 - return - end -_LT_EOF -], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF -public class foo { - private int a; - public void bar (void) { - a = 0; - } -}; -_LT_EOF -]) -dnl Parse the compiler output and extract the necessary -dnl objects, libraries and library flags. -if AC_TRY_EVAL(ac_compile); then - # Parse the compiler output and extract the necessary - # objects, libraries and library flags. - - # Sentinel used to keep track of whether or not we are before - # the conftest object file. - pre_test_object_deps_done=no - - for p in `eval "$output_verbose_link_cmd"`; do - case $p in - - -L* | -R* | -l*) - # Some compilers place space between "-{L,R}" and the path. - # Remove the space. - if test $p = "-L" || - test $p = "-R"; then - prev=$p - continue - else - prev= - fi - - if test "$pre_test_object_deps_done" = no; then - case $p in - -L* | -R*) - # Internal compiler library paths should come after those - # provided the user. The postdeps already come after the - # user supplied libs so there is no need to process them. - if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then - _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" - else - _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" - fi - ;; - # The "-l" case would never come before the object being - # linked, so don't bother handling this case. - esac - else - if test -z "$_LT_TAGVAR(postdeps, $1)"; then - _LT_TAGVAR(postdeps, $1)="${prev}${p}" - else - _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" - fi - fi - ;; - - *.$objext) - # This assumes that the test object file only shows up - # once in the compiler output. - if test "$p" = "conftest.$objext"; then - pre_test_object_deps_done=yes - continue - fi - - if test "$pre_test_object_deps_done" = no; then - if test -z "$_LT_TAGVAR(predep_objects, $1)"; then - _LT_TAGVAR(predep_objects, $1)="$p" - else - _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" - fi - else - if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then - _LT_TAGVAR(postdep_objects, $1)="$p" - else - _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" - fi - fi - ;; - - *) ;; # Ignore the rest. - - esac - done - - # Clean up. - rm -f a.out a.exe -else - echo "libtool.m4: error: problem compiling $1 test program" -fi - -$RM -f confest.$objext - -# PORTME: override above test on systems where it is broken -m4_if([$1], [CXX], -[case $host_os in -interix[[3-9]]*) - # Interix 3.5 installs completely hosed .la files for C++, so rather than - # hack all around it, let's just trust "g++" to DTRT. - _LT_TAGVAR(predep_objects,$1)= - _LT_TAGVAR(postdep_objects,$1)= - _LT_TAGVAR(postdeps,$1)= - ;; - -linux*) - case `$CC -V 2>&1 | sed 5q` in - *Sun\ C*) - # Sun C++ 5.9 - - # The more standards-conforming stlport4 library is - # incompatible with the Cstd library. Avoid specifying - # it if it's in CXXFLAGS. Ignore libCrun as - # -library=stlport4 depends on it. - case " $CXX $CXXFLAGS " in - *" -library=stlport4 "*) - solaris_use_stlport4=yes - ;; - esac - - if test "$solaris_use_stlport4" != yes; then - _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' - fi - ;; - esac - ;; - -solaris*) - case $cc_basename in - CC*) - # The more standards-conforming stlport4 library is - # incompatible with the Cstd library. Avoid specifying - # it if it's in CXXFLAGS. Ignore libCrun as - # -library=stlport4 depends on it. - case " $CXX $CXXFLAGS " in - *" -library=stlport4 "*) - solaris_use_stlport4=yes - ;; - esac - - # Adding this requires a known-good setup of shared libraries for - # Sun compiler versions before 5.6, else PIC objects from an old - # archive will be linked into the output, leading to subtle bugs. - if test "$solaris_use_stlport4" != yes; then - _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' - fi - ;; - esac - ;; -esac -]) - -case " $_LT_TAGVAR(postdeps, $1) " in -*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; -esac - _LT_TAGVAR(compiler_lib_search_dirs, $1)= -if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then - _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` -fi -_LT_TAGDECL([], [compiler_lib_search_dirs], [1], - [The directories searched by this compiler when creating a shared library]) -_LT_TAGDECL([], [predep_objects], [1], - [Dependencies to place before and after the objects being linked to - create a shared library]) -_LT_TAGDECL([], [postdep_objects], [1]) -_LT_TAGDECL([], [predeps], [1]) -_LT_TAGDECL([], [postdeps], [1]) -_LT_TAGDECL([], [compiler_lib_search_path], [1], - [The library search path used internally by the compiler when linking - a shared library]) -])# _LT_SYS_HIDDEN_LIBDEPS - - -# _LT_PROG_F77 -# ------------ -# Since AC_PROG_F77 is broken, in that it returns the empty string -# if there is no fortran compiler, we have our own version here. -m4_defun([_LT_PROG_F77], -[ -pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes]) -AC_PROG_F77 -if test -z "$F77" || test "X$F77" = "Xno"; then - _lt_disable_F77=yes -fi -popdef([AC_MSG_ERROR]) -])# _LT_PROG_F77 - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([_LT_PROG_F77], []) - - -# _LT_LANG_F77_CONFIG([TAG]) -# -------------------------- -# Ensure that the configuration variables for a Fortran 77 compiler are -# suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. -m4_defun([_LT_LANG_F77_CONFIG], -[AC_REQUIRE([_LT_PROG_F77])dnl -AC_LANG_PUSH(Fortran 77) - -_LT_TAGVAR(archive_cmds_need_lc, $1)=no -_LT_TAGVAR(allow_undefined_flag, $1)= -_LT_TAGVAR(always_export_symbols, $1)=no -_LT_TAGVAR(archive_expsym_cmds, $1)= -_LT_TAGVAR(export_dynamic_flag_spec, $1)= -_LT_TAGVAR(hardcode_direct, $1)=no -_LT_TAGVAR(hardcode_direct_absolute, $1)=no -_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= -_LT_TAGVAR(hardcode_libdir_separator, $1)= -_LT_TAGVAR(hardcode_minus_L, $1)=no -_LT_TAGVAR(hardcode_automatic, $1)=no -_LT_TAGVAR(inherit_rpath, $1)=no -_LT_TAGVAR(module_cmds, $1)= -_LT_TAGVAR(module_expsym_cmds, $1)= -_LT_TAGVAR(link_all_deplibs, $1)=unknown -_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds -_LT_TAGVAR(no_undefined_flag, $1)= -_LT_TAGVAR(whole_archive_flag_spec, $1)= -_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no - -# Source file extension for f77 test sources. -ac_ext=f - -# Object file extension for compiled f77 test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# No sense in running all these tests if we already determined that -# the F77 compiler isn't working. Some variables (like enable_shared) -# are currently assumed to apply to all compilers on this platform, -# and will be corrupted by setting them based on a non-working compiler. -if test "$_lt_disable_F77" != yes; then - # Code to be used in simple compile tests - lt_simple_compile_test_code="\ - subroutine t - return - end -" - - # Code to be used in simple link tests - lt_simple_link_test_code="\ - program t - end -" - - # ltmain only uses $CC for tagged configurations so make sure $CC is set. - _LT_TAG_COMPILER - - # save warnings/boilerplate of simple test code - _LT_COMPILER_BOILERPLATE - _LT_LINKER_BOILERPLATE - - # Allow CC to be a program name with arguments. - lt_save_CC="$CC" - lt_save_GCC=$GCC - CC=${F77-"f77"} - compiler=$CC - _LT_TAGVAR(compiler, $1)=$CC - _LT_CC_BASENAME([$compiler]) - GCC=$G77 - if test -n "$compiler"; then - AC_MSG_CHECKING([if libtool supports shared libraries]) - AC_MSG_RESULT([$can_build_shared]) - - AC_MSG_CHECKING([whether to build shared libraries]) - test "$can_build_shared" = "no" && enable_shared=no - - # On AIX, shared libraries and static libraries use the same namespace, and - # are all built from PIC. - case $host_os in - aix3*) - test "$enable_shared" = yes && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; - aix[[4-9]]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no - fi - ;; - esac - AC_MSG_RESULT([$enable_shared]) - - AC_MSG_CHECKING([whether to build static libraries]) - # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes - AC_MSG_RESULT([$enable_static]) - - _LT_TAGVAR(GCC, $1)="$G77" - _LT_TAGVAR(LD, $1)="$LD" - - ## CAVEAT EMPTOR: - ## There is no encapsulation within the following macros, do not change - ## the running order or otherwise move them around unless you know exactly - ## what you are doing... - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_SYS_DYNAMIC_LINKER($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - - _LT_CONFIG($1) - fi # test -n "$compiler" - - GCC=$lt_save_GCC - CC="$lt_save_CC" -fi # test "$_lt_disable_F77" != yes - -AC_LANG_POP -])# _LT_LANG_F77_CONFIG - - -# _LT_PROG_FC -# ----------- -# Since AC_PROG_FC is broken, in that it returns the empty string -# if there is no fortran compiler, we have our own version here. -m4_defun([_LT_PROG_FC], -[ -pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes]) -AC_PROG_FC -if test -z "$FC" || test "X$FC" = "Xno"; then - _lt_disable_FC=yes -fi -popdef([AC_MSG_ERROR]) -])# _LT_PROG_FC - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([_LT_PROG_FC], []) - - -# _LT_LANG_FC_CONFIG([TAG]) -# ------------------------- -# Ensure that the configuration variables for a Fortran compiler are -# suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. -m4_defun([_LT_LANG_FC_CONFIG], -[AC_REQUIRE([_LT_PROG_FC])dnl -AC_LANG_PUSH(Fortran) - -_LT_TAGVAR(archive_cmds_need_lc, $1)=no -_LT_TAGVAR(allow_undefined_flag, $1)= -_LT_TAGVAR(always_export_symbols, $1)=no -_LT_TAGVAR(archive_expsym_cmds, $1)= -_LT_TAGVAR(export_dynamic_flag_spec, $1)= -_LT_TAGVAR(hardcode_direct, $1)=no -_LT_TAGVAR(hardcode_direct_absolute, $1)=no -_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= -_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= -_LT_TAGVAR(hardcode_libdir_separator, $1)= -_LT_TAGVAR(hardcode_minus_L, $1)=no -_LT_TAGVAR(hardcode_automatic, $1)=no -_LT_TAGVAR(inherit_rpath, $1)=no -_LT_TAGVAR(module_cmds, $1)= -_LT_TAGVAR(module_expsym_cmds, $1)= -_LT_TAGVAR(link_all_deplibs, $1)=unknown -_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds -_LT_TAGVAR(no_undefined_flag, $1)= -_LT_TAGVAR(whole_archive_flag_spec, $1)= -_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no - -# Source file extension for fc test sources. -ac_ext=${ac_fc_srcext-f} - -# Object file extension for compiled fc test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# No sense in running all these tests if we already determined that -# the FC compiler isn't working. Some variables (like enable_shared) -# are currently assumed to apply to all compilers on this platform, -# and will be corrupted by setting them based on a non-working compiler. -if test "$_lt_disable_FC" != yes; then - # Code to be used in simple compile tests - lt_simple_compile_test_code="\ - subroutine t - return - end -" - - # Code to be used in simple link tests - lt_simple_link_test_code="\ - program t - end -" - - # ltmain only uses $CC for tagged configurations so make sure $CC is set. - _LT_TAG_COMPILER - - # save warnings/boilerplate of simple test code - _LT_COMPILER_BOILERPLATE - _LT_LINKER_BOILERPLATE - - # Allow CC to be a program name with arguments. - lt_save_CC="$CC" - lt_save_GCC=$GCC - CC=${FC-"f95"} - compiler=$CC - GCC=$ac_cv_fc_compiler_gnu - - _LT_TAGVAR(compiler, $1)=$CC - _LT_CC_BASENAME([$compiler]) - - if test -n "$compiler"; then - AC_MSG_CHECKING([if libtool supports shared libraries]) - AC_MSG_RESULT([$can_build_shared]) - - AC_MSG_CHECKING([whether to build shared libraries]) - test "$can_build_shared" = "no" && enable_shared=no - - # On AIX, shared libraries and static libraries use the same namespace, and - # are all built from PIC. - case $host_os in - aix3*) - test "$enable_shared" = yes && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; - aix[[4-9]]*) - if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then - test "$enable_shared" = yes && enable_static=no - fi - ;; - esac - AC_MSG_RESULT([$enable_shared]) - - AC_MSG_CHECKING([whether to build static libraries]) - # Make sure either enable_shared or enable_static is yes. - test "$enable_shared" = yes || enable_static=yes - AC_MSG_RESULT([$enable_static]) - - _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" - _LT_TAGVAR(LD, $1)="$LD" - - ## CAVEAT EMPTOR: - ## There is no encapsulation within the following macros, do not change - ## the running order or otherwise move them around unless you know exactly - ## what you are doing... - _LT_SYS_HIDDEN_LIBDEPS($1) - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_SYS_DYNAMIC_LINKER($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - - _LT_CONFIG($1) - fi # test -n "$compiler" - - GCC=$lt_save_GCC - CC="$lt_save_CC" -fi # test "$_lt_disable_FC" != yes - -AC_LANG_POP -])# _LT_LANG_FC_CONFIG - - -# _LT_LANG_GCJ_CONFIG([TAG]) -# -------------------------- -# Ensure that the configuration variables for the GNU Java Compiler compiler -# are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. -m4_defun([_LT_LANG_GCJ_CONFIG], -[AC_REQUIRE([LT_PROG_GCJ])dnl -AC_LANG_SAVE - -# Source file extension for Java test sources. -ac_ext=java - -# Object file extension for compiled Java test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code="class foo {}" - -# Code to be used in simple link tests -lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' - -# ltmain only uses $CC for tagged configurations so make sure $CC is set. -_LT_TAG_COMPILER - -# save warnings/boilerplate of simple test code -_LT_COMPILER_BOILERPLATE -_LT_LINKER_BOILERPLATE - -# Allow CC to be a program name with arguments. -lt_save_CC="$CC" -lt_save_GCC=$GCC -GCC=yes -CC=${GCJ-"gcj"} -compiler=$CC -_LT_TAGVAR(compiler, $1)=$CC -_LT_TAGVAR(LD, $1)="$LD" -_LT_CC_BASENAME([$compiler]) - -# GCJ did not exist at the time GCC didn't implicitly link libc in. -_LT_TAGVAR(archive_cmds_need_lc, $1)=no - -_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds - -if test -n "$compiler"; then - _LT_COMPILER_NO_RTTI($1) - _LT_COMPILER_PIC($1) - _LT_COMPILER_C_O($1) - _LT_COMPILER_FILE_LOCKS($1) - _LT_LINKER_SHLIBS($1) - _LT_LINKER_HARDCODE_LIBPATH($1) - - _LT_CONFIG($1) -fi - -AC_LANG_RESTORE - -GCC=$lt_save_GCC -CC="$lt_save_CC" -])# _LT_LANG_GCJ_CONFIG - - -# _LT_LANG_RC_CONFIG([TAG]) -# ------------------------- -# Ensure that the configuration variables for the Windows resource compiler -# are suitably defined. These variables are subsequently used by _LT_CONFIG -# to write the compiler configuration to `libtool'. -m4_defun([_LT_LANG_RC_CONFIG], -[AC_REQUIRE([LT_PROG_RC])dnl -AC_LANG_SAVE - -# Source file extension for RC test sources. -ac_ext=rc - -# Object file extension for compiled RC test sources. -objext=o -_LT_TAGVAR(objext, $1)=$objext - -# Code to be used in simple compile tests -lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' - -# Code to be used in simple link tests -lt_simple_link_test_code="$lt_simple_compile_test_code" - -# ltmain only uses $CC for tagged configurations so make sure $CC is set. -_LT_TAG_COMPILER - -# save warnings/boilerplate of simple test code -_LT_COMPILER_BOILERPLATE -_LT_LINKER_BOILERPLATE - -# Allow CC to be a program name with arguments. -lt_save_CC="$CC" -lt_save_GCC=$GCC -GCC= -CC=${RC-"windres"} -compiler=$CC -_LT_TAGVAR(compiler, $1)=$CC -_LT_CC_BASENAME([$compiler]) -_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes - -if test -n "$compiler"; then - : - _LT_CONFIG($1) -fi - -GCC=$lt_save_GCC -AC_LANG_RESTORE -CC="$lt_save_CC" -])# _LT_LANG_RC_CONFIG - - -# LT_PROG_GCJ -# ----------- -AC_DEFUN([LT_PROG_GCJ], -[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], - [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], - [AC_CHECK_TOOL(GCJ, gcj,) - test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" - AC_SUBST(GCJFLAGS)])])[]dnl -]) - -# Old name: -AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([LT_AC_PROG_GCJ], []) - - -# LT_PROG_RC -# ---------- -AC_DEFUN([LT_PROG_RC], -[AC_CHECK_TOOL(RC, windres,) -]) - -# Old name: -AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([LT_AC_PROG_RC], []) - - -# _LT_DECL_EGREP -# -------------- -# If we don't have a new enough Autoconf to choose the best grep -# available, choose the one first in the user's PATH. -m4_defun([_LT_DECL_EGREP], -[AC_REQUIRE([AC_PROG_EGREP])dnl -AC_REQUIRE([AC_PROG_FGREP])dnl -test -z "$GREP" && GREP=grep -_LT_DECL([], [GREP], [1], [A grep program that handles long lines]) -_LT_DECL([], [EGREP], [1], [An ERE matcher]) -_LT_DECL([], [FGREP], [1], [A literal string matcher]) -dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too -AC_SUBST([GREP]) -]) - - -# _LT_DECL_OBJDUMP -# -------------- -# If we don't have a new enough Autoconf to choose the best objdump -# available, choose the one first in the user's PATH. -m4_defun([_LT_DECL_OBJDUMP], -[AC_CHECK_TOOL(OBJDUMP, objdump, false) -test -z "$OBJDUMP" && OBJDUMP=objdump -_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) -AC_SUBST([OBJDUMP]) -]) - - -# _LT_DECL_SED -# ------------ -# Check for a fully-functional sed program, that truncates -# as few characters as possible. Prefer GNU sed if found. -m4_defun([_LT_DECL_SED], -[AC_PROG_SED -test -z "$SED" && SED=sed -Xsed="$SED -e 1s/^X//" -_LT_DECL([], [SED], [1], [A sed program that does not truncate output]) -_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], - [Sed that helps us avoid accidentally triggering echo(1) options like -n]) -])# _LT_DECL_SED - -m4_ifndef([AC_PROG_SED], [ -# NOTE: This macro has been submitted for inclusion into # -# GNU Autoconf as AC_PROG_SED. When it is available in # -# a released version of Autoconf we should remove this # -# macro and use it instead. # - -m4_defun([AC_PROG_SED], -[AC_MSG_CHECKING([for a sed that does not truncate output]) -AC_CACHE_VAL(lt_cv_path_SED, -[# Loop through the user's path and test for sed and gsed. -# Then use that list of sed's as ones to test for truncation. -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for lt_ac_prog in sed gsed; do - for ac_exec_ext in '' $ac_executable_extensions; do - if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then - lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" - fi - done - done -done -IFS=$as_save_IFS -lt_ac_max=0 -lt_ac_count=0 -# Add /usr/xpg4/bin/sed as it is typically found on Solaris -# along with /bin/sed that truncates output. -for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do - test ! -f $lt_ac_sed && continue - cat /dev/null > conftest.in - lt_ac_count=0 - echo $ECHO_N "0123456789$ECHO_C" >conftest.in - # Check for GNU sed and select it if it is found. - if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then - lt_cv_path_SED=$lt_ac_sed - break - fi - while true; do - cat conftest.in conftest.in >conftest.tmp - mv conftest.tmp conftest.in - cp conftest.in conftest.nl - echo >>conftest.nl - $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break - cmp -s conftest.out conftest.nl || break - # 10000 chars as input seems more than enough - test $lt_ac_count -gt 10 && break - lt_ac_count=`expr $lt_ac_count + 1` - if test $lt_ac_count -gt $lt_ac_max; then - lt_ac_max=$lt_ac_count - lt_cv_path_SED=$lt_ac_sed - fi - done -done -]) -SED=$lt_cv_path_SED -AC_SUBST([SED]) -AC_MSG_RESULT([$SED]) -])#AC_PROG_SED -])#m4_ifndef - -# Old name: -AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([LT_AC_PROG_SED], []) - - -# _LT_CHECK_SHELL_FEATURES -# ------------------------ -# Find out whether the shell is Bourne or XSI compatible, -# or has some other useful features. -m4_defun([_LT_CHECK_SHELL_FEATURES], -[AC_MSG_CHECKING([whether the shell understands some XSI constructs]) -# Try some XSI features -xsi_shell=no -( _lt_dummy="a/b/c" - test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \ - = c,a/b,, \ - && eval 'test $(( 1 + 1 )) -eq 2 \ - && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ - && xsi_shell=yes -AC_MSG_RESULT([$xsi_shell]) -_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) - -AC_MSG_CHECKING([whether the shell understands "+="]) -lt_shell_append=no -( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ - >/dev/null 2>&1 \ - && lt_shell_append=yes -AC_MSG_RESULT([$lt_shell_append]) -_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) - -if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then - lt_unset=unset -else - lt_unset=false -fi -_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl - -# test EBCDIC or ASCII -case `echo X|tr X '\101'` in - A) # ASCII based system - # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr - lt_SP2NL='tr \040 \012' - lt_NL2SP='tr \015\012 \040\040' - ;; - *) # EBCDIC based system - lt_SP2NL='tr \100 \n' - lt_NL2SP='tr \r\n \100\100' - ;; -esac -_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl -_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl -])# _LT_CHECK_SHELL_FEATURES - - -# _LT_PROG_XSI_SHELLFNS -# --------------------- -# Bourne and XSI compatible variants of some useful shell functions. -m4_defun([_LT_PROG_XSI_SHELLFNS], -[case $xsi_shell in - yes) - cat << \_LT_EOF >> "$cfgfile" - -# func_dirname file append nondir_replacement -# Compute the dirname of FILE. If nonempty, add APPEND to the result, -# otherwise set result to NONDIR_REPLACEMENT. -func_dirname () -{ - case ${1} in - */*) func_dirname_result="${1%/*}${2}" ;; - * ) func_dirname_result="${3}" ;; - esac -} - -# func_basename file -func_basename () -{ - func_basename_result="${1##*/}" -} - -# func_dirname_and_basename file append nondir_replacement -# perform func_basename and func_dirname in a single function -# call: -# dirname: Compute the dirname of FILE. If nonempty, -# add APPEND to the result, otherwise set result -# to NONDIR_REPLACEMENT. -# value returned in "$func_dirname_result" -# basename: Compute filename of FILE. -# value retuned in "$func_basename_result" -# Implementation must be kept synchronized with func_dirname -# and func_basename. For efficiency, we do not delegate to -# those functions but instead duplicate the functionality here. -func_dirname_and_basename () -{ - case ${1} in - */*) func_dirname_result="${1%/*}${2}" ;; - * ) func_dirname_result="${3}" ;; - esac - func_basename_result="${1##*/}" -} - -# func_stripname prefix suffix name -# strip PREFIX and SUFFIX off of NAME. -# PREFIX and SUFFIX must not contain globbing or regex special -# characters, hashes, percent signs, but SUFFIX may contain a leading -# dot (in which case that matches only a dot). -func_stripname () -{ - # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are - # positional parameters, so assign one to ordinary parameter first. - func_stripname_result=${3} - func_stripname_result=${func_stripname_result#"${1}"} - func_stripname_result=${func_stripname_result%"${2}"} -} - -# func_opt_split -func_opt_split () -{ - func_opt_split_opt=${1%%=*} - func_opt_split_arg=${1#*=} -} - -# func_lo2o object -func_lo2o () -{ - case ${1} in - *.lo) func_lo2o_result=${1%.lo}.${objext} ;; - *) func_lo2o_result=${1} ;; - esac -} - -# func_xform libobj-or-source -func_xform () -{ - func_xform_result=${1%.*}.lo -} - -# func_arith arithmetic-term... -func_arith () -{ - func_arith_result=$(( $[*] )) -} - -# func_len string -# STRING may not start with a hyphen. -func_len () -{ - func_len_result=${#1} -} - -_LT_EOF - ;; - *) # Bourne compatible functions. - cat << \_LT_EOF >> "$cfgfile" - -# func_dirname file append nondir_replacement -# Compute the dirname of FILE. If nonempty, add APPEND to the result, -# otherwise set result to NONDIR_REPLACEMENT. -func_dirname () -{ - # Extract subdirectory from the argument. - func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` - if test "X$func_dirname_result" = "X${1}"; then - func_dirname_result="${3}" - else - func_dirname_result="$func_dirname_result${2}" - fi -} - -# func_basename file -func_basename () -{ - func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` -} - -dnl func_dirname_and_basename -dnl A portable version of this function is already defined in general.m4sh -dnl so there is no need for it here. - -# func_stripname prefix suffix name -# strip PREFIX and SUFFIX off of NAME. -# PREFIX and SUFFIX must not contain globbing or regex special -# characters, hashes, percent signs, but SUFFIX may contain a leading -# dot (in which case that matches only a dot). -# func_strip_suffix prefix name -func_stripname () -{ - case ${2} in - .*) func_stripname_result=`$ECHO "X${3}" \ - | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;; - *) func_stripname_result=`$ECHO "X${3}" \ - | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;; - esac -} - -# sed scripts: -my_sed_long_opt='1s/^\(-[[^=]]*\)=.*/\1/;q' -my_sed_long_arg='1s/^-[[^=]]*=//' - -# func_opt_split -func_opt_split () -{ - func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"` - func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"` -} - -# func_lo2o object -func_lo2o () -{ - func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"` -} - -# func_xform libobj-or-source -func_xform () -{ - func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'` -} - -# func_arith arithmetic-term... -func_arith () -{ - func_arith_result=`expr "$[@]"` -} - -# func_len string -# STRING may not start with a hyphen. -func_len () -{ - func_len_result=`expr "$[1]" : ".*" 2>/dev/null || echo $max_cmd_len` -} - -_LT_EOF -esac - -case $lt_shell_append in - yes) - cat << \_LT_EOF >> "$cfgfile" - -# func_append var value -# Append VALUE to the end of shell variable VAR. -func_append () -{ - eval "$[1]+=\$[2]" -} -_LT_EOF - ;; - *) - cat << \_LT_EOF >> "$cfgfile" - -# func_append var value -# Append VALUE to the end of shell variable VAR. -func_append () -{ - eval "$[1]=\$$[1]\$[2]" -} - -_LT_EOF - ;; - esac -]) - -# Helper functions for option handling. -*- Autoconf -*- -# -# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. -# Written by Gary V. Vaughan, 2004 -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. - -# serial 6 ltoptions.m4 - -# This is to help aclocal find these macros, as it can't see m4_define. -AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) - - -# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) -# ------------------------------------------ -m4_define([_LT_MANGLE_OPTION], -[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) - - -# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) -# --------------------------------------- -# Set option OPTION-NAME for macro MACRO-NAME, and if there is a -# matching handler defined, dispatch to it. Other OPTION-NAMEs are -# saved as a flag. -m4_define([_LT_SET_OPTION], -[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl -m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), - _LT_MANGLE_DEFUN([$1], [$2]), - [m4_warning([Unknown $1 option `$2'])])[]dnl -]) - - -# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) -# ------------------------------------------------------------ -# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. -m4_define([_LT_IF_OPTION], -[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) - - -# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) -# ------------------------------------------------------- -# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME -# are set. -m4_define([_LT_UNLESS_OPTIONS], -[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), - [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), - [m4_define([$0_found])])])[]dnl -m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 -])[]dnl -]) - - -# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) -# ---------------------------------------- -# OPTION-LIST is a space-separated list of Libtool options associated -# with MACRO-NAME. If any OPTION has a matching handler declared with -# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about -# the unknown option and exit. -m4_defun([_LT_SET_OPTIONS], -[# Set options -m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), - [_LT_SET_OPTION([$1], _LT_Option)]) - -m4_if([$1],[LT_INIT],[ - dnl - dnl Simply set some default values (i.e off) if boolean options were not - dnl specified: - _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no - ]) - _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no - ]) - dnl - dnl If no reference was made to various pairs of opposing options, then - dnl we run the default mode handler for the pair. For example, if neither - dnl `shared' nor `disable-shared' was passed, we enable building of shared - dnl archives by default: - _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) - _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) - _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) - _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], - [_LT_ENABLE_FAST_INSTALL]) - ]) -])# _LT_SET_OPTIONS - - - -# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) -# ----------------------------------------- -m4_define([_LT_MANGLE_DEFUN], -[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) - - -# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) -# ----------------------------------------------- -m4_define([LT_OPTION_DEFINE], -[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl -])# LT_OPTION_DEFINE - - -# dlopen -# ------ -LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes -]) - -AU_DEFUN([AC_LIBTOOL_DLOPEN], -[_LT_SET_OPTION([LT_INIT], [dlopen]) -AC_DIAGNOSE([obsolete], -[$0: Remove this warning and the call to _LT_SET_OPTION when you -put the `dlopen' option into LT_INIT's first parameter.]) -]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) - - -# win32-dll -# --------- -# Declare package support for building win32 dll's. -LT_OPTION_DEFINE([LT_INIT], [win32-dll], -[enable_win32_dll=yes - -case $host in -*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*) - AC_CHECK_TOOL(AS, as, false) - AC_CHECK_TOOL(DLLTOOL, dlltool, false) - AC_CHECK_TOOL(OBJDUMP, objdump, false) - ;; -esac - -test -z "$AS" && AS=as -_LT_DECL([], [AS], [0], [Assembler program])dnl - -test -z "$DLLTOOL" && DLLTOOL=dlltool -_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl - -test -z "$OBJDUMP" && OBJDUMP=objdump -_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl -])# win32-dll - -AU_DEFUN([AC_LIBTOOL_WIN32_DLL], -[AC_REQUIRE([AC_CANONICAL_HOST])dnl -_LT_SET_OPTION([LT_INIT], [win32-dll]) -AC_DIAGNOSE([obsolete], -[$0: Remove this warning and the call to _LT_SET_OPTION when you -put the `win32-dll' option into LT_INIT's first parameter.]) -]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) - - -# _LT_ENABLE_SHARED([DEFAULT]) -# ---------------------------- -# implement the --enable-shared flag, and supports the `shared' and -# `disable-shared' LT_INIT options. -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. -m4_define([_LT_ENABLE_SHARED], -[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl -AC_ARG_ENABLE([shared], - [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], - [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], - [p=${PACKAGE-default} - case $enableval in - yes) enable_shared=yes ;; - no) enable_shared=no ;; - *) - enable_shared=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for pkg in $enableval; do - IFS="$lt_save_ifs" - if test "X$pkg" = "X$p"; then - enable_shared=yes - fi - done - IFS="$lt_save_ifs" - ;; - esac], - [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) - - _LT_DECL([build_libtool_libs], [enable_shared], [0], - [Whether or not to build shared libraries]) -])# _LT_ENABLE_SHARED - -LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) -LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) - -# Old names: -AC_DEFUN([AC_ENABLE_SHARED], -[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) -]) - -AC_DEFUN([AC_DISABLE_SHARED], -[_LT_SET_OPTION([LT_INIT], [disable-shared]) -]) - -AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) -AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AM_ENABLE_SHARED], []) -dnl AC_DEFUN([AM_DISABLE_SHARED], []) - - - -# _LT_ENABLE_STATIC([DEFAULT]) -# ---------------------------- -# implement the --enable-static flag, and support the `static' and -# `disable-static' LT_INIT options. -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. -m4_define([_LT_ENABLE_STATIC], -[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl -AC_ARG_ENABLE([static], - [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], - [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], - [p=${PACKAGE-default} - case $enableval in - yes) enable_static=yes ;; - no) enable_static=no ;; - *) - enable_static=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for pkg in $enableval; do - IFS="$lt_save_ifs" - if test "X$pkg" = "X$p"; then - enable_static=yes - fi - done - IFS="$lt_save_ifs" - ;; - esac], - [enable_static=]_LT_ENABLE_STATIC_DEFAULT) - - _LT_DECL([build_old_libs], [enable_static], [0], - [Whether or not to build static libraries]) -])# _LT_ENABLE_STATIC - -LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) -LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) - -# Old names: -AC_DEFUN([AC_ENABLE_STATIC], -[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) -]) - -AC_DEFUN([AC_DISABLE_STATIC], -[_LT_SET_OPTION([LT_INIT], [disable-static]) -]) - -AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) -AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AM_ENABLE_STATIC], []) -dnl AC_DEFUN([AM_DISABLE_STATIC], []) - - - -# _LT_ENABLE_FAST_INSTALL([DEFAULT]) -# ---------------------------------- -# implement the --enable-fast-install flag, and support the `fast-install' -# and `disable-fast-install' LT_INIT options. -# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. -m4_define([_LT_ENABLE_FAST_INSTALL], -[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl -AC_ARG_ENABLE([fast-install], - [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], - [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], - [p=${PACKAGE-default} - case $enableval in - yes) enable_fast_install=yes ;; - no) enable_fast_install=no ;; - *) - enable_fast_install=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," - for pkg in $enableval; do - IFS="$lt_save_ifs" - if test "X$pkg" = "X$p"; then - enable_fast_install=yes - fi - done - IFS="$lt_save_ifs" - ;; - esac], - [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) - -_LT_DECL([fast_install], [enable_fast_install], [0], - [Whether or not to optimize for fast installation])dnl -])# _LT_ENABLE_FAST_INSTALL - -LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) -LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) - -# Old names: -AU_DEFUN([AC_ENABLE_FAST_INSTALL], -[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) -AC_DIAGNOSE([obsolete], -[$0: Remove this warning and the call to _LT_SET_OPTION when you put -the `fast-install' option into LT_INIT's first parameter.]) -]) - -AU_DEFUN([AC_DISABLE_FAST_INSTALL], -[_LT_SET_OPTION([LT_INIT], [disable-fast-install]) -AC_DIAGNOSE([obsolete], -[$0: Remove this warning and the call to _LT_SET_OPTION when you put -the `disable-fast-install' option into LT_INIT's first parameter.]) -]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) -dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) - - -# _LT_WITH_PIC([MODE]) -# -------------------- -# implement the --with-pic flag, and support the `pic-only' and `no-pic' -# LT_INIT options. -# MODE is either `yes' or `no'. If omitted, it defaults to `both'. -m4_define([_LT_WITH_PIC], -[AC_ARG_WITH([pic], - [AS_HELP_STRING([--with-pic], - [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], - [pic_mode="$withval"], - [pic_mode=default]) - -test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) - -_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl -])# _LT_WITH_PIC - -LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) -LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) - -# Old name: -AU_DEFUN([AC_LIBTOOL_PICMODE], -[_LT_SET_OPTION([LT_INIT], [pic-only]) -AC_DIAGNOSE([obsolete], -[$0: Remove this warning and the call to _LT_SET_OPTION when you -put the `pic-only' option into LT_INIT's first parameter.]) -]) - -dnl aclocal-1.4 backwards compatibility: -dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) - - -m4_define([_LTDL_MODE], []) -LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], - [m4_define([_LTDL_MODE], [nonrecursive])]) -LT_OPTION_DEFINE([LTDL_INIT], [recursive], - [m4_define([_LTDL_MODE], [recursive])]) -LT_OPTION_DEFINE([LTDL_INIT], [subproject], - [m4_define([_LTDL_MODE], [subproject])]) - -m4_define([_LTDL_TYPE], []) -LT_OPTION_DEFINE([LTDL_INIT], [installable], - [m4_define([_LTDL_TYPE], [installable])]) -LT_OPTION_DEFINE([LTDL_INIT], [convenience], - [m4_define([_LTDL_TYPE], [convenience])]) - -# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- -# -# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. -# Written by Gary V. Vaughan, 2004 -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. - -# serial 6 ltsugar.m4 - -# This is to help aclocal find these macros, as it can't see m4_define. -AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) - - -# lt_join(SEP, ARG1, [ARG2...]) -# ----------------------------- -# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their -# associated separator. -# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier -# versions in m4sugar had bugs. -m4_define([lt_join], -[m4_if([$#], [1], [], - [$#], [2], [[$2]], - [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) -m4_define([_lt_join], -[m4_if([$#$2], [2], [], - [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) - - -# lt_car(LIST) -# lt_cdr(LIST) -# ------------ -# Manipulate m4 lists. -# These macros are necessary as long as will still need to support -# Autoconf-2.59 which quotes differently. -m4_define([lt_car], [[$1]]) -m4_define([lt_cdr], -[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], - [$#], 1, [], - [m4_dquote(m4_shift($@))])]) -m4_define([lt_unquote], $1) - - -# lt_append(MACRO-NAME, STRING, [SEPARATOR]) -# ------------------------------------------ -# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. -# Note that neither SEPARATOR nor STRING are expanded; they are appended -# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). -# No SEPARATOR is output if MACRO-NAME was previously undefined (different -# than defined and empty). -# -# This macro is needed until we can rely on Autoconf 2.62, since earlier -# versions of m4sugar mistakenly expanded SEPARATOR but not STRING. -m4_define([lt_append], -[m4_define([$1], - m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) - - - -# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) -# ---------------------------------------------------------- -# Produce a SEP delimited list of all paired combinations of elements of -# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list -# has the form PREFIXmINFIXSUFFIXn. -# Needed until we can rely on m4_combine added in Autoconf 2.62. -m4_define([lt_combine], -[m4_if(m4_eval([$# > 3]), [1], - [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl -[[m4_foreach([_Lt_prefix], [$2], - [m4_foreach([_Lt_suffix], - ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, - [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) - - -# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) -# ----------------------------------------------------------------------- -# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited -# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. -m4_define([lt_if_append_uniq], -[m4_ifdef([$1], - [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], - [lt_append([$1], [$2], [$3])$4], - [$5])], - [lt_append([$1], [$2], [$3])$4])]) - - -# lt_dict_add(DICT, KEY, VALUE) -# ----------------------------- -m4_define([lt_dict_add], -[m4_define([$1($2)], [$3])]) - - -# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) -# -------------------------------------------- -m4_define([lt_dict_add_subkey], -[m4_define([$1($2:$3)], [$4])]) - - -# lt_dict_fetch(DICT, KEY, [SUBKEY]) -# ---------------------------------- -m4_define([lt_dict_fetch], -[m4_ifval([$3], - m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), - m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) - - -# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) -# ----------------------------------------------------------------- -m4_define([lt_if_dict_fetch], -[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], - [$5], - [$6])]) - - -# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) -# -------------------------------------------------------------- -m4_define([lt_dict_filter], -[m4_if([$5], [], [], - [lt_join(m4_quote(m4_default([$4], [[, ]])), - lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), - [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl -]) - -# ltversion.m4 -- version numbers -*- Autoconf -*- -# -# Copyright (C) 2004 Free Software Foundation, Inc. -# Written by Scott James Remnant, 2004 -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. - -# Generated from ltversion.in. - -# serial 3012 ltversion.m4 -# This file is part of GNU Libtool - -m4_define([LT_PACKAGE_VERSION], [2.2.6]) -m4_define([LT_PACKAGE_REVISION], [1.3012]) - -AC_DEFUN([LTVERSION_VERSION], -[macro_version='2.2.6' -macro_revision='1.3012' -_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) -_LT_DECL(, macro_revision, 0) -]) - -# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- -# -# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc. -# Written by Scott James Remnant, 2004. -# -# This file is free software; the Free Software Foundation gives -# unlimited permission to copy and/or distribute it, with or without -# modifications, as long as this notice is preserved. - -# serial 4 lt~obsolete.m4 - -# These exist entirely to fool aclocal when bootstrapping libtool. -# -# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) -# which have later been changed to m4_define as they aren't part of the -# exported API, or moved to Autoconf or Automake where they belong. -# -# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN -# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us -# using a macro with the same name in our local m4/libtool.m4 it'll -# pull the old libtool.m4 in (it doesn't see our shiny new m4_define -# and doesn't know about Autoconf macros at all.) -# -# So we provide this file, which has a silly filename so it's always -# included after everything else. This provides aclocal with the -# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything -# because those macros already exist, or will be overwritten later. -# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. -# -# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. -# Yes, that means every name once taken will need to remain here until -# we give up compatibility with versions before 1.7, at which point -# we need to keep only those names which we still refer to. - -# This is to help aclocal find these macros, as it can't see m4_define. -AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) - -m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) -m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) -m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) -m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) -m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) -m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) -m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) -m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) -m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) -m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) -m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) -m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) -m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) -m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) -m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) -m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) -m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) -m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) -m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) -m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) -m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) -m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) -m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) -m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) -m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) -m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) -m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) -m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) -m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) -m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) -m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) -m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) -m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) -m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) -m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) -m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) -m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) -m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) -m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) -m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) -m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) -m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) -m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])]) -m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) -m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) -m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) -m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) -m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) -m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) -m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) -m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) -m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) -m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) -m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) -m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) - # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # # Copyright © 2004 Scott James Remnant . @@ -8446,10 +375,10 @@ fi[]dnl # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.10' +[am__api_version='1.11' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.10.2], [], +m4_if([$1], [1.11], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -8465,7 +394,7 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.10.2])dnl +[AM_AUTOMAKE_VERSION([1.11])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) @@ -8525,14 +454,14 @@ am_aux_dir=`cd $ac_aux_dir && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006 +# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 8 +# serial 9 # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- @@ -8545,6 +474,7 @@ AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl +m4_define([_AM_COND_VALUE_$1], [$2])dnl if $2; then $1_TRUE= $1_FALSE='#' @@ -8558,14 +488,14 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 9 +# serial 10 # There are a few dirty hacks below to avoid letting `AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, @@ -8622,6 +552,16 @@ AC_CACHE_CHECK([dependency style of $depcc], if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` fi + am__universal=false + m4_case([$1], [CC], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac], + [CXX], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac]) + for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and @@ -8639,7 +579,17 @@ AC_CACHE_CHECK([dependency style of $depcc], done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested @@ -8649,19 +599,23 @@ AC_CACHE_CHECK([dependency style of $depcc], break fi ;; + msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; none) break ;; esac - # We check with `-c' and `-o' for the sake of the "dashmstdout" - # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. if depmode=$depmode \ - source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ + source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ - $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && - grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message @@ -8799,13 +753,13 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2008 Free Software Foundation, Inc. +# 2005, 2006, 2008, 2009 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 13 +# serial 16 # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. @@ -8822,7 +776,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], -[AC_PREREQ([2.60])dnl +[AC_PREREQ([2.62])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl @@ -8873,8 +827,8 @@ AM_MISSING_PROG(AUTOCONF, autoconf) AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) AM_MISSING_PROG(AUTOHEADER, autoheader) AM_MISSING_PROG(MAKEINFO, makeinfo) -AM_PROG_INSTALL_SH -AM_PROG_INSTALL_STRIP +AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AM_PROG_MKDIR_P])dnl # We need awk for the "check" target. The system "awk" is bad on # some platforms. @@ -8882,24 +836,37 @@ AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], - [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], - [_AM_PROG_TAR([v7])])]) + [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], + [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], - [_AM_DEPENDENCIES(CC)], - [define([AC_PROG_CC], - defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl + [_AM_DEPENDENCIES(CC)], + [define([AC_PROG_CC], + defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], - [_AM_DEPENDENCIES(CXX)], - [define([AC_PROG_CXX], - defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl + [_AM_DEPENDENCIES(CXX)], + [define([AC_PROG_CXX], + defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], - [_AM_DEPENDENCIES(OBJC)], - [define([AC_PROG_OBJC], - defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl + [_AM_DEPENDENCIES(OBJC)], + [define([AC_PROG_OBJC], + defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl ]) +_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl +dnl The `parallel-tests' driver may need to know about EXEEXT, so add the +dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro +dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. +AC_CONFIG_COMMANDS_PRE(dnl +[m4_provide_if([_AM_COMPILER_EXEEXT], + [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) +dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further +dnl mangled by Autoconf and run in a shell conditional statement. +m4_define([_AC_COMPILER_EXEEXT], +m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) + # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header @@ -8922,7 +889,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -8933,7 +900,14 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"} +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi AC_SUBST(install_sh)]) # Copyright (C) 2003, 2005 Free Software Foundation, Inc. @@ -8959,13 +933,13 @@ AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. +# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 3 +# serial 4 # AM_MAKE_INCLUDE() # ----------------- @@ -8974,7 +948,7 @@ AC_DEFUN([AM_MAKE_INCLUDE], [am_make=${MAKE-make} cat > confinc << 'END' am__doit: - @echo done + @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. @@ -8984,24 +958,24 @@ am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# We grep out `Entering directory' and `Leaving directory' -# messages which can occur if `w' ends up in MAKEFLAGS. -# In particular we don't look at `^make:' because GNU make might -# be invoked under some other name (usually "gmake"), in which -# case it prints its new name instead of `make'. -if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then - am__include=include - am__quote= - _am_result=GNU -fi +# Ignore all kinds of additional output from `make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf - if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then - am__include=.include - am__quote="\"" - _am_result=BSD - fi + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac fi AC_SUBST([am__include]) AC_SUBST([am__quote]) @@ -9011,14 +985,14 @@ rm -f confinc confmf # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005 +# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 5 +# serial 6 # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ @@ -9035,7 +1009,14 @@ AC_SUBST($1)]) AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl -test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " @@ -9123,14 +1104,14 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 +# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 4 +# serial 5 # AM_SANITY_CHECK # --------------- @@ -9139,16 +1120,29 @@ AC_DEFUN([AM_SANITY_CHECK], # Just in case sleep 1 echo timestamp > conftest.file +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[[\\\"\#\$\&\'\`$am_lf]]*) + AC_MSG_ERROR([unsafe absolute working directory name]);; +esac +case $srcdir in + *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) + AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; +esac + # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. - set X `ls -t $srcdir/configure conftest.file` + set X `ls -t "$srcdir/configure" conftest.file` fi rm -f conftest.file if test "$[*]" != "X $srcdir/configure conftest.file" \ @@ -9201,18 +1195,25 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006 Free Software Foundation, Inc. +# Copyright (C) 2006, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# serial 2 + # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) +# AM_SUBST_NOTMAKE(VARIABLE) +# --------------------------- +# Public sister of _AM_SUBST_NOTMAKE. +AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) + # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004, 2005 Free Software Foundation, Inc. @@ -9309,3 +1310,8 @@ AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR +m4_include([m4/config/libtool.m4]) +m4_include([m4/config/ltoptions.m4]) +m4_include([m4/config/ltsugar.m4]) +m4_include([m4/config/ltversion.m4]) +m4_include([m4/config/lt~obsolete.m4]) diff --git a/config.guess b/config.guess index f32079abd..da8331460 100755 --- a/config.guess +++ b/config.guess @@ -4,7 +4,7 @@ # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 # Free Software Foundation, Inc. -timestamp='2008-01-23' +timestamp='2009-04-27' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -324,6 +324,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; @@ -331,7 +334,20 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize @@ -796,7 +812,7 @@ EOF x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; - EM64T | authenticamd) + EM64T | authenticamd | genuineintel) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) @@ -935,6 +951,9 @@ EOF if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu + exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -985,9 +1004,6 @@ EOF a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. @@ -1102,8 +1118,11 @@ EOF pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 @@ -1141,6 +1160,16 @@ EOF 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; @@ -1216,6 +1245,9 @@ EOF BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1324,6 +1356,9 @@ EOF i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 diff --git a/config.sub b/config.sub index 6759825a5..a39437d01 100755 --- a/config.sub +++ b/config.sub @@ -4,7 +4,7 @@ # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 # Free Software Foundation, Inc. -timestamp='2008-01-16' +timestamp='2009-04-17' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -122,6 +122,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` @@ -249,13 +250,16 @@ case $basic_machine in | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep \ + | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ - | mips64vr | mips64vrel \ + | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ @@ -268,6 +272,7 @@ case $basic_machine in | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | moxie \ | mt \ | msp430 \ | nios | nios2 \ @@ -277,7 +282,7 @@ case $basic_machine in | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ | score \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -286,7 +291,7 @@ case $basic_machine in | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) + | z8k | z80) basic_machine=$basic_machine-unknown ;; m6811 | m68hc11 | m6812 | m68hc12) @@ -329,14 +334,17 @@ case $basic_machine in | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ - | mips64vr-* | mips64vrel-* \ + | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ @@ -358,20 +366,20 @@ case $basic_machine in | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ - | z8k-*) + | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) @@ -439,6 +447,10 @@ case $basic_machine in basic_machine=m68k-apollo os=-bsd ;; + aros) + basic_machine=i386-pc + os=-aros + ;; aux) basic_machine=m68k-apple os=-aux @@ -459,6 +471,10 @@ case $basic_machine in basic_machine=c90-cray os=-unicos ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -526,6 +542,10 @@ case $basic_machine in basic_machine=m88k-motorola os=-sysv3 ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp @@ -1128,6 +1148,10 @@ case $basic_machine in basic_machine=z8k-unknown os=-sim ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; none) basic_machine=none-none os=-none @@ -1166,7 +1190,7 @@ case $basic_machine in we32k) basic_machine=we32k-att ;; - sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) @@ -1238,8 +1262,9 @@ case $os in -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ + | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1248,7 +1273,7 @@ case $os in | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ + | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ @@ -1388,6 +1413,9 @@ case $os in -zvmoe) os=-zvmoe ;; + -dicos*) + os=-dicos + ;; -none) ;; *) diff --git a/configure b/configure index 8142a2378..e36ba904c 100755 --- a/configure +++ b/configure @@ -1,18 +1,20 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.63 for strongSwan 4.3.4. +# Generated by GNU Autoconf 2.64 for strongSwan 4.3.6. # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -# 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software +# Foundation, Inc. +# # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. -## --------------------- ## -## M4sh Initialization. ## -## --------------------- ## +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which @@ -20,23 +22,15 @@ if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; esac - fi - - -# PATH needs CR -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - as_nl=' ' export as_nl @@ -44,7 +38,13 @@ export as_nl as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else @@ -55,7 +55,7 @@ else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; - case $arg in + case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; @@ -78,13 +78,6 @@ if test "${PATH_SEPARATOR+set}" != set; then } fi -# Support unset when possible. -if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then - as_unset=unset -else - as_unset=false -fi - # IFS # We need space, tab and new line, in precisely that order. Quoting is @@ -94,15 +87,15 @@ fi IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. -case $0 in +case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -done + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done IFS=$as_save_IFS ;; @@ -114,12 +107,16 @@ if test "x$as_myself" = x; then fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - { (exit 1); exit 1; } + exit 1 fi -# Work around bugs in pre-3.0 UWIN ksh. -for as_var in ENV MAIL MAILPATH -do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' @@ -131,7 +128,248 @@ export LC_ALL LANGUAGE=C export LANGUAGE -# Required to use basename. +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + # We cannot yet assume a decent shell, so we have to provide a + # neutralization value for shells without unset; and this also + # works around shells that cannot unset nonexistent variables. + BASH_ENV=/dev/null + ENV=/dev/null + (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, +$0: including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error ERROR [LINENO LOG_FD] +# --------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with status $?, using 1 if that was 0. +as_fn_error () +{ + as_status=$?; test $as_status -eq 0 && as_status=1 + if test "$3"; then + as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + fi + $as_echo "$as_me: error: $1" >&2 + as_fn_exit $as_status +} # as_fn_error + if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr @@ -145,8 +383,12 @@ else as_basename=false fi +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi -# Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ @@ -166,409 +408,120 @@ $as_echo X/"$0" | } s/.*/./; q'` -# CDPATH. -$as_unset CDPATH +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits -if test "x$CONFIG_SHELL" = x; then - if (eval ":") 2>/dev/null; then - as_have_required=yes -else - as_have_required=no -fi + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } - if test $as_have_required = yes && (eval ": -(as_func_return () { - (exit \$1) -} -as_func_success () { - as_func_return 0 -} -as_func_failure () { - as_func_return 1 -} -as_func_ret_success () { - return 0 -} -as_func_ret_failure () { - return 1 + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit } -exitcode=0 -if as_func_success; then - : -else - exitcode=1 - echo as_func_success failed. -fi +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac -if as_func_failure; then - exitcode=1 - echo as_func_failure succeeded. +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null fi - -if as_func_ret_success; then - : +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi else - exitcode=1 - echo as_func_ret_success failed. + as_ln_s='cp -p' fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null -if as_func_ret_failure; then - exitcode=1 - echo as_func_ret_failure succeeded. +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false fi -if ( set x; as_func_ret_success y && test x = \"\$1\" ); then - : +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' else - exitcode=1 - echo positional parameters were not saved. + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in #( + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' fi +as_executable_p=$as_test_x -test \$exitcode = 0) || { (exit 1); exit 1; } - -( - as_lineno_1=\$LINENO - as_lineno_2=\$LINENO - test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && - test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } -") 2> /dev/null; then - : -else - as_candidate_shells= - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - case $as_dir in - /*) - for as_base in sh bash ksh sh5; do - as_candidate_shells="$as_candidate_shells $as_dir/$as_base" - done;; - esac -done -IFS=$as_save_IFS - - - for as_shell in $as_candidate_shells $SHELL; do - # Try only shells that exist, to save several forks. - if { test -f "$as_shell" || test -f "$as_shell.exe"; } && - { ("$as_shell") 2> /dev/null <<\_ASEOF -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; -esac - -fi - - -: -_ASEOF -}; then - CONFIG_SHELL=$as_shell - as_have_required=yes - if { "$as_shell" 2> /dev/null <<\_ASEOF -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; -esac - -fi - - -: -(as_func_return () { - (exit $1) -} -as_func_success () { - as_func_return 0 -} -as_func_failure () { - as_func_return 1 -} -as_func_ret_success () { - return 0 -} -as_func_ret_failure () { - return 1 -} - -exitcode=0 -if as_func_success; then - : -else - exitcode=1 - echo as_func_success failed. -fi - -if as_func_failure; then - exitcode=1 - echo as_func_failure succeeded. -fi - -if as_func_ret_success; then - : -else - exitcode=1 - echo as_func_ret_success failed. -fi - -if as_func_ret_failure; then - exitcode=1 - echo as_func_ret_failure succeeded. -fi - -if ( set x; as_func_ret_success y && test x = "$1" ); then - : -else - exitcode=1 - echo positional parameters were not saved. -fi - -test $exitcode = 0) || { (exit 1); exit 1; } - -( - as_lineno_1=$LINENO - as_lineno_2=$LINENO - test "x$as_lineno_1" != "x$as_lineno_2" && - test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } - -_ASEOF -}; then - break -fi - -fi - - done - - if test "x$CONFIG_SHELL" != x; then - for as_var in BASH_ENV ENV - do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var - done - export CONFIG_SHELL - exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} -fi - - - if test $as_have_required = no; then - echo This script requires a shell more modern than all the - echo shells that I found on your system. Please install a - echo modern shell, or manually run the script under such a - echo shell if you do have one. - { (exit 1); exit 1; } -fi - - -fi - -fi - - - -(eval "as_func_return () { - (exit \$1) -} -as_func_success () { - as_func_return 0 -} -as_func_failure () { - as_func_return 1 -} -as_func_ret_success () { - return 0 -} -as_func_ret_failure () { - return 1 -} - -exitcode=0 -if as_func_success; then - : -else - exitcode=1 - echo as_func_success failed. -fi - -if as_func_failure; then - exitcode=1 - echo as_func_failure succeeded. -fi - -if as_func_ret_success; then - : -else - exitcode=1 - echo as_func_ret_success failed. -fi - -if as_func_ret_failure; then - exitcode=1 - echo as_func_ret_failure succeeded. -fi - -if ( set x; as_func_ret_success y && test x = \"\$1\" ); then - : -else - exitcode=1 - echo positional parameters were not saved. -fi - -test \$exitcode = 0") || { - echo No shell found that supports shell functions. - echo Please tell bug-autoconf@gnu.org about your system, - echo including any error possibly output before this message. - echo This can help us improve future autoconf versions. - echo Configuration will now proceed without shell functions. -} - - - - as_lineno_1=$LINENO - as_lineno_2=$LINENO - test "x$as_lineno_1" != "x$as_lineno_2" && - test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { - - # Create $as_me.lineno as a copy of $as_myself, but with $LINENO - # uniformly replaced by the line number. The first 'sed' inserts a - # line-number line after each line using $LINENO; the second 'sed' - # does the real work. The second script uses 'N' to pair each - # line-number line with the line containing $LINENO, and appends - # trailing '-' during substitution so that $LINENO is not a special - # case at line end. - # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the - # scripts with optimization help from Paolo Bonzini. Blame Lee - # E. McMahon (1931-1989) for sed's syntax. :-) - sed -n ' - p - /[$]LINENO/= - ' <$as_myself | - sed ' - s/[$]LINENO.*/&-/ - t lineno - b - :lineno - N - :loop - s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ - t loop - s/-\n.*// - ' >$as_me.lineno && - chmod +x "$as_me.lineno" || - { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 - { (exit 1); exit 1; }; } - - # Don't try to exec as it changes $[0], causing all sort of problems - # (the dirname of $[0] is not the place where we might find the - # original and so on. Autoconf is especially sensitive to this). - . "./$as_me.lineno" - # Exit status is that of the last command. - exit -} - - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - -ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in --n*) - case `echo 'x\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. - *) ECHO_C='\c';; - esac;; -*) - ECHO_N='-n';; -esac -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -rm -f conf$$ conf$$.exe conf$$.file -if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file -else - rm -f conf$$.dir - mkdir conf$$.dir 2>/dev/null -fi -if (echo >conf$$.file) 2>/dev/null; then - if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -p'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -p' - elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln - else - as_ln_s='cp -p' - fi -else - as_ln_s='cp -p' -fi -rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file -rmdir conf$$.dir 2>/dev/null - -if mkdir -p . 2>/dev/null; then - as_mkdir_p=: -else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -fi - -if test -x / >/dev/null 2>&1; then - as_test_x='test -x' -else - if ls -dL / >/dev/null 2>&1; then - as_ls_L_option=L - else - as_ls_L_option= - fi - as_test_x=' - eval sh -c '\'' - if test -d "$1"; then - test -d "$1/."; - else - case $1 in - -*)set "./$1";; - esac; - case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in - ???[sx]*):;;*)false;;esac;fi - '\'' sh - ' -fi -as_executable_p=$as_test_x - -# Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" - -# Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" @@ -738,14 +691,14 @@ cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= -SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='4.3.4' -PACKAGE_STRING='strongSwan 4.3.4' +PACKAGE_VERSION='4.3.6' +PACKAGE_STRING='strongSwan 4.3.6' PACKAGE_BUGREPORT='' +PACKAGE_URL='' # Factoring default headers for most tests. ac_includes_default="\ @@ -783,8 +736,12 @@ ac_includes_default="\ # include #endif" -ac_subst_vars='LTLIBOBJS +ac_subst_vars='am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS LIBOBJS +USE_SIMAKA_FALSE +USE_SIMAKA_TRUE USE_VSTR_FALSE USE_VSTR_TRUE USE_FILE_CONFIG_FALSE @@ -839,6 +796,8 @@ USE_EAP_RADIUS_FALSE USE_EAP_RADIUS_TRUE USE_EAP_MSCHAPV2_FALSE USE_EAP_MSCHAPV2_TRUE +USE_EAP_AKA_3GPP2_FALSE +USE_EAP_AKA_3GPP2_TRUE USE_EAP_AKA_FALSE USE_EAP_AKA_TRUE USE_EAP_GTC_FALSE @@ -847,16 +806,20 @@ USE_EAP_MD5_FALSE USE_EAP_MD5_TRUE USE_EAP_IDENTITY_FALSE USE_EAP_IDENTITY_TRUE +USE_EAP_SIMAKA_REAUTH_FALSE +USE_EAP_SIMAKA_REAUTH_TRUE +USE_EAP_SIMAKA_PSEUDONYM_FALSE +USE_EAP_SIMAKA_PSEUDONYM_TRUE USE_EAP_SIM_FILE_FALSE USE_EAP_SIM_FILE_TRUE USE_EAP_SIM_FALSE USE_EAP_SIM_TRUE -USE_LOAD_TESTS_FALSE -USE_LOAD_TESTS_TRUE +USE_LOAD_TESTER_FALSE +USE_LOAD_TESTER_TRUE USE_UNIT_TESTS_FALSE USE_UNIT_TESTS_TRUE -USE_RESOLV_CONF_FALSE -USE_RESOLV_CONF_TRUE +USE_RESOLVE_FALSE +USE_RESOLVE_TRUE USE_ATTR_FALSE USE_ATTR_TRUE USE_UPDOWN_FALSE @@ -883,6 +846,8 @@ USE_OPENSSL_FALSE USE_OPENSSL_TRUE USE_PADLOCK_FALSE USE_PADLOCK_TRUE +USE_ATTR_SQL_FALSE +USE_ATTR_SQL_TRUE USE_SQLITE_FALSE USE_SQLITE_TRUE USE_MYSQL_FALSE @@ -891,6 +856,14 @@ USE_XCBC_FALSE USE_XCBC_TRUE USE_HMAC_FALSE USE_HMAC_TRUE +USE_PEM_FALSE +USE_PEM_TRUE +USE_DNSKEY_FALSE +USE_DNSKEY_TRUE +USE_PGP_FALSE +USE_PGP_TRUE +USE_PKCS1_FALSE +USE_PKCS1_TRUE USE_PUBKEY_FALSE USE_PUBKEY_TRUE USE_X509_FALSE @@ -925,15 +898,17 @@ pluto_plugins libstrongswan_plugins nm_LIBS nm_CFLAGS -LIBGCRYPT_LIBS -LIBGCRYPT_CFLAGS -LIBGCRYPT_CONFIG +MYSQLCFLAG +MYSQLLIB +MYSQLCONFIG RUBYINCLUDE RUBY gtk_LIBS gtk_CFLAGS xml_LIBS xml_CFLAGS +PTHREADLIB +RTLIB SOCKLIB BTLIB DLLIB @@ -993,18 +968,19 @@ CFLAGS CC ipsecgroup ipsecuser -IPSEC_ROUTING_TABLE_PRIO -IPSEC_ROUTING_TABLE -LINUX_HEADERS -linuxdir -simreader +routing_table_prio +routing_table +linux_headers +nm_ca_dir plugindir ipsecdir piddir -strongswan_conf resolv_conf +strongswan_conf +urandom_device +random_device +default_pkcs11 PKG_CONFIG -confdir am__untar am__tar AMTAR @@ -1058,6 +1034,7 @@ bindir program_transform_name prefix exec_prefix +PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION @@ -1069,23 +1046,21 @@ ac_subst_files='' ac_user_opts=' enable_option_checking with_default_pkcs11 -with_xauth_module with_random_device -with_resolv_conf -with_strongswan_conf with_urandom_device +with_strongswan_conf +with_resolv_conf with_piddir with_ipsecdir with_plugindir -with_sim_reader +with_nm_ca_dir with_linux_headers with_routing_table with_routing_table_prio -with_uid -with_gid +with_capabilities +with_xauth_module with_user with_group -with_capabilities enable_curl enable_ldap enable_aes @@ -1100,6 +1075,10 @@ enable_gmp enable_random enable_x509 enable_pubkey +enable_pkcs1 +enable_pgp +enable_dnskey +enable_pem enable_hmac enable_xcbc enable_test_vectors @@ -1115,13 +1094,16 @@ enable_cisco_quirks enable_leak_detective enable_lock_profiler enable_unit_tests -enable_load_tests +enable_load_tester enable_eap_sim enable_eap_sim_file +enable_eap_simaka_pseudonym +enable_eap_simaka_reauth enable_eap_identity enable_eap_md5 enable_eap_gtc enable_eap_aka +enable_eap_aka_3gpp2 enable_eap_mschapv2 enable_eap_radius enable_kernel_netlink @@ -1143,7 +1125,8 @@ enable_tools enable_scripts enable_updown enable_attr -enable_resolv_conf +enable_attr_sql +enable_resolve enable_padlock enable_openssl enable_gcrypt @@ -1159,7 +1142,6 @@ with_pic enable_fast_install with_gnu_ld enable_libtool_lock -with_libgcrypt_prefix ' ac_precious_vars='build_alias host_alias @@ -1287,8 +1269,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2 - { (exit 1); exit 1; }; } + as_fn_error "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1314,8 +1295,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2 - { (exit 1); exit 1; }; } + as_fn_error "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1519,8 +1499,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2 - { (exit 1); exit 1; }; } + as_fn_error "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1536,8 +1515,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2 - { (exit 1); exit 1; }; } + as_fn_error "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1567,17 +1545,17 @@ do | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) { $as_echo "$as_me: error: unrecognized option: $ac_option -Try \`$0 --help' for more information." >&2 - { (exit 1); exit 1; }; } + -*) as_fn_error "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information." ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. - expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && - { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2 - { (exit 1); exit 1; }; } + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error "invalid variable name: \`$ac_envvar'" ;; + esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; @@ -1594,15 +1572,13 @@ done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` - { $as_echo "$as_me: error: missing argument to $ac_option" >&2 - { (exit 1); exit 1; }; } + as_fn_error "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; - fatal) { $as_echo "$as_me: error: unrecognized options: $ac_unrecognized_opts" >&2 - { (exit 1); exit 1; }; } ;; + fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi @@ -1625,8 +1601,7 @@ do [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac - { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 - { (exit 1); exit 1; }; } + as_fn_error "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' @@ -1656,11 +1631,9 @@ test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - { $as_echo "$as_me: error: working directory cannot be determined" >&2 - { (exit 1); exit 1; }; } + as_fn_error "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - { $as_echo "$as_me: error: pwd does not report name of working directory" >&2 - { (exit 1); exit 1; }; } + as_fn_error "pwd does not report name of working directory" # Find the source files, if location was not specified. @@ -1699,13 +1672,11 @@ else fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 - { (exit 1); exit 1; }; } + as_fn_error "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2 - { (exit 1); exit 1; }; } + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then @@ -1731,7 +1702,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 4.3.4 to adapt to many kinds of systems. +\`configure' configures strongSwan 4.3.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1801,7 +1772,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 4.3.4:";; + short | recursive ) echo "Configuration of strongSwan 4.3.6:";; esac cat <<\_ACEOF @@ -1810,124 +1781,101 @@ Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-curl enable CURL fetcher plugin to fetch files via - libcurl (default is NO). Requires libcurl. + libcurl. Requires libcurl. --enable-ldap enable LDAP fetching plugin to fetch files via - libldap (default is NO). Requires openLDAP. - --disable-aes disable own AES software implementation plugin. - (default is NO). - --disable-des disable own DES/3DES software implementation plugin. - (default is NO). - --enable-blowfish enable Blowfish software implementation plugin - (default is NO). - --enable-md4 enable MD4 software implementation plugin (default - is NO). - --disable-md5 disable own MD5 software implementation plugin. - (default is NO). - --disable-sha1 disable own SHA1 software implementation plugin. - (default is NO). - --disable-sha2 disable own SHA256/SHA384/SHA512 software - implementation plugin. (default is NO). + libldap. Requires openLDAP. + --disable-aes disable AES software implementation plugin. + --disable-des disable DES/3DES software implementation plugin. + --enable-blowfish enable Blowfish software implementation plugin. + --enable-md4 enable MD4 software implementation plugin. + --disable-md5 disable MD5 software implementation plugin. + --disable-sha1 disable SHA1 software implementation plugin. + --disable-sha2 disable SHA256/SHA384/SHA512 software implementation + plugin. --disable-fips-prf disable FIPS PRF software implementation plugin. - (default is NO). - --disable-gmp disable own GNU MP (libgmp) based crypto - implementation plugin. (default is NO). + --disable-gmp disable GNU MP (libgmp) based crypto implementation + plugin. --disable-random disable RNG implementation on top of /dev/(u)random. - (default is NO). - --disable-x509 disable own X509 certificate implementation plugin. - (default is NO). - --disable-pubkey disable RAW public key support plugin. (default is - NO). - --disable-hmac disable HMAC crypto implementation plugin. (default - is NO). - --disable-xcbc disable xcbc crypto implementation plugin. (default - is NO). - --enable-test-vectors enable plugin providing crypto test vectors (default - is NO). - --enable-mysql enable MySQL database support (default is NO). - Requires libmysqlclient_r. - --enable-sqlite enable SQLite database support (default is NO). - Requires libsqlite3. + --disable-x509 disable X509 certificate implementation plugin. + --disable-pubkey disable RAW public key support plugin. + --disable-pkcs1 disable PKCS1 key decoding plugin. + --disable-pgp disable PGP key decoding plugin. + --disable-dnskey disable DNS RR key decoding plugin. + --disable-pem disable PEM decoding plugin. + --disable-hmac disable HMAC crypto implementation plugin. + --disable-xcbc disable xcbc crypto implementation plugin. + --enable-test-vectors enable plugin providing crypto test vectors. + --enable-mysql enable MySQL database support. Requires + libmysqlclient_r. + --enable-sqlite enable SQLite database support. Requires libsqlite3. --disable-stroke disable charons stroke (pluto compatibility) - configuration backend. (default is NO). + configuration backend. --enable-medsrv enable mediation server web frontend and daemon - plugin (default is NO). + plugin. --enable-medcli enable mediation client configuration database - plugin (default is NO). - --enable-smp enable SMP configuration and control interface - (default is NO). Requires libxml. - --enable-sql enable SQL database configuration backend (default - is NO). - --enable-smartcard enable smartcard support (default is NO). - --enable-cisco-quirks enable support of Cisco VPN client (default is NO). - --enable-leak-detective enable malloc hooks to find memory leaks (default is - NO). - --enable-lock-profiler enable lock/mutex profiling code (default is NO). - --enable-unit-tests enable unit tests on IKEv2 daemon startup (default - is NO). - --enable-load-tests enable load testing plugin for IKEv2 daemon (default - is NO). - --enable-eap-sim build SIM authenication module for EAP (default is - NO). - --enable-eap-sim-file build EAP-SIM backend based on a triplet file - (default is NO). - --enable-eap-identity build EAP module providing EAP-Identity helper - (default is NO). - --enable-eap-md5 build MD5 (CHAP) authenication module for EAP - (default is NO). - --enable-eap-gtc build PAM based GTC authenication module for EAP - (default is NO). - --enable-eap-aka build AKA authentication module for EAP (default is - NO). - --enable-eap-mschapv2 build MS-CHAPv2 authenication module for EAP - (default is NO). - --enable-eap-radius build RADIUS proxy authenication module for EAP - (default is NO). + plugin. + --enable-smp enable SMP configuration and control interface. + Requires libxml. + --enable-sql enable SQL database configuration backend. + --enable-smartcard enable smartcard support. + --enable-cisco-quirks enable support of Cisco VPN client. + --enable-leak-detective enable malloc hooks to find memory leaks. + --enable-lock-profiler enable lock/mutex profiling code. + --enable-unit-tests enable unit tests on IKEv2 daemon startup. + --enable-load-tester enable load testing plugin for IKEv2 daemon. + --enable-eap-sim enable SIM authenication module for EAP. + --enable-eap-sim-file enable EAP-SIM backend based on a triplet file. + --enable-eap-simaka-pseudonym + enable EAP-SIM/AKA pseudonym storage plugin. + --enable-eap-simaka-reauth + enable EAP-SIM/AKA reauthentication data storage + plugin. + --enable-eap-identity enable EAP module providing EAP-Identity helper. + --enable-eap-md5 enable EAP MD5 (CHAP) authenication module. + --enable-eap-gtc enable PAM based EAP GTC authenication module. + --enable-eap-aka enable EAP AKA authentication module. + --enable-eap-aka-3gpp2 enable EAP AKA backend implementing 3GPP2 algorithms + in software. Requires libgmp. + --enable-eap-mschapv2 enable EAP MS-CHAPv2 authenication module. + --enable-eap-radius enable RADIUS proxy authenication module. --disable-kernel-netlink - disable the netlink kernel interface. (default is - NO). - --enable-kernel-pfkey enable the PF_KEY kernel interface. (default is NO). - --enable-kernel-pfroute enable the PF_ROUTE kernel interface. (default is - NO). - --enable-kernel-klips enable the KLIPS kernel interface. (default is NO). - --enable-nat-transport enable NAT traversal with IPsec transport mode - (default is NO). - --disable-vendor-id disable the sending of the strongSwan vendor ID - (default is NO). - --disable-xauth-vid disable the sending of the XAUTH vendor ID (default - is NO). - --enable-dumm build the DUMM UML test framework (default is NO). - --enable-fast build libfast (FastCGI Application Server w/ - templates (default is NO). - --enable-manager build web management console (default is NO). - --enable-mediation enable IKEv2 Mediation Extension (default is NO). + disable the netlink kernel interface. + --enable-kernel-pfkey enable the PF_KEY kernel interface. + --enable-kernel-pfroute enable the PF_ROUTE kernel interface. + --enable-kernel-klips enable the KLIPS kernel interface. + --enable-nat-transport enable NAT traversal with IPsec transport mode in + pluto. + --disable-vendor-id disable the sending of the strongSwan vendor ID in + pluto. + --disable-xauth-vid disable the sending of the XAUTH vendor ID. + --enable-dumm enable the DUMM UML test framework. + --enable-fast enable libfast (FastCGI Application Server w/ + templates. + --enable-manager enable web management console (proof of concept). + --enable-mediation enable IKEv2 Mediation Extension. --enable-integrity-test enable integrity testing of libstrongswan and - plugins (default is NO). - --disable-pluto disable the IKEv1 keying daemon pluto. (default is - NO). + plugins. + --disable-pluto disable the IKEv1 keying daemon pluto. --disable-threads disable the use of threads in pluto. Charon always - uses threads. (default is NO). - --disable-charon disable the IKEv2 keying daemon charon. (default is - NO). - --disable-tools disable additional utilities (openac and - scepclient). (default is NO). + uses threads. + --disable-charon disable the IKEv2 keying daemon charon. + --disable-tools disable additional utilities (openac, scepclient and + pki). --disable-scripts disable additional utilities (found in directory - scripts). (default is NO). - --disable-updown disable updown firewall script plugin. (default is - NO). + scripts). + --disable-updown disable updown firewall script plugin. --disable-attr disable strongswan.conf based configuration - attribute plugin. (default is NO). - --disable-resolv-conf disable resolv.conf DNS handler plugin. (default is - NO). - --enable-padlock enables VIA Padlock crypto plugin. (default is NO). - --enable-openssl enables the OpenSSL crypto plugin. (default is NO). - --enable-gcrypt enables the libgcrypt plugin. (default is NO). - --enable-agent enables the ssh-agent signing plugin. (default is - NO). - --enable-uci enable OpenWRT UCI configuration plugin (default is - NO). - --enable-nm enable NetworkManager plugin (default is NO). + attribute plugin. + --enable-attr-sql enable SQL based configuration attribute plugin. + --disable-resolve disable resolve DNS handler plugin. + --enable-padlock enables VIA Padlock crypto plugin. + --enable-openssl enables the OpenSSL crypto plugin. + --enable-gcrypt enables the libgcrypt plugin. + --enable-agent enables the ssh-agent signing plugin. + --enable-uci enable OpenWRT UCI configuration plugin. + --enable-nm enable NetworkManager plugin. --enable-vstr enforce using the Vstr string library to replace - glibc-like printf hooks (default is NO). + glibc-like printf hooks. --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors --enable-shared[=PKGS] build shared libraries [default=yes] @@ -1939,52 +1887,48 @@ Optional Features: Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --with-default-pkcs11=lib - set the default PKCS11 library other than - "/usr/lib/opensc-pkcs11.so" + --with-default-pkcs11=arg + set the default PKCS11 library (default: + /usr/lib/opensc-pkcs11.so). + --with-random-device=arg + set the device to read real random data from + (default: /dev/random). + --with-urandom-device=arg + set the device to read pseudo random data from + (default: /dev/urandom). + --with-strongswan-conf=arg + set the strongswan.conf file location (default: + ${sysconfdir}/strongswan.conf). + --with-resolv-conf=arg set the file to use in DNS handler plugin (default: + ${sysconfdir}/resolv.conf). + --with-piddir=arg set path for PID and UNIX socket files (default: + /var/run). + --with-ipsecdir=arg set installation path for ipsec tools (default: + ${libexecdir%/}/ipsec). + --with-plugindir=arg set the installation path of plugins (default: + ${ipsecdir%/}/plugins). + --with-nm-ca-dir=arg directory the NM plugin uses to look up trusted root + certificates (default: /usr/share/ca-certificates). + --with-linux-headers=arg + set directory of linux header files to use (default: + \${top_srcdir}/src/include). + --with-routing-table=arg + set routing table to use for IPsec routes (default: + 220). + --with-routing-table-prio=arg + set priority for IPsec routing table (default: 220). + --with-capabilities=arg set capability dropping library. Currently only the + value "libcap" is supported (default: no). --with-xauth-module=lib set the path to the XAUTH module - --with-random-device=dev - set the device for real random data other than - "/dev/random" - --with-resolv-conf=file set the file to use in DNS handler plugin other than - "sysconfdir/resolv.conf" - --with-strongswan-conf=file - strongswan.conf file other than - "sysconfdir/strongswan.conf" - --with-urandom-device=dev - set the device for pseudo random data other than - "/dev/urandom" - --with-piddir=dir path for PID and UNIX socket files other than - "/var/run" - --with-ipsecdir=dir installation path for ipsec tools other than - "libexecdir/ipsec" - --with-plugindir=dir installation path for plugins other than - "ipsecdir/plugins" - --with-sim-reader=library.so - library containing the - sim_run_alg()/sim_get_triplet() function for EAP-SIM - --with-linux-headers=dir - use the linux header files in dir instead of the - supplied ones in "src/include" - --with-routing-table=num - use routing table for IPsec routes (default: 220) - --with-routing-table-prio=prio - priority for IPsec routing table (default: 220) - --with-user=user change user of the daemons to "user" after startup (default is "root"). --with-group=group change group of the daemons to "group" after startup (default is "root"). - --with-capabilities=libcap - capability dropping using libcap. Currenlty only the - value "libcap" is supported (default is NO). --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib --without-lib-prefix don't search for libraries in includedir and libdir --with-pic try to use only PIC/non-PIC objects [default=use both] --with-gnu-ld assume the C compiler uses GNU ld [default=no] - --with-libgcrypt-prefix=PFX - prefix where LIBGCRYPT is installed (optional) Some influential environment variables: PKG_CONFIG path to pkg-config utility @@ -2011,6 +1955,7 @@ Some influential environment variables: Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. +Report bugs to the package provider. _ACEOF ac_status=$? fi @@ -2073,59 +2018,521 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 4.3.4 -generated by GNU Autoconf 2.63 +strongSwan configure 4.3.6 +generated by GNU Autoconf 2.64 -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 2009 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi -cat >config.log <<_ACEOF -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. - -It was created by strongSwan $as_me 4.3.4, which was -generated by GNU Autoconf 2.63. Invocation command line was - $ $0 $@ +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## -_ACEOF -exec 5>>config.log +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () { -cat <<_ASUNAME -## --------- ## -## Platform. ## -## --------- ## - -hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` -uname -m = `(uname -m) 2>/dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 -/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` -/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` -/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` -/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + ac_retval=1 +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + return $ac_retval -_ASUNAME +} # ac_fn_c_try_compile -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + return $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + return $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_header_compile + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + return $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_func + +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof ($2)) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_type + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_header_mongrel + +# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES +# ---------------------------------------------------- +# Tries to find if the field MEMBER exists in type AGGR, after including +# INCLUDES, setting cache variable VAR accordingly. +ac_fn_c_check_member () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +$as_echo_n "checking for $2.$3... " >&6; } +if { as_var=$4; eval "test \"\${$as_var+set}\" = set"; }; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + eval "$4=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$4 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + +} # ac_fn_c_check_member +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by strongSwan $as_me 4.3.6, which was +generated by GNU Autoconf 2.64. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - $as_echo "PATH: $as_dir" -done + $as_echo "PATH: $as_dir" + done IFS=$as_save_IFS } >&5 @@ -2162,9 +2569,9 @@ do ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in - 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) - ac_configure_args1="$ac_configure_args1 '$ac_arg'" + as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else @@ -2180,13 +2587,13 @@ do -* ) ac_must_keep_next=true ;; esac fi - ac_configure_args="$ac_configure_args '$ac_arg'" + as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done -$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } -$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there @@ -2211,13 +2618,13 @@ _ASBOX case $ac_val in #( *${as_nl}*) case $ac_var in #( - *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5 + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( - *) $as_unset $ac_var ;; + *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done @@ -2289,39 +2696,41 @@ _ASBOX exit $exit_status ' 0 for ac_signal in 1 2 13 15; do - trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h +$as_echo "/* confdefs.h */" > confdefs.h + # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF - cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF - cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF - cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF - cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. @@ -2340,7 +2749,7 @@ for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test -r "$ac_site_file"; then - { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" @@ -2351,7 +2760,7 @@ if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special # files actually), so we avoid doing that. if test -f "$cache_file"; then - { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; @@ -2359,7 +2768,7 @@ $as_echo "$as_me: loading cache $cache_file" >&6;} esac fi else - { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi @@ -2374,11 +2783,11 @@ for ac_var in $ac_precious_vars; do eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) - { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; @@ -2388,17 +2797,17 @@ $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then - { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else - { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi - { $as_echo "$as_me:$LINENO: former value: \`$ac_old_val'" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} - { $as_echo "$as_me:$LINENO: current value: \`$ac_new_val'" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac @@ -2410,43 +2819,20 @@ $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. - *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then - { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} - { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 -$as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi - - - - - - - - - - - - - - - - - - - - - - - - +## -------------------- ## +## Main body of script. ## +## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -2455,28 +2841,20 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -am__api_version='1.10' +am__api_version='1.11' ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi + for ac_t in install-sh install.sh shtool; do + if test -f "$ac_dir/$ac_t"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/$ac_t -c" + break 2 + fi + done done if test -z "$ac_aux_dir"; then - { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5 -$as_echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, @@ -2502,10 +2880,10 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. -{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then -if test "${ac_cv_path_install+set}" = set; then +if test "${ac_cv_path_install+set}" = set; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -2513,11 +2891,11 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - # Account for people who put trailing slashes in PATH elements. -case $as_dir/ in - ./ | .// | /cC/* | \ + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ - ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. @@ -2554,7 +2932,7 @@ case $as_dir/ in ;; esac -done + done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir @@ -2570,7 +2948,7 @@ fi INSTALL=$ac_install_sh fi fi -{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. @@ -2581,21 +2959,34 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' -{ $as_echo "$as_me:$LINENO: checking whether build environment is sane" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } # Just in case sleep 1 echo timestamp > conftest.file +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; +esac + # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. - set X `ls -t $srcdir/configure conftest.file` + set X `ls -t "$srcdir/configure" conftest.file` fi rm -f conftest.file if test "$*" != "X $srcdir/configure conftest.file" \ @@ -2605,11 +2996,8 @@ if ( # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". - { { $as_echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken -alias in your environment" >&5 -$as_echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken -alias in your environment" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "ls -t appears to fail. Make sure there is not a broken +alias in your environment" "$LINENO" 5 fi test "$2" = conftest.file @@ -2618,13 +3006,10 @@ then # Ok. : else - { { $as_echo "$as_me:$LINENO: error: newly created file is older than distributed files! -Check your system clock" >&5 -$as_echo "$as_me: error: newly created file is older than distributed files! -Check your system clock" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 fi -{ $as_echo "$as_me:$LINENO: result: yes" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" @@ -2639,20 +3024,136 @@ program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` -test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= - { $as_echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 $as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} fi -{ $as_echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5 +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_STRIP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 $as_echo_n "checking for a thread-safe mkdir -p... " >&6; } if test -z "$MKDIR_P"; then - if test "${ac_cv_path_mkdir+set}" = set; then + if test "${ac_cv_path_mkdir+set}" = set; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR @@ -2660,7 +3161,7 @@ for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in mkdir gmkdir; do + for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( @@ -2672,7 +3173,7 @@ do esac done done -done + done IFS=$as_save_IFS fi @@ -2688,7 +3189,7 @@ fi MKDIR_P="$ac_install_sh -d" fi fi -{ $as_echo "$as_me:$LINENO: result: $MKDIR_P" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } mkdir_p="$MKDIR_P" @@ -2701,9 +3202,9 @@ for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_AWK+set}" = set; then +if test "${ac_cv_prog_AWK+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then @@ -2714,24 +3215,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AWK="$ac_prog" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then - { $as_echo "$as_me:$LINENO: result: $AWK" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -2739,11 +3240,11 @@ fi test -n "$AWK" && break done -{ $as_echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` -if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then +if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF @@ -2761,11 +3262,11 @@ esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi @@ -2785,9 +3286,7 @@ if test "`cd $srcdir && pwd`" != "`pwd`"; then am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then - { { $as_echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5 -$as_echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi @@ -2803,7 +3302,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='4.3.4' + VERSION='4.3.6' cat >>confdefs.h <<_ACEOF @@ -2831,108 +3330,6 @@ AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} -install_sh=${install_sh-"\$(SHELL) $am_aux_dir/install-sh"} - -# Installed binaries are usually stripped using `strip' when the user -# run `make install-strip'. However `strip' might not be the right -# tool to use in cross-compilation environments, therefore Automake -# will honor the `STRIP' environment variable to overrule this program. -if test "$cross_compiling" != no; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. -set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_STRIP+set}" = set; then - $as_echo_n "(cached) " >&6 -else - if test -n "$STRIP"; then - ac_cv_prog_STRIP="$STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_STRIP="${ac_tool_prefix}strip" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -STRIP=$ac_cv_prog_STRIP -if test -n "$STRIP"; then - { $as_echo "$as_me:$LINENO: result: $STRIP" >&5 -$as_echo "$STRIP" >&6; } -else - { $as_echo "$as_me:$LINENO: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_STRIP"; then - ac_ct_STRIP=$STRIP - # Extract the first word of "strip", so it can be a program name with args. -set dummy strip; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_STRIP"; then - ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_STRIP="strip" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP -if test -n "$ac_ct_STRIP"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 -$as_echo "$ac_ct_STRIP" >&6; } -else - { $as_echo "$as_me:$LINENO: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_STRIP" = x; then - STRIP=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - STRIP=$ac_ct_STRIP - fi -else - STRIP="$ac_cv_prog_STRIP" -fi - -fi -INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" - # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. @@ -2940,7 +3337,7 @@ INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AMTAR=${AMTAR-"${am_missing_run}tar"} -{ $as_echo "$as_me:$LINENO: checking how to create a ustar tar archive" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to create a ustar tar archive" >&5 $as_echo_n "checking how to create a ustar tar archive... " >&6; } # Loop over all known methods to create a tar archive until one works. _am_tools='gnutar plaintar pax cpio none' @@ -3013,20 +3410,19 @@ do done rm -rf conftest.dir -if test "${am_cv_prog_tar_ustar+set}" = set; then +if test "${am_cv_prog_tar_ustar+set}" = set; then : $as_echo_n "(cached) " >&6 else am_cv_prog_tar_ustar=$_am_tool fi -{ $as_echo "$as_me:$LINENO: result: $am_cv_prog_tar_ustar" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_ustar" >&5 $as_echo "$am_cv_prog_tar_ustar" >&6; } -confdir='${sysconfdir}' @@ -3034,9 +3430,9 @@ if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_path_PKG_CONFIG+set}" = set; then +if test "${ac_cv_path_PKG_CONFIG+set}" = set; then : $as_echo_n "(cached) " >&6 else case $PKG_CONFIG in @@ -3049,14 +3445,14 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS ;; @@ -3064,10 +3460,10 @@ esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG if test -n "$PKG_CONFIG"; then - { $as_echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 $as_echo "$PKG_CONFIG" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -3077,9 +3473,9 @@ if test -z "$ac_cv_path_PKG_CONFIG"; then ac_pt_PKG_CONFIG=$PKG_CONFIG # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then +if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then : $as_echo_n "(cached) " >&6 else case $ac_pt_PKG_CONFIG in @@ -3092,14 +3488,14 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS ;; @@ -3107,10 +3503,10 @@ esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG if test -n "$ac_pt_PKG_CONFIG"; then - { $as_echo "$as_me:$LINENO: result: $ac_pt_PKG_CONFIG" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 $as_echo "$ac_pt_PKG_CONFIG" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -3119,7 +3515,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -3132,13 +3528,13 @@ fi fi if test -n "$PKG_CONFIG"; then _pkg_min_version=0.9.0 - { $as_echo "$as_me:$LINENO: checking pkg-config is at least version $_pkg_min_version" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 $as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } PKG_CONFIG="" fi @@ -3147,53 +3543,48 @@ fi -# Check whether --with-default-pkcs11 was given. -if test "${with_default_pkcs11+set}" = set; then - withval=$with_default_pkcs11; cat >>confdefs.h <<_ACEOF -#define PKCS11_DEFAULT_LIB "$withval" -_ACEOF +# ARG_WITH_SUBST(option, default, help) +# ----------------------------------- +# Create a --with-$1 option with helptext, AC_SUBST($1) to $withval/default -else - cat >>confdefs.h <<_ACEOF -#define PKCS11_DEFAULT_LIB "/usr/lib/opensc-pkcs11.so" -_ACEOF +# ARG_WITH_SET(option, default, help) +# ----------------------------------- +# Create a --with-$1 option with helptext, set a variable $1 to $withval/default -fi -# Check whether --with-xauth-module was given. -if test "${with_xauth_module+set}" = set; then - withval=$with_xauth_module; cat >>confdefs.h <<_ACEOF -#define XAUTH_DEFAULT_LIB "$withval" -_ACEOF +# Check whether --with-default-pkcs11 was given. +if test "${with_default_pkcs11+set}" = set; then : + withval=$with_default_pkcs11; default_pkcs11="$withval" + +else + default_pkcs11="/usr/lib/opensc-pkcs11.so" + fi # Check whether --with-random-device was given. -if test "${with_random_device+set}" = set; then - withval=$with_random_device; cat >>confdefs.h <<_ACEOF -#define DEV_RANDOM "$withval" -_ACEOF +if test "${with_random_device+set}" = set; then : + withval=$with_random_device; random_device="$withval" else - cat >>confdefs.h <<_ACEOF -#define DEV_RANDOM "/dev/random" -_ACEOF + random_device="/dev/random" fi -# Check whether --with-resolv-conf was given. -if test "${with_resolv_conf+set}" = set; then - withval=$with_resolv_conf; resolv_conf="$withval" + +# Check whether --with-urandom-device was given. +if test "${with_urandom_device+set}" = set; then : + withval=$with_urandom_device; urandom_device="$withval" else - resolv_conf="${sysconfdir}/resolv.conf" + urandom_device="/dev/urandom" fi @@ -3201,7 +3592,7 @@ fi # Check whether --with-strongswan-conf was given. -if test "${with_strongswan_conf+set}" = set; then +if test "${with_strongswan_conf+set}" = set; then : withval=$with_strongswan_conf; strongswan_conf="$withval" else @@ -3212,16 +3603,12 @@ fi -# Check whether --with-urandom-device was given. -if test "${with_urandom_device+set}" = set; then - withval=$with_urandom_device; cat >>confdefs.h <<_ACEOF -#define DEV_URANDOM "$withval" -_ACEOF +# Check whether --with-resolv-conf was given. +if test "${with_resolv_conf+set}" = set; then : + withval=$with_resolv_conf; resolv_conf="$withval" else - cat >>confdefs.h <<_ACEOF -#define DEV_URANDOM "/dev/urandom" -_ACEOF + resolv_conf="${sysconfdir}/resolv.conf" fi @@ -3229,7 +3616,7 @@ fi # Check whether --with-piddir was given. -if test "${with_piddir+set}" = set; then +if test "${with_piddir+set}" = set; then : withval=$with_piddir; piddir="$withval" else @@ -3241,7 +3628,7 @@ fi # Check whether --with-ipsecdir was given. -if test "${with_ipsecdir+set}" = set; then +if test "${with_ipsecdir+set}" = set; then : withval=$with_ipsecdir; ipsecdir="$withval" else @@ -3250,12 +3637,10 @@ else fi -plugindir="${ipsecdir%/}/plugins" - # Check whether --with-plugindir was given. -if test "${with_plugindir+set}" = set; then +if test "${with_plugindir+set}" = set; then : withval=$with_plugindir; plugindir="$withval" else @@ -3266,12 +3651,12 @@ fi -# Check whether --with-sim-reader was given. -if test "${with_sim_reader+set}" = set; then - withval=$with_sim_reader; simreader="$withval" +# Check whether --with-nm-ca-dir was given. +if test "${with_nm_ca_dir+set}" = set; then : + withval=$with_nm_ca_dir; nm_ca_dir="$withval" else - simreader="${plugindir%/}/libeapsim-file.so" + nm_ca_dir="/usr/share/ca-certificates" fi @@ -3279,30 +3664,23 @@ fi # Check whether --with-linux-headers was given. -if test "${with_linux_headers+set}" = set; then - withval=$with_linux_headers; linuxdir="$withval" +if test "${with_linux_headers+set}" = set; then : + withval=$with_linux_headers; linux_headers="$withval" else - linuxdir="\${top_srcdir}/src/include" + linux_headers="\${top_srcdir}/src/include" fi - # Check whether --with-routing-table was given. -if test "${with_routing_table+set}" = set; then - withval=$with_routing_table; cat >>confdefs.h <<_ACEOF -#define IPSEC_ROUTING_TABLE $withval -_ACEOF - IPSEC_ROUTING_TABLE="$withval" +if test "${with_routing_table+set}" = set; then : + withval=$with_routing_table; routing_table="$withval" else - cat >>confdefs.h <<_ACEOF -#define IPSEC_ROUTING_TABLE 220 -_ACEOF - IPSEC_ROUTING_TABLE="220" + routing_table="220" fi @@ -3310,45 +3688,41 @@ fi # Check whether --with-routing-table-prio was given. -if test "${with_routing_table_prio+set}" = set; then - withval=$with_routing_table_prio; cat >>confdefs.h <<_ACEOF -#define IPSEC_ROUTING_TABLE_PRIO $withval -_ACEOF - IPSEC_ROUTING_TABLE_PRIO="$withval" +if test "${with_routing_table_prio+set}" = set; then : + withval=$with_routing_table_prio; routing_table_prio="$withval" else - cat >>confdefs.h <<_ACEOF -#define IPSEC_ROUTING_TABLE_PRIO 220 -_ACEOF - IPSEC_ROUTING_TABLE_PRIO="220" + routing_table_prio="220" fi -# Check whether --with-uid was given. -if test "${with_uid+set}" = set; then - withval=$with_uid; { { $as_echo "$as_me:$LINENO: error: --with-uid is gone, use --with-user instead!" >&5 -$as_echo "$as_me: error: --with-uid is gone, use --with-user instead!" >&2;} - { (exit 1); exit 1; }; } + +# Check whether --with-capabilities was given. +if test "${with_capabilities+set}" = set; then : + withval=$with_capabilities; capabilities="$withval" +else + capabilities=no fi -# Check whether --with-gid was given. -if test "${with_gid+set}" = set; then - withval=$with_gid; { { $as_echo "$as_me:$LINENO: error: --with-gid is gone, use --with-group instead!" >&5 -$as_echo "$as_me: error: --with-gid is gone, use --with-group instead!" >&2;} - { (exit 1); exit 1; }; } + +# Check whether --with-xauth-module was given. +if test "${with_xauth_module+set}" = set; then : + withval=$with_xauth_module; cat >>confdefs.h <<_ACEOF +#define XAUTH_DEFAULT_LIB "$withval" +_ACEOF fi # Check whether --with-user was given. -if test "${with_user+set}" = set; then +if test "${with_user+set}" = set; then : withval=$with_user; cat >>confdefs.h <<_ACEOF #define IPSEC_USER "$withval" _ACEOF @@ -3363,7 +3737,7 @@ fi # Check whether --with-group was given. -if test "${with_group+set}" = set; then +if test "${with_group+set}" = set; then : withval=$with_group; cat >>confdefs.h <<_ACEOF #define IPSEC_GROUP "$withval" _ACEOF @@ -3377,40 +3751,50 @@ fi -# Check whether --with-capabilities was given. -if test "${with_capabilities+set}" = set; then - withval=$with_capabilities; capabilities="$withval" -else - capabilities=no +# ARG_ENABL_SET(option, help) +# --------------------------- +# Create a --enable-$1 option with helptext, set a variable $1 to true/false + + +# ARG_DISBL_SET(option, help) +# --------------------------- +# Create a --disable-$1 option with helptext, set a variable $1 to true/false -fi # Check whether --enable-curl was given. -if test "${enable_curl+set}" = set; then +if test "${enable_curl+set}" = set; then : enableval=$enable_curl; if test x$enableval = xyes; then - curl=true - fi + curl=true + else + curl=false + fi +else + curl=false fi # Check whether --enable-ldap was given. -if test "${enable_ldap+set}" = set; then +if test "${enable_ldap+set}" = set; then : enableval=$enable_ldap; if test x$enableval = xyes; then - ldap=true - fi + ldap=true + else + ldap=false + fi +else + ldap=false fi # Check whether --enable-aes was given. -if test "${enable_aes+set}" = set; then +if test "${enable_aes+set}" = set; then : enableval=$enable_aes; if test x$enableval = xyes; then - aes=true - else - aes=false - fi + aes=true + else + aes=false + fi else aes=true @@ -3418,12 +3802,12 @@ fi # Check whether --enable-des was given. -if test "${enable_des+set}" = set; then +if test "${enable_des+set}" = set; then : enableval=$enable_des; if test x$enableval = xyes; then - des=true - else - des=false - fi + des=true + else + des=false + fi else des=true @@ -3431,30 +3815,38 @@ fi # Check whether --enable-blowfish was given. -if test "${enable_blowfish+set}" = set; then +if test "${enable_blowfish+set}" = set; then : enableval=$enable_blowfish; if test x$enableval = xyes; then - blowfish=true - fi + blowfish=true + else + blowfish=false + fi +else + blowfish=false fi # Check whether --enable-md4 was given. -if test "${enable_md4+set}" = set; then +if test "${enable_md4+set}" = set; then : enableval=$enable_md4; if test x$enableval = xyes; then - md4=true - fi + md4=true + else + md4=false + fi +else + md4=false fi # Check whether --enable-md5 was given. -if test "${enable_md5+set}" = set; then +if test "${enable_md5+set}" = set; then : enableval=$enable_md5; if test x$enableval = xyes; then - md5=true - else - md5=false - fi + md5=true + else + md5=false + fi else md5=true @@ -3462,12 +3854,12 @@ fi # Check whether --enable-sha1 was given. -if test "${enable_sha1+set}" = set; then +if test "${enable_sha1+set}" = set; then : enableval=$enable_sha1; if test x$enableval = xyes; then - sha1=true - else - sha1=false - fi + sha1=true + else + sha1=false + fi else sha1=true @@ -3475,12 +3867,12 @@ fi # Check whether --enable-sha2 was given. -if test "${enable_sha2+set}" = set; then +if test "${enable_sha2+set}" = set; then : enableval=$enable_sha2; if test x$enableval = xyes; then - sha2=true - else - sha2=false - fi + sha2=true + else + sha2=false + fi else sha2=true @@ -3488,12 +3880,12 @@ fi # Check whether --enable-fips-prf was given. -if test "${enable_fips_prf+set}" = set; then +if test "${enable_fips_prf+set}" = set; then : enableval=$enable_fips_prf; if test x$enableval = xyes; then - fips_prf=true - else - fips_prf=false - fi + fips_prf=true + else + fips_prf=false + fi else fips_prf=true @@ -3501,12 +3893,12 @@ fi # Check whether --enable-gmp was given. -if test "${enable_gmp+set}" = set; then +if test "${enable_gmp+set}" = set; then : enableval=$enable_gmp; if test x$enableval = xyes; then - gmp=true - else - gmp=false - fi + gmp=true + else + gmp=false + fi else gmp=true @@ -3514,12 +3906,12 @@ fi # Check whether --enable-random was given. -if test "${enable_random+set}" = set; then +if test "${enable_random+set}" = set; then : enableval=$enable_random; if test x$enableval = xyes; then - random=true - else - random=false - fi + random=true + else + random=false + fi else random=true @@ -3527,12 +3919,12 @@ fi # Check whether --enable-x509 was given. -if test "${enable_x509+set}" = set; then +if test "${enable_x509+set}" = set; then : enableval=$enable_x509; if test x$enableval = xyes; then - x509=true - else - x509=false - fi + x509=true + else + x509=false + fi else x509=true @@ -3540,25 +3932,77 @@ fi # Check whether --enable-pubkey was given. -if test "${enable_pubkey+set}" = set; then +if test "${enable_pubkey+set}" = set; then : enableval=$enable_pubkey; if test x$enableval = xyes; then - pubkey=true - else - pubkey=false - fi + pubkey=true + else + pubkey=false + fi else pubkey=true fi +# Check whether --enable-pkcs1 was given. +if test "${enable_pkcs1+set}" = set; then : + enableval=$enable_pkcs1; if test x$enableval = xyes; then + pkcs1=true + else + pkcs1=false + fi +else + pkcs1=true + +fi + + +# Check whether --enable-pgp was given. +if test "${enable_pgp+set}" = set; then : + enableval=$enable_pgp; if test x$enableval = xyes; then + pgp=true + else + pgp=false + fi +else + pgp=true + +fi + + +# Check whether --enable-dnskey was given. +if test "${enable_dnskey+set}" = set; then : + enableval=$enable_dnskey; if test x$enableval = xyes; then + dnskey=true + else + dnskey=false + fi +else + dnskey=true + +fi + + +# Check whether --enable-pem was given. +if test "${enable_pem+set}" = set; then : + enableval=$enable_pem; if test x$enableval = xyes; then + pem=true + else + pem=false + fi +else + pem=true + +fi + + # Check whether --enable-hmac was given. -if test "${enable_hmac+set}" = set; then +if test "${enable_hmac+set}" = set; then : enableval=$enable_hmac; if test x$enableval = xyes; then - hmac=true - else - hmac=false - fi + hmac=true + else + hmac=false + fi else hmac=true @@ -3566,12 +4010,12 @@ fi # Check whether --enable-xcbc was given. -if test "${enable_xcbc+set}" = set; then +if test "${enable_xcbc+set}" = set; then : enableval=$enable_xcbc; if test x$enableval = xyes; then - xcbc=true - else - xcbc=false - fi + xcbc=true + else + xcbc=false + fi else xcbc=true @@ -3579,39 +4023,51 @@ fi # Check whether --enable-test-vectors was given. -if test "${enable_test_vectors+set}" = set; then +if test "${enable_test_vectors+set}" = set; then : enableval=$enable_test_vectors; if test x$enableval = xyes; then - test_vectors=true - fi + test_vectors=true + else + test_vectors=false + fi +else + test_vectors=false fi # Check whether --enable-mysql was given. -if test "${enable_mysql+set}" = set; then +if test "${enable_mysql+set}" = set; then : enableval=$enable_mysql; if test x$enableval = xyes; then - mysql=true - fi + mysql=true + else + mysql=false + fi +else + mysql=false fi # Check whether --enable-sqlite was given. -if test "${enable_sqlite+set}" = set; then +if test "${enable_sqlite+set}" = set; then : enableval=$enable_sqlite; if test x$enableval = xyes; then - sqlite=true - fi + sqlite=true + else + sqlite=false + fi +else + sqlite=false fi # Check whether --enable-stroke was given. -if test "${enable_stroke+set}" = set; then +if test "${enable_stroke+set}" = set; then : enableval=$enable_stroke; if test x$enableval = xyes; then - stroke=true - else - stroke=false - fi + stroke=true + else + stroke=false + fi else stroke=true @@ -3619,174 +4075,285 @@ fi # Check whether --enable-medsrv was given. -if test "${enable_medsrv+set}" = set; then +if test "${enable_medsrv+set}" = set; then : enableval=$enable_medsrv; if test x$enableval = xyes; then - medsrv=true - fi + medsrv=true + else + medsrv=false + fi +else + medsrv=false fi # Check whether --enable-medcli was given. -if test "${enable_medcli+set}" = set; then +if test "${enable_medcli+set}" = set; then : enableval=$enable_medcli; if test x$enableval = xyes; then - medcli=true - fi + medcli=true + else + medcli=false + fi +else + medcli=false fi # Check whether --enable-smp was given. -if test "${enable_smp+set}" = set; then +if test "${enable_smp+set}" = set; then : enableval=$enable_smp; if test x$enableval = xyes; then - smp=true - fi + smp=true + else + smp=false + fi +else + smp=false fi # Check whether --enable-sql was given. -if test "${enable_sql+set}" = set; then +if test "${enable_sql+set}" = set; then : enableval=$enable_sql; if test x$enableval = xyes; then - sql=true - fi + sql=true + else + sql=false + fi +else + sql=false fi # Check whether --enable-smartcard was given. -if test "${enable_smartcard+set}" = set; then +if test "${enable_smartcard+set}" = set; then : enableval=$enable_smartcard; if test x$enableval = xyes; then - smartcard=true - fi + smartcard=true + else + smartcard=false + fi +else + smartcard=false fi # Check whether --enable-cisco-quirks was given. -if test "${enable_cisco_quirks+set}" = set; then +if test "${enable_cisco_quirks+set}" = set; then : enableval=$enable_cisco_quirks; if test x$enableval = xyes; then - cisco_quirks=true - fi + cisco_quirks=true + else + cisco_quirks=false + fi +else + cisco_quirks=false fi # Check whether --enable-leak-detective was given. -if test "${enable_leak_detective+set}" = set; then +if test "${enable_leak_detective+set}" = set; then : enableval=$enable_leak_detective; if test x$enableval = xyes; then - leak_detective=true - fi + leak_detective=true + else + leak_detective=false + fi +else + leak_detective=false fi # Check whether --enable-lock-profiler was given. -if test "${enable_lock_profiler+set}" = set; then +if test "${enable_lock_profiler+set}" = set; then : enableval=$enable_lock_profiler; if test x$enableval = xyes; then - lock_profiler=true - fi + lock_profiler=true + else + lock_profiler=false + fi +else + lock_profiler=false fi # Check whether --enable-unit-tests was given. -if test "${enable_unit_tests+set}" = set; then +if test "${enable_unit_tests+set}" = set; then : enableval=$enable_unit_tests; if test x$enableval = xyes; then - unittest=true - fi + unit_tests=true + else + unit_tests=false + fi +else + unit_tests=false fi -# Check whether --enable-load-tests was given. -if test "${enable_load_tests+set}" = set; then - enableval=$enable_load_tests; if test x$enableval = xyes; then - loadtest=true - fi +# Check whether --enable-load-tester was given. +if test "${enable_load_tester+set}" = set; then : + enableval=$enable_load_tester; if test x$enableval = xyes; then + load_tester=true + else + load_tester=false + fi +else + load_tester=false fi # Check whether --enable-eap-sim was given. -if test "${enable_eap_sim+set}" = set; then +if test "${enable_eap_sim+set}" = set; then : enableval=$enable_eap_sim; if test x$enableval = xyes; then - eap_sim=true - fi + eap_sim=true + else + eap_sim=false + fi +else + eap_sim=false fi # Check whether --enable-eap-sim-file was given. -if test "${enable_eap_sim_file+set}" = set; then +if test "${enable_eap_sim_file+set}" = set; then : enableval=$enable_eap_sim_file; if test x$enableval = xyes; then - eap_sim_file=true - fi + eap_sim_file=true + else + eap_sim_file=false + fi +else + eap_sim_file=false + +fi + + +# Check whether --enable-eap-simaka-pseudonym was given. +if test "${enable_eap_simaka_pseudonym+set}" = set; then : + enableval=$enable_eap_simaka_pseudonym; if test x$enableval = xyes; then + eap_simaka_pseudonym=true + else + eap_simaka_pseudonym=false + fi +else + eap_simaka_pseudonym=false + +fi + + +# Check whether --enable-eap-simaka-reauth was given. +if test "${enable_eap_simaka_reauth+set}" = set; then : + enableval=$enable_eap_simaka_reauth; if test x$enableval = xyes; then + eap_simaka_reauth=true + else + eap_simaka_reauth=false + fi +else + eap_simaka_reauth=false fi # Check whether --enable-eap-identity was given. -if test "${enable_eap_identity+set}" = set; then +if test "${enable_eap_identity+set}" = set; then : enableval=$enable_eap_identity; if test x$enableval = xyes; then - eap_identity=true - fi + eap_identity=true + else + eap_identity=false + fi +else + eap_identity=false fi # Check whether --enable-eap-md5 was given. -if test "${enable_eap_md5+set}" = set; then +if test "${enable_eap_md5+set}" = set; then : enableval=$enable_eap_md5; if test x$enableval = xyes; then - eap_md5=true - fi + eap_md5=true + else + eap_md5=false + fi +else + eap_md5=false fi # Check whether --enable-eap-gtc was given. -if test "${enable_eap_gtc+set}" = set; then +if test "${enable_eap_gtc+set}" = set; then : enableval=$enable_eap_gtc; if test x$enableval = xyes; then - eap_gtc=true - fi + eap_gtc=true + else + eap_gtc=false + fi +else + eap_gtc=false fi # Check whether --enable-eap-aka was given. -if test "${enable_eap_aka+set}" = set; then +if test "${enable_eap_aka+set}" = set; then : enableval=$enable_eap_aka; if test x$enableval = xyes; then - eap_aka=true - fi + eap_aka=true + else + eap_aka=false + fi +else + eap_aka=false + +fi + + +# Check whether --enable-eap-aka-3gpp2 was given. +if test "${enable_eap_aka_3gpp2+set}" = set; then : + enableval=$enable_eap_aka_3gpp2; if test x$enableval = xyes; then + eap_aka_3gpp2=true + else + eap_aka_3gpp2=false + fi +else + eap_aka_3gpp2=false fi # Check whether --enable-eap-mschapv2 was given. -if test "${enable_eap_mschapv2+set}" = set; then +if test "${enable_eap_mschapv2+set}" = set; then : enableval=$enable_eap_mschapv2; if test x$enableval = xyes; then - eap_mschapv2=true - fi + eap_mschapv2=true + else + eap_mschapv2=false + fi +else + eap_mschapv2=false fi # Check whether --enable-eap-radius was given. -if test "${enable_eap_radius+set}" = set; then +if test "${enable_eap_radius+set}" = set; then : enableval=$enable_eap_radius; if test x$enableval = xyes; then - eap_radius=true - fi + eap_radius=true + else + eap_radius=false + fi +else + eap_radius=false fi # Check whether --enable-kernel-netlink was given. -if test "${enable_kernel_netlink+set}" = set; then +if test "${enable_kernel_netlink+set}" = set; then : enableval=$enable_kernel_netlink; if test x$enableval = xyes; then - kernel_netlink=true - else - kernel_netlink=false - fi + kernel_netlink=true + else + kernel_netlink=false + fi else kernel_netlink=true @@ -3794,48 +4361,64 @@ fi # Check whether --enable-kernel-pfkey was given. -if test "${enable_kernel_pfkey+set}" = set; then +if test "${enable_kernel_pfkey+set}" = set; then : enableval=$enable_kernel_pfkey; if test x$enableval = xyes; then - kernel_pfkey=true - fi + kernel_pfkey=true + else + kernel_pfkey=false + fi +else + kernel_pfkey=false fi # Check whether --enable-kernel-pfroute was given. -if test "${enable_kernel_pfroute+set}" = set; then +if test "${enable_kernel_pfroute+set}" = set; then : enableval=$enable_kernel_pfroute; if test x$enableval = xyes; then - kernel_pfroute=true - fi + kernel_pfroute=true + else + kernel_pfroute=false + fi +else + kernel_pfroute=false fi # Check whether --enable-kernel-klips was given. -if test "${enable_kernel_klips+set}" = set; then +if test "${enable_kernel_klips+set}" = set; then : enableval=$enable_kernel_klips; if test x$enableval = xyes; then - kernel_klips=true - fi + kernel_klips=true + else + kernel_klips=false + fi +else + kernel_klips=false fi # Check whether --enable-nat-transport was given. -if test "${enable_nat_transport+set}" = set; then +if test "${enable_nat_transport+set}" = set; then : enableval=$enable_nat_transport; if test x$enableval = xyes; then - nat_transport=true - fi + nat_transport=true + else + nat_transport=false + fi +else + nat_transport=false fi # Check whether --enable-vendor-id was given. -if test "${enable_vendor_id+set}" = set; then +if test "${enable_vendor_id+set}" = set; then : enableval=$enable_vendor_id; if test x$enableval = xyes; then - vendor_id=true - else - vendor_id=false - fi + vendor_id=true + else + vendor_id=false + fi else vendor_id=true @@ -3843,12 +4426,12 @@ fi # Check whether --enable-xauth-vid was given. -if test "${enable_xauth_vid+set}" = set; then +if test "${enable_xauth_vid+set}" = set; then : enableval=$enable_xauth_vid; if test x$enableval = xyes; then - xauth_vid=true - else - xauth_vid=false - fi + xauth_vid=true + else + xauth_vid=false + fi else xauth_vid=true @@ -3856,58 +4439,77 @@ fi # Check whether --enable-dumm was given. -if test "${enable_dumm+set}" = set; then +if test "${enable_dumm+set}" = set; then : enableval=$enable_dumm; if test x$enableval = xyes; then - dumm=true - fi + dumm=true + else + dumm=false + fi +else + dumm=false fi # Check whether --enable-fast was given. -if test "${enable_fast+set}" = set; then +if test "${enable_fast+set}" = set; then : enableval=$enable_fast; if test x$enableval = xyes; then - fast=true - fi + fast=true + else + fast=false + fi +else + fast=false fi # Check whether --enable-manager was given. -if test "${enable_manager+set}" = set; then +if test "${enable_manager+set}" = set; then : enableval=$enable_manager; if test x$enableval = xyes; then - manager=true - xml=true - fi + manager=true + else + manager=false + fi +else + manager=false fi # Check whether --enable-mediation was given. -if test "${enable_mediation+set}" = set; then +if test "${enable_mediation+set}" = set; then : enableval=$enable_mediation; if test x$enableval = xyes; then - me=true - fi + mediation=true + else + mediation=false + fi +else + mediation=false fi # Check whether --enable-integrity-test was given. -if test "${enable_integrity_test+set}" = set; then +if test "${enable_integrity_test+set}" = set; then : enableval=$enable_integrity_test; if test x$enableval = xyes; then - integrity_test=true - fi + integrity_test=true + else + integrity_test=false + fi +else + integrity_test=false fi # Check whether --enable-pluto was given. -if test "${enable_pluto+set}" = set; then +if test "${enable_pluto+set}" = set; then : enableval=$enable_pluto; if test x$enableval = xyes; then - pluto=true - else - pluto=false - fi + pluto=true + else + pluto=false + fi else pluto=true @@ -3915,12 +4517,12 @@ fi # Check whether --enable-threads was given. -if test "${enable_threads+set}" = set; then +if test "${enable_threads+set}" = set; then : enableval=$enable_threads; if test x$enableval = xyes; then - threads=true - else - threads=false - fi + threads=true + else + threads=false + fi else threads=true @@ -3928,12 +4530,12 @@ fi # Check whether --enable-charon was given. -if test "${enable_charon+set}" = set; then +if test "${enable_charon+set}" = set; then : enableval=$enable_charon; if test x$enableval = xyes; then - charon=true - else - charon=false - fi + charon=true + else + charon=false + fi else charon=true @@ -3941,12 +4543,12 @@ fi # Check whether --enable-tools was given. -if test "${enable_tools+set}" = set; then +if test "${enable_tools+set}" = set; then : enableval=$enable_tools; if test x$enableval = xyes; then - tools=true - else - tools=false - fi + tools=true + else + tools=false + fi else tools=true @@ -3954,12 +4556,12 @@ fi # Check whether --enable-scripts was given. -if test "${enable_scripts+set}" = set; then +if test "${enable_scripts+set}" = set; then : enableval=$enable_scripts; if test x$enableval = xyes; then - scripts=true - else - scripts=false - fi + scripts=true + else + scripts=false + fi else scripts=true @@ -3967,12 +4569,12 @@ fi # Check whether --enable-updown was given. -if test "${enable_updown+set}" = set; then +if test "${enable_updown+set}" = set; then : enableval=$enable_updown; if test x$enableval = xyes; then - updown=true - else - updown=false - fi + updown=true + else + updown=false + fi else updown=true @@ -3980,99 +4582,137 @@ fi # Check whether --enable-attr was given. -if test "${enable_attr+set}" = set; then +if test "${enable_attr+set}" = set; then : enableval=$enable_attr; if test x$enableval = xyes; then - attr=true - else - attr=false - fi + attr=true + else + attr=false + fi else attr=true fi -# Check whether --enable-resolv-conf was given. -if test "${enable_resolv_conf+set}" = set; then - enableval=$enable_resolv_conf; if test x$enableval = xyes; then - resolvconf=true - else - resolvconf=false - fi +# Check whether --enable-attr-sql was given. +if test "${enable_attr_sql+set}" = set; then : + enableval=$enable_attr_sql; if test x$enableval = xyes; then + attr_sql=true + else + attr_sql=false + fi +else + attr_sql=false + +fi + + +# Check whether --enable-resolve was given. +if test "${enable_resolve+set}" = set; then : + enableval=$enable_resolve; if test x$enableval = xyes; then + resolve=true + else + resolve=false + fi else - resolvconf=true + resolve=true fi # Check whether --enable-padlock was given. -if test "${enable_padlock+set}" = set; then +if test "${enable_padlock+set}" = set; then : enableval=$enable_padlock; if test x$enableval = xyes; then - padlock=true - else - padlock=false - fi + padlock=true + else + padlock=false + fi +else + padlock=false + fi # Check whether --enable-openssl was given. -if test "${enable_openssl+set}" = set; then +if test "${enable_openssl+set}" = set; then : enableval=$enable_openssl; if test x$enableval = xyes; then - openssl=true - else - openssl=false - fi + openssl=true + else + openssl=false + fi +else + openssl=false + fi # Check whether --enable-gcrypt was given. -if test "${enable_gcrypt+set}" = set; then +if test "${enable_gcrypt+set}" = set; then : enableval=$enable_gcrypt; if test x$enableval = xyes; then - gcrypt=true - else - gcrypt=false - fi + gcrypt=true + else + gcrypt=false + fi +else + gcrypt=false + fi # Check whether --enable-agent was given. -if test "${enable_agent+set}" = set; then +if test "${enable_agent+set}" = set; then : enableval=$enable_agent; if test x$enableval = xyes; then - agent=true - else - agent=false - fi + agent=true + else + agent=false + fi +else + agent=false + fi # Check whether --enable-uci was given. -if test "${enable_uci+set}" = set; then +if test "${enable_uci+set}" = set; then : enableval=$enable_uci; if test x$enableval = xyes; then - uci=true - fi + uci=true + else + uci=false + fi +else + uci=false fi # Check whether --enable-nm was given. -if test "${enable_nm+set}" = set; then +if test "${enable_nm+set}" = set; then : enableval=$enable_nm; if test x$enableval = xyes; then - nm=true - fi + nm=true + else + nm=false + fi +else + nm=false fi # Check whether --enable-vstr was given. -if test "${enable_vstr+set}" = set; then +if test "${enable_vstr+set}" = set; then : enableval=$enable_vstr; if test x$enableval = xyes; then - vstr=true - fi + vstr=true + else + vstr=false + fi +else + vstr=false fi + if test -z "$CFLAGS"; then CFLAGS="-g -O2 -Wall -Wno-format -Wno-pointer-sign -Wno-strict-aliasing" fi @@ -4084,9 +4724,9 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_CC+set}" = set; then +if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then @@ -4097,24 +4737,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:$LINENO: result: $CC" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -4124,9 +4764,9 @@ if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_CC+set}" = set; then +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then @@ -4137,24 +4777,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -4163,7 +4803,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -4177,9 +4817,9 @@ if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_CC+set}" = set; then +if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then @@ -4190,24 +4830,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:$LINENO: result: $CC" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -4217,9 +4857,9 @@ fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_CC+set}" = set; then +if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then @@ -4231,18 +4871,18 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then @@ -4261,10 +4901,10 @@ fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:$LINENO: result: $CC" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -4276,9 +4916,9 @@ if test -z "$CC"; then do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_CC+set}" = set; then +if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then @@ -4289,24 +4929,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:$LINENO: result: $CC" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -4320,9 +4960,9 @@ if test -z "$CC"; then do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_CC+set}" = set; then +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then @@ -4333,24 +4973,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -4363,7 +5003,7 @@ done else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -4374,73 +5014,55 @@ fi fi -test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH -See \`config.log' for more details." >&5 -$as_echo "$as_me: error: no acceptable C compiler found in \$PATH -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; }; } +as_fn_error "no acceptable C compiler found in \$PATH +See \`config.log' for more details." "$LINENO" 5; } # Provide some information about the compiler. -$as_echo "$as_me:$LINENO: checking for C compiler version" >&5 +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 -{ (ac_try="$ac_compiler --version >&5" +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compiler --version >&5") 2>&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ (ac_try="$ac_compiler -v >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compiler -v >&5") 2>&5 - ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ (ac_try="$ac_compiler -V >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compiler -V >&5") 2>&5 - ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + rm -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - +#include int main () { +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out conftest.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. -{ $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` @@ -4457,17 +5079,17 @@ do done rm -f $ac_rmfiles -if { (ac_try="$ac_link_default" +if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, @@ -4484,7 +5106,7 @@ do # certainly right. break;; *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi @@ -4503,84 +5125,75 @@ test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi - -{ $as_echo "$as_me:$LINENO: result: $ac_file" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } -if test -z "$ac_file"; then +if test -z "$ac_file"; then : $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables -See \`config.log' for more details." >&5 -$as_echo "$as_me: error: C compiler cannot create executables -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; }; } +{ as_fn_set_status 77 +as_fn_error "C compiler cannot create executables +See \`config.log' for more details." "$LINENO" 5; }; } fi - ac_exeext=$ac_cv_exeext # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. -{ $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } -# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 # If not cross compiling, check that we can run a simple program. if test "$cross_compiling" != yes; then if { ac_try='./$ac_file' - { (case "(($ac_try" in + { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else - { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details." >&5 -$as_echo "$as_me: error: cannot run C compiled programs. +as_fn_error "cannot run C compiled programs. If you meant to cross compile, use \`--host'. -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; }; } +See \`config.log' for more details." "$LINENO" 5; } fi fi fi -{ $as_echo "$as_me:$LINENO: result: yes" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } -rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out conftest.out ac_clean_files=$ac_clean_files_save # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. -{ $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } -{ $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } -{ $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } -if { (ac_try="$ac_link" +if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with @@ -4595,32 +5208,24 @@ for ac_file in conftest.exe conftest conftest.*; do esac done else - { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details." >&5 -$as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; }; } +as_fn_error "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." "$LINENO" 5; } fi - rm -f conftest$ac_cv_exeext -{ $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT -{ $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } -if test "${ac_cv_objext+set}" = set; then +if test "${ac_cv_objext+set}" = set; then : $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4632,17 +5237,17 @@ main () } _ACEOF rm -f conftest.o conftest.obj -if { (ac_try="$ac_compile" +if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in @@ -4655,31 +5260,23 @@ else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile -See \`config.log' for more details." >&5 -$as_echo "$as_me: error: cannot compute suffix of object files: cannot compile -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; }; } +as_fn_error "cannot compute suffix of object files: cannot compile +See \`config.log' for more details." "$LINENO" 5; } fi - rm -f conftest.$ac_cv_objext conftest.$ac_ext fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT -{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if test "${ac_cv_c_compiler_gnu+set}" = set; then +if test "${ac_cv_c_compiler_gnu+set}" = set; then : $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4693,37 +5290,16 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_compiler_gnu=no + ac_compiler_gnu=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes @@ -4732,20 +5308,16 @@ else fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } -if test "${ac_cv_prog_cc_g+set}" = set; then +if test "${ac_cv_prog_cc_g+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4756,35 +5328,11 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - CFLAGS="" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4795,36 +5343,12 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - : -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_compile "$LINENO"; then : - ac_c_werror_flag=$ac_save_c_werror_flag +else + ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4835,42 +5359,17 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS @@ -4887,18 +5386,14 @@ else CFLAGS= fi fi -{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if test "${ac_cv_prog_cc_c89+set}" = set; then +if test "${ac_cv_prog_cc_c89+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -4955,32 +5450,9 @@ for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" - rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then + if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done @@ -4991,17 +5463,19 @@ fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) - { $as_echo "$as_me:$LINENO: result: none needed" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) - { $as_echo "$as_me:$LINENO: result: unsupported" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac +if test "x$ac_cv_prog_cc_c89" != xno; then : +fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -5016,44 +5490,44 @@ ac_config_commands="$ac_config_commands depfiles" am_make=${MAKE-make} cat > confinc << 'END' am__doit: - @echo done + @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. -{ $as_echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 $as_echo_n "checking for style of include used by $am_make... " >&6; } am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# We grep out `Entering directory' and `Leaving directory' -# messages which can occur if `w' ends up in MAKEFLAGS. -# In particular we don't look at `^make:' because GNU make might -# be invoked under some other name (usually "gmake"), in which -# case it prints its new name instead of `make'. -if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then - am__include=include - am__quote= - _am_result=GNU -fi +# Ignore all kinds of additional output from `make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf - if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then - am__include=.include - am__quote="\"" - _am_result=BSD - fi + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac fi -{ $as_echo "$as_me:$LINENO: result: $_am_result" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 $as_echo "$_am_result" >&6; } rm -f confinc confmf # Check whether --enable-dependency-tracking was given. -if test "${enable_dependency_tracking+set}" = set; then +if test "${enable_dependency_tracking+set}" = set; then : enableval=$enable_dependency_tracking; fi @@ -5073,9 +5547,9 @@ fi depcc="$CC" am_compiler_list= -{ $as_echo "$as_me:$LINENO: checking dependency style of $depcc" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 $as_echo_n "checking dependency style of $depcc... " >&6; } -if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then +if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then @@ -5101,6 +5575,11 @@ else if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and @@ -5118,7 +5597,17 @@ else done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested @@ -5128,19 +5617,23 @@ else break fi ;; + msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; none) break ;; esac - # We check with `-c' and `-o' for the sake of the "dashmstdout" - # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. if depmode=$depmode \ - source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ + source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ - $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && - grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message @@ -5164,7 +5657,7 @@ else fi fi -{ $as_echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 $as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type @@ -5181,35 +5674,27 @@ fi # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5 -$as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 -{ $as_echo "$as_me:$LINENO: checking build system type" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } -if test "${ac_cv_build+set}" = set; then +if test "${ac_cv_build+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && - { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 -$as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5 -$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; -*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5 -$as_echo "$as_me: error: invalid value of canonical build" >&2;} - { (exit 1); exit 1; }; };; +*) as_fn_error "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' @@ -5225,28 +5710,24 @@ IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac -{ $as_echo "$as_me:$LINENO: checking host system type" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } -if test "${ac_cv_host+set}" = set; then +if test "${ac_cv_host+set}" = set; then : $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5 -$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; -*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5 -$as_echo "$as_me: error: invalid value of canonical host" >&2;} - { (exit 1); exit 1; }; };; +*) as_fn_error "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' @@ -5318,7 +5799,7 @@ case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac # Check whether --with-lib-prefix was given. -if test "${with_lib_prefix+set}" = set; then +if test "${with_lib_prefix+set}" = set; then : withval=$with_lib_prefix; if test "X$withval" = "Xno"; then use_additional=no @@ -5417,14 +5898,14 @@ ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then - if test "${ac_cv_prog_CPP+set}" = set; then + if test "${ac_cv_prog_CPP+set}" = set; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded @@ -5439,11 +5920,7 @@ do # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include @@ -5452,78 +5929,34 @@ cat >>conftest.$ac_ext <<_ACEOF #endif Syntax error _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - : -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_cpp "$LINENO"; then : +else # Broken: fails on valid input. continue fi - rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then +if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - # Passes both tests. ac_preproc_ok=: break fi - rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext -if $ac_preproc_ok; then +if $ac_preproc_ok; then : break fi @@ -5535,7 +5968,7 @@ fi else ac_cv_prog_CPP=$CPP fi -{ $as_echo "$as_me:$LINENO: result: $CPP" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes @@ -5546,11 +5979,7 @@ do # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include @@ -5559,87 +5988,40 @@ cat >>conftest.$ac_ext <<_ACEOF #endif Syntax error _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - : -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_cpp "$LINENO"; then : +else # Broken: fails on valid input. continue fi - rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then +if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - # Passes both tests. ac_preproc_ok=: break fi - rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext -if $ac_preproc_ok; then - : +if $ac_preproc_ok; then : + else - { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ { $as_echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." >&5 -$as_echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; }; } +as_fn_error "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." "$LINENO" 5; } fi ac_ext=c @@ -5649,9 +6031,9 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } -if test "${ac_cv_path_GREP+set}" = set; then +if test "${ac_cv_path_GREP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then @@ -5662,7 +6044,7 @@ for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do + for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue @@ -5682,7 +6064,7 @@ case `"$ac_path_GREP" --version 2>&1` in $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - ac_count=`expr $ac_count + 1` + as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" @@ -5697,26 +6079,24 @@ esac $ac_path_GREP_found && break 3 done done -done + done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then - { { $as_echo "$as_me:$LINENO: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 -$as_echo "$as_me: error: no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" -{ $as_echo "$as_me:$LINENO: checking for egrep" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } -if test "${ac_cv_path_EGREP+set}" = set; then +if test "${ac_cv_path_EGREP+set}" = set; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 @@ -5730,7 +6110,7 @@ for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do + for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue @@ -5750,7 +6130,7 @@ case `"$ac_path_EGREP" --version 2>&1` in $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - ac_count=`expr $ac_count + 1` + as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" @@ -5765,12 +6145,10 @@ esac $ac_path_EGREP_found && break 3 done done -done + done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then - { { $as_echo "$as_me:$LINENO: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 -$as_echo "$as_me: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP @@ -5778,21 +6156,17 @@ fi fi fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" -{ $as_echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } -if test "${ac_cv_header_stdc+set}" = set; then +if test "${ac_cv_header_stdc+set}" = set; then : $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -5807,48 +6181,23 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_header_stdc=no + ac_cv_header_stdc=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then - : + $EGREP "memchr" >/dev/null 2>&1; then : + else ac_cv_header_stdc=no fi @@ -5858,18 +6207,14 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then - : + $EGREP "free" >/dev/null 2>&1; then : + else ac_cv_header_stdc=no fi @@ -5879,14 +6224,10 @@ fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : : else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -5913,187 +6254,86 @@ main () return 0; } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - : -else - $as_echo "$as_me: program exited with status $ac_status" >&5 -$as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_run "$LINENO"; then : -( exit $ac_status ) -ac_cv_header_stdc=no +else + ac_cv_header_stdc=no fi -rm -rf conftest.dSYM -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then -cat >>confdefs.h <<\_ACEOF -#define STDC_HEADERS 1 -_ACEOF +$as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF +fi +done - - - - - -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do -as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 -$as_echo_n "checking for $ac_header... " >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +$as_echo_n "checking whether byte ordering is bigendian... " >&6; } +if test "${ac_cv_c_bigendian+set}" = set; then : $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + ac_cv_c_bigendian=unknown + # See if we're dealing with a universal compiler. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$ac_includes_default +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; -#include <$ac_header> _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval 'as_val=${'$as_ac_Header'} - $as_echo "$as_val"'` - { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -as_val=`eval 'as_val=${'$as_ac_Header'} - $as_echo "$as_val"'` - if test "x$as_val" = x""yes; then - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - - { $as_echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5 -$as_echo_n "checking whether byte ordering is bigendian... " >&6; } -if test "${ac_cv_c_bigendian+set}" = set; then - $as_echo_n "(cached) " >&6 -else - ac_cv_c_bigendian=unknown - # See if we're dealing with a universal compiler. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifndef __APPLE_CC__ - not a universal capable compiler - #endif - typedef int dummy; - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : # Check for potential -arch flags. It is not universal unless - # there are some -arch flags. Note that *ppc* also matches - # ppc64. This check is also rather less than ideal. - case "${CC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS}" in #( - *-arch*ppc*|*-arch*i386*|*-arch*x86_64*) ac_cv_c_bigendian=universal;; - esac -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - + # there are at least two -arch flags with different values. + ac_arch= + ac_prev= + for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do + if test -n "$ac_prev"; then + case $ac_word in + i?86 | x86_64 | ppc | ppc64) + if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then + ac_arch=$ac_word + else + ac_cv_c_bigendian=universal + break + fi + ;; + esac + ac_prev= + elif test "x$ac_word" = "x-arch"; then + ac_prev=arch + fi + done fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_c_bigendian = unknown; then # See if sys/param.h defines the BYTE_ORDER macro. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -6111,30 +6351,9 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : # It does; now see whether it defined to BIG_ENDIAN or not. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include @@ -6150,49 +6369,18 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_bigendian=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_c_bigendian=no + ac_cv_c_bigendian=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -6207,30 +6395,9 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : # It does; now see whether it defined to _BIG_ENDIAN or not. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -6245,51 +6412,20 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_bigendian=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_c_bigendian=no + ac_cv_c_bigendian=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # Compile a test program. - if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : # Try to guess by grepping values from an object file. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; @@ -6315,24 +6451,7 @@ return use_ascii (foo) == use_ebcdic (foo); return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then ac_cv_c_bigendian=yes fi @@ -6344,20 +6463,10 @@ $as_echo "$ac_try_echo") >&5 ac_cv_c_bigendian=unknown fi fi -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int @@ -6377,167 +6486,41 @@ main () return 0; } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : ac_cv_c_bigendian=no else - $as_echo "$as_me: program exited with status $ac_status" >&5 -$as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_c_bigendian=yes + ac_cv_c_bigendian=yes fi -rm -rf conftest.dSYM -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 $as_echo "$ac_cv_c_bigendian" >&6; } case $ac_cv_c_bigendian in #( yes) - cat >>confdefs.h <<\_ACEOF -#define WORDS_BIGENDIAN 1 -_ACEOF + $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h ;; #( no) ;; #( universal) -cat >>confdefs.h <<\_ACEOF -#define AC_APPLE_UNIVERSAL_BUILD 1 -_ACEOF +$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h ;; #( *) - { { $as_echo "$as_me:$LINENO: error: unknown endianness - presetting ac_cv_c_bigendian=no (or yes) will help" >&5 -$as_echo "$as_me: error: unknown endianness - presetting ac_cv_c_bigendian=no (or yes) will help" >&2;} - { (exit 1); exit 1; }; } ;; + as_fn_error "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac -# Find a good install program. We prefer a C program (faster), -# so one script is as good as another. But avoid the broken or -# incompatible versions: -# SysV /etc/install, /usr/sbin/install -# SunOS /usr/etc/install -# IRIX /sbin/install -# AIX /bin/install -# AmigaOS /C/install, which installs bootblocks on floppy discs -# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag -# AFS /usr/afsws/bin/install, which mishandles nonexistent args -# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" -# OS/2's system install, which has a completely different semantic -# ./install, which can be erroneously created by make from ./install.sh. -# Reject install programs that cannot install multiple files. -{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 -$as_echo_n "checking for a BSD-compatible install... " >&6; } -if test -z "$INSTALL"; then -if test "${ac_cv_path_install+set}" = set; then - $as_echo_n "(cached) " >&6 -else - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - # Account for people who put trailing slashes in PATH elements. -case $as_dir/ in - ./ | .// | /cC/* | \ - /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ - ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ - /usr/ucb/* ) ;; - *) - # OSF1 and SCO ODT 3.0 have their own names for install. - # Don't use installbsd from OSF since it installs stuff as root - # by default. - for ac_prog in ginstall scoinst install; do - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then - if test $ac_prog = install && - grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # AIX install. It has an incompatible calling convention. - : - elif test $ac_prog = install && - grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # program-specific install script used by HP pwplus--don't use. - : - else - rm -rf conftest.one conftest.two conftest.dir - echo one > conftest.one - echo two > conftest.two - mkdir conftest.dir - if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && - test -s conftest.one && test -s conftest.two && - test -s conftest.dir/conftest.one && - test -s conftest.dir/conftest.two - then - ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" - break 3 - fi - fi - fi - done - done - ;; -esac - -done -IFS=$as_save_IFS - -rm -rf conftest.one conftest.two conftest.dir - -fi - if test "${ac_cv_path_install+set}" = set; then - INSTALL=$ac_cv_path_install - else - # As a last resort, use the slow shell script. Don't cache a - # value for INSTALL within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the value is a relative name. - INSTALL=$ac_install_sh - fi -fi -{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5 -$as_echo "$INSTALL" >&6; } - -# Use test -z because SunOS4 sh mishandles braces in ${var-val}. -# It thinks the first close brace ends the variable substitution. -test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' - -test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' - -test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' case `pwd` in *\ * | *\ *) - { $as_echo "$as_me:$LINENO: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 $as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; esac @@ -6560,9 +6543,9 @@ macro_revision='1.3012' ltmain="$ac_aux_dir/ltmain.sh" -{ $as_echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } -if test "${ac_cv_path_SED+set}" = set; then +if test "${ac_cv_path_SED+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ @@ -6570,7 +6553,7 @@ else ac_script="$ac_script$as_nl$ac_script" done echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed - $as_unset ac_script || ac_script= + { ac_script=; unset ac_script;} if test -z "$SED"; then ac_path_SED_found=false # Loop through the user's path and test for each of PROGNAME-LIST @@ -6579,7 +6562,7 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in sed gsed; do + for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue @@ -6599,7 +6582,7 @@ case `"$ac_path_SED" --version 2>&1` in $as_echo '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - ac_count=`expr $ac_count + 1` + as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_SED_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_SED="$ac_path_SED" @@ -6614,19 +6597,17 @@ esac $ac_path_SED_found && break 3 done done -done + done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then - { { $as_echo "$as_me:$LINENO: error: no acceptable sed could be found in \$PATH" >&5 -$as_echo "$as_me: error: no acceptable sed could be found in \$PATH" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED fi fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_SED" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 $as_echo "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed @@ -6644,9 +6625,9 @@ Xsed="$SED -e 1s/^X//" -{ $as_echo "$as_me:$LINENO: checking for fgrep" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 $as_echo_n "checking for fgrep... " >&6; } -if test "${ac_cv_path_FGREP+set}" = set; then +if test "${ac_cv_path_FGREP+set}" = set; then : $as_echo_n "(cached) " >&6 else if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 @@ -6660,7 +6641,7 @@ for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in fgrep; do + for ac_prog in fgrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue @@ -6680,7 +6661,7 @@ case `"$ac_path_FGREP" --version 2>&1` in $as_echo 'FGREP' >> "conftest.nl" "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - ac_count=`expr $ac_count + 1` + as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_FGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_FGREP="$ac_path_FGREP" @@ -6695,12 +6676,10 @@ esac $ac_path_FGREP_found && break 3 done done -done + done IFS=$as_save_IFS if test -z "$ac_cv_path_FGREP"; then - { { $as_echo "$as_me:$LINENO: error: no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 -$as_echo "$as_me: error: no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_FGREP=$FGREP @@ -6708,7 +6687,7 @@ fi fi fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_FGREP" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 $as_echo "$ac_cv_path_FGREP" >&6; } FGREP="$ac_cv_path_FGREP" @@ -6734,7 +6713,7 @@ test -z "$GREP" && GREP=grep # Check whether --with-gnu-ld was given. -if test "${with_gnu_ld+set}" = set; then +if test "${with_gnu_ld+set}" = set; then : withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no @@ -6743,7 +6722,7 @@ fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. - { $as_echo "$as_me:$LINENO: checking for ld used by $CC" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 $as_echo_n "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) @@ -6773,13 +6752,13 @@ $as_echo_n "checking for ld used by $CC... " >&6; } ;; esac elif test "$with_gnu_ld" = yes; then - { $as_echo "$as_me:$LINENO: checking for GNU ld" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else - { $as_echo "$as_me:$LINENO: checking for non-GNU ld" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 $as_echo_n "checking for non-GNU ld... " >&6; } fi -if test "${lt_cv_path_LD+set}" = set; then +if test "${lt_cv_path_LD+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then @@ -6810,18 +6789,16 @@ fi LD="$lt_cv_path_LD" if test -n "$LD"; then - { $as_echo "$as_me:$LINENO: result: $LD" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 $as_echo "$LD" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -test -z "$LD" && { { $as_echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5 -$as_echo "$as_me: error: no acceptable ld found in \$PATH" >&2;} - { (exit 1); exit 1; }; } -{ $as_echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5 +test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } -if test "${lt_cv_prog_gnu_ld+set}" = set; then +if test "${lt_cv_prog_gnu_ld+set}" = set; then : $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU lds only accept -v. @@ -6834,7 +6811,7 @@ case `$LD -v 2>&1 &5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5 $as_echo "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld @@ -6846,9 +6823,9 @@ with_gnu_ld=$lt_cv_prog_gnu_ld -{ $as_echo "$as_me:$LINENO: checking for BSD- or MS-compatible name lister (nm)" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 $as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } -if test "${lt_cv_path_NM+set}" = set; then +if test "${lt_cv_path_NM+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$NM"; then @@ -6895,7 +6872,7 @@ else : ${lt_cv_path_NM=no} fi fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 $as_echo "$lt_cv_path_NM" >&6; } if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" @@ -6906,9 +6883,9 @@ else do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_DUMPBIN+set}" = set; then +if test "${ac_cv_prog_DUMPBIN+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$DUMPBIN"; then @@ -6919,24 +6896,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi DUMPBIN=$ac_cv_prog_DUMPBIN if test -n "$DUMPBIN"; then - { $as_echo "$as_me:$LINENO: result: $DUMPBIN" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 $as_echo "$DUMPBIN" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -6950,9 +6927,9 @@ if test -z "$DUMPBIN"; then do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then +if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DUMPBIN"; then @@ -6963,24 +6940,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN if test -n "$ac_ct_DUMPBIN"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_DUMPBIN" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 $as_echo "$ac_ct_DUMPBIN" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -6993,7 +6970,7 @@ done else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -7013,44 +6990,44 @@ test -z "$NM" && NM=nm -{ $as_echo "$as_me:$LINENO: checking the name lister ($NM) interface" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 $as_echo_n "checking the name lister ($NM) interface... " >&6; } -if test "${lt_cv_nm_interface+set}" = set; then +if test "${lt_cv_nm_interface+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:7023: $ac_compile\"" >&5) + (eval echo "\"\$as_me:7000: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:7026: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:7003: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:7029: output\"" >&5) + (eval echo "\"\$as_me:7006: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest* fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_nm_interface" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 $as_echo "$lt_cv_nm_interface" >&6; } -{ $as_echo "$as_me:$LINENO: checking whether ln -s works" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:$LINENO: result: no, using $LN_S" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi # find the maximum length of command line arguments -{ $as_echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 $as_echo_n "checking the maximum length of command line arguments... " >&6; } -if test "${lt_cv_sys_max_cmd_len+set}" = set; then +if test "${lt_cv_sys_max_cmd_len+set}" = set; then : $as_echo_n "(cached) " >&6 else i=0 @@ -7168,10 +7145,10 @@ else fi if test -n $lt_cv_sys_max_cmd_len ; then - { $as_echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 $as_echo "$lt_cv_sys_max_cmd_len" >&6; } else - { $as_echo "$as_me:$LINENO: result: none" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } fi max_cmd_len=$lt_cv_sys_max_cmd_len @@ -7185,7 +7162,7 @@ max_cmd_len=$lt_cv_sys_max_cmd_len : ${MV="mv -f"} : ${RM="rm -f"} -{ $as_echo "$as_me:$LINENO: checking whether the shell understands some XSI constructs" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 $as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } # Try some XSI features xsi_shell=no @@ -7195,17 +7172,17 @@ xsi_shell=no && eval 'test $(( 1 + 1 )) -eq 2 \ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ && xsi_shell=yes -{ $as_echo "$as_me:$LINENO: result: $xsi_shell" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 $as_echo "$xsi_shell" >&6; } -{ $as_echo "$as_me:$LINENO: checking whether the shell understands \"+=\"" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 $as_echo_n "checking whether the shell understands \"+=\"... " >&6; } lt_shell_append=no ( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ >/dev/null 2>&1 \ && lt_shell_append=yes -{ $as_echo "$as_me:$LINENO: result: $lt_shell_append" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 $as_echo "$lt_shell_append" >&6; } @@ -7240,14 +7217,14 @@ esac -{ $as_echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 $as_echo_n "checking for $LD option to reload object files... " >&6; } -if test "${lt_cv_ld_reload_flag+set}" = set; then +if test "${lt_cv_ld_reload_flag+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_reload_flag='-r' fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 $as_echo "$lt_cv_ld_reload_flag" >&6; } reload_flag=$lt_cv_ld_reload_flag case $reload_flag in @@ -7276,9 +7253,9 @@ esac if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OBJDUMP+set}" = set; then +if test "${ac_cv_prog_OBJDUMP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$OBJDUMP"; then @@ -7289,24 +7266,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then - { $as_echo "$as_me:$LINENO: result: $OBJDUMP" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 $as_echo "$OBJDUMP" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -7316,9 +7293,9 @@ if test -z "$ac_cv_prog_OBJDUMP"; then ac_ct_OBJDUMP=$OBJDUMP # Extract the first word of "objdump", so it can be a program name with args. set dummy objdump; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then +if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OBJDUMP"; then @@ -7329,24 +7306,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_OBJDUMP="objdump" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_OBJDUMP" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 $as_echo "$ac_ct_OBJDUMP" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -7355,7 +7332,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -7375,9 +7352,9 @@ test -z "$OBJDUMP" && OBJDUMP=objdump -{ $as_echo "$as_me:$LINENO: checking how to recognize dependent libraries" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 $as_echo_n "checking how to recognize dependent libraries... " >&6; } -if test "${lt_cv_deplibs_check_method+set}" = set; then +if test "${lt_cv_deplibs_check_method+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_file_magic_cmd='$MAGIC_CMD' @@ -7571,7 +7548,7 @@ tpf*) esac fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 $as_echo "$lt_cv_deplibs_check_method" >&6; } file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method @@ -7591,9 +7568,9 @@ test -z "$deplibs_check_method" && deplibs_check_method=unknown if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. set dummy ${ac_tool_prefix}ar; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_AR+set}" = set; then +if test "${ac_cv_prog_AR+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$AR"; then @@ -7604,24 +7581,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AR="${ac_tool_prefix}ar" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then - { $as_echo "$as_me:$LINENO: result: $AR" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 $as_echo "$AR" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -7631,9 +7608,9 @@ if test -z "$ac_cv_prog_AR"; then ac_ct_AR=$AR # Extract the first word of "ar", so it can be a program name with args. set dummy ar; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_AR+set}" = set; then +if test "${ac_cv_prog_ac_ct_AR+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_AR"; then @@ -7644,24 +7621,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_AR="ar" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_AR" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 $as_echo "$ac_ct_AR" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -7670,7 +7647,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -7696,9 +7673,9 @@ test -z "$AR_FLAGS" && AR_FLAGS=cru if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_STRIP+set}" = set; then +if test "${ac_cv_prog_STRIP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then @@ -7709,24 +7686,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then - { $as_echo "$as_me:$LINENO: result: $STRIP" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -7736,9 +7713,9 @@ if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then +if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then @@ -7749,24 +7726,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_STRIP="strip" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -7775,7 +7752,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -7795,9 +7772,9 @@ test -z "$STRIP" && STRIP=: if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_RANLIB+set}" = set; then +if test "${ac_cv_prog_RANLIB+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then @@ -7808,24 +7785,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then - { $as_echo "$as_me:$LINENO: result: $RANLIB" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -7835,9 +7812,9 @@ if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then +if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then @@ -7848,24 +7825,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_RANLIB="ranlib" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -7874,7 +7851,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -7952,9 +7929,9 @@ compiler=$CC # Check for command to grab the raw symbol name followed by C symbol from nm. -{ $as_echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 $as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } -if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then +if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then : $as_echo_n "(cached) " >&6 else @@ -8070,18 +8047,18 @@ void nm_test_func(void){} int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm - if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\""; } >&5 (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && test -s "$nlist"; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -8134,11 +8111,11 @@ _LT_EOF lt_save_CFLAGS="$CFLAGS" LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" - if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && test -s conftest${ac_exeext}; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS="$lt_save_LIBS" @@ -8172,10 +8149,10 @@ if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then - { $as_echo "$as_me:$LINENO: result: failed" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 $as_echo "failed" >&6; } else - { $as_echo "$as_me:$LINENO: result: ok" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } fi @@ -8201,7 +8178,7 @@ fi # Check whether --enable-libtool-lock was given. -if test "${enable_libtool_lock+set}" = set; then +if test "${enable_libtool_lock+set}" = set; then : enableval=$enable_libtool_lock; fi @@ -8213,11 +8190,11 @@ case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" @@ -8231,12 +8208,12 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 8234 "configure"' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + echo '#line 8211 "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) @@ -8270,11 +8247,11 @@ x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *32-bit*) case $host in @@ -8323,9 +8300,9 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" - { $as_echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 $as_echo_n "checking whether the C compiler needs -belf... " >&6; } -if test "${lt_cv_cc_needs_belf+set}" = set; then +if test "${lt_cv_cc_needs_belf+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_ext=c @@ -8334,11 +8311,7 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -8349,38 +8322,13 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : lt_cv_cc_needs_belf=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - lt_cv_cc_needs_belf=no + lt_cv_cc_needs_belf=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -8388,7 +8336,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 $as_echo "$lt_cv_cc_needs_belf" >&6; } if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf @@ -8398,11 +8346,11 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; } sparc*-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in @@ -8428,9 +8376,9 @@ need_locks="$enable_libtool_lock" if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_DSYMUTIL+set}" = set; then +if test "${ac_cv_prog_DSYMUTIL+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$DSYMUTIL"; then @@ -8441,24 +8389,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then - { $as_echo "$as_me:$LINENO: result: $DSYMUTIL" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 $as_echo "$DSYMUTIL" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -8468,9 +8416,9 @@ if test -z "$ac_cv_prog_DSYMUTIL"; then ac_ct_DSYMUTIL=$DSYMUTIL # Extract the first word of "dsymutil", so it can be a program name with args. set dummy dsymutil; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then +if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DSYMUTIL"; then @@ -8481,24 +8429,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_DSYMUTIL" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 $as_echo "$ac_ct_DSYMUTIL" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -8507,7 +8455,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -8520,9 +8468,9 @@ fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. set dummy ${ac_tool_prefix}nmedit; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_NMEDIT+set}" = set; then +if test "${ac_cv_prog_NMEDIT+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$NMEDIT"; then @@ -8533,24 +8481,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then - { $as_echo "$as_me:$LINENO: result: $NMEDIT" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 $as_echo "$NMEDIT" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -8560,9 +8508,9 @@ if test -z "$ac_cv_prog_NMEDIT"; then ac_ct_NMEDIT=$NMEDIT # Extract the first word of "nmedit", so it can be a program name with args. set dummy nmedit; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then +if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_NMEDIT"; then @@ -8573,24 +8521,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_NMEDIT="nmedit" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_NMEDIT" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 $as_echo "$ac_ct_NMEDIT" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -8599,7 +8547,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -8612,9 +8560,9 @@ fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. set dummy ${ac_tool_prefix}lipo; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_LIPO+set}" = set; then +if test "${ac_cv_prog_LIPO+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$LIPO"; then @@ -8625,24 +8573,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_LIPO="${ac_tool_prefix}lipo" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi LIPO=$ac_cv_prog_LIPO if test -n "$LIPO"; then - { $as_echo "$as_me:$LINENO: result: $LIPO" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 $as_echo "$LIPO" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -8652,9 +8600,9 @@ if test -z "$ac_cv_prog_LIPO"; then ac_ct_LIPO=$LIPO # Extract the first word of "lipo", so it can be a program name with args. set dummy lipo; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then +if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_LIPO"; then @@ -8665,24 +8613,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_LIPO="lipo" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO if test -n "$ac_ct_LIPO"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_LIPO" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 $as_echo "$ac_ct_LIPO" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -8691,7 +8639,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -8704,9 +8652,9 @@ fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. set dummy ${ac_tool_prefix}otool; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OTOOL+set}" = set; then +if test "${ac_cv_prog_OTOOL+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL"; then @@ -8717,24 +8665,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_OTOOL="${ac_tool_prefix}otool" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi OTOOL=$ac_cv_prog_OTOOL if test -n "$OTOOL"; then - { $as_echo "$as_me:$LINENO: result: $OTOOL" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 $as_echo "$OTOOL" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -8744,9 +8692,9 @@ if test -z "$ac_cv_prog_OTOOL"; then ac_ct_OTOOL=$OTOOL # Extract the first word of "otool", so it can be a program name with args. set dummy otool; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then +if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL"; then @@ -8757,24 +8705,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_OTOOL="otool" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL if test -n "$ac_ct_OTOOL"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_OTOOL" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 $as_echo "$ac_ct_OTOOL" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -8783,7 +8731,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -8796,9 +8744,9 @@ fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. set dummy ${ac_tool_prefix}otool64; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_OTOOL64+set}" = set; then +if test "${ac_cv_prog_OTOOL64+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL64"; then @@ -8809,24 +8757,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi OTOOL64=$ac_cv_prog_OTOOL64 if test -n "$OTOOL64"; then - { $as_echo "$as_me:$LINENO: result: $OTOOL64" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 $as_echo "$OTOOL64" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -8836,9 +8784,9 @@ if test -z "$ac_cv_prog_OTOOL64"; then ac_ct_OTOOL64=$OTOOL64 # Extract the first word of "otool64", so it can be a program name with args. set dummy otool64; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then +if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL64"; then @@ -8849,24 +8797,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_OTOOL64="otool64" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 if test -n "$ac_ct_OTOOL64"; then - { $as_echo "$as_me:$LINENO: result: $ac_ct_OTOOL64" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 $as_echo "$ac_ct_OTOOL64" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -8875,7 +8823,7 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac @@ -8911,9 +8859,9 @@ fi - { $as_echo "$as_me:$LINENO: checking for -single_module linker flag" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 $as_echo_n "checking for -single_module linker flag... " >&6; } -if test "${lt_cv_apple_cc_single_mod+set}" = set; then +if test "${lt_cv_apple_cc_single_mod+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_apple_cc_single_mod=no @@ -8938,22 +8886,18 @@ else rm -f conftest.* fi fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_apple_cc_single_mod" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 $as_echo "$lt_cv_apple_cc_single_mod" >&6; } - { $as_echo "$as_me:$LINENO: checking for -exported_symbols_list linker flag" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 $as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } -if test "${lt_cv_ld_exported_symbols_list+set}" = set; then +if test "${lt_cv_ld_exported_symbols_list+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -8964,42 +8908,17 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : lt_cv_ld_exported_symbols_list=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - lt_cv_ld_exported_symbols_list=no + lt_cv_ld_exported_symbols_list=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_ld_exported_symbols_list" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 $as_echo "$lt_cv_ld_exported_symbols_list" >&6; } case $host_os in rhapsody* | darwin1.[012]) @@ -9036,62 +8955,13 @@ $as_echo "$lt_cv_ld_exported_symbols_list" >&6; } ;; esac - for ac_header in dlfcn.h -do -as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 -$as_echo_n "checking for $ac_header... " >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - $as_echo_n "(cached) " >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval 'as_val=${'$as_ac_Header'} - $as_echo "$as_val"'` - { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -as_val=`eval 'as_val=${'$as_ac_Header'} - $as_echo "$as_val"'` - if test "x$as_val" = x""yes; then +do : + ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default +" +if test "x$ac_cv_header_dlfcn_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_DLFCN_H 1 _ACEOF fi @@ -9111,7 +8981,7 @@ done # Check whether --enable-shared was given. -if test "${enable_shared+set}" = set; then +if test "${enable_shared+set}" = set; then : enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; @@ -9142,7 +9012,7 @@ fi # Check whether --enable-static was given. -if test "${enable_static+set}" = set; then +if test "${enable_static+set}" = set; then : enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; @@ -9174,7 +9044,7 @@ fi # Check whether --with-pic was given. -if test "${with_pic+set}" = set; then +if test "${with_pic+set}" = set; then : withval=$with_pic; pic_mode="$withval" else pic_mode=default @@ -9190,7 +9060,7 @@ test -z "$pic_mode" && pic_mode=default # Check whether --enable-fast-install was given. -if test "${enable_fast_install+set}" = set; then +if test "${enable_fast_install+set}" = set; then : enableval=$enable_fast_install; p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; @@ -9271,9 +9141,9 @@ if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi -{ $as_echo "$as_me:$LINENO: checking for objdir" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 $as_echo_n "checking for objdir... " >&6; } -if test "${lt_cv_objdir+set}" = set; then +if test "${lt_cv_objdir+set}" = set; then : $as_echo_n "(cached) " >&6 else rm -f .libs 2>/dev/null @@ -9286,7 +9156,7 @@ else fi rmdir .libs 2>/dev/null fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 $as_echo "$lt_cv_objdir" >&6; } objdir=$lt_cv_objdir @@ -9379,9 +9249,9 @@ test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then - { $as_echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 $as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } -if test "${lt_cv_path_MAGIC_CMD+set}" = set; then +if test "${lt_cv_path_MAGIC_CMD+set}" = set; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in @@ -9432,10 +9302,10 @@ fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then - { $as_echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -9445,9 +9315,9 @@ fi if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then - { $as_echo "$as_me:$LINENO: checking for file" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 $as_echo_n "checking for file... " >&6; } -if test "${lt_cv_path_MAGIC_CMD+set}" = set; then +if test "${lt_cv_path_MAGIC_CMD+set}" = set; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in @@ -9498,10 +9368,10 @@ fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then - { $as_echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -9571,6 +9441,10 @@ _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... if test -n "$compiler"; then lt_prog_compiler_no_builtin_flag= @@ -9578,9 +9452,9 @@ lt_prog_compiler_no_builtin_flag= if test "$GCC" = yes; then lt_prog_compiler_no_builtin_flag=' -fno-builtin' - { $as_echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 $as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } -if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then +if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_rtti_exceptions=no @@ -9596,11 +9470,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9599: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9473: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9603: \$? = $ac_status" >&5 + echo "$as_me:9477: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9613,7 +9487,7 @@ else $RM conftest* fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 $as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then @@ -9633,7 +9507,7 @@ fi lt_prog_compiler_pic= lt_prog_compiler_static= -{ $as_echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 $as_echo_n "checking for $compiler option to produce PIC... " >&6; } if test "$GCC" = yes; then @@ -9905,7 +9779,7 @@ case $host_os in lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" ;; esac -{ $as_echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic" >&5 $as_echo "$lt_prog_compiler_pic" >&6; } @@ -9917,9 +9791,9 @@ $as_echo "$lt_prog_compiler_pic" >&6; } # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic"; then - { $as_echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 $as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } -if test "${lt_cv_prog_compiler_pic_works+set}" = set; then +if test "${lt_cv_prog_compiler_pic_works+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_pic_works=no @@ -9935,11 +9809,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9938: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9812: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9942: \$? = $ac_status" >&5 + echo "$as_me:9816: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9952,7 +9826,7 @@ else $RM conftest* fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_pic_works" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 $as_echo "$lt_cv_prog_compiler_pic_works" >&6; } if test x"$lt_cv_prog_compiler_pic_works" = xyes; then @@ -9976,9 +9850,9 @@ fi # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" -{ $as_echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 $as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } -if test "${lt_cv_prog_compiler_static_works+set}" = set; then +if test "${lt_cv_prog_compiler_static_works+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_static_works=no @@ -10004,7 +9878,7 @@ else LDFLAGS="$save_LDFLAGS" fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_static_works" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 $as_echo "$lt_cv_prog_compiler_static_works" >&6; } if test x"$lt_cv_prog_compiler_static_works" = xyes; then @@ -10019,9 +9893,9 @@ fi - { $as_echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } -if test "${lt_cv_prog_compiler_c_o+set}" = set; then +if test "${lt_cv_prog_compiler_c_o+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no @@ -10040,11 +9914,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10043: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9917: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:10047: \$? = $ac_status" >&5 + echo "$as_me:9921: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10066,7 +9940,7 @@ else $RM conftest* fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } @@ -10074,9 +9948,9 @@ $as_echo "$lt_cv_prog_compiler_c_o" >&6; } - { $as_echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } -if test "${lt_cv_prog_compiler_c_o+set}" = set; then +if test "${lt_cv_prog_compiler_c_o+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no @@ -10095,11 +9969,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10098: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9972: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:10102: \$? = $ac_status" >&5 + echo "$as_me:9976: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10121,7 +9995,7 @@ else $RM conftest* fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } @@ -10130,7 +10004,7 @@ $as_echo "$lt_cv_prog_compiler_c_o" >&6; } hard_links="nottested" if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user - { $as_echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 $as_echo_n "checking if we can lock with hard links... " >&6; } hard_links=yes $RM conftest* @@ -10138,10 +10012,10 @@ $as_echo_n "checking if we can lock with hard links... " >&6; } touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no - { $as_echo "$as_me:$LINENO: result: $hard_links" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 $as_echo "$hard_links" >&6; } if test "$hard_links" = no; then - { $as_echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 $as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} need_locks=warn fi @@ -10154,7 +10028,7 @@ fi - { $as_echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 $as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } runpath_var= @@ -10214,6 +10088,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie openbsd*) with_gnu_ld=no ;; + linux* | k*bsd*-gnu) + link_all_deplibs=no + ;; esac ld_shlibs=yes @@ -10597,11 +10474,7 @@ _LT_EOF allow_undefined_flag='-berok' # Determine the default libpath from the value encoded in an # empty executable. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -10612,27 +10485,7 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { @@ -10646,16 +10499,9 @@ aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpat if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" @@ -10668,11 +10514,7 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi else # Determine the default libpath from the value encoded in an # empty executable. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -10683,27 +10525,7 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { @@ -10717,16 +10539,9 @@ aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpat if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" @@ -10938,42 +10753,16 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi # implicitly export all symbols. save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" - cat >conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ int foo(void) {} _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' @@ -11229,7 +11018,7 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ fi fi -{ $as_echo "$as_me:$LINENO: result: $ld_shlibs" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 $as_echo "$ld_shlibs" >&6; } test "$ld_shlibs" = no && can_build_shared=no @@ -11266,16 +11055,16 @@ x|xyes) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. - { $as_echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 $as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext - if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } 2>conftest.err; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext @@ -11289,11 +11078,11 @@ $as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } libname=conftest lt_save_allow_undefined_flag=$allow_undefined_flag allow_undefined_flag= - if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } then archive_cmds_need_lc=no else @@ -11304,7 +11093,7 @@ $as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } cat conftest.err 1>&5 fi $RM conftest* - { $as_echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc" >&5 $as_echo "$archive_cmds_need_lc" >&6; } ;; esac @@ -11468,7 +11257,7 @@ esac - { $as_echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 $as_echo_n "checking dynamic linker characteristics... " >&6; } if test "$GCC" = yes; then @@ -11890,11 +11679,7 @@ linux* | k*bsd*-gnu) save_libdir=$libdir eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -11905,41 +11690,13 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then - if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then +if ac_fn_c_try_link "$LINENO"; then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : shlibpath_overrides_runpath=yes fi - -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS libdir=$save_libdir @@ -12163,7 +11920,7 @@ uts4*) dynamic_linker=no ;; esac -{ $as_echo "$as_me:$LINENO: result: $dynamic_linker" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 $as_echo "$dynamic_linker" >&6; } test "$dynamic_linker" = no && can_build_shared=no @@ -12265,7 +12022,7 @@ fi - { $as_echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 $as_echo_n "checking how to hardcode library paths into programs... " >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || @@ -12290,7 +12047,7 @@ else # directories. hardcode_action=unsupported fi -{ $as_echo "$as_me:$LINENO: result: $hardcode_action" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 $as_echo "$hardcode_action" >&6; } if test "$hardcode_action" = relink || @@ -12335,18 +12092,14 @@ else darwin*) # if libdl is installed we need to link against it - { $as_echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } -if test "${ac_cv_lib_dl_dlopen+set}" = set; then +if test "${ac_cv_lib_dl_dlopen+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -12364,43 +12117,18 @@ return dlopen (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dl_dlopen=no + ac_cv_lib_dl_dlopen=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = x""yes; then +if test "x$ac_cv_lib_dl_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else @@ -12413,33 +12141,19 @@ fi ;; *) - { $as_echo "$as_me:$LINENO: checking for shl_load" >&5 -$as_echo_n "checking for shl_load... " >&6; } -if test "${ac_cv_func_shl_load+set}" = set; then + ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" +if test "x$ac_cv_func_shl_load" = x""yes; then : + lt_cv_dlopen="shl_load" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +$as_echo_n "checking for shl_load in -ldld... " >&6; } +if test "${ac_cv_lib_dld_shl_load+set}" = set; then : $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -/* Define shl_load to an innocuous variant, in case declares shl_load. - For example, HP-UX 11i declares gettimeofday. */ -#define shl_load innocuous_shl_load - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char shl_load (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef shl_load /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC @@ -12448,13 +12162,6 @@ cat >>conftest.$ac_ext <<_ACEOF extern "C" #endif char shl_load (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_shl_load || defined __stub___shl_load -choke me -#endif - int main () { @@ -12463,56 +12170,32 @@ return shl_load (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then - ac_cv_func_shl_load=yes +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_shl_load=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_shl_load=no + ac_cv_lib_dld_shl_load=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5 -$as_echo "$ac_cv_func_shl_load" >&6; } -if test "x$ac_cv_func_shl_load" = x""yes; then - lt_cv_dlopen="shl_load" +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +$as_echo "$ac_cv_lib_dld_shl_load" >&6; } +if test "x$ac_cv_lib_dld_shl_load" = x""yes; then : + lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" else - { $as_echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5 -$as_echo_n "checking for shl_load in -ldld... " >&6; } -if test "${ac_cv_lib_dld_shl_load+set}" = set; then + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = x""yes; then : + lt_cv_dlopen="dlopen" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if test "${ac_cv_lib_dl_dlopen+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-ldld $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -12521,222 +12204,37 @@ cat >>conftest.$ac_ext <<_ACEOF #ifdef __cplusplus extern "C" #endif -char shl_load (); +char dlopen (); int main () { -return shl_load (); +return dlopen (); ; return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then - ac_cv_lib_dld_shl_load=yes +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dld_shl_load=no -fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5 -$as_echo "$ac_cv_lib_dld_shl_load" >&6; } -if test "x$ac_cv_lib_dld_shl_load" = x""yes; then - lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" -else - { $as_echo "$as_me:$LINENO: checking for dlopen" >&5 -$as_echo_n "checking for dlopen... " >&6; } -if test "${ac_cv_func_dlopen+set}" = set; then - $as_echo_n "(cached) " >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define dlopen to an innocuous variant, in case declares dlopen. - For example, HP-UX 11i declares gettimeofday. */ -#define dlopen innocuous_dlopen - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char dlopen (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef dlopen - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_dlopen || defined __stub___dlopen -choke me -#endif - -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then - ac_cv_func_dlopen=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_dlopen=no -fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5 -$as_echo "$ac_cv_func_dlopen" >&6; } -if test "x$ac_cv_func_dlopen" = x""yes; then - lt_cv_dlopen="dlopen" -else - { $as_echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 -$as_echo_n "checking for dlopen in -ldl... " >&6; } -if test "${ac_cv_lib_dl_dlopen+set}" = set; then - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then - ac_cv_lib_dl_dlopen=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dl_dlopen=no + ac_cv_lib_dl_dlopen=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = x""yes; then +if test "x$ac_cv_lib_dl_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else - { $as_echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 $as_echo_n "checking for dlopen in -lsvld... " >&6; } -if test "${ac_cv_lib_svld_dlopen+set}" = set; then +if test "${ac_cv_lib_svld_dlopen+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -12754,57 +12252,28 @@ return dlopen (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_svld_dlopen=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_svld_dlopen=no + ac_cv_lib_svld_dlopen=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 $as_echo "$ac_cv_lib_svld_dlopen" >&6; } -if test "x$ac_cv_lib_svld_dlopen" = x""yes; then +if test "x$ac_cv_lib_svld_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" else - { $as_echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 $as_echo_n "checking for dld_link in -ldld... " >&6; } -if test "${ac_cv_lib_dld_dld_link+set}" = set; then +if test "${ac_cv_lib_dld_dld_link+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -12822,43 +12291,18 @@ return dld_link (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_dld_link=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dld_dld_link=no + ac_cv_lib_dld_dld_link=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 $as_echo "$ac_cv_lib_dld_dld_link" >&6; } -if test "x$ac_cv_lib_dld_dld_link" = x""yes; then +if test "x$ac_cv_lib_dld_dld_link" = x""yes; then : lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" fi @@ -12897,9 +12341,9 @@ fi save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" - { $as_echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 $as_echo_n "checking whether a program can dlopen itself... " >&6; } -if test "${lt_cv_dlopen_self+set}" = set; then +if test "${lt_cv_dlopen_self+set}" = set; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : @@ -12908,7 +12352,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12911 "configure" +#line 12355 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12967,11 +12411,11 @@ int main () return status; } _LT_EOF - if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in @@ -12988,14 +12432,14 @@ rm -fr conftest* fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 $as_echo "$lt_cv_dlopen_self" >&6; } if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" - { $as_echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 $as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } -if test "${lt_cv_dlopen_self_static+set}" = set; then +if test "${lt_cv_dlopen_self_static+set}" = set; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : @@ -13004,7 +12448,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 13007 "configure" +#line 12451 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -13063,11 +12507,11 @@ int main () return status; } _LT_EOF - if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in @@ -13084,7 +12528,7 @@ rm -fr conftest* fi -{ $as_echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 $as_echo "$lt_cv_dlopen_self_static" >&6; } fi @@ -13123,12 +12567,12 @@ fi striplib= old_striplib= -{ $as_echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 $as_echo_n "checking whether stripping libraries is possible... " >&6; } if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" - { $as_echo "$as_me:$LINENO: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else # FIXME - insert some real tests, host_os isn't really good enough @@ -13137,15 +12581,15 @@ else if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" - { $as_echo "$as_me:$LINENO: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi ;; *) - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; esac @@ -13163,12 +12607,12 @@ fi # Report which library types will actually be built - { $as_echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 $as_echo_n "checking if libtool supports shared libraries... " >&6; } - { $as_echo "$as_me:$LINENO: result: $can_build_shared" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 $as_echo "$can_build_shared" >&6; } - { $as_echo "$as_me:$LINENO: checking whether to build shared libraries" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 $as_echo_n "checking whether to build shared libraries... " >&6; } test "$can_build_shared" = "no" && enable_shared=no @@ -13189,14 +12633,14 @@ $as_echo_n "checking whether to build shared libraries... " >&6; } fi ;; esac - { $as_echo "$as_me:$LINENO: result: $enable_shared" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 $as_echo "$enable_shared" >&6; } - { $as_echo "$as_me:$LINENO: checking whether to build static libraries" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 $as_echo_n "checking whether to build static libraries... " >&6; } # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes - { $as_echo "$as_me:$LINENO: result: $enable_static" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 $as_echo "$enable_static" >&6; } @@ -13231,9 +12675,9 @@ CC="$lt_save_CC" # Only expand once: -{ $as_echo "$as_me:$LINENO: checking for egrep" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } -if test "${ac_cv_path_EGREP+set}" = set; then +if test "${ac_cv_path_EGREP+set}" = set; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 @@ -13247,7 +12691,7 @@ for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do + for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue @@ -13267,7 +12711,7 @@ case `"$ac_path_EGREP" --version 2>&1` in $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - ac_count=`expr $ac_count + 1` + as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" @@ -13282,12 +12726,10 @@ esac $ac_path_EGREP_found && break 3 done done -done + done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then - { { $as_echo "$as_me:$LINENO: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 -$as_echo "$as_me: error: no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP @@ -13295,7 +12737,7 @@ fi fi fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" @@ -13304,9 +12746,9 @@ for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_AWK+set}" = set; then +if test "${ac_cv_prog_AWK+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then @@ -13317,24 +12759,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AWK="$ac_prog" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then - { $as_echo "$as_me:$LINENO: result: $AWK" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -13346,9 +12788,9 @@ for ac_prog in flex lex do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_LEX+set}" = set; then +if test "${ac_cv_prog_LEX+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$LEX"; then @@ -13359,24 +12801,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_LEX="$ac_prog" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi LEX=$ac_cv_prog_LEX if test -n "$LEX"; then - { $as_echo "$as_me:$LINENO: result: $LEX" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5 $as_echo "$LEX" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -13405,20 +12847,20 @@ main (void) return ! yylex () + ! yywrap (); } _ACEOF -{ (ac_try="$LEX conftest.l" +{ { ac_try="$LEX conftest.l" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 (eval "$LEX conftest.l") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ $as_echo "$as_me:$LINENO: checking lex output file root" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking lex output file root" >&5 $as_echo_n "checking lex output file root... " >&6; } -if test "${ac_cv_prog_lex_root+set}" = set; then +if test "${ac_cv_prog_lex_root+set}" = set; then : $as_echo_n "(cached) " >&6 else @@ -13427,19 +12869,17 @@ if test -f lex.yy.c; then elif test -f lexyy.c; then ac_cv_prog_lex_root=lexyy else - { { $as_echo "$as_me:$LINENO: error: cannot find output from $LEX; giving up" >&5 -$as_echo "$as_me: error: cannot find output from $LEX; giving up" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "cannot find output from $LEX; giving up" "$LINENO" 5 fi fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_lex_root" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5 $as_echo "$ac_cv_prog_lex_root" >&6; } LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root if test -z "${LEXLIB+set}"; then - { $as_echo "$as_me:$LINENO: checking lex library" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex library" >&5 $as_echo_n "checking lex library... " >&6; } -if test "${ac_cv_lib_lex+set}" = set; then +if test "${ac_cv_lib_lex+set}" = set; then : $as_echo_n "(cached) " >&6 else @@ -13447,55 +12887,29 @@ else ac_cv_lib_lex='none needed' for ac_lib in '' -lfl -ll; do LIBS="$ac_lib $ac_save_LIBS" - cat >conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ `cat $LEX_OUTPUT_ROOT.c` _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_lex=$ac_lib -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext test "$ac_cv_lib_lex" != 'none needed' && break done LIBS=$ac_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_lex" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5 $as_echo "$ac_cv_lib_lex" >&6; } test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex fi -{ $as_echo "$as_me:$LINENO: checking whether yytext is a pointer" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5 $as_echo_n "checking whether yytext is a pointer... " >&6; } -if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then +if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then : $as_echo_n "(cached) " >&6 else # POSIX says lex can declare yytext either as a pointer or an array; the @@ -13504,52 +12918,24 @@ else ac_cv_prog_lex_yytext_pointer=no ac_save_LIBS=$LIBS LIBS="$LEXLIB $ac_save_LIBS" -cat >conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ #define YYTEXT_POINTER 1 `cat $LEX_OUTPUT_ROOT.c` _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_prog_lex_yytext_pointer=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_lex_yytext_pointer" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5 $as_echo "$ac_cv_prog_lex_yytext_pointer" >&6; } if test $ac_cv_prog_lex_yytext_pointer = yes; then -cat >>confdefs.h <<\_ACEOF -#define YYTEXT_POINTER 1 -_ACEOF +$as_echo "#define YYTEXT_POINTER 1" >>confdefs.h fi rm -f conftest.l $LEX_OUTPUT_ROOT.c @@ -13559,9 +12945,9 @@ for ac_prog in 'bison -y' byacc do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_YACC+set}" = set; then +if test "${ac_cv_prog_YACC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$YACC"; then @@ -13572,24 +12958,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_YACC="$ac_prog" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi YACC=$ac_cv_prog_YACC if test -n "$YACC"; then - { $as_echo "$as_me:$LINENO: result: $YACC" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5 $as_echo "$YACC" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -13600,9 +12986,9 @@ test -n "$YACC" || YACC="yacc" # Extract the first word of "perl", so it can be a program name with args. set dummy perl; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_path_PERL+set}" = set; then +if test "${ac_cv_path_PERL+set}" = set; then : $as_echo_n "(cached) " >&6 else case $PERL in @@ -13616,14 +13002,14 @@ for as_dir in $as_dummy do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS ;; @@ -13631,19 +13017,19 @@ esac fi PERL=$ac_cv_path_PERL if test -n "$PERL"; then - { $as_echo "$as_me:$LINENO: result: $PERL" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5 $as_echo "$PERL" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "gperf", so it can be a program name with args. set dummy gperf; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_path_GPERF+set}" = set; then +if test "${ac_cv_path_GPERF+set}" = set; then : $as_echo_n "(cached) " >&6 else case $GPERF in @@ -13657,14 +13043,14 @@ for as_dir in $as_dummy do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_GPERF="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS ;; @@ -13672,74 +13058,71 @@ esac fi GPERF=$ac_cv_path_GPERF if test -n "$GPERF"; then - { $as_echo "$as_me:$LINENO: result: $GPERF" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GPERF" >&5 $as_echo "$GPERF" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -{ $as_echo "$as_me:$LINENO: checking gperf version >= 3.0.0" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking gperf version >= 3.0.0" >&5 $as_echo_n "checking gperf version >= 3.0.0... " >&6; } if test -x "$GPERF"; then if test "`$GPERF --version | $AWK -F' ' '/^GNU gperf/ { print $3 }' | $AWK -F. '{ print $1 }'`" -ge "3"; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi else - { $as_echo "$as_me:$LINENO: result: not found" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } fi -{ $as_echo "$as_me:$LINENO: checking for uid of user \"$ipsecuser\"" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid of user \"$ipsecuser\"" >&5 $as_echo_n "checking for uid of user \"$ipsecuser\"... " >&6; } ipsecuid=`id -u $ipsecuser 2>/dev/null` if test -n "$ipsecuid"; then - { $as_echo "$as_me:$LINENO: result: $ipsecuid" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ipsecuid" >&5 $as_echo "$ipsecuid" >&6; } else - { { $as_echo "$as_me:$LINENO: error: not found" >&5 -$as_echo "$as_me: error: not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "not found" "$LINENO" 5 fi -{ $as_echo "$as_me:$LINENO: checking for gid of group \"$ipsecgroup\"" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gid of group \"$ipsecgroup\"" >&5 $as_echo_n "checking for gid of group \"$ipsecgroup\"... " >&6; } ipsecgid=`$EGREP "^$ipsecgroup:" /etc/group | $AWK -F: '{ print $3 }'` if test -n "$ipsecgid"; then - { $as_echo "$as_me:$LINENO: result: $ipsecgid" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ipsecgid" >&5 $as_echo "$ipsecgid" >&6; } else - { { $as_echo "$as_me:$LINENO: error: not found" >&5 -$as_echo "$as_me: error: not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "not found" "$LINENO" 5 fi -if test x$eap_aka = xtrue; then +if test x$eap_aka_3gpp2 = xtrue; then gmp=true; +fi + +if test x$eap_aka = xtrue; then fips_prf=true; sha1=true; + simaka=true; fi if test x$eap_sim = xtrue; then fips_prf=true; + simaka=true; fi if test x$fips_prf = xtrue; then sha1=true; fi -if test x$tools = xtrue; then - gmp=true; -fi - if test x$smp = xtrue; then xml=true fi @@ -13749,25 +13132,21 @@ if test x$manager = xtrue; then fi if test x$medsrv = xtrue; then - me=true + mediation=true fast=true fi if test x$medcli = xtrue; then - me=true + mediation=true fi -{ $as_echo "$as_me:$LINENO: checking for stdbool.h that conforms to C99" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 $as_echo_n "checking for stdbool.h that conforms to C99... " >&6; } -if test "${ac_cv_header_stdbool_h+set}" = set; then +if test "${ac_cv_header_stdbool_h+set}" = set; then : $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -13847,223 +13226,72 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then +if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdbool_h=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_header_stdbool_h=no + ac_cv_header_stdbool_h=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_stdbool_h" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5 $as_echo "$ac_cv_header_stdbool_h" >&6; } -{ $as_echo "$as_me:$LINENO: checking for _Bool" >&5 -$as_echo_n "checking for _Bool... " >&6; } -if test "${ac_cv_type__Bool+set}" = set; then +ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default" +if test "x$ac_cv_type__Bool" = x""yes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE__BOOL 1 +_ACEOF + + +fi + +if test $ac_cv_header_stdbool_h = yes; then + +$as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h + +fi + +# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works +# for constant arguments. Useless! +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working alloca.h" >&5 +$as_echo_n "checking for working alloca.h... " >&6; } +if test "${ac_cv_working_alloca_h+set}" = set; then : $as_echo_n "(cached) " >&6 else - ac_cv_type__Bool=no -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -if (sizeof (_Bool)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$ac_includes_default +#include int main () { -if (sizeof ((_Bool))) - return 0; +char *p = (char *) alloca (2 * sizeof (int)); + if (p) return 0; ; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - : -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type__Bool=yes -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_type__Bool" >&5 -$as_echo "$ac_cv_type__Bool" >&6; } -if test "x$ac_cv_type__Bool" = x""yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE__BOOL 1 -_ACEOF - - -fi - -if test $ac_cv_header_stdbool_h = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_STDBOOL_H 1 -_ACEOF - -fi - -# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works -# for constant arguments. Useless! -{ $as_echo "$as_me:$LINENO: checking for working alloca.h" >&5 -$as_echo_n "checking for working alloca.h... " >&6; } -if test "${ac_cv_working_alloca_h+set}" = set; then - $as_echo_n "(cached) " >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -int -main () -{ -char *p = (char *) alloca (2 * sizeof (int)); - if (p) return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_working_alloca_h=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_working_alloca_h=no + ac_cv_working_alloca_h=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_working_alloca_h" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_working_alloca_h" >&5 $as_echo "$ac_cv_working_alloca_h" >&6; } if test $ac_cv_working_alloca_h = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_ALLOCA_H 1 -_ACEOF +$as_echo "#define HAVE_ALLOCA_H 1" >>confdefs.h fi -{ $as_echo "$as_me:$LINENO: checking for alloca" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for alloca" >&5 $as_echo_n "checking for alloca... " >&6; } -if test "${ac_cv_func_alloca_works+set}" = set; then +if test "${ac_cv_func_alloca_works+set}" = set; then : $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __GNUC__ # define alloca __builtin_alloca @@ -14095,47 +13323,20 @@ char *p = (char *) alloca (1); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_func_alloca_works=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_alloca_works=no + ac_cv_func_alloca_works=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_func_alloca_works" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_alloca_works" >&5 $as_echo "$ac_cv_func_alloca_works" >&6; } if test $ac_cv_func_alloca_works = yes; then -cat >>confdefs.h <<\_ACEOF -#define HAVE_ALLOCA 1 -_ACEOF +$as_echo "#define HAVE_ALLOCA 1" >>confdefs.h else # The SVR3 libPW and SVR4 libucb both contain incompatible functions @@ -14145,21 +13346,15 @@ else ALLOCA=\${LIBOBJDIR}alloca.$ac_objext -cat >>confdefs.h <<\_ACEOF -#define C_ALLOCA 1 -_ACEOF +$as_echo "#define C_ALLOCA 1" >>confdefs.h -{ $as_echo "$as_me:$LINENO: checking whether \`alloca.c' needs Cray hooks" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether \`alloca.c' needs Cray hooks" >&5 $as_echo_n "checking whether \`alloca.c' needs Cray hooks... " >&6; } -if test "${ac_cv_os_cray+set}" = set; then +if test "${ac_cv_os_cray+set}" = set; then : $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #if defined CRAY && ! defined CRAY2 webecray @@ -14169,7 +13364,7 @@ wenotbecray _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "webecray" >/dev/null 2>&1; then + $EGREP "webecray" >/dev/null 2>&1; then : ac_cv_os_cray=yes else ac_cv_os_cray=no @@ -14177,101 +13372,14 @@ fi rm -f conftest* fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_os_cray" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_os_cray" >&5 $as_echo "$ac_cv_os_cray" >&6; } if test $ac_cv_os_cray = yes; then for ac_func in _getb67 GETB67 getb67; do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 -$as_echo_n "checking for $ac_func... " >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - $as_echo_n "(cached) " >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then - eval "$as_ac_var=yes" -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval 'as_val=${'$as_ac_var'} - $as_echo "$as_val"'` - { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -as_val=`eval 'as_val=${'$as_ac_var'} - $as_echo "$as_val"'` - if test "x$as_val" = x""yes; then +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +eval as_val=\$$as_ac_var + if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define CRAY_STACKSEG_END $ac_func @@ -14283,19 +13391,15 @@ fi done fi -{ $as_echo "$as_me:$LINENO: checking stack direction for C alloca" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking stack direction for C alloca" >&5 $as_echo_n "checking stack direction for C alloca... " >&6; } -if test "${ac_cv_c_stack_direction+set}" = set; then +if test "${ac_cv_c_stack_direction+set}" = set; then : $as_echo_n "(cached) " >&6 else - if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : ac_cv_c_stack_direction=0 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int @@ -14318,46 +13422,18 @@ main () return find_stack_direction () < 0; } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then +if ac_fn_c_try_run "$LINENO"; then : ac_cv_c_stack_direction=1 else - $as_echo "$as_me: program exited with status $ac_status" >&5 -$as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_c_stack_direction=-1 + ac_cv_c_stack_direction=-1 fi -rm -rf conftest.dSYM -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi - fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_stack_direction" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_stack_direction" >&5 $as_echo "$ac_cv_c_stack_direction" >&6; } - cat >>confdefs.h <<_ACEOF #define STACK_DIRECTION $ac_cv_c_stack_direction _ACEOF @@ -14369,17 +13445,13 @@ fi saved_LIBS=$LIBS LIBS="" -{ $as_echo "$as_me:$LINENO: checking for library containing dlopen" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 $as_echo_n "checking for library containing dlopen... " >&6; } -if test "${ac_cv_search_dlopen+set}" = set; then +if test "${ac_cv_search_dlopen+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -14404,54 +13476,27 @@ for ac_lib in '' dl; do ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then + if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_dlopen=$ac_res -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_dlopen+set}" = set; then +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_dlopen+set}" = set; then : break fi done -if test "${ac_cv_search_dlopen+set}" = set; then - : +if test "${ac_cv_search_dlopen+set}" = set; then : + else ac_cv_search_dlopen=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_dlopen" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 $as_echo "$ac_cv_search_dlopen" >&6; } ac_res=$ac_cv_search_dlopen -if test "$ac_res" != no; then +if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" DLLIB=$LIBS fi @@ -14459,17 +13504,13 @@ fi LIBS="" -{ $as_echo "$as_me:$LINENO: checking for library containing backtrace" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing backtrace" >&5 $as_echo_n "checking for library containing backtrace... " >&6; } -if test "${ac_cv_search_backtrace+set}" = set; then +if test "${ac_cv_search_backtrace+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -14494,89 +13535,53 @@ for ac_lib in '' execinfo; do ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then + if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_backtrace=$ac_res -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_backtrace+set}" = set; then +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_backtrace+set}" = set; then : break fi done -if test "${ac_cv_search_backtrace+set}" = set; then - : +if test "${ac_cv_search_backtrace+set}" = set; then : + else ac_cv_search_backtrace=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_backtrace" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_backtrace" >&5 $as_echo "$ac_cv_search_backtrace" >&6; } ac_res=$ac_cv_search_backtrace -if test "$ac_res" != no; then +if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" BTLIB=$LIBS fi - for ac_func in backtrace -do -as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 -$as_echo_n "checking for $ac_func... " >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - $as_echo_n "(cached) " >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ +do : + ac_fn_c_check_func "$LINENO" "backtrace" "ac_cv_func_backtrace" +if test "x$ac_cv_func_backtrace" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_BACKTRACE 1 _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ +fi +done -#ifdef __STDC__ -# include -#else -# include -#endif -#undef $ac_func + +LIBS="" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5 +$as_echo_n "checking for library containing socket... " >&6; } +if test "${ac_cv_search_socket+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC @@ -14584,96 +13589,11 @@ cat >>conftest.$ac_ext <<_ACEOF #ifdef __cplusplus extern "C" #endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - +char socket (); int main () { -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then - eval "$as_ac_var=yes" -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval 'as_val=${'$as_ac_var'} - $as_echo "$as_val"'` - { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -as_val=`eval 'as_val=${'$as_ac_var'} - $as_echo "$as_val"'` - if test "x$as_val" = x""yes; then - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - - -LIBS="" -{ $as_echo "$as_me:$LINENO: checking for library containing socket" >&5 -$as_echo_n "checking for library containing socket... " >&6; } -if test "${ac_cv_search_socket+set}" = set; then - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char socket (); -int -main () -{ -return socket (); +return socket (); ; return 0; } @@ -14685,69 +13605,38 @@ for ac_lib in '' socket; do ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then + if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_socket=$ac_res -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_socket+set}" = set; then +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_socket+set}" = set; then : break fi done -if test "${ac_cv_search_socket+set}" = set; then - : +if test "${ac_cv_search_socket+set}" = set; then : + else ac_cv_search_socket=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_socket" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5 $as_echo "$ac_cv_search_socket" >&6; } ac_res=$ac_cv_search_socket -if test "$ac_res" != no; then +if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" SOCKLIB=$LIBS else - { $as_echo "$as_me:$LINENO: checking for socket in -lnsl" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnsl" >&5 $as_echo_n "checking for socket in -lnsl... " >&6; } -if test "${ac_cv_lib_nsl_socket+set}" = set; then +if test "${ac_cv_lib_nsl_socket+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl -lsocket $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. @@ -14765,43 +13654,18 @@ return socket (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nsl_socket=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_nsl_socket=no + ac_cv_lib_nsl_socket=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_socket" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_socket" >&5 $as_echo "$ac_cv_lib_nsl_socket" >&6; } -if test "x$ac_cv_lib_nsl_socket" = x""yes; then +if test "x$ac_cv_lib_nsl_socket" = x""yes; then : SOCKLIB="-lsocket -lnsl" fi @@ -14810,92 +13674,85 @@ fi -LIBS=$saved_LIBS - -{ $as_echo "$as_me:$LINENO: checking for dladdr" >&5 -$as_echo_n "checking for dladdr... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +LIBS="" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 +$as_echo_n "checking for library containing clock_gettime... " >&6; } +if test "${ac_cv_search_clock_gettime+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#define _GNU_SOURCE - #include + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char clock_gettime (); int main () { -Dl_info* info = 0; - dladdr(0, info); +return clock_gettime (); ; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 -$as_echo "yes" >&6; }; cat >>confdefs.h <<\_ACEOF -#define HAVE_DLADDR 1 -_ACEOF +for ac_lib in '' rt; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_clock_gettime=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_clock_gettime+set}" = set; then : + break +fi +done +if test "${ac_cv_search_clock_gettime+set}" = set; then : else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 + ac_cv_search_clock_gettime=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 +$as_echo "$ac_cv_search_clock_gettime" >&6; } +ac_res=$ac_cv_search_clock_gettime +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + RTLIB=$LIBS +fi - { $as_echo "$as_me:$LINENO: result: no" >&5 -$as_echo "no" >&6; } +for ac_func in clock_gettime +do : + ac_fn_c_check_func "$LINENO" "clock_gettime" "ac_cv_func_clock_gettime" +if test "x$ac_cv_func_clock_gettime" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CLOCK_GETTIME 1 +_ACEOF fi +done -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -for ac_func in prctl -do -as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ $as_echo "$as_me:$LINENO: checking for $ac_func" >&5 -$as_echo_n "checking for $ac_func... " >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then +LIBS="" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pthread_create" >&5 +$as_echo_n "checking for library containing pthread_create... " >&6; } +if test "${ac_cv_search_pthread_create+set}" = set; then : $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC @@ -14903,470 +13760,209 @@ cat >>conftest.$ac_ext <<_ACEOF #ifdef __cplusplus extern "C" #endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - +char pthread_create (); int main () { -return $ac_func (); +return pthread_create (); ; return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then - eval "$as_ac_var=yes" -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" +for ac_lib in '' pthread; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_pthread_create=$ac_res fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if test "${ac_cv_search_pthread_create+set}" = set; then : + break fi -ac_res=`eval 'as_val=${'$as_ac_var'} - $as_echo "$as_val"'` - { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -as_val=`eval 'as_val=${'$as_ac_var'} - $as_echo "$as_val"'` - if test "x$as_val" = x""yes; then - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +done +if test "${ac_cv_search_pthread_create+set}" = set; then : +else + ac_cv_search_pthread_create=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_pthread_create" >&5 +$as_echo "$ac_cv_search_pthread_create" >&6; } +ac_res=$ac_cv_search_pthread_create +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + PTHREADLIB=$LIBS fi -done -for ac_header in sys/sockio.h -do -as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 -$as_echo_n "checking for $ac_header... " >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - $as_echo_n "(cached) " >&6 -fi -ac_res=`eval 'as_val=${'$as_ac_Header'} - $as_echo "$as_val"'` - { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 -$as_echo_n "checking $ac_header usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +LIBS=$saved_LIBS + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dladdr" >&5 +$as_echo_n "checking for dladdr... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> +#define _GNU_SOURCE + #include +int +main () +{ +Dl_info* info = 0; + dladdr(0, info); + ; + return 0; +} _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_DLADDR 1" >>confdefs.h + else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } - ac_header_compiler=no fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 -$as_echo_n "checking $ac_header presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> +saved_LIBS=$LIBS +LIBS=$PTHREADLIB +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_condattr_setclock(CLOCK_MONOTONE)" >&5 +$as_echo_n "checking for pthread_condattr_setclock(CLOCK_MONOTONE)... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5 +$as_echo "unknown" >&6; }; + for ac_func in pthread_condattr_setclock +do : + ac_fn_c_check_func "$LINENO" "pthread_condattr_setclock" "ac_cv_func_pthread_condattr_setclock" +if test "x$ac_cv_func_pthread_condattr_setclock" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PTHREAD_CONDATTR_SETCLOCK 1 _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 + $as_echo "#define HAVE_CONDATTR_CLOCK_MONOTONIC 1" >>confdefs.h + - ac_header_preproc=no fi +done -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + int main() { pthread_condattr_t attr; + pthread_condattr_init(&attr); + return pthread_condattr_setclock(&attr, CLOCK_MONOTONIC);} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_CONDATTR_CLOCK_MONOTONIC 1" >>confdefs.h - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 -$as_echo_n "checking for $ac_header... " >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - $as_echo_n "(cached) " >&6 else - eval "$as_ac_Header=\$ac_header_preproc" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -ac_res=`eval 'as_val=${'$as_ac_Header'} - $as_echo "$as_val"'` - { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi -as_val=`eval 'as_val=${'$as_ac_Header'} - $as_echo "$as_val"'` - if test "x$as_val" = x""yes; then + +for ac_func in pthread_condattr_init +do : + ac_fn_c_check_func "$LINENO" "pthread_condattr_init" "ac_cv_func_pthread_condattr_init" +if test "x$ac_cv_func_pthread_condattr_init" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_PTHREAD_CONDATTR_INIT 1 _ACEOF fi - done +for ac_func in pthread_cond_timedwait_monotonic +do : + ac_fn_c_check_func "$LINENO" "pthread_cond_timedwait_monotonic" "ac_cv_func_pthread_cond_timedwait_monotonic" +if test "x$ac_cv_func_pthread_cond_timedwait_monotonic" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC 1 +_ACEOF +fi +done +for ac_func in pthread_cancel +do : + ac_fn_c_check_func "$LINENO" "pthread_cancel" "ac_cv_func_pthread_cancel" +if test "x$ac_cv_func_pthread_cancel" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PTHREAD_CANCEL 1 +_ACEOF +fi +done -for ac_header in net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h -do -as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 -$as_echo_n "checking for $ac_header... " >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - $as_echo_n "(cached) " >&6 -fi -ac_res=`eval 'as_val=${'$as_ac_Header'} - $as_echo "$as_val"'` - { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 -$as_echo_n "checking $ac_header usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> +for ac_func in pthread_rwlock_init +do : + ac_fn_c_check_func "$LINENO" "pthread_rwlock_init" "ac_cv_func_pthread_rwlock_init" +if test "x$ac_cv_func_pthread_rwlock_init" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PTHREAD_RWLOCK_INIT 1 _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - ac_header_compiler=no fi +done -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } +LIBS=$saved_LIBS -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 -$as_echo_n "checking $ac_header presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> +for ac_func in prctl +do : + ac_fn_c_check_func "$LINENO" "prctl" "ac_cv_func_prctl" +if test "x$ac_cv_func_prctl" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PRCTL 1 _ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - ac_header_preproc=no fi +done -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 -$as_echo_n "checking for $ac_header... " >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - $as_echo_n "(cached) " >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval 'as_val=${'$as_ac_Header'} - $as_echo "$as_val"'` - { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -fi -as_val=`eval 'as_val=${'$as_ac_Header'} - $as_echo "$as_val"'` - if test "x$as_val" = x""yes; then +for ac_header in sys/sockio.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "sys/sockio.h" "ac_cv_header_sys_sockio_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_sockio_h" = x""yes; then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +#define HAVE_SYS_SOCKIO_H 1 _ACEOF fi done - -{ $as_echo "$as_me:$LINENO: checking for struct sockaddr.sa_len" >&5 -$as_echo_n "checking for struct sockaddr.sa_len... " >&6; } -if test "${ac_cv_member_struct_sockaddr_sa_len+set}" = set; then - $as_echo_n "(cached) " >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ +for ac_header in net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +eval as_val=\$$as_ac_Header + if test "x$as_val" = x""yes; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include +fi -int -main () -{ -static struct sockaddr ac_aggr; -if (ac_aggr.sa_len) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_sockaddr_sa_len=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +done - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ +ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" " #include #include - -int -main () -{ -static struct sockaddr ac_aggr; -if (sizeof ac_aggr.sa_len) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_sockaddr_sa_len=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_struct_sockaddr_sa_len=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_sa_len" >&5 -$as_echo "$ac_cv_member_struct_sockaddr_sa_len" >&6; } -if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then +" +if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_SOCKADDR_SA_LEN 1 @@ -15376,18 +13972,7 @@ _ACEOF fi -{ $as_echo "$as_me:$LINENO: checking for struct sadb_x_policy.sadb_x_policy_priority" >&5 -$as_echo_n "checking for struct sadb_x_policy.sadb_x_policy_priority... " >&6; } -if test "${ac_cv_member_struct_sadb_x_policy_sadb_x_policy_priority+set}" = set; then - $as_echo_n "(cached) " >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - +ac_fn_c_check_member "$LINENO" "struct sadb_x_policy" "sadb_x_policy_priority" "ac_cv_member_struct_sadb_x_policy_sadb_x_policy_priority" " #include #ifdef HAVE_NET_PFKEYV2_H #include @@ -15396,116 +13981,78 @@ cat >>conftest.$ac_ext <<_ACEOF #include #endif +" +if test "x$ac_cv_member_struct_sadb_x_policy_sadb_x_policy_priority" = x""yes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY 1 +_ACEOF + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for in6addr_any" >&5 +$as_echo_n "checking for in6addr_any... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include int main () { -static struct sadb_x_policy ac_aggr; -if (ac_aggr.sadb_x_policy_priority) -return 0; +struct in6_addr in6; + in6 = in6addr_any; ; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_sadb_x_policy_sadb_x_policy_priority=yes +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_IN6ADDR_ANY 1" >>confdefs.h + else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for in6_pktinfo" >&5 +$as_echo_n "checking for in6_pktinfo... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _GNU_SOURCE #include - #ifdef HAVE_NET_PFKEYV2_H - #include - #else - #include - #include - #endif - - + #include + #include int main () { -static struct sadb_x_policy ac_aggr; -if (sizeof ac_aggr.sadb_x_policy_priority) -return 0; +struct in6_pktinfo pi; + if (pi.ipi6_ifindex) + { + return 0; + } ; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_sadb_x_policy_sadb_x_policy_priority=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_IN6_PKTINFO 1" >>confdefs.h - ac_cv_member_struct_sadb_x_policy_sadb_x_policy_priority=no -fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sadb_x_policy_sadb_x_policy_priority" >&5 -$as_echo "$ac_cv_member_struct_sadb_x_policy_sadb_x_policy_priority" >&6; } -if test "x$ac_cv_member_struct_sadb_x_policy_sadb_x_policy_priority" = x""yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY 1 -_ACEOF - - -fi - -{ $as_echo "$as_me:$LINENO: checking for IPSEC_MODE_BEET" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPSEC_MODE_BEET" >&5 $as_echo_n "checking for IPSEC_MODE_BEET... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #ifdef HAVE_NETIPSEC_IPSEC_H @@ -15525,47 +14072,20 @@ int mode = IPSEC_MODE_BEET; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 -$as_echo "yes" >&6; }; cat >>confdefs.h <<\_ACEOF -#define HAVE_IPSEC_MODE_BEET 1 -_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_IPSEC_MODE_BEET 1" >>confdefs.h else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: checking for IPSEC_DIR_FWD" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPSEC_DIR_FWD" >&5 $as_echo_n "checking for IPSEC_DIR_FWD... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #ifdef HAVE_NETIPSEC_IPSEC_H @@ -15585,51 +14105,24 @@ int dir = IPSEC_DIR_FWD; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 -$as_echo "yes" >&6; }; cat >>confdefs.h <<\_ACEOF -#define HAVE_IPSEC_DIR_FWD 1 -_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_IPSEC_DIR_FWD 1" >>confdefs.h else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: checking for gcc atomic operations" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcc atomic operations" >&5 $as_echo_n "checking for gcc atomic operations... " >&6; } -if test "$cross_compiling" = yes; then - { $as_echo "$as_me:$LINENO: result: no" >&5 +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main() { @@ -15642,161 +14135,50 @@ cat >>conftest.$ac_ext <<_ACEOF } _ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 -$as_echo "yes" >&6; }; cat >>confdefs.h <<\_ACEOF -#define HAVE_GCC_ATOMIC_OPERATIONS 1 -_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_GCC_ATOMIC_OPERATIONS 1" >>confdefs.h else - $as_echo "$as_me: program exited with status $ac_status" >&5 -$as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -{ $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -rm -rf conftest.dSYM -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext fi +ac_fn_c_check_func "$LINENO" "register_printf_specifier" "ac_cv_func_register_printf_specifier" +if test "x$ac_cv_func_register_printf_specifier" = x""yes; then : + $as_echo "#define HAVE_PRINTF_SPECIFIER 1" >>confdefs.h -{ $as_echo "$as_me:$LINENO: checking for register_printf_function" >&5 -$as_echo_n "checking for register_printf_function... " >&6; } -if test "${ac_cv_func_register_printf_function+set}" = set; then - $as_echo_n "(cached) " >&6 else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define register_printf_function to an innocuous variant, in case declares register_printf_function. - For example, HP-UX 11i declares gettimeofday. */ -#define register_printf_function innocuous_register_printf_function + ac_fn_c_check_func "$LINENO" "register_printf_function" "ac_cv_func_register_printf_function" +if test "x$ac_cv_func_register_printf_function" = x""yes; then : + $as_echo "#define HAVE_PRINTF_FUNCTION 1" >>confdefs.h -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char register_printf_function (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ +else -#ifdef __STDC__ -# include -#else -# include -#endif + { $as_echo "$as_me:${as_lineno-$LINENO}: printf does not support custom format specifiers!" >&5 +$as_echo "$as_me: printf does not support custom format specifiers!" >&6;} + vstr=true -#undef register_printf_function -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char register_printf_function (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_register_printf_function || defined __stub___register_printf_function -choke me -#endif - -int -main () -{ -return register_printf_function (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then - ac_cv_func_register_printf_function=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_register_printf_function=no -fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_func_register_printf_function" >&5 -$as_echo "$ac_cv_func_register_printf_function" >&6; } -if test "x$ac_cv_func_register_printf_function" = x""yes; then - cat >>confdefs.h <<\_ACEOF -#define HAVE_PRINTF_HOOKS 1 -_ACEOF - -else - - { $as_echo "$as_me:$LINENO: printf does not support custom format specifiers!" >&5 -$as_echo "$as_me: printf does not support custom format specifiers!" >&6;} - vstr=true fi if test x$vstr = xtrue; then - { $as_echo "$as_me:$LINENO: checking for main in -lvstr" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lvstr" >&5 $as_echo_n "checking for main in -lvstr... " >&6; } -if test "${ac_cv_lib_vstr_main+set}" = set; then +if test "${ac_cv_lib_vstr_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lvstr $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15808,70 +14190,37 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_vstr_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_vstr_main=no + ac_cv_lib_vstr_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_vstr_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_vstr_main" >&5 $as_echo "$ac_cv_lib_vstr_main" >&6; } -if test "x$ac_cv_lib_vstr_main" = x""yes; then +if test "x$ac_cv_lib_vstr_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: Vstr string library not found" >&5 -$as_echo "$as_me: error: Vstr string library not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "Vstr string library not found" "$LINENO" 5 fi ac_cv_lib_vstr=ac_cv_lib_vstr_main - cat >>confdefs.h <<\_ACEOF -#define USE_VSTR 1 -_ACEOF + $as_echo "#define USE_VSTR 1" >>confdefs.h fi if test x$gmp = xtrue; then - { $as_echo "$as_me:$LINENO: checking for main in -lgmp" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lgmp" >&5 $as_echo_n "checking for main in -lgmp... " >&6; } -if test "${ac_cv_lib_gmp_main+set}" = set; then +if test "${ac_cv_lib_gmp_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgmp $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15883,58 +14232,27 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_gmp_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_gmp_main=no + ac_cv_lib_gmp_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_gmp_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp_main" >&5 $as_echo "$ac_cv_lib_gmp_main" >&6; } -if test "x$ac_cv_lib_gmp_main" = x""yes; then +if test "x$ac_cv_lib_gmp_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: GNU Multi Precision library gmp not found" >&5 -$as_echo "$as_me: error: GNU Multi Precision library gmp not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "GNU Multi Precision library gmp not found" "$LINENO" 5 fi ac_cv_lib_gmp=ac_cv_lib_gmp_main - { $as_echo "$as_me:$LINENO: checking gmp.h version >= 4.1.4" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking gmp.h version >= 4.1.4" >&5 $as_echo_n "checking gmp.h version >= 4.1.4... " >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include "gmp.h" int @@ -15949,53 +14267,26 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { $as_echo "$as_me:$LINENO: result: no" >&5 -$as_echo "no" >&6; }; { { $as_echo "$as_me:$LINENO: error: No usable gmp.h found!" >&5 -$as_echo "$as_me: error: No usable gmp.h found!" >&2;} - { (exit 1); exit 1; }; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; as_fn_error "No usable gmp.h found!" "$LINENO" 5 fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test x$ldap = xtrue; then - { $as_echo "$as_me:$LINENO: checking for main in -lldap" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lldap" >&5 $as_echo_n "checking for main in -lldap... " >&6; } -if test "${ac_cv_lib_ldap_main+set}" = set; then +if test "${ac_cv_lib_ldap_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -16007,63 +14298,32 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldap_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_ldap_main=no + ac_cv_lib_ldap_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ldap_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_main" >&5 $as_echo "$ac_cv_lib_ldap_main" >&6; } -if test "x$ac_cv_lib_ldap_main" = x""yes; then +if test "x$ac_cv_lib_ldap_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: LDAP library ldap not found" >&5 -$as_echo "$as_me: error: LDAP library ldap not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "LDAP library ldap not found" "$LINENO" 5 fi ac_cv_lib_ldap=ac_cv_lib_ldap_main - { $as_echo "$as_me:$LINENO: checking for main in -llber" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -llber" >&5 $as_echo_n "checking for main in -llber... " >&6; } -if test "${ac_cv_lib_lber_main+set}" = set; then +if test "${ac_cv_lib_lber_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-llber $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -16075,202 +14335,43 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_lber_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_lber_main=no + ac_cv_lib_lber_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_lber_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lber_main" >&5 $as_echo "$ac_cv_lib_lber_main" >&6; } -if test "x$ac_cv_lib_lber_main" = x""yes; then +if test "x$ac_cv_lib_lber_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: LDAP library lber not found" >&5 -$as_echo "$as_me: error: LDAP library lber not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "LDAP library lber not found" "$LINENO" 5 fi ac_cv_lib_lber=ac_cv_lib_lber_main - if test "${ac_cv_header_ldap_h+set}" = set; then - { $as_echo "$as_me:$LINENO: checking for ldap.h" >&5 -$as_echo_n "checking for ldap.h... " >&6; } -if test "${ac_cv_header_ldap_h+set}" = set; then - $as_echo_n "(cached) " >&6 -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_ldap_h" >&5 -$as_echo "$ac_cv_header_ldap_h" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking ldap.h usability" >&5 -$as_echo_n "checking ldap.h usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking ldap.h presence" >&5 -$as_echo_n "checking ldap.h presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: ldap.h: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: ldap.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: ldap.h: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: ldap.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: ldap.h: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: ldap.h: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: ldap.h: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: ldap.h: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: ldap.h: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: ldap.h: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: ldap.h: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: ldap.h: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: ldap.h: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: ldap.h: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: ldap.h: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: ldap.h: in the future, the compiler will take precedence" >&2;} - - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for ldap.h" >&5 -$as_echo_n "checking for ldap.h... " >&6; } -if test "${ac_cv_header_ldap_h+set}" = set; then - $as_echo_n "(cached) " >&6 -else - ac_cv_header_ldap_h=$ac_header_preproc -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_ldap_h" >&5 -$as_echo "$ac_cv_header_ldap_h" >&6; } + ac_fn_c_check_header_mongrel "$LINENO" "ldap.h" "ac_cv_header_ldap_h" "$ac_includes_default" +if test "x$ac_cv_header_ldap_h" = x""yes; then : -fi -if test "x$ac_cv_header_ldap_h" = x""yes; then - : else - { { $as_echo "$as_me:$LINENO: error: LDAP header ldap.h not found!" >&5 -$as_echo "$as_me: error: LDAP header ldap.h not found!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "LDAP header ldap.h not found!" "$LINENO" 5 fi fi if test x$curl = xtrue; then - { $as_echo "$as_me:$LINENO: checking for main in -lcurl" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lcurl" >&5 $as_echo_n "checking for main in -lcurl... " >&6; } -if test "${ac_cv_lib_curl_main+set}" = set; then +if test "${ac_cv_lib_curl_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcurl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -16282,184 +14383,29 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_curl_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_curl_main=no + ac_cv_lib_curl_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_curl_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_curl_main" >&5 $as_echo "$ac_cv_lib_curl_main" >&6; } -if test "x$ac_cv_lib_curl_main" = x""yes; then +if test "x$ac_cv_lib_curl_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: CURL library curl not found" >&5 -$as_echo "$as_me: error: CURL library curl not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "CURL library curl not found" "$LINENO" 5 fi ac_cv_lib_curl=ac_cv_lib_curl_main - if test "${ac_cv_header_curl_curl_h+set}" = set; then - { $as_echo "$as_me:$LINENO: checking for curl/curl.h" >&5 -$as_echo_n "checking for curl/curl.h... " >&6; } -if test "${ac_cv_header_curl_curl_h+set}" = set; then - $as_echo_n "(cached) " >&6 -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_curl_curl_h" >&5 -$as_echo "$ac_cv_header_curl_curl_h" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking curl/curl.h usability" >&5 -$as_echo_n "checking curl/curl.h usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking curl/curl.h presence" >&5 -$as_echo_n "checking curl/curl.h presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: curl/curl.h: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: curl/curl.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: curl/curl.h: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: curl/curl.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: curl/curl.h: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: curl/curl.h: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: curl/curl.h: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: curl/curl.h: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: curl/curl.h: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: curl/curl.h: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: curl/curl.h: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: curl/curl.h: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: curl/curl.h: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: curl/curl.h: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: curl/curl.h: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: curl/curl.h: in the future, the compiler will take precedence" >&2;} - - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for curl/curl.h" >&5 -$as_echo_n "checking for curl/curl.h... " >&6; } -if test "${ac_cv_header_curl_curl_h+set}" = set; then - $as_echo_n "(cached) " >&6 -else - ac_cv_header_curl_curl_h=$ac_header_preproc -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_curl_curl_h" >&5 -$as_echo "$ac_cv_header_curl_curl_h" >&6; } + ac_fn_c_check_header_mongrel "$LINENO" "curl/curl.h" "ac_cv_header_curl_curl_h" "$ac_includes_default" +if test "x$ac_cv_header_curl_curl_h" = x""yes; then : -fi -if test "x$ac_cv_header_curl_curl_h" = x""yes; then - : else - { { $as_echo "$as_me:$LINENO: error: CURL header curl/curl.h not found!" >&5 -$as_echo "$as_me: error: CURL header curl/curl.h not found!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "CURL header curl/curl.h not found!" "$LINENO" 5 fi @@ -16468,7 +14414,7 @@ fi if test x$xml = xtrue; then pkg_failed=no -{ $as_echo "$as_me:$LINENO: checking for xml" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for xml" >&5 $as_echo_n "checking for xml... " >&6; } if test -n "$PKG_CONFIG"; then @@ -16476,11 +14422,11 @@ if test -n "$PKG_CONFIG"; then pkg_cv_xml_CFLAGS="$xml_CFLAGS" else if test -n "$PKG_CONFIG" && \ - { ($as_echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"libxml-2.0\"") >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libxml-2.0\""; } >&5 ($PKG_CONFIG --exists --print-errors "libxml-2.0") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then pkg_cv_xml_CFLAGS=`$PKG_CONFIG --cflags "libxml-2.0" 2>/dev/null` else pkg_failed=yes @@ -16494,11 +14440,11 @@ if test -n "$PKG_CONFIG"; then pkg_cv_xml_LIBS="$xml_LIBS" else if test -n "$PKG_CONFIG" && \ - { ($as_echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"libxml-2.0\"") >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libxml-2.0\""; } >&5 ($PKG_CONFIG --exists --print-errors "libxml-2.0") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then pkg_cv_xml_LIBS=`$PKG_CONFIG --libs "libxml-2.0" 2>/dev/null` else pkg_failed=yes @@ -16525,7 +14471,7 @@ fi # Put the nasty error message in config.log where it belongs echo "$xml_PKG_ERRORS" >&5 - { { $as_echo "$as_me:$LINENO: error: Package requirements (libxml-2.0) were not met: + as_fn_error "Package requirements (libxml-2.0) were not met: $xml_PKG_ERRORS @@ -16535,23 +14481,11 @@ installed software in a non-standard prefix. Alternatively, you may set the environment variables xml_CFLAGS and xml_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. -" >&5 -$as_echo "$as_me: error: Package requirements (libxml-2.0) were not met: - -$xml_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -Alternatively, you may set the environment variables xml_CFLAGS -and xml_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" >&2;} - { (exit 1); exit 1; }; } +" "$LINENO" 5 elif test $pkg_failed = untried; then - { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ { $as_echo "$as_me:$LINENO: error: The pkg-config script could not be found or is too old. Make sure it +as_fn_error "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -16560,22 +14494,11 @@ and xml_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." >&5 -$as_echo "$as_me: error: The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -Alternatively, you may set the environment variables xml_CFLAGS -and xml_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. - -To get pkg-config, see . -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; }; } +See \`config.log' for more details." "$LINENO" 5; } else xml_CFLAGS=$pkg_cv_xml_CFLAGS xml_LIBS=$pkg_cv_xml_LIBS - { $as_echo "$as_me:$LINENO: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi @@ -16586,7 +14509,7 @@ fi if test x$dumm = xtrue; then pkg_failed=no -{ $as_echo "$as_me:$LINENO: checking for gtk" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gtk" >&5 $as_echo_n "checking for gtk... " >&6; } if test -n "$PKG_CONFIG"; then @@ -16594,11 +14517,11 @@ if test -n "$PKG_CONFIG"; then pkg_cv_gtk_CFLAGS="$gtk_CFLAGS" else if test -n "$PKG_CONFIG" && \ - { ($as_echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\"") >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5 ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then pkg_cv_gtk_CFLAGS=`$PKG_CONFIG --cflags "gtk+-2.0 vte" 2>/dev/null` else pkg_failed=yes @@ -16612,11 +14535,11 @@ if test -n "$PKG_CONFIG"; then pkg_cv_gtk_LIBS="$gtk_LIBS" else if test -n "$PKG_CONFIG" && \ - { ($as_echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\"") >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5 ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then pkg_cv_gtk_LIBS=`$PKG_CONFIG --libs "gtk+-2.0 vte" 2>/dev/null` else pkg_failed=yes @@ -16643,18 +14566,7 @@ fi # Put the nasty error message in config.log where it belongs echo "$gtk_PKG_ERRORS" >&5 - { { $as_echo "$as_me:$LINENO: error: Package requirements (gtk+-2.0 vte) were not met: - -$gtk_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -Alternatively, you may set the environment variables gtk_CFLAGS -and gtk_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" >&5 -$as_echo "$as_me: error: Package requirements (gtk+-2.0 vte) were not met: + as_fn_error "Package requirements (gtk+-2.0 vte) were not met: $gtk_PKG_ERRORS @@ -16664,22 +14576,11 @@ installed software in a non-standard prefix. Alternatively, you may set the environment variables gtk_CFLAGS and gtk_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. -" >&2;} - { (exit 1); exit 1; }; } +" "$LINENO" 5 elif test $pkg_failed = untried; then - { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ { $as_echo "$as_me:$LINENO: error: The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -Alternatively, you may set the environment variables gtk_CFLAGS -and gtk_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. - -To get pkg-config, see . -See \`config.log' for more details." >&5 -$as_echo "$as_me: error: The pkg-config script could not be found or is too old. Make sure it +as_fn_error "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -16688,12 +14589,11 @@ and gtk_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; }; } +See \`config.log' for more details." "$LINENO" 5; } else gtk_CFLAGS=$pkg_cv_gtk_CFLAGS gtk_LIBS=$pkg_cv_gtk_LIBS - { $as_echo "$as_me:$LINENO: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi @@ -16703,9 +14603,9 @@ fi do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_prog_RUBY+set}" = set; then +if test "${ac_cv_prog_RUBY+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$RUBY"; then @@ -16716,24 +14616,24 @@ for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do + for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_RUBY="$ac_prog" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done -done + done IFS=$as_save_IFS fi fi RUBY=$ac_cv_prog_RUBY if test -n "$RUBY"; then - { $as_echo "$as_me:$LINENO: result: $RUBY" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5 $as_echo "$RUBY" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -16741,7 +14641,7 @@ fi test -n "$RUBY" && break done - { $as_echo "$as_me:$LINENO: checking for Ruby header files" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Ruby header files" >&5 $as_echo_n "checking for Ruby header files... " >&6; } if test -n "$RUBY"; then RUBYDIR=`($RUBY -rmkmf -e 'print Config::CONFIG["archdir"] || $archdir') 2>/dev/null` @@ -16750,43 +14650,33 @@ $as_echo_n "checking for Ruby header files... " >&6; } RUBYINCLUDE=none for i in $dirs; do if test -r $i/ruby.h; then - { $as_echo "$as_me:$LINENO: result: $i" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $i" >&5 $as_echo "$i" >&6; } RUBYINCLUDE="-I$i" break; fi done if test x"$RUBYINCLUDE" = xnone; then - { { $as_echo "$as_me:$LINENO: error: ruby.h not found" >&5 -$as_echo "$as_me: error: ruby.h not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "ruby.h not found" "$LINENO" 5 fi else - { { $as_echo "$as_me:$LINENO: error: unable to determine ruby configuration" >&5 -$as_echo "$as_me: error: unable to determine ruby configuration" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "unable to determine ruby configuration" "$LINENO" 5 fi else - { { $as_echo "$as_me:$LINENO: error: don't know how to run ruby" >&5 -$as_echo "$as_me: error: don't know how to run ruby" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "don't know how to run ruby" "$LINENO" 5 fi fi if test x$fast = xtrue; then - { $as_echo "$as_me:$LINENO: checking for main in -lneo_cgi" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lneo_cgi" >&5 $as_echo_n "checking for main in -lneo_cgi... " >&6; } -if test "${ac_cv_lib_neo_cgi_main+set}" = set; then +if test "${ac_cv_lib_neo_cgi_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lneo_cgi $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -16798,63 +14688,32 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_neo_cgi_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_neo_cgi_main=no + ac_cv_lib_neo_cgi_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_neo_cgi_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_neo_cgi_main" >&5 $as_echo "$ac_cv_lib_neo_cgi_main" >&6; } -if test "x$ac_cv_lib_neo_cgi_main" = x""yes; then +if test "x$ac_cv_lib_neo_cgi_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: ClearSilver library neo_cgi not found!" >&5 -$as_echo "$as_me: error: ClearSilver library neo_cgi not found!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "ClearSilver library neo_cgi not found!" "$LINENO" 5 fi ac_cv_lib_neo_cgi=ac_cv_lib_neo_cgi_main - { $as_echo "$as_me:$LINENO: checking for main in -lneo_utl" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lneo_utl" >&5 $as_echo_n "checking for main in -lneo_utl... " >&6; } -if test "${ac_cv_lib_neo_utl_main+set}" = set; then +if test "${ac_cv_lib_neo_utl_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lneo_utl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -16866,63 +14725,32 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_neo_utl_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_neo_utl_main=no + ac_cv_lib_neo_utl_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_neo_utl_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_neo_utl_main" >&5 $as_echo "$ac_cv_lib_neo_utl_main" >&6; } -if test "x$ac_cv_lib_neo_utl_main" = x""yes; then +if test "x$ac_cv_lib_neo_utl_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: ClearSilver library neo_utl not found!" >&5 -$as_echo "$as_me: error: ClearSilver library neo_utl not found!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "ClearSilver library neo_utl not found!" "$LINENO" 5 fi ac_cv_lib_neo_utl=ac_cv_lib_neo_utl_main - { $as_echo "$as_me:$LINENO: checking for main in -lz" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lz" >&5 $as_echo_n "checking for main in -lz... " >&6; } -if test "${ac_cv_lib_z_main+set}" = set; then +if test "${ac_cv_lib_z_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -16934,64 +14762,33 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_z_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_z_main=no + ac_cv_lib_z_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_z_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_main" >&5 $as_echo "$ac_cv_lib_z_main" >&6; } -if test "x$ac_cv_lib_z_main" = x""yes; then +if test "x$ac_cv_lib_z_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: ClearSilver dependency zlib not found!" >&5 -$as_echo "$as_me: error: ClearSilver dependency zlib not found!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "ClearSilver dependency zlib not found!" "$LINENO" 5 fi ac_cv_lib_z=ac_cv_lib_z_main - { $as_echo "$as_me:$LINENO: checking for main in -lfcgi" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lfcgi" >&5 $as_echo_n "checking for main in -lfcgi... " >&6; } -if test "${ac_cv_lib_fcgi_main+set}" = set; then +if test "${ac_cv_lib_fcgi_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lfcgi $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17003,409 +14800,94 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_fcgi_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_fcgi_main=no + ac_cv_lib_fcgi_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_fcgi_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_fcgi_main" >&5 $as_echo "$ac_cv_lib_fcgi_main" >&6; } -if test "x$ac_cv_lib_fcgi_main" = x""yes; then +if test "x$ac_cv_lib_fcgi_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: FastCGI library fcgi not found!" >&5 -$as_echo "$as_me: error: FastCGI library fcgi not found!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "FastCGI library fcgi not found!" "$LINENO" 5 fi ac_cv_lib_fcgi=ac_cv_lib_fcgi_main - if test "${ac_cv_header_fcgiapp_h+set}" = set; then - { $as_echo "$as_me:$LINENO: checking for fcgiapp.h" >&5 -$as_echo_n "checking for fcgiapp.h... " >&6; } -if test "${ac_cv_header_fcgiapp_h+set}" = set; then - $as_echo_n "(cached) " >&6 -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_fcgiapp_h" >&5 -$as_echo "$ac_cv_header_fcgiapp_h" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking fcgiapp.h usability" >&5 -$as_echo_n "checking fcgiapp.h usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking fcgiapp.h presence" >&5 -$as_echo_n "checking fcgiapp.h presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } + ac_fn_c_check_header_mongrel "$LINENO" "fcgiapp.h" "ac_cv_header_fcgiapp_h" "$ac_includes_default" +if test "x$ac_cv_header_fcgiapp_h" = x""yes; then : -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: fcgiapp.h: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: fcgiapp.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: fcgiapp.h: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: fcgiapp.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: fcgiapp.h: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: fcgiapp.h: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: fcgiapp.h: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: fcgiapp.h: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: fcgiapp.h: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: fcgiapp.h: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: fcgiapp.h: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: fcgiapp.h: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: fcgiapp.h: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: fcgiapp.h: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: fcgiapp.h: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: fcgiapp.h: in the future, the compiler will take precedence" >&2;} - - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for fcgiapp.h" >&5 -$as_echo_n "checking for fcgiapp.h... " >&6; } -if test "${ac_cv_header_fcgiapp_h+set}" = set; then - $as_echo_n "(cached) " >&6 -else - ac_cv_header_fcgiapp_h=$ac_header_preproc -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_fcgiapp_h" >&5 -$as_echo "$ac_cv_header_fcgiapp_h" >&6; } - -fi -if test "x$ac_cv_header_fcgiapp_h" = x""yes; then - : else - { { $as_echo "$as_me:$LINENO: error: FastCGI header file fcgiapp.h not found!" >&5 -$as_echo "$as_me: error: FastCGI header file fcgiapp.h not found!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "FastCGI header file fcgiapp.h not found!" "$LINENO" 5 fi fi if test x$mysql = xtrue; then - { $as_echo "$as_me:$LINENO: checking for main in -lmysqlclient_r" >&5 -$as_echo_n "checking for main in -lmysqlclient_r... " >&6; } -if test "${ac_cv_lib_mysqlclient_r_main+set}" = set; then + # Extract the first word of "mysql_config", so it can be a program name with args. +set dummy mysql_config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_path_MYSQLCONFIG+set}" = set; then : $as_echo_n "(cached) " >&6 else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lmysqlclient_r $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - -int -main () -{ -return main (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then - ac_cv_lib_mysqlclient_r_main=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_mysqlclient_r_main=no -fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_mysqlclient_r_main" >&5 -$as_echo "$ac_cv_lib_mysqlclient_r_main" >&6; } -if test "x$ac_cv_lib_mysqlclient_r_main" = x""yes; then - LIBS="$LIBS" -else - { { $as_echo "$as_me:$LINENO: error: MySQL library mysqlclient_r not found" >&5 -$as_echo "$as_me: error: MySQL library mysqlclient_r not found" >&2;} - { (exit 1); exit 1; }; } -fi -ac_cv_lib_mysqlclient_r=ac_cv_lib_mysqlclient_r_main + case $MYSQLCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_MYSQLCONFIG="$MYSQLCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/bin:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_MYSQLCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS - if test "${ac_cv_header_mysql_mysql_h+set}" = set; then - { $as_echo "$as_me:$LINENO: checking for mysql/mysql.h" >&5 -$as_echo_n "checking for mysql/mysql.h... " >&6; } -if test "${ac_cv_header_mysql_mysql_h+set}" = set; then - $as_echo_n "(cached) " >&6 -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_mysql_mysql_h" >&5 -$as_echo "$ac_cv_header_mysql_mysql_h" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking mysql/mysql.h usability" >&5 -$as_echo_n "checking mysql/mysql.h usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; + ;; esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking mysql/mysql.h presence" >&5 -$as_echo_n "checking mysql/mysql.h presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes +MYSQLCONFIG=$ac_cv_path_MYSQLCONFIG +if test -n "$MYSQLCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MYSQLCONFIG" >&5 +$as_echo "$MYSQLCONFIG" >&6; } else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } fi -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: mysql/mysql.h: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: mysql/mysql.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: mysql/mysql.h: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: mysql/mysql.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: mysql/mysql.h: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: mysql/mysql.h: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: mysql/mysql.h: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: mysql/mysql.h: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: mysql/mysql.h: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: mysql/mysql.h: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: mysql/mysql.h: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: mysql/mysql.h: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: mysql/mysql.h: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: mysql/mysql.h: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: mysql/mysql.h: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: mysql/mysql.h: in the future, the compiler will take precedence" >&2;} - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for mysql/mysql.h" >&5 -$as_echo_n "checking for mysql/mysql.h... " >&6; } -if test "${ac_cv_header_mysql_mysql_h+set}" = set; then - $as_echo_n "(cached) " >&6 -else - ac_cv_header_mysql_mysql_h=$ac_header_preproc -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_mysql_mysql_h" >&5 -$as_echo "$ac_cv_header_mysql_mysql_h" >&6; } - -fi -if test "x$ac_cv_header_mysql_mysql_h" = x""yes; then - : -else - { { $as_echo "$as_me:$LINENO: error: MySQL header mysql/mysql.h not found!" >&5 -$as_echo "$as_me: error: MySQL header mysql/mysql.h not found!" >&2;} - { (exit 1); exit 1; }; } -fi + if test x$MYSQLCONFIG = x; then + as_fn_error "mysql_config not found!" "$LINENO" 5 + fi + MYSQLLIB=`$MYSQLCONFIG --libs_r` + MYSQLCFLAG=`$MYSQLCONFIG --cflags` fi if test x$sqlite = xtrue; then - { $as_echo "$as_me:$LINENO: checking for main in -lsqlite3" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lsqlite3" >&5 $as_echo_n "checking for main in -lsqlite3... " >&6; } -if test "${ac_cv_lib_sqlite3_main+set}" = set; then +if test "${ac_cv_lib_sqlite3_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsqlite3 $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17417,194 +14899,35 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_sqlite3_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_sqlite3_main=no + ac_cv_lib_sqlite3_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_sqlite3_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sqlite3_main" >&5 $as_echo "$ac_cv_lib_sqlite3_main" >&6; } -if test "x$ac_cv_lib_sqlite3_main" = x""yes; then +if test "x$ac_cv_lib_sqlite3_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: SQLite library sqlite3 not found" >&5 -$as_echo "$as_me: error: SQLite library sqlite3 not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "SQLite library sqlite3 not found" "$LINENO" 5 fi ac_cv_lib_sqlite3=ac_cv_lib_sqlite3_main - if test "${ac_cv_header_sqlite3_h+set}" = set; then - { $as_echo "$as_me:$LINENO: checking for sqlite3.h" >&5 -$as_echo_n "checking for sqlite3.h... " >&6; } -if test "${ac_cv_header_sqlite3_h+set}" = set; then - $as_echo_n "(cached) " >&6 -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_sqlite3_h" >&5 -$as_echo "$ac_cv_header_sqlite3_h" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking sqlite3.h usability" >&5 -$as_echo_n "checking sqlite3.h usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } + ac_fn_c_check_header_mongrel "$LINENO" "sqlite3.h" "ac_cv_header_sqlite3_h" "$ac_includes_default" +if test "x$ac_cv_header_sqlite3_h" = x""yes; then : -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking sqlite3.h presence" >&5 -$as_echo_n "checking sqlite3.h presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no + as_fn_error "SQLite header sqlite3.h not found!" "$LINENO" 5 fi -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: sqlite3.h: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: sqlite3.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sqlite3.h: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: sqlite3.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: sqlite3.h: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: sqlite3.h: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sqlite3.h: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: sqlite3.h: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sqlite3.h: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: sqlite3.h: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sqlite3.h: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: sqlite3.h: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sqlite3.h: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: sqlite3.h: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sqlite3.h: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: sqlite3.h: in the future, the compiler will take precedence" >&2;} - - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for sqlite3.h" >&5 -$as_echo_n "checking for sqlite3.h... " >&6; } -if test "${ac_cv_header_sqlite3_h+set}" = set; then - $as_echo_n "(cached) " >&6 -else - ac_cv_header_sqlite3_h=$ac_header_preproc -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_sqlite3_h" >&5 -$as_echo "$ac_cv_header_sqlite3_h" >&6; } - -fi -if test "x$ac_cv_header_sqlite3_h" = x""yes; then - : -else - { { $as_echo "$as_me:$LINENO: error: SQLite header sqlite3.h not found!" >&5 -$as_echo "$as_me: error: SQLite header sqlite3.h not found!" >&2;} - { (exit 1); exit 1; }; } -fi - - - { $as_echo "$as_me:$LINENO: checking sqlite3_prepare_v2" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking sqlite3_prepare_v2" >&5 $as_echo_n "checking sqlite3_prepare_v2... " >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -17617,45 +14940,20 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; }; cat >>confdefs.h <<_ACEOF #define HAVE_SQLITE3_PREPARE_V2 1 _ACEOF else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - { $as_echo "$as_me:$LINENO: checking sqlite3.h version >= 3.3.1" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking sqlite3.h version >= 3.3.1" >&5 $as_echo_n "checking sqlite3.h version >= 3.3.1... " >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -17670,52 +14968,25 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { $as_echo "$as_me:$LINENO: result: no" >&5 -$as_echo "no" >&6; }; { { $as_echo "$as_me:$LINENO: error: SQLite version >= 3.3.1 required!" >&5 -$as_echo "$as_me: error: SQLite version >= 3.3.1 required!" >&2;} - { (exit 1); exit 1; }; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; as_fn_error "SQLite version >= 3.3.1 required!" "$LINENO" 5 fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test x$openssl = xtrue; then - { $as_echo "$as_me:$LINENO: checking for main in -lcrypto" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lcrypto" >&5 $as_echo_n "checking for main in -lcrypto... " >&6; } -if test "${ac_cv_lib_crypto_main+set}" = set; then +if test "${ac_cv_lib_crypto_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypto $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17727,334 +14998,83 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_crypto_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_crypto_main=no + ac_cv_lib_crypto_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_main" >&5 $as_echo "$ac_cv_lib_crypto_main" >&6; } -if test "x$ac_cv_lib_crypto_main" = x""yes; then +if test "x$ac_cv_lib_crypto_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: OpenSSL crypto library not found" >&5 -$as_echo "$as_me: error: OpenSSL crypto library not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "OpenSSL crypto library not found" "$LINENO" 5 fi ac_cv_lib_crypto=ac_cv_lib_crypto_main - if test "${ac_cv_header_openssl_evp_h+set}" = set; then - { $as_echo "$as_me:$LINENO: checking for openssl/evp.h" >&5 -$as_echo_n "checking for openssl/evp.h... " >&6; } -if test "${ac_cv_header_openssl_evp_h+set}" = set; then - $as_echo_n "(cached) " >&6 -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_openssl_evp_h" >&5 -$as_echo "$ac_cv_header_openssl_evp_h" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking openssl/evp.h usability" >&5 -$as_echo_n "checking openssl/evp.h usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } + ac_fn_c_check_header_mongrel "$LINENO" "openssl/evp.h" "ac_cv_header_openssl_evp_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_evp_h" = x""yes; then : -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking openssl/evp.h presence" >&5 -$as_echo_n "checking openssl/evp.h presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no + as_fn_error "OpenSSL header openssl/evp.h not found!" "$LINENO" 5 fi -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: openssl/evp.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: openssl/evp.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: openssl/evp.h: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: openssl/evp.h: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: openssl/evp.h: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: openssl/evp.h: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: openssl/evp.h: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: openssl/evp.h: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: openssl/evp.h: in the future, the compiler will take precedence" >&2;} +fi - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for openssl/evp.h" >&5 -$as_echo_n "checking for openssl/evp.h... " >&6; } -if test "${ac_cv_header_openssl_evp_h+set}" = set; then +if test x$gcrypt = xtrue; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lgcrypt" >&5 +$as_echo_n "checking for main in -lgcrypt... " >&6; } +if test "${ac_cv_lib_gcrypt_main+set}" = set; then : $as_echo_n "(cached) " >&6 else - ac_cv_header_openssl_evp_h=$ac_header_preproc -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_openssl_evp_h" >&5 -$as_echo "$ac_cv_header_openssl_evp_h" >&6; } + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgcrypt $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ -fi -if test "x$ac_cv_header_openssl_evp_h" = x""yes; then - : + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_gcrypt_main=yes else - { { $as_echo "$as_me:$LINENO: error: OpenSSL header openssl/evp.h not found!" >&5 -$as_echo "$as_me: error: OpenSSL header openssl/evp.h not found!" >&2;} - { (exit 1); exit 1; }; } + ac_cv_lib_gcrypt_main=no fi - - +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS fi - -if test x$gcrypt = xtrue; then - -# Check whether --with-libgcrypt-prefix was given. -if test "${with_libgcrypt_prefix+set}" = set; then - withval=$with_libgcrypt_prefix; libgcrypt_config_prefix="$withval" +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gcrypt_main" >&5 +$as_echo "$ac_cv_lib_gcrypt_main" >&6; } +if test "x$ac_cv_lib_gcrypt_main" = x""yes; then : + LIBS="$LIBS" else - libgcrypt_config_prefix="" + as_fn_error "gcrypt library not found" "$LINENO" 5 fi +ac_cv_lib_gcrypt=ac_cv_lib_gcrypt_main - if test x$libgcrypt_config_prefix != x ; then - if test x${LIBGCRYPT_CONFIG+set} != xset ; then - LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config - fi - fi - - # Extract the first word of "libgcrypt-config", so it can be a program name with args. -set dummy libgcrypt-config; ac_word=$2 -{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if test "${ac_cv_path_LIBGCRYPT_CONFIG+set}" = set; then - $as_echo_n "(cached) " >&6 -else - case $LIBGCRYPT_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_LIBGCRYPT_CONFIG="$LIBGCRYPT_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_LIBGCRYPT_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS + ac_fn_c_check_header_mongrel "$LINENO" "gcrypt.h" "ac_cv_header_gcrypt_h" "$ac_includes_default" +if test "x$ac_cv_header_gcrypt_h" = x""yes; then : - test -z "$ac_cv_path_LIBGCRYPT_CONFIG" && ac_cv_path_LIBGCRYPT_CONFIG="no" - ;; -esac -fi -LIBGCRYPT_CONFIG=$ac_cv_path_LIBGCRYPT_CONFIG -if test -n "$LIBGCRYPT_CONFIG"; then - { $as_echo "$as_me:$LINENO: result: $LIBGCRYPT_CONFIG" >&5 -$as_echo "$LIBGCRYPT_CONFIG" >&6; } else - { $as_echo "$as_me:$LINENO: result: no" >&5 -$as_echo "no" >&6; } + as_fn_error "gcrypt header gcrypt.h not found!" "$LINENO" 5 fi - tmp=1:1.2.0 - if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then - req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` - min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` - else - req_libgcrypt_api=0 - min_libgcrypt_version="$tmp" - fi - - { $as_echo "$as_me:$LINENO: checking for LIBGCRYPT - version >= $min_libgcrypt_version" >&5 -$as_echo_n "checking for LIBGCRYPT - version >= $min_libgcrypt_version... " >&6; } - ok=no - if test "$LIBGCRYPT_CONFIG" != "no" ; then - req_major=`echo $min_libgcrypt_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'` - req_minor=`echo $min_libgcrypt_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'` - req_micro=`echo $min_libgcrypt_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'` - libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` - major=`echo $libgcrypt_config_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'` - minor=`echo $libgcrypt_config_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'` - micro=`echo $libgcrypt_config_version | \ - sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'` - if test "$major" -gt "$req_major"; then - ok=yes - else - if test "$major" -eq "$req_major"; then - if test "$minor" -gt "$req_minor"; then - ok=yes - else - if test "$minor" -eq "$req_minor"; then - if test "$micro" -ge "$req_micro"; then - ok=yes - fi - fi - fi - fi - fi - fi - if test $ok = yes; then - { $as_echo "$as_me:$LINENO: result: yes ($libgcrypt_config_version)" >&5 -$as_echo "yes ($libgcrypt_config_version)" >&6; } - else - { $as_echo "$as_me:$LINENO: result: no" >&5 -$as_echo "no" >&6; } - fi - if test $ok = yes; then - # If we have a recent libgcrypt, we should also check that the - # API is compatible - if test "$req_libgcrypt_api" -gt 0 ; then - tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` - if test "$tmp" -gt 0 ; then - { $as_echo "$as_me:$LINENO: checking LIBGCRYPT API version" >&5 -$as_echo_n "checking LIBGCRYPT API version... " >&6; } - if test "$req_libgcrypt_api" -eq "$tmp" ; then - { $as_echo "$as_me:$LINENO: result: okay" >&5 -$as_echo "okay" >&6; } - else - ok=no - { $as_echo "$as_me:$LINENO: result: does not match. want=$req_libgcrypt_api got=$tmp" >&5 -$as_echo "does not match. want=$req_libgcrypt_api got=$tmp" >&6; } - fi - fi - fi - fi - if test $ok = yes; then - LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` - LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` - : - else - LIBGCRYPT_CFLAGS="" - LIBGCRYPT_LIBS="" - { { $as_echo "$as_me:$LINENO: error: libgcrypt not found!" >&5 -$as_echo "$as_me: error: libgcrypt not found!" >&2;} - { (exit 1); exit 1; }; } - fi - - - - { $as_echo "$as_me:$LINENO: checking gcrypt CAMELLIA cipher" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking gcrypt CAMELLIA cipher" >&5 $as_echo_n "checking gcrypt CAMELLIA cipher... " >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int @@ -18065,54 +15085,27 @@ enum gcry_cipher_algos alg = GCRY_CIPHER_CAMELLIA128; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 -$as_echo "yes" >&6; }; cat >>confdefs.h <<\_ACEOF -#define HAVE_GCRY_CIPHER_CAMELLIA 1 -_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_GCRY_CIPHER_CAMELLIA 1" >>confdefs.h else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test x$uci = xtrue; then - { $as_echo "$as_me:$LINENO: checking for main in -luci" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -luci" >&5 $as_echo_n "checking for main in -luci... " >&6; } -if test "${ac_cv_lib_uci_main+set}" = set; then +if test "${ac_cv_lib_uci_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-luci $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18124,193 +15117,135 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_uci_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_uci_main=no + ac_cv_lib_uci_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_uci_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_uci_main" >&5 $as_echo "$ac_cv_lib_uci_main" >&6; } -if test "x$ac_cv_lib_uci_main" = x""yes; then +if test "x$ac_cv_lib_uci_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: UCI library libuci not found" >&5 -$as_echo "$as_me: error: UCI library libuci not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "UCI library libuci not found" "$LINENO" 5 fi ac_cv_lib_uci=ac_cv_lib_uci_main - if test "${ac_cv_header_uci_h+set}" = set; then - { $as_echo "$as_me:$LINENO: checking for uci.h" >&5 -$as_echo_n "checking for uci.h... " >&6; } -if test "${ac_cv_header_uci_h+set}" = set; then - $as_echo_n "(cached) " >&6 -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_uci_h" >&5 -$as_echo "$ac_cv_header_uci_h" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking uci.h usability" >&5 -$as_echo_n "checking uci.h usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes + ac_fn_c_check_header_mongrel "$LINENO" "uci.h" "ac_cv_header_uci_h" "$ac_includes_default" +if test "x$ac_cv_header_uci_h" = x""yes; then : + else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 + as_fn_error "UCI header uci.h not found!" "$LINENO" 5 +fi + - ac_header_compiler=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } +if test x$nm = xtrue; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-glib\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libnm-glib") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking uci.h presence" >&5 -$as_echo_n "checking uci.h presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nm" >&5 +$as_echo_n "checking for nm... " >&6; } + +if test -n "$PKG_CONFIG"; then + if test -n "$nm_CFLAGS"; then + pkg_cv_nm_CFLAGS="$nm_CFLAGS" + else + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn\""; } >&5 + ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn") 2>&5 ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_nm_CFLAGS=`$PKG_CONFIG --cflags "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>/dev/null` else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no + pkg_failed=yes +fi + fi +else + pkg_failed=untried +fi +if test -n "$PKG_CONFIG"; then + if test -n "$nm_LIBS"; then + pkg_cv_nm_LIBS="$nm_LIBS" + else + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn\""; } >&5 + ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_nm_LIBS=`$PKG_CONFIG --libs "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>/dev/null` +else + pkg_failed=yes +fi + fi +else + pkg_failed=untried fi -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: uci.h: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: uci.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: uci.h: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: uci.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: uci.h: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: uci.h: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: uci.h: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: uci.h: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: uci.h: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: uci.h: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: uci.h: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: uci.h: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: uci.h: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: uci.h: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: uci.h: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: uci.h: in the future, the compiler will take precedence" >&2;} - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for uci.h" >&5 -$as_echo_n "checking for uci.h... " >&6; } -if test "${ac_cv_header_uci_h+set}" = set; then - $as_echo_n "(cached) " >&6 +if test $pkg_failed = yes; then + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes else - ac_cv_header_uci_h=$ac_header_preproc + _pkg_short_errors_supported=no fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_uci_h" >&5 -$as_echo "$ac_cv_header_uci_h" >&6; } + if test $_pkg_short_errors_supported = yes; then + nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn"` + else + nm_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn"` + fi + # Put the nasty error message in config.log where it belongs + echo "$nm_PKG_ERRORS" >&5 -fi -if test "x$ac_cv_header_uci_h" = x""yes; then - : -else - { { $as_echo "$as_me:$LINENO: error: UCI header uci.h not found!" >&5 -$as_echo "$as_me: error: UCI header uci.h not found!" >&2;} - { (exit 1); exit 1; }; } -fi + as_fn_error "Package requirements (NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn) were not met: +$nm_PKG_ERRORS -fi +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. -if test x$nm = xtrue; then +Alternatively, you may set the environment variables nm_CFLAGS +and nm_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. +" "$LINENO" 5 +elif test $pkg_failed = untried; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables nm_CFLAGS +and nm_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details." "$LINENO" 5; } +else + nm_CFLAGS=$pkg_cv_nm_CFLAGS + nm_LIBS=$pkg_cv_nm_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + : +fi +else pkg_failed=no -{ $as_echo "$as_me:$LINENO: checking for nm" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nm" >&5 $as_echo_n "checking for nm... " >&6; } if test -n "$PKG_CONFIG"; then @@ -18318,12 +15253,12 @@ if test -n "$PKG_CONFIG"; then pkg_cv_nm_CFLAGS="$nm_CFLAGS" else if test -n "$PKG_CONFIG" && \ - { ($as_echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"NetworkManager libnm_glib_vpn gthread-2.0\"") >&5 - ($PKG_CONFIG --exists --print-errors "NetworkManager libnm_glib_vpn gthread-2.0") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn\""; } >&5 + ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - pkg_cv_nm_CFLAGS=`$PKG_CONFIG --cflags "NetworkManager libnm_glib_vpn gthread-2.0" 2>/dev/null` + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_nm_CFLAGS=`$PKG_CONFIG --cflags "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn" 2>/dev/null` else pkg_failed=yes fi @@ -18336,12 +15271,12 @@ if test -n "$PKG_CONFIG"; then pkg_cv_nm_LIBS="$nm_LIBS" else if test -n "$PKG_CONFIG" && \ - { ($as_echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"NetworkManager libnm_glib_vpn gthread-2.0\"") >&5 - ($PKG_CONFIG --exists --print-errors "NetworkManager libnm_glib_vpn gthread-2.0") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn\""; } >&5 + ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn") 2>&5 ac_status=$? - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - pkg_cv_nm_LIBS=`$PKG_CONFIG --libs "NetworkManager libnm_glib_vpn gthread-2.0" 2>/dev/null` + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_nm_LIBS=`$PKG_CONFIG --libs "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn" 2>/dev/null` else pkg_failed=yes fi @@ -18360,25 +15295,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "NetworkManager libnm_glib_vpn gthread-2.0"` + nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn"` else - nm_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "NetworkManager libnm_glib_vpn gthread-2.0"` + nm_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn"` fi # Put the nasty error message in config.log where it belongs echo "$nm_PKG_ERRORS" >&5 - { { $as_echo "$as_me:$LINENO: error: Package requirements (NetworkManager libnm_glib_vpn gthread-2.0) were not met: - -$nm_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -Alternatively, you may set the environment variables nm_CFLAGS -and nm_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" >&5 -$as_echo "$as_me: error: Package requirements (NetworkManager libnm_glib_vpn gthread-2.0) were not met: + as_fn_error "Package requirements (NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn) were not met: $nm_PKG_ERRORS @@ -18388,22 +15312,11 @@ installed software in a non-standard prefix. Alternatively, you may set the environment variables nm_CFLAGS and nm_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. -" >&2;} - { (exit 1); exit 1; }; } +" "$LINENO" 5 elif test $pkg_failed = untried; then - { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ { $as_echo "$as_me:$LINENO: error: The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -Alternatively, you may set the environment variables nm_CFLAGS -and nm_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. - -To get pkg-config, see . -See \`config.log' for more details." >&5 -$as_echo "$as_me: error: The pkg-config script could not be found or is too old. Make sure it +as_fn_error "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -18412,32 +15325,29 @@ and nm_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; }; } +See \`config.log' for more details." "$LINENO" 5; } else nm_CFLAGS=$pkg_cv_nm_CFLAGS nm_LIBS=$pkg_cv_nm_LIBS - { $as_echo "$as_me:$LINENO: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi +fi + fi if test x$eap_gtc = xtrue; then - { $as_echo "$as_me:$LINENO: checking for main in -lpam" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpam" >&5 $as_echo_n "checking for main in -lpam... " >&6; } -if test "${ac_cv_lib_pam_main+set}" = set; then +if test "${ac_cv_lib_pam_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpam $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18449,202 +15359,43 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_pam_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_pam_main=no + ac_cv_lib_pam_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_pam_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_main" >&5 $as_echo "$ac_cv_lib_pam_main" >&6; } -if test "x$ac_cv_lib_pam_main" = x""yes; then +if test "x$ac_cv_lib_pam_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: PAM library not found" >&5 -$as_echo "$as_me: error: PAM library not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "PAM library not found" "$LINENO" 5 fi ac_cv_lib_pam=ac_cv_lib_pam_main - if test "${ac_cv_header_security_pam_appl_h+set}" = set; then - { $as_echo "$as_me:$LINENO: checking for security/pam_appl.h" >&5 -$as_echo_n "checking for security/pam_appl.h... " >&6; } -if test "${ac_cv_header_security_pam_appl_h+set}" = set; then - $as_echo_n "(cached) " >&6 -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_security_pam_appl_h" >&5 -$as_echo "$ac_cv_header_security_pam_appl_h" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking security/pam_appl.h usability" >&5 -$as_echo_n "checking security/pam_appl.h usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking security/pam_appl.h presence" >&5 -$as_echo_n "checking security/pam_appl.h presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: security/pam_appl.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: security/pam_appl.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: security/pam_appl.h: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: security/pam_appl.h: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: security/pam_appl.h: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: security/pam_appl.h: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: security/pam_appl.h: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: security/pam_appl.h: in the future, the compiler will take precedence" >&2;} - - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for security/pam_appl.h" >&5 -$as_echo_n "checking for security/pam_appl.h... " >&6; } -if test "${ac_cv_header_security_pam_appl_h+set}" = set; then - $as_echo_n "(cached) " >&6 -else - ac_cv_header_security_pam_appl_h=$ac_header_preproc -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_security_pam_appl_h" >&5 -$as_echo "$ac_cv_header_security_pam_appl_h" >&6; } + ac_fn_c_check_header_mongrel "$LINENO" "security/pam_appl.h" "ac_cv_header_security_pam_appl_h" "$ac_includes_default" +if test "x$ac_cv_header_security_pam_appl_h" = x""yes; then : -fi -if test "x$ac_cv_header_security_pam_appl_h" = x""yes; then - : else - { { $as_echo "$as_me:$LINENO: error: PAM header security/pam_appl.h not found!" >&5 -$as_echo "$as_me: error: PAM header security/pam_appl.h not found!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "PAM header security/pam_appl.h not found!" "$LINENO" 5 fi fi if test x$capabilities = xlibcap; then - { $as_echo "$as_me:$LINENO: checking for main in -lcap" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lcap" >&5 $as_echo_n "checking for main in -lcap... " >&6; } -if test "${ac_cv_lib_cap_main+set}" = set; then +if test "${ac_cv_lib_cap_main+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcap $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -18656,197 +15407,38 @@ return main (); return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext - }; then +if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_cap_main=yes else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_cap_main=no + ac_cv_lib_cap_main=no fi - -rm -rf conftest.dSYM -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_cap_main" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_main" >&5 $as_echo "$ac_cv_lib_cap_main" >&6; } -if test "x$ac_cv_lib_cap_main" = x""yes; then +if test "x$ac_cv_lib_cap_main" = x""yes; then : LIBS="$LIBS" else - { { $as_echo "$as_me:$LINENO: error: libcap library not found" >&5 -$as_echo "$as_me: error: libcap library not found" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "libcap library not found" "$LINENO" 5 fi ac_cv_lib_cap=ac_cv_lib_cap_main - if test "${ac_cv_header_sys_capability_h+set}" = set; then - { $as_echo "$as_me:$LINENO: checking for sys/capability.h" >&5 -$as_echo_n "checking for sys/capability.h... " >&6; } -if test "${ac_cv_header_sys_capability_h+set}" = set; then - $as_echo_n "(cached) " >&6 -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_sys_capability_h" >&5 -$as_echo "$ac_cv_header_sys_capability_h" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:$LINENO: checking sys/capability.h usability" >&5 -$as_echo_n "checking sys/capability.h usability... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:$LINENO: checking sys/capability.h presence" >&5 -$as_echo_n "checking sys/capability.h presence... " >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { $as_echo "$as_me:$LINENO: WARNING: sys/capability.h: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: sys/capability.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sys/capability.h: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: sys/capability.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { $as_echo "$as_me:$LINENO: WARNING: sys/capability.h: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: sys/capability.h: present but cannot be compiled" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sys/capability.h: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: sys/capability.h: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sys/capability.h: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: sys/capability.h: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sys/capability.h: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: sys/capability.h: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sys/capability.h: proceeding with the preprocessor's result" >&5 -$as_echo "$as_me: WARNING: sys/capability.h: proceeding with the preprocessor's result" >&2;} - { $as_echo "$as_me:$LINENO: WARNING: sys/capability.h: in the future, the compiler will take precedence" >&5 -$as_echo "$as_me: WARNING: sys/capability.h: in the future, the compiler will take precedence" >&2;} - - ;; -esac -{ $as_echo "$as_me:$LINENO: checking for sys/capability.h" >&5 -$as_echo_n "checking for sys/capability.h... " >&6; } -if test "${ac_cv_header_sys_capability_h+set}" = set; then - $as_echo_n "(cached) " >&6 -else - ac_cv_header_sys_capability_h=$ac_header_preproc -fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_sys_capability_h" >&5 -$as_echo "$ac_cv_header_sys_capability_h" >&6; } + ac_fn_c_check_header_mongrel "$LINENO" "sys/capability.h" "ac_cv_header_sys_capability_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_capability_h" = x""yes; then : -fi -if test "x$ac_cv_header_sys_capability_h" = x""yes; then - : else - { { $as_echo "$as_me:$LINENO: error: libcap header sys/capability.h not found!" >&5 -$as_echo "$as_me: error: libcap header sys/capability.h not found!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "libcap header sys/capability.h not found!" "$LINENO" 5 fi fi if test x$integrity_test = xtrue; then - { $as_echo "$as_me:$LINENO: checking for dladdr()" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dladdr()" >&5 $as_echo_n "checking for dladdr()... " >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _GNU_SOURCE #include @@ -18858,46 +15450,19 @@ Dl_info info; dladdr(main, &info); return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; }; - { { $as_echo "$as_me:$LINENO: error: dladdr() not supported, required by integrity-test!" >&5 -$as_echo "$as_me: error: dladdr() not supported, required by integrity-test!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "dladdr() not supported, required by integrity-test!" "$LINENO" 5 fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - { $as_echo "$as_me:$LINENO: checking for dl_iterate_phdr()" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dl_iterate_phdr()" >&5 $as_echo_n "checking for dl_iterate_phdr()... " >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _GNU_SOURCE #include @@ -18909,38 +15474,15 @@ dl_iterate_phdr((void*)0, (void*)0); return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -$as_echo "$ac_try_echo") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { $as_echo "$as_me:$LINENO: result: yes" >&5 +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { $as_echo "$as_me:$LINENO: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; }; - { { $as_echo "$as_me:$LINENO: error: dl_iterate_phdr() not supported, required by integrity-test!" >&5 -$as_echo "$as_me: error: dl_iterate_phdr() not supported, required by integrity-test!" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "dl_iterate_phdr() not supported, required by integrity-test!" "$LINENO" 5 fi - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi @@ -18996,16 +15538,39 @@ if test x$random = xtrue; then fi if test x$x509 = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" x509" + pluto_plugins=${pluto_plugins}" x509" fi if test x$pubkey = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" pubkey" pluto_plugins=${pluto_plugins}" pubkey" fi +if test x$pkcs1 = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" pkcs1" + pluto_plugins=${pluto_plugins}" pkcs1" +fi +if test x$pgp = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" pgp" + pluto_plugins=${pluto_plugins}" pgp" +fi +if test x$dnskey = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" dnskey" + pluto_plugins=${pluto_plugins}" dnskey" +fi +if test x$pem = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" pem" + pluto_plugins=${pluto_plugins}" pem" +fi if test x$mysql = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" mysql" + pluto_plugins=${pluto_plugins}" mysql" fi if test x$sqlite = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" sqlite" + pluto_plugins=${pluto_plugins}" sqlite" +fi +if test x$attr_sql = xtrue -o x$sql = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" attr-sql" + pluto_plugins=${pluto_plugins}" attr-sql" fi if test x$padlock = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" padlock" @@ -19149,12 +15714,44 @@ else USE_X509_FALSE= fi - if test x$pubkey = xtrue; then - USE_PUBKEY_TRUE= - USE_PUBKEY_FALSE='#' + if test x$pubkey = xtrue; then + USE_PUBKEY_TRUE= + USE_PUBKEY_FALSE='#' +else + USE_PUBKEY_TRUE='#' + USE_PUBKEY_FALSE= +fi + + if test x$pkcs1 = xtrue; then + USE_PKCS1_TRUE= + USE_PKCS1_FALSE='#' +else + USE_PKCS1_TRUE='#' + USE_PKCS1_FALSE= +fi + + if test x$pgp = xtrue; then + USE_PGP_TRUE= + USE_PGP_FALSE='#' +else + USE_PGP_TRUE='#' + USE_PGP_FALSE= +fi + + if test x$dnskey = xtrue; then + USE_DNSKEY_TRUE= + USE_DNSKEY_FALSE='#' +else + USE_DNSKEY_TRUE='#' + USE_DNSKEY_FALSE= +fi + + if test x$pem = xtrue; then + USE_PEM_TRUE= + USE_PEM_FALSE='#' else - USE_PUBKEY_TRUE='#' - USE_PUBKEY_FALSE= + USE_PEM_TRUE='#' + USE_PEM_FALSE= fi if test x$hmac = xtrue; then @@ -19189,6 +15786,14 @@ else USE_SQLITE_FALSE= fi + if test x$attr_sql = xtrue -o x$sql = xtrue; then + USE_ATTR_SQL_TRUE= + USE_ATTR_SQL_FALSE='#' +else + USE_ATTR_SQL_TRUE='#' + USE_ATTR_SQL_FALSE= +fi + if test x$padlock = xtrue; then USE_PADLOCK_TRUE= USE_PADLOCK_FALSE='#' @@ -19294,15 +15899,15 @@ else USE_ATTR_FALSE= fi - if test x$resolvconf = xtrue; then - USE_RESOLV_CONF_TRUE= - USE_RESOLV_CONF_FALSE='#' + if test x$resolve = xtrue; then + USE_RESOLVE_TRUE= + USE_RESOLVE_FALSE='#' else - USE_RESOLV_CONF_TRUE='#' - USE_RESOLV_CONF_FALSE= + USE_RESOLVE_TRUE='#' + USE_RESOLVE_FALSE= fi - if test x$unittest = xtrue; then + if test x$unit_tests = xtrue; then USE_UNIT_TESTS_TRUE= USE_UNIT_TESTS_FALSE='#' else @@ -19310,12 +15915,12 @@ else USE_UNIT_TESTS_FALSE= fi - if test x$loadtest = xtrue; then - USE_LOAD_TESTS_TRUE= - USE_LOAD_TESTS_FALSE='#' + if test x$load_tester = xtrue; then + USE_LOAD_TESTER_TRUE= + USE_LOAD_TESTER_FALSE='#' else - USE_LOAD_TESTS_TRUE='#' - USE_LOAD_TESTS_FALSE= + USE_LOAD_TESTER_TRUE='#' + USE_LOAD_TESTER_FALSE= fi if test x$eap_sim = xtrue; then @@ -19334,6 +15939,22 @@ else USE_EAP_SIM_FILE_FALSE= fi + if test x$eap_simaka_pseudonym = xtrue; then + USE_EAP_SIMAKA_PSEUDONYM_TRUE= + USE_EAP_SIMAKA_PSEUDONYM_FALSE='#' +else + USE_EAP_SIMAKA_PSEUDONYM_TRUE='#' + USE_EAP_SIMAKA_PSEUDONYM_FALSE= +fi + + if test x$eap_simaka_reauth = xtrue; then + USE_EAP_SIMAKA_REAUTH_TRUE= + USE_EAP_SIMAKA_REAUTH_FALSE='#' +else + USE_EAP_SIMAKA_REAUTH_TRUE='#' + USE_EAP_SIMAKA_REAUTH_FALSE= +fi + if test x$eap_identity = xtrue; then USE_EAP_IDENTITY_TRUE= USE_EAP_IDENTITY_FALSE='#' @@ -19366,6 +15987,14 @@ else USE_EAP_AKA_FALSE= fi + if test x$eap_aka_3gpp2 = xtrue; then + USE_EAP_AKA_3GPP2_TRUE= + USE_EAP_AKA_3GPP2_FALSE='#' +else + USE_EAP_AKA_3GPP2_TRUE='#' + USE_EAP_AKA_3GPP2_FALSE= +fi + if test x$eap_mschapv2 = xtrue; then USE_EAP_MSCHAPV2_TRUE= USE_EAP_MSCHAPV2_FALSE='#' @@ -19495,7 +16124,7 @@ else USE_MANAGER_FALSE= fi - if test x$me = xtrue; then + if test x$mediation = xtrue; then USE_ME_TRUE= USE_ME_FALSE='#' else @@ -19583,23 +16212,27 @@ else USE_VSTR_FALSE= fi + if test x$simaka = xtrue; then + USE_SIMAKA_TRUE= + USE_SIMAKA_FALSE='#' +else + USE_SIMAKA_TRUE='#' + USE_SIMAKA_FALSE= +fi -if test x$me = xtrue; then - cat >>confdefs.h <<\_ACEOF -#define ME 1 -_ACEOF + +if test x$mediation = xtrue; then + $as_echo "#define ME 1" >>confdefs.h fi if test x$capabilities = xlibcap; then - cat >>confdefs.h <<\_ACEOF -#define CAPABILITIES 1 -_ACEOF + $as_echo "#define CAPABILITIES 1" >>confdefs.h fi -ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libfreeswan/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/charon/plugins/eap_aka/Makefile src/charon/plugins/eap_identity/Makefile src/charon/plugins/eap_md5/Makefile src/charon/plugins/eap_gtc/Makefile src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile src/charon/plugins/eap_mschapv2/Makefile src/charon/plugins/eap_radius/Makefile src/charon/plugins/kernel_netlink/Makefile src/charon/plugins/kernel_pfkey/Makefile src/charon/plugins/kernel_pfroute/Makefile src/charon/plugins/kernel_klips/Makefile src/charon/plugins/smp/Makefile src/charon/plugins/sql/Makefile src/charon/plugins/medsrv/Makefile src/charon/plugins/medcli/Makefile src/charon/plugins/nm/Makefile src/charon/plugins/uci/Makefile src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/attr/Makefile src/charon/plugins/resolv_conf/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/attr_sql/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/charon/plugins/eap_aka/Makefile src/charon/plugins/eap_aka_3gpp2/Makefile src/charon/plugins/eap_identity/Makefile src/charon/plugins/eap_md5/Makefile src/charon/plugins/eap_gtc/Makefile src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile src/charon/plugins/eap_simaka_pseudonym/Makefile src/charon/plugins/eap_simaka_reauth/Makefile src/charon/plugins/eap_mschapv2/Makefile src/charon/plugins/eap_radius/Makefile src/charon/plugins/kernel_netlink/Makefile src/charon/plugins/kernel_pfkey/Makefile src/charon/plugins/kernel_pfroute/Makefile src/charon/plugins/kernel_klips/Makefile src/charon/plugins/smp/Makefile src/charon/plugins/sql/Makefile src/charon/plugins/medsrv/Makefile src/charon/plugins/medcli/Makefile src/charon/plugins/nm/Makefile src/charon/plugins/uci/Makefile src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/attr/Makefile src/charon/plugins/resolve/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -19628,13 +16261,13 @@ _ACEOF case $ac_val in #( *${as_nl}*) case $ac_var in #( - *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5 + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( - *) $as_unset $ac_var ;; + *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done @@ -19642,8 +16275,8 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote - # substitution turns \\\\ into \\, and sed turns \\ into \). + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" @@ -19666,11 +16299,11 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then test "x$cache_file" != "x/dev/null" && - { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} cat confcache >$cache_file else - { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi @@ -19726,513 +16359,348 @@ for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. - ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" - ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"AMDEP\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_TEST_VECTORS_TRUE}" && test -z "${USE_TEST_VECTORS_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_TEST_VECTORS\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_TEST_VECTORS\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_TEST_VECTORS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_CURL_TRUE}" && test -z "${USE_CURL_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_CURL\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_CURL\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_CURL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LDAP_TRUE}" && test -z "${USE_LDAP_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_LDAP\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_LDAP\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_LDAP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_AES_TRUE}" && test -z "${USE_AES_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_AES\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_AES\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_AES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_DES_TRUE}" && test -z "${USE_DES_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_DES\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_DES\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_DES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_BLOWFISH_TRUE}" && test -z "${USE_BLOWFISH_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_BLOWFISH\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_BLOWFISH\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_BLOWFISH\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MD4_TRUE}" && test -z "${USE_MD4_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_MD4\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_MD4\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_MD4\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MD5_TRUE}" && test -z "${USE_MD5_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_MD5\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_MD5\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_MD5\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SHA1_TRUE}" && test -z "${USE_SHA1_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_SHA1\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_SHA1\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_SHA1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SHA2_TRUE}" && test -z "${USE_SHA2_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_SHA2\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_SHA2\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_SHA2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FIPS_PRF_TRUE}" && test -z "${USE_FIPS_PRF_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_FIPS_PRF\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_FIPS_PRF\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_FIPS_PRF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_GMP_TRUE}" && test -z "${USE_GMP_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_GMP\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_GMP\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_GMP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_RANDOM_TRUE}" && test -z "${USE_RANDOM_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_RANDOM\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_RANDOM\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_RANDOM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_X509_TRUE}" && test -z "${USE_X509_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_X509\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_X509\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_X509\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PUBKEY_TRUE}" && test -z "${USE_PUBKEY_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_PUBKEY\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_PUBKEY\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_PUBKEY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_PKCS1_TRUE}" && test -z "${USE_PKCS1_FALSE}"; then + as_fn_error "conditional \"USE_PKCS1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_PGP_TRUE}" && test -z "${USE_PGP_FALSE}"; then + as_fn_error "conditional \"USE_PGP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_DNSKEY_TRUE}" && test -z "${USE_DNSKEY_FALSE}"; then + as_fn_error "conditional \"USE_DNSKEY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_PEM_TRUE}" && test -z "${USE_PEM_FALSE}"; then + as_fn_error "conditional \"USE_PEM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_HMAC_TRUE}" && test -z "${USE_HMAC_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_HMAC\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_HMAC\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_HMAC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_XCBC_TRUE}" && test -z "${USE_XCBC_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_XCBC\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_XCBC\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_XCBC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MYSQL_TRUE}" && test -z "${USE_MYSQL_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_MYSQL\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_MYSQL\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_MYSQL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SQLITE_TRUE}" && test -z "${USE_SQLITE_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_SQLITE\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_SQLITE\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_SQLITE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_ATTR_SQL_TRUE}" && test -z "${USE_ATTR_SQL_FALSE}"; then + as_fn_error "conditional \"USE_ATTR_SQL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PADLOCK_TRUE}" && test -z "${USE_PADLOCK_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_PADLOCK\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_PADLOCK\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_PADLOCK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_OPENSSL_TRUE}" && test -z "${USE_OPENSSL_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_OPENSSL\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_OPENSSL\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_OPENSSL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_GCRYPT_TRUE}" && test -z "${USE_GCRYPT_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_GCRYPT\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_GCRYPT\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_GCRYPT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_AGENT_TRUE}" && test -z "${USE_AGENT_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_AGENT\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_AGENT\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_AGENT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_STROKE_TRUE}" && test -z "${USE_STROKE_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_STROKE\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_STROKE\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_STROKE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MEDSRV_TRUE}" && test -z "${USE_MEDSRV_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_MEDSRV\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_MEDSRV\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_MEDSRV\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MEDCLI_TRUE}" && test -z "${USE_MEDCLI_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_MEDCLI\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_MEDCLI\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_MEDCLI\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_NM_TRUE}" && test -z "${USE_NM_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_NM\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_NM\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_NM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_UCI_TRUE}" && test -z "${USE_UCI_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_UCI\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_UCI\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_UCI\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SMP_TRUE}" && test -z "${USE_SMP_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_SMP\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_SMP\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_SMP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SQL_TRUE}" && test -z "${USE_SQL_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_SQL\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_SQL\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_SQL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_UPDOWN_TRUE}" && test -z "${USE_UPDOWN_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_UPDOWN\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_UPDOWN\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_UPDOWN\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ATTR_TRUE}" && test -z "${USE_ATTR_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_ATTR\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_ATTR\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${USE_RESOLV_CONF_TRUE}" && test -z "${USE_RESOLV_CONF_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_RESOLV_CONF\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_RESOLV_CONF\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_ATTR\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_RESOLVE_TRUE}" && test -z "${USE_RESOLVE_FALSE}"; then + as_fn_error "conditional \"USE_RESOLVE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_UNIT_TESTS_TRUE}" && test -z "${USE_UNIT_TESTS_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_UNIT_TESTS\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_UNIT_TESTS\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${USE_LOAD_TESTS_TRUE}" && test -z "${USE_LOAD_TESTS_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_LOAD_TESTS\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_LOAD_TESTS\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_UNIT_TESTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_LOAD_TESTER_TRUE}" && test -z "${USE_LOAD_TESTER_FALSE}"; then + as_fn_error "conditional \"USE_LOAD_TESTER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIM_TRUE}" && test -z "${USE_EAP_SIM_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_EAP_SIM\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_EAP_SIM\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_EAP_SIM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIM_FILE_TRUE}" && test -z "${USE_EAP_SIM_FILE_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_EAP_SIM_FILE\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_EAP_SIM_FILE\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_EAP_SIM_FILE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_EAP_SIMAKA_PSEUDONYM_TRUE}" && test -z "${USE_EAP_SIMAKA_PSEUDONYM_FALSE}"; then + as_fn_error "conditional \"USE_EAP_SIMAKA_PSEUDONYM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_EAP_SIMAKA_REAUTH_TRUE}" && test -z "${USE_EAP_SIMAKA_REAUTH_FALSE}"; then + as_fn_error "conditional \"USE_EAP_SIMAKA_REAUTH\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_IDENTITY_TRUE}" && test -z "${USE_EAP_IDENTITY_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_EAP_IDENTITY\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_EAP_IDENTITY\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_EAP_IDENTITY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_MD5_TRUE}" && test -z "${USE_EAP_MD5_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_EAP_MD5\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_EAP_MD5\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_EAP_MD5\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_GTC_TRUE}" && test -z "${USE_EAP_GTC_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_EAP_GTC\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_EAP_GTC\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_EAP_GTC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_AKA_TRUE}" && test -z "${USE_EAP_AKA_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_EAP_AKA\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_EAP_AKA\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_EAP_AKA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_EAP_AKA_3GPP2_TRUE}" && test -z "${USE_EAP_AKA_3GPP2_FALSE}"; then + as_fn_error "conditional \"USE_EAP_AKA_3GPP2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_MSCHAPV2_TRUE}" && test -z "${USE_EAP_MSCHAPV2_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_EAP_MSCHAPV2\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_EAP_MSCHAPV2\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_EAP_MSCHAPV2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_RADIUS_TRUE}" && test -z "${USE_EAP_RADIUS_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_EAP_RADIUS\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_EAP_RADIUS\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_EAP_RADIUS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_KERNEL_NETLINK_TRUE}" && test -z "${USE_KERNEL_NETLINK_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_KERNEL_NETLINK\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_KERNEL_NETLINK\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_KERNEL_NETLINK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_KERNEL_PFKEY_TRUE}" && test -z "${USE_KERNEL_PFKEY_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_KERNEL_PFKEY\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_KERNEL_PFKEY\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_KERNEL_PFKEY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_KERNEL_PFROUTE_TRUE}" && test -z "${USE_KERNEL_PFROUTE_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_KERNEL_PFROUTE\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_KERNEL_PFROUTE\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_KERNEL_PFROUTE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_KERNEL_KLIPS_TRUE}" && test -z "${USE_KERNEL_KLIPS_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_KERNEL_KLIPS\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_KERNEL_KLIPS\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_KERNEL_KLIPS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SMARTCARD_TRUE}" && test -z "${USE_SMARTCARD_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_SMARTCARD\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_SMARTCARD\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_SMARTCARD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_CISCO_QUIRKS_TRUE}" && test -z "${USE_CISCO_QUIRKS_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_CISCO_QUIRKS\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_CISCO_QUIRKS\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_CISCO_QUIRKS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LEAK_DETECTIVE_TRUE}" && test -z "${USE_LEAK_DETECTIVE_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_LEAK_DETECTIVE\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_LEAK_DETECTIVE\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_LEAK_DETECTIVE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LOCK_PROFILER_TRUE}" && test -z "${USE_LOCK_PROFILER_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_LOCK_PROFILER\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_LOCK_PROFILER\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_LOCK_PROFILER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_NAT_TRANSPORT_TRUE}" && test -z "${USE_NAT_TRANSPORT_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_NAT_TRANSPORT\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_NAT_TRANSPORT\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_NAT_TRANSPORT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_VENDORID_TRUE}" && test -z "${USE_VENDORID_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_VENDORID\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_VENDORID\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_VENDORID\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_XAUTH_VID_TRUE}" && test -z "${USE_XAUTH_VID_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_XAUTH_VID\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_XAUTH_VID\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_XAUTH_VID\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_DUMM_TRUE}" && test -z "${USE_DUMM_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_DUMM\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_DUMM\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_DUMM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FAST_TRUE}" && test -z "${USE_FAST_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_FAST\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_FAST\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_FAST\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MANAGER_TRUE}" && test -z "${USE_MANAGER_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_MANAGER\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_MANAGER\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_MANAGER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ME_TRUE}" && test -z "${USE_ME_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_ME\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_ME\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_ME\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_INTEGRITY_TEST_TRUE}" && test -z "${USE_INTEGRITY_TEST_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_INTEGRITY_TEST\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_INTEGRITY_TEST\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_INTEGRITY_TEST\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_CAPABILITIES_TRUE}" && test -z "${USE_CAPABILITIES_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_CAPABILITIES\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_CAPABILITIES\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_CAPABILITIES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PLUTO_TRUE}" && test -z "${USE_PLUTO_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_PLUTO\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_PLUTO\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_PLUTO\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_THREADS_TRUE}" && test -z "${USE_THREADS_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_THREADS\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_THREADS\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_THREADS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_CHARON_TRUE}" && test -z "${USE_CHARON_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_CHARON\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_CHARON\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_CHARON\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_TOOLS_TRUE}" && test -z "${USE_TOOLS_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_TOOLS\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_TOOLS\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_TOOLS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SCRIPTS_TRUE}" && test -z "${USE_SCRIPTS_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_SCRIPTS\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_SCRIPTS\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_SCRIPTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LIBSTRONGSWAN_TRUE}" && test -z "${USE_LIBSTRONGSWAN_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_LIBSTRONGSWAN\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_LIBSTRONGSWAN\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_LIBSTRONGSWAN\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FILE_CONFIG_TRUE}" && test -z "${USE_FILE_CONFIG_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_FILE_CONFIG\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_FILE_CONFIG\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_FILE_CONFIG\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_VSTR_TRUE}" && test -z "${USE_VSTR_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"USE_VSTR\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"USE_VSTR\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } + as_fn_error "conditional \"USE_VSTR\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_SIMAKA_TRUE}" && test -z "${USE_SIMAKA_FALSE}"; then + as_fn_error "conditional \"USE_SIMAKA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi : ${CONFIG_STATUS=./config.status} ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} -cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. @@ -20242,17 +16710,18 @@ cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 debug=false ac_cs_recheck=false ac_cs_silent=false -SHELL=\${CONFIG_SHELL-$SHELL} -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -## --------------------- ## -## M4sh Initialization. ## -## --------------------- ## +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which @@ -20260,23 +16729,15 @@ if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; esac - fi - - -# PATH needs CR -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - as_nl=' ' export as_nl @@ -20284,7 +16745,13 @@ export as_nl as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else @@ -20295,7 +16762,7 @@ else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; - case $arg in + case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; @@ -20318,13 +16785,6 @@ if test "${PATH_SEPARATOR+set}" != set; then } fi -# Support unset when possible. -if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then - as_unset=unset -else - as_unset=false -fi - # IFS # We need space, tab and new line, in precisely that order. Quoting is @@ -20334,15 +16794,15 @@ fi IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. -case $0 in +case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -done + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done IFS=$as_save_IFS ;; @@ -20354,12 +16814,16 @@ if test "x$as_myself" = x; then fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - { (exit 1); exit 1; } + exit 1 fi -# Work around bugs in pre-3.0 UWIN ksh. -for as_var in ENV MAIL MAILPATH -do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' @@ -20371,7 +16835,89 @@ export LC_ALL LANGUAGE=C export LANGUAGE -# Required to use basename. +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error ERROR [LINENO LOG_FD] +# --------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with status $?, using 1 if that was 0. +as_fn_error () +{ + as_status=$?; test $as_status -eq 0 && as_status=1 + if test "$3"; then + as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + fi + $as_echo "$as_me: error: $1" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr @@ -20385,8 +16931,12 @@ else as_basename=false fi +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi -# Name of the executable. as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ @@ -20406,76 +16956,25 @@ $as_echo X/"$0" | } s/.*/./; q'` -# CDPATH. -$as_unset CDPATH - - - - as_lineno_1=$LINENO - as_lineno_2=$LINENO - test "x$as_lineno_1" != "x$as_lineno_2" && - test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { - - # Create $as_me.lineno as a copy of $as_myself, but with $LINENO - # uniformly replaced by the line number. The first 'sed' inserts a - # line-number line after each line using $LINENO; the second 'sed' - # does the real work. The second script uses 'N' to pair each - # line-number line with the line containing $LINENO, and appends - # trailing '-' during substitution so that $LINENO is not a special - # case at line end. - # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the - # scripts with optimization help from Paolo Bonzini. Blame Lee - # E. McMahon (1931-1989) for sed's syntax. :-) - sed -n ' - p - /[$]LINENO/= - ' <$as_myself | - sed ' - s/[$]LINENO.*/&-/ - t lineno - b - :lineno - N - :loop - s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ - t loop - s/-\n.*// - ' >$as_me.lineno && - chmod +x "$as_me.lineno" || - { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 - { (exit 1); exit 1; }; } - - # Don't try to exec as it changes $[0], causing all sort of problems - # (the dirname of $[0] is not the place where we might find the - # original and so on. Autoconf is especially sensitive to this). - . "./$as_me.lineno" - # Exit status is that of the last command. - exit -} - - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in +case `echo -n x` in #((((( -n*) - case `echo 'x\c'` in + case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. - *) ECHO_C='\c';; + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then @@ -20504,8 +17003,56 @@ fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + + +} # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then - as_mkdir_p=: + as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false @@ -20524,10 +17071,10 @@ else if test -d "$1"; then test -d "$1/."; else - case $1 in + case $1 in #( -*)set "./$1";; esac; - case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( ???[sx]*):;;*)false;;esac;fi '\'' sh ' @@ -20542,13 +17089,19 @@ as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 -# Save the log message, to keep $[0] and so on meaningful, and to +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 4.3.4, which was -generated by GNU Autoconf 2.63. Invocation command line was +This file was extended by strongSwan $as_me 4.3.6, which was +generated by GNU Autoconf 2.64. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -20576,10 +17129,11 @@ _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ -\`$as_me' instantiates files from templates according to the -current configuration. +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. -Usage: $0 [OPTION]... [FILE]... +Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit @@ -20596,16 +17150,16 @@ $config_files Configuration commands: $config_commands -Report bugs to ." +Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ -strongSwan config.status 4.3.4 -configured by $0, generated by GNU Autoconf 2.63, +strongSwan config.status 4.3.6 +configured by $0, generated by GNU Autoconf 2.64, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" -Copyright (C) 2008 Free Software Foundation, Inc. +Copyright (C) 2009 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -20648,7 +17202,7 @@ do case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac - CONFIG_FILES="$CONFIG_FILES '$ac_optarg'" + as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --he | --h | --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; @@ -20657,11 +17211,10 @@ do ac_cs_silent=: ;; # This is an error. - -*) { $as_echo "$as_me: error: unrecognized option: $1 -Try \`$0 --help' for more information." >&2 - { (exit 1); exit 1; }; } ;; + -*) as_fn_error "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; - *) ac_config_targets="$ac_config_targets $1" + *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac @@ -20987,25 +17540,34 @@ do "src/libstrongswan/plugins/xcbc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/xcbc/Makefile" ;; "src/libstrongswan/plugins/x509/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/x509/Makefile" ;; "src/libstrongswan/plugins/pubkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pubkey/Makefile" ;; + "src/libstrongswan/plugins/pkcs1/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pkcs1/Makefile" ;; + "src/libstrongswan/plugins/pgp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pgp/Makefile" ;; + "src/libstrongswan/plugins/dnskey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/dnskey/Makefile" ;; + "src/libstrongswan/plugins/pem/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pem/Makefile" ;; "src/libstrongswan/plugins/curl/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/curl/Makefile" ;; "src/libstrongswan/plugins/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ldap/Makefile" ;; "src/libstrongswan/plugins/mysql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/mysql/Makefile" ;; "src/libstrongswan/plugins/sqlite/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/sqlite/Makefile" ;; + "src/libstrongswan/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/attr_sql/Makefile" ;; "src/libstrongswan/plugins/padlock/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/padlock/Makefile" ;; "src/libstrongswan/plugins/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/openssl/Makefile" ;; "src/libstrongswan/plugins/gcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gcrypt/Makefile" ;; "src/libstrongswan/plugins/agent/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/agent/Makefile" ;; "src/libstrongswan/plugins/test_vectors/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/test_vectors/Makefile" ;; "src/libfreeswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libfreeswan/Makefile" ;; + "src/libsimaka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libsimaka/Makefile" ;; "src/pluto/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/Makefile" ;; "src/whack/Makefile") CONFIG_FILES="$CONFIG_FILES src/whack/Makefile" ;; "src/charon/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/Makefile" ;; "src/charon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_aka/Makefile" ;; + "src/charon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_aka_3gpp2/Makefile" ;; "src/charon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_identity/Makefile" ;; "src/charon/plugins/eap_md5/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_md5/Makefile" ;; "src/charon/plugins/eap_gtc/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_gtc/Makefile" ;; "src/charon/plugins/eap_sim/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim/Makefile" ;; "src/charon/plugins/eap_sim_file/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim_file/Makefile" ;; + "src/charon/plugins/eap_simaka_pseudonym/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_simaka_pseudonym/Makefile" ;; + "src/charon/plugins/eap_simaka_reauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_simaka_reauth/Makefile" ;; "src/charon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_mschapv2/Makefile" ;; "src/charon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_radius/Makefile" ;; "src/charon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_netlink/Makefile" ;; @@ -21021,7 +17583,7 @@ do "src/charon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/stroke/Makefile" ;; "src/charon/plugins/updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/updown/Makefile" ;; "src/charon/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/attr/Makefile" ;; - "src/charon/plugins/resolv_conf/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/resolv_conf/Makefile" ;; + "src/charon/plugins/resolve/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/resolve/Makefile" ;; "src/charon/plugins/unit_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/unit_tester/Makefile" ;; "src/charon/plugins/load_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/load_tester/Makefile" ;; "src/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/stroke/Makefile" ;; @@ -21032,6 +17594,7 @@ do "src/_copyright/Makefile") CONFIG_FILES="$CONFIG_FILES src/_copyright/Makefile" ;; "src/openac/Makefile") CONFIG_FILES="$CONFIG_FILES src/openac/Makefile" ;; "src/scepclient/Makefile") CONFIG_FILES="$CONFIG_FILES src/scepclient/Makefile" ;; + "src/pki/Makefile") CONFIG_FILES="$CONFIG_FILES src/pki/Makefile" ;; "src/dumm/Makefile") CONFIG_FILES="$CONFIG_FILES src/dumm/Makefile" ;; "src/dumm/ext/extconf.rb") CONFIG_FILES="$CONFIG_FILES src/dumm/ext/extconf.rb" ;; "src/libfast/Makefile") CONFIG_FILES="$CONFIG_FILES src/libfast/Makefile" ;; @@ -21041,9 +17604,7 @@ do "scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;; "testing/Makefile") CONFIG_FILES="$CONFIG_FILES testing/Makefile" ;; - *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 -$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;} - { (exit 1); exit 1; }; };; + *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done @@ -21069,7 +17630,7 @@ $debug || trap 'exit_status=$? { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status ' 0 - trap '{ (exit 1); exit 1; }' 1 2 13 15 + trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. @@ -21080,11 +17641,7 @@ $debug || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") -} || -{ - $as_echo "$as_me: cannot create a temporary directory in ." >&2 - { (exit 1); exit 1; } -} +} || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5 # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. @@ -21092,10 +17649,16 @@ $debug || if test -n "$CONFIG_FILES"; then -ac_cr=' ' +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then - ac_cs_awk_cr='\\r' + ac_cs_awk_cr='\r' else ac_cs_awk_cr=$ac_cr fi @@ -21109,24 +17672,18 @@ _ACEOF echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || - { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 -$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || - { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 -$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then - { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 -$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi @@ -21215,9 +17772,7 @@ if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then else cat fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ - || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5 -$as_echo "$as_me: error: could not setup config files machinery" >&2;} - { (exit 1); exit 1; }; } + || as_fn_error "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove $(srcdir), @@ -21248,9 +17803,7 @@ do esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5 -$as_echo "$as_me: error: invalid tag $ac_tag" >&2;} - { (exit 1); exit 1; }; };; + :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -21278,12 +17831,10 @@ $as_echo "$as_me: error: invalid tag $ac_tag" >&2;} [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 -$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;} - { (exit 1); exit 1; }; };; + as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac - ac_file_inputs="$ac_file_inputs '$ac_f'" + as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't @@ -21294,7 +17845,7 @@ $as_echo "$as_me: error: cannot find input file: $ac_f" >&2;} `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" - { $as_echo "$as_me:$LINENO: creating $ac_file" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. @@ -21307,9 +17858,7 @@ $as_echo "$as_me: creating $ac_file" >&6;} case $ac_tag in *:-:* | *:-) cat >"$tmp/stdin" \ - || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 -$as_echo "$as_me: error: could not create $ac_file" >&2;} - { (exit 1); exit 1; }; } ;; + || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac @@ -21337,47 +17886,7 @@ $as_echo X"$ac_file" | q } s/.*/./; q'` - { as_dir="$ac_dir" - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 -$as_echo "$as_me: error: cannot create directory $as_dir" >&2;} - { (exit 1); exit 1; }; }; } + as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in @@ -21434,7 +17943,6 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= - ac_sed_dataroot=' /datarootdir/ { p @@ -21444,12 +17952,11 @@ ac_sed_dataroot=' /@docdir@/p /@infodir@/p /@localedir@/p -/@mandir@/p -' +/@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) - { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 @@ -21459,7 +17966,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g - s&\\\${datarootdir}&$datarootdir&g' ;; + s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF @@ -21488,14 +17995,12 @@ s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ - || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 -$as_echo "$as_me: error: could not create $ac_file" >&2;} - { (exit 1); exit 1; }; } + || as_fn_error "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && - { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&2;} @@ -21505,13 +18010,11 @@ which seems to be undefined. Please make sure it is defined." >&2;} -) cat "$tmp/out" && rm -f "$tmp/out";; *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; esac \ - || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5 -$as_echo "$as_me: error: could not create $ac_file" >&2;} - { (exit 1); exit 1; }; } + || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; - :C) { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5 + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac @@ -21606,47 +18109,7 @@ $as_echo X"$file" | q } s/.*/./; q'` - { as_dir=$dirpart/$fdir - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 -$as_echo "$as_me: error: cannot create directory $as_dir" >&2;} - { (exit 1); exit 1; }; }; } + as_dir=$dirpart/$fdir; as_fn_mkdir_p # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done @@ -22293,15 +18756,12 @@ _LT_EOF done # for ac_tag -{ (exit 0); exit 0; } +as_fn_exit 0 _ACEOF -chmod +x $CONFIG_STATUS ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || - { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5 -$as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;} - { (exit 1); exit 1; }; } + as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. @@ -22322,10 +18782,10 @@ if test "$no_create" != yes; then exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. - $ac_cs_success || { (exit 1); exit 1; } + $ac_cs_success || as_fn_exit $? fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then - { $as_echo "$as_me:$LINENO: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi diff --git a/configure.in b/configure.in index f677cb622..8ba844e9b 100644 --- a/configure.in +++ b/configure.in @@ -1,12 +1,12 @@ dnl configure.in for linux strongSwan dnl Copyright (C) 2006 Martin Willi dnl Hochschule fuer Technik Rapperswil -dnl +dnl dnl This program is free software; you can redistribute it and/or modify it dnl under the terms of the GNU General Public License as published by the dnl Free Software Foundation; either version 2 of the License, or (at your dnl option) any later version. See . -dnl +dnl dnl This program is distributed in the hope that it will be useful, but dnl WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY dnl or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License @@ -16,21 +16,31 @@ dnl =========================== dnl initialize & set some vars dnl =========================== -AC_INIT(strongSwan,4.3.4) +AC_INIT(strongSwan,4.3.6) AM_INIT_AUTOMAKE(tar-ustar) -AC_SUBST(confdir, '${sysconfdir}') +AC_CONFIG_MACRO_DIR([m4/config]) PKG_PROG_PKG_CONFIG dnl ================================= dnl check --enable-xxx & --with-xxx dnl ================================= -AC_ARG_WITH( - [default-pkcs11], - AS_HELP_STRING([--with-default-pkcs11=lib],[set the default PKCS11 library other than "/usr/lib/opensc-pkcs11.so"]), - [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "$withval")], - [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "/usr/lib/opensc-pkcs11.so")] -) +m4_include(m4/macros/with.m4) + +ARG_WITH_SUBST([default-pkcs11], [/usr/lib/opensc-pkcs11.so], [set the default PKCS11 library]) +ARG_WITH_SUBST([random-device], [/dev/random], [set the device to read real random data from]) +ARG_WITH_SUBST([urandom-device], [/dev/urandom], [set the device to read pseudo random data from]) +ARG_WITH_SUBST([strongswan-conf], [${sysconfdir}/strongswan.conf], [set the strongswan.conf file location]) +ARG_WITH_SUBST([resolv-conf], [${sysconfdir}/resolv.conf], [set the file to use in DNS handler plugin]) +ARG_WITH_SUBST([piddir], [/var/run], [set path for PID and UNIX socket files]) +ARG_WITH_SUBST([ipsecdir], [${libexecdir%/}/ipsec], [set installation path for ipsec tools]) +ARG_WITH_SUBST([plugindir], [${ipsecdir%/}/plugins], [set the installation path of plugins]) +ARG_WITH_SUBST([nm-ca-dir], [/usr/share/ca-certificates], [directory the NM plugin uses to look up trusted root certificates]) +ARG_WITH_SUBST([linux-headers], [\${top_srcdir}/src/include], [set directory of linux header files to use]) +ARG_WITH_SUBST([routing-table], [220], [set routing table to use for IPsec routes]) +ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table]) + +ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently only the value "libcap" is supported]) AC_ARG_WITH( [xauth-module], @@ -38,91 +48,6 @@ AC_ARG_WITH( [AC_DEFINE_UNQUOTED(XAUTH_DEFAULT_LIB, "$withval")], ) -AC_ARG_WITH( - [random-device], - AS_HELP_STRING([--with-random-device=dev],[set the device for real random data other than "/dev/random"]), - [AC_DEFINE_UNQUOTED(DEV_RANDOM, "$withval")], - [AC_DEFINE_UNQUOTED(DEV_RANDOM, "/dev/random")] -) -AC_ARG_WITH( - [resolv-conf], - AS_HELP_STRING([--with-resolv-conf=file],[set the file to use in DNS handler plugin other than "sysconfdir/resolv.conf"]), - [AC_SUBST(resolv_conf, "$withval")], - [AC_SUBST(resolv_conf, "${sysconfdir}/resolv.conf")] -) - -AC_ARG_WITH( - [strongswan-conf], - AS_HELP_STRING([--with-strongswan-conf=file],[strongswan.conf file other than "sysconfdir/strongswan.conf"]), - [AC_SUBST(strongswan_conf, "$withval")], - [AC_SUBST(strongswan_conf, "${sysconfdir}/strongswan.conf")] -) - -AC_ARG_WITH( - [urandom-device], - AS_HELP_STRING([--with-urandom-device=dev],[set the device for pseudo random data other than "/dev/urandom"]), - [AC_DEFINE_UNQUOTED(DEV_URANDOM, "$withval")], - [AC_DEFINE_UNQUOTED(DEV_URANDOM, "/dev/urandom")] -) - -AC_ARG_WITH( - [piddir], - AS_HELP_STRING([--with-piddir=dir],[path for PID and UNIX socket files other than "/var/run"]), - [AC_SUBST(piddir, "$withval")], - [AC_SUBST(piddir, "/var/run")] -) - -AC_ARG_WITH( - [ipsecdir], - AS_HELP_STRING([--with-ipsecdir=dir],[installation path for ipsec tools other than "libexecdir/ipsec"]), - [AC_SUBST(ipsecdir, "$withval")], - [AC_SUBST(ipsecdir, "${libexecdir%/}/ipsec")] -) -AC_SUBST(plugindir, "${ipsecdir%/}/plugins") - -AC_ARG_WITH( - [plugindir], - AS_HELP_STRING([--with-plugindir=dir],[installation path for plugins other than "ipsecdir/plugins"]), - [AC_SUBST(plugindir, "$withval")], - [AC_SUBST(plugindir, "${ipsecdir%/}/plugins")] -) - -AC_ARG_WITH( - [sim-reader], - AS_HELP_STRING([--with-sim-reader=library.so],[library containing the sim_run_alg()/sim_get_triplet() function for EAP-SIM]), - [AC_SUBST(simreader, "$withval")], - [AC_SUBST(simreader, "${plugindir%/}/libeapsim-file.so")] -) - -AC_ARG_WITH( - [linux-headers], - AS_HELP_STRING([--with-linux-headers=dir],[use the linux header files in dir instead of the supplied ones in "src/include"]), - [AC_SUBST(linuxdir, "$withval")], [AC_SUBST(linuxdir, "\${top_srcdir}/src/include")] -) -AC_SUBST(LINUX_HEADERS) - -AC_ARG_WITH( - [routing-table], - AS_HELP_STRING([--with-routing-table=num],[use routing table for IPsec routes (default: 220)]), - [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, $withval) AC_SUBST(IPSEC_ROUTING_TABLE, "$withval")], - [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE, 220) AC_SUBST(IPSEC_ROUTING_TABLE, "220")] -) - -AC_ARG_WITH( - [routing-table-prio], - AS_HELP_STRING([--with-routing-table-prio=prio],[priority for IPsec routing table (default: 220)]), - [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, $withval) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "$withval")], - [AC_DEFINE_UNQUOTED(IPSEC_ROUTING_TABLE_PRIO, 220) AC_SUBST(IPSEC_ROUTING_TABLE_PRIO, "220")] -) - -AC_ARG_WITH( - [uid],,[AC_MSG_ERROR([--with-uid is gone, use --with-user instead!])] -) - -AC_ARG_WITH( - [gid],,[AC_MSG_ERROR([--with-gid is gone, use --with-group instead!])] -) - AC_ARG_WITH( [user], AS_HELP_STRING([--with-user=user],[change user of the daemons to "user" after startup (default is "root").]), @@ -137,614 +62,81 @@ AC_ARG_WITH( [AC_SUBST(ipsecgroup, "root")] ) -dnl Will be extended to --with-capabilities=libcap|libcap2 -AC_ARG_WITH( - [capabilities], - AS_HELP_STRING([--with-capabilities=libcap],[capability dropping using libcap. Currenlty only the value "libcap" is supported (default is NO).]), - [capabilities="$withval"], - [capabilities=no] -) - -AC_ARG_ENABLE( - [curl], - AS_HELP_STRING([--enable-curl],[enable CURL fetcher plugin to fetch files via libcurl (default is NO). Requires libcurl.]), - [if test x$enableval = xyes; then - curl=true - fi] -) - -AC_ARG_ENABLE( - [ldap], - AS_HELP_STRING([--enable-ldap],[enable LDAP fetching plugin to fetch files via libldap (default is NO). Requires openLDAP.]), - [if test x$enableval = xyes; then - ldap=true - fi] -) - -AC_ARG_ENABLE( - [aes], - AS_HELP_STRING([--disable-aes],[disable own AES software implementation plugin. (default is NO).]), - [if test x$enableval = xyes; then - aes=true - else - aes=false - fi], - aes=true -) - -AC_ARG_ENABLE( - [des], - AS_HELP_STRING([--disable-des],[disable own DES/3DES software implementation plugin. (default is NO).]), - [if test x$enableval = xyes; then - des=true - else - des=false - fi], - des=true -) - -AC_ARG_ENABLE( - [blowfish], - AS_HELP_STRING([--enable-blowfish],[enable Blowfish software implementation plugin (default is NO).]), - [if test x$enableval = xyes; then - blowfish=true - fi] -) - -AC_ARG_ENABLE( - [md4], - AS_HELP_STRING([--enable-md4],[enable MD4 software implementation plugin (default is NO).]), - [if test x$enableval = xyes; then - md4=true - fi] -) - -AC_ARG_ENABLE( - [md5], - AS_HELP_STRING([--disable-md5],[disable own MD5 software implementation plugin. (default is NO).]), - [if test x$enableval = xyes; then - md5=true - else - md5=false - fi], - md5=true -) - -AC_ARG_ENABLE( - [sha1], - AS_HELP_STRING([--disable-sha1],[disable own SHA1 software implementation plugin. (default is NO).]), - [if test x$enableval = xyes; then - sha1=true - else - sha1=false - fi], - sha1=true -) - -AC_ARG_ENABLE( - [sha2], - AS_HELP_STRING([--disable-sha2],[disable own SHA256/SHA384/SHA512 software implementation plugin. (default is NO).]), - [if test x$enableval = xyes; then - sha2=true - else - sha2=false - fi], - sha2=true -) - -AC_ARG_ENABLE( - [fips-prf], - AS_HELP_STRING([--disable-fips-prf],[disable FIPS PRF software implementation plugin. (default is NO).]), - [if test x$enableval = xyes; then - fips_prf=true - else - fips_prf=false - fi], - fips_prf=true -) - -AC_ARG_ENABLE( - [gmp], - AS_HELP_STRING([--disable-gmp],[disable own GNU MP (libgmp) based crypto implementation plugin. (default is NO).]), - [if test x$enableval = xyes; then - gmp=true - else - gmp=false - fi], - gmp=true -) - -AC_ARG_ENABLE( - [random], - AS_HELP_STRING([--disable-random],[disable RNG implementation on top of /dev/(u)random. (default is NO).]), - [if test x$enableval = xyes; then - random=true - else - random=false - fi], - random=true -) - -AC_ARG_ENABLE( - [x509], - AS_HELP_STRING([--disable-x509],[disable own X509 certificate implementation plugin. (default is NO).]), - [if test x$enableval = xyes; then - x509=true - else - x509=false - fi], - x509=true -) - -AC_ARG_ENABLE( - [pubkey], - AS_HELP_STRING([--disable-pubkey],[disable RAW public key support plugin. (default is NO).]), - [if test x$enableval = xyes; then - pubkey=true - else - pubkey=false - fi], - pubkey=true -) - -AC_ARG_ENABLE( - [hmac], - AS_HELP_STRING([--disable-hmac],[disable HMAC crypto implementation plugin. (default is NO).]), - [if test x$enableval = xyes; then - hmac=true - else - hmac=false - fi], - hmac=true -) - -AC_ARG_ENABLE( - [xcbc], - AS_HELP_STRING([--disable-xcbc],[disable xcbc crypto implementation plugin. (default is NO).]), - [if test x$enableval = xyes; then - xcbc=true - else - xcbc=false - fi], - xcbc=true -) - -AC_ARG_ENABLE( - [test-vectors], - AS_HELP_STRING([--enable-test-vectors],[enable plugin providing crypto test vectors (default is NO).]), - [if test x$enableval = xyes; then - test_vectors=true - fi] -) - -AC_ARG_ENABLE( - [mysql], - AS_HELP_STRING([--enable-mysql],[enable MySQL database support (default is NO). Requires libmysqlclient_r.]), - [if test x$enableval = xyes; then - mysql=true - fi] -) - -AC_ARG_ENABLE( - [sqlite], - AS_HELP_STRING([--enable-sqlite],[enable SQLite database support (default is NO). Requires libsqlite3.]), - [if test x$enableval = xyes; then - sqlite=true - fi] -) - -AC_ARG_ENABLE( - [stroke], - AS_HELP_STRING([--disable-stroke],[disable charons stroke (pluto compatibility) configuration backend. (default is NO).]), - [if test x$enableval = xyes; then - stroke=true - else - stroke=false - fi], - stroke=true -) - -AC_ARG_ENABLE( - [medsrv], - AS_HELP_STRING([--enable-medsrv],[enable mediation server web frontend and daemon plugin (default is NO).]), - [if test x$enableval = xyes; then - medsrv=true - fi] -) - -AC_ARG_ENABLE( - [medcli], - AS_HELP_STRING([--enable-medcli],[enable mediation client configuration database plugin (default is NO).]), - [if test x$enableval = xyes; then - medcli=true - fi] -) - -AC_ARG_ENABLE( - [smp], - AS_HELP_STRING([--enable-smp],[enable SMP configuration and control interface (default is NO). Requires libxml.]), - [if test x$enableval = xyes; then - smp=true - fi] -) - -AC_ARG_ENABLE( - [sql], - AS_HELP_STRING([--enable-sql],[enable SQL database configuration backend (default is NO).]), - [if test x$enableval = xyes; then - sql=true - fi] -) - -AC_ARG_ENABLE( - [smartcard], - AS_HELP_STRING([--enable-smartcard],[enable smartcard support (default is NO).]), - [if test x$enableval = xyes; then - smartcard=true - fi] -) - -AC_ARG_ENABLE( - [cisco-quirks], - AS_HELP_STRING([--enable-cisco-quirks],[enable support of Cisco VPN client (default is NO).]), - [if test x$enableval = xyes; then - cisco_quirks=true - fi] -) - -AC_ARG_ENABLE( - [leak-detective], - AS_HELP_STRING([--enable-leak-detective],[enable malloc hooks to find memory leaks (default is NO).]), - [if test x$enableval = xyes; then - leak_detective=true - fi] -) - -AC_ARG_ENABLE( - [lock-profiler], - AS_HELP_STRING([--enable-lock-profiler],[enable lock/mutex profiling code (default is NO).]), - [if test x$enableval = xyes; then - lock_profiler=true - fi] -) - -AC_ARG_ENABLE( - [unit-tests], - AS_HELP_STRING([--enable-unit-tests],[enable unit tests on IKEv2 daemon startup (default is NO).]), - [if test x$enableval = xyes; then - unittest=true - fi] -) - -AC_ARG_ENABLE( - [load-tests], - AS_HELP_STRING([--enable-load-tests],[enable load testing plugin for IKEv2 daemon (default is NO).]), - [if test x$enableval = xyes; then - loadtest=true - fi] -) - -AC_ARG_ENABLE( - [eap-sim], - AS_HELP_STRING([--enable-eap-sim],[build SIM authenication module for EAP (default is NO).]), - [if test x$enableval = xyes; then - eap_sim=true - fi] -) - -AC_ARG_ENABLE( - [eap-sim-file], - AS_HELP_STRING([--enable-eap-sim-file],[build EAP-SIM backend based on a triplet file (default is NO).]), - [if test x$enableval = xyes; then - eap_sim_file=true - fi] -) - -AC_ARG_ENABLE( - [eap-identity], - AS_HELP_STRING([--enable-eap-identity],[build EAP module providing EAP-Identity helper (default is NO).]), - [if test x$enableval = xyes; then - eap_identity=true - fi] -) - -AC_ARG_ENABLE( - [eap-md5], - AS_HELP_STRING([--enable-eap-md5],[build MD5 (CHAP) authenication module for EAP (default is NO).]), - [if test x$enableval = xyes; then - eap_md5=true - fi] -) - -AC_ARG_ENABLE( - [eap-gtc], - AS_HELP_STRING([--enable-eap-gtc],[build PAM based GTC authenication module for EAP (default is NO).]), - [if test x$enableval = xyes; then - eap_gtc=true - fi] -) - -AC_ARG_ENABLE( - [eap-aka], - AS_HELP_STRING([--enable-eap-aka],[build AKA authentication module for EAP (default is NO).]), - [if test x$enableval = xyes; then - eap_aka=true - fi] -) - -AC_ARG_ENABLE( - [eap-mschapv2], - AS_HELP_STRING([--enable-eap-mschapv2],[build MS-CHAPv2 authenication module for EAP (default is NO).]), - [if test x$enableval = xyes; then - eap_mschapv2=true - fi] -) - -AC_ARG_ENABLE( - [eap-radius], - AS_HELP_STRING([--enable-eap-radius],[build RADIUS proxy authenication module for EAP (default is NO).]), - [if test x$enableval = xyes; then - eap_radius=true - fi] -) - -AC_ARG_ENABLE( - [kernel-netlink], - AS_HELP_STRING([--disable-kernel-netlink],[disable the netlink kernel interface. (default is NO).]), - [if test x$enableval = xyes; then - kernel_netlink=true - else - kernel_netlink=false - fi], - kernel_netlink=true -) - -AC_ARG_ENABLE( - [kernel-pfkey], - AS_HELP_STRING([--enable-kernel-pfkey],[enable the PF_KEY kernel interface. (default is NO).]), - [if test x$enableval = xyes; then - kernel_pfkey=true - fi] -) - -AC_ARG_ENABLE( - [kernel-pfroute], - AS_HELP_STRING([--enable-kernel-pfroute],[enable the PF_ROUTE kernel interface. (default is NO).]), - [if test x$enableval = xyes; then - kernel_pfroute=true - fi] -) - -AC_ARG_ENABLE( - [kernel-klips], - AS_HELP_STRING([--enable-kernel-klips],[enable the KLIPS kernel interface. (default is NO).]), - [if test x$enableval = xyes; then - kernel_klips=true - fi] -) - -AC_ARG_ENABLE( - [nat-transport], - AS_HELP_STRING([--enable-nat-transport],[enable NAT traversal with IPsec transport mode (default is NO).]), - [if test x$enableval = xyes; then - nat_transport=true - fi] -) - -AC_ARG_ENABLE( - [vendor-id], - AS_HELP_STRING([--disable-vendor-id],[disable the sending of the strongSwan vendor ID (default is NO).]), - [if test x$enableval = xyes; then - vendor_id=true - else - vendor_id=false - fi], - vendor_id=true -) - -AC_ARG_ENABLE( - [xauth-vid], - AS_HELP_STRING([--disable-xauth-vid],[disable the sending of the XAUTH vendor ID (default is NO).]), - [if test x$enableval = xyes; then - xauth_vid=true - else - xauth_vid=false - fi], - xauth_vid=true -) - -AC_ARG_ENABLE( - [dumm], - AS_HELP_STRING([--enable-dumm],[build the DUMM UML test framework (default is NO).]), - [if test x$enableval = xyes; then - dumm=true - fi] -) - -AC_ARG_ENABLE( - [fast], - AS_HELP_STRING([--enable-fast],[build libfast (FastCGI Application Server w/ templates (default is NO).]), - [if test x$enableval = xyes; then - fast=true - fi] -) - -AC_ARG_ENABLE( - [manager], - AS_HELP_STRING([--enable-manager],[build web management console (default is NO).]), - [if test x$enableval = xyes; then - manager=true - xml=true - fi] -) - -AC_ARG_ENABLE( - [mediation], - AS_HELP_STRING([--enable-mediation],[enable IKEv2 Mediation Extension (default is NO).]), - [if test x$enableval = xyes; then - me=true - fi] -) - -AC_ARG_ENABLE( - [integrity-test], - AS_HELP_STRING([--enable-integrity-test],[enable integrity testing of libstrongswan and plugins (default is NO).]), - [if test x$enableval = xyes; then - integrity_test=true - fi] -) - -AC_ARG_ENABLE( - [pluto], - AS_HELP_STRING([--disable-pluto],[disable the IKEv1 keying daemon pluto. (default is NO).]), - [if test x$enableval = xyes; then - pluto=true - else - pluto=false - fi], - pluto=true -) - -AC_ARG_ENABLE( - [threads], - AS_HELP_STRING([--disable-threads],[disable the use of threads in pluto. Charon always uses threads. (default is NO).]), - [if test x$enableval = xyes; then - threads=true - else - threads=false - fi], - threads=true -) - -AC_ARG_ENABLE( - [charon], - AS_HELP_STRING([--disable-charon],[disable the IKEv2 keying daemon charon. (default is NO).]), - [if test x$enableval = xyes; then - charon=true - else - charon=false - fi], - charon=true -) - -AC_ARG_ENABLE( - [tools], - AS_HELP_STRING([--disable-tools],[disable additional utilities (openac and scepclient). (default is NO).]), - [if test x$enableval = xyes; then - tools=true - else - tools=false - fi], - tools=true -) - -AC_ARG_ENABLE( - [scripts], - AS_HELP_STRING([--disable-scripts],[disable additional utilities (found in directory scripts). (default is NO).]), - [if test x$enableval = xyes; then - scripts=true - else - scripts=false - fi], - scripts=true -) - -AC_ARG_ENABLE( - [updown], - AS_HELP_STRING([--disable-updown],[disable updown firewall script plugin. (default is NO).]), - [if test x$enableval = xyes; then - updown=true - else - updown=false - fi], - updown=true -) - -AC_ARG_ENABLE( - [attr], - AS_HELP_STRING([--disable-attr],[disable strongswan.conf based configuration attribute plugin. (default is NO).]), - [if test x$enableval = xyes; then - attr=true - else - attr=false - fi], - attr=true -) - -AC_ARG_ENABLE( - [resolv-conf], - AS_HELP_STRING([--disable-resolv-conf],[disable resolv.conf DNS handler plugin. (default is NO).]), - [if test x$enableval = xyes; then - resolvconf=true - else - resolvconf=false - fi], - resolvconf=true -) - -AC_ARG_ENABLE( - [padlock], - AS_HELP_STRING([--enable-padlock],[enables VIA Padlock crypto plugin. (default is NO).]), - [if test x$enableval = xyes; then - padlock=true - else - padlock=false - fi], -) - -AC_ARG_ENABLE( - [openssl], - AS_HELP_STRING([--enable-openssl],[enables the OpenSSL crypto plugin. (default is NO).]), - [if test x$enableval = xyes; then - openssl=true - else - openssl=false - fi], -) - -AC_ARG_ENABLE( - [gcrypt], - AS_HELP_STRING([--enable-gcrypt],[enables the libgcrypt plugin. (default is NO).]), - [if test x$enableval = xyes; then - gcrypt=true - else - gcrypt=false - fi], -) - -AC_ARG_ENABLE( - [agent], - AS_HELP_STRING([--enable-agent],[enables the ssh-agent signing plugin. (default is NO).]), - [if test x$enableval = xyes; then - agent=true - else - agent=false - fi], -) - -AC_ARG_ENABLE( - [uci], - AS_HELP_STRING([--enable-uci],[enable OpenWRT UCI configuration plugin (default is NO).]), - [if test x$enableval = xyes; then - uci=true - fi] -) - -AC_ARG_ENABLE( - [nm], - AS_HELP_STRING([--enable-nm],[enable NetworkManager plugin (default is NO).]), - [if test x$enableval = xyes; then - nm=true - fi] -) - -AC_ARG_ENABLE( - [vstr], - AS_HELP_STRING([--enable-vstr],[enforce using the Vstr string library to replace glibc-like printf hooks (default is NO).]), - [if test x$enableval = xyes; then - vstr=true - fi] -) +m4_include(m4/macros/enable-disable.m4) + +ARG_ENABL_SET([curl], [enable CURL fetcher plugin to fetch files via libcurl. Requires libcurl.]) +ARG_ENABL_SET([ldap], [enable LDAP fetching plugin to fetch files via libldap. Requires openLDAP.]) +ARG_DISBL_SET([aes], [disable AES software implementation plugin.]) +ARG_DISBL_SET([des], [disable DES/3DES software implementation plugin.]) +ARG_ENABL_SET([blowfish], [enable Blowfish software implementation plugin.]) +ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.]) +ARG_DISBL_SET([md5], [disable MD5 software implementation plugin.]) +ARG_DISBL_SET([sha1], [disable SHA1 software implementation plugin.]) +ARG_DISBL_SET([sha2], [disable SHA256/SHA384/SHA512 software implementation plugin.]) +ARG_DISBL_SET([fips-prf], [disable FIPS PRF software implementation plugin.]) +ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.]) +ARG_DISBL_SET([random], [disable RNG implementation on top of /dev/(u)random.]) +ARG_DISBL_SET([x509], [disable X509 certificate implementation plugin.]) +ARG_DISBL_SET([pubkey], [disable RAW public key support plugin.]) +ARG_DISBL_SET([pkcs1], [disable PKCS1 key decoding plugin.]) +ARG_DISBL_SET([pgp], [disable PGP key decoding plugin.]) +ARG_DISBL_SET([dnskey], [disable DNS RR key decoding plugin.]) +ARG_DISBL_SET([pem], [disable PEM decoding plugin.]) +ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.]) +ARG_DISBL_SET([xcbc], [disable xcbc crypto implementation plugin.]) +ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.]) +ARG_ENABL_SET([mysql], [enable MySQL database support. Requires libmysqlclient_r.]) +ARG_ENABL_SET([sqlite], [enable SQLite database support. Requires libsqlite3.]) +ARG_DISBL_SET([stroke], [disable charons stroke (pluto compatibility) configuration backend.]) +ARG_ENABL_SET([medsrv], [enable mediation server web frontend and daemon plugin.]) +ARG_ENABL_SET([medcli], [enable mediation client configuration database plugin.]) +ARG_ENABL_SET([smp], [enable SMP configuration and control interface. Requires libxml.]) +ARG_ENABL_SET([sql], [enable SQL database configuration backend.]) +ARG_ENABL_SET([smartcard], [enable smartcard support.]) +ARG_ENABL_SET([cisco-quirks], [enable support of Cisco VPN client.]) +ARG_ENABL_SET([leak-detective], [enable malloc hooks to find memory leaks.]) +ARG_ENABL_SET([lock-profiler], [enable lock/mutex profiling code.]) +ARG_ENABL_SET([unit-tests], [enable unit tests on IKEv2 daemon startup.]) +ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.]) +ARG_ENABL_SET([eap-sim], [enable SIM authenication module for EAP.]) +ARG_ENABL_SET([eap-sim-file], [enable EAP-SIM backend based on a triplet file.]) +ARG_ENABL_SET([eap-simaka-pseudonym], [enable EAP-SIM/AKA pseudonym storage plugin.]) +ARG_ENABL_SET([eap-simaka-reauth], [enable EAP-SIM/AKA reauthentication data storage plugin.]) +ARG_ENABL_SET([eap-identity], [enable EAP module providing EAP-Identity helper.]) +ARG_ENABL_SET([eap-md5], [enable EAP MD5 (CHAP) authenication module.]) +ARG_ENABL_SET([eap-gtc], [enable PAM based EAP GTC authenication module.]) +ARG_ENABL_SET([eap-aka], [enable EAP AKA authentication module.]) +ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.]) +ARG_ENABL_SET([eap-mschapv2], [enable EAP MS-CHAPv2 authenication module.]) +ARG_ENABL_SET([eap-radius], [enable RADIUS proxy authenication module.]) +ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.]) +ARG_ENABL_SET([kernel-pfkey], [enable the PF_KEY kernel interface.]) +ARG_ENABL_SET([kernel-pfroute], [enable the PF_ROUTE kernel interface.]) +ARG_ENABL_SET([kernel-klips], [enable the KLIPS kernel interface.]) +ARG_ENABL_SET([nat-transport], [enable NAT traversal with IPsec transport mode in pluto.]) +ARG_DISBL_SET([vendor-id], [disable the sending of the strongSwan vendor ID in pluto.]) +ARG_DISBL_SET([xauth-vid], [disable the sending of the XAUTH vendor ID.]) +ARG_ENABL_SET([dumm], [enable the DUMM UML test framework.]) +ARG_ENABL_SET([fast], [enable libfast (FastCGI Application Server w/ templates.]) +ARG_ENABL_SET([manager], [enable web management console (proof of concept).]) +ARG_ENABL_SET([mediation], [enable IKEv2 Mediation Extension.]) +ARG_ENABL_SET([integrity-test], [enable integrity testing of libstrongswan and plugins.]) +ARG_DISBL_SET([pluto], [disable the IKEv1 keying daemon pluto.]) +ARG_DISBL_SET([threads], [disable the use of threads in pluto. Charon always uses threads.]) +ARG_DISBL_SET([charon], [disable the IKEv2 keying daemon charon.]) +ARG_DISBL_SET([tools], [disable additional utilities (openac, scepclient and pki).]) +ARG_DISBL_SET([scripts], [disable additional utilities (found in directory scripts).]) +ARG_DISBL_SET([updown], [disable updown firewall script plugin.]) +ARG_DISBL_SET([attr], [disable strongswan.conf based configuration attribute plugin.]) +ARG_ENABL_SET([attr-sql], [enable SQL based configuration attribute plugin.]) +ARG_DISBL_SET([resolve], [disable resolve DNS handler plugin.]) +ARG_ENABL_SET([padlock], [enables VIA Padlock crypto plugin.]) +ARG_ENABL_SET([openssl], [enables the OpenSSL crypto plugin.]) +ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.]) +ARG_ENABL_SET([agent], [enables the ssh-agent signing plugin.]) +ARG_ENABL_SET([uci], [enable OpenWRT UCI configuration plugin.]) +ARG_ENABL_SET([nm], [enable NetworkManager plugin.]) +ARG_ENABL_SET([vstr], [enforce using the Vstr string library to replace glibc-like printf hooks.]) dnl ========================= dnl set up compiler and flags @@ -804,24 +196,25 @@ dnl ========================= dnl dependency calculation dnl ========================= -if test x$eap_aka = xtrue; then +if test x$eap_aka_3gpp2 = xtrue; then gmp=true; +fi + +if test x$eap_aka = xtrue; then fips_prf=true; sha1=true; + simaka=true; fi if test x$eap_sim = xtrue; then fips_prf=true; + simaka=true; fi if test x$fips_prf = xtrue; then sha1=true; fi -if test x$tools = xtrue; then - gmp=true; -fi - if test x$smp = xtrue; then xml=true fi @@ -831,12 +224,12 @@ if test x$manager = xtrue; then fi if test x$medsrv = xtrue; then - me=true + mediation=true fast=true fi if test x$medcli = xtrue; then - me=true + mediation=true fi dnl =========================================== @@ -868,6 +261,17 @@ AC_SEARCH_LIBS(socket, socket, [SOCKLIB=$LIBS], ) AC_SUBST(SOCKLIB) +dnl FreeBSD has clock_gettime in libc, Linux needs librt +LIBS="" +AC_SEARCH_LIBS(clock_gettime, rt, [RTLIB=$LIBS]) +AC_CHECK_FUNCS(clock_gettime) +AC_SUBST(RTLIB) + +dnl Android has pthread_* functions in bionic (libc), others need libpthread +LIBS="" +AC_SEARCH_LIBS(pthread_create, pthread, [PTHREADLIB=$LIBS]) +AC_SUBST(PTHREADLIB) + LIBS=$saved_LIBS dnl ====================== @@ -881,6 +285,33 @@ AC_TRY_COMPILE( [AC_MSG_RESULT([no])] ) +dnl check if pthread_condattr_setclock(CLOCK_MONOTONE) is supported +saved_LIBS=$LIBS +LIBS=$PTHREADLIB +AC_MSG_CHECKING([for pthread_condattr_setclock(CLOCK_MONOTONE)]) +AC_TRY_RUN( + [#include + int main() { pthread_condattr_t attr; + pthread_condattr_init(&attr); + return pthread_condattr_setclock(&attr, CLOCK_MONOTONIC);}], + [AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_CONDATTR_CLOCK_MONOTONIC])], + [AC_MSG_RESULT([no])], + dnl Check existence of pthread_condattr_setclock if cross-compiling + [AC_MSG_RESULT([unknown]); + AC_CHECK_FUNCS(pthread_condattr_setclock, + [AC_DEFINE([HAVE_CONDATTR_CLOCK_MONOTONIC])] + )] +) +dnl check if we actually are able to configure attributes on cond vars +AC_CHECK_FUNCS(pthread_condattr_init) +dnl instead of pthread_condattr_setclock Android has this function +AC_CHECK_FUNCS(pthread_cond_timedwait_monotonic) +dnl check if we can cancel threads +AC_CHECK_FUNCS(pthread_cancel) +dnl check if native rwlocks are available +AC_CHECK_FUNCS(pthread_rwlock_init) +LIBS=$saved_LIBS + AC_CHECK_FUNCS(prctl) AC_CHECK_HEADERS(sys/sockio.h) @@ -903,6 +334,32 @@ AC_CHECK_MEMBERS([struct sadb_x_policy.sadb_x_policy_priority], [], [], #endif ]) +AC_MSG_CHECKING([for in6addr_any]) +AC_TRY_COMPILE( + [#include + #include + #include ], + [struct in6_addr in6; + in6 = in6addr_any;], + [AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_IN6ADDR_ANY])], + [AC_MSG_RESULT([no])] +) + +AC_MSG_CHECKING([for in6_pktinfo]) +AC_TRY_COMPILE( + [#define _GNU_SOURCE + #include + #include + #include ], + [struct in6_pktinfo pi; + if (pi.ipi6_ifindex) + { + return 0; + }], + [AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_IN6_PKTINFO])], + [AC_MSG_RESULT([no])] +) + AC_MSG_CHECKING([for IPSEC_MODE_BEET]) AC_TRY_COMPILE( [#include @@ -953,13 +410,19 @@ AC_TRY_RUN( [AC_MSG_RESULT([no])], [AC_MSG_RESULT([no])]) +dnl check for the new register_printf_specifier function with len argument, +dnl or the deprecated register_printf_function without AC_CHECK_FUNC( - [register_printf_function], - [AC_DEFINE(HAVE_PRINTF_HOOKS)], - [ - AC_MSG_NOTICE([printf does not support custom format specifiers!]) - vstr=true - ] + [register_printf_specifier], + [AC_DEFINE(HAVE_PRINTF_SPECIFIER)], + [AC_CHECK_FUNC( + [register_printf_function], + [AC_DEFINE(HAVE_PRINTF_FUNCTION)], + [ + AC_MSG_NOTICE([printf does not support custom format specifiers!]) + vstr=true + ] + )] ) if test x$vstr = xtrue; then @@ -976,7 +439,7 @@ if test x$gmp = xtrue; then #if (__GNU_MP_VERSION*100 + __GNU_MP_VERSION_MINOR*10 + __GNU_MP_VERSION_PATCHLEVEL) < 414 #error bad gmp #endif - ], + ], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([No usable gmp.h found!])] ) fi @@ -1034,14 +497,18 @@ if test x$fast = xtrue; then AC_HAVE_LIBRARY([z],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver dependency zlib not found!])]) dnl autoconf does not like CamelCase!? How to fix this? dnl AC_CHECK_HEADER([ClearSilver/ClearSilver.h],,[AC_MSG_ERROR([ClearSilver header file ClearSilver/ClearSilver.h not found!])]) - + AC_HAVE_LIBRARY([fcgi],[LIBS="$LIBS"],[AC_MSG_ERROR([FastCGI library fcgi not found!])]) AC_CHECK_HEADER([fcgiapp.h],,[AC_MSG_ERROR([FastCGI header file fcgiapp.h not found!])]) fi if test x$mysql = xtrue; then - AC_HAVE_LIBRARY([mysqlclient_r],[LIBS="$LIBS"],[AC_MSG_ERROR([MySQL library mysqlclient_r not found])]) - AC_CHECK_HEADER([mysql/mysql.h],,[AC_MSG_ERROR([MySQL header mysql/mysql.h not found!])]) + AC_PATH_PROG([MYSQLCONFIG], [mysql_config], [], [$PATH:/bin:/usr/bin:/usr/local/bin]) + if test x$MYSQLCONFIG = x; then + AC_MSG_ERROR([mysql_config not found!]) + fi + AC_SUBST(MYSQLLIB, `$MYSQLCONFIG --libs_r`) + AC_SUBST(MYSQLCFLAG, `$MYSQLCONFIG --cflags`) fi if test x$sqlite = xtrue; then @@ -1052,7 +519,7 @@ if test x$sqlite = xtrue; then [#include ], [ void *test = sqlite3_prepare_v2; - ], + ], [AC_MSG_RESULT([yes])]; AC_DEFINE_UNQUOTED(HAVE_SQLITE3_PREPARE_V2, 1), [AC_MSG_RESULT([no])]) AC_MSG_CHECKING([sqlite3.h version >= 3.3.1]) AC_TRY_COMPILE( @@ -1061,7 +528,7 @@ if test x$sqlite = xtrue; then #if SQLITE_VERSION_NUMBER < 3003001 #error bad sqlite #endif - ], + ], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([SQLite version >= 3.3.1 required!])]) fi @@ -1071,7 +538,8 @@ if test x$openssl = xtrue; then fi if test x$gcrypt = xtrue; then - AM_PATH_LIBGCRYPT(,,[AC_MSG_ERROR([libgcrypt not found!])]) + AC_HAVE_LIBRARY([gcrypt],[LIBS="$LIBS"],[AC_MSG_ERROR([gcrypt library not found])]) + AC_CHECK_HEADER([gcrypt.h],,[AC_MSG_ERROR([gcrypt header gcrypt.h not found!])]) AC_MSG_CHECKING([gcrypt CAMELLIA cipher]) AC_TRY_COMPILE( [#include ], @@ -1087,7 +555,10 @@ if test x$uci = xtrue; then fi if test x$nm = xtrue; then - PKG_CHECK_MODULES(nm, [NetworkManager libnm_glib_vpn gthread-2.0]) + PKG_CHECK_EXISTS([libnm-glib], + [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn])], + [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn])] + ) AC_SUBST(nm_CFLAGS) AC_SUBST(nm_LIBS) fi @@ -1107,7 +578,7 @@ if test x$integrity_test = xtrue; then AC_TRY_COMPILE( [#define _GNU_SOURCE #include ], - [Dl_info info; dladdr(main, &info);], + [Dl_info info; dladdr(main, &info);], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([dladdr() not supported, required by integrity-test!])] ) @@ -1115,7 +586,7 @@ if test x$integrity_test = xtrue; then AC_TRY_COMPILE( [#define _GNU_SOURCE #include ], - [dl_iterate_phdr((void*)0, (void*)0);], + [dl_iterate_phdr((void*)0, (void*)0);], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([dl_iterate_phdr() not supported, required by integrity-test!])] ) @@ -1176,16 +647,39 @@ if test x$random = xtrue; then fi if test x$x509 = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" x509" + pluto_plugins=${pluto_plugins}" x509" fi if test x$pubkey = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" pubkey" pluto_plugins=${pluto_plugins}" pubkey" fi +if test x$pkcs1 = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" pkcs1" + pluto_plugins=${pluto_plugins}" pkcs1" +fi +if test x$pgp = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" pgp" + pluto_plugins=${pluto_plugins}" pgp" +fi +if test x$dnskey = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" dnskey" + pluto_plugins=${pluto_plugins}" dnskey" +fi +if test x$pem = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" pem" + pluto_plugins=${pluto_plugins}" pem" +fi if test x$mysql = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" mysql" + pluto_plugins=${pluto_plugins}" mysql" fi if test x$sqlite = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" sqlite" + pluto_plugins=${pluto_plugins}" sqlite" +fi +if test x$attr_sql = xtrue -o x$sql = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" attr-sql" + pluto_plugins=${pluto_plugins}" attr-sql" fi if test x$padlock = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" padlock" @@ -1237,10 +731,15 @@ AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue) AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue) AM_CONDITIONAL(USE_X509, test x$x509 = xtrue) AM_CONDITIONAL(USE_PUBKEY, test x$pubkey = xtrue) +AM_CONDITIONAL(USE_PKCS1, test x$pkcs1 = xtrue) +AM_CONDITIONAL(USE_PGP, test x$pgp = xtrue) +AM_CONDITIONAL(USE_DNSKEY, test x$dnskey = xtrue) +AM_CONDITIONAL(USE_PEM, test x$pem = xtrue) AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue) AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue) AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue) AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue) +AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue -o x$sql = xtrue) AM_CONDITIONAL(USE_PADLOCK, test x$padlock = xtrue) AM_CONDITIONAL(USE_OPENSSL, test x$openssl = xtrue) AM_CONDITIONAL(USE_GCRYPT, test x$gcrypt = xtrue) @@ -1257,15 +756,18 @@ AM_CONDITIONAL(USE_SMP, test x$smp = xtrue) AM_CONDITIONAL(USE_SQL, test x$sql = xtrue) AM_CONDITIONAL(USE_UPDOWN, test x$updown = xtrue) AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue) -AM_CONDITIONAL(USE_RESOLV_CONF, test x$resolvconf = xtrue) -AM_CONDITIONAL(USE_UNIT_TESTS, test x$unittest = xtrue) -AM_CONDITIONAL(USE_LOAD_TESTS, test x$loadtest = xtrue) +AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue) +AM_CONDITIONAL(USE_UNIT_TESTS, test x$unit_tests = xtrue) +AM_CONDITIONAL(USE_LOAD_TESTER, test x$load_tester = xtrue) AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue) AM_CONDITIONAL(USE_EAP_SIM_FILE, test x$eap_sim_file = xtrue) +AM_CONDITIONAL(USE_EAP_SIMAKA_PSEUDONYM, test x$eap_simaka_pseudonym = xtrue) +AM_CONDITIONAL(USE_EAP_SIMAKA_REAUTH, test x$eap_simaka_reauth = xtrue) AM_CONDITIONAL(USE_EAP_IDENTITY, test x$eap_identity = xtrue) AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue) AM_CONDITIONAL(USE_EAP_GTC, test x$eap_gtc = xtrue) AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue) +AM_CONDITIONAL(USE_EAP_AKA_3GPP2, test x$eap_aka_3gpp2 = xtrue) AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue) AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue) AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue) @@ -1285,7 +787,7 @@ AM_CONDITIONAL(USE_XAUTH_VID, test x$xauth_vid = xtrue) AM_CONDITIONAL(USE_DUMM, test x$dumm = xtrue) AM_CONDITIONAL(USE_FAST, test x$fast = xtrue) AM_CONDITIONAL(USE_MANAGER, test x$manager = xtrue) -AM_CONDITIONAL(USE_ME, test x$me = xtrue) +AM_CONDITIONAL(USE_ME, test x$mediation = xtrue) AM_CONDITIONAL(USE_INTEGRITY_TEST, test x$integrity_test = xtrue) AM_CONDITIONAL(USE_CAPABILITIES, test x$capabilities = xlibcap) AM_CONDITIONAL(USE_PLUTO, test x$pluto = xtrue) @@ -1296,12 +798,13 @@ AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue) AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue) AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue) AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue) +AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue) dnl ============================== dnl set global definitions dnl ============================== -if test x$me = xtrue; then +if test x$mediation = xtrue; then AC_DEFINE(ME) fi if test x$capabilities = xlibcap; then @@ -1331,25 +834,34 @@ AC_OUTPUT( src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile + src/libstrongswan/plugins/pkcs1/Makefile + src/libstrongswan/plugins/pgp/Makefile + src/libstrongswan/plugins/dnskey/Makefile + src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile + src/libstrongswan/plugins/attr_sql/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libfreeswan/Makefile + src/libsimaka/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/charon/plugins/eap_aka/Makefile + src/charon/plugins/eap_aka_3gpp2/Makefile src/charon/plugins/eap_identity/Makefile src/charon/plugins/eap_md5/Makefile src/charon/plugins/eap_gtc/Makefile src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile + src/charon/plugins/eap_simaka_pseudonym/Makefile + src/charon/plugins/eap_simaka_reauth/Makefile src/charon/plugins/eap_mschapv2/Makefile src/charon/plugins/eap_radius/Makefile src/charon/plugins/kernel_netlink/Makefile @@ -1365,7 +877,7 @@ AC_OUTPUT( src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/attr/Makefile - src/charon/plugins/resolv_conf/Makefile + src/charon/plugins/resolve/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile @@ -1376,6 +888,7 @@ AC_OUTPUT( src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile + src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile diff --git a/depcomp b/depcomp index e5f9736c7..df8eea7e4 100755 --- a/depcomp +++ b/depcomp @@ -1,10 +1,10 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2007-03-29.01 +scriptversion=2009-04-28.21; # UTC -# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007 Free Software -# Foundation, Inc. +# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free +# Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -17,9 +17,7 @@ scriptversion=2007-03-29.01 # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -87,6 +85,15 @@ if test "$depmode" = dashXmstdout; then depmode=dashmstdout fi +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u="sed s,\\\\\\\\,/,g" + depmode=msvisualcpp +fi + case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what @@ -192,14 +199,14 @@ sgi) ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ tr ' -' ' ' >> $depfile - echo >> $depfile +' ' ' >> "$depfile" + echo >> "$depfile" # The second pass generates a dummy entry for each header file. tr ' ' ' ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ - >> $depfile + >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile @@ -328,7 +335,12 @@ hp2) if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" # Add `dependent.h:' lines. - sed -ne '2,${; s/^ *//; s/ \\*$//; s/$/:/; p;}' "$tmpdepfile" >> "$depfile" + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi @@ -404,7 +416,7 @@ dashmstdout) # Remove the call to Libtool. if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift @@ -455,32 +467,39 @@ makedepend) "$@" || exit $? # Remove any Libtool call if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift fi # X makedepend shift - cleared=no - for arg in "$@"; do + cleared=no eat=no + for arg + do case $cleared in no) set ""; shift cleared=yes ;; esac + if test $eat = yes; then + eat=no + continue + fi case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; # Strip any option that makedepend may not understand. Remove # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; -*|$object) ;; *) set fnord "$@" "$arg"; shift ;; esac done - obj_suffix="`echo $object | sed 's/^.*\././'`" + obj_suffix=`echo "$object" | sed 's/^.*\././'` touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" @@ -500,7 +519,7 @@ cpp) # Remove the call to Libtool. if test "$libtool" = yes; then - while test $1 != '--mode=compile'; do + while test "X$1" != 'X--mode=compile'; do shift done shift @@ -538,13 +557,27 @@ cpp) msvisualcpp) # Important note: in order to support this mode, a compiler *must* - # always write the preprocessed file to stdout, regardless of -o, - # because we must use -o when running libtool. + # always write the preprocessed file to stdout. "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + IFS=" " for arg do case "$arg" in + -o) + shift + ;; + $object) + shift + ;; "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") set fnord "$@" shift @@ -557,16 +590,23 @@ msvisualcpp) ;; esac done - "$@" -E | - sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" - . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" echo " " >> "$depfile" - . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + none) exec "$@" ;; @@ -585,5 +625,6 @@ exit 0 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/install-sh b/install-sh index a5897de6e..6781b987b 100755 --- a/install-sh +++ b/install-sh @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2006-12-25.00 +scriptversion=2009-04-28.21; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -515,5 +515,6 @@ done # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/ltmain.sh b/ltmain.sh index b612e9a6d..3506ead39 100644 --- a/ltmain.sh +++ b/ltmain.sh @@ -65,7 +65,7 @@ # compiler: $LTCC # compiler flags: $LTCFLAGS # linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.2.6 Debian-2.2.6a-1ubuntu1 +# $progname: (GNU libtool) 2.2.6 Debian-2.2.6a-4 # automake: $automake_version # autoconf: $autoconf_version # @@ -73,7 +73,7 @@ PROGRAM=ltmain.sh PACKAGE=libtool -VERSION="2.2.6 Debian-2.2.6a-1ubuntu1" +VERSION="2.2.6 Debian-2.2.6a-4" TIMESTAMP="" package_revision=1.3012 @@ -5347,19 +5347,19 @@ func_mode_link () # It is a libtool convenience library, so add in its objects. convenience="$convenience $ladir/$objdir/$old_library" old_convenience="$old_convenience $ladir/$objdir/$old_library" + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_duplicate_deps ; then + case "$tmp_libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + tmp_libs="$tmp_libs $deplib" + done elif test "$linkmode" != prog && test "$linkmode" != lib; then func_fatal_error "\`$lib' is not a convenience library" fi - tmp_libs= - for deplib in $dependency_libs; do - deplibs="$deplib $deplibs" - if $opt_duplicate_deps ; then - case "$tmp_libs " in - *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; - esac - fi - tmp_libs="$tmp_libs $deplib" - done continue fi # $pass = conv @@ -5896,6 +5896,7 @@ func_mode_link () if test "$link_all_deplibs" != no; then # Add the search paths of all dependency libraries for deplib in $dependency_libs; do + path= case $deplib in -L*) path="$deplib" ;; *.la) diff --git a/m4/config/libtool.m4 b/m4/config/libtool.m4 new file mode 100644 index 000000000..1e7ea47c0 --- /dev/null +++ b/m4/config/libtool.m4 @@ -0,0 +1,7376 @@ +# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008 Free Software Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +m4_define([_LT_COPYING], [dnl +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008 Free Software Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is part of GNU Libtool. +# +# GNU Libtool is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, or +# obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +]) + +# serial 56 LT_INIT + + +# LT_PREREQ(VERSION) +# ------------------ +# Complain and exit if this libtool version is less that VERSION. +m4_defun([LT_PREREQ], +[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, + [m4_default([$3], + [m4_fatal([Libtool version $1 or higher is required], + 63)])], + [$2])]) + + +# _LT_CHECK_BUILDDIR +# ------------------ +# Complain if the absolute build directory name contains unusual characters +m4_defun([_LT_CHECK_BUILDDIR], +[case `pwd` in + *\ * | *\ *) + AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; +esac +]) + + +# LT_INIT([OPTIONS]) +# ------------------ +AC_DEFUN([LT_INIT], +[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT +AC_BEFORE([$0], [LT_LANG])dnl +AC_BEFORE([$0], [LT_OUTPUT])dnl +AC_BEFORE([$0], [LTDL_INIT])dnl +m4_require([_LT_CHECK_BUILDDIR])dnl + +dnl Autoconf doesn't catch unexpanded LT_ macros by default: +m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl +m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl +dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 +dnl unless we require an AC_DEFUNed macro: +AC_REQUIRE([LTOPTIONS_VERSION])dnl +AC_REQUIRE([LTSUGAR_VERSION])dnl +AC_REQUIRE([LTVERSION_VERSION])dnl +AC_REQUIRE([LTOBSOLETE_VERSION])dnl +m4_require([_LT_PROG_LTMAIN])dnl + +dnl Parse OPTIONS +_LT_SET_OPTIONS([$0], [$1]) + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ltmain" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' +AC_SUBST(LIBTOOL)dnl + +_LT_SETUP + +# Only expand once: +m4_define([LT_INIT]) +])# LT_INIT + +# Old names: +AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) +AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PROG_LIBTOOL], []) +dnl AC_DEFUN([AM_PROG_LIBTOOL], []) + + +# _LT_CC_BASENAME(CC) +# ------------------- +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +m4_defun([_LT_CC_BASENAME], +[for cc_temp in $1""; do + case $cc_temp in + compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; + distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` +]) + + +# _LT_FILEUTILS_DEFAULTS +# ---------------------- +# It is okay to use these file commands and assume they have been set +# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. +m4_defun([_LT_FILEUTILS_DEFAULTS], +[: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} +])# _LT_FILEUTILS_DEFAULTS + + +# _LT_SETUP +# --------- +m4_defun([_LT_SETUP], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +_LT_DECL([], [host_alias], [0], [The host system])dnl +_LT_DECL([], [host], [0])dnl +_LT_DECL([], [host_os], [0])dnl +dnl +_LT_DECL([], [build_alias], [0], [The build system])dnl +_LT_DECL([], [build], [0])dnl +_LT_DECL([], [build_os], [0])dnl +dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +dnl +AC_REQUIRE([AC_PROG_LN_S])dnl +test -z "$LN_S" && LN_S="ln -s" +_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl +dnl +AC_REQUIRE([LT_CMD_MAX_LEN])dnl +_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl +_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl +dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_CMD_RELOAD])dnl +m4_require([_LT_CHECK_MAGIC_METHOD])dnl +m4_require([_LT_CMD_OLD_ARCHIVE])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl + +_LT_CONFIG_LIBTOOL_INIT([ +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi +]) +if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + +_LT_CHECK_OBJDIR + +m4_require([_LT_TAG_COMPILER])dnl +_LT_PROG_ECHO_BACKSLASH + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\([["`\\]]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a `.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld="$lt_cv_prog_gnu_ld" + +old_CC="$CC" +old_CFLAGS="$CFLAGS" + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +_LT_CC_BASENAME([$compiler]) + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + _LT_PATH_MAGIC + fi + ;; +esac + +# Use C for the default configuration in the libtool script +LT_SUPPORTED_TAG([CC]) +_LT_LANG_C_CONFIG +_LT_LANG_DEFAULT_CONFIG +_LT_CONFIG_COMMANDS +])# _LT_SETUP + + +# _LT_PROG_LTMAIN +# --------------- +# Note that this code is called both from `configure', and `config.status' +# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, +# `config.status' has no value for ac_aux_dir unless we are using Automake, +# so we pass a copy along to make sure it has a sensible value anyway. +m4_defun([_LT_PROG_LTMAIN], +[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl +_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) +ltmain="$ac_aux_dir/ltmain.sh" +])# _LT_PROG_LTMAIN + + +## ------------------------------------- ## +## Accumulate code for creating libtool. ## +## ------------------------------------- ## + +# So that we can recreate a full libtool script including additional +# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS +# in macros and then make a single call at the end using the `libtool' +# label. + + +# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) +# ---------------------------------------- +# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL_INIT], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_INIT], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_INIT]) + + +# _LT_CONFIG_LIBTOOL([COMMANDS]) +# ------------------------------ +# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) + + +# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) +# ----------------------------------------------------- +m4_defun([_LT_CONFIG_SAVE_COMMANDS], +[_LT_CONFIG_LIBTOOL([$1]) +_LT_CONFIG_LIBTOOL_INIT([$2]) +]) + + +# _LT_FORMAT_COMMENT([COMMENT]) +# ----------------------------- +# Add leading comment marks to the start of each line, and a trailing +# full-stop to the whole comment if one is not present already. +m4_define([_LT_FORMAT_COMMENT], +[m4_ifval([$1], [ +m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], + [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) +)]) + + + +## ------------------------ ## +## FIXME: Eliminate VARNAME ## +## ------------------------ ## + + +# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) +# ------------------------------------------------------------------- +# CONFIGNAME is the name given to the value in the libtool script. +# VARNAME is the (base) name used in the configure script. +# VALUE may be 0, 1 or 2 for a computed quote escaped value based on +# VARNAME. Any other value will be used directly. +m4_define([_LT_DECL], +[lt_if_append_uniq([lt_decl_varnames], [$2], [, ], + [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], + [m4_ifval([$1], [$1], [$2])]) + lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) + m4_ifval([$4], + [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) + lt_dict_add_subkey([lt_decl_dict], [$2], + [tagged?], [m4_ifval([$5], [yes], [no])])]) +]) + + +# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) +# -------------------------------------------------------- +m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) + + +# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_tag_varnames], +[_lt_decl_filter([tagged?], [yes], $@)]) + + +# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) +# --------------------------------------------------------- +m4_define([_lt_decl_filter], +[m4_case([$#], + [0], [m4_fatal([$0: too few arguments: $#])], + [1], [m4_fatal([$0: too few arguments: $#: $1])], + [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], + [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], + [lt_dict_filter([lt_decl_dict], $@)])[]dnl +]) + + +# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) +# -------------------------------------------------- +m4_define([lt_decl_quote_varnames], +[_lt_decl_filter([value], [1], $@)]) + + +# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_dquote_varnames], +[_lt_decl_filter([value], [2], $@)]) + + +# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_varnames_tagged], +[m4_assert([$# <= 2])dnl +_$0(m4_quote(m4_default([$1], [[, ]])), + m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), + m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) +m4_define([_lt_decl_varnames_tagged], +[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) + + +# lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_all_varnames], +[_$0(m4_quote(m4_default([$1], [[, ]])), + m4_if([$2], [], + m4_quote(lt_decl_varnames), + m4_quote(m4_shift($@))))[]dnl +]) +m4_define([_lt_decl_all_varnames], +[lt_join($@, lt_decl_varnames_tagged([$1], + lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl +]) + + +# _LT_CONFIG_STATUS_DECLARE([VARNAME]) +# ------------------------------------ +# Quote a variable value, and forward it to `config.status' so that its +# declaration there will have the same value as in `configure'. VARNAME +# must have a single quote delimited value for this to work. +m4_define([_LT_CONFIG_STATUS_DECLARE], +[$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`']) + + +# _LT_CONFIG_STATUS_DECLARATIONS +# ------------------------------ +# We delimit libtool config variables with single quotes, so when +# we write them to config.status, we have to be sure to quote all +# embedded single quotes properly. In configure, this macro expands +# each variable declared with _LT_DECL (and _LT_TAGDECL) into: +# +# ='`$ECHO "X$" | $Xsed -e "$delay_single_quote_subst"`' +m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], +[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), + [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAGS +# ---------------- +# Output comment and list of tags supported by the script +m4_defun([_LT_LIBTOOL_TAGS], +[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl +available_tags="_LT_TAGS"dnl +]) + + +# _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) +# ----------------------------------- +# Extract the dictionary values for VARNAME (optionally with TAG) and +# expand to a commented shell variable setting: +# +# # Some comment about what VAR is for. +# visible_name=$lt_internal_name +m4_define([_LT_LIBTOOL_DECLARE], +[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], + [description])))[]dnl +m4_pushdef([_libtool_name], + m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl +m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), + [0], [_libtool_name=[$]$1], + [1], [_libtool_name=$lt_[]$1], + [2], [_libtool_name=$lt_[]$1], + [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl +m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl +]) + + +# _LT_LIBTOOL_CONFIG_VARS +# ----------------------- +# Produce commented declarations of non-tagged libtool config variables +# suitable for insertion in the LIBTOOL CONFIG section of the `libtool' +# script. Tagged libtool config variables (even for the LIBTOOL CONFIG +# section) are produced by _LT_LIBTOOL_TAG_VARS. +m4_defun([_LT_LIBTOOL_CONFIG_VARS], +[m4_foreach([_lt_var], + m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAG_VARS(TAG) +# ------------------------- +m4_define([_LT_LIBTOOL_TAG_VARS], +[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) + + +# _LT_TAGVAR(VARNAME, [TAGNAME]) +# ------------------------------ +m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) + + +# _LT_CONFIG_COMMANDS +# ------------------- +# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of +# variables for single and double quote escaping we saved from calls +# to _LT_DECL, we can put quote escaped variables declarations +# into `config.status', and then the shell code to quote escape them in +# for loops in `config.status'. Finally, any additional code accumulated +# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. +m4_defun([_LT_CONFIG_COMMANDS], +[AC_PROVIDE_IFELSE([LT_OUTPUT], + dnl If the libtool generation code has been placed in $CONFIG_LT, + dnl instead of duplicating it all over again into config.status, + dnl then we will have config.status run $CONFIG_LT later, so it + dnl needs to know what name is stored there: + [AC_CONFIG_COMMANDS([libtool], + [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], + dnl If the libtool generation code is destined for config.status, + dnl expand the accumulated commands and init code now: + [AC_CONFIG_COMMANDS([libtool], + [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) +])#_LT_CONFIG_COMMANDS + + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], +[ + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +_LT_CONFIG_STATUS_DECLARATIONS +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# Quote evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_quote_varnames); do + case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_dquote_varnames); do + case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Fix-up fallback echo if it was mangled by the above quoting rules. +case \$lt_ECHO in +*'\\\[$]0 --fallback-echo"')dnl " + lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\` + ;; +esac + +_LT_OUTPUT_LIBTOOL_INIT +]) + + +# LT_OUTPUT +# --------- +# This macro allows early generation of the libtool script (before +# AC_OUTPUT is called), incase it is used in configure for compilation +# tests. +AC_DEFUN([LT_OUTPUT], +[: ${CONFIG_LT=./config.lt} +AC_MSG_NOTICE([creating $CONFIG_LT]) +cat >"$CONFIG_LT" <<_LTEOF +#! $SHELL +# Generated by $as_me. +# Run this file to recreate a libtool stub with the current configuration. + +lt_cl_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_LTEOF + +cat >>"$CONFIG_LT" <<\_LTEOF +AS_SHELL_SANITIZE +_AS_PREPARE + +exec AS_MESSAGE_FD>&1 +exec AS_MESSAGE_LOG_FD>>config.log +{ + echo + AS_BOX([Running $as_me.]) +} >&AS_MESSAGE_LOG_FD + +lt_cl_help="\ +\`$as_me' creates a local libtool stub from the current configuration, +for use in further configure time tests before the real libtool is +generated. + +Usage: $[0] [[OPTIONS]] + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + +Report bugs to ." + +lt_cl_version="\ +m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl +m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) +configured by $[0], generated by m4_PACKAGE_STRING. + +Copyright (C) 2008 Free Software Foundation, Inc. +This config.lt script is free software; the Free Software Foundation +gives unlimited permision to copy, distribute and modify it." + +while test $[#] != 0 +do + case $[1] in + --version | --v* | -V ) + echo "$lt_cl_version"; exit 0 ;; + --help | --h* | -h ) + echo "$lt_cl_help"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --quiet | --q* | --silent | --s* | -q ) + lt_cl_silent=: ;; + + -*) AC_MSG_ERROR([unrecognized option: $[1] +Try \`$[0] --help' for more information.]) ;; + + *) AC_MSG_ERROR([unrecognized argument: $[1] +Try \`$[0] --help' for more information.]) ;; + esac + shift +done + +if $lt_cl_silent; then + exec AS_MESSAGE_FD>/dev/null +fi +_LTEOF + +cat >>"$CONFIG_LT" <<_LTEOF +_LT_OUTPUT_LIBTOOL_COMMANDS_INIT +_LTEOF + +cat >>"$CONFIG_LT" <<\_LTEOF +AC_MSG_NOTICE([creating $ofile]) +_LT_OUTPUT_LIBTOOL_COMMANDS +AS_EXIT(0) +_LTEOF +chmod +x "$CONFIG_LT" + +# configure is writing to config.log, but config.lt does its own redirection, +# appending to config.log, which fails on DOS, as config.log is still kept +# open by configure. Here we exec the FD to /dev/null, effectively closing +# config.log, so it can be properly (re)opened and appended to by config.lt. +if test "$no_create" != yes; then + lt_cl_success=: + test "$silent" = yes && + lt_config_lt_args="$lt_config_lt_args --quiet" + exec AS_MESSAGE_LOG_FD>/dev/null + $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false + exec AS_MESSAGE_LOG_FD>>config.log + $lt_cl_success || AS_EXIT(1) +fi +])# LT_OUTPUT + + +# _LT_CONFIG(TAG) +# --------------- +# If TAG is the built-in tag, create an initial libtool script with a +# default configuration from the untagged config vars. Otherwise add code +# to config.status for appending the configuration named by TAG from the +# matching tagged config vars. +m4_defun([_LT_CONFIG], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_CONFIG_SAVE_COMMANDS([ + m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl + m4_if(_LT_TAG, [C], [ + # See if we are running on zsh, and set the options which allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + + cfgfile="${ofile}T" + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL + +# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. +# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. +# +_LT_COPYING +_LT_LIBTOOL_TAGS + +# ### BEGIN LIBTOOL CONFIG +_LT_LIBTOOL_CONFIG_VARS +_LT_LIBTOOL_TAG_VARS +# ### END LIBTOOL CONFIG + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + _LT_PROG_LTMAIN + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + _LT_PROG_XSI_SHELLFNS + + sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" +], +[cat <<_LT_EOF >> "$ofile" + +dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded +dnl in a comment (ie after a #). +# ### BEGIN LIBTOOL TAG CONFIG: $1 +_LT_LIBTOOL_TAG_VARS(_LT_TAG) +# ### END LIBTOOL TAG CONFIG: $1 +_LT_EOF +])dnl /m4_if +], +[m4_if([$1], [], [ + PACKAGE='$PACKAGE' + VERSION='$VERSION' + TIMESTAMP='$TIMESTAMP' + RM='$RM' + ofile='$ofile'], []) +])dnl /_LT_CONFIG_SAVE_COMMANDS +])# _LT_CONFIG + + +# LT_SUPPORTED_TAG(TAG) +# --------------------- +# Trace this macro to discover what tags are supported by the libtool +# --tag option, using: +# autoconf --trace 'LT_SUPPORTED_TAG:$1' +AC_DEFUN([LT_SUPPORTED_TAG], []) + + +# C support is built-in for now +m4_define([_LT_LANG_C_enabled], []) +m4_define([_LT_TAGS], []) + + +# LT_LANG(LANG) +# ------------- +# Enable libtool support for the given language if not already enabled. +AC_DEFUN([LT_LANG], +[AC_BEFORE([$0], [LT_OUTPUT])dnl +m4_case([$1], + [C], [_LT_LANG(C)], + [C++], [_LT_LANG(CXX)], + [Java], [_LT_LANG(GCJ)], + [Fortran 77], [_LT_LANG(F77)], + [Fortran], [_LT_LANG(FC)], + [Windows Resource], [_LT_LANG(RC)], + [m4_ifdef([_LT_LANG_]$1[_CONFIG], + [_LT_LANG($1)], + [m4_fatal([$0: unsupported language: "$1"])])])dnl +])# LT_LANG + + +# _LT_LANG(LANGNAME) +# ------------------ +m4_defun([_LT_LANG], +[m4_ifdef([_LT_LANG_]$1[_enabled], [], + [LT_SUPPORTED_TAG([$1])dnl + m4_append([_LT_TAGS], [$1 ])dnl + m4_define([_LT_LANG_]$1[_enabled], [])dnl + _LT_LANG_$1_CONFIG($1)])dnl +])# _LT_LANG + + +# _LT_LANG_DEFAULT_CONFIG +# ----------------------- +m4_defun([_LT_LANG_DEFAULT_CONFIG], +[AC_PROVIDE_IFELSE([AC_PROG_CXX], + [LT_LANG(CXX)], + [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) + +AC_PROVIDE_IFELSE([AC_PROG_F77], + [LT_LANG(F77)], + [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) + +AC_PROVIDE_IFELSE([AC_PROG_FC], + [LT_LANG(FC)], + [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) + +dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal +dnl pulling things in needlessly. +AC_PROVIDE_IFELSE([AC_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([LT_PROG_GCJ], + [LT_LANG(GCJ)], + [m4_ifdef([AC_PROG_GCJ], + [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([A][M_PROG_GCJ], + [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([LT_PROG_GCJ], + [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) + +AC_PROVIDE_IFELSE([LT_PROG_RC], + [LT_LANG(RC)], + [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) +])# _LT_LANG_DEFAULT_CONFIG + +# Obsolete macros: +AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) +AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) +AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) +AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_CXX], []) +dnl AC_DEFUN([AC_LIBTOOL_F77], []) +dnl AC_DEFUN([AC_LIBTOOL_FC], []) +dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) + + +# _LT_TAG_COMPILER +# ---------------- +m4_defun([_LT_TAG_COMPILER], +[AC_REQUIRE([AC_PROG_CC])dnl + +_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl +_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl +_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl +_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC +])# _LT_TAG_COMPILER + + +# _LT_COMPILER_BOILERPLATE +# ------------------------ +# Check for compiler boilerplate output or warnings with +# the simple compiler test code. +m4_defun([_LT_COMPILER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* +])# _LT_COMPILER_BOILERPLATE + + +# _LT_LINKER_BOILERPLATE +# ---------------------- +# Check for linker boilerplate output or warnings with +# the simple link test code. +m4_defun([_LT_LINKER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* +])# _LT_LINKER_BOILERPLATE + +# _LT_REQUIRED_DARWIN_CHECKS +# ------------------------- +m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ + case $host_os in + rhapsody* | darwin*) + AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) + AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) + AC_CHECK_TOOL([LIPO], [lipo], [:]) + AC_CHECK_TOOL([OTOOL], [otool], [:]) + AC_CHECK_TOOL([OTOOL64], [otool64], [:]) + _LT_DECL([], [DSYMUTIL], [1], + [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) + _LT_DECL([], [NMEDIT], [1], + [Tool to change global to local symbols on Mac OS X]) + _LT_DECL([], [LIPO], [1], + [Tool to manipulate fat objects and archives on Mac OS X]) + _LT_DECL([], [OTOOL], [1], + [ldd/readelf like tool for Mach-O binaries on Mac OS X]) + _LT_DECL([], [OTOOL64], [1], + [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) + + AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], + [lt_cv_apple_cc_single_mod=no + if test -z "${LT_MULTI_MODULE}"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi]) + AC_CACHE_CHECK([for -exported_symbols_list linker flag], + [lt_cv_ld_exported_symbols_list], + [lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [lt_cv_ld_exported_symbols_list=yes], + [lt_cv_ld_exported_symbols_list=no]) + LDFLAGS="$save_LDFLAGS" + ]) + case $host_os in + rhapsody* | darwin1.[[012]]) + _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + 10.[[012]]*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test "$lt_cv_apple_cc_single_mod" = "yes"; then + _lt_dar_single_mod='$single_module' + fi + if test "$lt_cv_ld_exported_symbols_list" = "yes"; then + _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + fi + if test "$DSYMUTIL" != ":"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac +]) + + +# _LT_DARWIN_LINKER_FEATURES +# -------------------------- +# Checks for linker and compiler features on darwin +m4_defun([_LT_DARWIN_LINKER_FEATURES], +[ + m4_require([_LT_REQUIRED_DARWIN_CHECKS]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_automatic, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_TAGVAR(whole_archive_flag_spec, $1)='' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" + case $cc_basename in + ifort*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test "$_lt_dar_can_shared" = "yes"; then + output_verbose_link_cmd=echo + _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" + _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" + _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + m4_if([$1], [CXX], +[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then + _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" + fi +],[]) + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi +]) + +# _LT_SYS_MODULE_PATH_AIX +# ----------------------- +# Links a minimal program and checks the executable +# for the system default hardcoded library path. In most cases, +# this is /usr/lib:/lib, but when the MPI compilers are used +# the location of the communication and MPI libs are included too. +# If we don't find anything, use the default library path according +# to the aix ld manual. +m4_defun([_LT_SYS_MODULE_PATH_AIX], +[m4_require([_LT_DECL_SED])dnl +AC_LINK_IFELSE(AC_LANG_PROGRAM,[ +lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\(.*\)$/\1/ + p + } + }' +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then + aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` +fi],[]) +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi +])# _LT_SYS_MODULE_PATH_AIX + + +# _LT_SHELL_INIT(ARG) +# ------------------- +m4_define([_LT_SHELL_INIT], +[ifdef([AC_DIVERSION_NOTICE], + [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)], + [AC_DIVERT_PUSH(NOTICE)]) +$1 +AC_DIVERT_POP +])# _LT_SHELL_INIT + + +# _LT_PROG_ECHO_BACKSLASH +# ----------------------- +# Add some code to the start of the generated configure script which +# will find an echo command which doesn't interpret backslashes. +m4_defun([_LT_PROG_ECHO_BACKSLASH], +[_LT_SHELL_INIT([ +# Check that we are running under the correct shell. +SHELL=${CONFIG_SHELL-/bin/sh} + +case X$lt_ECHO in +X*--fallback-echo) + # Remove one level of quotation (which was required for Make). + ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','` + ;; +esac + +ECHO=${lt_ECHO-echo} +if test "X[$]1" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. + shift +elif test "X[$]1" = X--fallback-echo; then + # Avoid inline document here, it may be left over + : +elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then + # Yippee, $ECHO works! + : +else + # Restart under the correct shell. + exec $SHELL "[$]0" --no-reexec ${1+"[$]@"} +fi + +if test "X[$]1" = X--fallback-echo; then + # used as fallback echo + shift + cat <<_LT_EOF +[$]* +_LT_EOF + exit 0 +fi + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +if test -z "$lt_ECHO"; then + if test "X${echo_test_string+set}" != Xset; then + # find a string as large as possible, as long as the shell can cope with it + for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do + # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... + if { echo_test_string=`eval $cmd`; } 2>/dev/null && + { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null + then + break + fi + done + fi + + if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && + echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + : + else + # The Solaris, AIX, and Digital Unix default echo programs unquote + # backslashes. This makes it impossible to quote backslashes using + # echo "$something" | sed 's/\\/\\\\/g' + # + # So, first we look for a working echo in the user's PATH. + + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for dir in $PATH /usr/ucb; do + IFS="$lt_save_ifs" + if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && + test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + ECHO="$dir/echo" + break + fi + done + IFS="$lt_save_ifs" + + if test "X$ECHO" = Xecho; then + # We didn't find a better echo, so look for alternatives. + if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' && + echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + # This shell has a builtin print -r that does the trick. + ECHO='print -r' + elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } && + test "X$CONFIG_SHELL" != X/bin/ksh; then + # If we have ksh, try running configure again with it. + ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} + export ORIGINAL_CONFIG_SHELL + CONFIG_SHELL=/bin/ksh + export CONFIG_SHELL + exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"} + else + # Try using printf. + ECHO='printf %s\n' + if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && + echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + # Cool, printf works + : + elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && + test "X$echo_testing_string" = 'X\t' && + echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL + export CONFIG_SHELL + SHELL="$CONFIG_SHELL" + export SHELL + ECHO="$CONFIG_SHELL [$]0 --fallback-echo" + elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && + test "X$echo_testing_string" = 'X\t' && + echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + ECHO="$CONFIG_SHELL [$]0 --fallback-echo" + else + # maybe with a smaller string... + prev=: + + for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do + if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null + then + break + fi + prev="$cmd" + done + + if test "$prev" != 'sed 50q "[$]0"'; then + echo_test_string=`eval $prev` + export echo_test_string + exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"} + else + # Oops. We lost completely, so just stick with echo. + ECHO=echo + fi + fi + fi + fi + fi +fi + +# Copy echo and quote the copy suitably for passing to libtool from +# the Makefile, instead of quoting the original, which is used later. +lt_ECHO=$ECHO +if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then + lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo" +fi + +AC_SUBST(lt_ECHO) +]) +_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) +_LT_DECL([], [ECHO], [1], + [An echo program that does not interpret backslashes]) +])# _LT_PROG_ECHO_BACKSLASH + + +# _LT_ENABLE_LOCK +# --------------- +m4_defun([_LT_ENABLE_LOCK], +[AC_ARG_ENABLE([libtool-lock], + [AS_HELP_STRING([--disable-libtool-lock], + [avoid locking (might break parallel builds)])]) +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE="32" + ;; + *ELF-64*) + HPUX_IA64_MODE="64" + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out which ABI we are using. + echo '[#]line __oline__ "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + if test "$lt_cv_prog_gnu_ld" = yes; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; + ppc64-*linux*|powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + ppc*-*linux*|powerpc*-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, + [AC_LANG_PUSH(C) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) + AC_LANG_POP]) + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; +sparc*-*solaris*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) LD="${LD-ld} -m elf64_sparc" ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks="$enable_libtool_lock" +])# _LT_ENABLE_LOCK + + +# _LT_CMD_OLD_ARCHIVE +# ------------------- +m4_defun([_LT_CMD_OLD_ARCHIVE], +[AC_CHECK_TOOL(AR, ar, false) +test -z "$AR" && AR=ar +test -z "$AR_FLAGS" && AR_FLAGS=cru +_LT_DECL([], [AR], [1], [The archiver]) +_LT_DECL([], [AR_FLAGS], [1]) + +AC_CHECK_TOOL(STRIP, strip, :) +test -z "$STRIP" && STRIP=: +_LT_DECL([], [STRIP], [1], [A symbol stripping program]) + +AC_CHECK_TOOL(RANLIB, ranlib, :) +test -z "$RANLIB" && RANLIB=: +_LT_DECL([], [RANLIB], [1], + [Commands used to install an old-style archive]) + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" +fi +_LT_DECL([], [old_postinstall_cmds], [2]) +_LT_DECL([], [old_postuninstall_cmds], [2]) +_LT_TAGDECL([], [old_archive_cmds], [2], + [Commands used to build an old-style archive]) +])# _LT_CMD_OLD_ARCHIVE + + +# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------------------- +# Check whether the given compiler option works +AC_DEFUN([_LT_COMPILER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$3" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + fi + $RM conftest* +]) + +if test x"[$]$2" = xyes; then + m4_if([$5], , :, [$5]) +else + m4_if([$6], , :, [$6]) +fi +])# _LT_COMPILER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) + + +# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------- +# Check whether the given linker option works +AC_DEFUN([_LT_LINKER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $3" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&AS_MESSAGE_LOG_FD + $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + else + $2=yes + fi + fi + $RM -r conftest* + LDFLAGS="$save_LDFLAGS" +]) + +if test x"[$]$2" = xyes; then + m4_if([$4], , :, [$4]) +else + m4_if([$5], , :, [$5]) +fi +])# _LT_LINKER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) + + +# LT_CMD_MAX_LEN +#--------------- +AC_DEFUN([LT_CMD_MAX_LEN], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +# find the maximum length of command line arguments +AC_MSG_CHECKING([the maximum length of command line arguments]) +AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl + i=0 + teststring="ABCD" + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8 ; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \ + = "XX$teststring$teststring"; } >/dev/null 2>&1 && + test $i != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac +]) +if test -n $lt_cv_sys_max_cmd_len ; then + AC_MSG_RESULT($lt_cv_sys_max_cmd_len) +else + AC_MSG_RESULT(none) +fi +max_cmd_len=$lt_cv_sys_max_cmd_len +_LT_DECL([], [max_cmd_len], [0], + [What is the maximum length of a command?]) +])# LT_CMD_MAX_LEN + +# Old name: +AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) + + +# _LT_HEADER_DLFCN +# ---------------- +m4_defun([_LT_HEADER_DLFCN], +[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl +])# _LT_HEADER_DLFCN + + +# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, +# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) +# ---------------------------------------------------------------- +m4_defun([_LT_TRY_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test "$cross_compiling" = yes; then : + [$4] +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +[#line __oline__ "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +void fnord() { int i=42;} +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +}] +_LT_EOF + if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) $1 ;; + x$lt_dlneed_uscore) $2 ;; + x$lt_dlunknown|x*) $3 ;; + esac + else : + # compilation failed + $3 + fi +fi +rm -fr conftest* +])# _LT_TRY_DLOPEN_SELF + + +# LT_SYS_DLOPEN_SELF +# ------------------ +AC_DEFUN([LT_SYS_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test "x$enable_dlopen" != xyes; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen="load_add_on" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen="dlopen" + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ + lt_cv_dlopen="dyld" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ]) + ;; + + *) + AC_CHECK_FUNC([shl_load], + [lt_cv_dlopen="shl_load"], + [AC_CHECK_LIB([dld], [shl_load], + [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], + [AC_CHECK_FUNC([dlopen], + [lt_cv_dlopen="dlopen"], + [AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], + [AC_CHECK_LIB([svld], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], + [AC_CHECK_LIB([dld], [dld_link], + [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) + ]) + ]) + ]) + ]) + ]) + ;; + esac + + if test "x$lt_cv_dlopen" != xno; then + enable_dlopen=yes + else + enable_dlopen=no + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS="$CPPFLAGS" + test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS="$LDFLAGS" + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS="$LIBS" + LIBS="$lt_cv_dlopen_libs $LIBS" + + AC_CACHE_CHECK([whether a program can dlopen itself], + lt_cv_dlopen_self, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, + lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) + ]) + + if test "x$lt_cv_dlopen_self" = xyes; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + AC_CACHE_CHECK([whether a statically linked program can dlopen itself], + lt_cv_dlopen_self_static, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, + lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) + ]) + fi + + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi +_LT_DECL([dlopen_support], [enable_dlopen], [0], + [Whether dlopen is supported]) +_LT_DECL([dlopen_self], [enable_dlopen_self], [0], + [Whether dlopen of programs is supported]) +_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], + [Whether dlopen of statically linked programs is supported]) +])# LT_SYS_DLOPEN_SELF + +# Old name: +AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) + + +# _LT_COMPILER_C_O([TAGNAME]) +# --------------------------- +# Check to see if options -c and -o are simultaneously supported by compiler. +# This macro does not hard code the compiler like AC_PROG_CC_C_O. +m4_defun([_LT_COMPILER_C_O], +[m4_require([_LT_DECL_SED])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + fi + fi + chmod u+w . 2>&AS_MESSAGE_LOG_FD + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* +]) +_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], + [Does compiler simultaneously support -c and -o options?]) +])# _LT_COMPILER_C_O + + +# _LT_COMPILER_FILE_LOCKS([TAGNAME]) +# ---------------------------------- +# Check to see if we can do hard links to lock some files if needed +m4_defun([_LT_COMPILER_FILE_LOCKS], +[m4_require([_LT_ENABLE_LOCK])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_COMPILER_C_O([$1]) + +hard_links="nottested" +if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + AC_MSG_CHECKING([if we can lock with hard links]) + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + AC_MSG_RESULT([$hard_links]) + if test "$hard_links" = no; then + AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) + need_locks=warn + fi +else + need_locks=no +fi +_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) +])# _LT_COMPILER_FILE_LOCKS + + +# _LT_CHECK_OBJDIR +# ---------------- +m4_defun([_LT_CHECK_OBJDIR], +[AC_CACHE_CHECK([for objdir], [lt_cv_objdir], +[rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null]) +objdir=$lt_cv_objdir +_LT_DECL([], [objdir], [0], + [The name of the directory that contains temporary libtool files])dnl +m4_pattern_allow([LT_OBJDIR])dnl +AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", + [Define to the sub-directory in which libtool stores uninstalled libraries.]) +])# _LT_CHECK_OBJDIR + + +# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) +# -------------------------------------- +# Check hardcoding attributes. +m4_defun([_LT_LINKER_HARDCODE_LIBPATH], +[AC_MSG_CHECKING([how to hardcode library paths into programs]) +_LT_TAGVAR(hardcode_action, $1)= +if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || + test -n "$_LT_TAGVAR(runpath_var, $1)" || + test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then + + # We can hardcode non-existent directories. + if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && + test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then + # Linking always hardcodes the temporary library directory. + _LT_TAGVAR(hardcode_action, $1)=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + _LT_TAGVAR(hardcode_action, $1)=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + _LT_TAGVAR(hardcode_action, $1)=unsupported +fi +AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) + +if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || + test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi +_LT_TAGDECL([], [hardcode_action], [0], + [How to hardcode a shared library path into an executable]) +])# _LT_LINKER_HARDCODE_LIBPATH + + +# _LT_CMD_STRIPLIB +# ---------------- +m4_defun([_LT_CMD_STRIPLIB], +[m4_require([_LT_DECL_EGREP]) +striplib= +old_striplib= +AC_MSG_CHECKING([whether stripping libraries is possible]) +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT([yes]) +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac +fi +_LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) +_LT_DECL([], [striplib], [1]) +])# _LT_CMD_STRIPLIB + + +# _LT_SYS_DYNAMIC_LINKER([TAG]) +# ----------------------------- +# PORTME Fill in your ld.so characteristics +m4_defun([_LT_SYS_DYNAMIC_LINKER], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_OBJDUMP])dnl +m4_require([_LT_DECL_SED])dnl +AC_MSG_CHECKING([dynamic linker characteristics]) +m4_if([$1], + [], [ +if test "$GCC" = yes; then + case $host_os in + darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; + *) lt_awk_arg="/^libraries:/" ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'` + else + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary. + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path/$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" + else + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk ' +BEGIN {RS=" "; FS="/|\n";} { + lt_foo=""; + lt_count=0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo="/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[[lt_foo]]++; } + if (lt_freq[[lt_foo]] == 1) { print lt_foo; } +}'` + sys_lib_search_path_spec=`$ECHO $lt_search_path_spec` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi]) +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix[[4-9]]*) + version_type=linux + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[[01]] | aix4.[[01]].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[[45]]*) + version_type=linux + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$host_os in + yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*) + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then + # It is most probably a Windows format PATH printed by + # mingw gcc, but we are running on Cygwin. Gcc prints its search + # path with ; separators, and with drive letters. We can handle the + # drive letters (cygwin fileutils understands them), so leave them, + # especially as we might pass files found there to a mingw objdump, + # which wouldn't understand a cygwinified path. Ahh. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + ;; + esac + ;; + + *) + library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' + ;; + esac + dynamic_linker='Win32 ld.exe' + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd1*) + dynamic_linker=no + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[[123]]*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[[01]]* | freebsdelf3.[[01]]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ + freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555. + postinstall_cmds='chmod 555 $lib' + ;; + +interix[[3-9]]*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be Linux ELF. +linux* | k*bsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + # Some binutils ld are patched to set DT_RUNPATH + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ + LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], + [shlibpath_overrides_runpath=yes])]) + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[[89]] | openbsd2.[[89]].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +AC_MSG_RESULT([$dynamic_linker]) +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then + sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +fi +if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then + sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" +fi + +_LT_DECL([], [variables_saved_for_relink], [1], + [Variables whose values should be saved in libtool wrapper scripts and + restored at link time]) +_LT_DECL([], [need_lib_prefix], [0], + [Do we need the "lib" prefix for modules?]) +_LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) +_LT_DECL([], [version_type], [0], [Library versioning type]) +_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) +_LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) +_LT_DECL([], [shlibpath_overrides_runpath], [0], + [Is shlibpath searched before the hard-coded library search path?]) +_LT_DECL([], [libname_spec], [1], [Format of library name prefix]) +_LT_DECL([], [library_names_spec], [1], + [[List of archive names. First name is the real one, the rest are links. + The last name is the one that the linker finds with -lNAME]]) +_LT_DECL([], [soname_spec], [1], + [[The coded name of the library, if different from the real name]]) +_LT_DECL([], [postinstall_cmds], [2], + [Command to use after installation of a shared archive]) +_LT_DECL([], [postuninstall_cmds], [2], + [Command to use after uninstallation of a shared archive]) +_LT_DECL([], [finish_cmds], [2], + [Commands used to finish a libtool library installation in a directory]) +_LT_DECL([], [finish_eval], [1], + [[As "finish_cmds", except a single script fragment to be evaled but + not shown]]) +_LT_DECL([], [hardcode_into_libs], [0], + [Whether we should hardcode library paths into libraries]) +_LT_DECL([], [sys_lib_search_path_spec], [2], + [Compile-time system search path for libraries]) +_LT_DECL([], [sys_lib_dlsearch_path_spec], [2], + [Run-time system search path for libraries]) +])# _LT_SYS_DYNAMIC_LINKER + + +# _LT_PATH_TOOL_PREFIX(TOOL) +# -------------------------- +# find a file program which can recognize shared library +AC_DEFUN([_LT_PATH_TOOL_PREFIX], +[m4_require([_LT_DECL_EGREP])dnl +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, +[case $MAGIC_CMD in +[[\\/*] | ?:[\\/]*]) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR +dnl $ac_dummy forces splitting on constant user-supplied paths. +dnl POSIX.2 word splitting is done only on the output of word expansions, +dnl not every word. This closes a longstanding sh security hole. + ac_dummy="m4_if([$2], , $PATH, [$2])" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$1; then + lt_cv_path_MAGIC_CMD="$ac_dir/$1" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac]) +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + AC_MSG_RESULT($MAGIC_CMD) +else + AC_MSG_RESULT(no) +fi +_LT_DECL([], [MAGIC_CMD], [0], + [Used to examine libraries when file_magic_cmd begins with "file"])dnl +])# _LT_PATH_TOOL_PREFIX + +# Old name: +AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) + + +# _LT_PATH_MAGIC +# -------------- +# find a file program which can recognize a shared library +m4_defun([_LT_PATH_MAGIC], +[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) + else + MAGIC_CMD=: + fi +fi +])# _LT_PATH_MAGIC + + +# LT_PATH_LD +# ---------- +# find the pathname to the GNU or non-GNU linker +AC_DEFUN([LT_PATH_LD], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl + +AC_ARG_WITH([gnu-ld], + [AS_HELP_STRING([--with-gnu-ld], + [assume the C compiler uses GNU ld @<:@default=no@:>@])], + [test "$withval" = no || with_gnu_ld=yes], + [with_gnu_ld=no])dnl + +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + AC_MSG_CHECKING([for ld used by $CC]) + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [[\\/]]* | ?:[[\\/]]*) + re_direlt='/[[^/]][[^/]]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + AC_MSG_CHECKING([for GNU ld]) +else + AC_MSG_CHECKING([for non-GNU ld]) +fi +AC_CACHE_VAL(lt_cv_path_LD, +[if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'] + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[[3-9]]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be Linux ELF. +linux* | k*bsd*-gnu) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +esac +]) +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + +_LT_DECL([], [deplibs_check_method], [1], + [Method to check whether dependent libraries are shared objects]) +_LT_DECL([], [file_magic_cmd], [1], + [Command to use when deplibs_check_method == "file_magic"]) +])# _LT_CHECK_MAGIC_METHOD + + +# LT_PATH_NM +# ---------- +# find the pathname to a BSD- or MS-compatible name lister +AC_DEFUN([LT_PATH_NM], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, +[if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM="$NM" +else + lt_nm_to_check="${ac_tool_prefix}nm" + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + tmp_nm="$ac_dir/$lt_tmp_nm" + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in + */dev/null* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS="$lt_save_ifs" + done + : ${lt_cv_path_NM=no} +fi]) +if test "$lt_cv_path_NM" != "no"; then + NM="$lt_cv_path_NM" +else + # Didn't find any BSD compatible name lister, look for dumpbin. + AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :) + AC_SUBST([DUMPBIN]) + if test "$DUMPBIN" != ":"; then + NM="$DUMPBIN" + fi +fi +test -z "$NM" && NM=nm +AC_SUBST([NM]) +_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl + +AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], + [lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD) + cat conftest.out >&AS_MESSAGE_LOG_FD + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest*]) +])# LT_PATH_NM + +# Old names: +AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) +AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_PROG_NM], []) +dnl AC_DEFUN([AC_PROG_NM], []) + + +# LT_LIB_M +# -------- +# check for math library +AC_DEFUN([LT_LIB_M], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +LIBM= +case $host in +*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*) + # These system don't have libm, or don't need it + ;; +*-ncr-sysv4.3*) + AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") + AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") + ;; +*) + AC_CHECK_LIB(m, cos, LIBM="-lm") + ;; +esac +AC_SUBST([LIBM]) +])# LT_LIB_M + +# Old name: +AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_CHECK_LIBM], []) + + +# _LT_COMPILER_NO_RTTI([TAGNAME]) +# ------------------------------- +m4_defun([_LT_COMPILER_NO_RTTI], +[m4_require([_LT_TAG_COMPILER])dnl + +_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + +if test "$GCC" = yes; then + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + + _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], + lt_cv_prog_compiler_rtti_exceptions, + [-fno-rtti -fno-exceptions], [], + [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) +fi +_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], + [Compiler flag to turn off builtin functions]) +])# _LT_COMPILER_NO_RTTI + + +# _LT_CMD_GLOBAL_SYMBOLS +# ---------------------- +m4_defun([_LT_CMD_GLOBAL_SYMBOLS], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([LT_PATH_NM])dnl +AC_REQUIRE([LT_PATH_LD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_TAG_COMPILER])dnl + +# Check for command to grab the raw symbol name followed by C symbol from nm. +AC_MSG_CHECKING([command to parse $NM output from $compiler object]) +AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], +[ +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[[BCDEGRST]]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[[BCDT]]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[[ABCDGISTW]]' + ;; +hpux*) + if test "$host_cpu" = ia64; then + symcode='[[ABCDEGRST]]' + fi + ;; +irix* | nonstopux*) + symcode='[[BCDEGRST]]' + ;; +osf*) + symcode='[[BCDEGQRST]]' + ;; +solaris*) + symcode='[[BDRT]]' + ;; +sco3.2v5*) + symcode='[[DT]]' + ;; +sysv4.2uw2*) + symcode='[[DT]]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[[ABDT]]' + ;; +sysv4) + symcode='[[DFNSTU]]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[[ABCDGIRSTW]]' ;; +esac + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function + # and D for any global variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK ['"\ +" {last_section=section; section=\$ 3};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ +" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ +" s[1]~/^[@?]/{print s[1], s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx]" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if AC_TRY_EVAL(ac_compile); then + # Now try to grab the symbols. + nlist=conftest.nm + if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +const struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[[]] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_save_LIBS="$LIBS" + lt_save_CFLAGS="$CFLAGS" + LIBS="conftstm.$ac_objext" + CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" + if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then + pipe_works=yes + fi + LIBS="$lt_save_LIBS" + CFLAGS="$lt_save_CFLAGS" + else + echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD + fi + else + echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test "$pipe_works" = yes; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done +]) +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + AC_MSG_RESULT(failed) +else + AC_MSG_RESULT(ok) +fi + +_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], + [Take the output of nm and produce a listing of raw symbols and C names]) +_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], + [Transform the output of nm in a proper C declaration]) +_LT_DECL([global_symbol_to_c_name_address], + [lt_cv_sys_global_symbol_to_c_name_address], [1], + [Transform the output of nm in a C name address pair]) +_LT_DECL([global_symbol_to_c_name_address_lib_prefix], + [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], + [Transform the output of nm in a C name address pair when lib prefix is needed]) +]) # _LT_CMD_GLOBAL_SYMBOLS + + +# _LT_COMPILER_PIC([TAGNAME]) +# --------------------------- +m4_defun([_LT_COMPILER_PIC], +[m4_require([_LT_TAG_COMPILER])dnl +_LT_TAGVAR(lt_prog_compiler_wl, $1)= +_LT_TAGVAR(lt_prog_compiler_pic, $1)= +_LT_TAGVAR(lt_prog_compiler_static, $1)= + +AC_MSG_CHECKING([for $compiler option to produce PIC]) +m4_if([$1], [CXX], [ + # C++ specific cases for pic, static, wl, etc. + if test "$GXX" = yes; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + *djgpp*) + # DJGPP does not support shared libraries at all + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + else + case $host_os in + aix[[4-9]]*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + chorus*) + case $cc_basename in + cxch68*) + # Green Hills C++ Compiler + # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" + ;; + esac + ;; + dgux*) + case $cc_basename in + ec++*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + ghcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + freebsd* | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + if test "$host_cpu" != ia64; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + fi + ;; + aCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + ;; + *) + ;; + esac + ;; + interix*) + # This is c89, which is MS Visual C++ (no shared libs) + # Anyone wants to do a port? + ;; + irix5* | irix6* | nonstopux*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + # CC pic flag -KPIC is the default. + ;; + *) + ;; + esac + ;; + linux* | k*bsd*-gnu) + case $cc_basename in + KCC*) + # KAI C++ Compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + ecpc* ) + # old Intel C++ for x86_64 which still supported -KPIC. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + icpc* ) + # Intel C++, used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + cxx*) + # Compaq C++ + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xlc* | xlC*) + # IBM XL 8.0 on PPC + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + esac + ;; + esac + ;; + lynxos*) + ;; + m88k*) + ;; + mvs*) + case $cc_basename in + cxx*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' + ;; + *) + ;; + esac + ;; + netbsd* | netbsdelf*-gnu) + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + ;; + RCC*) + # Rational C++ 2.4.1 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + cxx*) + # Digital/Compaq C++ + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + *) + ;; + esac + ;; + psos*) + ;; + solaris*) + case $cc_basename in + CC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + ;; + *) + ;; + esac + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + lcc*) + # Lucid + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + *) + ;; + esac + ;; + vxworks*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +], +[ + if test "$GCC" = yes; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + + hpux9* | hpux10* | hpux11*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC (with -KPIC) is the default. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + linux* | k*bsd*-gnu) + case $cc_basename in + # old Intel for x86_64 which still supported -KPIC. + ecc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' + _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' + ;; + pgcc* | pgf77* | pgf90* | pgf95*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + ccc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All Alpha code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xl*) + # IBM XL C 8.0/Fortran 10.1 on PPC + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + ;; + *Sun\ F*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='' + ;; + esac + ;; + esac + ;; + + newsos6) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All OSF/1 code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + rdos*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + solaris*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + case $cc_basename in + f77* | f90* | f95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; + *) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; + esac + ;; + + sunos4*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + unicos*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + + uts4*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +]) +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" + ;; +esac +AC_MSG_RESULT([$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) +_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], + [How to pass a linker flag through the compiler]) + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], + [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], + [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], + [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in + "" | " "*) ;; + *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; + esac], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) +fi +_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], + [Additional compiler flags for building library objects]) + +# +# Check to make sure the static flag actually works. +# +wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" +_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], + _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), + $lt_tmp_static_flag, + [], + [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) +_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], + [Compiler flag to prevent dynamic linking]) +])# _LT_COMPILER_PIC + + +# _LT_LINKER_SHLIBS([TAGNAME]) +# ---------------------------- +# See if the linker supports building shared libraries. +m4_defun([_LT_LINKER_SHLIBS], +[AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) +m4_if([$1], [CXX], [ + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + case $host_os in + aix[[4-9]]*) + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + ;; + pw32*) + _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" + ;; + cygwin* | mingw* | cegcc*) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' + ;; + linux* | k*bsd*-gnu) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; + *) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + ;; + esac + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] +], [ + runpath_var= + _LT_TAGVAR(allow_undefined_flag, $1)= + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(archive_cmds, $1)= + _LT_TAGVAR(archive_expsym_cmds, $1)= + _LT_TAGVAR(compiler_needs_object, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(hardcode_automatic, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= + _LT_TAGVAR(hardcode_libdir_separator, $1)= + _LT_TAGVAR(hardcode_minus_L, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_TAGVAR(inherit_rpath, $1)=no + _LT_TAGVAR(link_all_deplibs, $1)=unknown + _LT_TAGVAR(module_cmds, $1)= + _LT_TAGVAR(module_expsym_cmds, $1)= + _LT_TAGVAR(old_archive_from_new_cmds, $1)= + _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= + _LT_TAGVAR(thread_safe_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + _LT_TAGVAR(include_expsyms, $1)= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. +dnl Note also adjust exclude_expsyms for C++ above. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + linux* | k*bsd*-gnu) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; + esac + + _LT_TAGVAR(ld_shlibs, $1)=yes + if test "$with_gnu_ld" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + supports_anon_versioning=no + case `$LD -v 2>&1` in + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[[3-9]]*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.9.1, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to modify your PATH +*** so that a non-GNU linker is found, and then restart. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu) + tmp_diet=no + if test "$host_os" = linux-dietlibc; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test "$tmp_diet" = no + then + tmp_addflag= + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + _LT_TAGVAR(whole_archive_flag_spec, $1)= + tmp_sharedflag='--shared' ;; + xl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + xlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' + _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + sunos4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + + if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then + runpath_var= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + _LT_TAGVAR(hardcode_direct, $1)=unsupported + fi + ;; + + aix[[4-9]]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + + if test "$GCC" = yes; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + _LT_TAGVAR(link_all_deplibs, $1)=no + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + # This is similar to how AIX traditionally builds its shared libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + bsdi[[45]]*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + # FIXME: Should let the user specify the lib program. + _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' + _LT_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + dgux*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + freebsd1*) + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + hpux9*) + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + fi + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + AC_LINK_IFELSE(int foo(void) {}, + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + ) + LDFLAGS="$save_LDFLAGS" + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + newsos6) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *nto* | *qnx*) + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + else + case $host_os in + openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + ;; + esac + fi + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + solaris*) + _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' + if test "$GCC" = yes; then + wlarc='${wl}' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='${wl}' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. GCC discards it without `$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test "$GCC" = yes; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + fi + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4) + case $host_vendor in + sni) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' + _LT_TAGVAR(hardcode_direct, $1)=no + ;; + motorola) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4.3*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + _LT_TAGVAR(ld_shlibs, $1)=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + if test x$host_vendor = xsni; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' + ;; + esac + fi + fi +]) +AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) +test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + +_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld + +_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl +_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl +_LT_DECL([], [extract_expsyms_cmds], [2], + [The commands to extract the exported symbol list from a shared archive]) + +# +# Do we need to explicitly link libc? +# +case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in +x|xyes) + # Assume -lc should be added + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $_LT_TAGVAR(archive_cmds, $1) in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + AC_MSG_CHECKING([whether -lc should be explicitly linked in]) + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if AC_TRY_EVAL(ac_compile) 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) + pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) + _LT_TAGVAR(allow_undefined_flag, $1)= + if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) + then + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + else + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + fi + _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)]) + ;; + esac + fi + ;; +esac + +_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], + [Whether or not to add -lc for building shared libraries]) +_LT_TAGDECL([allow_libtool_libs_with_static_runtimes], + [enable_shared_with_static_runtimes], [0], + [Whether or not to disallow shared libs when runtime libs are static]) +_LT_TAGDECL([], [export_dynamic_flag_spec], [1], + [Compiler flag to allow reflexive dlopens]) +_LT_TAGDECL([], [whole_archive_flag_spec], [1], + [Compiler flag to generate shared objects directly from archives]) +_LT_TAGDECL([], [compiler_needs_object], [1], + [Whether the compiler copes with passing no objects directly]) +_LT_TAGDECL([], [old_archive_from_new_cmds], [2], + [Create an old-style archive from a shared archive]) +_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], + [Create a temporary old-style archive to link instead of a shared archive]) +_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) +_LT_TAGDECL([], [archive_expsym_cmds], [2]) +_LT_TAGDECL([], [module_cmds], [2], + [Commands used to build a loadable module if different from building + a shared archive.]) +_LT_TAGDECL([], [module_expsym_cmds], [2]) +_LT_TAGDECL([], [with_gnu_ld], [1], + [Whether we are building with GNU ld or not]) +_LT_TAGDECL([], [allow_undefined_flag], [1], + [Flag that allows shared libraries with undefined symbols to be built]) +_LT_TAGDECL([], [no_undefined_flag], [1], + [Flag that enforces no undefined symbols]) +_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], + [Flag to hardcode $libdir into a binary during linking. + This must work even if $libdir does not exist]) +_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1], + [[If ld is used when linking, flag to hardcode $libdir into a binary + during linking. This must work even if $libdir does not exist]]) +_LT_TAGDECL([], [hardcode_libdir_separator], [1], + [Whether we need a single "-rpath" flag with a separated argument]) +_LT_TAGDECL([], [hardcode_direct], [0], + [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + DIR into the resulting binary]) +_LT_TAGDECL([], [hardcode_direct_absolute], [0], + [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + DIR into the resulting binary and the resulting library dependency is + "absolute", i.e impossible to change by setting ${shlibpath_var} if the + library is relocated]) +_LT_TAGDECL([], [hardcode_minus_L], [0], + [Set to "yes" if using the -LDIR flag during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_shlibpath_var], [0], + [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_automatic], [0], + [Set to "yes" if building a shared library automatically hardcodes DIR + into the library and all subsequent libraries and executables linked + against it]) +_LT_TAGDECL([], [inherit_rpath], [0], + [Set to yes if linker adds runtime paths of dependent libraries + to runtime path list]) +_LT_TAGDECL([], [link_all_deplibs], [0], + [Whether libtool must link a program against all its dependency libraries]) +_LT_TAGDECL([], [fix_srcfile_path], [1], + [Fix the shell variable $srcfile for the compiler]) +_LT_TAGDECL([], [always_export_symbols], [0], + [Set to "yes" if exported symbols are required]) +_LT_TAGDECL([], [export_symbols_cmds], [2], + [The commands to list exported symbols]) +_LT_TAGDECL([], [exclude_expsyms], [1], + [Symbols that should not be listed in the preloaded symbols]) +_LT_TAGDECL([], [include_expsyms], [1], + [Symbols that must always be exported]) +_LT_TAGDECL([], [prelink_cmds], [2], + [Commands necessary for linking programs (against libraries) with templates]) +_LT_TAGDECL([], [file_list_spec], [1], + [Specify filename containing input files]) +dnl FIXME: Not yet implemented +dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], +dnl [Compiler flag to generate thread safe objects]) +])# _LT_LINKER_SHLIBS + + +# _LT_LANG_C_CONFIG([TAG]) +# ------------------------ +# Ensure that the configuration variables for a C compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to `libtool'. +m4_defun([_LT_LANG_C_CONFIG], +[m4_require([_LT_DECL_EGREP])dnl +lt_save_CC="$CC" +AC_LANG_PUSH(C) + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + +_LT_TAG_COMPILER +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + LT_SYS_DLOPEN_SELF + _LT_CMD_STRIPLIB + + # Report which library types will actually be built + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_CONFIG($1) +fi +AC_LANG_POP +CC="$lt_save_CC" +])# _LT_LANG_C_CONFIG + + +# _LT_PROG_CXX +# ------------ +# Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++ +# compiler, we have our own version here. +m4_defun([_LT_PROG_CXX], +[ +pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes]) +AC_PROG_CXX +if test -n "$CXX" && ( test "X$CXX" != "Xno" && + ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || + (test "X$CXX" != "Xg++"))) ; then + AC_PROG_CXXCPP +else + _lt_caught_CXX_error=yes +fi +popdef([AC_MSG_ERROR]) +])# _LT_PROG_CXX + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([_LT_PROG_CXX], []) + + +# _LT_LANG_CXX_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a C++ compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to `libtool'. +m4_defun([_LT_LANG_CXX_CONFIG], +[AC_REQUIRE([_LT_PROG_CXX])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl + +AC_LANG_PUSH(C++) +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(compiler_needs_object, $1)=no +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for C++ test sources. +ac_ext=cpp + +# Object file extension for compiled C++ test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the CXX compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_caught_CXX_error" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests + lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_LD=$LD + lt_save_GCC=$GCC + GCC=$GXX + lt_save_with_gnu_ld=$with_gnu_ld + lt_save_path_LD=$lt_cv_path_LD + if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then + lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx + else + $as_unset lt_cv_prog_gnu_ld + fi + if test -n "${lt_cv_path_LDCXX+set}"; then + lt_cv_path_LD=$lt_cv_path_LDCXX + else + $as_unset lt_cv_path_LD + fi + test -z "${LDCXX+set}" || LD=$LDCXX + CC=${CXX-"c++"} + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + # We don't want -fno-exception when compiling C++ code, so set the + # no_builtin_flag separately + if test "$GXX" = yes; then + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + else + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + fi + + if test "$GXX" = yes; then + # Set up default GNU C++ configuration + + LT_PATH_LD + + # Check if GNU C++ uses GNU ld as the underlying linker, since the + # archiving commands below assume that GNU ld is being used. + if test "$with_gnu_ld" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + + # If archive_cmds runs LD, not CC, wlarc should be empty + # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to + # investigate it a little bit more. (MM) + wlarc='${wl}' + + # ancient GNU ld didn't support --whole-archive et. al. + if eval "`$CC -print-prog-name=ld` --help 2>&1" | + $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + with_gnu_ld=no + wlarc= + + # A generic and very simple default shared library creation + # command for GNU C++ for the case where it uses the native + # linker, instead of GNU ld. If possible, this setting should + # overridden to take advantage of the native linker features on + # the platform it is being used on. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + fi + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + + else + GXX=no + with_gnu_ld=no + wlarc= + fi + + # PORTME: fill in a description of your system's C++ link characteristics + AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) + _LT_TAGVAR(ld_shlibs, $1)=yes + case $host_os in + aix3*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aix[[4-9]]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + case $ld_flag in + *-brtl*) + aix_use_runtimelinking=yes + break + ;; + esac + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + + if test "$GXX" = yes; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to + # export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an empty + # executable. + _LT_SYS_MODULE_PATH_AIX + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + # This is similar to how AIX traditionally builds its shared + # libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + chorus*) + case $cc_basename in + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + dgux*) + case $cc_basename in + ec++*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + ghcx*) + # Green Hills C++ Compiler + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + freebsd[[12]]*) + # C++ shared libraries reported to be fairly broken before + # switch to ELF + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + freebsd-elf*) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + ;; + + freebsd* | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + gnu*) + ;; + + hpux9*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + ;; + *) + if test "$GXX" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + hpux10*|hpux11*) + if test $with_gnu_ld = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + ;; + *) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; + esac + fi + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + ;; + esac + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + ;; + *) + if test "$GXX" = yes; then + if test $with_gnu_ld = no; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + fi + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + irix5* | irix6*) + case $cc_basename in + CC*) + # SGI C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + + # Archives containing C++ object files must be created using + # "CC -ar", where "CC" is the IRIX C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' + ;; + *) + if test "$GXX" = yes; then + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib' + fi + fi + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + esac + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + ;; + + linux* | k*bsd*-gnu) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' + ;; + icpc* | ecpc* ) + # Intel C++ + with_gnu_ld=yes + # version 8.0 and above of icpc choke on multiply defined symbols + # if we add $predep_objects and $postdep_objects, however 7.1 and + # earlier do not add the objects themselves. + case `$CC -V 2>&1` in + *"Version 7."*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 8.0 or newer + tmp_idyn= + case $host_cpu in + ia64*) tmp_idyn=' -i_dynamic';; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + case `$CC -V` in + *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*) + _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ + compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' + _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ + $RANLIB $oldlib' + _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 will use weak symbols + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + ;; + cxx*) + # Compaq C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' + + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + ;; + xl*) + # IBM XL 8.0 on PPC, with GNU ld + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + + # Not sure whether something based on + # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 + # would be better. + output_verbose_link_cmd='echo' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + esac + ;; + esac + ;; + + lynxos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + m88k*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + mvs*) + case $cc_basename in + cxx*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + fi + # Workaround some broken pre-1.5 toolchains + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' + ;; + + *nto* | *qnx*) + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + openbsd2*) + # C++ shared libraries are fairly broken + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + fi + output_verbose_link_cmd=echo + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Archives containing C++ object files must be created using + # the KAI C++ compiler. + case $host in + osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; + *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; + esac + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + cxx*) + case $host in + osf3*) + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + ;; + *) + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~ + $RM $lib.exp' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' + ;; + *) + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + case $host in + osf3*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + psos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + lcc*) + # Lucid + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + solaris*) + case $cc_basename in + CC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(archive_cmds_need_lc,$1)=yes + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. + # Supported since Solaris 2.6 (maybe 2.5.1?) + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + + output_verbose_link_cmd='echo' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + + # The C++ compiler must be used to create the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' + ;; + *) + # GNU C++ compiler with Solaris linker + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' + if $CC --version | $GREP -v '^2\.7' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + else + # g++ 2.7 appears to require `-G' NOT `-shared' on this + # platform. + _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' + fi + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + ;; + esac + fi + ;; + esac + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + vxworks*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) + test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + + _LT_TAGVAR(GCC, $1)="$GXX" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + CC=$lt_save_CC + LDCXX=$LD + LD=$lt_save_LD + GCC=$lt_save_GCC + with_gnu_ld=$lt_save_with_gnu_ld + lt_cv_path_LDCXX=$lt_cv_path_LD + lt_cv_path_LD=$lt_save_path_LD + lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld + lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld +fi # test "$_lt_caught_CXX_error" != yes + +AC_LANG_POP +])# _LT_LANG_CXX_CONFIG + + +# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) +# --------------------------------- +# Figure out "hidden" library dependencies from verbose +# compiler output when linking a shared library. +# Parse the compiler output and extract the necessary +# objects, libraries and library flags. +m4_defun([_LT_SYS_HIDDEN_LIBDEPS], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +# Dependencies to place before and after the object being linked: +_LT_TAGVAR(predep_objects, $1)= +_LT_TAGVAR(postdep_objects, $1)= +_LT_TAGVAR(predeps, $1)= +_LT_TAGVAR(postdeps, $1)= +_LT_TAGVAR(compiler_lib_search_path, $1)= + +dnl we can't use the lt_simple_compile_test_code here, +dnl because it contains code intended for an executable, +dnl not a library. It's possible we should let each +dnl tag define a new lt_????_link_test_code variable, +dnl but it's only used here... +m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF +int a; +void foo (void) { a = 0; } +_LT_EOF +], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF +class Foo +{ +public: + Foo (void) { a = 0; } +private: + int a; +}; +_LT_EOF +], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer*4 a + a=0 + return + end +_LT_EOF +], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer a + a=0 + return + end +_LT_EOF +], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF +public class foo { + private int a; + public void bar (void) { + a = 0; + } +}; +_LT_EOF +]) +dnl Parse the compiler output and extract the necessary +dnl objects, libraries and library flags. +if AC_TRY_EVAL(ac_compile); then + # Parse the compiler output and extract the necessary + # objects, libraries and library flags. + + # Sentinel used to keep track of whether or not we are before + # the conftest object file. + pre_test_object_deps_done=no + + for p in `eval "$output_verbose_link_cmd"`; do + case $p in + + -L* | -R* | -l*) + # Some compilers place space between "-{L,R}" and the path. + # Remove the space. + if test $p = "-L" || + test $p = "-R"; then + prev=$p + continue + else + prev= + fi + + if test "$pre_test_object_deps_done" = no; then + case $p in + -L* | -R*) + # Internal compiler library paths should come after those + # provided the user. The postdeps already come after the + # user supplied libs so there is no need to process them. + if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then + _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" + else + _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" + fi + ;; + # The "-l" case would never come before the object being + # linked, so don't bother handling this case. + esac + else + if test -z "$_LT_TAGVAR(postdeps, $1)"; then + _LT_TAGVAR(postdeps, $1)="${prev}${p}" + else + _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" + fi + fi + ;; + + *.$objext) + # This assumes that the test object file only shows up + # once in the compiler output. + if test "$p" = "conftest.$objext"; then + pre_test_object_deps_done=yes + continue + fi + + if test "$pre_test_object_deps_done" = no; then + if test -z "$_LT_TAGVAR(predep_objects, $1)"; then + _LT_TAGVAR(predep_objects, $1)="$p" + else + _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" + fi + else + if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then + _LT_TAGVAR(postdep_objects, $1)="$p" + else + _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" + fi + fi + ;; + + *) ;; # Ignore the rest. + + esac + done + + # Clean up. + rm -f a.out a.exe +else + echo "libtool.m4: error: problem compiling $1 test program" +fi + +$RM -f confest.$objext + +# PORTME: override above test on systems where it is broken +m4_if([$1], [CXX], +[case $host_os in +interix[[3-9]]*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + _LT_TAGVAR(predep_objects,$1)= + _LT_TAGVAR(postdep_objects,$1)= + _LT_TAGVAR(postdeps,$1)= + ;; + +linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + + # The more standards-conforming stlport4 library is + # incompatible with the Cstd library. Avoid specifying + # it if it's in CXXFLAGS. Ignore libCrun as + # -library=stlport4 depends on it. + case " $CXX $CXXFLAGS " in + *" -library=stlport4 "*) + solaris_use_stlport4=yes + ;; + esac + + if test "$solaris_use_stlport4" != yes; then + _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' + fi + ;; + esac + ;; + +solaris*) + case $cc_basename in + CC*) + # The more standards-conforming stlport4 library is + # incompatible with the Cstd library. Avoid specifying + # it if it's in CXXFLAGS. Ignore libCrun as + # -library=stlport4 depends on it. + case " $CXX $CXXFLAGS " in + *" -library=stlport4 "*) + solaris_use_stlport4=yes + ;; + esac + + # Adding this requires a known-good setup of shared libraries for + # Sun compiler versions before 5.6, else PIC objects from an old + # archive will be linked into the output, leading to subtle bugs. + if test "$solaris_use_stlport4" != yes; then + _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' + fi + ;; + esac + ;; +esac +]) + +case " $_LT_TAGVAR(postdeps, $1) " in +*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; +esac + _LT_TAGVAR(compiler_lib_search_dirs, $1)= +if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then + _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` +fi +_LT_TAGDECL([], [compiler_lib_search_dirs], [1], + [The directories searched by this compiler when creating a shared library]) +_LT_TAGDECL([], [predep_objects], [1], + [Dependencies to place before and after the objects being linked to + create a shared library]) +_LT_TAGDECL([], [postdep_objects], [1]) +_LT_TAGDECL([], [predeps], [1]) +_LT_TAGDECL([], [postdeps], [1]) +_LT_TAGDECL([], [compiler_lib_search_path], [1], + [The library search path used internally by the compiler when linking + a shared library]) +])# _LT_SYS_HIDDEN_LIBDEPS + + +# _LT_PROG_F77 +# ------------ +# Since AC_PROG_F77 is broken, in that it returns the empty string +# if there is no fortran compiler, we have our own version here. +m4_defun([_LT_PROG_F77], +[ +pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes]) +AC_PROG_F77 +if test -z "$F77" || test "X$F77" = "Xno"; then + _lt_disable_F77=yes +fi +popdef([AC_MSG_ERROR]) +])# _LT_PROG_F77 + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([_LT_PROG_F77], []) + + +# _LT_LANG_F77_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a Fortran 77 compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_F77_CONFIG], +[AC_REQUIRE([_LT_PROG_F77])dnl +AC_LANG_PUSH(Fortran 77) + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for f77 test sources. +ac_ext=f + +# Object file extension for compiled f77 test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the F77 compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_disable_F77" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC="$CC" + lt_save_GCC=$GCC + CC=${F77-"f77"} + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + GCC=$G77 + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)="$G77" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC="$lt_save_CC" +fi # test "$_lt_disable_F77" != yes + +AC_LANG_POP +])# _LT_LANG_F77_CONFIG + + +# _LT_PROG_FC +# ----------- +# Since AC_PROG_FC is broken, in that it returns the empty string +# if there is no fortran compiler, we have our own version here. +m4_defun([_LT_PROG_FC], +[ +pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes]) +AC_PROG_FC +if test -z "$FC" || test "X$FC" = "Xno"; then + _lt_disable_FC=yes +fi +popdef([AC_MSG_ERROR]) +])# _LT_PROG_FC + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([_LT_PROG_FC], []) + + +# _LT_LANG_FC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for a Fortran compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_FC_CONFIG], +[AC_REQUIRE([_LT_PROG_FC])dnl +AC_LANG_PUSH(Fortran) + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for fc test sources. +ac_ext=${ac_fc_srcext-f} + +# Object file extension for compiled fc test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the FC compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_disable_FC" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC="$CC" + lt_save_GCC=$GCC + CC=${FC-"f95"} + compiler=$CC + GCC=$ac_cv_fc_compiler_gnu + + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC="$lt_save_CC" +fi # test "$_lt_disable_FC" != yes + +AC_LANG_POP +])# _LT_LANG_FC_CONFIG + + +# _LT_LANG_GCJ_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Java Compiler compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_GCJ_CONFIG], +[AC_REQUIRE([LT_PROG_GCJ])dnl +AC_LANG_SAVE + +# Source file extension for Java test sources. +ac_ext=java + +# Object file extension for compiled Java test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="class foo {}" + +# Code to be used in simple link tests +lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC="$CC" +lt_save_GCC=$GCC +GCC=yes +CC=${GCJ-"gcj"} +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)="$LD" +_LT_CC_BASENAME([$compiler]) + +# GCJ did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC="$lt_save_CC" +])# _LT_LANG_GCJ_CONFIG + + +# _LT_LANG_RC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for the Windows resource compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_RC_CONFIG], +[AC_REQUIRE([LT_PROG_RC])dnl +AC_LANG_SAVE + +# Source file extension for RC test sources. +ac_ext=rc + +# Object file extension for compiled RC test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' + +# Code to be used in simple link tests +lt_simple_link_test_code="$lt_simple_compile_test_code" + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC="$CC" +lt_save_GCC=$GCC +GCC= +CC=${RC-"windres"} +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_CC_BASENAME([$compiler]) +_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + +if test -n "$compiler"; then + : + _LT_CONFIG($1) +fi + +GCC=$lt_save_GCC +AC_LANG_RESTORE +CC="$lt_save_CC" +])# _LT_LANG_RC_CONFIG + + +# LT_PROG_GCJ +# ----------- +AC_DEFUN([LT_PROG_GCJ], +[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], + [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], + [AC_CHECK_TOOL(GCJ, gcj,) + test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" + AC_SUBST(GCJFLAGS)])])[]dnl +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_GCJ], []) + + +# LT_PROG_RC +# ---------- +AC_DEFUN([LT_PROG_RC], +[AC_CHECK_TOOL(RC, windres,) +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_RC], []) + + +# _LT_DECL_EGREP +# -------------- +# If we don't have a new enough Autoconf to choose the best grep +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_EGREP], +[AC_REQUIRE([AC_PROG_EGREP])dnl +AC_REQUIRE([AC_PROG_FGREP])dnl +test -z "$GREP" && GREP=grep +_LT_DECL([], [GREP], [1], [A grep program that handles long lines]) +_LT_DECL([], [EGREP], [1], [An ERE matcher]) +_LT_DECL([], [FGREP], [1], [A literal string matcher]) +dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too +AC_SUBST([GREP]) +]) + + +# _LT_DECL_OBJDUMP +# -------------- +# If we don't have a new enough Autoconf to choose the best objdump +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_OBJDUMP], +[AC_CHECK_TOOL(OBJDUMP, objdump, false) +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) +AC_SUBST([OBJDUMP]) +]) + + +# _LT_DECL_SED +# ------------ +# Check for a fully-functional sed program, that truncates +# as few characters as possible. Prefer GNU sed if found. +m4_defun([_LT_DECL_SED], +[AC_PROG_SED +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" +_LT_DECL([], [SED], [1], [A sed program that does not truncate output]) +_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], + [Sed that helps us avoid accidentally triggering echo(1) options like -n]) +])# _LT_DECL_SED + +m4_ifndef([AC_PROG_SED], [ +############################################################ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_SED. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +############################################################ + +m4_defun([AC_PROG_SED], +[AC_MSG_CHECKING([for a sed that does not truncate output]) +AC_CACHE_VAL(lt_cv_path_SED, +[# Loop through the user's path and test for sed and gsed. +# Then use that list of sed's as ones to test for truncation. +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for lt_ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then + lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" + fi + done + done +done +IFS=$as_save_IFS +lt_ac_max=0 +lt_ac_count=0 +# Add /usr/xpg4/bin/sed as it is typically found on Solaris +# along with /bin/sed that truncates output. +for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do + test ! -f $lt_ac_sed && continue + cat /dev/null > conftest.in + lt_ac_count=0 + echo $ECHO_N "0123456789$ECHO_C" >conftest.in + # Check for GNU sed and select it if it is found. + if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then + lt_cv_path_SED=$lt_ac_sed + break + fi + while true; do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo >>conftest.nl + $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break + cmp -s conftest.out conftest.nl || break + # 10000 chars as input seems more than enough + test $lt_ac_count -gt 10 && break + lt_ac_count=`expr $lt_ac_count + 1` + if test $lt_ac_count -gt $lt_ac_max; then + lt_ac_max=$lt_ac_count + lt_cv_path_SED=$lt_ac_sed + fi + done +done +]) +SED=$lt_cv_path_SED +AC_SUBST([SED]) +AC_MSG_RESULT([$SED]) +])#AC_PROG_SED +])#m4_ifndef + +# Old name: +AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_SED], []) + + +# _LT_CHECK_SHELL_FEATURES +# ------------------------ +# Find out whether the shell is Bourne or XSI compatible, +# or has some other useful features. +m4_defun([_LT_CHECK_SHELL_FEATURES], +[AC_MSG_CHECKING([whether the shell understands some XSI constructs]) +# Try some XSI features +xsi_shell=no +( _lt_dummy="a/b/c" + test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \ + = c,a/b,, \ + && eval 'test $(( 1 + 1 )) -eq 2 \ + && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ + && xsi_shell=yes +AC_MSG_RESULT([$xsi_shell]) +_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) + +AC_MSG_CHECKING([whether the shell understands "+="]) +lt_shell_append=no +( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ + >/dev/null 2>&1 \ + && lt_shell_append=yes +AC_MSG_RESULT([$lt_shell_append]) +_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi +_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac +_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl +_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl +])# _LT_CHECK_SHELL_FEATURES + + +# _LT_PROG_XSI_SHELLFNS +# --------------------- +# Bourne and XSI compatible variants of some useful shell functions. +m4_defun([_LT_PROG_XSI_SHELLFNS], +[case $xsi_shell in + yes) + cat << \_LT_EOF >> "$cfgfile" + +# func_dirname file append nondir_replacement +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +func_dirname () +{ + case ${1} in + */*) func_dirname_result="${1%/*}${2}" ;; + * ) func_dirname_result="${3}" ;; + esac +} + +# func_basename file +func_basename () +{ + func_basename_result="${1##*/}" +} + +# func_dirname_and_basename file append nondir_replacement +# perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# Implementation must be kept synchronized with func_dirname +# and func_basename. For efficiency, we do not delegate to +# those functions but instead duplicate the functionality here. +func_dirname_and_basename () +{ + case ${1} in + */*) func_dirname_result="${1%/*}${2}" ;; + * ) func_dirname_result="${3}" ;; + esac + func_basename_result="${1##*/}" +} + +# func_stripname prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +func_stripname () +{ + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary parameter first. + func_stripname_result=${3} + func_stripname_result=${func_stripname_result#"${1}"} + func_stripname_result=${func_stripname_result%"${2}"} +} + +# func_opt_split +func_opt_split () +{ + func_opt_split_opt=${1%%=*} + func_opt_split_arg=${1#*=} +} + +# func_lo2o object +func_lo2o () +{ + case ${1} in + *.lo) func_lo2o_result=${1%.lo}.${objext} ;; + *) func_lo2o_result=${1} ;; + esac +} + +# func_xform libobj-or-source +func_xform () +{ + func_xform_result=${1%.*}.lo +} + +# func_arith arithmetic-term... +func_arith () +{ + func_arith_result=$(( $[*] )) +} + +# func_len string +# STRING may not start with a hyphen. +func_len () +{ + func_len_result=${#1} +} + +_LT_EOF + ;; + *) # Bourne compatible functions. + cat << \_LT_EOF >> "$cfgfile" + +# func_dirname file append nondir_replacement +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +func_dirname () +{ + # Extract subdirectory from the argument. + func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi +} + +# func_basename file +func_basename () +{ + func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` +} + +dnl func_dirname_and_basename +dnl A portable version of this function is already defined in general.m4sh +dnl so there is no need for it here. + +# func_stripname prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +# func_strip_suffix prefix name +func_stripname () +{ + case ${2} in + .*) func_stripname_result=`$ECHO "X${3}" \ + | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;; + *) func_stripname_result=`$ECHO "X${3}" \ + | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;; + esac +} + +# sed scripts: +my_sed_long_opt='1s/^\(-[[^=]]*\)=.*/\1/;q' +my_sed_long_arg='1s/^-[[^=]]*=//' + +# func_opt_split +func_opt_split () +{ + func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"` + func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"` +} + +# func_lo2o object +func_lo2o () +{ + func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"` +} + +# func_xform libobj-or-source +func_xform () +{ + func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'` +} + +# func_arith arithmetic-term... +func_arith () +{ + func_arith_result=`expr "$[@]"` +} + +# func_len string +# STRING may not start with a hyphen. +func_len () +{ + func_len_result=`expr "$[1]" : ".*" 2>/dev/null || echo $max_cmd_len` +} + +_LT_EOF +esac + +case $lt_shell_append in + yes) + cat << \_LT_EOF >> "$cfgfile" + +# func_append var value +# Append VALUE to the end of shell variable VAR. +func_append () +{ + eval "$[1]+=\$[2]" +} +_LT_EOF + ;; + *) + cat << \_LT_EOF >> "$cfgfile" + +# func_append var value +# Append VALUE to the end of shell variable VAR. +func_append () +{ + eval "$[1]=\$$[1]\$[2]" +} + +_LT_EOF + ;; + esac +]) diff --git a/m4/config/ltoptions.m4 b/m4/config/ltoptions.m4 new file mode 100644 index 000000000..34151a3ba --- /dev/null +++ b/m4/config/ltoptions.m4 @@ -0,0 +1,368 @@ +# Helper functions for option handling. -*- Autoconf -*- +# +# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 6 ltoptions.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) + + +# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) +# ------------------------------------------ +m4_define([_LT_MANGLE_OPTION], +[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) + + +# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) +# --------------------------------------- +# Set option OPTION-NAME for macro MACRO-NAME, and if there is a +# matching handler defined, dispatch to it. Other OPTION-NAMEs are +# saved as a flag. +m4_define([_LT_SET_OPTION], +[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl +m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), + _LT_MANGLE_DEFUN([$1], [$2]), + [m4_warning([Unknown $1 option `$2'])])[]dnl +]) + + +# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) +# ------------------------------------------------------------ +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +m4_define([_LT_IF_OPTION], +[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) + + +# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) +# ------------------------------------------------------- +# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME +# are set. +m4_define([_LT_UNLESS_OPTIONS], +[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), + [m4_define([$0_found])])])[]dnl +m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 +])[]dnl +]) + + +# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) +# ---------------------------------------- +# OPTION-LIST is a space-separated list of Libtool options associated +# with MACRO-NAME. If any OPTION has a matching handler declared with +# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about +# the unknown option and exit. +m4_defun([_LT_SET_OPTIONS], +[# Set options +m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [_LT_SET_OPTION([$1], _LT_Option)]) + +m4_if([$1],[LT_INIT],[ + dnl + dnl Simply set some default values (i.e off) if boolean options were not + dnl specified: + _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no + ]) + _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no + ]) + dnl + dnl If no reference was made to various pairs of opposing options, then + dnl we run the default mode handler for the pair. For example, if neither + dnl `shared' nor `disable-shared' was passed, we enable building of shared + dnl archives by default: + _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) + _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], + [_LT_ENABLE_FAST_INSTALL]) + ]) +])# _LT_SET_OPTIONS + + +## --------------------------------- ## +## Macros to handle LT_INIT options. ## +## --------------------------------- ## + +# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) +# ----------------------------------------- +m4_define([_LT_MANGLE_DEFUN], +[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) + + +# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) +# ----------------------------------------------- +m4_define([LT_OPTION_DEFINE], +[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl +])# LT_OPTION_DEFINE + + +# dlopen +# ------ +LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes +]) + +AU_DEFUN([AC_LIBTOOL_DLOPEN], +[_LT_SET_OPTION([LT_INIT], [dlopen]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `dlopen' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) + + +# win32-dll +# --------- +# Declare package support for building win32 dll's. +LT_OPTION_DEFINE([LT_INIT], [win32-dll], +[enable_win32_dll=yes + +case $host in +*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*) + AC_CHECK_TOOL(AS, as, false) + AC_CHECK_TOOL(DLLTOOL, dlltool, false) + AC_CHECK_TOOL(OBJDUMP, objdump, false) + ;; +esac + +test -z "$AS" && AS=as +_LT_DECL([], [AS], [0], [Assembler program])dnl + +test -z "$DLLTOOL" && DLLTOOL=dlltool +_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl + +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl +])# win32-dll + +AU_DEFUN([AC_LIBTOOL_WIN32_DLL], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +_LT_SET_OPTION([LT_INIT], [win32-dll]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `win32-dll' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) + + +# _LT_ENABLE_SHARED([DEFAULT]) +# ---------------------------- +# implement the --enable-shared flag, and supports the `shared' and +# `disable-shared' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_SHARED], +[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([shared], + [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], + [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) + + _LT_DECL([build_libtool_libs], [enable_shared], [0], + [Whether or not to build shared libraries]) +])# _LT_ENABLE_SHARED + +LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) +]) + +AC_DEFUN([AC_DISABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], [disable-shared]) +]) + +AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) +AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_SHARED], []) +dnl AC_DEFUN([AM_DISABLE_SHARED], []) + + + +# _LT_ENABLE_STATIC([DEFAULT]) +# ---------------------------- +# implement the --enable-static flag, and support the `static' and +# `disable-static' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_STATIC], +[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([static], + [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], + [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_static=]_LT_ENABLE_STATIC_DEFAULT) + + _LT_DECL([build_old_libs], [enable_static], [0], + [Whether or not to build static libraries]) +])# _LT_ENABLE_STATIC + +LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) +]) + +AC_DEFUN([AC_DISABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], [disable-static]) +]) + +AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) +AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_STATIC], []) +dnl AC_DEFUN([AM_DISABLE_STATIC], []) + + + +# _LT_ENABLE_FAST_INSTALL([DEFAULT]) +# ---------------------------------- +# implement the --enable-fast-install flag, and support the `fast-install' +# and `disable-fast-install' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_FAST_INSTALL], +[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([fast-install], + [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], + [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) + +_LT_DECL([fast_install], [enable_fast_install], [0], + [Whether or not to optimize for fast installation])dnl +])# _LT_ENABLE_FAST_INSTALL + +LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) + +# Old names: +AU_DEFUN([AC_ENABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the `fast-install' option into LT_INIT's first parameter.]) +]) + +AU_DEFUN([AC_DISABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], [disable-fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the `disable-fast-install' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) +dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) + + +# _LT_WITH_PIC([MODE]) +# -------------------- +# implement the --with-pic flag, and support the `pic-only' and `no-pic' +# LT_INIT options. +# MODE is either `yes' or `no'. If omitted, it defaults to `both'. +m4_define([_LT_WITH_PIC], +[AC_ARG_WITH([pic], + [AS_HELP_STRING([--with-pic], + [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], + [pic_mode="$withval"], + [pic_mode=default]) + +test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) + +_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl +])# _LT_WITH_PIC + +LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) + +# Old name: +AU_DEFUN([AC_LIBTOOL_PICMODE], +[_LT_SET_OPTION([LT_INIT], [pic-only]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `pic-only' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) + +## ----------------- ## +## LTDL_INIT Options ## +## ----------------- ## + +m4_define([_LTDL_MODE], []) +LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], + [m4_define([_LTDL_MODE], [nonrecursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [recursive], + [m4_define([_LTDL_MODE], [recursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [subproject], + [m4_define([_LTDL_MODE], [subproject])]) + +m4_define([_LTDL_TYPE], []) +LT_OPTION_DEFINE([LTDL_INIT], [installable], + [m4_define([_LTDL_TYPE], [installable])]) +LT_OPTION_DEFINE([LTDL_INIT], [convenience], + [m4_define([_LTDL_TYPE], [convenience])]) diff --git a/m4/config/ltsugar.m4 b/m4/config/ltsugar.m4 new file mode 100644 index 000000000..9000a057d --- /dev/null +++ b/m4/config/ltsugar.m4 @@ -0,0 +1,123 @@ +# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- +# +# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 6 ltsugar.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) + + +# lt_join(SEP, ARG1, [ARG2...]) +# ----------------------------- +# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their +# associated separator. +# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier +# versions in m4sugar had bugs. +m4_define([lt_join], +[m4_if([$#], [1], [], + [$#], [2], [[$2]], + [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) +m4_define([_lt_join], +[m4_if([$#$2], [2], [], + [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) + + +# lt_car(LIST) +# lt_cdr(LIST) +# ------------ +# Manipulate m4 lists. +# These macros are necessary as long as will still need to support +# Autoconf-2.59 which quotes differently. +m4_define([lt_car], [[$1]]) +m4_define([lt_cdr], +[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], + [$#], 1, [], + [m4_dquote(m4_shift($@))])]) +m4_define([lt_unquote], $1) + + +# lt_append(MACRO-NAME, STRING, [SEPARATOR]) +# ------------------------------------------ +# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. +# Note that neither SEPARATOR nor STRING are expanded; they are appended +# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). +# No SEPARATOR is output if MACRO-NAME was previously undefined (different +# than defined and empty). +# +# This macro is needed until we can rely on Autoconf 2.62, since earlier +# versions of m4sugar mistakenly expanded SEPARATOR but not STRING. +m4_define([lt_append], +[m4_define([$1], + m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) + + + +# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) +# ---------------------------------------------------------- +# Produce a SEP delimited list of all paired combinations of elements of +# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list +# has the form PREFIXmINFIXSUFFIXn. +# Needed until we can rely on m4_combine added in Autoconf 2.62. +m4_define([lt_combine], +[m4_if(m4_eval([$# > 3]), [1], + [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl +[[m4_foreach([_Lt_prefix], [$2], + [m4_foreach([_Lt_suffix], + ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, + [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) + + +# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) +# ----------------------------------------------------------------------- +# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited +# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. +m4_define([lt_if_append_uniq], +[m4_ifdef([$1], + [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], + [lt_append([$1], [$2], [$3])$4], + [$5])], + [lt_append([$1], [$2], [$3])$4])]) + + +# lt_dict_add(DICT, KEY, VALUE) +# ----------------------------- +m4_define([lt_dict_add], +[m4_define([$1($2)], [$3])]) + + +# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) +# -------------------------------------------- +m4_define([lt_dict_add_subkey], +[m4_define([$1($2:$3)], [$4])]) + + +# lt_dict_fetch(DICT, KEY, [SUBKEY]) +# ---------------------------------- +m4_define([lt_dict_fetch], +[m4_ifval([$3], + m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), + m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) + + +# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) +# ----------------------------------------------------------------- +m4_define([lt_if_dict_fetch], +[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], + [$5], + [$6])]) + + +# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) +# -------------------------------------------------------------- +m4_define([lt_dict_filter], +[m4_if([$5], [], [], + [lt_join(m4_quote(m4_default([$4], [[, ]])), + lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), + [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl +]) diff --git a/m4/config/ltversion.m4 b/m4/config/ltversion.m4 new file mode 100644 index 000000000..b8e154fe6 --- /dev/null +++ b/m4/config/ltversion.m4 @@ -0,0 +1,23 @@ +# ltversion.m4 -- version numbers -*- Autoconf -*- +# +# Copyright (C) 2004 Free Software Foundation, Inc. +# Written by Scott James Remnant, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# Generated from ltversion.in. + +# serial 3012 ltversion.m4 +# This file is part of GNU Libtool + +m4_define([LT_PACKAGE_VERSION], [2.2.6]) +m4_define([LT_PACKAGE_REVISION], [1.3012]) + +AC_DEFUN([LTVERSION_VERSION], +[macro_version='2.2.6' +macro_revision='1.3012' +_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) +_LT_DECL(, macro_revision, 0) +]) diff --git a/m4/config/lt~obsolete.m4 b/m4/config/lt~obsolete.m4 new file mode 100644 index 000000000..637bb2066 --- /dev/null +++ b/m4/config/lt~obsolete.m4 @@ -0,0 +1,92 @@ +# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- +# +# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc. +# Written by Scott James Remnant, 2004. +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 4 lt~obsolete.m4 + +# These exist entirely to fool aclocal when bootstrapping libtool. +# +# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) +# which have later been changed to m4_define as they aren't part of the +# exported API, or moved to Autoconf or Automake where they belong. +# +# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN +# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us +# using a macro with the same name in our local m4/libtool.m4 it'll +# pull the old libtool.m4 in (it doesn't see our shiny new m4_define +# and doesn't know about Autoconf macros at all.) +# +# So we provide this file, which has a silly filename so it's always +# included after everything else. This provides aclocal with the +# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything +# because those macros already exist, or will be overwritten later. +# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. +# +# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. +# Yes, that means every name once taken will need to remain here until +# we give up compatibility with versions before 1.7, at which point +# we need to keep only those names which we still refer to. + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) + +m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) +m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) +m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) +m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) +m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) +m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) +m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) +m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) +m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) +m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) +m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) +m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) +m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) +m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) +m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) +m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) +m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) +m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) +m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) +m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) +m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) +m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) +m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) +m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) +m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) +m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) +m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) +m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) +m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) +m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) +m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) +m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) +m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) +m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) +m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) +m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) +m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) +m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])]) +m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) +m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) +m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) +m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) +m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) +m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) +m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) +m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) diff --git a/m4/macros/enable-disable.m4 b/m4/macros/enable-disable.m4 new file mode 100644 index 000000000..6d7959e4e --- /dev/null +++ b/m4/macros/enable-disable.m4 @@ -0,0 +1,32 @@ + +# ARG_ENABL_SET(option, help) +# --------------------------- +# Create a --enable-$1 option with helptext, set a variable $1 to true/false +AC_DEFUN([ARG_ENABL_SET], + [AC_ARG_ENABLE( + [$1], + AS_HELP_STRING([--enable-$1], [$2]), + [if test x$enableval = xyes; then + patsubst([$1], [-], [_])=true + else + patsubst([$1], [-], [_])=false + fi], + patsubst([$1], [-], [_])=false + )] +) + +# ARG_DISBL_SET(option, help) +# --------------------------- +# Create a --disable-$1 option with helptext, set a variable $1 to true/false +AC_DEFUN([ARG_DISBL_SET], + [AC_ARG_ENABLE( + [$1], + AS_HELP_STRING([--disable-$1], [$2]), + [if test x$enableval = xyes; then + patsubst([$1], [-], [_])=true + else + patsubst([$1], [-], [_])=false + fi], + patsubst([$1], [-], [_])=true + )] +) diff --git a/m4/macros/with.m4 b/m4/macros/with.m4 new file mode 100644 index 000000000..908333b47 --- /dev/null +++ b/m4/macros/with.m4 @@ -0,0 +1,24 @@ + +# ARG_WITH_SUBST(option, default, help) +# ----------------------------------- +# Create a --with-$1 option with helptext, AC_SUBST($1) to $withval/default +AC_DEFUN([ARG_WITH_SUBST], + [AC_ARG_WITH( + [$1], + AS_HELP_STRING([--with-$1=arg], [$3 (default: $2).]), + [AC_SUBST(patsubst([$1], [-], [_]), ["$withval"])], + [AC_SUBST(patsubst([$1], [-], [_]), ["$2"])] + )] +) + +# ARG_WITH_SET(option, default, help) +# ----------------------------------- +# Create a --with-$1 option with helptext, set a variable $1 to $withval/default +AC_DEFUN([ARG_WITH_SET], + [AC_ARG_WITH( + [$1], + AS_HELP_STRING([--with-$1=arg], [$3 (default: $2).]), + patsubst([$1], [-], [_])="$withval", + patsubst([$1], [-], [_])=$2 + )] +) diff --git a/missing b/missing index 1c8ff7049..28055d2ae 100755 --- a/missing +++ b/missing @@ -1,10 +1,10 @@ #! /bin/sh # Common stub for a few missing GNU programs while installing. -scriptversion=2006-05-10.23 +scriptversion=2009-04-28.21; # UTC -# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006 -# Free Software Foundation, Inc. +# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, +# 2008, 2009 Free Software Foundation, Inc. # Originally by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify @@ -18,9 +18,7 @@ scriptversion=2006-05-10.23 # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -89,6 +87,9 @@ Supported PROGRAM values: tar try tar, gnutar, gtar, then tar without non-portable flags yacc create \`y.tab.[ch]', if possible, from existing .[ch] +Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and +\`g' are ignored when checking the name. + Send bug reports to ." exit $? ;; @@ -106,15 +107,22 @@ Send bug reports to ." esac +# normalize program name to check for. +program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + # Now exit if we have it, but it failed. Also exit now if we # don't have it and --version was passed (most likely to detect -# the program). +# the program). This is about non-GNU programs, so use $1 not +# $program. case $1 in - lex|yacc) + lex*|yacc*) # Not GNU programs, they don't have --version. ;; - tar) + tar*) if test -n "$run"; then echo 1>&2 "ERROR: \`tar' requires --run" exit 1 @@ -138,7 +146,7 @@ esac # If it does not exist, or fails to run (possibly an outdated version), # try to emulate it. -case $1 in +case $program in aclocal*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if @@ -148,7 +156,7 @@ WARNING: \`$1' is $msg. You should only need it if touch aclocal.m4 ;; - autoconf) + autoconf*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`${configure_ac}'. You might want to install the @@ -157,7 +165,7 @@ WARNING: \`$1' is $msg. You should only need it if touch configure ;; - autoheader) + autoheader*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`acconfig.h' or \`${configure_ac}'. You might want @@ -187,7 +195,7 @@ WARNING: \`$1' is $msg. You should only need it if while read f; do touch "$f"; done ;; - autom4te) + autom4te*) echo 1>&2 "\ WARNING: \`$1' is needed, but is $msg. You might have modified some files without having the @@ -210,7 +218,7 @@ WARNING: \`$1' is needed, but is $msg. fi ;; - bison|yacc) + bison*|yacc*) echo 1>&2 "\ WARNING: \`$1' $msg. You should only need it if you modified a \`.y' file. You may need the \`Bison' package @@ -240,7 +248,7 @@ WARNING: \`$1' $msg. You should only need it if fi ;; - lex|flex) + lex*|flex*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.l' file. You may need the \`Flex' package @@ -263,7 +271,7 @@ WARNING: \`$1' is $msg. You should only need it if fi ;; - help2man) + help2man*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a dependency of a manual page. You may need the @@ -277,11 +285,11 @@ WARNING: \`$1' is $msg. You should only need it if else test -z "$file" || exec >$file echo ".ab help2man is required to generate this page" - exit 1 + exit $? fi ;; - makeinfo) + makeinfo*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.texi' or \`.texinfo' file, or any other file @@ -310,7 +318,7 @@ WARNING: \`$1' is $msg. You should only need it if touch $file ;; - tar) + tar*) shift # We have already tried tar in the generic part. @@ -363,5 +371,6 @@ exit 0 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/scripts/Makefile.am b/scripts/Makefile.am index f8d62b3bc..24e3cd164 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -1,7 +1,6 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ --DIPSEC_PLUGINDIR=\"${plugindir}\" \ --DSTRONGSWAN_CONF=\"${strongswan_conf}\" +-DPLUGINS="\"${libstrongswan_plugins}\"" noinst_PROGRAMS = bin2array bin2sql id2sql key2keyid keyid2sql \ thread_analysis dh_speed pubkey_speed diff --git a/scripts/Makefile.in b/scripts/Makefile.in index 63f0242fe..7d1af0803 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -38,11 +40,19 @@ noinst_PROGRAMS = bin2array$(EXEEXT) bin2sql$(EXEEXT) id2sql$(EXEEXT) \ subdir = scripts DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) am_bin2array_OBJECTS = bin2array.$(OBJEXT) bin2array_OBJECTS = $(am_bin2array_OBJECTS) @@ -76,6 +86,7 @@ thread_analysis_LDADD = $(LDADD) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -128,25 +139,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -158,11 +166,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -191,9 +202,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -216,7 +227,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -224,6 +235,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -232,10 +244,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -243,12 +257,12 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ --DIPSEC_PLUGINDIR=\"${plugindir}\" \ --DSTRONGSWAN_CONF=\"${strongswan_conf}\" +-DPLUGINS="\"${libstrongswan_plugins}\"" bin2array_SOURCES = bin2array.c bin2sql_SOURCES = bin2sql.c @@ -276,9 +290,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu scripts/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu scripts/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu scripts/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu scripts/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -296,13 +310,16 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list bin2array$(EXEEXT): $(bin2array_OBJECTS) $(bin2array_DEPENDENCIES) @rm -f bin2array$(EXEEXT) $(LINK) $(bin2array_OBJECTS) $(bin2array_LDADD) $(LIBS) @@ -345,21 +362,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -382,7 +399,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -390,29 +407,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -433,13 +455,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -467,6 +493,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -488,6 +515,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -496,18 +525,28 @@ install-data-am: install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -545,6 +584,7 @@ uninstall-am: mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/scripts/bin2array.c b/scripts/bin2array.c index 4778b446a..5e0ad7c74 100644 --- a/scripts/bin2array.c +++ b/scripts/bin2array.c @@ -27,7 +27,7 @@ int main(int argc, char *argv[]) { break; } - } + } printf("};\n"); return 0; } diff --git a/scripts/bin2sql.c b/scripts/bin2sql.c index 4f83dd3f2..8bc72f842 100644 --- a/scripts/bin2sql.c +++ b/scripts/bin2sql.c @@ -18,7 +18,7 @@ int main(int argc, char *argv[]) break; } printf("%02x", (unsigned int)byte); - } + } printf("'\n"); return 0; } diff --git a/scripts/dh_speed.c b/scripts/dh_speed.c index 76dafe752..b85bf1ad8 100644 --- a/scripts/dh_speed.c +++ b/scripts/dh_speed.c @@ -38,7 +38,7 @@ static void start_timing(struct timespec *start) static double end_timing(struct timespec *start) { struct timespec end; - + clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end); return (end.tv_nsec - start->tv_nsec) / 1000000000.0 + (end.tv_sec - start->tv_sec) * 1.0; @@ -50,7 +50,7 @@ static void run_test(diffie_hellman_group_t group, int rounds) chunk_t chunk; struct timespec timing; int round; - + r = lib->crypto->create_dh(lib->crypto, group); if (!r) { @@ -58,24 +58,24 @@ static void run_test(diffie_hellman_group_t group, int rounds) diffie_hellman_group_names, group); return; } - + printf("%N:\t", diffie_hellman_group_names, group); - + start_timing(&timing); for (round = 0; round < rounds; round++) { l[round] = lib->crypto->create_dh(lib->crypto, group); } printf("A = g^a/s: %8.1f", rounds / end_timing(&timing)); - + for (round = 0; round < rounds; round++) { l[round]->get_my_public_value(l[round], &chunk); r->set_other_public_value(r, chunk); chunk_free(&chunk); } - + r->get_my_public_value(r, &chunk); start_timing(&timing); for (round = 0; round < rounds; round++) @@ -84,7 +84,7 @@ static void run_test(diffie_hellman_group_t group, int rounds) } printf(" | S = B^a/s: %8.1f\n", rounds / end_timing(&timing)); chunk_free(&chunk); - + for (round = 0; round < rounds; round++) { l[round]->destroy(l[round]); @@ -95,22 +95,22 @@ static void run_test(diffie_hellman_group_t group, int rounds) int main(int argc, char *argv[]) { int rounds, i, j; - + if (argc < 4) { usage(); } - - library_init(STRONGSWAN_CONF); - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]); + + library_init(NULL); + lib->plugins->load(lib->plugins, NULL, argv[1]); atexit(library_deinit); - + rounds = atoi(argv[2]); - + for (i = 3; i < argc; i++) { bool found = FALSE; - + for (j = 0; j < countof(groups); j++) { if (streq(groups[j].name, argv[i])) diff --git a/scripts/id2sql.c b/scripts/id2sql.c index 5b0bd1d7d..5bc94f5b6 100644 --- a/scripts/id2sql.c +++ b/scripts/id2sql.c @@ -10,7 +10,7 @@ int main(int argc, char *argv[]) identification_t *id; chunk_t enc; int i; - + if (argc < 2) { return -1; @@ -29,7 +29,7 @@ int main(int argc, char *argv[]) for (i = 0; i < enc.len; i++) { printf("%02x", (unsigned int)enc.ptr[i]); - } + } printf("'\n"); return 0; } diff --git a/scripts/key2keyid.c b/scripts/key2keyid.c index 201670e43..cd6ebc1ed 100644 --- a/scripts/key2keyid.c +++ b/scripts/key2keyid.c @@ -15,9 +15,9 @@ int main(int argc, char *argv[]) chunk_t chunk; char buf[8096]; int read; - + library_init(NULL); - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "gmp pubkey sha1"); + lib->plugins->load(lib->plugins, NULL, PLUGINS); atexit(library_deinit); read = fread(buf, 1, sizeof(buf), stdin); @@ -26,32 +26,40 @@ int main(int argc, char *argv[]) fprintf(stderr, "reading key failed.\n"); return -1; } - + chunk = chunk_create(buf, read); - + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, chunk_clone(chunk), + BUILD_BLOB_PEM, chunk_clone(chunk), BUILD_END); if (private) { printf("parsed %d bits %N private key.\n", private->get_keysize(private)*8, key_type_names, private->get_type(private)); - printf("%N is:\t %D\n", id_type_names, ID_PUBKEY_INFO_SHA1, - private->get_id(private, ID_PUBKEY_INFO_SHA1)); - printf("%N is:\t %D\n", id_type_names, ID_PUBKEY_SHA1, - private->get_id(private, ID_PUBKEY_SHA1)); + if (private->get_fingerprint(private, KEY_ID_PUBKEY_INFO_SHA1, &chunk)) + { + printf("subjectPublicKeyInfo keyid: %#B\n", &chunk); + } + if (private->get_fingerprint(private, KEY_ID_PUBKEY_SHA1, &chunk)) + { + printf("subjectPublicKey keyid: %#B\n", &chunk); + } + if (private->get_fingerprint(private, KEY_ID_PGPV3, &chunk)) + { + printf("PGP verison 3 keyid: %#B\n", &chunk); + } private->destroy(private); return 0; } - + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, - BUILD_BLOB_ASN1_DER, chunk_clone(chunk), + BUILD_BLOB_PEM, chunk_clone(chunk), BUILD_END); if (!public) { public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, chunk_clone(chunk), + BUILD_BLOB_PEM, chunk_clone(chunk), BUILD_END); } if (public) @@ -59,14 +67,22 @@ int main(int argc, char *argv[]) printf("parsed %d bits %N public key.\n", public->get_keysize(public)*8, key_type_names, public->get_type(public)); - printf("%N is:\t %D\n", id_type_names, ID_PUBKEY_INFO_SHA1, - public->get_id(public, ID_PUBKEY_INFO_SHA1)); - printf("%N is:\t %D\n", id_type_names, ID_PUBKEY_SHA1, - public->get_id(public, ID_PUBKEY_SHA1)); + if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &chunk)) + { + printf("subjectPublicKeyInfo keyid: %#B\n", &chunk); + } + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk)) + { + printf("subjectPublicKey keyid: %#B\n", &chunk); + } + if (public->get_fingerprint(public, KEY_ID_PGPV3, &chunk)) + { + printf("PGP verison 3 keyid: %#B\n", &chunk); + } public->destroy(public); return 0; } - + fprintf(stderr, "unable to parse input key.\n"); return -1; } diff --git a/scripts/keyid2sql.c b/scripts/keyid2sql.c index 588bd7ac0..2d17c273d 100644 --- a/scripts/keyid2sql.c +++ b/scripts/keyid2sql.c @@ -2,11 +2,9 @@ #include #include #include -#include #include #include - /** * print the keyids of a private or public key in sql format */ @@ -14,13 +12,12 @@ int main(int argc, char *argv[]) { public_key_t *public; private_key_t *private; - identification_t *keyid; chunk_t chunk; char buf[8096]; int read, n; - + library_init(NULL); - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, "gmp pubkey sha1"); + lib->plugins->load(lib->plugins, NULL, PLUGINS); atexit(library_deinit); read = fread(buf, 1, sizeof(buf), stdin); @@ -29,51 +26,51 @@ int main(int argc, char *argv[]) fprintf(stderr, "reading key failed.\n"); return -1; } - + chunk = chunk_create(buf, read); - + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, chunk_clone(chunk), + BUILD_BLOB_PEM, chunk_clone(chunk), BUILD_END); if (private) { - keyid = private->get_id(private, ID_PUBKEY_INFO_SHA1); - chunk = keyid->get_encoding(keyid); - - printf("%d, X'", ID_PUBKEY_INFO_SHA1); - for (n = 0; n < chunk.len; n++) + if (private->get_fingerprint(private, KEY_ID_PUBKEY_SHA1, &chunk)) { - printf("%.2x", chunk.ptr[n]); + printf("%d, X'", ID_KEY_ID); + for (n = 0; n < chunk.len; n++) + { + printf("%.2x", chunk.ptr[n]); + } + printf("'\n"); } - printf("'\n"); private->destroy(private); return 0; } - + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, - BUILD_BLOB_ASN1_DER, chunk_clone(chunk), + BUILD_BLOB_PEM, chunk_clone(chunk), BUILD_END); if (!public) { public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, chunk_clone(chunk), + BUILD_BLOB_PEM, chunk_clone(chunk), BUILD_END); } if (public) { - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - chunk = keyid->get_encoding(keyid); - - printf("%d, X'", ID_PUBKEY_INFO_SHA1); - for (n = 0; n < chunk.len; n++) + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk)) { - printf("%.2x", chunk.ptr[n]); + printf("%d, X'", ID_KEY_ID); + for (n = 0; n < chunk.len; n++) + { + printf("%.2x", chunk.ptr[n]); + } + printf("'\n"); } - printf("'\n"); public->destroy(public); return 0; } - + fprintf(stderr, "unable to parse input key.\n"); return -1; } diff --git a/scripts/pubkey_speed.c b/scripts/pubkey_speed.c index 86a4e105b..255f650f5 100644 --- a/scripts/pubkey_speed.c +++ b/scripts/pubkey_speed.c @@ -4,7 +4,6 @@ #include #include #include -#include void start_timing(struct timespec *start) { @@ -14,7 +13,7 @@ void start_timing(struct timespec *start) double end_timing(struct timespec *start) { struct timespec end; - + clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end); return (end.tv_nsec - start->tv_nsec) / 1000000000.0 + (end.tv_sec - start->tv_sec) * 1.0; @@ -26,8 +25,6 @@ static void usage() exit(1); } -static char data_buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07}; - int main(int argc, char *argv[]) { private_key_t *private; @@ -37,15 +34,15 @@ int main(int argc, char *argv[]) char buf[8096], *pos = buf; key_type_t type = KEY_ANY; signature_scheme_t scheme = SIGN_UNKNOWN; - chunk_t keydata, *sigs, data = chunk_from_buf(data_buf); - + chunk_t keydata, *sigs, data; + if (argc < 4) { usage(); } - + rounds = atoi(argv[3]); - + if (streq(argv[2], "rsa")) { type = KEY_RSA; @@ -59,25 +56,20 @@ int main(int argc, char *argv[]) { usage(); } - - library_init(STRONGSWAN_CONF); - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]); + + library_init(NULL); + lib->plugins->load(lib->plugins, NULL, argv[1]); atexit(library_deinit); - + keydata = chunk_create(buf, 0); while ((read = fread(pos, 1, sizeof(buf) - (pos - buf), stdin))) { pos += read; keydata.len += read; } - if (pem_to_bin(&keydata, chunk_empty, NULL) != SUCCESS) - { - printf("converting PEM private key failed.\n"); - exit(1); - } - + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, - BUILD_BLOB_ASN1_DER, keydata, BUILD_END); + BUILD_BLOB_PEM, keydata, BUILD_END); if (!private) { printf("parsing private key failed.\n"); @@ -88,7 +80,7 @@ int main(int argc, char *argv[]) switch (private->get_keysize(private)) { case 32: - scheme = SIGN_ECDSA_256; + scheme = SIGN_ECDSA_256; break; case 48: scheme = SIGN_ECDSA_384; @@ -102,12 +94,13 @@ int main(int argc, char *argv[]) exit(1); } } - + printf("%4d bit %N: ", private->get_keysize(private)*8, key_type_names, type); - + sigs = malloc(sizeof(chunk_t) * rounds); - + + data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07); start_timing(&timing); for (round = 0; round < rounds; round++) { @@ -118,7 +111,7 @@ int main(int argc, char *argv[]) } }; printf("sign()/s: %8.1f ", rounds / end_timing(&timing)); - + public = private->get_public_key(private); if (!public) { @@ -137,7 +130,7 @@ int main(int argc, char *argv[]) printf("verify()/s: %8.1f\n", rounds / end_timing(&timing)); public->destroy(public); private->destroy(private); - + for (round = 0; round < rounds; round++) { free(sigs[round].ptr); diff --git a/scripts/thread_analysis.c b/scripts/thread_analysis.c index 53cd04359..7670ce1f8 100644 --- a/scripts/thread_analysis.c +++ b/scripts/thread_analysis.c @@ -1,5 +1,5 @@ /* Analyzes the concurrent use of charon's threads - * + * * Copyright (C) 2008 Andreas Steffen * Hochschule fuer Technik Rapperswil * @@ -52,7 +52,7 @@ static int readline(FILE *fd, char *line) *line = '\0'; return 1; } - line++; + line++; } *line = '\0'; return 0; @@ -69,14 +69,14 @@ static void printline(state_t *state, char *timestamp) for (th = 1; th <= THREADS; th++) { states[state[th]]++; - printf("", state_names[state[th]]); + printf("", state_names[state[th]]); } total = states[STATE_INIT] + states[STATE_AUTH] + states[STATE_BUSY] + states[STATE_RETRY]; printf("%d%d%d", states[STATE_INIT], states[STATE_AUTH], total); for (th = 10; th <= (THREADS + 2); th += 5) { - printf("", (th <= total + 2)? "busy":"idle"); + printf("", (th <= total + 2)? "busy":"idle"); } printf("\n"); printf(" \n"); @@ -91,13 +91,13 @@ int main(int argc, char *argv[]) FILE *fd; state_t state[THREADS + 1]; - + /* threads 1..5 and 9 are always busy */ for (th = 1; th <= THREADS; th++) { state[th] = (th <= 7 && th != 3)? STATE_BUSY : STATE_IDLE; } - + /* open the log file */ fd = fopen(LOGFILE, "r"); if (!fd) @@ -135,16 +135,16 @@ int main(int argc, char *argv[]) printf(" Timestamp"); for (th = 1 ; th <= THREADS; th++) { - printf("%02d", th); + printf("%02d", th); } printf("IAB"); for (th = 10; th <= (THREADS + 2); th += 5) { - printf("%d", (th == 100)? 99:th); + printf("%d", (th == 100)? 99:th); } printf("\n"); printf(" \n"); - + while (readline(fd, line)) { char *p_section, *p_charon, *p_thread, *p_log; @@ -170,7 +170,7 @@ int main(int argc, char *argv[]) { continue; } - + /* determine thread */ p_thread = p_charon + 8; th = atol(p_thread); @@ -268,6 +268,6 @@ int main(int argc, char *argv[]) printf("\n"); printf("\n"); - fclose(fd); + fclose(fd); return 0; } diff --git a/src/Makefile.am b/src/Makefile.am index ebdaa6a63..ae3ec8a20 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,6 +4,10 @@ if USE_LIBSTRONGSWAN SUBDIRS += libstrongswan endif +if USE_SIMAKA + SUBDIRS += libsimaka +endif + if USE_FILE_CONFIG SUBDIRS += libfreeswan starter ipsec _copyright endif @@ -25,7 +29,7 @@ if USE_UPDOWN endif if USE_TOOLS - SUBDIRS += openac scepclient + SUBDIRS += openac scepclient pki endif if USE_DUMM @@ -50,6 +54,6 @@ endif EXTRA_DIST = strongswan.conf -install-exec-local : +install-exec-local : test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)" test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true diff --git a/src/Makefile.in b/src/Makefile.in index 18da06f7b..2e305f50a 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -15,8 +16,9 @@ @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -32,25 +34,34 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @USE_LIBSTRONGSWAN_TRUE@am__append_1 = libstrongswan -@USE_FILE_CONFIG_TRUE@am__append_2 = libfreeswan starter ipsec _copyright -@USE_PLUTO_TRUE@am__append_3 = pluto whack -@USE_CHARON_TRUE@am__append_4 = charon -@USE_STROKE_TRUE@am__append_5 = stroke -@USE_UPDOWN_TRUE@am__append_6 = _updown _updown_espmark -@USE_TOOLS_TRUE@am__append_7 = openac scepclient -@USE_DUMM_TRUE@am__append_8 = dumm -@USE_FAST_TRUE@am__append_9 = libfast -@USE_MANAGER_TRUE@am__append_10 = manager -@USE_MEDSRV_TRUE@am__append_11 = medsrv -@USE_INTEGRITY_TEST_TRUE@am__append_12 = checksum +@USE_SIMAKA_TRUE@am__append_2 = libsimaka +@USE_FILE_CONFIG_TRUE@am__append_3 = libfreeswan starter ipsec _copyright +@USE_PLUTO_TRUE@am__append_4 = pluto whack +@USE_CHARON_TRUE@am__append_5 = charon +@USE_STROKE_TRUE@am__append_6 = stroke +@USE_UPDOWN_TRUE@am__append_7 = _updown _updown_espmark +@USE_TOOLS_TRUE@am__append_8 = openac scepclient pki +@USE_DUMM_TRUE@am__append_9 = dumm +@USE_FAST_TRUE@am__append_10 = libfast +@USE_MANAGER_TRUE@am__append_11 = manager +@USE_MEDSRV_TRUE@am__append_12 = medsrv +@USE_INTEGRITY_TEST_TRUE@am__append_13 = checksum subdir = src DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ @@ -62,12 +73,41 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = . include libstrongswan libfreeswan starter ipsec \ - _copyright pluto whack charon stroke _updown _updown_espmark \ - openac scepclient dumm libfast manager medsrv checksum +DIST_SUBDIRS = . include libstrongswan libsimaka libfreeswan starter \ + ipsec _copyright pluto whack charon stroke _updown \ + _updown_espmark openac scepclient pki dumm libfast manager \ + medsrv checksum DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ @@ -101,25 +141,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -131,11 +168,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -164,9 +204,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -189,7 +229,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -197,6 +237,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -205,10 +246,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -216,12 +259,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_4) $(am__append_5) $(am__append_6) \ $(am__append_7) $(am__append_8) $(am__append_9) \ - $(am__append_10) $(am__append_11) $(am__append_12) + $(am__append_10) $(am__append_11) $(am__append_12) \ + $(am__append_13) EXTRA_DIST = strongswan.conf all: all-recursive @@ -235,9 +280,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -255,6 +300,7 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -286,7 +332,7 @@ $(RECURSIVE_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ @@ -320,16 +366,16 @@ $(RECURSIVE_CLEAN_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) @@ -344,7 +390,7 @@ tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ @@ -356,7 +402,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -365,29 +411,34 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -408,29 +459,44 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ + am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ @@ -460,6 +526,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -478,6 +545,8 @@ dvi-am: html: html-recursive +html-am: + info: info-recursive info-am: @@ -486,18 +555,28 @@ install-data-am: install-dvi: install-dvi-recursive +install-dvi-am: + install-exec-am: install-exec-local install-html: install-html-recursive +install-html-am: + install-info: install-info-recursive +install-info-am: + install-man: install-pdf: install-pdf-recursive +install-pdf-am: + install-ps: install-ps-recursive +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-recursive @@ -518,8 +597,8 @@ ps-am: uninstall-am: -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-strip +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ + install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ @@ -536,9 +615,10 @@ uninstall-am: ps ps-am tags tags-recursive uninstall uninstall-am -install-exec-local : +install-exec-local : test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)" test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index fabc84a29..fe529a151 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -37,13 +39,20 @@ subdir = src/_copyright DIST_COMMON = $(dist_man8_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(ipsec_PROGRAMS) am__copyright_OBJECTS = _copyright.$(OBJEXT) _copyright_OBJECTS = $(am__copyright_OBJECTS) @@ -53,6 +62,7 @@ _copyright_DEPENDENCIES = \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -64,6 +74,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(_copyright_SOURCES) DIST_SOURCES = $(_copyright_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man8dir = $(mandir)/man8 NROFF = nroff MANS = $(dist_man8_MANS) @@ -103,25 +134,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -133,11 +161,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -166,9 +197,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -191,7 +222,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -199,6 +230,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -207,10 +239,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -218,6 +252,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ _copyright_SOURCES = _copyright.c @@ -240,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_copyright/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/_copyright/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_copyright/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/_copyright/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,34 +295,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list _copyright$(EXEEXT): $(_copyright_OBJECTS) $(_copyright_DEPENDENCIES) @rm -f _copyright$(EXEEXT) $(LINK) $(_copyright_OBJECTS) $(_copyright_LDADD) $(LIBS) @@ -302,21 +353,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -326,51 +377,40 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(dist_man8_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -384,7 +424,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -392,34 +432,52 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -435,13 +493,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -472,6 +534,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -493,6 +556,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -501,18 +566,28 @@ install-data-am: install-ipsecPROGRAMS install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -554,6 +629,7 @@ uninstall-man: uninstall-man8 tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ uninstall-man uninstall-man8 + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/_copyright/_copyright.c b/src/_copyright/_copyright.c index 5abefd4f1..9f0ad9785 100644 --- a/src/_copyright/_copyright.c +++ b/src/_copyright/_copyright.c @@ -2,12 +2,12 @@ * copyright reporter * (just avoids having the info in more than one place in the source) * Copyright (C) 2001 Henry Spencer. - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License diff --git a/src/_updown/Makefile.am b/src/_updown/Makefile.am index 5fc04ab88..116322e1e 100644 --- a/src/_updown/Makefile.am +++ b/src/_updown/Makefile.am @@ -5,8 +5,8 @@ EXTRA_DIST = _updown.in _updown : _updown.in sed \ - -e "s:@IPSEC_SBINDIR@:$(sbindir):" \ - -e "s:\@IPSEC_ROUTING_TABLE\@:$(IPSEC_ROUTING_TABLE):" \ - -e "s:\@IPSEC_ROUTING_TABLE_PRIO\@:$(IPSEC_ROUTING_TABLE_PRIO):" \ + -e "s:\@sbindir\@:$(sbindir):" \ + -e "s:\@routing_table\@:$(routing_table):" \ + -e "s:\@routing_table_prio\@:$(routing_table_prio):" \ $(srcdir)/$@.in > $@ chmod +x $@ diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index 60755da69..e99238ed8 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -36,13 +38,41 @@ subdir = src/_updown DIST_COMMON = $(dist_man8_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" -ipsecSCRIPT_INSTALL = $(INSTALL_SCRIPT) SCRIPTS = $(ipsec_SCRIPTS) SOURCES = DIST_SOURCES = @@ -83,25 +113,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -113,11 +140,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -146,9 +176,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -171,7 +201,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -179,6 +209,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -187,10 +218,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -198,6 +231,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ ipsec_SCRIPTS = _updown @@ -216,9 +250,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_updown/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/_updown/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_updown/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/_updown/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -236,76 +270,81 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecSCRIPTS: $(ipsec_SCRIPTS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_SCRIPTS)'; for p in $$list; do \ + @list='$(ipsec_SCRIPTS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - if test -f $$d$$p; then \ - f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ - echo " $(ipsecSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(ipsecSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(ipsecdir)/$$f"; \ - else :; fi; \ - done + if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n' \ + -e 'h;s|.*|.|' \ + -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) { files[d] = files[d] " " $$1; \ + if (++n[d] == $(am__install_max)) { \ + print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ + else { print "f", d "/" $$4, $$1 } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecSCRIPTS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_SCRIPTS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_SCRIPTS)'; test -n "$(ipsecdir)" || exit 0; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 's,.*/,,;$(transform)'`; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(dist_man8_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } tags: TAGS TAGS: @@ -314,6 +353,19 @@ CTAGS: distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -329,13 +381,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -367,6 +423,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -385,6 +442,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -393,18 +452,28 @@ install-data-am: install-ipsecSCRIPTS install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -445,11 +514,12 @@ uninstall-man: uninstall-man8 _updown : _updown.in sed \ - -e "s:@IPSEC_SBINDIR@:$(sbindir):" \ - -e "s:\@IPSEC_ROUTING_TABLE\@:$(IPSEC_ROUTING_TABLE):" \ - -e "s:\@IPSEC_ROUTING_TABLE_PRIO\@:$(IPSEC_ROUTING_TABLE_PRIO):" \ + -e "s:\@sbindir\@:$(sbindir):" \ + -e "s:\@routing_table\@:$(routing_table):" \ + -e "s:\@routing_table_prio\@:$(routing_table_prio):" \ $(srcdir)/$@.in > $@ chmod +x $@ + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in index 838842d06..2cc311665 100644 --- a/src/_updown/_updown.in +++ b/src/_updown/_updown.in @@ -5,12 +5,12 @@ # Copyright (C) 2003-2004 Tuomo Soini # Copyright (C) 2002-2004 Michael Richardson # Copyright (C) 2005-2007 Andreas Steffen -# +# # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . -# +# # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License @@ -117,7 +117,7 @@ # # define a minimum PATH environment in case it is not set -PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@" +PATH="/sbin:/bin:/usr/sbin:/usr/bin:@sbindir@" export PATH # uncomment to log VPN connections @@ -139,10 +139,10 @@ FAC_PRIO=local0.notice # must be enabled # # special routing table for sourceip routes -SOURCEIP_ROUTING_TABLE=@IPSEC_ROUTING_TABLE@ +SOURCEIP_ROUTING_TABLE=@routing_table@ # # priority of the sourceip routing table -SOURCEIP_ROUTING_TABLE_PRIO=@IPSEC_ROUTING_TABLE_PRIO@ +SOURCEIP_ROUTING_TABLE_PRIO=@routing_table_prio@ # check interface version case "$PLUTO_VERSION" in @@ -231,7 +231,7 @@ doroute() { parms2="via $PLUTO_NEXT_HOP" else parms2="via $PLUTO_PEER" - fi + fi parms2="$parms2 dev $PLUTO_INTERFACE" parms3= @@ -251,7 +251,7 @@ doroute() { case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # opportunistic encryption work around - # need to provide route that eclipses default, without + # need to provide route that eclipses default, without # replacing it. it="ip route $1 0.0.0.0/1 $parms2 $parms3 && ip route $1 128.0.0.0/1 $parms2 $parms3" @@ -271,8 +271,8 @@ doroute() { fi return $st } - -# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY + +# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] then KLIPS=1 @@ -314,7 +314,7 @@ prepare-host:*|prepare-client:*) # delete possibly-existing route (preliminary to adding a route) case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") - # need to provide route that eclipses default, without + # need to provide route that eclipses default, without # replacing it. parms1="0.0.0.0/1" parms2="128.0.0.0/1" @@ -333,7 +333,7 @@ prepare-host:*|prepare-client:*) oops="silent error, exit status $status" fi case "$oops" in - *'RTNETLINK answers: No such process'*) + *'RTNETLINK answers: No such process'*) # This is what route (currently -- not documented!) gives # for "could not find such a route". oops= @@ -392,7 +392,7 @@ up-host:iptables) logger -t $TAG -p $FAC_PRIO \ "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" fi - fi + fi ;; down-host:iptables) # connection to me, with (left/right)firewall=yes, going down @@ -551,7 +551,7 @@ up-host-v6:iptables) logger -t $TAG -p $FAC_PRIO \ "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" fi - fi + fi ;; down-host-v6:iptables) # connection to me, with (left/right)firewall=yes, going down diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in index 55d3c6b4d..ed88b67a6 100644 --- a/src/_updown_espmark/Makefile.in +++ b/src/_updown_espmark/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -36,13 +38,41 @@ subdir = src/_updown_espmark DIST_COMMON = $(dist_ipsec_SCRIPTS) $(dist_man8_MANS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" -dist_ipsecSCRIPT_INSTALL = $(INSTALL_SCRIPT) SCRIPTS = $(dist_ipsec_SCRIPTS) SOURCES = DIST_SOURCES = @@ -83,25 +113,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -113,11 +140,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -146,9 +176,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -171,7 +201,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -179,6 +209,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -187,10 +218,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -198,6 +231,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ dist_ipsec_SCRIPTS = _updown_espmark @@ -214,9 +248,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_updown_espmark/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/_updown_espmark/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_updown_espmark/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/_updown_espmark/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -234,76 +268,81 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-dist_ipsecSCRIPTS: $(dist_ipsec_SCRIPTS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(dist_ipsec_SCRIPTS)'; for p in $$list; do \ + @list='$(dist_ipsec_SCRIPTS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - if test -f $$d$$p; then \ - f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ - echo " $(dist_ipsecSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(dist_ipsecSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(ipsecdir)/$$f"; \ - else :; fi; \ - done + if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n' \ + -e 'h;s|.*|.|' \ + -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) { files[d] = files[d] " " $$1; \ + if (++n[d] == $(am__install_max)) { \ + print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ + else { print "f", d "/" $$4, $$1 } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-dist_ipsecSCRIPTS: @$(NORMAL_UNINSTALL) - @list='$(dist_ipsec_SCRIPTS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(dist_ipsec_SCRIPTS)'; test -n "$(ipsecdir)" || exit 0; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 's,.*/,,;$(transform)'`; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(dist_man8_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } tags: TAGS TAGS: @@ -312,6 +351,19 @@ CTAGS: distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -327,13 +379,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -364,6 +420,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -382,6 +439,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -390,18 +449,28 @@ install-data-am: install-dist_ipsecSCRIPTS install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -439,6 +508,7 @@ uninstall-man: uninstall-man8 ps ps-am uninstall uninstall-am uninstall-dist_ipsecSCRIPTS \ uninstall-man uninstall-man8 + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index dd51555c0..e20d45cf8 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -11,10 +11,6 @@ config/ike_cfg.c config/ike_cfg.h \ config/peer_cfg.c config/peer_cfg.h \ config/proposal.c config/proposal.h \ config/auth_cfg.c config/auth_cfg.h \ -config/traffic_selector.c config/traffic_selector.h \ -config/attributes/attribute_provider.h \ -config/attributes/attribute_handler.h \ -config/attributes/attribute_manager.c config/attributes/attribute_manager.h \ control/controller.c control/controller.h \ daemon.c daemon.h \ encoding/generator.c encoding/generator.h \ @@ -64,6 +60,7 @@ processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \ processing/jobs/roam_job.c processing/jobs/roam_job.h \ processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \ +processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \ processing/scheduler.c processing/scheduler.h \ processing/processor.c processing/processor.h \ sa/authenticators/authenticator.c sa/authenticators/authenticator.h \ @@ -95,6 +92,7 @@ sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \ sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \ sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \ sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \ +sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \ sa/tasks/task.c sa/tasks/task.h \ credentials/credential_manager.c credentials/credential_manager.h \ credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \ @@ -102,13 +100,11 @@ credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper. credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ credentials/credential_set.h -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic \ -DIPSEC_DIR=\"${ipsecdir}\" \ - -DIPSEC_PIDDIR=\"${piddir}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\" \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" -charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lpthread -lm $(DLLIB) $(SOCKLIB) + -DIPSEC_PIDDIR=\"${piddir}\" +charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) # compile options ################# @@ -137,10 +133,10 @@ endif # build optional plugins ######################## -SUBDIRS = . +SUBDIRS = . PLUGINS = ${libstrongswan_plugins} -if USE_LOAD_TESTS +if USE_LOAD_TESTER SUBDIRS += plugins/load_tester PLUGINS += load-tester endif @@ -192,42 +188,57 @@ endif if USE_EAP_IDENTITY SUBDIRS += plugins/eap_identity - PLUGINS += eapidentity + PLUGINS += eap-identity endif if USE_EAP_SIM SUBDIRS += plugins/eap_sim - PLUGINS += eapsim + PLUGINS += eap-sim endif if USE_EAP_SIM_FILE SUBDIRS += plugins/eap_sim_file - PLUGINS += eapsim-file + PLUGINS += eap-sim-file +endif + +if USE_EAP_SIMAKA_PSEUDONYM + SUBDIRS += plugins/eap_simaka_pseudonym + PLUGINS += eap-simaka-pseudonym +endif + +if USE_EAP_SIMAKA_REAUTH + SUBDIRS += plugins/eap_simaka_reauth + PLUGINS += eap-simaka-reauth endif if USE_EAP_MD5 SUBDIRS += plugins/eap_md5 - PLUGINS += eapmd5 + PLUGINS += eap-md5 endif if USE_EAP_GTC SUBDIRS += plugins/eap_gtc - PLUGINS += eapgtc + PLUGINS += eap-gtc endif if USE_EAP_AKA SUBDIRS += plugins/eap_aka - PLUGINS += eapaka + PLUGINS += eap-aka +endif + +if USE_EAP_AKA_3GPP2 + SUBDIRS += plugins/eap_aka_3gpp2 + PLUGINS += eap-aka-3gpp2 endif if USE_EAP_MSCHAPV2 SUBDIRS += plugins/eap_mschapv2 - PLUGINS += eapmschapv2 + PLUGINS += eap-mschapv2 endif if USE_EAP_RADIUS SUBDIRS += plugins/eap_radius - PLUGINS += eapradius + PLUGINS += eap-radius endif if USE_MEDSRV @@ -245,9 +256,9 @@ if USE_NM PLUGINS += nm endif -if USE_RESOLV_CONF - SUBDIRS += plugins/resolv_conf - PLUGINS += resolv-conf +if USE_RESOLVE + SUBDIRS += plugins/resolve + PLUGINS += resolve endif if USE_UCI diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index 59c0228f8..d7339b226 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -48,8 +50,8 @@ ipsec_PROGRAMS = charon$(EXEEXT) @USE_ME_TRUE@ sa/tasks/ike_me.c sa/tasks/ike_me.h @USE_CAPABILITIES_TRUE@am__append_4 = -lcap -@USE_LOAD_TESTS_TRUE@am__append_5 = plugins/load_tester -@USE_LOAD_TESTS_TRUE@am__append_6 = load-tester +@USE_LOAD_TESTER_TRUE@am__append_5 = plugins/load_tester +@USE_LOAD_TESTER_TRUE@am__append_6 = load-tester @USE_KERNEL_PFKEY_TRUE@am__append_7 = plugins/kernel_pfkey @USE_KERNEL_PFKEY_TRUE@am__append_8 = kernel-pfkey @USE_KERNEL_PFROUTE_TRUE@am__append_9 = plugins/kernel_pfroute @@ -69,43 +71,56 @@ ipsec_PROGRAMS = charon$(EXEEXT) @USE_ATTR_TRUE@am__append_23 = plugins/attr @USE_ATTR_TRUE@am__append_24 = attr @USE_EAP_IDENTITY_TRUE@am__append_25 = plugins/eap_identity -@USE_EAP_IDENTITY_TRUE@am__append_26 = eapidentity +@USE_EAP_IDENTITY_TRUE@am__append_26 = eap-identity @USE_EAP_SIM_TRUE@am__append_27 = plugins/eap_sim -@USE_EAP_SIM_TRUE@am__append_28 = eapsim +@USE_EAP_SIM_TRUE@am__append_28 = eap-sim @USE_EAP_SIM_FILE_TRUE@am__append_29 = plugins/eap_sim_file -@USE_EAP_SIM_FILE_TRUE@am__append_30 = eapsim-file -@USE_EAP_MD5_TRUE@am__append_31 = plugins/eap_md5 -@USE_EAP_MD5_TRUE@am__append_32 = eapmd5 -@USE_EAP_GTC_TRUE@am__append_33 = plugins/eap_gtc -@USE_EAP_GTC_TRUE@am__append_34 = eapgtc -@USE_EAP_AKA_TRUE@am__append_35 = plugins/eap_aka -@USE_EAP_AKA_TRUE@am__append_36 = eapaka -@USE_EAP_MSCHAPV2_TRUE@am__append_37 = plugins/eap_mschapv2 -@USE_EAP_MSCHAPV2_TRUE@am__append_38 = eapmschapv2 -@USE_EAP_RADIUS_TRUE@am__append_39 = plugins/eap_radius -@USE_EAP_RADIUS_TRUE@am__append_40 = eapradius -@USE_MEDSRV_TRUE@am__append_41 = plugins/medsrv -@USE_MEDSRV_TRUE@am__append_42 = medsrv -@USE_MEDCLI_TRUE@am__append_43 = plugins/medcli -@USE_MEDCLI_TRUE@am__append_44 = medcli -@USE_NM_TRUE@am__append_45 = plugins/nm -@USE_NM_TRUE@am__append_46 = nm -@USE_RESOLV_CONF_TRUE@am__append_47 = plugins/resolv_conf -@USE_RESOLV_CONF_TRUE@am__append_48 = resolv-conf -@USE_UCI_TRUE@am__append_49 = plugins/uci -@USE_UCI_TRUE@am__append_50 = uci -@USE_UNIT_TESTS_TRUE@am__append_51 = plugins/unit_tester -@USE_UNIT_TESTS_TRUE@am__append_52 = unit-tester +@USE_EAP_SIM_FILE_TRUE@am__append_30 = eap-sim-file +@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_31 = plugins/eap_simaka_pseudonym +@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_32 = eap-simaka-pseudonym +@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_33 = plugins/eap_simaka_reauth +@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_34 = eap-simaka-reauth +@USE_EAP_MD5_TRUE@am__append_35 = plugins/eap_md5 +@USE_EAP_MD5_TRUE@am__append_36 = eap-md5 +@USE_EAP_GTC_TRUE@am__append_37 = plugins/eap_gtc +@USE_EAP_GTC_TRUE@am__append_38 = eap-gtc +@USE_EAP_AKA_TRUE@am__append_39 = plugins/eap_aka +@USE_EAP_AKA_TRUE@am__append_40 = eap-aka +@USE_EAP_AKA_3GPP2_TRUE@am__append_41 = plugins/eap_aka_3gpp2 +@USE_EAP_AKA_3GPP2_TRUE@am__append_42 = eap-aka-3gpp2 +@USE_EAP_MSCHAPV2_TRUE@am__append_43 = plugins/eap_mschapv2 +@USE_EAP_MSCHAPV2_TRUE@am__append_44 = eap-mschapv2 +@USE_EAP_RADIUS_TRUE@am__append_45 = plugins/eap_radius +@USE_EAP_RADIUS_TRUE@am__append_46 = eap-radius +@USE_MEDSRV_TRUE@am__append_47 = plugins/medsrv +@USE_MEDSRV_TRUE@am__append_48 = medsrv +@USE_MEDCLI_TRUE@am__append_49 = plugins/medcli +@USE_MEDCLI_TRUE@am__append_50 = medcli +@USE_NM_TRUE@am__append_51 = plugins/nm +@USE_NM_TRUE@am__append_52 = nm +@USE_RESOLVE_TRUE@am__append_53 = plugins/resolve +@USE_RESOLVE_TRUE@am__append_54 = resolve +@USE_UCI_TRUE@am__append_55 = plugins/uci +@USE_UCI_TRUE@am__append_56 = uci +@USE_UNIT_TESTS_TRUE@am__append_57 = plugins/unit_tester +@USE_UNIT_TESTS_TRUE@am__append_58 = unit-tester subdir = src/charon DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(ipsec_PROGRAMS) am__charon_SOURCES_DIST = bus/bus.c bus/bus.h bus/listeners/listener.h \ bus/listeners/file_logger.c bus/listeners/file_logger.h \ @@ -114,12 +129,7 @@ am__charon_SOURCES_DIST = bus/bus.c bus/bus.h bus/listeners/listener.h \ config/backend.h config/child_cfg.c config/child_cfg.h \ config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \ config/peer_cfg.h config/proposal.c config/proposal.h \ - config/auth_cfg.c config/auth_cfg.h config/traffic_selector.c \ - config/traffic_selector.h \ - config/attributes/attribute_provider.h \ - config/attributes/attribute_handler.h \ - config/attributes/attribute_manager.c \ - config/attributes/attribute_manager.h control/controller.c \ + config/auth_cfg.c config/auth_cfg.h control/controller.c \ control/controller.h daemon.c daemon.h encoding/generator.c \ encoding/generator.h encoding/message.c encoding/message.h \ encoding/parser.c encoding/parser.h \ @@ -186,7 +196,9 @@ am__charon_SOURCES_DIST = bus/bus.c bus/bus.h bus/listeners/listener.h \ processing/jobs/send_keepalive_job.h \ processing/jobs/roam_job.c processing/jobs/roam_job.h \ processing/jobs/update_sa_job.c \ - processing/jobs/update_sa_job.h processing/scheduler.c \ + processing/jobs/update_sa_job.h \ + processing/jobs/inactivity_job.c \ + processing/jobs/inactivity_job.h processing/scheduler.c \ processing/scheduler.h processing/processor.c \ processing/processor.h sa/authenticators/authenticator.c \ sa/authenticators/authenticator.h \ @@ -218,7 +230,8 @@ am__charon_SOURCES_DIST = bus/bus.c bus/bus.h bus/listeners/listener.h \ sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \ sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \ sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \ - sa/tasks/ike_auth_lifetime.h sa/tasks/task.c sa/tasks/task.h \ + sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \ + sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \ credentials/credential_manager.c \ credentials/credential_manager.h \ credentials/sets/auth_cfg_wrapper.c \ @@ -244,15 +257,14 @@ am__charon_SOURCES_DIST = bus/bus.c bus/bus.h bus/listeners/listener.h \ am_charon_OBJECTS = bus.$(OBJEXT) file_logger.$(OBJEXT) \ sys_logger.$(OBJEXT) backend_manager.$(OBJEXT) \ child_cfg.$(OBJEXT) ike_cfg.$(OBJEXT) peer_cfg.$(OBJEXT) \ - proposal.$(OBJEXT) auth_cfg.$(OBJEXT) \ - traffic_selector.$(OBJEXT) attribute_manager.$(OBJEXT) \ - controller.$(OBJEXT) daemon.$(OBJEXT) generator.$(OBJEXT) \ - message.$(OBJEXT) parser.$(OBJEXT) auth_payload.$(OBJEXT) \ - cert_payload.$(OBJEXT) certreq_payload.$(OBJEXT) \ - configuration_attribute.$(OBJEXT) cp_payload.$(OBJEXT) \ - delete_payload.$(OBJEXT) eap_payload.$(OBJEXT) \ - encodings.$(OBJEXT) encryption_payload.$(OBJEXT) \ - id_payload.$(OBJEXT) ike_header.$(OBJEXT) ke_payload.$(OBJEXT) \ + proposal.$(OBJEXT) auth_cfg.$(OBJEXT) controller.$(OBJEXT) \ + daemon.$(OBJEXT) generator.$(OBJEXT) message.$(OBJEXT) \ + parser.$(OBJEXT) auth_payload.$(OBJEXT) cert_payload.$(OBJEXT) \ + certreq_payload.$(OBJEXT) configuration_attribute.$(OBJEXT) \ + cp_payload.$(OBJEXT) delete_payload.$(OBJEXT) \ + eap_payload.$(OBJEXT) encodings.$(OBJEXT) \ + encryption_payload.$(OBJEXT) id_payload.$(OBJEXT) \ + ike_header.$(OBJEXT) ke_payload.$(OBJEXT) \ nonce_payload.$(OBJEXT) notify_payload.$(OBJEXT) \ payload.$(OBJEXT) proposal_substructure.$(OBJEXT) \ sa_payload.$(OBJEXT) traffic_selector_substructure.$(OBJEXT) \ @@ -266,20 +278,21 @@ am_charon_OBJECTS = bus.$(OBJEXT) file_logger.$(OBJEXT) \ rekey_child_sa_job.$(OBJEXT) rekey_ike_sa_job.$(OBJEXT) \ retransmit_job.$(OBJEXT) send_dpd_job.$(OBJEXT) \ send_keepalive_job.$(OBJEXT) roam_job.$(OBJEXT) \ - update_sa_job.$(OBJEXT) scheduler.$(OBJEXT) \ - processor.$(OBJEXT) authenticator.$(OBJEXT) \ - eap_authenticator.$(OBJEXT) eap_method.$(OBJEXT) \ - eap_manager.$(OBJEXT) sim_manager.$(OBJEXT) \ - psk_authenticator.$(OBJEXT) pubkey_authenticator.$(OBJEXT) \ - child_sa.$(OBJEXT) ike_sa.$(OBJEXT) ike_sa_id.$(OBJEXT) \ - ike_sa_manager.$(OBJEXT) task_manager.$(OBJEXT) \ - keymat.$(OBJEXT) trap_manager.$(OBJEXT) child_create.$(OBJEXT) \ - child_delete.$(OBJEXT) child_rekey.$(OBJEXT) \ - ike_auth.$(OBJEXT) ike_cert_pre.$(OBJEXT) \ - ike_cert_post.$(OBJEXT) ike_config.$(OBJEXT) \ - ike_delete.$(OBJEXT) ike_dpd.$(OBJEXT) ike_init.$(OBJEXT) \ - ike_natd.$(OBJEXT) ike_mobike.$(OBJEXT) ike_rekey.$(OBJEXT) \ - ike_reauth.$(OBJEXT) ike_auth_lifetime.$(OBJEXT) \ + update_sa_job.$(OBJEXT) inactivity_job.$(OBJEXT) \ + scheduler.$(OBJEXT) processor.$(OBJEXT) \ + authenticator.$(OBJEXT) eap_authenticator.$(OBJEXT) \ + eap_method.$(OBJEXT) eap_manager.$(OBJEXT) \ + sim_manager.$(OBJEXT) psk_authenticator.$(OBJEXT) \ + pubkey_authenticator.$(OBJEXT) child_sa.$(OBJEXT) \ + ike_sa.$(OBJEXT) ike_sa_id.$(OBJEXT) ike_sa_manager.$(OBJEXT) \ + task_manager.$(OBJEXT) keymat.$(OBJEXT) trap_manager.$(OBJEXT) \ + child_create.$(OBJEXT) child_delete.$(OBJEXT) \ + child_rekey.$(OBJEXT) ike_auth.$(OBJEXT) \ + ike_cert_pre.$(OBJEXT) ike_cert_post.$(OBJEXT) \ + ike_config.$(OBJEXT) ike_delete.$(OBJEXT) ike_dpd.$(OBJEXT) \ + ike_init.$(OBJEXT) ike_natd.$(OBJEXT) ike_mobike.$(OBJEXT) \ + ike_rekey.$(OBJEXT) ike_reauth.$(OBJEXT) \ + ike_auth_lifetime.$(OBJEXT) ike_vendor.$(OBJEXT) \ task.$(OBJEXT) credential_manager.$(OBJEXT) \ auth_cfg_wrapper.$(OBJEXT) ocsp_response_wrapper.$(OBJEXT) \ cert_cache.$(OBJEXT) $(am__objects_1) $(am__objects_2) \ @@ -289,10 +302,11 @@ am__DEPENDENCIES_1 = charon_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -313,17 +327,47 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . plugins/load_tester plugins/kernel_pfkey \ plugins/kernel_pfroute plugins/kernel_klips \ plugins/kernel_netlink plugins/stroke plugins/smp plugins/sql \ plugins/updown plugins/attr plugins/eap_identity \ - plugins/eap_sim plugins/eap_sim_file plugins/eap_md5 \ - plugins/eap_gtc plugins/eap_aka plugins/eap_mschapv2 \ - plugins/eap_radius plugins/medsrv plugins/medcli plugins/nm \ - plugins/resolv_conf plugins/uci plugins/unit_tester + plugins/eap_sim plugins/eap_sim_file \ + plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \ + plugins/eap_md5 plugins/eap_gtc plugins/eap_aka \ + plugins/eap_aka_3gpp2 plugins/eap_mschapv2 plugins/eap_radius \ + plugins/medsrv plugins/medcli plugins/nm plugins/resolve \ + plugins/uci plugins/unit_tester DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ @@ -357,25 +401,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -387,11 +428,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -420,9 +464,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -445,7 +489,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -453,6 +497,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -461,10 +506,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -472,6 +519,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ charon_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ @@ -481,12 +529,7 @@ charon_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ config/backend.h config/child_cfg.c config/child_cfg.h \ config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \ config/peer_cfg.h config/proposal.c config/proposal.h \ - config/auth_cfg.c config/auth_cfg.h config/traffic_selector.c \ - config/traffic_selector.h \ - config/attributes/attribute_provider.h \ - config/attributes/attribute_handler.h \ - config/attributes/attribute_manager.c \ - config/attributes/attribute_manager.h control/controller.c \ + config/auth_cfg.c config/auth_cfg.h control/controller.c \ control/controller.h daemon.c daemon.h encoding/generator.c \ encoding/generator.h encoding/message.c encoding/message.h \ encoding/parser.c encoding/parser.h \ @@ -553,7 +596,9 @@ charon_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ processing/jobs/send_keepalive_job.h \ processing/jobs/roam_job.c processing/jobs/roam_job.h \ processing/jobs/update_sa_job.c \ - processing/jobs/update_sa_job.h processing/scheduler.c \ + processing/jobs/update_sa_job.h \ + processing/jobs/inactivity_job.c \ + processing/jobs/inactivity_job.h processing/scheduler.c \ processing/scheduler.h processing/processor.c \ processing/processor.h sa/authenticators/authenticator.c \ sa/authenticators/authenticator.h \ @@ -585,7 +630,8 @@ charon_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \ sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \ sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \ - sa/tasks/ike_auth_lifetime.h sa/tasks/task.c sa/tasks/task.h \ + sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \ + sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \ credentials/credential_manager.c \ credentials/credential_manager.h \ credentials/sets/auth_cfg_wrapper.c \ @@ -595,14 +641,11 @@ charon_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ credentials/credential_set.h $(am__append_1) $(am__append_2) \ $(am__append_3) -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -DIPSEC_DIR=\"${ipsecdir}\" \ - -DIPSEC_PIDDIR=\"${piddir}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\" \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ - -DPLUGINS=\""${PLUGINS}\"" -charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -lpthread -lm $(DLLIB) $(SOCKLIB) $(am__append_4) + -DIPSEC_PIDDIR=\"${piddir}\" -DPLUGINS=\""${PLUGINS}\"" +charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lm \ + $(PTHREADLIB) $(DLLIB) $(SOCKLIB) $(am__append_4) # build optional plugins ######################## @@ -613,7 +656,8 @@ SUBDIRS = . $(am__append_5) $(am__append_7) $(am__append_9) \ $(am__append_29) $(am__append_31) $(am__append_33) \ $(am__append_35) $(am__append_37) $(am__append_39) \ $(am__append_41) $(am__append_43) $(am__append_45) \ - $(am__append_47) $(am__append_49) $(am__append_51) + $(am__append_47) $(am__append_49) $(am__append_51) \ + $(am__append_53) $(am__append_55) $(am__append_57) PLUGINS = ${libstrongswan_plugins} $(am__append_6) $(am__append_8) \ $(am__append_10) $(am__append_12) $(am__append_14) \ $(am__append_16) $(am__append_18) $(am__append_20) \ @@ -622,7 +666,8 @@ PLUGINS = ${libstrongswan_plugins} $(am__append_6) $(am__append_8) \ $(am__append_34) $(am__append_36) $(am__append_38) \ $(am__append_40) $(am__append_42) $(am__append_44) \ $(am__append_46) $(am__append_48) $(am__append_50) \ - $(am__append_52) + $(am__append_52) $(am__append_54) $(am__append_56) \ + $(am__append_58) all: all-recursive .SUFFIXES: @@ -636,9 +681,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -656,34 +701,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list charon$(EXEEXT): $(charon_OBJECTS) $(charon_DEPENDENCIES) @rm -f charon$(EXEEXT) $(LINK) $(charon_OBJECTS) $(charon_LDADD) $(LIBS) @@ -695,7 +756,6 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acquire_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attribute_manager.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg_wrapper.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_payload.Po@am__quote@ @@ -748,6 +808,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_id.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_manager.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_vendor.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inactivity_job.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initiate_mediation_job.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ke_payload.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Po@am__quote@ @@ -786,7 +848,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_logger.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task_manager.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector_substructure.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_attribute.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_substructure.Po@am__quote@ @@ -798,1421 +859,1421 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< bus.o: bus/bus.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.o -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.o `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/bus.c' object='bus.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.o `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c bus.obj: bus/bus.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.obj -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.obj `if test -f 'bus/bus.c'; then $(CYGPATH_W) 'bus/bus.c'; else $(CYGPATH_W) '$(srcdir)/bus/bus.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/bus.c' object='bus.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.obj `if test -f 'bus/bus.c'; then $(CYGPATH_W) 'bus/bus.c'; else $(CYGPATH_W) '$(srcdir)/bus/bus.c'; fi` file_logger.o: bus/listeners/file_logger.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.o -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.o `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/file_logger.c' object='file_logger.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.o `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c file_logger.obj: bus/listeners/file_logger.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.obj -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.obj `if test -f 'bus/listeners/file_logger.c'; then $(CYGPATH_W) 'bus/listeners/file_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/file_logger.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/file_logger.c' object='file_logger.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.obj `if test -f 'bus/listeners/file_logger.c'; then $(CYGPATH_W) 'bus/listeners/file_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/file_logger.c'; fi` sys_logger.o: bus/listeners/sys_logger.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.o -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c sys_logger.obj: bus/listeners/sys_logger.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.obj -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi` backend_manager.o: config/backend_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.o -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.o `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backend_manager.c' object='backend_manager.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.o `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c backend_manager.obj: config/backend_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.obj -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.obj `if test -f 'config/backend_manager.c'; then $(CYGPATH_W) 'config/backend_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/backend_manager.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backend_manager.c' object='backend_manager.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.obj `if test -f 'config/backend_manager.c'; then $(CYGPATH_W) 'config/backend_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/backend_manager.c'; fi` child_cfg.o: config/child_cfg.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.o -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.o `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/child_cfg.c' object='child_cfg.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.o `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c child_cfg.obj: config/child_cfg.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.obj -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.obj `if test -f 'config/child_cfg.c'; then $(CYGPATH_W) 'config/child_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/child_cfg.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/child_cfg.c' object='child_cfg.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.obj `if test -f 'config/child_cfg.c'; then $(CYGPATH_W) 'config/child_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/child_cfg.c'; fi` ike_cfg.o: config/ike_cfg.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.o -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.o `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/ike_cfg.c' object='ike_cfg.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.o `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c ike_cfg.obj: config/ike_cfg.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.obj -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.obj `if test -f 'config/ike_cfg.c'; then $(CYGPATH_W) 'config/ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/ike_cfg.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/ike_cfg.c' object='ike_cfg.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.obj `if test -f 'config/ike_cfg.c'; then $(CYGPATH_W) 'config/ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/ike_cfg.c'; fi` peer_cfg.o: config/peer_cfg.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.o -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.o `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/peer_cfg.c' object='peer_cfg.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.o `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c peer_cfg.obj: config/peer_cfg.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.obj -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.obj `if test -f 'config/peer_cfg.c'; then $(CYGPATH_W) 'config/peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/peer_cfg.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/peer_cfg.c' object='peer_cfg.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.obj `if test -f 'config/peer_cfg.c'; then $(CYGPATH_W) 'config/peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/peer_cfg.c'; fi` proposal.o: config/proposal.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.o -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.o `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/proposal.c' object='proposal.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.o `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c proposal.obj: config/proposal.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.obj -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.obj `if test -f 'config/proposal.c'; then $(CYGPATH_W) 'config/proposal.c'; else $(CYGPATH_W) '$(srcdir)/config/proposal.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/proposal.c' object='proposal.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.obj `if test -f 'config/proposal.c'; then $(CYGPATH_W) 'config/proposal.c'; else $(CYGPATH_W) '$(srcdir)/config/proposal.c'; fi` auth_cfg.o: config/auth_cfg.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.o -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.o `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/auth_cfg.c' object='auth_cfg.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.o `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c auth_cfg.obj: config/auth_cfg.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.obj -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.obj `if test -f 'config/auth_cfg.c'; then $(CYGPATH_W) 'config/auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/auth_cfg.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/auth_cfg.c' object='auth_cfg.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.obj `if test -f 'config/auth_cfg.c'; then $(CYGPATH_W) 'config/auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/auth_cfg.c'; fi` -traffic_selector.o: config/traffic_selector.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector.o -MD -MP -MF $(DEPDIR)/traffic_selector.Tpo -c -o traffic_selector.o `test -f 'config/traffic_selector.c' || echo '$(srcdir)/'`config/traffic_selector.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/traffic_selector.Tpo $(DEPDIR)/traffic_selector.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/traffic_selector.c' object='traffic_selector.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector.o `test -f 'config/traffic_selector.c' || echo '$(srcdir)/'`config/traffic_selector.c - -traffic_selector.obj: config/traffic_selector.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector.obj -MD -MP -MF $(DEPDIR)/traffic_selector.Tpo -c -o traffic_selector.obj `if test -f 'config/traffic_selector.c'; then $(CYGPATH_W) 'config/traffic_selector.c'; else $(CYGPATH_W) '$(srcdir)/config/traffic_selector.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/traffic_selector.Tpo $(DEPDIR)/traffic_selector.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/traffic_selector.c' object='traffic_selector.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector.obj `if test -f 'config/traffic_selector.c'; then $(CYGPATH_W) 'config/traffic_selector.c'; else $(CYGPATH_W) '$(srcdir)/config/traffic_selector.c'; fi` - -attribute_manager.o: config/attributes/attribute_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attribute_manager.o -MD -MP -MF $(DEPDIR)/attribute_manager.Tpo -c -o attribute_manager.o `test -f 'config/attributes/attribute_manager.c' || echo '$(srcdir)/'`config/attributes/attribute_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/attribute_manager.Tpo $(DEPDIR)/attribute_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/attributes/attribute_manager.c' object='attribute_manager.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attribute_manager.o `test -f 'config/attributes/attribute_manager.c' || echo '$(srcdir)/'`config/attributes/attribute_manager.c - -attribute_manager.obj: config/attributes/attribute_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attribute_manager.obj -MD -MP -MF $(DEPDIR)/attribute_manager.Tpo -c -o attribute_manager.obj `if test -f 'config/attributes/attribute_manager.c'; then $(CYGPATH_W) 'config/attributes/attribute_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/attributes/attribute_manager.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/attribute_manager.Tpo $(DEPDIR)/attribute_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/attributes/attribute_manager.c' object='attribute_manager.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attribute_manager.obj `if test -f 'config/attributes/attribute_manager.c'; then $(CYGPATH_W) 'config/attributes/attribute_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/attributes/attribute_manager.c'; fi` - controller.o: control/controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.o -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.o `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/controller.c' object='controller.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.o `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c controller.obj: control/controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.obj -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.obj `if test -f 'control/controller.c'; then $(CYGPATH_W) 'control/controller.c'; else $(CYGPATH_W) '$(srcdir)/control/controller.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/controller.c' object='controller.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.obj `if test -f 'control/controller.c'; then $(CYGPATH_W) 'control/controller.c'; else $(CYGPATH_W) '$(srcdir)/control/controller.c'; fi` generator.o: encoding/generator.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.o -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c generator.obj: encoding/generator.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.obj -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi` message.o: encoding/message.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.o -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/message.Tpo $(DEPDIR)/message.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c message.obj: encoding/message.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.obj -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/message.Tpo $(DEPDIR)/message.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi` parser.o: encoding/parser.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.o -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c parser.obj: encoding/parser.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.obj -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi` auth_payload.o: encoding/payloads/auth_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.o -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c auth_payload.obj: encoding/payloads/auth_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.obj -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi` cert_payload.o: encoding/payloads/cert_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.o -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c cert_payload.obj: encoding/payloads/cert_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.obj -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi` certreq_payload.o: encoding/payloads/certreq_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.o -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c certreq_payload.obj: encoding/payloads/certreq_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.obj -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi` configuration_attribute.o: encoding/payloads/configuration_attribute.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.o -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c configuration_attribute.obj: encoding/payloads/configuration_attribute.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.obj -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi` cp_payload.o: encoding/payloads/cp_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.o -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c cp_payload.obj: encoding/payloads/cp_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.obj -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi` delete_payload.o: encoding/payloads/delete_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.o -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c delete_payload.obj: encoding/payloads/delete_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.obj -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi` eap_payload.o: encoding/payloads/eap_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.o -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c eap_payload.obj: encoding/payloads/eap_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.obj -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi` encodings.o: encoding/payloads/encodings.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.o -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c encodings.obj: encoding/payloads/encodings.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.obj -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi` encryption_payload.o: encoding/payloads/encryption_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.o -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c encryption_payload.obj: encoding/payloads/encryption_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.obj -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi` id_payload.o: encoding/payloads/id_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.o -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c id_payload.obj: encoding/payloads/id_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.obj -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi` ike_header.o: encoding/payloads/ike_header.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.o -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c ike_header.obj: encoding/payloads/ike_header.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.obj -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi` ke_payload.o: encoding/payloads/ke_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.o -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c ke_payload.obj: encoding/payloads/ke_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.obj -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi` nonce_payload.o: encoding/payloads/nonce_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.o -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c nonce_payload.obj: encoding/payloads/nonce_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.obj -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi` notify_payload.o: encoding/payloads/notify_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.o -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c notify_payload.obj: encoding/payloads/notify_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.obj -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi` payload.o: encoding/payloads/payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.o -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c payload.obj: encoding/payloads/payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.obj -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi` proposal_substructure.o: encoding/payloads/proposal_substructure.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.o -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c proposal_substructure.obj: encoding/payloads/proposal_substructure.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.obj -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi` sa_payload.o: encoding/payloads/sa_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.o -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c sa_payload.obj: encoding/payloads/sa_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.obj -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi` traffic_selector_substructure.o: encoding/payloads/traffic_selector_substructure.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.o -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.o `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.o `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c traffic_selector_substructure.obj: encoding/payloads/traffic_selector_substructure.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.obj -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.obj `if test -f 'encoding/payloads/traffic_selector_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/traffic_selector_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/traffic_selector_substructure.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.obj `if test -f 'encoding/payloads/traffic_selector_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/traffic_selector_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/traffic_selector_substructure.c'; fi` transform_attribute.o: encoding/payloads/transform_attribute.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.o -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.o `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_attribute.c' object='transform_attribute.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.o `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c transform_attribute.obj: encoding/payloads/transform_attribute.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.obj -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.obj `if test -f 'encoding/payloads/transform_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/transform_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_attribute.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_attribute.c' object='transform_attribute.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.obj `if test -f 'encoding/payloads/transform_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/transform_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_attribute.c'; fi` transform_substructure.o: encoding/payloads/transform_substructure.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.o -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.o `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_substructure.c' object='transform_substructure.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.o `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c transform_substructure.obj: encoding/payloads/transform_substructure.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.obj -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.obj `if test -f 'encoding/payloads/transform_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/transform_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_substructure.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_substructure.c' object='transform_substructure.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.obj `if test -f 'encoding/payloads/transform_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/transform_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_substructure.c'; fi` ts_payload.o: encoding/payloads/ts_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.o -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c ts_payload.obj: encoding/payloads/ts_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.obj -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi` unknown_payload.o: encoding/payloads/unknown_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.o -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c unknown_payload.obj: encoding/payloads/unknown_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.obj -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi` vendor_id_payload.o: encoding/payloads/vendor_id_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.o -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c vendor_id_payload.obj: encoding/payloads/vendor_id_payload.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.obj -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi` kernel_interface.o: kernel/kernel_interface.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.o -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.o `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_interface.c' object='kernel_interface.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.o `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c kernel_interface.obj: kernel/kernel_interface.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.obj -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.obj `if test -f 'kernel/kernel_interface.c'; then $(CYGPATH_W) 'kernel/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_interface.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_interface.c' object='kernel_interface.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.obj `if test -f 'kernel/kernel_interface.c'; then $(CYGPATH_W) 'kernel/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_interface.c'; fi` kernel_ipsec.o: kernel/kernel_ipsec.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.o -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.o `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_ipsec.c' object='kernel_ipsec.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.o `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c kernel_ipsec.obj: kernel/kernel_ipsec.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.obj -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.obj `if test -f 'kernel/kernel_ipsec.c'; then $(CYGPATH_W) 'kernel/kernel_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_ipsec.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_ipsec.c' object='kernel_ipsec.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.obj `if test -f 'kernel/kernel_ipsec.c'; then $(CYGPATH_W) 'kernel/kernel_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_ipsec.c'; fi` packet.o: network/packet.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.o -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c packet.obj: network/packet.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.obj -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi` receiver.o: network/receiver.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.o -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.o `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/receiver.c' object='receiver.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.o `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c receiver.obj: network/receiver.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.obj -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.obj `if test -f 'network/receiver.c'; then $(CYGPATH_W) 'network/receiver.c'; else $(CYGPATH_W) '$(srcdir)/network/receiver.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/receiver.c' object='receiver.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.obj `if test -f 'network/receiver.c'; then $(CYGPATH_W) 'network/receiver.c'; else $(CYGPATH_W) '$(srcdir)/network/receiver.c'; fi` sender.o: network/sender.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.o -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.o `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/sender.c' object='sender.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.o `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c sender.obj: network/sender.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.obj -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.obj `if test -f 'network/sender.c'; then $(CYGPATH_W) 'network/sender.c'; else $(CYGPATH_W) '$(srcdir)/network/sender.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/sender.c' object='sender.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.obj `if test -f 'network/sender.c'; then $(CYGPATH_W) 'network/sender.c'; else $(CYGPATH_W) '$(srcdir)/network/sender.c'; fi` acquire_job.o: processing/jobs/acquire_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.o -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.o `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/acquire_job.c' object='acquire_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.o `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c acquire_job.obj: processing/jobs/acquire_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.obj -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.obj `if test -f 'processing/jobs/acquire_job.c'; then $(CYGPATH_W) 'processing/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/acquire_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/acquire_job.c' object='acquire_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.obj `if test -f 'processing/jobs/acquire_job.c'; then $(CYGPATH_W) 'processing/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/acquire_job.c'; fi` callback_job.o: processing/jobs/callback_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.o -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.o `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/callback_job.c' object='callback_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.o `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c callback_job.obj: processing/jobs/callback_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.obj -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.obj `if test -f 'processing/jobs/callback_job.c'; then $(CYGPATH_W) 'processing/jobs/callback_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/callback_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/callback_job.c' object='callback_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.obj `if test -f 'processing/jobs/callback_job.c'; then $(CYGPATH_W) 'processing/jobs/callback_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/callback_job.c'; fi` delete_child_sa_job.o: processing/jobs/delete_child_sa_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.o -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.o `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.o `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c delete_child_sa_job.obj: processing/jobs/delete_child_sa_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.obj -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.obj `if test -f 'processing/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_child_sa_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.obj `if test -f 'processing/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_child_sa_job.c'; fi` delete_ike_sa_job.o: processing/jobs/delete_ike_sa_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.o -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.o `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.o `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c delete_ike_sa_job.obj: processing/jobs/delete_ike_sa_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.obj -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.obj `if test -f 'processing/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_ike_sa_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.obj `if test -f 'processing/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_ike_sa_job.c'; fi` migrate_job.o: processing/jobs/migrate_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.o -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.o `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/migrate_job.c' object='migrate_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.o `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c migrate_job.obj: processing/jobs/migrate_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.obj -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.obj `if test -f 'processing/jobs/migrate_job.c'; then $(CYGPATH_W) 'processing/jobs/migrate_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/migrate_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/migrate_job.c' object='migrate_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.obj `if test -f 'processing/jobs/migrate_job.c'; then $(CYGPATH_W) 'processing/jobs/migrate_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/migrate_job.c'; fi` process_message_job.o: processing/jobs/process_message_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.o -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.o `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/process_message_job.c' object='process_message_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.o `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c process_message_job.obj: processing/jobs/process_message_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.obj -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.obj `if test -f 'processing/jobs/process_message_job.c'; then $(CYGPATH_W) 'processing/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/process_message_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/process_message_job.c' object='process_message_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.obj `if test -f 'processing/jobs/process_message_job.c'; then $(CYGPATH_W) 'processing/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/process_message_job.c'; fi` rekey_child_sa_job.o: processing/jobs/rekey_child_sa_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.o -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.o `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.o `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c rekey_child_sa_job.obj: processing/jobs/rekey_child_sa_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.obj -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.obj `if test -f 'processing/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_child_sa_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.obj `if test -f 'processing/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_child_sa_job.c'; fi` rekey_ike_sa_job.o: processing/jobs/rekey_ike_sa_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.o -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.o `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.o `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c rekey_ike_sa_job.obj: processing/jobs/rekey_ike_sa_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.obj -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.obj `if test -f 'processing/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_ike_sa_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.obj `if test -f 'processing/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_ike_sa_job.c'; fi` retransmit_job.o: processing/jobs/retransmit_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.o -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.o `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/retransmit_job.c' object='retransmit_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.o `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c retransmit_job.obj: processing/jobs/retransmit_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.obj -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.obj `if test -f 'processing/jobs/retransmit_job.c'; then $(CYGPATH_W) 'processing/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/retransmit_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/retransmit_job.c' object='retransmit_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.obj `if test -f 'processing/jobs/retransmit_job.c'; then $(CYGPATH_W) 'processing/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/retransmit_job.c'; fi` send_dpd_job.o: processing/jobs/send_dpd_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.o -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.o `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_dpd_job.c' object='send_dpd_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.o `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c send_dpd_job.obj: processing/jobs/send_dpd_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.obj -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.obj `if test -f 'processing/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'processing/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_dpd_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_dpd_job.c' object='send_dpd_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.obj `if test -f 'processing/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'processing/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_dpd_job.c'; fi` send_keepalive_job.o: processing/jobs/send_keepalive_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.o -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.o `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.o `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c send_keepalive_job.obj: processing/jobs/send_keepalive_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.obj -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.obj `if test -f 'processing/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'processing/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_keepalive_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.obj `if test -f 'processing/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'processing/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_keepalive_job.c'; fi` roam_job.o: processing/jobs/roam_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.o -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.o `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/roam_job.c' object='roam_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.o `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c roam_job.obj: processing/jobs/roam_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.obj -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.obj `if test -f 'processing/jobs/roam_job.c'; then $(CYGPATH_W) 'processing/jobs/roam_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/roam_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/roam_job.c' object='roam_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.obj `if test -f 'processing/jobs/roam_job.c'; then $(CYGPATH_W) 'processing/jobs/roam_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/roam_job.c'; fi` update_sa_job.o: processing/jobs/update_sa_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.o -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.o `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/update_sa_job.c' object='update_sa_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.o `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c update_sa_job.obj: processing/jobs/update_sa_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.obj -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.obj `if test -f 'processing/jobs/update_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/update_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/update_sa_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/update_sa_job.c' object='update_sa_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.obj `if test -f 'processing/jobs/update_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/update_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/update_sa_job.c'; fi` +inactivity_job.o: processing/jobs/inactivity_job.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.o -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.o `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/inactivity_job.c' object='inactivity_job.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.o `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c + +inactivity_job.obj: processing/jobs/inactivity_job.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.obj -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.obj `if test -f 'processing/jobs/inactivity_job.c'; then $(CYGPATH_W) 'processing/jobs/inactivity_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/inactivity_job.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/inactivity_job.c' object='inactivity_job.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.obj `if test -f 'processing/jobs/inactivity_job.c'; then $(CYGPATH_W) 'processing/jobs/inactivity_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/inactivity_job.c'; fi` + scheduler.o: processing/scheduler.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.o -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.o `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.o `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c scheduler.obj: processing/scheduler.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.obj -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.obj `if test -f 'processing/scheduler.c'; then $(CYGPATH_W) 'processing/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/processing/scheduler.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.obj `if test -f 'processing/scheduler.c'; then $(CYGPATH_W) 'processing/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/processing/scheduler.c'; fi` processor.o: processing/processor.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.o -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.o `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/processor.c' object='processor.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.o `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c processor.obj: processing/processor.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.obj -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.obj `if test -f 'processing/processor.c'; then $(CYGPATH_W) 'processing/processor.c'; else $(CYGPATH_W) '$(srcdir)/processing/processor.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/processor.c' object='processor.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.obj `if test -f 'processing/processor.c'; then $(CYGPATH_W) 'processing/processor.c'; else $(CYGPATH_W) '$(srcdir)/processing/processor.c'; fi` authenticator.o: sa/authenticators/authenticator.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.o -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c authenticator.obj: sa/authenticators/authenticator.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.obj -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi` eap_authenticator.o: sa/authenticators/eap_authenticator.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.o -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c eap_authenticator.obj: sa/authenticators/eap_authenticator.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.obj -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi` eap_method.o: sa/authenticators/eap/eap_method.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.o -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c eap_method.obj: sa/authenticators/eap/eap_method.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.obj -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi` eap_manager.o: sa/authenticators/eap/eap_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.o -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.o `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_manager.c' object='eap_manager.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.o `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c eap_manager.obj: sa/authenticators/eap/eap_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.obj -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.obj `if test -f 'sa/authenticators/eap/eap_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_manager.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_manager.c' object='eap_manager.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.obj `if test -f 'sa/authenticators/eap/eap_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_manager.c'; fi` sim_manager.o: sa/authenticators/eap/sim_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.o -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.o `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/sim_manager.c' object='sim_manager.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.o `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c sim_manager.obj: sa/authenticators/eap/sim_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.obj -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.obj `if test -f 'sa/authenticators/eap/sim_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/sim_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/sim_manager.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/sim_manager.c' object='sim_manager.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.obj `if test -f 'sa/authenticators/eap/sim_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/sim_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/sim_manager.c'; fi` psk_authenticator.o: sa/authenticators/psk_authenticator.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.o -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c psk_authenticator.obj: sa/authenticators/psk_authenticator.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.obj -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi` pubkey_authenticator.o: sa/authenticators/pubkey_authenticator.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.o -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.o `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.o `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c pubkey_authenticator.obj: sa/authenticators/pubkey_authenticator.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.obj -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.obj `if test -f 'sa/authenticators/pubkey_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/pubkey_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/pubkey_authenticator.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.obj `if test -f 'sa/authenticators/pubkey_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/pubkey_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/pubkey_authenticator.c'; fi` child_sa.o: sa/child_sa.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.o -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c child_sa.obj: sa/child_sa.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.obj -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi` ike_sa.o: sa/ike_sa.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.o -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c ike_sa.obj: sa/ike_sa.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.obj -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi` ike_sa_id.o: sa/ike_sa_id.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.o -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c ike_sa_id.obj: sa/ike_sa_id.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.obj -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi` ike_sa_manager.o: sa/ike_sa_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.o -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c ike_sa_manager.obj: sa/ike_sa_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.obj -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi` task_manager.o: sa/task_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.o -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c task_manager.obj: sa/task_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.obj -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi` keymat.o: sa/keymat.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.o -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.o `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/keymat.c' object='keymat.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.o `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c keymat.obj: sa/keymat.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.obj -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.obj `if test -f 'sa/keymat.c'; then $(CYGPATH_W) 'sa/keymat.c'; else $(CYGPATH_W) '$(srcdir)/sa/keymat.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/keymat.c' object='keymat.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.obj `if test -f 'sa/keymat.c'; then $(CYGPATH_W) 'sa/keymat.c'; else $(CYGPATH_W) '$(srcdir)/sa/keymat.c'; fi` trap_manager.o: sa/trap_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.o -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.o `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/trap_manager.c' object='trap_manager.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.o `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c trap_manager.obj: sa/trap_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.obj -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.obj `if test -f 'sa/trap_manager.c'; then $(CYGPATH_W) 'sa/trap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/trap_manager.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/trap_manager.c' object='trap_manager.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.obj `if test -f 'sa/trap_manager.c'; then $(CYGPATH_W) 'sa/trap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/trap_manager.c'; fi` child_create.o: sa/tasks/child_create.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.o -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c child_create.obj: sa/tasks/child_create.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.obj -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi` child_delete.o: sa/tasks/child_delete.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.o -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c child_delete.obj: sa/tasks/child_delete.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.obj -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi` child_rekey.o: sa/tasks/child_rekey.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.o -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c child_rekey.obj: sa/tasks/child_rekey.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.obj -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi` ike_auth.o: sa/tasks/ike_auth.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.o -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c ike_auth.obj: sa/tasks/ike_auth.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.obj -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi` ike_cert_pre.o: sa/tasks/ike_cert_pre.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.o -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.o `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.o `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c ike_cert_pre.obj: sa/tasks/ike_cert_pre.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.obj -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.obj `if test -f 'sa/tasks/ike_cert_pre.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_pre.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_pre.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.obj `if test -f 'sa/tasks/ike_cert_pre.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_pre.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_pre.c'; fi` ike_cert_post.o: sa/tasks/ike_cert_post.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.o -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.o `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_post.c' object='ike_cert_post.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.o `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c ike_cert_post.obj: sa/tasks/ike_cert_post.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.obj -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.obj `if test -f 'sa/tasks/ike_cert_post.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_post.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_post.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_post.c' object='ike_cert_post.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.obj `if test -f 'sa/tasks/ike_cert_post.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_post.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_post.c'; fi` ike_config.o: sa/tasks/ike_config.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.o -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c ike_config.obj: sa/tasks/ike_config.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.obj -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi` ike_delete.o: sa/tasks/ike_delete.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.o -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c ike_delete.obj: sa/tasks/ike_delete.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.obj -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi` ike_dpd.o: sa/tasks/ike_dpd.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.o -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c ike_dpd.obj: sa/tasks/ike_dpd.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.obj -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi` ike_init.o: sa/tasks/ike_init.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.o -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c ike_init.obj: sa/tasks/ike_init.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.obj -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi` ike_natd.o: sa/tasks/ike_natd.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.o -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c ike_natd.obj: sa/tasks/ike_natd.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.obj -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi` ike_mobike.o: sa/tasks/ike_mobike.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.o -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.o `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_mobike.c' object='ike_mobike.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.o `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c ike_mobike.obj: sa/tasks/ike_mobike.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.obj -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.obj `if test -f 'sa/tasks/ike_mobike.c'; then $(CYGPATH_W) 'sa/tasks/ike_mobike.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_mobike.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_mobike.c' object='ike_mobike.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.obj `if test -f 'sa/tasks/ike_mobike.c'; then $(CYGPATH_W) 'sa/tasks/ike_mobike.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_mobike.c'; fi` ike_rekey.o: sa/tasks/ike_rekey.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.o -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c ike_rekey.obj: sa/tasks/ike_rekey.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.obj -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi` ike_reauth.o: sa/tasks/ike_reauth.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.o -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.o `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_reauth.c' object='ike_reauth.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.o `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c ike_reauth.obj: sa/tasks/ike_reauth.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.obj -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.obj `if test -f 'sa/tasks/ike_reauth.c'; then $(CYGPATH_W) 'sa/tasks/ike_reauth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_reauth.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_reauth.c' object='ike_reauth.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.obj `if test -f 'sa/tasks/ike_reauth.c'; then $(CYGPATH_W) 'sa/tasks/ike_reauth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_reauth.c'; fi` ike_auth_lifetime.o: sa/tasks/ike_auth_lifetime.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.o -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.o `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.o `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c ike_auth_lifetime.obj: sa/tasks/ike_auth_lifetime.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.obj -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.obj `if test -f 'sa/tasks/ike_auth_lifetime.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth_lifetime.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth_lifetime.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.obj `if test -f 'sa/tasks/ike_auth_lifetime.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth_lifetime.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth_lifetime.c'; fi` +ike_vendor.o: sa/tasks/ike_vendor.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.o -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.o `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_vendor.c' object='ike_vendor.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.o `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c + +ike_vendor.obj: sa/tasks/ike_vendor.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.obj -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.obj `if test -f 'sa/tasks/ike_vendor.c'; then $(CYGPATH_W) 'sa/tasks/ike_vendor.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_vendor.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_vendor.c' object='ike_vendor.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.obj `if test -f 'sa/tasks/ike_vendor.c'; then $(CYGPATH_W) 'sa/tasks/ike_vendor.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_vendor.c'; fi` + task.o: sa/tasks/task.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.o -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/task.Tpo $(DEPDIR)/task.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c task.obj: sa/tasks/task.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.obj -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/task.Tpo $(DEPDIR)/task.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi` credential_manager.o: credentials/credential_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.o -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.o `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/credential_manager.c' object='credential_manager.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.o `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c credential_manager.obj: credentials/credential_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.obj -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.obj `if test -f 'credentials/credential_manager.c'; then $(CYGPATH_W) 'credentials/credential_manager.c'; else $(CYGPATH_W) '$(srcdir)/credentials/credential_manager.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/credential_manager.c' object='credential_manager.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.obj `if test -f 'credentials/credential_manager.c'; then $(CYGPATH_W) 'credentials/credential_manager.c'; else $(CYGPATH_W) '$(srcdir)/credentials/credential_manager.c'; fi` auth_cfg_wrapper.o: credentials/sets/auth_cfg_wrapper.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.o -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.o `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.o `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c auth_cfg_wrapper.obj: credentials/sets/auth_cfg_wrapper.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.obj -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.obj `if test -f 'credentials/sets/auth_cfg_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/auth_cfg_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/auth_cfg_wrapper.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.obj `if test -f 'credentials/sets/auth_cfg_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/auth_cfg_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/auth_cfg_wrapper.c'; fi` ocsp_response_wrapper.o: credentials/sets/ocsp_response_wrapper.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.o -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.o `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.o `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c ocsp_response_wrapper.obj: credentials/sets/ocsp_response_wrapper.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.obj -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.obj `if test -f 'credentials/sets/ocsp_response_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/ocsp_response_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/ocsp_response_wrapper.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.obj `if test -f 'credentials/sets/ocsp_response_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/ocsp_response_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/ocsp_response_wrapper.c'; fi` cert_cache.o: credentials/sets/cert_cache.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.o -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.o `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/cert_cache.c' object='cert_cache.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.o `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c cert_cache.obj: credentials/sets/cert_cache.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.obj -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.obj `if test -f 'credentials/sets/cert_cache.c'; then $(CYGPATH_W) 'credentials/sets/cert_cache.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/cert_cache.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/cert_cache.c' object='cert_cache.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.obj `if test -f 'credentials/sets/cert_cache.c'; then $(CYGPATH_W) 'credentials/sets/cert_cache.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/cert_cache.c'; fi` socket-raw.o: network/socket-raw.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket-raw.o -MD -MP -MF $(DEPDIR)/socket-raw.Tpo -c -o socket-raw.o `test -f 'network/socket-raw.c' || echo '$(srcdir)/'`network/socket-raw.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/socket-raw.Tpo $(DEPDIR)/socket-raw.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket-raw.Tpo $(DEPDIR)/socket-raw.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket-raw.c' object='socket-raw.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket-raw.o `test -f 'network/socket-raw.c' || echo '$(srcdir)/'`network/socket-raw.c socket-raw.obj: network/socket-raw.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket-raw.obj -MD -MP -MF $(DEPDIR)/socket-raw.Tpo -c -o socket-raw.obj `if test -f 'network/socket-raw.c'; then $(CYGPATH_W) 'network/socket-raw.c'; else $(CYGPATH_W) '$(srcdir)/network/socket-raw.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/socket-raw.Tpo $(DEPDIR)/socket-raw.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket-raw.Tpo $(DEPDIR)/socket-raw.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket-raw.c' object='socket-raw.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket-raw.obj `if test -f 'network/socket-raw.c'; then $(CYGPATH_W) 'network/socket-raw.c'; else $(CYGPATH_W) '$(srcdir)/network/socket-raw.c'; fi` socket.o: network/socket.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.o -MD -MP -MF $(DEPDIR)/socket.Tpo -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/socket.Tpo $(DEPDIR)/socket.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket.Tpo $(DEPDIR)/socket.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket.c' object='socket.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c socket.obj: network/socket.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.obj -MD -MP -MF $(DEPDIR)/socket.Tpo -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/socket.Tpo $(DEPDIR)/socket.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket.Tpo $(DEPDIR)/socket.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket.c' object='socket.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi` endpoint_notify.o: encoding/payloads/endpoint_notify.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.o -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.o `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.o `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c endpoint_notify.obj: encoding/payloads/endpoint_notify.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.obj -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.obj `if test -f 'encoding/payloads/endpoint_notify.c'; then $(CYGPATH_W) 'encoding/payloads/endpoint_notify.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/endpoint_notify.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.obj `if test -f 'encoding/payloads/endpoint_notify.c'; then $(CYGPATH_W) 'encoding/payloads/endpoint_notify.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/endpoint_notify.c'; fi` initiate_mediation_job.o: processing/jobs/initiate_mediation_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.o -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.o `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.o `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c initiate_mediation_job.obj: processing/jobs/initiate_mediation_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.obj -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.obj `if test -f 'processing/jobs/initiate_mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/initiate_mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/initiate_mediation_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.obj `if test -f 'processing/jobs/initiate_mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/initiate_mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/initiate_mediation_job.c'; fi` mediation_job.o: processing/jobs/mediation_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.o -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.o `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/mediation_job.c' object='mediation_job.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.o `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c mediation_job.obj: processing/jobs/mediation_job.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.obj -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.obj `if test -f 'processing/jobs/mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/mediation_job.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/mediation_job.c' object='mediation_job.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.obj `if test -f 'processing/jobs/mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/mediation_job.c'; fi` connect_manager.o: sa/connect_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.o -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.o `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/connect_manager.c' object='connect_manager.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.o `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c connect_manager.obj: sa/connect_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.obj -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.obj `if test -f 'sa/connect_manager.c'; then $(CYGPATH_W) 'sa/connect_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/connect_manager.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/connect_manager.c' object='connect_manager.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.obj `if test -f 'sa/connect_manager.c'; then $(CYGPATH_W) 'sa/connect_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/connect_manager.c'; fi` mediation_manager.o: sa/mediation_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.o -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.o `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/mediation_manager.c' object='mediation_manager.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.o `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c mediation_manager.obj: sa/mediation_manager.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.obj -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.obj `if test -f 'sa/mediation_manager.c'; then $(CYGPATH_W) 'sa/mediation_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/mediation_manager.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/mediation_manager.c' object='mediation_manager.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.obj `if test -f 'sa/mediation_manager.c'; then $(CYGPATH_W) 'sa/mediation_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/mediation_manager.c'; fi` ike_me.o: sa/tasks/ike_me.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.o -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.o `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_me.c' object='ike_me.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.o `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c ike_me.obj: sa/tasks/ike_me.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.obj -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.obj `if test -f 'sa/tasks/ike_me.c'; then $(CYGPATH_W) 'sa/tasks/ike_me.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_me.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_me.c' object='ike_me.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.obj `if test -f 'sa/tasks/ike_me.c'; then $(CYGPATH_W) 'sa/tasks/ike_me.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_me.c'; fi` @@ -2247,7 +2308,7 @@ $(RECURSIVE_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ @@ -2281,16 +2342,16 @@ $(RECURSIVE_CLEAN_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) @@ -2305,7 +2366,7 @@ tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ @@ -2317,7 +2378,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -2326,29 +2387,34 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -2369,29 +2435,44 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ + am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ @@ -2424,6 +2505,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -2445,6 +2527,8 @@ dvi-am: html: html-recursive +html-am: + info: info-recursive info-am: @@ -2453,18 +2537,28 @@ install-data-am: install-ipsecPROGRAMS install-dvi: install-dvi-recursive +install-dvi-am: + install-exec-am: install-html: install-html-recursive +install-html-am: + install-info: install-info-recursive +install-info-am: + install-man: install-pdf: install-pdf-recursive +install-pdf-am: + install-ps: install-ps-recursive +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-recursive @@ -2487,8 +2581,8 @@ ps-am: uninstall-am: uninstall-ipsecPROGRAMS -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-strip +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ + install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic \ @@ -2506,6 +2600,7 @@ uninstall-am: uninstall-ipsecPROGRAMS pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \ uninstall-ipsecPROGRAMS + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/bus/bus.c b/src/charon/bus/bus.c index 2671f848e..524a77682 100644 --- a/src/charon/bus/bus.c +++ b/src/charon/bus/bus.c @@ -15,11 +15,13 @@ #include "bus.h" -#include #include #include -#include +#include +#include +#include +#include ENUM(debug_names, DBG_DMN, DBG_LIB, "DMN", @@ -57,26 +59,21 @@ struct private_bus_t { * Public part of a bus_t object. */ bus_t public; - + /** * List of registered listeners as entry_t's */ linked_list_t *listeners; - + /** * mutex to synchronize active listeners, recursively */ mutex_t *mutex; - - /** - * Thread local storage for a unique, simple thread ID - */ - pthread_key_t thread_id; - + /** * Thread local storage the threads IKE_SA */ - pthread_key_t thread_sa; + thread_value_t *thread_sa; }; typedef struct entry_t entry_t; @@ -90,17 +87,17 @@ struct entry_t { * registered listener interface */ listener_t *listener; - + /** * is this a active listen() call with a blocking thread */ bool blocker; - + /** * are we currently calling this listener */ int calling; - + /** * condvar where active listeners wait */ @@ -113,12 +110,12 @@ struct entry_t { static entry_t *entry_create(listener_t *listener, bool blocker) { entry_t *this = malloc_thing(entry_t); - + this->listener = listener; this->blocker = blocker; this->calling = 0; this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); - + return this; } @@ -131,28 +128,6 @@ static void entry_destroy(entry_t *entry) free(entry); } -/** - * Get a unique thread number for a calling thread. Since - * pthread_self returns large and ugly numbers, use this function - * for logging; these numbers are incremental starting at 1 - */ -static u_int get_thread_number(private_bus_t *this) -{ - static uintptr_t current_num = 0; - uintptr_t stored_num; - - stored_num = (uintptr_t)pthread_getspecific(this->thread_id); - if (stored_num == 0) - { /* first call of current thread */ - pthread_setspecific(this->thread_id, (void*)++current_num); - return current_num; - } - else - { - return stored_num; - } -} - /** * Implementation of bus_t.add_listener. */ @@ -189,7 +164,7 @@ static void remove_listener(private_bus_t *this, listener_t *listener) typedef struct cleanup_data_t cleanup_data_t; /** - * data to remove a listener using pthread_cleanup handler + * data to remove a listener using thread_cleanup_t handler */ struct cleanup_data_t { /** bus instance */ @@ -199,7 +174,7 @@ struct cleanup_data_t { }; /** - * pthread_cleanup handler to remove a listener + * thread_cleanup_t handler to remove a listener */ static void listener_cleanup(cleanup_data_t *data) { @@ -212,26 +187,26 @@ static void listener_cleanup(cleanup_data_t *data) */ static void listen_(private_bus_t *this, listener_t *listener, job_t *job) { - int old; + bool old; cleanup_data_t data; - + data.this = this; data.entry = entry_create(listener, TRUE); this->mutex->lock(this->mutex); this->listeners->insert_last(this->listeners, data.entry); charon->processor->queue_job(charon->processor, job); - pthread_cleanup_push((void*)this->mutex->unlock, this->mutex); - pthread_cleanup_push((void*)listener_cleanup, &data); - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &old); + thread_cleanup_push((thread_cleanup_t)this->mutex->unlock, this->mutex); + thread_cleanup_push((thread_cleanup_t)listener_cleanup, &data); + old = thread_cancelability(TRUE); while (data.entry->blocker) { data.entry->condvar->wait(data.entry->condvar, this->mutex); } - pthread_setcancelstate(old, NULL); - pthread_cleanup_pop(FALSE); + thread_cancelability(old); + thread_cleanup_pop(FALSE); /* unlock mutex */ - pthread_cleanup_pop(TRUE); + thread_cleanup_pop(TRUE); entry_destroy(data.entry); } @@ -240,7 +215,15 @@ static void listen_(private_bus_t *this, listener_t *listener, job_t *job) */ static void set_sa(private_bus_t *this, ike_sa_t *ike_sa) { - pthread_setspecific(this->thread_sa, ike_sa); + this->thread_sa->set(this->thread_sa, ike_sa); +} + +/** + * Implementation of bus_t.get_sa + */ +static ike_sa_t* get_sa(private_bus_t *this) +{ + return this->thread_sa->get(this->thread_sa); } /** @@ -302,20 +285,20 @@ static void vlog(private_bus_t *this, debug_t group, level_t level, char* format, va_list args) { log_data_t data; - - data.ike_sa = pthread_getspecific(this->thread_sa); - data.thread = get_thread_number(this); + + data.ike_sa = this->thread_sa->get(this->thread_sa); + data.thread = thread_current_id(); data.group = group; data.level = level; data.format = format; va_copy(data.args, args); - + this->mutex->lock(this->mutex); /* We use the remove() method to invoke all listeners. This is cheap and * does not require an allocation for this performance critical function. */ this->listeners->remove(this->listeners, &data, (void*)log_cb); this->mutex->unlock(this->mutex); - + va_end(data.args); } @@ -326,7 +309,7 @@ static void log_(private_bus_t *this, debug_t group, level_t level, char* format, ...) { va_list args; - + va_start(args, format); vlog(this, group, level, format, args); va_end(args); @@ -360,9 +343,9 @@ static void alert(private_bus_t *this, alert_t alert, ...) entry_t *entry; va_list args; bool keep; - - ike_sa = pthread_getspecific(this->thread_sa); - + + ike_sa = this->thread_sa->get(this->thread_sa); + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -394,7 +377,7 @@ static void ike_state_change(private_bus_t *this, ike_sa_t *ike_sa, enumerator_t *enumerator; entry_t *entry; bool keep; - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -425,9 +408,9 @@ static void child_state_change(private_bus_t *this, child_sa_t *child_sa, ike_sa_t *ike_sa; entry_t *entry; bool keep; - - ike_sa = pthread_getspecific(this->thread_sa); - + + ike_sa = this->thread_sa->get(this->thread_sa); + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -458,9 +441,9 @@ static void message(private_bus_t *this, message_t *message, bool incoming) ike_sa_t *ike_sa; entry_t *entry; bool keep; - - ike_sa = pthread_getspecific(this->thread_sa); - + + ike_sa = this->thread_sa->get(this->thread_sa); + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -492,7 +475,7 @@ static void ike_keys(private_bus_t *this, ike_sa_t *ike_sa, enumerator_t *enumerator; entry_t *entry; bool keep; - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -524,9 +507,9 @@ static void child_keys(private_bus_t *this, child_sa_t *child_sa, ike_sa_t *ike_sa; entry_t *entry; bool keep; - - ike_sa = pthread_getspecific(this->thread_sa); - + + ike_sa = this->thread_sa->get(this->thread_sa); + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -557,9 +540,9 @@ static void child_updown(private_bus_t *this, child_sa_t *child_sa, bool up) ike_sa_t *ike_sa; entry_t *entry; bool keep; - - ike_sa = pthread_getspecific(this->thread_sa); - + + ike_sa = this->thread_sa->get(this->thread_sa); + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -590,9 +573,9 @@ static void child_rekey(private_bus_t *this, child_sa_t *old, child_sa_t *new) ike_sa_t *ike_sa; entry_t *entry; bool keep; - - ike_sa = pthread_getspecific(this->thread_sa); - + + ike_sa = this->thread_sa->get(this->thread_sa); + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -621,7 +604,7 @@ static void ike_updown(private_bus_t *this, ike_sa_t *ike_sa, bool up) enumerator_t *enumerator; entry_t *entry; bool keep; - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -640,13 +623,13 @@ static void ike_updown(private_bus_t *this, ike_sa_t *ike_sa, bool up) } enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); - + /* a down event for IKE_SA implicitly downs all CHILD_SAs */ if (!up) { iterator_t *iterator; child_sa_t *child_sa; - + iterator = ike_sa->create_child_sa_iterator(ike_sa); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -664,7 +647,7 @@ static void ike_rekey(private_bus_t *this, ike_sa_t *old, ike_sa_t *new) enumerator_t *enumerator; entry_t *entry; bool keep; - + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -688,15 +671,15 @@ static void ike_rekey(private_bus_t *this, ike_sa_t *old, ike_sa_t *new) /** * Implementation of bus_t.authorize */ -static bool authorize(private_bus_t *this, linked_list_t *auth, bool final) +static bool authorize(private_bus_t *this, bool final) { enumerator_t *enumerator; ike_sa_t *ike_sa; entry_t *entry; bool keep, success = TRUE; - - ike_sa = pthread_getspecific(this->thread_sa); - + + ike_sa = this->thread_sa->get(this->thread_sa); + this->mutex->lock(this->mutex); enumerator = this->listeners->create_enumerator(this->listeners); while (enumerator->enumerate(enumerator, &entry)) @@ -707,7 +690,7 @@ static bool authorize(private_bus_t *this, linked_list_t *auth, bool final) } entry->calling++; keep = entry->listener->authorize(entry->listener, ike_sa, - auth, final, &success); + final, &success); entry->calling--; if (!keep) { @@ -728,6 +711,7 @@ static bool authorize(private_bus_t *this, linked_list_t *auth, bool final) */ static void destroy(private_bus_t *this) { + this->thread_sa->destroy(this->thread_sa); this->mutex->destroy(this->mutex); this->listeners->destroy_function(this->listeners, (void*)entry_destroy); free(this); @@ -739,11 +723,12 @@ static void destroy(private_bus_t *this) bus_t *bus_create() { private_bus_t *this = malloc_thing(private_bus_t); - + this->public.add_listener = (void(*)(bus_t*,listener_t*))add_listener; this->public.remove_listener = (void(*)(bus_t*,listener_t*))remove_listener; this->public.listen = (void(*)(bus_t*, listener_t *listener, job_t *job))listen_; this->public.set_sa = (void(*)(bus_t*,ike_sa_t*))set_sa; + this->public.get_sa = (ike_sa_t*(*)(bus_t*))get_sa; this->public.log = (void(*)(bus_t*,debug_t,level_t,char*,...))log_; this->public.vlog = (void(*)(bus_t*,debug_t,level_t,char*,va_list))vlog; this->public.alert = (void(*)(bus_t*, alert_t alert, ...))alert; @@ -756,14 +741,13 @@ bus_t *bus_create() this->public.ike_rekey = (void(*)(bus_t*, ike_sa_t *old, ike_sa_t *new))ike_rekey; this->public.child_updown = (void(*)(bus_t*, child_sa_t *child_sa, bool up))child_updown; this->public.child_rekey = (void(*)(bus_t*, child_sa_t *old, child_sa_t *new))child_rekey; - this->public.authorize = (bool(*)(bus_t*, linked_list_t *auth, bool final))authorize; + this->public.authorize = (bool(*)(bus_t*, bool final))authorize; this->public.destroy = (void(*)(bus_t*)) destroy; - + this->listeners = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - pthread_key_create(&this->thread_id, NULL); - pthread_key_create(&this->thread_sa, NULL); - + this->thread_sa = thread_value_create(NULL); + return &this->public; } diff --git a/src/charon/bus/bus.h b/src/charon/bus/bus.h index 9c90db6f9..af59a14a1 100644 --- a/src/charon/bus/bus.h +++ b/src/charon/bus/bus.h @@ -133,6 +133,8 @@ enum level_t { enum alert_t { /* a RADIUS server did not respond, no additional arguments */ ALERT_RADIUS_NOT_RESPONDING, + /* a shutdown signal has been received, argument is a int with the signal */ + ALERT_SHUTDOWN_SIGNAL, }; /** @@ -142,7 +144,7 @@ enum alert_t { * may wait actively to events using the blocking listen() call. */ struct bus_t { - + /** * Register a listener to the bus. * @@ -153,14 +155,14 @@ struct bus_t { * @param listener listener to register. */ void (*add_listener) (bus_t *this, listener_t *listener); - + /** * Unregister a listener from the bus. * * @param listener listener to unregister. */ void (*remove_listener) (bus_t *this, listener_t *listener); - + /** * Register a listener and block the calling thread. * @@ -174,20 +176,30 @@ struct bus_t { * @param job job to execute asynchronously when registered, or NULL */ void (*listen)(bus_t *this, listener_t *listener, job_t *job); - + /** * Set the IKE_SA the calling thread is using. * * To associate an received log message to an IKE_SA without passing it as * parameter each time, the thread registers the currenlty used IKE_SA - * during check-out. Before check-in, the thread unregisters the IKE_SA. + * during check-out. Before check-in, the thread unregisters the IKE_SA. * This IKE_SA is stored per-thread, so each thread has its own IKE_SA * registered. - * + * * @param ike_sa ike_sa to register, or NULL to unregister */ void (*set_sa) (bus_t *this, ike_sa_t *ike_sa); - + + /** + * Get the IKE_SA the calling thread is currently using. + * + * If a thread currently does not know what IKE_SA it is processing, + * it can call get_sa() to look up the SA set during checkout via set_sa(). + * + * @return registered ike_sa, NULL if none registered + */ + ike_sa_t* (*get_sa)(bus_t *this); + /** * Send a log message to the bus. * @@ -202,7 +214,7 @@ struct bus_t { * @param ... printf() style argument list */ void (*log)(bus_t *this, debug_t group, level_t level, char* format, ...); - + /** * Send a log message to the bus using va_list arguments. * @@ -215,7 +227,7 @@ struct bus_t { */ void (*vlog)(bus_t *this, debug_t group, level_t level, char* format, va_list args); - + /** * Raise an alert over the bus. * @@ -223,7 +235,7 @@ struct bus_t { * @param ... alert specific attributes */ void (*alert)(bus_t *this, alert_t alert, ...); - + /** * Send a IKE_SA state change event to the bus. * @@ -247,16 +259,15 @@ struct bus_t { * @param incoming TRUE for incoming messages, FALSE for outgoing */ void (*message)(bus_t *this, message_t *message, bool incoming); - + /** * IKE_SA authorization hook. * - * @param auth list of auth_cfg_t, containing peers authentication info * @param final TRUE if this is the final invocation * @return TRUE to establish IKE_SA, FALSE to send AUTH_FAILED */ - bool (*authorize)(bus_t *this, linked_list_t *auth, bool final); - + bool (*authorize)(bus_t *this, bool final); + /** * IKE_SA keymat hook. * @@ -278,7 +289,7 @@ struct bus_t { */ void (*child_keys)(bus_t *this, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r); - + /** * IKE_SA up/down hook. * @@ -286,7 +297,7 @@ struct bus_t { * @param up TRUE for an up event, FALSE for a down event */ void (*ike_updown)(bus_t *this, ike_sa_t *ike_sa, bool up); - + /** * IKE_SA rekeying hook. * @@ -294,7 +305,7 @@ struct bus_t { * @param new new IKE_SA replacing old */ void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new); - + /** * CHILD_SA up/down hook. * @@ -302,7 +313,7 @@ struct bus_t { * @param up TRUE for an up event, FALSE for a down event */ void (*child_updown)(bus_t *this, child_sa_t *child_sa, bool up); - + /** * CHILD_SA rekeying hook. * @@ -310,7 +321,7 @@ struct bus_t { * @param new new CHILD_SA replacing old */ void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new); - + /** * Destroy the event bus. */ diff --git a/src/charon/bus/listeners/file_logger.c b/src/charon/bus/listeners/file_logger.c index c3213f5f8..12587deaf 100644 --- a/src/charon/bus/listeners/file_logger.c +++ b/src/charon/bus/listeners/file_logger.c @@ -25,17 +25,17 @@ typedef struct private_file_logger_t private_file_logger_t; * Private data of a file_logger_t object */ struct private_file_logger_t { - + /** * Public data. */ file_logger_t public; - + /** * output file */ FILE *out; - + /** * Maximum level to log, for each group */ @@ -52,10 +52,10 @@ static bool log_(private_file_logger_t *this, debug_t group, level_t level, { char buffer[8192]; char *current = buffer, *next; - + /* write in memory buffer first */ vsnprintf(buffer, sizeof(buffer), format, args); - + /* prepend a prefix in front of every line */ while (current) { @@ -109,17 +109,17 @@ static void destroy(private_file_logger_t *this) file_logger_t *file_logger_create(FILE *out) { private_file_logger_t *this = malloc_thing(private_file_logger_t); - + /* public functions */ memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; this->public.set_level = (void(*)(file_logger_t*,debug_t,level_t))set_level; this->public.destroy = (void(*)(file_logger_t*))destroy; - + /* private variables */ this->out = out; set_level(this, DBG_ANY, LEVEL_SILENT); - + return &this->public; } diff --git a/src/charon/bus/listeners/file_logger.h b/src/charon/bus/listeners/file_logger.h index a69374f23..bd443fdb8 100644 --- a/src/charon/bus/listeners/file_logger.h +++ b/src/charon/bus/listeners/file_logger.h @@ -29,12 +29,12 @@ typedef struct file_logger_t file_logger_t; * Logger to files which implements listener_t. */ struct file_logger_t { - + /** * Implements the listener_t interface. */ listener_t listener; - + /** * Set the loglevel for a debug group. * @@ -42,7 +42,7 @@ struct file_logger_t { * @param level max level to log (0..4) */ void (*set_level) (file_logger_t *this, debug_t group, level_t level); - + /** * Destroys a file_logger_t object. */ diff --git a/src/charon/bus/listeners/listener.h b/src/charon/bus/listeners/listener.h index 578f08ebe..67e36beeb 100644 --- a/src/charon/bus/listeners/listener.h +++ b/src/charon/bus/listeners/listener.h @@ -29,7 +29,7 @@ typedef struct listener_t listener_t; * Listener interface, listens to events if registered to the bus. */ struct listener_t { - + /** * Log a debugging message. * @@ -48,7 +48,7 @@ struct listener_t { */ bool (*log)(listener_t *this, debug_t group, level_t level, int thread, ike_sa_t *ike_sa, char* format, va_list args); - + /** * Hook called if a critical alert is risen. * @@ -59,7 +59,7 @@ struct listener_t { */ bool (*alert)(listener_t *this, ike_sa_t *ike_sa, alert_t alert, va_list args); - + /** * Handle state changes in an IKE_SA. * @@ -69,7 +69,7 @@ struct listener_t { */ bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa, ike_sa_state_t state); - + /** * Handle state changes in a CHILD_SA. * @@ -80,7 +80,7 @@ struct listener_t { */ bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state); - + /** * Hook called for received/sent messages of an IKE_SA. * @@ -91,7 +91,7 @@ struct listener_t { */ bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message, bool incoming); - + /** * Hook called with IKE_SA key material. * @@ -104,7 +104,7 @@ struct listener_t { */ bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey); - + /** * Hook called with CHILD_SA key material. * @@ -117,7 +117,7 @@ struct listener_t { */ bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r); - + /** * Hook called if an IKE_SA gets up or down. * @@ -126,7 +126,7 @@ struct listener_t { * @return TRUE to stay registered, FALSE to unregister */ bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up); - + /** * Hook called when an IKE_SA gets rekeyed. * @@ -135,7 +135,7 @@ struct listener_t { * @return TRUE to stay registered, FALSE to unregister */ bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new); - + /** * Hook called when a CHILD_SA gets up or down. * @@ -146,7 +146,7 @@ struct listener_t { */ bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up); - + /** * Hook called when an CHILD_SA gets rekeyed. * @@ -157,7 +157,7 @@ struct listener_t { */ bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *old, child_sa_t *new); - + /** * Hook called to invoke additional authorization rules. * @@ -167,13 +167,12 @@ struct listener_t { * it is invoked again, but with final = TRUE. * * @param ike_sa IKE_SA to authorize - * @param auth list of auth_cfg_t, done in peers authentication rounds * @param final TRUE if this is the final hook invocation * @param success set to TRUE to complete IKE_SA, FALSE abort * @return TRUE to stay registered, FALSE to unregister */ - bool (*authorize)(listener_t *this, ike_sa_t *ike_sa, linked_list_t *auth, + bool (*authorize)(listener_t *this, ike_sa_t *ike_sa, bool final, bool *success); }; -#endif /* LISTENER_ @}*/ +#endif /** LISTENER_H_ @}*/ diff --git a/src/charon/bus/listeners/sys_logger.c b/src/charon/bus/listeners/sys_logger.c index 0b579ce92..11421ad05 100644 --- a/src/charon/bus/listeners/sys_logger.c +++ b/src/charon/bus/listeners/sys_logger.c @@ -25,17 +25,17 @@ typedef struct private_sys_logger_t private_sys_logger_t; * Private data of a sys_logger_t object */ struct private_sys_logger_t { - + /** * Public data. */ sys_logger_t public; - + /** * syslog facility to use */ int facility; - + /** * Maximum level to log, for each group */ @@ -52,10 +52,10 @@ static bool log_(private_sys_logger_t *this, debug_t group, level_t level, { char buffer[8192]; char *current = buffer, *next; - + /* write in memory buffer first */ vsnprintf(buffer, sizeof(buffer), format, args); - + /* do a syslog with every line */ while (current) { @@ -106,16 +106,16 @@ static void destroy(private_sys_logger_t *this) sys_logger_t *sys_logger_create(int facility) { private_sys_logger_t *this = malloc_thing(private_sys_logger_t); - + /* public functions */ memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; this->public.set_level = (void(*)(sys_logger_t*,debug_t,level_t))set_level; this->public.destroy = (void(*)(sys_logger_t*))destroy; - + /* private variables */ this->facility = facility; set_level(this, DBG_ANY, LEVEL_SILENT); - + return &this->public; } diff --git a/src/charon/bus/listeners/sys_logger.h b/src/charon/bus/listeners/sys_logger.h index 3ed0f02fa..730890d68 100644 --- a/src/charon/bus/listeners/sys_logger.h +++ b/src/charon/bus/listeners/sys_logger.h @@ -31,12 +31,12 @@ typedef struct sys_logger_t sys_logger_t; * Logger for syslog which implements listener_t. */ struct sys_logger_t { - + /** * Implements the listener_t interface. */ listener_t listener; - + /** * Set the loglevel for a debug group. * @@ -44,7 +44,7 @@ struct sys_logger_t { * @param level max level to log (0..4) */ void (*set_level) (sys_logger_t *this, debug_t group, level_t level); - + /** * Destroys a sys_logger_t object. */ diff --git a/src/charon/config/attributes/attribute_handler.h b/src/charon/config/attributes/attribute_handler.h deleted file mode 100644 index de1c4414d..000000000 --- a/src/charon/config/attributes/attribute_handler.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup attribute_handler attribute_handler - * @{ @ingroup attributes - */ - -#ifndef ATTRIBUTE_HANDLER_H_ -#define ATTRIBUTE_HANDLER_H_ - -#include -#include - -typedef struct attribute_handler_t attribute_handler_t; - -/** - * Interface to handle configuration payload attributes. - */ -struct attribute_handler_t { - - /** - * Handle a configuration attribute. - * - * After receiving a configuration attriubte, it is passed to each - * attribute handler until it is handled. - * - * @param type type of configuration attribute to handle - * @param data associated attribute data - * @return TRUE if attribute handled - */ - bool (*handle)(attribute_handler_t *this, ike_sa_t *ike_sa, - configuration_attribute_type_t type, chunk_t data); - - /** - * Release an attribute handled during handle(). - * - * A handler that handle()d an attribute gets a call to release() when the - * IKE_SA gets closed. Depending on the implementation, this is required - * to remove the attribute. - */ - void (*release)(attribute_handler_t *this, ike_sa_t *ike_sa, - configuration_attribute_type_t type, chunk_t data); -}; - -#endif /* ATTRIBUTE_HANDLER_ @}*/ diff --git a/src/charon/config/attributes/attribute_manager.c b/src/charon/config/attributes/attribute_manager.c deleted file mode 100644 index bf45fdb42..000000000 --- a/src/charon/config/attributes/attribute_manager.c +++ /dev/null @@ -1,267 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "attribute_manager.h" - -#include -#include -#include - -typedef struct private_attribute_manager_t private_attribute_manager_t; - -/** - * private data of attribute_manager - */ -struct private_attribute_manager_t { - - /** - * public functions - */ - attribute_manager_t public; - - /** - * list of registered providers - */ - linked_list_t *providers; - - /** - * list of registered handlers - */ - linked_list_t *handlers; - - /** - * rwlock provider list - */ - rwlock_t *lock; -}; - -/** - * Implementation of attribute_manager_t.acquire_address. - */ -static host_t* acquire_address(private_attribute_manager_t *this, - char *pool, identification_t *id, - host_t *requested) -{ - enumerator_t *enumerator; - attribute_provider_t *current; - host_t *host = NULL; - - this->lock->read_lock(this->lock); - enumerator = this->providers->create_enumerator(this->providers); - while (enumerator->enumerate(enumerator, ¤t)) - { - host = current->acquire_address(current, pool, id, requested); - if (host) - { - break; - } - } - enumerator->destroy(enumerator); - this->lock->unlock(this->lock); - - if (!host) - { - DBG1(DBG_CFG, "acquiring address from pool '%s' failed", pool); - } - return host; -} - -/** - * Implementation of attribute_manager_t.release_address. - */ -static void release_address(private_attribute_manager_t *this, - char *pool, host_t *address, identification_t *id) -{ - enumerator_t *enumerator; - attribute_provider_t *current; - bool found = FALSE; - - this->lock->read_lock(this->lock); - enumerator = this->providers->create_enumerator(this->providers); - while (enumerator->enumerate(enumerator, ¤t)) - { - if (current->release_address(current, pool, address, id)) - { - found = TRUE; - break; - } - } - enumerator->destroy(enumerator); - this->lock->unlock(this->lock); - - if (!found) - { - DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool); - } -} - -/** - * inner enumerator constructor for attributes - */ -static enumerator_t *attrib_enum_create(attribute_provider_t *provider, - identification_t *id) -{ - return provider->create_attribute_enumerator(provider, id); -} - -/** - * Implementation of attribute_manager_t.create_attribute_enumerator - */ -static enumerator_t* create_attribute_enumerator( - private_attribute_manager_t *this, identification_t *id) -{ - this->lock->read_lock(this->lock); - return enumerator_create_cleaner( - enumerator_create_nested( - this->providers->create_enumerator(this->providers), - (void*)attrib_enum_create, id, NULL), - (void*)this->lock->unlock, this->lock); -} - -/** - * Implementation of attribute_manager_t.add_provider. - */ -static void add_provider(private_attribute_manager_t *this, - attribute_provider_t *provider) -{ - this->lock->write_lock(this->lock); - this->providers->insert_last(this->providers, provider); - this->lock->unlock(this->lock); -} - -/** - * Implementation of attribute_manager_t.remove_provider. - */ -static void remove_provider(private_attribute_manager_t *this, - attribute_provider_t *provider) -{ - this->lock->write_lock(this->lock); - this->providers->remove(this->providers, provider, NULL); - this->lock->unlock(this->lock); -} - -/** - * Implementation of attribute_manager_t.handle - */ -static attribute_handler_t* handle(private_attribute_manager_t *this, - ike_sa_t *ike_sa, configuration_attribute_type_t type, - chunk_t data) -{ - enumerator_t *enumerator; - attribute_handler_t *current, *handled = NULL; - - this->lock->read_lock(this->lock); - enumerator = this->handlers->create_enumerator(this->handlers); - while (enumerator->enumerate(enumerator, ¤t)) - { - if (current->handle(current, ike_sa, type, data)) - { - handled = current; - break; - } - } - enumerator->destroy(enumerator); - this->lock->unlock(this->lock); - - if (!handled) - { - DBG1(DBG_CFG, "handling %N attribute failed", - configuration_attribute_type_names, type); - } - return handled; -} - -/** - * Implementation of attribute_manager_t.release - */ -static void release(private_attribute_manager_t *this, - attribute_handler_t *handler, ike_sa_t *ike_sa, - configuration_attribute_type_t type, chunk_t data) -{ - enumerator_t *enumerator; - attribute_handler_t *current; - - this->lock->read_lock(this->lock); - enumerator = this->handlers->create_enumerator(this->handlers); - while (enumerator->enumerate(enumerator, ¤t)) - { - if (current == handler) - { - current->release(current, ike_sa, type, data); - break; - } - } - enumerator->destroy(enumerator); - this->lock->unlock(this->lock); -} - -/** - * Implementation of attribute_manager_t.add_handler - */ -static void add_handler(private_attribute_manager_t *this, - attribute_handler_t *handler) -{ - this->lock->write_lock(this->lock); - this->handlers->insert_last(this->handlers, handler); - this->lock->unlock(this->lock); -} - -/** - * Implementation of attribute_manager_t.remove_handler - */ -static void remove_handler(private_attribute_manager_t *this, - attribute_handler_t *handler) -{ - this->lock->write_lock(this->lock); - this->handlers->remove(this->handlers, handler, NULL); - this->lock->unlock(this->lock); -} - -/** - * Implementation of attribute_manager_t.destroy - */ -static void destroy(private_attribute_manager_t *this) -{ - this->providers->destroy(this->providers); - this->handlers->destroy(this->handlers); - this->lock->destroy(this->lock); - free(this); -} - -/* - * see header file - */ -attribute_manager_t *attribute_manager_create() -{ - private_attribute_manager_t *this = malloc_thing(private_attribute_manager_t); - - this->public.acquire_address = (host_t*(*)(attribute_manager_t*, char*, identification_t*,host_t*))acquire_address; - this->public.release_address = (void(*)(attribute_manager_t*, char *, host_t*, identification_t*))release_address; - this->public.create_attribute_enumerator = (enumerator_t*(*)(attribute_manager_t*, identification_t *id))create_attribute_enumerator; - this->public.add_provider = (void(*)(attribute_manager_t*, attribute_provider_t *provider))add_provider; - this->public.remove_provider = (void(*)(attribute_manager_t*, attribute_provider_t *provider))remove_provider; - this->public.handle = (attribute_handler_t*(*)(attribute_manager_t*, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data))handle; - this->public.release = (void(*)(attribute_manager_t*, attribute_handler_t *handler, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data))release; - this->public.add_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))add_handler; - this->public.remove_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))remove_handler; - this->public.destroy = (void(*)(attribute_manager_t*))destroy; - - this->providers = linked_list_create(); - this->handlers = linked_list_create(); - this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - - return &this->public; -} - diff --git a/src/charon/config/attributes/attribute_manager.h b/src/charon/config/attributes/attribute_manager.h deleted file mode 100644 index ceea06581..000000000 --- a/src/charon/config/attributes/attribute_manager.h +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (C) 2008-2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup attribute_manager attribute_manager - * @{ @ingroup attributes - */ - -#ifndef ATTRIBUTE_MANAGER_H_ -#define ATTRIBUTE_MANAGER_H_ - -#include -#include - -typedef struct attribute_manager_t attribute_manager_t; - -/** - * The attribute manager hands out attributes or handles them. - * - * The attribute manager manages both, attribute providers and attribute - * handlers. Attribute providers are responsible to hand out attributes if - * a connecting peer requests them. Handlers handle such attributes if they - * are received on the requesting peer. - */ -struct attribute_manager_t { - - /** - * Acquire a virtual IP address to assign to a peer. - * - * @param pool pool name to acquire address from - * @param id peer identity to get address forua - * @param requested IP in configuration request - * @return allocated address, NULL to serve none - */ - host_t* (*acquire_address)(attribute_manager_t *this, - char *pool, identification_t *id, - host_t *requested); - - /** - * Release a previously acquired address. - * - * @param pool pool name from which the address was acquired - * @param address address to release - * @param id peer identity to get address for - */ - void (*release_address)(attribute_manager_t *this, - char *pool, host_t *address, identification_t *id); - - /** - * Create an enumerator over attributes to hand out to a peer. - * - * @param id peer identity to hand out attributes to - * @return enumerator (configuration_attribute_type_t, chunk_t) - */ - enumerator_t* (*create_attribute_enumerator)(attribute_manager_t *this, - identification_t *id); - - /** - * Register an attribute provider to the manager. - * - * @param provider attribute provider to register - */ - void (*add_provider)(attribute_manager_t *this, - attribute_provider_t *provider); - /** - * Unregister an attribute provider from the manager. - * - * @param provider attribute provider to unregister - */ - void (*remove_provider)(attribute_manager_t *this, - attribute_provider_t *provider); - - /** - * Handle a configuration attribute by passing them to the handlers. - * - * @param ike_sa IKE_SA where attribute was received - * @param type type of configuration attribute - * @param data associated attribute data - * @return handler which handled this attribute, NULL if none - */ - attribute_handler_t* (*handle)(attribute_manager_t *this, ike_sa_t *ike_sa, - configuration_attribute_type_t type, chunk_t data); - - /** - * Release an attribute previously handle()d by a handler. - * - * @param handler handler returned by handle() for this attribute - * @param ike_sa IKE_SA owning the attribute - * @param type type of attribute to release - * @param data associated attribute data - */ - void (*release)(attribute_manager_t *this, attribute_handler_t *handler, - ike_sa_t *ike_sa, configuration_attribute_type_t type, - chunk_t data); - - /** - * Register an attribute handler to the manager. - * - * @param handler attribute handler to register - */ - void (*add_handler)(attribute_manager_t *this, - attribute_handler_t *handler); - - /** - * Unregister an attribute handler from the manager. - * - * @param handler attribute handler to unregister - */ - void (*remove_handler)(attribute_manager_t *this, - attribute_handler_t *handler); - - /** - * Destroy a attribute_manager instance. - */ - void (*destroy)(attribute_manager_t *this); -}; - -/** - * Create a attribute_manager instance. - */ -attribute_manager_t *attribute_manager_create(); - -#endif /** ATTRIBUTE_MANAGER_H_ @}*/ diff --git a/src/charon/config/attributes/attribute_provider.h b/src/charon/config/attributes/attribute_provider.h deleted file mode 100644 index 0f1057af4..000000000 --- a/src/charon/config/attributes/attribute_provider.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup attribute_provider attribute_provider - * @{ @ingroup attributes - */ - -#ifndef ATTRIBUTE_PROVIDER_H_ -#define ATTRIBUTE_PROVIDER_H_ - -#include -#include -#include - -typedef struct attribute_provider_t attribute_provider_t; - -/** - * Interface to provide attributes to peers through attribute manager. - */ -struct attribute_provider_t { - - /** - * Acquire a virtual IP address to assign to a peer. - * - * @param pool name of the pool to acquire address from - * @param id peer ID - * @param requested IP in configuration request - * @return allocated address, NULL to serve none - */ - host_t* (*acquire_address)(attribute_provider_t *this, - char *pool, identification_t *id, - host_t *requested); - /** - * Release a previously acquired address. - * - * @param pool name of the pool this address was acquired from - * @param address address to release - * @param id peer ID - * @return TRUE if the address has been released by the provider - */ - bool (*release_address)(attribute_provider_t *this, - char *pool, host_t *address, identification_t *id); - - /** - * Create an enumerator over attributes to hand out to a peer. - * - * @param id peer ID - * @return enumerator (configuration_attribute_type_t, chunk_t) - */ - enumerator_t* (*create_attribute_enumerator)(attribute_provider_t *this, - identification_t *id); -}; - -#endif /** ATTRIBUTE_PROVIDER_H_ @}*/ diff --git a/src/charon/config/auth_cfg.c b/src/charon/config/auth_cfg.c index e4501bc93..94362c756 100644 --- a/src/charon/config/auth_cfg.c +++ b/src/charon/config/auth_cfg.c @@ -45,12 +45,12 @@ typedef struct private_auth_cfg_t private_auth_cfg_t; * private data of item_set */ struct private_auth_cfg_t { - + /** * public functions */ auth_cfg_t public; - + /** * list of entry_t */ @@ -84,7 +84,7 @@ typedef struct { static bool enumerate(entry_enumerator_t *this, auth_rule_t *type, void **value) { entry_t *entry; - + if (this->inner->enumerate(this->inner, &entry)) { this->current = entry; @@ -110,7 +110,7 @@ static void entry_enumerator_destroy(entry_enumerator_t *this) static enumerator_t* create_enumerator(private_auth_cfg_t *this) { entry_enumerator_t *enumerator; - + enumerator = malloc_thing(entry_enumerator_t); enumerator->inner = this->entries->create_enumerator(this->entries); enumerator->public.enumerate = (void*)enumerate; @@ -168,9 +168,9 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, if (enumerator->current) { va_list args; - + va_start(args, type); - + destroy_entry_value(enumerator->current); enumerator->current->type = type; switch (type) @@ -210,7 +210,7 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) void *current_value, *best_value = NULL; auth_rule_t current_type; bool found = FALSE; - + enumerator = create_enumerator(this); while (enumerator->enumerate(enumerator, ¤t_type, ¤t_value)) { @@ -270,7 +270,7 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) { entry_t *entry = malloc_thing(entry_t); va_list args; - + va_start(args, type); entry->type = type; switch (type) @@ -311,7 +311,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, bool success = TRUE; auth_rule_t t1, t2; void *value; - + e1 = constraints->create_enumerator(constraints); while (e1->enumerate(e1, &t1, &value)) { @@ -321,9 +321,9 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_IM_CERT: { certificate_t *c1, *c2; - + c1 = (certificate_t*)value; - + success = FALSE; e2 = create_enumerator(this); while (e2->enumerate(e2, &t2, &c2)) @@ -345,7 +345,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_SUBJECT_CERT: { certificate_t *c1, *c2; - + c1 = (certificate_t*)value; c2 = get(this, AUTH_RULE_SUBJECT_CERT); if (!c2 || !c1->equals(c1, c2)) @@ -364,7 +364,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_OCSP_VALIDATION: { cert_validation_t validated, required; - + required = (uintptr_t)value; validated = (uintptr_t)get(this, t1); switch (required) @@ -401,7 +401,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_EAP_IDENTITY: { identification_t *id1, *id2; - + id1 = (identification_t*)value; id2 = get(this, t1); if (!id2 || !id2->matches(id2, id1)) @@ -499,7 +499,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy enumerator_t *enumerator; auth_rule_t type; void *value; - + enumerator = create_enumerator(other); while (enumerator->enumerate(enumerator, &type, &value)) { @@ -512,7 +512,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_HELPER_SUBJECT_CERT: { certificate_t *cert = (certificate_t*)value; - + add(this, type, cert->get_ref(cert)); break; } @@ -530,7 +530,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_AC_GROUP: { identification_t *id = (identification_t*)value; - + add(this, type, id->clone(id)); break; } @@ -547,7 +547,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy else { entry_t *entry; - + while (other->entries->remove_first(other->entries, (void**)&entry) == SUCCESS) { @@ -564,7 +564,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) enumerator_t *e1, *e2; entry_t *i1, *i2; bool equal = TRUE, found; - + if (this->entries->get_count(this->entries) != other->entries->get_count(other->entries)) { @@ -601,10 +601,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_HELPER_SUBJECT_CERT: { certificate_t *c1, *c2; - + c1 = (certificate_t*)i1->value; c2 = (certificate_t*)i2->value; - + if (c1->equals(c1, c2)) { found = TRUE; @@ -617,10 +617,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_AC_GROUP: { identification_t *id1, *id2; - + id1 = (identification_t*)i1->value; id2 = (identification_t*)i2->value; - + if (id1->equals(id1, id2)) { found = TRUE; @@ -660,7 +660,7 @@ static void purge(private_auth_cfg_t *this, bool keep_ca) { entry_t *entry; linked_list_t *cas; - + cas = linked_list_create(); while (this->entries->remove_last(this->entries, (void**)&entry) == SUCCESS) { @@ -689,7 +689,7 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) enumerator_t *enumerator; auth_cfg_t *clone; entry_t *entry; - + clone = auth_cfg_create(); enumerator = this->entries->create_enumerator(this->entries); while (enumerator->enumerate(enumerator, &entry)) @@ -749,7 +749,7 @@ static void destroy(private_auth_cfg_t *this) auth_cfg_t *auth_cfg_create() { private_auth_cfg_t *this = malloc_thing(private_auth_cfg_t); - + this->public.add = (void(*)(auth_cfg_t*, auth_rule_t type, ...))add; this->public.get = (void*(*)(auth_cfg_t*, auth_rule_t type))get; this->public.create_enumerator = (enumerator_t*(*)(auth_cfg_t*))create_enumerator; @@ -760,9 +760,9 @@ auth_cfg_t *auth_cfg_create() this->public.equals = (bool(*)(auth_cfg_t*, auth_cfg_t *other))equals; this->public.clone = (auth_cfg_t*(*)(auth_cfg_t*))clone_; this->public.destroy = (void(*)(auth_cfg_t*))destroy; - + this->entries = linked_list_create(); - + return &this->public; } diff --git a/src/charon/config/auth_cfg.h b/src/charon/config/auth_cfg.h index c6bc1959b..5e6215a4a 100644 --- a/src/charon/config/auth_cfg.h +++ b/src/charon/config/auth_cfg.h @@ -41,7 +41,7 @@ typedef enum auth_rule_t auth_rule_t; * to transport credentials during the authentication process. */ enum auth_rule_t { - + /** identity to use for IKEv2 authentication exchange, identification_t* */ AUTH_RULE_IDENTITY, /** authentication class, auth_class_t */ @@ -64,7 +64,7 @@ enum auth_rule_t { AUTH_RULE_OCSP_VALIDATION, /** subject is in attribute certificate group, identification_t* */ AUTH_RULE_AC_GROUP, - + /** intermediate certificate, certificate_t* */ AUTH_HELPER_IM_CERT, /** subject certificate, certificate_t* */ @@ -86,7 +86,7 @@ extern enum_name_t *auth_rule_names; * RFC4739 defines multiple authentication rounds. This class defines such * a round from a configuration perspective, either for the local or the remote * peer. Local config are called "rulesets", as they define how we authenticate. - * Remote peer configs are called "constraits", they define what is needed to + * Remote peer configs are called "constraits", they define what is needed to * complete the authentication round successfully. * * @verbatim @@ -122,7 +122,7 @@ struct auth_cfg_t { * @param ... associated value to rule */ void (*add)(auth_cfg_t *this, auth_rule_t rule, ...); - + /** * Get an rule value. * @@ -130,14 +130,14 @@ struct auth_cfg_t { * @return bool if item has been found */ void* (*get)(auth_cfg_t *this, auth_rule_t rule); - + /** * Create an enumerator over added rules. * * @return enumerator over (auth_rule_t, union{void*,uintpr_t}) */ enumerator_t* (*create_enumerator)(auth_cfg_t *this); - + /** * Replace an rule at enumerator position. * @@ -147,7 +147,7 @@ struct auth_cfg_t { */ void (*replace)(auth_cfg_t *this, enumerator_t *pos, auth_rule_t rule, ...); - + /** * Check if a used config fulfills a set of configured constraints. * @@ -156,7 +156,7 @@ struct auth_cfg_t { * @return TRUE if this complies with constraints */ bool (*complies)(auth_cfg_t *this, auth_cfg_t *constraints, bool log_error); - + /** * Merge items from other into this. * @@ -164,14 +164,14 @@ struct auth_cfg_t { * @param copy TRUE to copy items, FALSE to move them */ void (*merge)(auth_cfg_t *this, auth_cfg_t *other, bool copy); - + /** * Purge all rules in a config. * * @param keep_ca wheter to keep AUTH_RULE_CA_CERT entries */ void (*purge)(auth_cfg_t *this, bool keep_ca); - + /** * Check two configs for equality. * @@ -179,14 +179,14 @@ struct auth_cfg_t { * @return TRUE if auth infos identical */ bool (*equals)(auth_cfg_t *this, auth_cfg_t *other); - + /** * Clone a authentication config, including all rules. * * @return cloned configuration */ auth_cfg_t* (*clone)(auth_cfg_t *this); - + /** * Destroy a config with all associated rules/values. */ diff --git a/src/charon/config/backend_manager.c b/src/charon/config/backend_manager.c index cfd611858..90ef58563 100644 --- a/src/charon/config/backend_manager.c +++ b/src/charon/config/backend_manager.c @@ -16,11 +16,10 @@ #include "backend_manager.h" #include -#include #include #include -#include +#include typedef struct private_backend_manager_t private_backend_manager_t; @@ -34,12 +33,12 @@ struct private_backend_manager_t { * Public part of backend_manager_t object. */ backend_manager_t public; - + /** * list of registered backends */ linked_list_t *backends; - + /** * rwlock for backends */ @@ -52,7 +51,7 @@ struct private_backend_manager_t { typedef enum ike_cfg_match_t { MATCH_NONE = 0x00, MATCH_ANY = 0x01, - MATCH_ME = 0x04, + MATCH_ME = 0x04, MATCH_OTHER = 0x08, } ike_cfg_match_t; @@ -80,7 +79,7 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) { host_t *me_cand, *other_cand; ike_cfg_match_t match = MATCH_NONE; - + if (me) { me_cand = host_create_from_dns(cand->get_my_addr(cand), @@ -103,7 +102,7 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) { match += MATCH_ANY; } - + if (other) { other_cand = host_create_from_dns(cand->get_other_addr(cand), @@ -132,21 +131,21 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other) /** * implements backend_manager_t.get_ike_cfg. */ -static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, +static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, host_t *me, host_t *other) { ike_cfg_t *current, *found = NULL; enumerator_t *enumerator; ike_cfg_match_t match, best = MATCH_ANY; ike_data_t *data; - + data = malloc_thing(ike_data_t); data->this = this; data->me = me; data->other = other; - + DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other); - + this->lock->read_lock(this->lock); enumerator = enumerator_create_nested( this->backends->create_enumerator(this->backends), @@ -154,11 +153,11 @@ static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, while (enumerator->enumerate(enumerator, (void**)¤t)) { match = get_ike_match(current, me, other); - + if (match) { - DBG2(DBG_CFG, " candidate: %s...%s, prio %d", - current->get_my_addr(current), + DBG2(DBG_CFG, " candidate: %s...%s, prio %d", + current->get_my_addr(current), current->get_other_addr(current), match); if (match > best) { @@ -173,7 +172,7 @@ static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, this->lock->unlock(this->lock); if (found) { - DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d", + DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d", found->get_my_addr(found), found->get_other_addr(found), best); } return found; @@ -189,12 +188,12 @@ static id_match_t get_peer_match(identification_t *id, auth_cfg_t *auth; identification_t *candidate; id_match_t match = ID_MATCH_NONE; - + if (!id) { return ID_MATCH_ANY; } - + /* compare first auth config only */ enumerator = cfg->create_auth_cfg_enumerator(cfg, local); if (enumerator->enumerate(enumerator, &auth)) @@ -269,7 +268,7 @@ static bool peer_enum_filter(linked_list_t *configs, static void peer_enum_filter_destroy(linked_list_t *configs) { match_entry_t *entry; - + while (configs->remove_last(configs, (void**)&entry) == SUCCESS) { entry->cfg->destroy(entry->cfg); @@ -285,7 +284,7 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list, linked_list_t *helper) { match_entry_t *current; - + while (list->remove_first(list, (void**)¤t) == SUCCESS) { helper->insert_last(helper, current); @@ -311,7 +310,7 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list, /** * Implements backend_manager_t.create_peer_cfg_enumerator. - */ + */ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, host_t *me, host_t *other, identification_t *my_id, identification_t *other_id) @@ -320,26 +319,26 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, peer_data_t *data; peer_cfg_t *cfg; linked_list_t *configs, *helper; - + data = malloc_thing(peer_data_t); data->lock = this->lock; data->me = my_id; data->other = other_id; - + /* create a sorted list with all matches */ this->lock->read_lock(this->lock); enumerator = enumerator_create_nested( this->backends->create_enumerator(this->backends), (void*)peer_enum_create, data, (void*)peer_enum_destroy); - + if (!me && !other && !my_id && !other_id) { /* shortcut if we are doing a "listall" */ return enumerator; } - + DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]", me, my_id, other, other_id); - + configs = linked_list_create(); /* only once allocated helper list for sorting */ helper = linked_list_create(); @@ -348,16 +347,16 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, id_match_t match_peer_me, match_peer_other; ike_cfg_match_t match_ike; match_entry_t *entry; - + match_peer_me = get_peer_match(my_id, cfg, TRUE); match_peer_other = get_peer_match(other_id, cfg, FALSE); match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other); - + if (match_peer_me && match_peer_other && match_ike) { DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d (me/other/ike)", cfg->get_name(cfg), match_peer_me, match_peer_other, match_ike); - + entry = malloc_thing(match_entry_t); entry->match_peer = match_peer_me + match_peer_other; entry->match_ike = match_ike; @@ -367,7 +366,7 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, } enumerator->destroy(enumerator); helper->destroy(helper); - + return enumerator_create_filter(configs->create_enumerator(configs), (void*)peer_enum_filter, configs, (void*)peer_enum_filter_destroy); @@ -375,13 +374,13 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, /** * implements backend_manager_t.get_peer_cfg_by_name. - */ + */ static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name) { backend_t *backend; peer_cfg_t *config = NULL; enumerator_t *enumerator; - + this->lock->read_lock(this->lock); enumerator = this->backends->create_enumerator(this->backends); while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend)) @@ -429,17 +428,17 @@ static void destroy(private_backend_manager_t *this) backend_manager_t *backend_manager_create() { private_backend_manager_t *this = malloc_thing(private_backend_manager_t); - + this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg; this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name; this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*))create_peer_cfg_enumerator; this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend; this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend; this->public.destroy = (void (*)(backend_manager_t*))destroy; - + this->backends = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + return &this->public; } diff --git a/src/charon/config/backend_manager.h b/src/charon/config/backend_manager.h index 0b7d7d0f8..5b394f791 100644 --- a/src/charon/config/backend_manager.h +++ b/src/charon/config/backend_manager.h @@ -46,11 +46,11 @@ typedef struct backend_manager_t backend_manager_t; | |----->| | +--------------+ | | | | | | +---------+ +-----------+ | - + @endverbatim */ struct backend_manager_t { - + /** * Get an ike_config identified by two hosts. * @@ -58,9 +58,9 @@ struct backend_manager_t { * @param other_host address of remote host * @return matching ike_config, or NULL if none found */ - ike_cfg_t* (*get_ike_cfg)(backend_manager_t *this, + ike_cfg_t* (*get_ike_cfg)(backend_manager_t *this, host_t *my_host, host_t *other_host); - + /** * Get a peer_config identified by it's name. * @@ -68,7 +68,7 @@ struct backend_manager_t { * @return matching peer_config, or NULL if none found */ peer_cfg_t* (*get_peer_cfg_by_name)(backend_manager_t *this, char *name); - + /** * Create an enumerator over all matching peer configs. * @@ -90,14 +90,14 @@ struct backend_manager_t { * @param backend backend to register */ void (*add_backend)(backend_manager_t *this, backend_t *backend); - + /** * Unregister a backend. * * @param backend backend to unregister */ void (*remove_backend)(backend_manager_t *this, backend_t *backend); - + /** * Destroys a backend_manager_t object. */ diff --git a/src/charon/config/child_cfg.c b/src/charon/config/child_cfg.c index 990ee3fd6..8410b3fe5 100644 --- a/src/charon/config/child_cfg.c +++ b/src/charon/config/child_cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -25,7 +25,7 @@ ENUM(action_names, ACTION_NONE, ACTION_RESTART, "restart", ); -ENUM_BEGIN(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_NONE, +ENUM_BEGIN(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_NONE, "IPCOMP_NONE"); ENUM_NEXT(ipcomp_transform_names, IPCOMP_OUI, IPCOMP_LZJH, IPCOMP_NONE, "IPCOMP_OUI", @@ -45,78 +45,72 @@ struct private_child_cfg_t { * Public part */ child_cfg_t public; - + /** * Number of references hold by others to this child_cfg */ refcount_t refcount; - + /** * Name of the child_cfg, used to query it */ char *name; - + /** * list for all proposals */ linked_list_t *proposals; - + /** * list for traffic selectors for my site */ linked_list_t *my_ts; - + /** * list for traffic selectors for others site */ linked_list_t *other_ts; - + /** * updown script */ char *updown; - + /** * allow host access */ bool hostaccess; - + /** * Mode to propose for a initiated CHILD: tunnel/transport */ ipsec_mode_t mode; - + /** * action to take on DPD */ action_t dpd_action; - + /** * action to take on CHILD_SA close */ action_t close_action; - - /** - * Time before an SA gets invalid - */ - u_int32_t lifetime; - - /** - * Time before an SA gets rekeyed - */ - u_int32_t rekeytime; - + /** - * Time, which specifies the range of a random value - * substracted from rekeytime. + * CHILD_SA lifetime config */ - u_int32_t jitter; - + lifetime_cfg_t lifetime; + /** * enable IPComp */ bool use_ipcomp; + /** + * Inactivity timeout + */ + u_int32_t inactivity; + /** * set up IPsec transport SA in MIPv6 proxy mode */ @@ -152,7 +146,7 @@ static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh) enumerator_t *enumerator; proposal_t *current; linked_list_t *proposals = linked_list_create(); - + enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, ¤t)) { @@ -164,7 +158,7 @@ static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh) proposals->insert_last(proposals, current); } enumerator->destroy(enumerator); - + return proposals; } @@ -172,14 +166,15 @@ static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh) * Implementation of child_cfg_t.select_proposal. */ static proposal_t* select_proposal(private_child_cfg_t*this, - linked_list_t *proposals, bool strip_dh) + linked_list_t *proposals, bool strip_dh, + bool private) { enumerator_t *stored_enum, *supplied_enum; proposal_t *stored, *supplied, *selected = NULL; - + stored_enum = this->proposals->create_enumerator(this->proposals); supplied_enum = proposals->create_enumerator(proposals); - + /* compare all stored proposals with all supplied. Stored ones are preferred. */ while (stored_enum->enumerate(stored_enum, &stored)) { @@ -190,7 +185,7 @@ static proposal_t* select_proposal(private_child_cfg_t*this, { stored->strip_dh(stored); } - selected = stored->select(stored, supplied); + selected = stored->select(stored, supplied, private); if (selected) { DBG2(DBG_CFG, "received proposals: %#P", proposals); @@ -205,7 +200,7 @@ static proposal_t* select_proposal(private_child_cfg_t*this, break; } supplied_enum->destroy(supplied_enum); - supplied_enum = proposals->create_enumerator(proposals); + supplied_enum = proposals->create_enumerator(proposals); } stored_enum->destroy(stored_enum); supplied_enum->destroy(supplied_enum); @@ -243,7 +238,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca enumerator_t *e1, *e2; traffic_selector_t *ts1, *ts2, *selected; linked_list_t *result = linked_list_create(); - + if (local) { e1 = this->my_ts->create_enumerator(this->my_ts); @@ -252,11 +247,11 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca { e1 = this->other_ts->create_enumerator(this->other_ts); } - + /* no list supplied, just fetch the stored traffic selectors */ if (supplied == NULL) { - DBG2(DBG_CFG, "proposing traffic selectors for %s:", + DBG2(DBG_CFG, "proposing traffic selectors for %s:", local ? "us" : "other"); while (e1->enumerate(e1, &ts1)) { @@ -273,7 +268,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca } else { - DBG2(DBG_CFG, "selecting traffic selectors for %s:", + DBG2(DBG_CFG, "selecting traffic selectors for %s:", local ? "us" : "other"); e2 = supplied->create_enumerator(supplied); /* iterate over all stored selectors */ @@ -285,7 +280,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca { ts1->set_address(ts1, host); } - + /* iterate over all supplied traffic selectors */ while (e2->enumerate(e2, &ts2)) { @@ -309,7 +304,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca e1->destroy(e1); e2->destroy(e2); } - + /* remove any redundant traffic selectors in the list */ e1 = result->create_enumerator(result); e2 = result->create_enumerator(result); @@ -340,7 +335,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca } e1->destroy(e1); e2->destroy(e2); - + return result; } @@ -361,19 +356,32 @@ static bool get_hostaccess(private_child_cfg_t *this) } /** - * Implementation of child_cfg_t.get_lifetime. + * Applies jitter to the rekey value. Returns the new rekey value. + * Note: The distribution of random values is not perfect, but it + * should get the job done. */ -static u_int32_t get_lifetime(private_child_cfg_t *this, bool rekey) +static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter) { - if (rekey) + if (jitter == 0) { - if (this->jitter == 0) - { - return this->rekeytime; - } - return this->rekeytime - (random() % this->jitter); + return rekey; } - return this->lifetime; + jitter = (jitter == UINT64_MAX) ? jitter : jitter + 1; + return rekey - jitter * (random() / (RAND_MAX + 1.0)); +} +#define APPLY_JITTER(l) l.rekey = apply_jitter(l.rekey, l.jitter) + +/** + * Implementation of child_cfg_t.get_lifetime. + */ +static lifetime_cfg_t *get_lifetime(private_child_cfg_t *this) +{ + lifetime_cfg_t *lft = malloc_thing(lifetime_cfg_t); + memcpy(lft, &this->lifetime, sizeof(lifetime_cfg_t)); + APPLY_JITTER(lft->time); + APPLY_JITTER(lft->bytes); + APPLY_JITTER(lft->packets); + return lft; } /** @@ -408,7 +416,7 @@ static diffie_hellman_group_t get_dh_group(private_child_cfg_t *this) enumerator_t *enumerator; proposal_t *proposal; u_int16_t dh_group = MODP_NONE; - + enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) { @@ -429,6 +437,14 @@ static bool use_ipcomp(private_child_cfg_t *this) return this->use_ipcomp; } +/** + * Implementation of child_cfg_t.get_inactivity. + */ +static u_int32_t get_inactivity(private_child_cfg_t *this) +{ + return this->inactivity; +} + /** * Implementation of child_cfg_t.set_mipv6_options. */ @@ -486,10 +502,11 @@ static void destroy(private_child_cfg_t *this) /* * Described in header-file */ -child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime, - u_int32_t rekeytime, u_int32_t jitter, - char *updown, bool hostaccess, ipsec_mode_t mode, - action_t dpd_action, action_t close_action, bool ipcomp) +child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, + char *updown, bool hostaccess, + ipsec_mode_t mode, action_t dpd_action, + action_t close_action, bool ipcomp, + u_int32_t inactivity) { private_child_cfg_t *this = malloc_thing(private_child_cfg_t); @@ -498,37 +515,37 @@ child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime, this->public.get_traffic_selectors = (linked_list_t*(*)(child_cfg_t*,bool,linked_list_t*,host_t*))get_traffic_selectors; this->public.add_proposal = (void (*) (child_cfg_t*,proposal_t*))add_proposal; this->public.get_proposals = (linked_list_t* (*) (child_cfg_t*,bool))get_proposals; - this->public.select_proposal = (proposal_t* (*) (child_cfg_t*,linked_list_t*,bool))select_proposal; + this->public.select_proposal = (proposal_t* (*) (child_cfg_t*,linked_list_t*,bool,bool))select_proposal; this->public.get_updown = (char* (*) (child_cfg_t*))get_updown; this->public.get_hostaccess = (bool (*) (child_cfg_t*))get_hostaccess; this->public.get_mode = (ipsec_mode_t (*) (child_cfg_t *))get_mode; this->public.get_dpd_action = (action_t (*) (child_cfg_t *))get_dpd_action; this->public.get_close_action = (action_t (*) (child_cfg_t *))get_close_action; - this->public.get_lifetime = (u_int32_t (*) (child_cfg_t *,bool))get_lifetime; + this->public.get_lifetime = (lifetime_cfg_t* (*) (child_cfg_t *))get_lifetime; this->public.get_dh_group = (diffie_hellman_group_t(*)(child_cfg_t*)) get_dh_group; this->public.set_mipv6_options = (void (*) (child_cfg_t*,bool,bool))set_mipv6_options; this->public.use_ipcomp = (bool (*) (child_cfg_t *))use_ipcomp; + this->public.get_inactivity = (u_int32_t (*) (child_cfg_t *))get_inactivity; this->public.use_proxy_mode = (bool (*) (child_cfg_t *))use_proxy_mode; this->public.install_policy = (bool (*) (child_cfg_t *))install_policy; this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref; this->public.destroy = (void (*) (child_cfg_t*))destroy; - + this->name = strdup(name); - this->lifetime = lifetime; - this->rekeytime = rekeytime; - this->jitter = jitter; this->updown = updown ? strdup(updown) : NULL; this->hostaccess = hostaccess; this->mode = mode; this->dpd_action = dpd_action; this->close_action = close_action; - this->use_ipcomp = ipcomp; + this->use_ipcomp = ipcomp; + this->inactivity = inactivity; this->proxy_mode = FALSE; - this->install_policy = TRUE; + this->install_policy = TRUE; this->refcount = 1; this->proposals = linked_list_create(); this->my_ts = linked_list_create(); this->other_ts = linked_list_create(); + memcpy(&this->lifetime, lifetime, sizeof(lifetime_cfg_t)); return &this->public; } diff --git a/src/charon/config/child_cfg.h b/src/charon/config/child_cfg.h index 33c75701c..c6186ea36 100644 --- a/src/charon/config/child_cfg.h +++ b/src/charon/config/child_cfg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -25,11 +25,12 @@ typedef enum action_t action_t; typedef enum ipcomp_transform_t ipcomp_transform_t; +typedef struct lifetime_cfg_t lifetime_cfg_t; typedef struct child_cfg_t child_cfg_t; #include +#include #include -#include #include /** @@ -65,74 +66,91 @@ enum ipcomp_transform_t { */ extern enum_name_t *ipcomp_transform_names; +/** + * A lifetime_cfg_t defines the lifetime limits of a CHILD_SA. + * + * Set any of these values to 0 to ignore. + */ +struct lifetime_cfg_t { + struct { + /** Limit before the CHILD_SA gets invalid. */ + u_int64_t life; + /** Limit before the CHILD_SA gets rekeyed. */ + u_int64_t rekey; + /** The range of a random value subtracted from rekey. */ + u_int64_t jitter; + } time, bytes, packets; +}; + /** * A child_cfg_t defines the config template for a CHILD_SA. * * After creation, proposals and traffic selectors may be added to the config. * A child_cfg object is referenced multiple times, and is not thread save. * Reading from the object is save, adding things is not allowed while other - * threads may access the object. + * threads may access the object. * A reference counter handles the number of references hold to this config. * * @see peer_cfg_t to get an overview over the configurations. */ struct child_cfg_t { - + /** * Get the name of the child_cfg. - * + * * @return child_cfg's name */ char *(*get_name) (child_cfg_t *this); - + /** - * Add a proposal to the list. - * + * Add a proposal to the list. + * * The proposals are stored by priority, first added * is the most prefered. * After add, proposal is owned by child_cfg. - * + * * @param proposal proposal to add */ void (*add_proposal) (child_cfg_t *this, proposal_t *proposal); - + /** * Get the list of proposals for the CHILD_SA. * * Resulting list and all of its proposals must be freed after use. - * + * * @param strip_dh TRUE strip out diffie hellman groups * @return list of proposals */ linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh); - + /** * Select a proposal from a supplied list. * * Returned propsal is newly created and must be destroyed after usage. - * + * * @param proposals list from from wich proposals are selected * @param strip_dh TRUE strip out diffie hellman groups + * @param private accept algorithms from a private range * @return selected proposal, or NULL if nothing matches */ proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals, - bool strip_dh); - + bool strip_dh, bool private); + /** * Add a traffic selector to the config. - * + * * Use the "local" parameter to add it for the local or the remote side. * After add, traffic selector is owned by child_cfg. - * + * * @param local TRUE for local side, FALSE for remote * @param ts traffic_selector to add */ void (*add_traffic_selector)(child_cfg_t *this, bool local, traffic_selector_t *ts); - + /** * Get a list of traffic selectors to use for the CHILD_SA. - * + * * The config contains two set of traffic selectors, one for the local * side, one for the remote side. * If a list with traffic selectors is supplied, these are used to narrow @@ -141,7 +159,7 @@ struct child_cfg_t { * to a specific address (host-to-host or virtual-IP setups). Use * the "host" parameter to narrow such traffic selectors to that address. * Resulted list and its traffic selectors must be destroyed after use. - * + * * @param local TRUE for TS on local side, FALSE for remote * @param supplied list with TS to select from, or NULL * @param host address to use for narrowing "dynamic" TS', or NULL @@ -152,74 +170,77 @@ struct child_cfg_t { host_t *host); /** * Get the updown script to run for the CHILD_SA. - * + * * @return path to updown script */ char* (*get_updown)(child_cfg_t *this); - + /** * Should we allow access to the local host (gateway)? - * + * * @return value of hostaccess flag */ bool (*get_hostaccess) (child_cfg_t *this); /** - * Get the lifetime of a CHILD_SA. + * Get the lifetime configuration of a CHILD_SA. + * + * The rekey limits automatically contain a jitter to avoid simultaneous + * rekeying. These values will change with each call to this function. * - * If "rekey" is set to TRUE, a lifetime is returned before the first - * rekeying should be started. If it is FALSE, the actual lifetime is - * returned when the CHILD_SA must be deleted. - * The rekey time automatically contains a jitter to avoid simlutaneous - * rekeying. - * - * @param rekey TRUE to get rekey time - * @return lifetime in seconds + * @return lifetime_cfg_t (has to be freed) */ - u_int32_t (*get_lifetime) (child_cfg_t *this, bool rekey); - + lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this); + /** * Get the mode to use for the CHILD_SA. * * The mode is either tunnel, transport or BEET. The peer must agree * on the method, fallback is tunnel mode. - * + * * @return ipsec mode */ ipsec_mode_t (*get_mode) (child_cfg_t *this); - + /** * Action to take on DPD. * * @return DPD action - */ + */ action_t (*get_dpd_action) (child_cfg_t *this); - + /** * Action to take if CHILD_SA gets closed. * * @return close action - */ + */ action_t (*get_close_action) (child_cfg_t *this); - + /** * Get the DH group to use for CHILD_SA setup. - * + * * @return dh group to use */ diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this); - + /** * Check whether IPComp should be used, if the other peer supports it. - * + * * @return TRUE, if IPComp should be used * FALSE, otherwise */ bool (*use_ipcomp)(child_cfg_t *this); + /** + * Get the inactivity timeout value. + * + * @return inactivity timeout in s + */ + u_int32_t (*get_inactivity)(child_cfg_t *this); + /** * Sets two options needed for Mobile IPv6 interoperability - * + * * @param proxy_mode use IPsec transport proxy mode (default FALSE) * @param install_policy install IPsec kernel policies (default TRUE) */ @@ -228,27 +249,27 @@ struct child_cfg_t { /** * Check whether IPsec transport SA should be set up in proxy mode - * + * * @return TRUE, if proxy mode should be used * FALSE, otherwise */ bool (*use_proxy_mode)(child_cfg_t *this); - + /** * Check whether IPsec policies should be installed in the kernel - * + * * @return TRUE, if IPsec kernel policies should be installed * FALSE, otherwise */ bool (*install_policy)(child_cfg_t *this); - + /** * Increase the reference count. * * @return reference to this */ child_cfg_t* (*get_ref) (child_cfg_t *this); - + /** * Destroys the child_cfg object. * @@ -260,29 +281,30 @@ struct child_cfg_t { /** * Create a configuration template for CHILD_SA setup. - * + * * The "name" string gets cloned. - * Lifetimes are in seconds. To prevent to peers to start rekeying at the - * same time, a jitter may be specified. Rekeying of an SA starts at - * (rekeytime - random(0, jitter)). You should specify - * lifetime > rekeytime > jitter. + * + * The lifetime_cfg_t object gets cloned. + * To prevent two peers to start rekeying at the same time, a jitter may be + * specified. Rekeying of an SA starts at (x.rekey - random(0, x.jitter)). + * * After a call to create, a reference is obtained (refcount = 1). - * + * * @param name name of the child_cfg - * @param lifetime lifetime after CHILD_SA expires and gets deleted - * @param rekeytime time when rekeying should be initiated - * @param jitter range of randomization time to remove from rekeytime + * @param lifetime lifetime_cfg_t for this child_cfg * @param updown updown script to execute on up/down event * @param hostaccess TRUE to allow access to the local host * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET * @param dpd_action DPD action * @param close_action close action * @param ipcomp use IPComp, if peer supports it + * @param inactivity inactivity timeout in s before closing a CHILD_SA * @return child_cfg_t object */ -child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime, - u_int32_t rekeytime, u_int32_t jitter, - char *updown, bool hostaccess, ipsec_mode_t mode, - action_t dpd_action, action_t close_action, bool ipcomp); +child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, + char *updown, bool hostaccess, + ipsec_mode_t mode, action_t dpd_action, + action_t close_action, bool ipcomp, + u_int32_t inactivity); #endif /** CHILD_CFG_H_ @}*/ diff --git a/src/charon/config/ike_cfg.c b/src/charon/config/ike_cfg.c index e80ab577e..2e748f511 100644 --- a/src/charon/config/ike_cfg.c +++ b/src/charon/config/ike_cfg.c @@ -32,7 +32,7 @@ struct private_ike_cfg_t { * Public part */ ike_cfg_t public; - + /** * Number of references hold by others to this ike_cfg */ @@ -45,19 +45,19 @@ struct private_ike_cfg_t { /** * Address of remote host - */ + */ char *other; - + /** * should we send a certificate request? */ bool certreq; - + /** * enforce UDP encapsulation */ bool force_encap; - + /** * List of proposals to use */ @@ -71,7 +71,7 @@ static bool send_certreq(private_ike_cfg_t *this) { return this->certreq; } - + /** * Implementation of ike_cfg_t.force_encap. */ @@ -112,7 +112,7 @@ static linked_list_t* get_proposals(private_ike_cfg_t *this) iterator_t *iterator; proposal_t *current; linked_list_t *proposals = linked_list_create(); - + iterator = this->proposals->create_iterator(this->proposals, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -120,31 +120,31 @@ static linked_list_t* get_proposals(private_ike_cfg_t *this) proposals->insert_last(proposals, (void*)current); } iterator->destroy(iterator); - + return proposals; } - + /** * Implementation of ike_cfg_t.select_proposal. */ static proposal_t *select_proposal(private_ike_cfg_t *this, - linked_list_t *proposals) + linked_list_t *proposals, bool private) { iterator_t *stored_iter, *supplied_iter; proposal_t *stored, *supplied, *selected; - + stored_iter = this->proposals->create_iterator(this->proposals, TRUE); supplied_iter = proposals->create_iterator(proposals, TRUE); - - + + /* compare all stored proposals with all supplied. Stored ones are preferred.*/ while (stored_iter->iterate(stored_iter, (void**)&stored)) { supplied_iter->reset(supplied_iter); - + while (supplied_iter->iterate(supplied_iter, (void**)&supplied)) { - selected = stored->select(stored, supplied); + selected = stored->select(stored, supplied, private); if (selected) { /* they match, return */ @@ -162,7 +162,7 @@ static proposal_t *select_proposal(private_ike_cfg_t *this, supplied_iter->destroy(supplied_iter); DBG1(DBG_CFG, "received proposals: %#P", proposals); DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); - + return NULL; } @@ -174,7 +174,7 @@ static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this) enumerator_t *enumerator; proposal_t *proposal; u_int16_t dh_group = MODP_NONE; - + enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) { @@ -195,7 +195,7 @@ static bool equals(private_ike_cfg_t *this, private_ike_cfg_t *other) enumerator_t *e1, *e2; proposal_t *p1, *p2; bool eq = TRUE; - + if (this == other) { return TRUE; @@ -260,7 +260,7 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, char *me, char *other) { private_ike_cfg_t *this = malloc_thing(private_ike_cfg_t); - + /* public functions */ this->public.send_certreq = (bool(*)(ike_cfg_t*))send_certreq; this->public.force_encap = (bool (*) (ike_cfg_t *))force_encap_meth; @@ -268,12 +268,12 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, this->public.get_other_addr = (char*(*)(ike_cfg_t*))get_other_addr; this->public.add_proposal = (void(*)(ike_cfg_t*, proposal_t*)) add_proposal; this->public.get_proposals = (linked_list_t*(*)(ike_cfg_t*))get_proposals; - this->public.select_proposal = (proposal_t*(*)(ike_cfg_t*,linked_list_t*))select_proposal; + this->public.select_proposal = (proposal_t*(*)(ike_cfg_t*,linked_list_t*,bool))select_proposal; this->public.get_dh_group = (diffie_hellman_group_t(*)(ike_cfg_t*)) get_dh_group; this->public.equals = (bool(*)(ike_cfg_t*,ike_cfg_t*)) equals; this->public.get_ref = (ike_cfg_t*(*)(ike_cfg_t*))get_ref; this->public.destroy = (void(*)(ike_cfg_t*))destroy; - + /* private variables */ this->refcount = 1; this->certreq = certreq; @@ -281,6 +281,6 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, this->me = strdup(me); this->other = strdup(other); this->proposals = linked_list_create(); - + return &this->public; } diff --git a/src/charon/config/ike_cfg.h b/src/charon/config/ike_cfg.h index 064906423..eaac321b9 100644 --- a/src/charon/config/ike_cfg.h +++ b/src/charon/config/ike_cfg.h @@ -37,71 +37,73 @@ typedef struct ike_cfg_t ike_cfg_t; * @see peer_cfg_t to get an overview over the configurations. */ struct ike_cfg_t { - + /** * Get own address. - * + * * @return string of address/DNS name */ char* (*get_my_addr) (ike_cfg_t *this); /** * Get peers address. - * + * * @return string of address/DNS name */ char* (*get_other_addr) (ike_cfg_t *this); - + /** * Adds a proposal to the list. - * + * * The first added proposal has the highest priority, the last * added the lowest. - * + * * @param proposal proposal to add */ void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal); - + /** * Returns a list of all supported proposals. - * + * * Returned list and its proposals must be destroyed after use. - * + * * @return list containing all the proposals */ linked_list_t* (*get_proposals) (ike_cfg_t *this); - + /** * Select a proposed from suggested proposals. - * + * * Returned proposal must be destroyed after use. - * + * * @param proposals list of proposals to select from + * @param private accept algorithms from a private range * @return selected proposal, or NULL if none matches. */ - proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals); - + proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals, + bool private); + /** * Should we send a certificate request in IKE_SA_INIT? * * @return certificate request sending policy */ bool (*send_certreq) (ike_cfg_t *this); - + /** * Enforce UDP encapsulation by faking NATD notifies? - * + * * @return TRUE to enfoce UDP encapsulation */ bool (*force_encap) (ike_cfg_t *this); - + /** * Get the DH group to use for IKE_SA setup. - * + * * @return dh group to use for initialization */ diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this); - + /** * Check if two IKE configs are equal. * @@ -109,17 +111,17 @@ struct ike_cfg_t { * @return TRUE if other equal to this */ bool (*equals)(ike_cfg_t *this, ike_cfg_t *other); - + /** * Increase reference count. * * @return reference to this */ ike_cfg_t* (*get_ref) (ike_cfg_t *this); - + /** * Destroys a ike_cfg_t object. - * + * * Decrements the internal reference counter and * destroys the ike_cfg when it reaches zero. */ @@ -137,7 +139,7 @@ struct ike_cfg_t { * @param other address/DNS name of remote peer * @return ike_cfg_t object. */ -ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, +ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, char *me, char *other); #endif /** IKE_CFG_H_ @}*/ diff --git a/src/charon/config/peer_cfg.c b/src/charon/config/peer_cfg.c index f096f269e..9df14c9ae 100644 --- a/src/charon/config/peer_cfg.c +++ b/src/charon/config/peer_cfg.c @@ -21,7 +21,7 @@ #include -#include +#include #include #include @@ -48,113 +48,113 @@ struct private_peer_cfg_t { * Public part */ peer_cfg_t public; - + /** * Number of references hold by others to this peer_cfg */ refcount_t refcount; - + /** * Name of the peer_cfg, used to query it */ char *name; - + /** * IKE version to use for initiation */ u_int ike_version; - + /** * IKE config associated to this peer config */ ike_cfg_t *ike_cfg; - + /** * list of child configs associated to this peer config */ linked_list_t *child_cfgs; - + /** * mutex to lock access to list of child_cfgs */ mutex_t *mutex; - + /** * should we send a certificate */ cert_policy_t cert_policy; - + /** * uniqueness of an IKE_SA */ unique_policy_t unique; - + /** * number of tries after giving up if peer does not respond */ u_int32_t keyingtries; - + /** * enable support for MOBIKE */ bool use_mobike; - + /** * Time before starting rekeying */ u_int32_t rekey_time; - + /** * Time before starting reauthentication */ u_int32_t reauth_time; - + /** * Time, which specifies the range of a random value substracted from above. */ u_int32_t jitter_time; - + /** * Delay before deleting a rekeying/reauthenticating SA */ u_int32_t over_time; - + /** * DPD check intervall */ u_int32_t dpd; - + /** * virtual IP to use locally */ host_t *virtual_ip; - + /** * pool to acquire configuration attributes from */ char *pool; - + /** * local authentication configs (rulesets) */ linked_list_t *local_auth; - + /** * remote authentication configs (constraints) */ linked_list_t *remote_auth; - -#ifdef ME + +#ifdef ME /** * Is this a mediation connection? */ bool mediation; - + /** * Name of the mediation connection to mediate through */ peer_cfg_t *mediated_by; - + /** * ID of our peer at the mediation server (= leftid of the peer's conn with * the mediation server) @@ -239,12 +239,12 @@ static bool child_cfg_enumerate(child_cfg_enumerator_t *this, child_cfg_t **chd) static enumerator_t* create_child_cfg_enumerator(private_peer_cfg_t *this) { child_cfg_enumerator_t *enumerator = malloc_thing(child_cfg_enumerator_t); - + enumerator->public.enumerate = (void*)child_cfg_enumerate; enumerator->public.destroy = (void*)child_cfg_enumerator_destroy; enumerator->mutex = this->mutex; enumerator->wrapped = this->child_cfgs->create_enumerator(this->child_cfgs); - + this->mutex->lock(this->mutex); return &enumerator->public; } @@ -259,13 +259,13 @@ static int get_ts_match(child_cfg_t *cfg, bool local, enumerator_t *sup_enum, *cfg_enum; traffic_selector_t *sup_ts, *cfg_ts; int match = 0, round; - + /* fetch configured TS list, narrowing dynamic TS */ cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, host); - + /* use a round counter to rate leading TS with higher priority */ round = sup_list->get_count(sup_list); - + sup_enum = sup_list->create_enumerator(sup_list); while (sup_enum->enumerate(sup_enum, &sup_ts)) { @@ -286,9 +286,9 @@ static int get_ts_match(child_cfg_t *cfg, bool local, round--; } sup_enum->destroy(sup_enum); - + cfg_list->destroy_offset(cfg_list, offsetof(traffic_selector_t, destroy)); - + return match; } @@ -303,16 +303,16 @@ static child_cfg_t* select_child_cfg(private_peer_cfg_t *this, child_cfg_t *current, *found = NULL; enumerator_t *enumerator; int best = 0; - + DBG2(DBG_CFG, "looking for a child config for %#R=== %#R", my_ts, other_ts); enumerator = create_child_cfg_enumerator(this); while (enumerator->enumerate(enumerator, ¤t)) { int my_prio, other_prio; - + my_prio = get_ts_match(current, TRUE, my_ts, my_host); other_prio = get_ts_match(current, FALSE, other_ts, other_host); - + if (my_prio && other_prio) { DBG2(DBG_CFG, " candidate \"%s\" with prio %d+%d", @@ -421,7 +421,7 @@ static host_t* get_virtual_ip(private_peer_cfg_t *this) { return this->virtual_ip; } - + /** * Implementation of peer_cfg_t.get_pool. */ @@ -493,7 +493,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other) enumerator_t *e1, *e2; auth_cfg_t *cfg1, *cfg2; bool equal = TRUE; - + if (this->local_auth->get_count(this->local_auth) != other->local_auth->get_count(other->local_auth)) { @@ -504,7 +504,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other) { return FALSE; } - + e1 = this->local_auth->create_enumerator(this->local_auth); e2 = other->local_auth->create_enumerator(other->local_auth); while (e1->enumerate(e1, &cfg1) && e2->enumerate(e2, &cfg2)) @@ -517,12 +517,12 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other) } e1->destroy(e1); e2->destroy(e2); - + if (!equal) { return FALSE; } - + e1 = this->remote_auth->create_enumerator(this->remote_auth); e2 = other->remote_auth->create_enumerator(other->remote_auth); while (e1->enumerate(e1, &cfg1) && e2->enumerate(e2, &cfg2)) @@ -535,7 +535,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other) } e1->destroy(e1); e2->destroy(e2); - + return equal; } @@ -552,7 +552,7 @@ static bool equals(private_peer_cfg_t *this, private_peer_cfg_t *other) { return FALSE; } - + return ( this->ike_version == other->ike_version && this->cert_policy == other->cert_policy && @@ -567,7 +567,7 @@ static bool equals(private_peer_cfg_t *this, private_peer_cfg_t *other) (this->virtual_ip == other->virtual_ip || (this->virtual_ip && other->virtual_ip && this->virtual_ip->equals(this->virtual_ip, other->virtual_ip))) && - (this->pool == other->pool || + (this->pool == other->pool || (this->pool && other->pool && streq(this->pool, other->pool))) && auth_cfg_equal(this, other) #ifdef ME @@ -630,8 +630,8 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, private_peer_cfg_t *this = malloc_thing(private_peer_cfg_t); /* public functions */ - this->public.get_name = (char* (*) (peer_cfg_t *))get_name; - this->public.get_ike_version = (u_int(*) (peer_cfg_t *))get_ike_version; + this->public.get_name = (char* (*) (peer_cfg_t *))get_name; + this->public.get_ike_version = (u_int(*) (peer_cfg_t *))get_ike_version; this->public.get_ike_cfg = (ike_cfg_t* (*) (peer_cfg_t *))get_ike_cfg; this->public.add_child_cfg = (void (*) (peer_cfg_t *, child_cfg_t*))add_child_cfg; this->public.remove_child_cfg = (void(*)(peer_cfg_t*, enumerator_t*))remove_child_cfg; @@ -657,7 +657,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, this->public.get_mediated_by = (peer_cfg_t* (*) (peer_cfg_t *))get_mediated_by; this->public.get_peer_id = (identification_t* (*) (peer_cfg_t *))get_peer_id; #endif /* ME */ - + /* apply init values */ this->name = strdup(name); this->ike_version = ike_version; diff --git a/src/charon/config/peer_cfg.h b/src/charon/config/peer_cfg.h index 3c095eff0..6855276f8 100644 --- a/src/charon/config/peer_cfg.h +++ b/src/charon/config/peer_cfg.h @@ -30,7 +30,7 @@ typedef struct peer_cfg_t peer_cfg_t; #include #include #include -#include +#include #include #include #include @@ -43,17 +43,17 @@ typedef struct peer_cfg_t peer_cfg_t; * requests when using this definition for the other peer. If * it is CERT_NEVER_SEND, a certreq is omitted, otherwise its * included. - * + * * @warning These definitions must be the same as in pluto/starter, * as they are sent over the stroke socket. */ enum cert_policy_t { /** always send certificates, even when not requested */ - CERT_ALWAYS_SEND = 0, + CERT_ALWAYS_SEND = 0, /** send certificate upon cert request */ - CERT_SEND_IF_ASKED = 1, + CERT_SEND_IF_ASKED = 1, /** never send a certificate, even when requested */ - CERT_NEVER_SEND = 2, + CERT_NEVER_SEND = 2, }; /** @@ -108,60 +108,60 @@ extern enum_name_t *unique_policy_names; * Each peer_cfg has two lists of authentication config attached. Local * authentication configs define how to authenticate ourself against the remote * peer. Each config is enforced using the multiple authentication extension - * (RFC4739). + * (RFC4739). * The remote authentication configs are handled as constraints. The peer has * to fullfill each of these rules (using multiple authentication, in any order) * to gain access to the configuration. */ struct peer_cfg_t { - + /** * Get the name of the peer_cfg. - * + * * Returned object is not getting cloned. - * + * * @return peer_cfg's name */ char* (*get_name) (peer_cfg_t *this); - + /** * Get the IKE version to use for initiating. * * @return IKE major version */ u_int (*get_ike_version)(peer_cfg_t *this); - + /** * Get the IKE config to use for initiaton. - * + * * @return the IKE config to use */ ike_cfg_t* (*get_ike_cfg) (peer_cfg_t *this); - + /** * Attach a CHILD config. - * + * * @param child_cfg CHILD config to add */ void (*add_child_cfg) (peer_cfg_t *this, child_cfg_t *child_cfg); - + /** * Detach a CHILD config, pointed to by an enumerator. * * @param enumerator enumerator indicating element position */ void (*remove_child_cfg)(peer_cfg_t *this, enumerator_t *enumerator); - + /** * Create an enumerator for all attached CHILD configs. - * + * * @return an enumerator over all CHILD configs. */ enumerator_t* (*create_child_cfg_enumerator) (peer_cfg_t *this); - + /** * Select a CHILD config from traffic selectors. - * + * * @param my_ts TS for local side * @param other_ts TS for remote side * @param my_host host to narrow down dynamic TS for local side @@ -171,7 +171,7 @@ struct peer_cfg_t { child_cfg_t* (*select_child_cfg) (peer_cfg_t *this, linked_list_t *my_ts, linked_list_t *other_ts, host_t *my_host, host_t *other_host); - + /** * Add an authentication config to the peer configuration. * @@ -179,7 +179,7 @@ struct peer_cfg_t { * @param local TRUE for local rules, FALSE for remote constraints */ void (*add_auth_cfg)(peer_cfg_t *this, auth_cfg_t *cfg, bool local); - + /** * Create an enumerator over registered authentication configs. * @@ -201,49 +201,49 @@ struct peer_cfg_t { * @return unique policy */ unique_policy_t (*get_unique_policy) (peer_cfg_t *this); - + /** * Get the max number of retries after timeout. * * @return max number retries */ u_int32_t (*get_keyingtries) (peer_cfg_t *this); - + /** * Get a time to start rekeying (is randomized with jitter). * * @return time in s when to start rekeying, 0 disables rekeying */ u_int32_t (*get_rekey_time)(peer_cfg_t *this); - + /** * Get a time to start reauthentication (is randomized with jitter). * * @return time in s when to start reauthentication, 0 disables it */ u_int32_t (*get_reauth_time)(peer_cfg_t *this); - + /** * Get the timeout of a rekeying/reauthenticating SA. * * @return timeout in s */ u_int32_t (*get_over_time)(peer_cfg_t *this); - + /** * Use MOBIKE (RFC4555) if peer supports it? - * + * * @return TRUE to enable MOBIKE support */ bool (*use_mobike) (peer_cfg_t *this); - + /** * Get the DPD check interval. - * + * * @return dpd_delay in seconds */ u_int32_t (*get_dpd) (peer_cfg_t *this); - + /** * Get a virtual IP for the local peer. * @@ -255,37 +255,37 @@ struct peer_cfg_t { * @return virtual IP, %any or NULL */ host_t* (*get_virtual_ip) (peer_cfg_t *this); - + /** * Get the name of the pool to acquire configuration attributes from. * * @return pool name, NULL if none defined */ char* (*get_pool)(peer_cfg_t *this); - + #ifdef ME /** * Is this a mediation connection? - * + * * @return TRUE, if this is a mediation connection */ bool (*is_mediation) (peer_cfg_t *this); - + /** * Get peer_cfg of the connection this one is mediated through. - * + * * @return the peer_cfg of the mediation connection */ peer_cfg_t* (*get_mediated_by) (peer_cfg_t *this); - + /** * Get the id of the other peer at the mediation server. - * + * * This is the leftid of the peer's connection with the mediation server. - * + * * If it is not configured, it is assumed to be the same as the right id - * of this connection. - * + * of this connection. + * * @return the id of the other peer */ identification_t* (*get_peer_id) (peer_cfg_t *this); @@ -300,14 +300,14 @@ struct peer_cfg_t { * @return TRUE if peer_cfg and ike_cfg are equal */ bool (*equals)(peer_cfg_t *this, peer_cfg_t *other); - + /** * Increase reference count. * * @return reference to this */ peer_cfg_t* (*get_ref) (peer_cfg_t *this); - + /** * Destroys the peer_cfg object. * @@ -319,14 +319,14 @@ struct peer_cfg_t { /** * Create a configuration object for IKE_AUTH and later. - * + * * name-string gets cloned, ID's not. * Virtual IPs are used if they are != NULL. A %any host means the virtual * IP should be obtained from the other peer. * Lifetimes are in seconds. To prevent to peers to start rekeying at the * same time, a jitter may be specified. Rekeying of an SA starts at - * (rekeylifetime - random(0, jitter)). - * + * (rekeylifetime - random(0, jitter)). + * * @param name name of the peer_cfg * @param ike_version which IKE version we sould use for this peer * @param ike_cfg IKE config to use when acting as initiator diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c index cf7e19605..6b3500b6e 100644 --- a/src/charon/config/proposal.c +++ b/src/charon/config/proposal.c @@ -52,52 +52,52 @@ struct private_proposal_t { * Public part */ proposal_t public; - + /** * protocol (ESP or AH) */ protocol_id_t protocol; - + /** * priority ordered list of encryption algorithms */ linked_list_t *encryption_algos; - + /** * priority ordered list of integrity algorithms */ linked_list_t *integrity_algos; - + /** * priority ordered list of pseudo random functions */ linked_list_t *prf_algos; - + /** * priority ordered list of dh groups */ linked_list_t *dh_groups; - + /** * priority ordered list of extended sequence number flags */ linked_list_t *esns; - - /** + + /** * senders SPI */ u_int64_t spi; }; /** - * Struct used to store different kinds of algorithms. + * Struct used to store different kinds of algorithms. */ struct algorithm_t { /** * Value from an encryption_algorithm_t/integrity_algorithm_t/... */ u_int16_t algorithm; - + /** * the associated key size in bits, or zero if not needed */ @@ -110,7 +110,7 @@ struct algorithm_t { static void add_algo(linked_list_t *list, u_int16_t algo, u_int16_t key_size) { algorithm_t *algo_key; - + algo_key = malloc_thing(algorithm_t); algo_key->algorithm = algo; algo_key->key_size = key_size; @@ -200,7 +200,7 @@ static bool get_algorithm(private_proposal_t *this, transform_type_t type, { enumerator_t *enumerator; bool found = FALSE; - + enumerator = create_enumerator(this, type); if (enumerator->enumerate(enumerator, alg, key_size)) { @@ -216,12 +216,12 @@ static bool get_algorithm(private_proposal_t *this, transform_type_t type, static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group) { bool result = FALSE; - + if (this->dh_groups->get_count(this->dh_groups)) { algorithm_t *current; enumerator_t *enumerator; - + enumerator = this->dh_groups->create_enumerator(this->dh_groups); while (enumerator->enumerate(enumerator, (void**)¤t)) { @@ -246,7 +246,7 @@ static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group) static void strip_dh(private_proposal_t *this) { algorithm_t *alg; - + while (this->dh_groups->remove_last(this->dh_groups, (void**)&alg) == SUCCESS) { free(alg); @@ -277,19 +277,19 @@ static bool is_authenticated_encryption(u_int16_t alg) /** * Find a matching alg/keysize in two linked lists */ -static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, - u_int16_t *alg, size_t *key_size) +static bool select_algo(linked_list_t *first, linked_list_t *second, bool priv, + bool *add, u_int16_t *alg, size_t *key_size) { enumerator_t *e1, *e2; algorithm_t *alg1, *alg2; - + /* if in both are zero algorithms specified, we HAVE a match */ if (first->get_count(first) == 0 && second->get_count(second) == 0) { *add = FALSE; return TRUE; } - + e1 = first->create_enumerator(first); e2 = second->create_enumerator(second); /* compare algs, order of algs in "first" is preferred */ @@ -302,6 +302,13 @@ static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, if (alg1->algorithm == alg2->algorithm && alg1->key_size == alg2->key_size) { + if (!priv && alg1->algorithm >= 1024) + { + /* accept private use algorithms only if requested */ + DBG1(DBG_CFG, "an algorithm from private space would match, " + "but peer implementation is unknown, skipped"); + continue; + } /* ok, we have an algorithm */ *alg = alg1->algorithm; *key_size = alg1->key_size; @@ -321,26 +328,27 @@ static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, /** * Implements proposal_t.select. */ -static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t *other) +static proposal_t *select_proposal(private_proposal_t *this, + private_proposal_t *other, bool private) { proposal_t *selected; u_int16_t algo; size_t key_size; bool add; - + DBG2(DBG_CFG, "selecting proposal:"); - + /* check protocol */ if (this->protocol != other->protocol) { DBG2(DBG_CFG, " protocol mismatch, skipping"); return NULL; } - + selected = proposal_create(this->protocol); - + /* select encryption algorithm */ - if (select_algo(this->encryption_algos, other->encryption_algos, + if (select_algo(this->encryption_algos, other->encryption_algos, private, &add, &algo, &key_size)) { if (add) @@ -359,7 +367,7 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t /* select integrity algorithm */ if (!is_authenticated_encryption(algo)) { - if (select_algo(this->integrity_algos, other->integrity_algos, + if (select_algo(this->integrity_algos, other->integrity_algos, private, &add, &algo, &key_size)) { if (add) @@ -377,7 +385,7 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t } } /* select prf algorithm */ - if (select_algo(this->prf_algos, other->prf_algos, + if (select_algo(this->prf_algos, other->prf_algos, private, &add, &algo, &key_size)) { if (add) @@ -394,7 +402,8 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t return NULL; } /* select a DH-group */ - if (select_algo(this->dh_groups, other->dh_groups, &add, &algo, &key_size)) + if (select_algo(this->dh_groups, other->dh_groups, private, + &add, &algo, &key_size)) { if (add) { @@ -408,8 +417,8 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t transform_type_names, DIFFIE_HELLMAN_GROUP); return NULL; } - /* select if we use ESNs */ - if (select_algo(this->esns, other->esns, &add, &algo, &key_size)) + /* select if we use ESNs (has no private use space) */ + if (select_algo(this->esns, other->esns, TRUE, &add, &algo, &key_size)) { if (add) { @@ -424,10 +433,10 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t return NULL; } DBG2(DBG_CFG, " proposal matches"); - + /* apply SPI from "other" */ selected->set_spi(selected, other->spi); - + /* everything matched, return new proposal */ return selected; } @@ -463,7 +472,7 @@ static void clone_algo_list(linked_list_t *list, linked_list_t *clone_list) { algorithm_t *algo, *clone_algo; enumerator_t *enumerator; - + enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &algo)) { @@ -482,12 +491,12 @@ static bool algo_list_equals(linked_list_t *l1, linked_list_t *l2) enumerator_t *e1, *e2; algorithm_t *alg1, *alg2; bool equals = TRUE; - + if (l1->get_count(l1) != l2->get_count(l2)) { return FALSE; } - + e1 = l1->create_enumerator(l1); e2 = l2->create_enumerator(l2); while (e1->enumerate(e1, &alg1) && e2->enumerate(e2, &alg2)) @@ -531,15 +540,15 @@ static bool equals(private_proposal_t *this, private_proposal_t *other) static proposal_t *clone_(private_proposal_t *this) { private_proposal_t *clone = (private_proposal_t*)proposal_create(this->protocol); - + clone_algo_list(this->encryption_algos, clone->encryption_algos); clone_algo_list(this->integrity_algos, clone->integrity_algos); clone_algo_list(this->prf_algos, clone->prf_algos); clone_algo_list(this->dh_groups, clone->dh_groups); clone_algo_list(this->esns, clone->esns); - + clone->spi = this->spi; - + return &clone->public; } @@ -551,7 +560,7 @@ static void check_proposal(private_proposal_t *this) enumerator_t *e; algorithm_t *alg; bool all_aead = TRUE; - + e = this->encryption_algos->create_enumerator(this->encryption_algos); while (e->enumerate(e, &alg)) { @@ -562,7 +571,7 @@ static void check_proposal(private_proposal_t *this) } } e->destroy(e); - + if (all_aead) { /* if all encryption algorithms in the proposal are authenticated encryption @@ -613,7 +622,7 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) case AUTH_AES_XCBC_96: prf = PRF_AES128_XCBC; break; - default: + default: prf = PRF_UNDEFINED; } if (prf != PRF_UNDEFINED) @@ -633,7 +642,7 @@ static int print_alg(private_proposal_t *this, char **dst, size_t *len, enumerator_t *enumerator; size_t written = 0; u_int16_t alg, size; - + enumerator = create_enumerator(this, kind); while (enumerator->enumerate(enumerator, &alg, &size)) { @@ -666,12 +675,12 @@ int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, enumerator_t *enumerator; size_t written = 0; bool first = TRUE; - + if (this == NULL) { return print_in_hook(dst, len, "(null)"); } - + if (spec->hash) { enumerator = list->create_enumerator(list); @@ -690,7 +699,7 @@ int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, enumerator->destroy(enumerator); return written; } - + written = print_in_hook(dst, len, "%N:", protocol_id_names, this->protocol); written += print_alg(this, &dst, &len, ENCRYPTION_ALGORITHM, encryption_algorithm_names, &first); @@ -724,29 +733,29 @@ static void destroy(private_proposal_t *this) proposal_t *proposal_create(protocol_id_t protocol) { private_proposal_t *this = malloc_thing(private_proposal_t); - + this->public.add_algorithm = (void (*)(proposal_t*,transform_type_t,u_int16_t,u_int16_t))add_algorithm; this->public.create_enumerator = (enumerator_t* (*)(proposal_t*,transform_type_t))create_enumerator; this->public.get_algorithm = (bool (*)(proposal_t*,transform_type_t,u_int16_t*,u_int16_t*))get_algorithm; this->public.has_dh_group = (bool (*)(proposal_t*,diffie_hellman_group_t))has_dh_group; this->public.strip_dh = (void(*)(proposal_t*))strip_dh; - this->public.select = (proposal_t* (*)(proposal_t*,proposal_t*))select_proposal; + this->public.select = (proposal_t* (*)(proposal_t*,proposal_t*,bool))select_proposal; this->public.get_protocol = (protocol_id_t(*)(proposal_t*))get_protocol; this->public.set_spi = (void(*)(proposal_t*,u_int64_t))set_spi; this->public.get_spi = (u_int64_t(*)(proposal_t*))get_spi; this->public.equals = (bool(*)(proposal_t*, proposal_t *other))equals; this->public.clone = (proposal_t*(*)(proposal_t*))clone_; this->public.destroy = (void(*)(proposal_t*))destroy; - + this->spi = 0; this->protocol = protocol; - + this->encryption_algos = linked_list_create(); this->integrity_algos = linked_list_create(); this->prf_algos = linked_list_create(); this->dh_groups = linked_list_create(); this->esns = linked_list_create(); - + return &this->public; } @@ -760,7 +769,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) integrity_algorithm_t integrity; pseudo_random_function_t prf; diffie_hellman_group_t group; - + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &encryption)) { @@ -787,10 +796,10 @@ static void proposal_add_supported_ike(private_proposal_t *this) break; default: break; - } + } } enumerator->destroy(enumerator); - + enumerator = lib->crypto->create_signer_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &integrity)) { @@ -806,10 +815,10 @@ static void proposal_add_supported_ike(private_proposal_t *this) break; default: break; - } + } } enumerator->destroy(enumerator); - + enumerator = lib->crypto->create_prf_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &prf)) { @@ -828,7 +837,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) } } enumerator->destroy(enumerator); - + enumerator = lib->crypto->create_dh_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &group)) { @@ -865,7 +874,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) proposal_t *proposal_create_default(protocol_id_t protocol) { private_proposal_t *this = (private_proposal_t*)proposal_create(protocol); - + switch (protocol) { case PROTO_IKE: @@ -903,14 +912,14 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs chunk_t string = {(void*)algs, strlen(algs)}; chunk_t alg; status_t status = SUCCESS; - + eat_whitespace(&string); if (string.len < 1) { destroy(this); return NULL; } - + /* get all tokens, separated by '-' */ while (extract_token(&alg, '-', &string)) { @@ -925,9 +934,9 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs destroy(this); return NULL; } - + check_proposal(this); - + if (protocol == PROTO_AH || protocol == PROTO_ESP) { add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h index bc7a8c5e7..30f63b80d 100644 --- a/src/charon/config/proposal.h +++ b/src/charon/config/proposal.h @@ -33,7 +33,7 @@ typedef struct proposal_t proposal_t; #include #include #include -#include +#include /** * Protocol ID of a proposal. @@ -65,17 +65,17 @@ extern enum_name_t *extended_sequence_numbers_names; /** * Stores a set of algorithms used for an SA. - * - * A proposal stores algorithms for a specific + * + * A proposal stores algorithms for a specific * protocol. It can store algorithms for one protocol. * Proposals with multiple protocols are not supported, * as it's not specified in RFC4301 anymore. */ struct proposal_t { - + /** * Add an algorithm to the proposal. - * + * * The algorithms are stored by priority, first added * is the most preferred. * Key size is only needed for encryption algorithms @@ -84,27 +84,27 @@ struct proposal_t { * The alg parameter accepts encryption_algorithm_t, * integrity_algorithm_t, dh_group_number_t and * extended_sequence_numbers_t. - * + * * @param type kind of algorithm * @param alg identifier for algorithm * @param key_size key size to use */ void (*add_algorithm) (proposal_t *this, transform_type_t type, u_int16_t alg, u_int16_t key_size); - + /** * Get an enumerator over algorithms for a specifc algo type. - * + * * @param type kind of algorithm * @return enumerator over u_int16_t alg, u_int16_t key_size */ enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type); - + /** * Get the algorithm for a type to use. - * + * * If there are multiple algorithms, only the first is returned. - * + * * @param type kind of algorithm * @param alg pointer which receives algorithm * @param key_size pointer which receives the key size @@ -112,53 +112,54 @@ struct proposal_t { */ bool (*get_algorithm) (proposal_t *this, transform_type_t type, u_int16_t *alg, u_int16_t *key_size); - + /** * Check if the proposal has a specific DH group. - * + * * @param group group to check for * @return TRUE if algorithm included */ bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group); - + /** * Strip DH groups from proposal to use it without PFS. */ - void (*strip_dh)(proposal_t *this); + void (*strip_dh)(proposal_t *this); /** * Compare two proposal, and select a matching subset. - * + * * If the proposals are for the same protocols (AH/ESP), they are * compared. If they have at least one algorithm of each type * in common, a resulting proposal of this kind is created. - * + * * @param other proposal to compair agains + * @param private accepts algorithms allocated in a private range * @return selected proposal, NULL if proposals don't match */ - proposal_t *(*select) (proposal_t *this, proposal_t *other); - + proposal_t *(*select) (proposal_t *this, proposal_t *other, bool private); + /** * Get the protocol ID of the proposal. * * @return protocol of the proposal */ protocol_id_t (*get_protocol) (proposal_t *this); - + /** * Get the SPI of the proposal. - * + * * @return spi for proto */ u_int64_t (*get_spi) (proposal_t *this); - + /** * Set the SPI of the proposal. - * + * * @param spi spi to set for proto */ void (*set_spi) (proposal_t *this, u_int64_t spi); - + /** * Check for the eqality of two proposals. * @@ -166,14 +167,14 @@ struct proposal_t { * @return TRUE if other equal to this */ bool (*equals)(proposal_t *this, proposal_t *other); - + /** * Clone a proposal. - * + * * @return clone of proposal */ proposal_t *(*clone) (proposal_t *this); - + /** * Destroys the proposal object. */ @@ -201,7 +202,7 @@ proposal_t *proposal_create_default(protocol_id_t protocol); * * The string is in the same form as a in the ipsec.conf file. * E.g.: aes128-sha2_256-modp2048 - * 3des-md5 + * 3des-md5 * An additional '!' at the end of the string forces this proposal, * without it the peer may choose another algorithm we support. * @@ -214,10 +215,10 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs /** * printf hook function for proposal_t. * - * Arguments are: - * proposal_t *proposal + * Arguments are: + * proposal_t *proposal * With the #-specifier, arguments are: - * linked_list_t *list containing proposal_t* + * linked_list_t *list containing proposal_t* */ int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); diff --git a/src/charon/config/traffic_selector.c b/src/charon/config/traffic_selector.c deleted file mode 100644 index a8ea10008..000000000 --- a/src/charon/config/traffic_selector.c +++ /dev/null @@ -1,856 +0,0 @@ -/* - * Copyright (C) 2007-2009 Tobias Brunner - * Copyright (C) 2005-2007 Martin Willi - * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include -#include -#include -#include - -#include "traffic_selector.h" - -#include -#include -#include - -ENUM(ts_type_name, TS_IPV4_ADDR_RANGE, TS_IPV6_ADDR_RANGE, - "TS_IPV4_ADDR_RANGE", - "TS_IPV6_ADDR_RANGE", -); - -typedef struct private_traffic_selector_t private_traffic_selector_t; - -/** - * Private data of an traffic_selector_t object - */ -struct private_traffic_selector_t { - - /** - * Public part - */ - traffic_selector_t public; - - /** - * Type of address - */ - ts_type_t type; - - /** - * IP protocol (UDP, TCP, ICMP, ...) - */ - u_int8_t protocol; - - /** - * narrow this traffic selector to hosts external ip - * if set, from and to have no meaning until set_address() is called - */ - bool dynamic; - - /** - * begin of address range, network order - */ - union { - /** dummy char for common address manipulation */ - char from[0]; - /** IPv4 address */ - u_int32_t from4[1]; - /** IPv6 address */ - u_int32_t from6[4]; - }; - - /** - * end of address range, network order - */ - union { - /** dummy char for common address manipulation */ - char to[0]; - /** IPv4 address */ - u_int32_t to4[1]; - /** IPv6 address */ - u_int32_t to6[4]; - }; - - /** - * begin of port range - */ - u_int16_t from_port; - - /** - * end of port range - */ - u_int16_t to_port; -}; - -/** - * calculate to "to"-address for the "from" address and a subnet size - */ -static void calc_range(private_traffic_selector_t *this, u_int8_t netbits) -{ - int byte; - size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; - - /* go through the from address, starting at the tail. While we - * have not processed the bits belonging to the host, set them to 1 on - * the to address. If we reach the bits for the net, copy them from "from". */ - for (byte = size - 1; byte >=0; byte--) - { - u_char mask = 0x00; - int shift; - - shift = (byte+1) * 8 - netbits; - if (shift > 0) - { - mask = 1 << shift; - if (mask != 0xFF) - { - mask--; - } - } - this->to[byte] = this->from[byte] | mask; - } -} - -/** - * calculate to subnet size from "to"- and "from"-address - */ -static u_int8_t calc_netbits(private_traffic_selector_t *this) -{ - int byte, bit; - size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; - - /* go trough all bits of the addresses, beginning in the front. - * as long as they are equal, the subnet gets larger - */ - for (byte = 0; byte < size; byte++) - { - for (bit = 7; bit >= 0; bit--) - { - if ((1<from[byte]) != (1<to[byte])) - { - return ((7 - bit) + (byte * 8)); - } - } - } - /* single host, netmask is 32/128 */ - return (size * 8); -} - -/** - * internal generic constructor - */ -static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port); - -/** - * Described in header. - */ -int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, - const void *const *args) -{ - private_traffic_selector_t *this = *((private_traffic_selector_t**)(args[0])); - linked_list_t *list = *((linked_list_t**)(args[0])); - iterator_t *iterator; - char addr_str[INET6_ADDRSTRLEN] = ""; - char *serv_proto = NULL; - u_int8_t mask; - bool has_proto; - bool has_ports; - size_t written = 0; - u_int32_t from[4], to[4]; - - if (this == NULL) - { - return print_in_hook(dst, len, "(null)"); - } - - if (spec->hash) - { - iterator = list->create_iterator(list, TRUE); - while (iterator->iterate(iterator, (void**)&this)) - { - /* call recursivly */ - written += print_in_hook(dst, len, "%R ", this); - } - iterator->destroy(iterator); - return written; - } - - memset(from, 0, sizeof(from)); - memset(to, 0xFF, sizeof(to)); - if (this->dynamic && - memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) && - memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16)) - { - written += print_in_hook(dst, len, "dynamic"); - } - else - { - if (this->type == TS_IPV4_ADDR_RANGE) - { - inet_ntop(AF_INET, &this->from4, addr_str, sizeof(addr_str)); - } - else - { - inet_ntop(AF_INET6, &this->from6, addr_str, sizeof(addr_str)); - } - mask = calc_netbits(this); - written += print_in_hook(dst, len, "%s/%d", addr_str, mask); - } - - /* check if we have protocol and/or port selectors */ - has_proto = this->protocol != 0; - has_ports = !(this->from_port == 0 && this->to_port == 0xFFFF); - - if (!has_proto && !has_ports) - { - return written; - } - - written += print_in_hook(dst, len, "["); - - /* build protocol string */ - if (has_proto) - { - struct protoent *proto = getprotobynumber(this->protocol); - - if (proto) - { - written += print_in_hook(dst, len, "%s", proto->p_name); - serv_proto = proto->p_name; - } - else - { - written += print_in_hook(dst, len, "%d", this->protocol); - } - } - - if (has_proto && has_ports) - { - written += print_in_hook(dst, len, "/"); - } - - /* build port string */ - if (has_ports) - { - if (this->from_port == this->to_port) - { - struct servent *serv = getservbyport(htons(this->from_port), serv_proto); - - if (serv) - { - written += print_in_hook(dst, len, "%s", serv->s_name); - } - else - { - written += print_in_hook(dst, len, "%d", this->from_port); - } - } - else - { - written += print_in_hook(dst, len, "%d-%d", this->from_port, this->to_port); - } - } - - written += print_in_hook(dst, len, "]"); - - return written; -} - -/** - * implements traffic_selector_t.get_subset - */ -static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_traffic_selector_t *other) -{ - if (this->type == other->type && (this->protocol == other->protocol || - this->protocol == 0 || other->protocol == 0)) - { - u_int16_t from_port, to_port; - u_char *from, *to; - u_int8_t protocol; - size_t size; - private_traffic_selector_t *new_ts; - - /* calculate the maximum port range allowed for both */ - from_port = max(this->from_port, other->from_port); - to_port = min(this->to_port, other->to_port); - if (from_port > to_port) - { - return NULL; - } - /* select protocol, which is not zero */ - protocol = max(this->protocol, other->protocol); - - switch (this->type) - { - case TS_IPV4_ADDR_RANGE: - size = sizeof(this->from4); - break; - case TS_IPV6_ADDR_RANGE: - size = sizeof(this->from6); - break; - default: - return NULL; - } - - /* get higher from-address */ - if (memcmp(this->from, other->from, size) > 0) - { - from = this->from; - } - else - { - from = other->from; - } - /* get lower to-address */ - if (memcmp(this->to, other->to, size) > 0) - { - to = other->to; - } - else - { - to = this->to; - } - /* if "from" > "to", we don't have a match */ - if (memcmp(from, to, size) > 0) - { - return NULL; - } - - /* we have a match in protocol, port, and address: return it... */ - new_ts = traffic_selector_create(protocol, this->type, from_port, to_port); - new_ts->type = this->type; - new_ts->dynamic = this->dynamic || other->dynamic; - memcpy(new_ts->from, from, size); - memcpy(new_ts->to, to, size); - - return &new_ts->public; - } - return NULL; -} - -/** - * implements traffic_selector_t.equals - */ -static bool equals(private_traffic_selector_t *this, private_traffic_selector_t *other) -{ - if (this->type != other->type) - { - return FALSE; - } - if (!(this->from_port == other->from_port && - this->to_port == other->to_port && - this->protocol == other->protocol)) - { - return FALSE; - } - switch (this->type) - { - case TS_IPV4_ADDR_RANGE: - if (memeq(this->from4, other->from4, sizeof(this->from4))) - { - return TRUE; - } - break; - case TS_IPV6_ADDR_RANGE: - if (memeq(this->from6, other->from6, sizeof(this->from6))) - { - return TRUE; - } - break; - default: - break; - } - return FALSE; -} - -/** - * Implements traffic_selector_t.get_from_address. - */ -static chunk_t get_from_address(private_traffic_selector_t *this) -{ - switch (this->type) - { - case TS_IPV4_ADDR_RANGE: - return chunk_create(this->from, sizeof(this->from4)); - case TS_IPV6_ADDR_RANGE: - return chunk_create(this->from, sizeof(this->from6)); - default: - return chunk_empty; - } -} - -/** - * Implements traffic_selector_t.get_to_address. - */ -static chunk_t get_to_address(private_traffic_selector_t *this) -{ - switch (this->type) - { - case TS_IPV4_ADDR_RANGE: - return chunk_create(this->to, sizeof(this->to4)); - case TS_IPV6_ADDR_RANGE: - return chunk_create(this->to, sizeof(this->to6)); - default: - return chunk_empty; - } -} - -/** - * Implements traffic_selector_t.get_from_port. - */ -static u_int16_t get_from_port(private_traffic_selector_t *this) -{ - return this->from_port; -} - -/** - * Implements traffic_selector_t.get_to_port. - */ -static u_int16_t get_to_port(private_traffic_selector_t *this) -{ - return this->to_port; -} - -/** - * Implements traffic_selector_t.get_type. - */ -static ts_type_t get_type(private_traffic_selector_t *this) -{ - return this->type; -} - -/** - * Implements traffic_selector_t.get_protocol. - */ -static u_int8_t get_protocol(private_traffic_selector_t *this) -{ - return this->protocol; -} - -/** - * Implements traffic_selector_t.is_host. - */ -static bool is_host(private_traffic_selector_t *this, host_t *host) -{ - if (host) - { - chunk_t addr; - int family = host->get_family(host); - - if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) || - (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE)) - { - addr = host->get_address(host); - if (memeq(addr.ptr, this->from, addr.len) && - memeq(addr.ptr, this->to, addr.len)) - { - return TRUE; - } - } - } - else - { - size_t length = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; - - if (this->dynamic) - { - return TRUE; - } - - if (memeq(this->from, this->to, length)) - { - return TRUE; - } - } - return FALSE; -} - -/** - * Implementation of traffic_selector_t.is_dynamic - */ -static bool is_dynamic(private_traffic_selector_t *this) -{ - return this->dynamic; -} - -/** - * Implements traffic_selector_t.set_address. - */ -static void set_address(private_traffic_selector_t *this, host_t *host) -{ - if (this->dynamic) - { - this->type = host->get_family(host) == AF_INET ? - TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE; - - if (host->is_anyaddr(host)) - { - memset(this->from6, 0x00, sizeof(this->from6)); - memset(this->to6, 0xFF, sizeof(this->to6)); - } - else - { - chunk_t from = host->get_address(host); - memcpy(this->from, from.ptr, from.len); - memcpy(this->to, from.ptr, from.len); - } - } -} - -/** - * Implements traffic_selector_t.is_contained_in. - */ -static bool is_contained_in(private_traffic_selector_t *this, - private_traffic_selector_t *other) -{ - private_traffic_selector_t *subset; - bool contained_in = FALSE; - - subset = (private_traffic_selector_t*)get_subset(this, other); - - if (subset) - { - if (equals(subset, this)) - { - contained_in = TRUE; - } - free(subset); - } - return contained_in; -} - -/** - * Implements traffic_selector_t.includes. - */ -static bool includes(private_traffic_selector_t *this, host_t *host) -{ - chunk_t addr; - int family = host->get_family(host); - - if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) || - (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE)) - { - addr = host->get_address(host); - - return memcmp(this->from, addr.ptr, addr.len) <= 0 && - memcmp(this->to, addr.ptr, addr.len) >= 0; - } - - return FALSE; -} - -/** - * Implements traffic_selector_t.to_subnet. - */ -static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *mask) -{ - /* there is no way to do this cleanly, as the address range may - * be anything else but a subnet. We use from_addr as subnet - * and try to calculate a usable subnet mask. - */ - int family, byte; - u_int16_t port = 0; - chunk_t net_chunk; - - *mask = calc_netbits(this); - - switch (this->type) - { - case TS_IPV4_ADDR_RANGE: - { - family = AF_INET; - net_chunk.len = sizeof(this->from4); - break; - } - case TS_IPV6_ADDR_RANGE: - { - family = AF_INET6; - net_chunk.len = sizeof(this->from6); - break; - } - default: - { - /* unreachable */ - return; - } - } - - net_chunk.ptr = malloc(net_chunk.len); - memcpy(net_chunk.ptr, this->from, net_chunk.len); - - for (byte = net_chunk.len - 1; byte >= (*mask / 8); --byte) - { - int shift = (byte + 1) * 8 - *mask; - net_chunk.ptr[byte] = net_chunk.ptr[byte] & (0xFF << shift); - } - - if (this->to_port == this->from_port) - { - port = this->to_port; - } - - *net = host_create_from_chunk(family, net_chunk, port); - chunk_free(&net_chunk); -} - -/** - * Implements traffic_selector_t.clone. - */ -static traffic_selector_t *clone_(private_traffic_selector_t *this) -{ - private_traffic_selector_t *clone; - - clone = traffic_selector_create(this->protocol, this->type, - this->from_port, this->to_port); - - clone->dynamic = this->dynamic; - switch (clone->type) - { - case TS_IPV4_ADDR_RANGE: - { - memcpy(clone->from4, this->from4, sizeof(this->from4)); - memcpy(clone->to4, this->to4, sizeof(this->to4)); - return &clone->public; - } - case TS_IPV6_ADDR_RANGE: - { - memcpy(clone->from6, this->from6, sizeof(this->from6)); - memcpy(clone->to6, this->to6, sizeof(this->to6)); - return &clone->public; - } - default: - { - /* unreachable */ - return &clone->public; - } - } -} - -/** - * Implements traffic_selector_t.destroy. - */ -static void destroy(private_traffic_selector_t *this) -{ - free(this); -} - -/* - * see header - */ -traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, - ts_type_t type, - chunk_t from, u_int16_t from_port, - chunk_t to, u_int16_t to_port) -{ - private_traffic_selector_t *this = traffic_selector_create(protocol, type, - from_port, to_port); - - switch (type) - { - case TS_IPV4_ADDR_RANGE: - { - if (from.len != 4 || to.len != 4) - { - free(this); - return NULL; - } - memcpy(this->from4, from.ptr, from.len); - memcpy(this->to4, to.ptr, to.len); - break; - } - case TS_IPV6_ADDR_RANGE: - { - if (from.len != 16 || to.len != 16) - { - free(this); - return NULL; - } - memcpy(this->from6, from.ptr, from.len); - memcpy(this->to6, to.ptr, to.len); - break; - } - default: - { - free(this); - return NULL; - } - } - return (&this->public); -} - -/* - * see header - */ -traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, - u_int8_t netbits, u_int8_t protocol, u_int16_t port) -{ - private_traffic_selector_t *this = traffic_selector_create(protocol, 0, 0, 65535); - - switch (net->get_family(net)) - { - case AF_INET: - { - chunk_t from; - - this->type = TS_IPV4_ADDR_RANGE; - from = net->get_address(net); - memcpy(this->from4, from.ptr, from.len); - if (this->from4[0] == 0) - { - /* use /0 for 0.0.0.0 */ - this->to4[0] = ~0; - } - else - { - calc_range(this, netbits); - } - break; - } - case AF_INET6: - { - chunk_t from; - - this->type = TS_IPV6_ADDR_RANGE; - from = net->get_address(net); - memcpy(this->from6, from.ptr, from.len); - if (this->from6[0] == 0 && this->from6[1] == 0 && - this->from6[2] == 0 && this->from6[3] == 0) - { - /* use /0 for ::0 */ - this->to6[0] = ~0; - this->to6[1] = ~0; - this->to6[2] = ~0; - this->to6[3] = ~0; - } - else - { - calc_range(this, netbits); - } - break; - } - default: - { - net->destroy(net); - free(this); - return NULL; - } - } - if (port) - { - this->from_port = port; - this->to_port = port; - } - net->destroy(net); - return (&this->public); -} - -/* - * see header - */ -traffic_selector_t *traffic_selector_create_from_string( - u_int8_t protocol, ts_type_t type, - char *from_addr, u_int16_t from_port, - char *to_addr, u_int16_t to_port) -{ - private_traffic_selector_t *this = traffic_selector_create(protocol, type, - from_port, to_port); - - this->type = type; - switch (type) - { - case TS_IPV4_ADDR_RANGE: - { - if (inet_pton(AF_INET, from_addr, (struct in_addr*)this->from4) < 0) - { - free(this); - return NULL; - } - if (inet_pton(AF_INET, to_addr, (struct in_addr*)this->to4) < 0) - { - free(this); - return NULL; - } - break; - } - case TS_IPV6_ADDR_RANGE: - { - if (inet_pton(AF_INET6, from_addr, (struct in6_addr*)this->from6) < 0) - { - free(this); - return NULL; - } - if (inet_pton(AF_INET6, to_addr, (struct in6_addr*)this->to6) < 0) - { - free(this); - return NULL; - } - break; - } - } - return (&this->public); -} - -/* - * see header - */ -traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port) -{ - private_traffic_selector_t *this = traffic_selector_create( - protocol, TS_IPV4_ADDR_RANGE, from_port, to_port); - - memset(this->from6, 0, sizeof(this->from6)); - memset(this->to6, 0xFF, sizeof(this->to6)); - - this->dynamic = TRUE; - - return &this->public; -} - -/* - * see declaration - */ -static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, - ts_type_t type, u_int16_t from_port, u_int16_t to_port) -{ - private_traffic_selector_t *this = malloc_thing(private_traffic_selector_t); - - /* public functions */ - this->public.get_subset = (traffic_selector_t*(*)(traffic_selector_t*,traffic_selector_t*))get_subset; - this->public.equals = (bool(*)(traffic_selector_t*,traffic_selector_t*))equals; - this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address; - this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address; - this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port; - this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port; - this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type; - this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol; - this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host; - this->public.is_dynamic = (bool(*)(traffic_selector_t*))is_dynamic; - this->public.is_contained_in = (bool(*)(traffic_selector_t*,traffic_selector_t*))is_contained_in; - this->public.includes = (bool(*)(traffic_selector_t*,host_t*))includes; - this->public.set_address = (void(*)(traffic_selector_t*,host_t*))set_address; - this->public.to_subnet = (void(*)(traffic_selector_t*,host_t**,u_int8_t*))to_subnet; - this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_; - this->public.destroy = (void(*)(traffic_selector_t*))destroy; - - this->from_port = from_port; - this->to_port = to_port; - this->protocol = protocol; - this->type = type; - this->dynamic = FALSE; - - return this; -} - diff --git a/src/charon/config/traffic_selector.h b/src/charon/config/traffic_selector.h deleted file mode 100644 index a57da43a8..000000000 --- a/src/charon/config/traffic_selector.h +++ /dev/null @@ -1,304 +0,0 @@ -/* - * Copyright (C) 2007 Tobias Brunner - * Copyright (C) 2005-2006 Martin Willi - * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup traffic_selector traffic_selector - * @{ @ingroup config - */ - -#ifndef TRAFFIC_SELECTOR_H_ -#define TRAFFIC_SELECTOR_H_ - -typedef enum ts_type_t ts_type_t; -typedef struct traffic_selector_t traffic_selector_t; - -#include -#include - -/** - * Traffic selector types. - */ -enum ts_type_t { - - /** - * A range of IPv4 addresses, represented by two four (4) octet - * values. The first value is the beginning IPv4 address - * (inclusive) and the second value is the ending IPv4 address - * (inclusive). All addresses falling between the two specified - * addresses are considered to be within the list. - */ - TS_IPV4_ADDR_RANGE = 7, - - /** - * A range of IPv6 addresses, represented by two sixteen (16) - * octet values. The first value is the beginning IPv6 address - * (inclusive) and the second value is the ending IPv6 address - * (inclusive). All addresses falling between the two specified - * addresses are considered to be within the list. - */ - TS_IPV6_ADDR_RANGE = 8 -}; - -/** - * enum names for ts_type_t - */ -extern enum_name_t *ts_type_name; - -/** - * Object representing a traffic selector entry. - * - * A traffic selector defines an range of addresses - * and a range of ports. IPv6 is not fully supported yet. - */ -struct traffic_selector_t { - - /** - * Compare two traffic selectors, and create a new one - * which is the largest subset of both (subnet & port). - * - * Resulting traffic_selector is newly created and must be destroyed. - * - * @param other traffic selector to compare - * @return - * - created subset of them - * - or NULL if no match between this and other - */ - traffic_selector_t *(*get_subset) (traffic_selector_t *this, - traffic_selector_t *other); - - /** - * Clone a traffic selector. - * - * @return clone of it - */ - traffic_selector_t *(*clone) (traffic_selector_t *this); - - /** - * Get starting address of this ts as a chunk. - * - * Chunk is in network order and points to internal data. - * - * @return chunk containing the address - */ - chunk_t (*get_from_address) (traffic_selector_t *this); - - /** - * Get ending address of this ts as a chunk. - * - * Chunk is in network order and points to internal data. - * - * @return chunk containing the address - */ - chunk_t (*get_to_address) (traffic_selector_t *this); - - /** - * Get starting port of this ts. - * - * Port is in host order, since the parser converts it. - * Size depends on protocol. - * - * @return port - */ - u_int16_t (*get_from_port) (traffic_selector_t *this); - - /** - * Get ending port of this ts. - * - * Port is in host order, since the parser converts it. - * Size depends on protocol. - * - * @return port - */ - u_int16_t (*get_to_port) (traffic_selector_t *this); - - /** - * Get the type of the traffic selector. - * - * @return ts_type_t specifying the type - */ - ts_type_t (*get_type) (traffic_selector_t *this); - - /** - * Get the protocol id of this ts. - * - * @return protocol id - */ - u_int8_t (*get_protocol) (traffic_selector_t *this); - - /** - * Check if the traffic selector is for a single host. - * - * Traffic selector may describe the end of *-to-host tunnel. In this - * case, the address range is a single address equal to the hosts - * peer address. - * If host is NULL, the traffic selector is checked if it is a single host, - * but not a specific one. - * - * @param host host_t specifying the address range - */ - bool (*is_host) (traffic_selector_t *this, host_t* host); - - /** - * Check if a traffic selector has been created by create_dynamic(). - * - * @return TRUE if TS is dynamic - */ - bool (*is_dynamic)(traffic_selector_t *this); - - /** - * Update the address of a traffic selector. - * - * Update the address range of a traffic selector, if it is - * constructed with the traffic_selector_create_dynamic(). - * - * @param host host_t specifying the address - */ - void (*set_address) (traffic_selector_t *this, host_t* host); - - /** - * Compare two traffic selectors for equality. - * - * @param other ts to compare with this - * @return TRUE if equal, FALSE otherwise - */ - bool (*equals) (traffic_selector_t *this, traffic_selector_t *other); - - /** - * Check if a traffic selector is contained completly in another. - * - * contains() allows to check if multiple traffic selectors are redundant. - * - * @param other ts that contains this - * @return TRUE if other contains this completly, FALSE otherwise - */ - bool (*is_contained_in) (traffic_selector_t *this, traffic_selector_t *other); - - /** - * Check if a specific host is included in the address range of - * this traffic selector. - * - * @param host the host to check - */ - bool (*includes) (traffic_selector_t *this, host_t *host); - - /** - * Convert a traffic selector address range to a subnet - * and its net mask. - * If from and to ports of this traffic selector are equal, - * the port of the returned host_t is set to that port. - * - * @param net converted subnet (has to be freed) - * @param mask converted net mask - */ - void (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask); - - /** - * Destroys the ts object - */ - void (*destroy) (traffic_selector_t *this); -}; - -/** - * Create a new traffic selector using human readable params. - * - * @param protocol protocol for this ts, such as TCP or UDP - * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE - * @param from_addr start of address range as string - * @param from_port port number in host order - * @param to_addr end of address range as string - * @param to_port port number in host order - * @return - * - traffic_selector_t object - * - NULL if invalid address strings/protocol - */ -traffic_selector_t *traffic_selector_create_from_string( - u_int8_t protocol, ts_type_t type, - char *from_addr, u_int16_t from_port, - char *to_addr, u_int16_t to_port); - -/** - * Create a new traffic selector using data read from the net. - * - * There exists a mix of network and host order in the params. - * But the parser gives us this data in this format, so we - * don't have to convert twice. - * - * @param protocol protocol for this ts, such as TCP or UDP - * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE - * @param from_address start of address range, network order - * @param from_port port number, host order - * @param to_address end of address range, network order - * @param to_port port number, host order - * @return traffic_selector_t object - */ -traffic_selector_t *traffic_selector_create_from_bytes( - u_int8_t protocol, ts_type_t type, - chunk_t from_address, u_int16_t from_port, - chunk_t to_address, u_int16_t to_port); - -/** - * Create a new traffic selector defining a whole subnet. - * - * In most cases, definition of a traffic selector for full subnets - * is sufficient. This constructor creates a traffic selector for - * all protocols, all ports and the address range specified by the - * subnet. - * Additionally, a protocol and a port may be specified. Port ranges - * are not supported via this constructor. - * - * @param net subnet to use - * @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation - * @param protocol protocol for this ts, such as TCP or UDP - * @param port port number, host order - * @return - * - traffic_selector_t object - * - NULL if address family of net not supported - */ -traffic_selector_t *traffic_selector_create_from_subnet( - host_t *net, u_int8_t netbits, - u_int8_t protocol, u_int16_t port); - -/** - * Create a traffic selector for host-to-host cases. - * - * For host2host or virtual IP setups, the traffic selectors gets - * created at runtime using the external/virtual IP. Using this constructor, - * a call to set_address() sets this traffic selector to the supplied host. - * - * - * @param protocol upper layer protocl to allow - * @param from_port start of allowed port range - * @param to_port end of range - * @return - * - traffic_selector_t object - * - NULL if type not supported - */ -traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port); - -/** - * printf hook function for traffic_selector_t. - * - * Arguments are: - * traffic_selector_t *ts - * With the #-specifier, arguments are: - * linked_list_t *list containing traffic_selector_t* - */ -int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, - const void *const *args); - -#endif /** TRAFFIC_SELECTOR_H_ @}*/ diff --git a/src/charon/control/controller.c b/src/charon/control/controller.c index 021cb4fdd..94c64028c 100644 --- a/src/charon/control/controller.c +++ b/src/charon/control/controller.c @@ -47,42 +47,42 @@ struct interface_listener_t { * public bus listener interface */ listener_t public; - + /** * status of the operation, return to method callers */ status_t status; - + /** * interface callback (listener gets redirected to here) */ controller_cb_t callback; - + /** * user parameter to pass to callback */ void *param; - + /** * child configuration, used for initiate */ child_cfg_t *child_cfg; - + /** * peer configuration, used for initiate */ peer_cfg_t *peer_cfg; - + /** * IKE_SA to handle */ ike_sa_t *ike_sa; - + /** * CHILD_SA to handle */ child_sa_t *child_sa; - + /** * unique ID, used for various methods */ @@ -92,17 +92,17 @@ struct interface_listener_t { typedef struct interface_job_t interface_job_t; -/** +/** * job for asynchronous listen operations */ struct interface_job_t { - /** - * job interface + /** + * job interface */ job_t public; - - /** - * associated listener + + /** + * associated listener */ interface_listener_t listener; }; @@ -138,7 +138,7 @@ static bool listener_ike_state(interface_listener_t *this, ike_sa_t *ike_sa, case IKE_ESTABLISHED: { /* mediation connections are complete without CHILD_SA */ peer_cfg_t *peer_cfg = ike_sa->get_peer_cfg(ike_sa); - + if (peer_cfg->is_mediation(peer_cfg)) { this->status = SUCCESS; @@ -219,17 +219,17 @@ static status_t initiate_execute(interface_job_t *job) ike_sa_t *ike_sa; interface_listener_t *listener = &job->listener; peer_cfg_t *peer_cfg = listener->peer_cfg; - + ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, peer_cfg); listener->ike_sa = ike_sa; - + if (ike_sa->get_peer_cfg(ike_sa) == NULL) { ike_sa->set_peer_cfg(ike_sa, peer_cfg); } peer_cfg->destroy(peer_cfg); - + if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS) { charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); @@ -279,9 +279,9 @@ static status_t terminate_ike_execute(interface_job_t *job) { interface_listener_t *listener = &job->listener; ike_sa_t *ike_sa = listener->ike_sa; - + charon->bus->set_sa(charon->bus, ike_sa); - + if (ike_sa->delete(ike_sa) != DESTROY_ME) { charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); @@ -295,7 +295,7 @@ static status_t terminate_ike_execute(interface_job_t *job) /** * Implementation of controller_t.terminate_ike. */ -static status_t terminate_ike(controller_t *this, u_int32_t unique_id, +static status_t terminate_ike(controller_t *this, u_int32_t unique_id, controller_cb_t callback, void *param) { ike_sa_t *ike_sa; @@ -316,7 +316,7 @@ static status_t terminate_ike(controller_t *this, u_int32_t unique_id, .destroy = (void*)recheckin, }, }; - + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, unique_id, FALSE); if (ike_sa == NULL) @@ -325,7 +325,7 @@ static status_t terminate_ike(controller_t *this, u_int32_t unique_id, return NOT_FOUND; } job.listener.ike_sa = ike_sa; - + if (callback == NULL) { return terminate_ike_execute(&job); @@ -342,7 +342,7 @@ static status_t terminate_child_execute(interface_job_t *job) interface_listener_t *listener = &job->listener; ike_sa_t *ike_sa = listener->ike_sa; child_sa_t *child_sa = listener->child_sa; - + charon->bus->set_sa(charon->bus, ike_sa); if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa), child_sa->get_spi(child_sa, TRUE)) != DESTROY_ME) @@ -357,7 +357,7 @@ static status_t terminate_child_execute(interface_job_t *job) /** * Implementation of controller_t.terminate_child. */ -static status_t terminate_child(controller_t *this, u_int32_t reqid, +static status_t terminate_child(controller_t *this, u_int32_t reqid, controller_cb_t callback, void *param) { ike_sa_t *ike_sa; @@ -380,9 +380,9 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid, .destroy = (void*)recheckin, }, }; - + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, - reqid, TRUE); + reqid, TRUE); if (ike_sa == NULL) { DBG1(DBG_IKE, "unable to terminate, CHILD_SA with ID %d not found", @@ -390,7 +390,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid, return NOT_FOUND; } job.listener.ike_sa = ike_sa; - + iterator = ike_sa->create_child_sa_iterator(ike_sa); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -402,7 +402,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid, child_sa = NULL; } iterator->destroy(iterator); - + if (child_sa == NULL) { DBG1(DBG_IKE, "unable to terminate, established " @@ -443,13 +443,13 @@ static void destroy(private_controller_t *this) controller_t *controller_create(void) { private_controller_t *this = malloc_thing(private_controller_t); - + this->public.create_ike_sa_enumerator = (enumerator_t*(*)(controller_t*))create_ike_sa_enumerator; this->public.initiate = (status_t(*)(controller_t*,peer_cfg_t*,child_cfg_t*,controller_cb_t,void*))initiate; this->public.terminate_ike = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void*))terminate_ike; this->public.terminate_child = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void *param))terminate_child; this->public.destroy = (void (*)(controller_t*))destroy; - + return &this->public; } diff --git a/src/charon/control/controller.h b/src/charon/control/controller.h index 3c928d2ea..31b69c78c 100644 --- a/src/charon/control/controller.h +++ b/src/charon/control/controller.h @@ -95,7 +95,7 @@ struct controller_t { * Terminate an IKE_SA and all of its CHILD_SAs. * * The terminate() function is synchronous and thus blocks until the - * IKE_SA is properly deleted, or the delete timed out. + * IKE_SA is properly deleted, or the delete timed out. * The terminate() function contains a thread cancellation point. * * @param unique_id unique id of the IKE_SA to terminate. @@ -106,9 +106,9 @@ struct controller_t { * - NOT_FOUND, if no such CHILD_SA found * - NEED_MORE, if callback returned FALSE */ - status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id, + status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id, controller_cb_t callback, void *param); - + /** * Terminate a CHILD_SA. * @@ -120,9 +120,9 @@ struct controller_t { * - NOT_FOUND, if no such CHILD_SA found * - NEED_MORE, if callback returned FALSE */ - status_t (*terminate_child)(controller_t *this, u_int32_t reqid, + status_t (*terminate_child)(controller_t *this, u_int32_t reqid, controller_cb_t callback, void *param); - + /** * Destroy a controller_t instance. */ @@ -132,7 +132,7 @@ struct controller_t { /** * Creates a controller instance. - * + * * @return controller_t object */ controller_t *controller_create(void); diff --git a/src/charon/credentials/credential_manager.c b/src/charon/credentials/credential_manager.c index 0967cbc81..adea0b4be 100644 --- a/src/charon/credentials/credential_manager.c +++ b/src/charon/credentials/credential_manager.c @@ -13,12 +13,12 @@ * for more details. */ -#include - #include "credential_manager.h" #include -#include +#include +#include +#include #include #include #include @@ -28,8 +28,6 @@ #include #include -#define MAX_CA_LEVELS 6 - typedef struct private_credential_manager_t private_credential_manager_t; /** @@ -41,31 +39,36 @@ struct private_credential_manager_t { * public functions */ credential_manager_t public; - + /** * list of credential sets */ linked_list_t *sets; - + /** * thread local set of credentials, linked_list_t with credential_set_t's */ - pthread_key_t local_sets; - + thread_value_t *local_sets; + /** * trust relationship and certificate cache */ cert_cache_t *cache; - + /** * certificates queued for persistent caching */ linked_list_t *cache_queue; - + /** * read-write lock to sets list */ rwlock_t *lock; + + /** + * mutex for cache queue + */ + mutex_t *queue_mutex; }; /** data to pass to create_private_enumerator */ @@ -149,12 +152,12 @@ static enumerator_t *create_sets_enumerator(private_credential_manager_t *this) { linked_list_t *local; sets_enumerator_t *enumerator = malloc_thing(sets_enumerator_t); - + enumerator->public.enumerate = (void*)sets_enumerator_enumerate; enumerator->public.destroy = (void*)sets_enumerator_destroy; enumerator->global = this->sets->create_enumerator(this->sets); enumerator->local = NULL; - local = pthread_getspecific(this->local_sets); + local = this->local_sets->get(this->local_sets); if (local) { enumerator->local = local->create_enumerator(local); @@ -176,7 +179,7 @@ static void destroy_cert_data(cert_data_t *data) */ static enumerator_t *create_cert(credential_set_t *set, cert_data_t *data) { - return set->create_cert_enumerator(set, data->cert, data->key, + return set->create_cert_enumerator(set, data->cert, data->key, data->id, data->trusted); } @@ -193,7 +196,7 @@ static enumerator_t *create_cert_enumerator(private_credential_manager_t *this, data->key = key; data->id = id; data->trusted = trusted; - + this->lock->read_lock(this->lock); return enumerator_create_nested(create_sets_enumerator(this), (void*)create_cert, data, @@ -209,7 +212,7 @@ static certificate_t *get_cert(private_credential_manager_t *this, { certificate_t *current, *found = NULL; enumerator_t *enumerator; - + enumerator = create_cert_enumerator(this, cert, key, id, trusted); if (enumerator->enumerate(enumerator, ¤t)) { @@ -247,7 +250,7 @@ static enumerator_t * create_cdp_enumerator(private_credential_manager_t *this, data->this = this; data->type = type; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_nested(create_sets_enumerator(this), (void*)create_cdp, data, @@ -276,10 +279,10 @@ static enumerator_t *create_private(credential_set_t *set, private_data_t *data) */ static enumerator_t* create_private_enumerator( private_credential_manager_t *this, - key_type_t key, identification_t *keyid) + key_type_t key, identification_t *keyid) { private_data_t *data; - + data = malloc_thing(private_data_t); data->this = this; data->type = key; @@ -292,13 +295,13 @@ static enumerator_t* create_private_enumerator( /** * Implementation of credential_manager_t.get_private_by_keyid. - */ + */ static private_key_t *get_private_by_keyid(private_credential_manager_t *this, - key_type_t key, identification_t *keyid) + key_type_t key, identification_t *keyid) { private_key_t *found = NULL; enumerator_t *enumerator; - + enumerator = create_private_enumerator(this, key, keyid); if (enumerator->enumerate(enumerator, &found)) { @@ -328,7 +331,7 @@ static enumerator_t *create_shared(credential_set_t *set, shared_data_t *data) /** * Implementation of credential_manager_t.create_shared_enumerator. */ -static enumerator_t *create_shared_enumerator(private_credential_manager_t *this, +static enumerator_t *create_shared_enumerator(private_credential_manager_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { @@ -337,16 +340,16 @@ static enumerator_t *create_shared_enumerator(private_credential_manager_t *this data->type = type; data->me = me; data->other = other; - + this->lock->read_lock(this->lock); return enumerator_create_nested(create_sets_enumerator(this), - (void*)create_shared, data, + (void*)create_shared, data, (void*)destroy_shared_data); } /** * Implementation of credential_manager_t.get_shared. - */ + */ static shared_key_t *get_shared(private_credential_manager_t *this, shared_key_type_t type, identification_t *me, identification_t *other) @@ -355,7 +358,7 @@ static shared_key_t *get_shared(private_credential_manager_t *this, id_match_t *best_me = ID_MATCH_NONE, *best_other = ID_MATCH_NONE; id_match_t *match_me, *match_other; enumerator_t *enumerator; - + enumerator = create_shared_enumerator(this, type, me, other); while (enumerator->enumerate(enumerator, ¤t, &match_me, &match_other)) { @@ -380,11 +383,11 @@ static void add_local_set(private_credential_manager_t *this, { linked_list_t *sets; - sets = pthread_getspecific(this->local_sets); + sets = this->local_sets->get(this->local_sets); if (!sets) { /* first invocation */ sets = linked_list_create(); - pthread_setspecific(this->local_sets, sets); + this->local_sets->set(this->local_sets, sets); } sets->insert_last(sets, set); } @@ -396,8 +399,8 @@ static void remove_local_set(private_credential_manager_t *this, credential_set_t *set) { linked_list_t *sets; - - sets = pthread_getspecific(this->local_sets); + + sets = this->local_sets->get(this->local_sets); sets->remove(sets, set, NULL); } @@ -408,7 +411,7 @@ static void cache_cert(private_credential_manager_t *this, certificate_t *cert) { credential_set_t *set; enumerator_t *enumerator; - + if (this->lock->try_write_lock(this->lock)) { enumerator = this->sets->create_enumerator(this->sets); @@ -417,13 +420,14 @@ static void cache_cert(private_credential_manager_t *this, certificate_t *cert) set->cache_cert(set, cert); } enumerator->destroy(enumerator); + this->lock->unlock(this->lock); } else { /* we can't cache now as other threads are active, queue for later */ - this->lock->read_lock(this->lock); + this->queue_mutex->lock(this->queue_mutex); this->cache_queue->insert_last(this->cache_queue, cert->get_ref(cert)); + this->queue_mutex->unlock(this->queue_mutex); } - this->lock->unlock(this->lock); } /** @@ -434,7 +438,8 @@ static void cache_queue(private_credential_manager_t *this) credential_set_t *set; certificate_t *cert; enumerator_t *enumerator; - + + this->queue_mutex->lock(this->queue_mutex); if (this->cache_queue->get_count(this->cache_queue) > 0 && this->lock->try_write_lock(this->lock)) { @@ -451,10 +456,11 @@ static void cache_queue(private_credential_manager_t *this) } this->lock->unlock(this->lock); } + this->queue_mutex->unlock(this->queue_mutex); } /** - * forward declaration + * forward declaration */ static enumerator_t *create_trusted_enumerator(private_credential_manager_t *this, key_type_t type, identification_t *id, bool crl, bool ocsp); @@ -467,7 +473,7 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url, { certificate_t *request, *response; chunk_t send, receive; - + /* TODO: requestor name, signature */ request = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, @@ -478,12 +484,12 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url, DBG1(DBG_CFG, "generating ocsp request failed"); return NULL; } - + send = request->get_encoding(request); request->destroy(request); DBG1(DBG_CFG, " requesting ocsp status from '%s' ...", url); - if (lib->fetcher->fetch(lib->fetcher, url, &receive, + if (lib->fetcher->fetch(lib->fetcher, url, &receive, FETCH_REQUEST_DATA, send, FETCH_REQUEST_TYPE, "application/ocsp-request", FETCH_END) != SUCCESS) @@ -493,7 +499,7 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url, return NULL; } chunk_free(&send); - + response = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, BUILD_BLOB_ASN1_DER, receive, BUILD_END); @@ -507,9 +513,9 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url, } /** - * check the signature of an OCSP response + * check the signature of an OCSP response */ -static bool verify_ocsp(private_credential_manager_t *this, +static bool verify_ocsp(private_credential_manager_t *this, ocsp_response_t *response) { certificate_t *issuer, *subject; @@ -520,7 +526,7 @@ static bool verify_ocsp(private_credential_manager_t *this, wrapper = ocsp_response_wrapper_create((ocsp_response_t*)response); add_local_set(this, &wrapper->set); - + subject = &response->certificate; responder = subject->get_issuer(subject); enumerator = create_trusted_enumerator(this, KEY_ANY, responder, FALSE, FALSE); @@ -529,13 +535,13 @@ static bool verify_ocsp(private_credential_manager_t *this, if (this->cache->issued_by(this->cache, subject, issuer)) { DBG1(DBG_CFG, " ocsp response correctly signed by \"%Y\"", - issuer->get_subject(issuer)); + issuer->get_subject(issuer)); verified = TRUE; break; } } enumerator->destroy(enumerator); - + remove_local_set(this, &wrapper->set); wrapper->destroy(wrapper); return verified; @@ -553,7 +559,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this, time_t revocation, this_update, next_update, valid_until; crl_reason_t reason; bool revoked = FALSE; - + response = (ocsp_response_t*)cand; /* check ocsp signature */ @@ -570,7 +576,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this, case VALIDATION_REVOKED: /* subject has been revoked by a valid OCSP response */ DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N", - &revocation, TRUE, crl_reason_names, reason); + &revocation, TRUE, crl_reason_names, reason); revoked = TRUE; break; case VALIDATION_GOOD: @@ -622,14 +628,15 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this, * validate a x509 certificate using OCSP */ static cert_validation_t check_ocsp(private_credential_manager_t *this, - x509_t *subject, x509_t *issuer, - auth_cfg_t *auth) + x509_t *subject, x509_t *issuer, + auth_cfg_t *auth) { enumerator_t *enumerator; cert_validation_t valid = VALIDATION_SKIPPED; certificate_t *best = NULL, *current; identification_t *keyid = NULL; public_key_t *public; + chunk_t chunk; char *uri = NULL; /** lookup cache for valid OCSP responses */ @@ -651,9 +658,9 @@ static cert_validation_t check_ocsp(private_credential_manager_t *this, /* derive the authorityKeyIdentifier from the issuer's public key */ current = &issuer->interface; public = current->get_public_key(current); - if (public) + if (public && public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk)) { - keyid = public->get_id(public, ID_PUBKEY_SHA1); + keyid = identification_create_from_encoding(ID_KEY_ID, chunk); } /** fetch from configured OCSP responder URLs */ if (keyid && valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) @@ -676,6 +683,7 @@ static cert_validation_t check_ocsp(private_credential_manager_t *this, enumerator->destroy(enumerator); } DESTROY_IF(public); + DESTROY_IF(keyid); /* fallback to URL fetching from subject certificate's URIs */ if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) @@ -721,7 +729,7 @@ static certificate_t* fetch_crl(private_credential_manager_t *this, char *url) { certificate_t *crl; chunk_t chunk; - + DBG1(DBG_CFG, " fetching crl from '%s' ...", url); if (lib->fetcher->fetch(lib->fetcher, url, &chunk, FETCH_END) != SUCCESS) { @@ -747,7 +755,7 @@ static bool verify_crl(private_credential_manager_t *this, certificate_t *crl) certificate_t *issuer; enumerator_t *enumerator; bool verified = FALSE; - + enumerator = create_trusted_enumerator(this, KEY_ANY, crl->get_issuer(crl), FALSE, FALSE); while (enumerator->enumerate(enumerator, &issuer, NULL)) @@ -761,7 +769,7 @@ static bool verify_crl(private_credential_manager_t *this, certificate_t *crl) } } enumerator->destroy(enumerator); - + return verified; } @@ -786,7 +794,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this, cand->destroy(cand); return best; } - + crl = (crl_t*)cand; enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, &serial, &revocation, &reason)) @@ -835,7 +843,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this, * validate a x509 certificate using CRL */ static cert_validation_t check_crl(private_credential_manager_t *this, - x509_t *subject, x509_t *issuer, + x509_t *subject, x509_t *issuer, auth_cfg_t *auth) { cert_validation_t valid = VALIDATION_SKIPPED; @@ -844,20 +852,18 @@ static cert_validation_t check_crl(private_credential_manager_t *this, certificate_t *current; public_key_t *public; enumerator_t *enumerator; + chunk_t chunk; char *uri = NULL; - + /* derive the authorityKeyIdentifier from the issuer's public key */ current = &issuer->interface; public = current->get_public_key(current); - if (public) - { - keyid = public->get_id(public, ID_PUBKEY_SHA1); - } - - /* find a cached crl by authorityKeyIdentifier */ - if (keyid) + if (public && public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk)) { - enumerator = create_cert_enumerator(this, CERT_X509_CRL, KEY_ANY, + keyid = identification_create_from_encoding(ID_KEY_ID, chunk); + + /* find a cached crl by authorityKeyIdentifier */ + enumerator = create_cert_enumerator(this, CERT_X509_CRL, KEY_ANY, keyid, FALSE); while (enumerator->enumerate(enumerator, ¤t)) { @@ -871,27 +877,28 @@ static cert_validation_t check_crl(private_credential_manager_t *this, } } enumerator->destroy(enumerator); - } - /* fallback to fetching crls from credential sets cdps */ - if (keyid && valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) - { - enumerator = create_cdp_enumerator(this, CERT_X509_CRL, keyid); - - while (enumerator->enumerate(enumerator, &uri)) + /* fallback to fetching crls from credential sets cdps */ + if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) { - current = fetch_crl(this, uri); - if (current) + enumerator = create_cdp_enumerator(this, CERT_X509_CRL, keyid); + + while (enumerator->enumerate(enumerator, &uri)) { - best = get_better_crl(this, current, best, subject, issuer, - &valid, TRUE); - if (best && valid != VALIDATION_STALE) + current = fetch_crl(this, uri); + if (current) { - break; + best = get_better_crl(this, current, best, subject, issuer, + &valid, TRUE); + if (best && valid != VALIDATION_STALE) + { + break; + } } } + enumerator->destroy(enumerator); } - enumerator->destroy(enumerator); + keyid->destroy(keyid); } DESTROY_IF(public); @@ -915,7 +922,7 @@ static cert_validation_t check_crl(private_credential_manager_t *this, } enumerator->destroy(enumerator); } - + /* an uri was found, but no result. switch validation state to failed */ if (valid == VALIDATION_SKIPPED && uri) { @@ -938,6 +945,60 @@ static cert_validation_t check_crl(private_credential_manager_t *this, return valid; } +/** + * check a certificate for optional IP address block constraints + */ +static bool check_ip_addr_block_constraints(x509_t *subject, x509_t *issuer) +{ + bool subject_constraint = subject->get_flags(subject) & X509_IP_ADDR_BLOCKS; + bool issuer_constraint = issuer->get_flags(issuer) & X509_IP_ADDR_BLOCKS; + bool contained = TRUE; + + enumerator_t *subject_enumerator, *issuer_enumerator; + traffic_selector_t *subject_ts, *issuer_ts; + + if (!subject_constraint && !issuer_constraint) + { + return TRUE; + } + if (!subject_constraint) + { + DBG1(DBG_CFG, "subject certficate lacks ipAddrBlocks extension"); + return FALSE; + } + if (!issuer_constraint) + { + DBG1(DBG_CFG, "issuer certficate lacks ipAddrBlocks extension"); + return FALSE; + } + subject_enumerator = subject->create_ipAddrBlock_enumerator(subject); + while (subject_enumerator->enumerate(subject_enumerator, &subject_ts)) + { + contained = FALSE; + + issuer_enumerator = issuer->create_ipAddrBlock_enumerator(issuer); + while (issuer_enumerator->enumerate(issuer_enumerator, &issuer_ts)) + { + if (subject_ts->is_contained_in(subject_ts, issuer_ts)) + { + DBG2(DBG_CFG, " subject address block %R is contained in " + "issuer address block %R", subject_ts, issuer_ts); + contained = TRUE; + break; + } + } + issuer_enumerator->destroy(issuer_enumerator); + if (!contained) + { + DBG1(DBG_CFG, "subject address block %R is not contained in any " + "issuer address block", subject_ts); + break; + } + } + subject_enumerator->destroy(subject_enumerator); + return contained; +} + /** * check a certificate for its lifetime */ @@ -946,22 +1007,26 @@ static bool check_certificate(private_credential_manager_t *this, bool crl, bool ocsp, auth_cfg_t *auth) { time_t not_before, not_after; - + if (!subject->get_validity(subject, NULL, ¬_before, ¬_after)) { DBG1(DBG_CFG, "subject certificate invalid (valid from %T to %T)", - ¬_before, TRUE, ¬_after, TRUE); + ¬_before, FALSE, ¬_after, FALSE); return FALSE; } if (!issuer->get_validity(issuer, NULL, ¬_before, ¬_after)) { DBG1(DBG_CFG, "issuer certificate invalid (valid from %T to %T)", - ¬_before, TRUE, ¬_after, TRUE); + ¬_before, FALSE, ¬_after, FALSE); return FALSE; } if (issuer->get_type(issuer) == CERT_X509 && subject->get_type(subject) == CERT_X509) { + if (!check_ip_addr_block_constraints((x509_t*)subject, (x509_t*)issuer)) + { + return FALSE; + } if (ocsp || crl) { DBG1(DBG_CFG, "checking certificate status of \"%Y\"", @@ -1019,7 +1084,7 @@ static certificate_t *get_pretrusted_cert(private_credential_manager_t *this, { certificate_t *subject; public_key_t *public; - + subject = get_cert(this, CERT_ANY, type, id, TRUE); if (!subject) { @@ -1043,8 +1108,8 @@ static certificate_t *get_issuer_cert(private_credential_manager_t *this, { enumerator_t *enumerator; certificate_t *issuer = NULL, *candidate; - - enumerator = create_cert_enumerator(this, subject->get_type(subject), KEY_ANY, + + enumerator = create_cert_enumerator(this, subject->get_type(subject), KEY_ANY, subject->get_issuer(subject), trusted); while (enumerator->enumerate(enumerator, &candidate)) { @@ -1066,12 +1131,14 @@ static bool verify_trust_chain(private_credential_manager_t *this, bool trusted, bool crl, bool ocsp) { certificate_t *current, *issuer; + x509_t *x509; auth_cfg_t *auth; - u_int level = 0; - + int pathlen, pathlen_constraint; + auth = auth_cfg_create(); current = subject->get_ref(subject); - while (level++ < MAX_CA_LEVELS) + + for (pathlen = 0; pathlen <= X509_MAX_PATH_LEN; pathlen++) { issuer = get_issuer_cert(this, current, TRUE); if (issuer) @@ -1081,7 +1148,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, { auth->add(auth, AUTH_RULE_CA_CERT, issuer->get_ref(issuer)); DBG1(DBG_CFG, " using trusted ca certificate \"%Y\"", - issuer->get_subject(issuer)); + issuer->get_subject(issuer)); trusted = TRUE; } else @@ -1109,7 +1176,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, } else { - DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"", + DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"", current->get_subject(current)); break; } @@ -1121,17 +1188,32 @@ static bool verify_trust_chain(private_credential_manager_t *this, issuer->destroy(issuer); break; } + + /* check path length constraint */ + x509 = (x509_t*)issuer; + pathlen_constraint = x509->get_pathLenConstraint(x509); + if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && + pathlen > pathlen_constraint) + { + DBG1(DBG_CFG, "path length of %d violates constraint of %d", + pathlen, pathlen_constraint); + trusted = FALSE; + issuer->destroy(issuer); + break; + } current->destroy(current); current = issuer; if (trusted) { + DBG1(DBG_CFG, " reached self-signed root ca with a path length of %d", + pathlen); break; } } current->destroy(current); - if (level > MAX_CA_LEVELS) + if (pathlen > X509_MAX_PATH_LEN) { - DBG1(DBG_CFG, "maximum ca path length of %d levels reached", level); + DBG1(DBG_CFG, "maximum path length of %d exceeded", X509_MAX_PATH_LEN); } if (trusted) { @@ -1172,10 +1254,10 @@ static bool trusted_enumerate(trusted_enumerator_t *this, certificate_t **cert, auth_cfg_t **auth) { certificate_t *current; - + DESTROY_IF(this->auth); this->auth = auth_cfg_create(); - + if (!this->candidates) { /* first invocation, build enumerator for next one */ @@ -1186,7 +1268,7 @@ static bool trusted_enumerate(trusted_enumerator_t *this, if (this->pretrusted) { /* if we find a trusted self signed certificate, we just accept it. - * However, in order to fulfill authorization rules, we try to build + * However, in order to fulfill authorization rules, we try to build * the trust chain if it is not self signed */ if (this->this->cache->issued_by(this->this->cache, this->pretrusted, this->pretrusted) || @@ -1214,7 +1296,7 @@ static bool trusted_enumerate(trusted_enumerator_t *this, { /* skip pretrusted certificate we already served */ continue; } - + DBG1(DBG_CFG, " using certificate \"%Y\"", current->get_subject(current)); if (verify_trust_chain(this->this, current, this->auth, FALSE, @@ -1249,10 +1331,10 @@ static enumerator_t *create_trusted_enumerator(private_credential_manager_t *thi key_type_t type, identification_t *id, bool crl, bool ocsp) { trusted_enumerator_t *enumerator = malloc_thing(trusted_enumerator_t); - + enumerator->public.enumerate = (void*)trusted_enumerate; enumerator->public.destroy = (void*)trusted_destroy; - + enumerator->candidates = NULL; enumerator->this = this; enumerator->type = type; @@ -1261,7 +1343,7 @@ static enumerator_t *create_trusted_enumerator(private_credential_manager_t *thi enumerator->ocsp = ocsp; enumerator->pretrusted = NULL; enumerator->auth = NULL; - + return &enumerator->public; } @@ -1288,7 +1370,7 @@ static bool public_enumerate(public_enumerator_t *this, public_key_t **key, auth_cfg_t **auth) { certificate_t *cert; - + while (this->inner->enumerate(this->inner, &cert, auth)) { DESTROY_IF(this->current); @@ -1315,7 +1397,7 @@ static void public_destroy(public_enumerator_t *this) this->wrapper->destroy(this->wrapper); } this->this->lock->unlock(this->this->lock); - + /* check for delayed certificate cache queue */ cache_queue(this->this); free(this); @@ -1328,7 +1410,7 @@ static enumerator_t* create_public_enumerator(private_credential_manager_t *this key_type_t type, identification_t *id, auth_cfg_t *auth) { public_enumerator_t *enumerator = malloc_thing(public_enumerator_t); - + enumerator->public.enumerate = (void*)public_enumerate; enumerator->public.destroy = (void*)public_destroy; enumerator->inner = create_trusted_enumerator(this, type, id, TRUE, TRUE); @@ -1373,13 +1455,13 @@ static bool auth_contains_cacert(auth_cfg_t *auth, certificate_t *cert) */ static auth_cfg_t *build_trustchain(private_credential_manager_t *this, certificate_t *subject, auth_cfg_t *auth) -{ +{ certificate_t *issuer, *current; auth_cfg_t *trustchain; - u_int level = 0; - + int pathlen = 0; + trustchain = auth_cfg_create(); - + current = auth->get(auth, AUTH_RULE_CA_CERT); if (!current) { @@ -1405,13 +1487,14 @@ static auth_cfg_t *build_trustchain(private_credential_manager_t *this, trustchain->add(trustchain, AUTH_RULE_IM_CERT, current); } issuer = get_issuer_cert(this, current, FALSE); - if (!issuer || issuer->equals(issuer, current) || level > MAX_CA_LEVELS) + if (!issuer || issuer->equals(issuer, current) || + pathlen > X509_MAX_PATH_LEN) { DESTROY_IF(issuer); break; } current = issuer; - level++; + pathlen++; } trustchain->destroy(trustchain); return NULL; @@ -1424,16 +1507,18 @@ static private_key_t *get_private_by_cert(private_credential_manager_t *this, certificate_t *cert, key_type_t type) { private_key_t *private = NULL; - identification_t* keyid; + identification_t *keyid; + chunk_t chunk; public_key_t *public; public = cert->get_public_key(cert); if (public) { - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid) + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk)) { + keyid = identification_create_from_encoding(ID_KEY_ID, chunk); private = get_private_by_keyid(this, type, keyid); + keyid->destroy(keyid); } public->destroy(public); } @@ -1451,18 +1536,14 @@ static private_key_t *get_private(private_credential_manager_t *this, certificate_t *cert; private_key_t *private = NULL; auth_cfg_t *trustchain; - + /* check if this is a lookup by key ID, and do it if so */ - if (id) + if (id && id->get_type(id) == ID_KEY_ID) { - switch (id->get_type(id)) + private = get_private_by_keyid(this, type, id); + if (private) { - case ID_PUBKEY_SHA1: - case ID_PUBKEY_INFO_SHA1: - case ID_KEY_ID: - return get_private_by_keyid(this, type, id); - default: - break; + return private; } } @@ -1482,7 +1563,7 @@ static private_key_t *get_private(private_credential_manager_t *this, return private; } } - + /* try to build a trust chain for each certificate found */ enumerator = create_cert_enumerator(this, CERT_ANY, type, id, FALSE); while (enumerator->enumerate(enumerator, &cert)) @@ -1560,9 +1641,10 @@ static void destroy(private_credential_manager_t *this) this->cache_queue->destroy(this->cache_queue); this->sets->remove(this->sets, this->cache, NULL); this->sets->destroy(this->sets); - pthread_key_delete(this->local_sets); + this->local_sets->destroy(this->local_sets); this->cache->destroy(this->cache); this->lock->destroy(this->lock); + this->queue_mutex->destroy(this->queue_mutex); free(this); } @@ -1572,7 +1654,7 @@ static void destroy(private_credential_manager_t *this) credential_manager_t *credential_manager_create() { private_credential_manager_t *this = malloc_thing(private_credential_manager_t); - + this->public.create_cert_enumerator = (enumerator_t *(*)(credential_manager_t *this,certificate_type_t cert, key_type_t key,identification_t *id,bool))create_cert_enumerator; this->public.create_shared_enumerator = (enumerator_t *(*)(credential_manager_t *this, shared_key_type_t type,identification_t *me, identification_t *other))create_shared_enumerator; this->public.create_cdp_enumerator = (enumerator_t *(*)(credential_manager_t*, certificate_type_t type, identification_t *id))create_cdp_enumerator; @@ -1585,14 +1667,15 @@ credential_manager_t *credential_manager_create() this->public.add_set = (void(*)(credential_manager_t*, credential_set_t *set))add_set; this->public.remove_set = (void(*)(credential_manager_t*, credential_set_t *set))remove_set; this->public.destroy = (void(*)(credential_manager_t*))destroy; - + this->sets = linked_list_create(); - pthread_key_create(&this->local_sets, (void*)this->sets->destroy); + this->local_sets = thread_value_create((thread_cleanup_t)this->sets->destroy); this->cache = cert_cache_create(); this->cache_queue = linked_list_create(); this->sets->insert_first(this->sets, this->cache); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + this->queue_mutex = mutex_create(MUTEX_TYPE_DEFAULT); + return &this->public; } diff --git a/src/charon/credentials/credential_manager.h b/src/charon/credentials/credential_manager.h index 0af54c0b1..0448da992 100644 --- a/src/charon/credentials/credential_manager.h +++ b/src/charon/credentials/credential_manager.h @@ -36,11 +36,11 @@ typedef struct credential_manager_t credential_manager_t; * * The credential manager is the entry point of the credential framework. It * uses so called "sets" to access credentials in a modular fashion, these - * are implemented through the credential_set_t interface. + * are implemented through the credential_set_t interface. * The manager additionally does trust chain verification and trust status * chaching. A set may call the managers methods if it needs credentials itself, * the manager uses recursive locking. - * + * * @verbatim +-------+ +----------------+ @@ -58,14 +58,14 @@ typedef struct credential_manager_t credential_manager_t; | o | may be recursive | r | +-------+ - - @endverbatim + + @endverbatim * * The credential manager uses rwlocks for performance reasons, credential * sets must be fully thread save. */ struct credential_manager_t { - + /** * Create an enumerator over all certificates. * @@ -90,7 +90,7 @@ struct credential_manager_t { * @param second second subject between key is shared * @return enumerator over shared keys */ - enumerator_t *(*create_shared_enumerator)(credential_manager_t *this, + enumerator_t *(*create_shared_enumerator)(credential_manager_t *this, shared_key_type_t type, identification_t *first, identification_t *second); /** @@ -121,14 +121,14 @@ struct credential_manager_t { * @param me own identity * @param other peers identity * @return shared_key_t, NULL if none found - */ + */ shared_key_t *(*get_shared)(credential_manager_t *this, shared_key_type_t type, identification_t *me, identification_t *other); /** * Get a private key to create a signature. * * The get_private() method gets a secret private key identified by either - * the keyid itself or an id the key belongs to. + * the keyid itself or an id the key belongs to. * The auth parameter contains additional information, such as receipients * trusted CA certs. Auth gets filled with subject and CA certificates * needed to validate a created signature. @@ -140,12 +140,12 @@ struct credential_manager_t { */ private_key_t* (*get_private)(credential_manager_t *this, key_type_t type, identification_t *id, auth_cfg_t *auth); - + /** * Create an enumerator over trusted public keys. * * This method gets a an enumerator over trusted public keys to verify a - * signature created by id. The auth parameter contains additional + * signature created by id. The auth parameter contains additional * authentication infos, e.g. peer and intermediate certificates. * The resulting enumerator enumerates over public_key_t *, auth_cfg_t *, * where the auth config helper contains rules for constraint checks. @@ -157,14 +157,14 @@ struct credential_manager_t { */ enumerator_t* (*create_public_enumerator)(credential_manager_t *this, key_type_t type, identification_t *id, auth_cfg_t *auth); - + /** * Cache a certificate by invoking cache_cert() on all registerd sets. * * @param cert certificate to cache */ void (*cache_cert)(credential_manager_t *this, certificate_t *cert); - + /** * Flush the certificate cache. * @@ -174,25 +174,25 @@ struct credential_manager_t { * @param type type of certificate to flush, or CERT_ANY */ void (*flush_cache)(credential_manager_t *this, certificate_type_t type); - + /** * Register a credential set to the manager. * * @param set set to register */ void (*add_set)(credential_manager_t *this, credential_set_t *set); - + /** * Unregister a credential set from the manager. * * @param set set to unregister */ void (*remove_set)(credential_manager_t *this, credential_set_t *set); - + /** - * Destroy a credential_manager instance. - */ - void (*destroy)(credential_manager_t *this); + * Destroy a credential_manager instance. + */ + void (*destroy)(credential_manager_t *this); }; /** diff --git a/src/charon/credentials/credential_set.h b/src/charon/credentials/credential_set.h index e9ad99bfd..274eb3feb 100644 --- a/src/charon/credentials/credential_set.h +++ b/src/charon/credentials/credential_set.h @@ -43,12 +43,12 @@ typedef struct credential_set_t credential_set_t; * enumerator is alive, so it is save to use a write lock there. */ struct credential_set_t { - + /** * Create an enumerator over private keys (private_key_t). * * The id is either a key identifier of the requested key, or an identity - * of the key owner. + * of the key owner. * * @param type type of requested private key * @param id key identifier/owner @@ -80,10 +80,10 @@ struct credential_set_t { * @param other other identity who owns that secret * @return enumerator as described above */ - enumerator_t *(*create_shared_enumerator)(credential_set_t *this, + enumerator_t *(*create_shared_enumerator)(credential_set_t *this, shared_key_type_t type, identification_t *me, identification_t *other); - + /** * Create an enumerator over certificate distribution points. * @@ -93,7 +93,7 @@ struct credential_set_t { */ enumerator_t *(*create_cdp_enumerator)(credential_set_t *this, certificate_type_t type, identification_t *id); - + /** * Cache a certificate in the credential set. * @@ -102,7 +102,7 @@ struct credential_set_t { * * @param cert certificate to cache */ - void (*cache_cert)(credential_set_t *this, certificate_t *cert); + void (*cache_cert)(credential_set_t *this, certificate_t *cert); }; #endif /** CREDENTIAL_SET_H_ @}*/ diff --git a/src/charon/credentials/sets/auth_cfg_wrapper.c b/src/charon/credentials/sets/auth_cfg_wrapper.c index b2cf5d960..82e33d283 100644 --- a/src/charon/credentials/sets/auth_cfg_wrapper.c +++ b/src/charon/credentials/sets/auth_cfg_wrapper.c @@ -29,7 +29,7 @@ struct private_auth_cfg_wrapper_t { * public functions */ auth_cfg_wrapper_t public; - + /** * wrapped auth info */ @@ -67,10 +67,10 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, /* fetching the certificate previously failed */ return FALSE; } - + chunk_t data; certificate_t *cert; - + DBG1(DBG_CFG, " fetching certificate from '%s' ...", url); if (lib->fetcher->fetch(lib->fetcher, url, &data, FETCH_END) != SUCCESS) { @@ -80,11 +80,11 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, *rule, NULL); return FALSE; } - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, data, BUILD_END); free(data.ptr); - + if (!cert) { DBG1(DBG_CFG, " parsing fetched certificate failed"); @@ -93,10 +93,10 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator, *rule, NULL); return FALSE; } - + DBG1(DBG_CFG, " fetched certificate \"%Y\"", cert->get_subject(cert)); charon->credentials->cache_cert(charon->credentials, cert); - + if (*rule == AUTH_HELPER_IM_HASH_URL) { *rule = AUTH_HELPER_IM_CERT; @@ -174,11 +174,11 @@ static void wrapper_enumerator_destroy(wrapper_enumerator_t *this) * implementation of auth_cfg_wrapper_t.set.create_cert_enumerator */ static enumerator_t *create_enumerator(private_auth_cfg_wrapper_t *this, - certificate_type_t cert, key_type_t key, + certificate_type_t cert, key_type_t key, identification_t *id, bool trusted) { wrapper_enumerator_t *enumerator; - + if (trusted) { return NULL; @@ -208,16 +208,16 @@ static void destroy(private_auth_cfg_wrapper_t *this) auth_cfg_wrapper_t *auth_cfg_wrapper_create(auth_cfg_t *auth) { private_auth_cfg_wrapper_t *this = malloc_thing(private_auth_cfg_wrapper_t); - + this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)create_enumerator; this->public.set.create_shared_enumerator = (void*)return_null; this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)nop; this->public.destroy = (void(*)(auth_cfg_wrapper_t*))destroy; - + this->auth = auth; - + return &this->public; } diff --git a/src/charon/credentials/sets/auth_cfg_wrapper.h b/src/charon/credentials/sets/auth_cfg_wrapper.h index dd5e0fff6..7653fcdbf 100644 --- a/src/charon/credentials/sets/auth_cfg_wrapper.h +++ b/src/charon/credentials/sets/auth_cfg_wrapper.h @@ -35,11 +35,11 @@ struct auth_cfg_wrapper_t { * implements credential_set_t */ credential_set_t set; - + /** - * Destroy a auth_cfg_wrapper instance. - */ - void (*destroy)(auth_cfg_wrapper_t *this); + * Destroy a auth_cfg_wrapper instance. + */ + void (*destroy)(auth_cfg_wrapper_t *this); }; /** diff --git a/src/charon/credentials/sets/cert_cache.c b/src/charon/credentials/sets/cert_cache.c index dee0463e6..176accce2 100644 --- a/src/charon/credentials/sets/cert_cache.c +++ b/src/charon/credentials/sets/cert_cache.c @@ -19,7 +19,7 @@ #include #include -#include +#include #include /** cache size, a power of 2 for fast modulo */ @@ -35,22 +35,22 @@ typedef struct relation_t relation_t; * A trusted relation between subject and issuer */ struct relation_t { - + /** * subject of this relation */ certificate_t *subject; - + /** * issuer of this relation */ certificate_t *issuer; - + /** * Cache hits */ u_int hits; - + /** * Lock for this relation */ @@ -61,12 +61,12 @@ struct relation_t { * private data of cert_cache */ struct private_cert_cache_t { - + /** * public functions */ cert_cache_t public; - + /** * array of trusted subject-issuer relations */ @@ -82,12 +82,12 @@ static void cache(private_cert_cache_t *this, relation_t *rel; int i, offset, try; u_int total_hits = 0; - + /* check for a unused relation slot first */ for (i = 0; i < CACHE_SIZE; i++) { rel = &this->relations[i]; - + if (!rel->subject && rel->lock->try_write_lock(rel->lock)) { /* double-check having lock */ @@ -109,7 +109,7 @@ static void cache(private_cert_cache_t *this, for (i = 0; i < CACHE_SIZE; i++) { rel = &this->relations[(i + offset) % CACHE_SIZE]; - + if (rel->hits > total_hits / CACHE_SIZE) { /* skip often used slots */ continue; @@ -140,11 +140,11 @@ static bool issued_by(private_cert_cache_t *this, { relation_t *found = NULL, *current; int i; - + for (i = 0; i < CACHE_SIZE; i++) { current = &this->relations[i]; - + current->lock->read_lock(current->lock); if (current->subject) { @@ -203,14 +203,14 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out) { public_key_t *public; relation_t *rel; - + if (this->locked >= 0) { rel = &this->relations[this->locked]; rel->lock->unlock(rel->lock); this->locked = -1; } - + while (++this->index < CACHE_SIZE) { rel = &this->relations[this->index]; @@ -219,7 +219,7 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out) if (rel->subject) { /* CRL lookup is done using issuer/authkeyidentifier */ - if (this->key == KEY_ANY && this->id && + if (this->key == KEY_ANY && this->id && (this->cert == CERT_ANY || this->cert == CERT_X509_CRL) && rel->subject->get_type(rel->subject) == CERT_X509_CRL && rel->subject->has_issuer(rel->subject, this->id)) @@ -261,7 +261,7 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out) static void cert_enumerator_destroy(cert_enumerator_t *this) { relation_t *rel; - + if (this->locked >= 0) { rel = &this->relations[this->locked]; @@ -274,11 +274,11 @@ static void cert_enumerator_destroy(cert_enumerator_t *this) * implementation of credential_set_t.create_cert_enumerator */ static enumerator_t *create_enumerator(private_cert_cache_t *this, - certificate_type_t cert, key_type_t key, + certificate_type_t cert, key_type_t key, identification_t *id, bool trusted) { cert_enumerator_t *enumerator; - + if (trusted) { return NULL; @@ -292,7 +292,7 @@ static enumerator_t *create_enumerator(private_cert_cache_t *this, enumerator->relations = this->relations; enumerator->index = -1; enumerator->locked = -1; - + return &enumerator->public; } @@ -303,7 +303,7 @@ static void flush(private_cert_cache_t *this, certificate_type_t type) { relation_t *rel; int i; - + for (i = 0; i < CACHE_SIZE; i++) { rel = &this->relations[i]; @@ -346,7 +346,7 @@ static void destroy(private_cert_cache_t *this) { relation_t *rel; int i; - + for (i = 0; i < CACHE_SIZE; i++) { rel = &this->relations[i]; @@ -367,7 +367,7 @@ cert_cache_t *cert_cache_create() { private_cert_cache_t *this; int i; - + this = malloc_thing(private_cert_cache_t); this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)create_enumerator; @@ -377,7 +377,7 @@ cert_cache_t *cert_cache_create() this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by; this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush; this->public.destroy = (void(*)(cert_cache_t*))destroy; - + for (i = 0; i < CACHE_SIZE; i++) { this->relations[i].subject = NULL; diff --git a/src/charon/credentials/sets/cert_cache.h b/src/charon/credentials/sets/cert_cache.h index a2cae367c..d2721866e 100644 --- a/src/charon/credentials/sets/cert_cache.h +++ b/src/charon/credentials/sets/cert_cache.h @@ -39,7 +39,7 @@ struct cert_cache_t { * Implements credential_set_t. */ credential_set_t set; - + /** * Caching wrapper around certificate_t.issued_by. * @@ -49,14 +49,14 @@ struct cert_cache_t { */ bool (*issued_by)(cert_cache_t *this, certificate_t *subject, certificate_t *issuer); - + /** * Flush the certificate cache. * * @param type type of certificate to flush, or CERT_ANY */ void (*flush)(cert_cache_t *this, certificate_type_t type); - + /** * Destroy a cert_cache instance. */ diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.c b/src/charon/credentials/sets/ocsp_response_wrapper.c index e9faec472..82079209a 100644 --- a/src/charon/credentials/sets/ocsp_response_wrapper.c +++ b/src/charon/credentials/sets/ocsp_response_wrapper.c @@ -26,7 +26,7 @@ struct private_ocsp_response_wrapper_t { * public functions */ ocsp_response_wrapper_t public; - + /** * wrapped OCSP response */ @@ -98,16 +98,16 @@ static void enumerator_destroy(wrapper_enumerator_t *this) * implementation of ocsp_response_wrapper_t.set.create_cert_enumerator */ static enumerator_t *create_enumerator(private_ocsp_response_wrapper_t *this, - certificate_type_t cert, key_type_t key, + certificate_type_t cert, key_type_t key, identification_t *id, bool trusted) { wrapper_enumerator_t *enumerator; - + if (trusted) { return NULL; } - + enumerator = malloc_thing(wrapper_enumerator_t); enumerator->cert = cert; enumerator->key = key; @@ -132,16 +132,16 @@ static void destroy(private_ocsp_response_wrapper_t *this) ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response) { private_ocsp_response_wrapper_t *this = malloc_thing(private_ocsp_response_wrapper_t); - + this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)create_enumerator; this->public.set.create_shared_enumerator = (void*)return_null; this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)nop; this->public.destroy = (void(*)(ocsp_response_wrapper_t*))destroy; - + this->response = response; - + return &this->public; } diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.h b/src/charon/credentials/sets/ocsp_response_wrapper.h index 8f141f7a1..dc4b451df 100644 --- a/src/charon/credentials/sets/ocsp_response_wrapper.h +++ b/src/charon/credentials/sets/ocsp_response_wrapper.h @@ -35,11 +35,11 @@ struct ocsp_response_wrapper_t { * implements credential_set_t */ credential_set_t set; - + /** - * Destroy a ocsp_response_wrapper instance. - */ - void (*destroy)(ocsp_response_wrapper_t *this); + * Destroy a ocsp_response_wrapper instance. + */ + void (*destroy)(ocsp_response_wrapper_t *this); }; /** diff --git a/src/charon/daemon.c b/src/charon/daemon.c index 0689c448e..e71225fd1 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -1,4 +1,4 @@ -/* +/* * Copyright (C) 2006-2009 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger @@ -41,7 +41,8 @@ #include #include -#include +#include +#include #include #ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */ @@ -58,12 +59,17 @@ struct private_daemon_t { * Public members of daemon_t. */ daemon_t public; - + /** * Signal set used for signal handling. */ sigset_t signal_set; + /** + * Reference to main thread. + */ + thread_t *main_thread; + #ifdef CAPABILITIES /** * capabilities to keep @@ -88,7 +94,7 @@ extern void (*dbg) (int level, char *fmt, ...); static void dbg_bus(int level, char *fmt, ...) { va_list args; - + va_start(args, fmt); charon->bus->vlog(charon->bus, DBG_LIB, level, fmt, args); va_end(args); @@ -100,7 +106,7 @@ static void dbg_bus(int level, char *fmt, ...) static void dbg_stderr(int level, char *fmt, ...) { va_list args; - + if (level <= 1) { va_start(args, fmt); @@ -117,18 +123,19 @@ static void dbg_stderr(int level, char *fmt, ...) static void run(private_daemon_t *this) { sigset_t set; - + /* handle SIGINT, SIGHUP ans SIGTERM in this handler */ sigemptyset(&set); - sigaddset(&set, SIGINT); - sigaddset(&set, SIGHUP); + sigaddset(&set, SIGINT); + sigaddset(&set, SIGHUP); sigaddset(&set, SIGTERM); - + sigprocmask(SIG_BLOCK, &set, NULL); + while (TRUE) { int sig; int error; - + error = sigwait(&set, &sig); if (error) { @@ -145,11 +152,13 @@ static void run(private_daemon_t *this) case SIGINT: { DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down"); + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig); return; } case SIGTERM: { DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down"); + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig); return; } default: @@ -193,14 +202,13 @@ static void destroy(private_daemon_t *this) DESTROY_IF(this->public.mediation_manager); #endif /* ME */ DESTROY_IF(this->public.backends); - DESTROY_IF(this->public.attributes); DESTROY_IF(this->public.credentials); DESTROY_IF(this->public.sender); DESTROY_IF(this->public.receiver); DESTROY_IF(this->public.socket); /* wait until all threads are gone */ DESTROY_IF(this->public.processor); - + /* rehook library logging, shutdown logging */ dbg = dbg_stderr; DESTROY_IF(this->public.bus); @@ -225,7 +233,7 @@ static void kill_daemon(private_daemon_t *this, char *reason) { fprintf(stderr, "killing daemon: %s\n", reason); } - if (this->public.main_thread_id == pthread_self()) + if (this->main_thread == thread_current()) { /* initialization failed, terminate daemon */ unlink(PID_FILE); @@ -234,9 +242,9 @@ static void kill_daemon(private_daemon_t *this, char *reason) else { DBG1(DBG_DMN, "sending SIGTERM to ourself"); - pthread_kill(this->public.main_thread_id, SIGTERM); + this->main_thread->kill(this->main_thread, SIGTERM); /* thread must die, since he produced a ciritcal failure and can't continue */ - pthread_exit(NULL); + thread_exit(NULL); } } @@ -246,18 +254,18 @@ static void kill_daemon(private_daemon_t *this, char *reason) static void drop_capabilities(private_daemon_t *this) { #ifdef HAVE_PRCTL - prctl(PR_SET_KEEPCAPS, 1); + prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); #endif if (setgid(charon->gid) != 0) { - kill_daemon(this, "change to unprivileged group failed"); + kill_daemon(this, "change to unprivileged group failed"); } if (setuid(charon->uid) != 0) { - kill_daemon(this, "change to unprivileged user failed"); + kill_daemon(this, "change to unprivileged user failed"); } - + #ifdef CAPABILITIES if (cap_set_proc(this->caps) != 0) { @@ -279,7 +287,7 @@ static void keep_cap(private_daemon_t *this, u_int cap) } /** - * lookup UID and GID + * lookup UID and GID */ static void lookup_uid_gid(private_daemon_t *this) { @@ -287,7 +295,7 @@ static void lookup_uid_gid(private_daemon_t *this) { char buf[1024]; struct passwd passwd, *pwp; - + if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 || pwp == NULL) { @@ -300,7 +308,7 @@ static void lookup_uid_gid(private_daemon_t *this) { char buf[1024]; struct group group, *grp; - + if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 || grp == NULL) { @@ -319,7 +327,7 @@ static void print_plugins() char buf[512], *plugin; int len = 0; enumerator_t *enumerator; - + buf[0] = '\0'; enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < sizeof(buf) && enumerator->enumerate(enumerator, &plugin)) @@ -345,7 +353,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr, level_t def; bool append; FILE *file; - + /* setup sysloggers */ enumerator = lib->settings->create_section_enumerator(lib->settings, "charon.syslog"); @@ -378,7 +386,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr, this->public.bus->add_listener(this->public.bus, &sys_logger->listener); } enumerator->destroy(enumerator); - + /* and file loggers */ enumerator = lib->settings->create_section_enumerator(lib->settings, "charon.filelog"); @@ -418,10 +426,10 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr, this->public.file_loggers->insert_last(this->public.file_loggers, file_logger); this->public.bus->add_listener(this->public.bus, &file_logger->listener); - + } enumerator->destroy(enumerator); - + /* set up legacy style default loggers provided via command-line */ if (!loggers_defined) { @@ -443,7 +451,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr, file_logger->set_level(file_logger, group, levels[group]); } } - + /* set up default auth sys_logger */ sys_logger = sys_logger_create(LOG_AUTHPRIV); this->public.bus->add_listener(this->public.bus, &sys_logger->listener); @@ -460,14 +468,14 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) { /* for uncritical pseudo random numbers */ srandom(time(NULL) + getpid()); - + /* setup bus and it's listeners first to enable log output */ this->public.bus = bus_create(); /* set up hook to log dbg message in library via charons message bus */ dbg = dbg_bus; - + initialize_loggers(this, !syslog, levels); - + DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")"); if (lib->integrity) @@ -485,15 +493,17 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) this->public.eap = eap_manager_create(); this->public.sim = sim_manager_create(); this->public.backends = backend_manager_create(); - this->public.attributes = attribute_manager_create(); this->public.kernel_interface = kernel_interface_create(); this->public.socket = socket_create(); this->public.traps = trap_manager_create(); - + /* load plugins, further infrastructure may need it */ - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, - lib->settings->get_str(lib->settings, "charon.load", PLUGINS)); - + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "charon.load", PLUGINS))) + { + return FALSE; + } + print_plugins(); this->public.ike_sa_manager = ike_sa_manager_create(); @@ -507,7 +517,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) { return FALSE; } - + #ifdef ME this->public.connect_manager = connect_manager_create(); if (this->public.connect_manager == NULL) @@ -516,7 +526,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) } this->public.mediation_manager = mediation_manager_create(); #endif /* ME */ - + return TRUE; } @@ -526,35 +536,34 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) static void segv_handler(int signal) { backtrace_t *backtrace; - - DBG1(DBG_DMN, "thread %u received %d", pthread_self(), signal); + + DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal); backtrace = backtrace_create(2); backtrace->log(backtrace, stderr); backtrace->destroy(backtrace); - + DBG1(DBG_DMN, "killing ourself, received critical signal"); - raise(SIGKILL); + abort(); } /** * Create the daemon. */ private_daemon_t *daemon_create(void) -{ +{ struct sigaction action; private_daemon_t *this = malloc_thing(private_daemon_t); - + /* assign methods */ this->public.kill = (void (*) (daemon_t*,char*))kill_daemon; this->public.keep_cap = (void(*)(daemon_t*, u_int cap))keep_cap; - + /* NULL members for clean destruction */ this->public.socket = NULL; this->public.ike_sa_manager = NULL; this->public.traps = NULL; this->public.credentials = NULL; this->public.backends = NULL; - this->public.attributes = NULL; this->public.sender= NULL; this->public.receiver = NULL; this->public.scheduler = NULL; @@ -572,8 +581,8 @@ private_daemon_t *daemon_create(void) #endif /* ME */ this->public.uid = 0; this->public.gid = 0; - - this->public.main_thread_id = pthread_self(); + + this->main_thread = thread_current(); #ifdef CAPABILITIES this->caps = cap_init(); keep_cap(this, CAP_NET_ADMIN); @@ -582,9 +591,8 @@ private_daemon_t *daemon_create(void) keep_cap(this, CAP_SYS_NICE); } #endif /* CAPABILITIES */ - + /* add handler for SEGV and ILL, - * add handler for USR1 (cancellation). * INT, TERM and HUP are handled by sigwait() in run() */ action.sa_handler = segv_handler; action.sa_flags = 0; @@ -597,20 +605,20 @@ private_daemon_t *daemon_create(void) sigaction(SIGBUS, &action, NULL); action.sa_handler = SIG_IGN; sigaction(SIGPIPE, &action, NULL); - - pthread_sigmask(SIG_SETMASK, &action.sa_mask, 0); - + + pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL); + return this; } /** - * Check/create PID file, return TRUE if already running + * Check/create PID file, return TRUE if already running */ static bool check_pidfile() { struct stat stb; FILE *file; - + if (stat(PID_FILE, &stb) == 0) { file = fopen(PID_FILE, "r"); @@ -618,7 +626,7 @@ static bool check_pidfile() { char buf[64]; pid_t pid = 0; - + memset(buf, 0, sizeof(buf)); if (fread(buf, 1, sizeof(buf), file)) { @@ -633,7 +641,7 @@ static bool check_pidfile() DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running"); unlink(PID_FILE); } - + /* create new pidfile */ file = fopen(PID_FILE, "w"); if (file) @@ -676,17 +684,17 @@ int main(int argc, char *argv[]) private_daemon_t *private_charon; level_t levels[DBG_MAX]; int group; - + /* logging for library during initialization, as we have no bus yet */ dbg = dbg_stderr; - + /* initialize library */ - if (!library_init(STRONGSWAN_CONF)) + if (!library_init(NULL)) { library_deinit(); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } - + if (lib->integrity && !lib->integrity->check_file(lib->integrity, "charon", argv[0])) { @@ -694,7 +702,7 @@ int main(int argc, char *argv[]) library_deinit(); exit(SS_RC_DAEMON_INTEGRITY); } - + lib->printf_hook->add_handler(lib->printf_hook, 'R', traffic_selector_printf_hook, PRINTF_HOOK_ARGTYPE_POINTER, @@ -705,15 +713,15 @@ int main(int argc, char *argv[]) PRINTF_HOOK_ARGTYPE_END); private_charon = daemon_create(); charon = (daemon_t*)private_charon; - + lookup_uid_gid(private_charon); - + /* use CTRL loglevel for default */ for (group = 0; group < DBG_MAX; group++) { levels[group] = LEVEL_CTRL; } - + /* handle arguments */ for (;;) { @@ -734,12 +742,12 @@ int main(int argc, char *argv[]) { "debug-lib", required_argument, &group, DBG_LIB }, { 0,0,0,0 } }; - + int c = getopt_long(argc, argv, "", long_opts, NULL); switch (c) { case EOF: - break; + break; case 'h': usage(NULL); break; @@ -759,39 +767,41 @@ int main(int argc, char *argv[]) } break; } - + /* initialize daemon */ if (!initialize(private_charon, use_syslog, levels)) { DBG1(DBG_DMN, "initialization failed - aborting charon"); destroy(private_charon); + library_deinit(); exit(SS_RC_INITIALIZATION_FAILED); } - + if (check_pidfile()) { DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)"); destroy(private_charon); + library_deinit(); exit(-1); } - + /* drop the capabilities we won't need */ drop_capabilities(private_charon); - + /* start the engine, go multithreaded */ charon->processor->set_threads(charon->processor, lib->settings->get_int(lib->settings, "charon.threads", DEFAULT_THREADS)); - + /* run daemon */ run(private_charon); - + /* normal termination, cleanup and exit */ destroy(private_charon); unlink(PID_FILE); - + library_deinit(); - + return 0; } diff --git a/src/charon/daemon.h b/src/charon/daemon.h index 023bae447..cb5946d5d 100644 --- a/src/charon/daemon.h +++ b/src/charon/daemon.h @@ -21,7 +21,7 @@ * * @defgroup bus bus * @ingroup charon - * + * * @defgroup listeners listeners * @ingroup bus * @@ -84,13 +84,13 @@ * from the processor. Work is delegated to the processor by queueing jobs * to it. @verbatim - + +---------------------------------+ +----------------------------+ | controller | | config | - +---------------------------------+ +----------------------------+ - | | | ^ ^ ^ - V V V | | | - + +---------------------------------+ +----------------------------+ + | | | ^ ^ ^ + V V V | | | + +----------+ +-----------+ +------+ +----------+ +----+ | receiver | | | | | +------+ | CHILD_SA | | K | +---+------+ | Scheduler | | IKE- | | IKE- |--+----------+ | e | @@ -100,43 +100,43 @@ +------+---+ +-----------+ | ager | +------+ +----------+ | l | | | | | | | IKE- |--| CHILD_SA | | - | +---+------+ | Processor |---| |--| SA | +----------+ | I | - | sender | | | | | +------+ | f | + | sender | | | | | +------+ | f | +----------+ +-----------+ +------+ +----+ - - | | | | | | - V V V V V V - +---------------------------------+ +----------------------------+ - | Bus | | credentials | - +---------------------------------+ +----------------------------+ + + | | | | | | + V V V V V V + +---------------------------------+ +----------------------------+ + | Bus | | credentials | + +---------------------------------+ +----------------------------+ @endverbatim - * The scheduler is responsible to execute timed events. Jobs may be queued to - * the scheduler to get executed at a defined time (e.g. rekeying). The + * The scheduler is responsible to execute timed events. Jobs may be queued to + * the scheduler to get executed at a defined time (e.g. rekeying). The * scheduler does not execute the jobs itself, it queues them to the processor. - * - * The IKE_SA manager managers all IKE_SA. It further handles the + * + * The IKE_SA manager managers all IKE_SA. It further handles the * synchronization: - * Each IKE_SA must be checked out strictly and checked in again after use. The - * manager guarantees that only one thread may check out a single IKE_SA. This + * Each IKE_SA must be checked out strictly and checked in again after use. The + * manager guarantees that only one thread may check out a single IKE_SA. This * allows us to write the (complex) IKE_SAs routines non-threadsave. - * The IKE_SA contain the state and the logic of each IKE_SA and handle the + * The IKE_SA contain the state and the logic of each IKE_SA and handle the * messages. - * + * * The CHILD_SA contains state about a IPsec security association and manages - * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel + * them. An IKE_SA may have multiple CHILD_SAs. Communication to the kernel * takes place here through the kernel interface. - * + * * The kernel interface installs IPsec security associations, policies, routes - * and virtual addresses. It further provides methods to enumerate interfaces + * and virtual addresses. It further provides methods to enumerate interfaces * and may notify the daemon about state changes at lower layers. - * - * The bus receives signals from the different threads and relais them to interested - * listeners. Debugging signals, but also important state changes or error - * messages are sent over the bus. - * It's listeners are not only for logging, but also to track the state of an + * + * The bus receives signals from the different threads and relays them to + * interested listeners. Debugging signals, but also important state changes or + * error messages are sent over the bus. + * Its listeners are not only for logging, but also to track the state of an * IKE_SA. * - * The controller, credential_manager, bus and backend_manager (config) are + * The controller, credential_manager, bus and backend_manager (config) are * places where a plugin ca register itself to privide information or observe * and control the daemon. */ @@ -159,7 +159,6 @@ typedef struct daemon_t daemon_t; #include #include #include -#include #include #include #include @@ -199,104 +198,99 @@ typedef struct daemon_t daemon_t; * Main class of daemon, contains some globals. */ struct daemon_t { - + /** * A socket_t instance. */ socket_t *socket; - + /** * A ike_sa_manager_t instance. */ ike_sa_manager_t *ike_sa_manager; - + /** * Manager for triggering policies, called traps */ trap_manager_t *traps; - + /** * Manager for the different configuration backends. */ backend_manager_t *backends; - - /** - * Manager for IKEv2 cfg payload attributes - */ - attribute_manager_t *attributes; - + /** * Manager for the credential backends */ credential_manager_t *credentials; - + /** * The Sender-Thread. - */ + */ sender_t *sender; - + /** * The Receiver-Thread. */ receiver_t *receiver; - + /** * The Scheduler-Thread. */ scheduler_t *scheduler; - + /** * Job processing using a thread pool. */ processor_t *processor; - + /** * The signaling bus. */ bus_t *bus; - + /** * A list of installed file_logger_t's */ linked_list_t *file_loggers; - + /** * A list of installed sys_logger_t's */ linked_list_t *sys_loggers; - + /** * Kernel Interface to communicate with kernel */ kernel_interface_t *kernel_interface; - + /** * Controller to control the daemon */ controller_t *controller; - + /** * EAP manager to maintain registered EAP methods */ eap_manager_t *eap; - + /** - * SIM manager to maintain SIM cards/providers + * SIM manager to maintain (U)SIM cards/providers */ sim_manager_t *sim; - + #ifdef ME /** * Connect manager */ connect_manager_t *connect_manager; - + /** * Mediation manager */ mediation_manager_t *mediation_manager; #endif /* ME */ - + /** * User ID the daemon will user after initialization */ @@ -306,12 +300,7 @@ struct daemon_t { * Group ID the daemon will use after initialization */ gid_t gid; - - /** - * The thread_id of main-thread. - */ - pthread_t main_thread_id; - + /** * Do not drop a given capability after initialization. * @@ -320,10 +309,10 @@ struct daemon_t { * drop these. */ void (*keep_cap)(daemon_t *this, u_int cap); - + /** * Shut down the daemon. - * + * * @param reason describtion why it will be killed */ void (*kill) (daemon_t *this, char *reason); diff --git a/src/charon/encoding/generator.c b/src/charon/encoding/generator.c index 406cfc688..6485da492 100644 --- a/src/charon/encoding/generator.c +++ b/src/charon/encoding/generator.c @@ -53,55 +53,55 @@ struct private_generator_t { * Public part of a generator_t object. */ generator_t public; - + /** * Buffer used to generate the data into. */ u_int8_t *buffer; - + /** * Current write position in buffer (one byte aligned). */ u_int8_t *out_position; - + /** * Position of last byte in buffer. */ u_int8_t *roof_position; - + /** * Current bit writing to in current byte (between 0 and 7). */ u_int8_t current_bit; - + /** * Associated data struct to read informations from. */ void *data_struct; - + /* * Last payload length position offset in the buffer. */ u_int32_t last_payload_length_position_offset; - + /** * Offset of the header length field in the buffer. */ u_int32_t header_length_position_offset; - + /** * Last SPI size. */ u_int8_t last_spi_size; - + /** * Attribute format of the last generated transform attribute. * - * Used to check if a variable value field is used or not for + * Used to check if a variable value field is used or not for * the transform attribute value. */ bool attribute_format; - + /** * Depending on the value of attribute_format this field is used * to hold the length of the transform attribute in bytes. @@ -149,14 +149,14 @@ static void make_space_available(private_generator_t *this, int bits) while ((get_space(this) * 8 - this->current_bit) < bits) { int old_buffer_size, new_buffer_size, out_position_offset; - + old_buffer_size = get_size(this); new_buffer_size = old_buffer_size + GENERATOR_DATA_BUFFER_INCREASE_VALUE; out_position_offset = this->out_position - this->buffer; - - DBG2(DBG_ENC, "increasing gen buffer from %d to %d byte", + + DBG2(DBG_ENC, "increasing gen buffer from %d to %d byte", old_buffer_size, new_buffer_size); - + this->buffer = realloc(this->buffer,new_buffer_size); this->out_position = (this->buffer + out_position_offset); this->roof_position = (this->buffer + new_buffer_size); @@ -171,9 +171,9 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes, { int i; u_int8_t *read_position = (u_int8_t *)bytes; - + make_space_available(this, number_of_bytes * 8); - + for (i = 0; i < number_of_bytes; i++) { *(this->out_position) = *(read_position); @@ -192,14 +192,14 @@ static void write_bytes_to_buffer_at_offset(private_generator_t *this, u_int8_t *read_position = (u_int8_t *)bytes; u_int8_t *write_position; u_int32_t free_space_after_offset = get_size(this) - offset; - - /* check first if enough space for new data is available */ + + /* check first if enough space for new data is available */ if (number_of_bytes > free_space_after_offset) { - make_space_available(this, + make_space_available(this, (number_of_bytes - free_space_after_offset) * 8); } - + write_position = this->buffer + offset; for (i = 0; i < number_of_bytes; i++) { @@ -216,7 +216,7 @@ static void generate_u_int_type(private_generator_t *this, encoding_type_t int_type,u_int32_t offset) { int number_of_bits = 0; - + /* find out number of bits of each U_INT type to check for enough space */ switch (int_type) { @@ -251,14 +251,14 @@ static void generate_u_int_type(private_generator_t *this, encoding_type_names, int_type); return; } - + make_space_available(this, number_of_bits); switch (int_type) { case U_INT_4: { u_int8_t high, low; - + if (this->current_bit == 0) { /* high of current byte in buffer has to be set to the new value*/ @@ -303,7 +303,7 @@ static void generate_u_int_type(private_generator_t *this, { u_int8_t attribute_format_flag; u_int16_t val; - + /* attribute type must not change first bit of current byte */ if (this->current_bit != 1) { @@ -325,7 +325,7 @@ static void generate_u_int_type(private_generator_t *this, write_bytes_to_buffer(this, &val, sizeof(u_int16_t)); this->current_bit = 0; break; - + } case U_INT_16: case CONFIGURATION_ATTRIBUTE_LENGTH: @@ -372,11 +372,11 @@ static void generate_reserved_field(private_generator_t *this, int bits) return ; } make_space_available(this, bits); - + if (bits == 1) { u_int8_t reserved_bit = ~(1 << (7 - this->current_bit)); - + *(this->out_position) = *(this->out_position) & reserved_bit; if (this->current_bit == 0) { @@ -410,11 +410,11 @@ static void generate_flag(private_generator_t *this, u_int32_t offset) { u_int8_t flag_value; u_int8_t flag; - + flag_value = (*((bool *) (this->data_struct + offset))) ? 1 : 0; /* get flag position */ flag = (flag_value << (7 - this->current_bit)); - + /* make sure one bit is available in buffer */ make_space_available(this, 1); if (this->current_bit == 0) @@ -422,10 +422,10 @@ static void generate_flag(private_generator_t *this, u_int32_t offset) /* memory must be zero */ *(this->out_position) = 0x00; } - + *(this->out_position) = *(this->out_position) | flag; DBG3(DBG_ENC, " => %d", *this->out_position); - + this->current_bit++; if (this->current_bit >= 8) { @@ -440,16 +440,16 @@ static void generate_flag(private_generator_t *this, u_int32_t offset) static void generate_from_chunk(private_generator_t *this, u_int32_t offset) { chunk_t *value; - + if (this->current_bit != 0) { DBG1(DBG_ENC, "can not generate a chunk at Bitpos %d", this->current_bit); return ; } - + value = (chunk_t *)(this->data_struct + offset); DBG3(DBG_ENC, " => %B", value); - + write_bytes_to_buffer(this, value->ptr, value->len); } @@ -460,7 +460,7 @@ static void write_to_chunk(private_generator_t *this,chunk_t *data) { int data_length = get_length(this); u_int32_t header_length_field = data_length; - + /* write length into header length field */ if (this->header_length_position_offset > 0) { @@ -468,14 +468,14 @@ static void write_to_chunk(private_generator_t *this,chunk_t *data) write_bytes_to_buffer_at_offset(this, &val, sizeof(u_int32_t), this->header_length_position_offset); } - + if (this->current_bit > 0) { data_length++; } *data = chunk_alloc(data_length); memcpy(data->ptr, this->buffer, data_length); - + DBG3(DBG_ENC, "generated data of this generator %B", data); } @@ -488,20 +488,20 @@ static void generate_payload (private_generator_t *this,payload_t *payload) size_t rule_count; encoding_rule_t *rules; payload_type_t payload_type; - + this->data_struct = payload; payload_type = payload->get_type(payload); /* spi size has to get reseted */ this->last_spi_size = 0; - + offset_start = this->out_position - this->buffer; - + DBG2(DBG_ENC, "generating payload of type %N", payload_type_names, payload_type); - + /* each payload has its own encoding rules */ payload->get_encoding_rules(payload, &rules, &rule_count); - + for (i = 0; i < rule_count;i++) { DBG2(DBG_ENC, " generating rule %d %N", @@ -529,7 +529,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) { generate_reserved_field(this, 8); break; - } + } case FLAG: { generate_flag(this, rules[i].offset); @@ -578,7 +578,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) u_int16_t length_of_payload; u_int16_t header_length = 0; u_int16_t length_in_network_order; - + switch(rules[i].type) { case KEY_EXCHANGE_DATA: @@ -619,13 +619,13 @@ static void generate_payload (private_generator_t *this,payload_t *payload) break; } generate_from_chunk(this, rules[i].offset); - + payload_length_position_offset = this->last_payload_length_position_offset; - - length_of_payload = header_length + + + length_of_payload = header_length + ((chunk_t *)(this->data_struct + rules[i].offset))->len; - + length_in_network_order = htons(length_of_payload); write_bytes_to_buffer_at_offset(this, &length_in_network_order, sizeof(u_int16_t), payload_length_position_offset); @@ -633,7 +633,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) } case PROPOSALS: { - u_int32_t payload_length_position_offset = + u_int32_t payload_length_position_offset = this->last_payload_length_position_offset; /* Length of SA_PAYLOAD is calculated */ u_int16_t length_of_sa_payload = SA_PAYLOAD_HEADER_LENGTH; @@ -642,13 +642,13 @@ static void generate_payload (private_generator_t *this,payload_t *payload) (this->data_struct + rules[i].offset)); iterator_t *iterator; payload_t *current_proposal; - + iterator = proposals->create_iterator(proposals,TRUE); while (iterator->iterate(iterator, (void**)¤t_proposal)) { u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - + before_generate_position_offset = get_offset(this); generate_payload(this, current_proposal); after_generate_position_offset = get_offset(this); @@ -656,7 +656,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) before_generate_position_offset); } iterator->destroy(iterator); - + int16_val = htons(length_of_sa_payload); write_bytes_to_buffer_at_offset(this, &int16_val, sizeof(u_int16_t),payload_length_position_offset); @@ -664,36 +664,36 @@ static void generate_payload (private_generator_t *this,payload_t *payload) } case TRANSFORMS: { - u_int32_t payload_length_position_offset = + u_int32_t payload_length_position_offset = this->last_payload_length_position_offset; - u_int16_t length_of_proposal = + u_int16_t length_of_proposal = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH + this->last_spi_size; u_int16_t int16_val; linked_list_t *transforms = *((linked_list_t **) (this->data_struct + rules[i].offset)); iterator_t *iterator; payload_t *current_transform; - + iterator = transforms->create_iterator(transforms,TRUE); while (iterator->iterate(iterator, (void**)¤t_transform)) { u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - + before_generate_position_offset = get_offset(this); generate_payload(this, current_transform); after_generate_position_offset = get_offset(this); - + length_of_proposal += (after_generate_position_offset - before_generate_position_offset); } iterator->destroy(iterator); - + int16_val = htons(length_of_proposal); write_bytes_to_buffer_at_offset(this, &int16_val, sizeof(u_int16_t), payload_length_position_offset); break; - } + } case TRANSFORM_ATTRIBUTES: { u_int32_t transform_length_position_offset = @@ -705,32 +705,32 @@ static void generate_payload (private_generator_t *this,payload_t *payload) (this->data_struct + rules[i].offset)); iterator_t *iterator; payload_t *current_attribute; - + iterator = transform_attributes->create_iterator( transform_attributes, TRUE); while (iterator->iterate(iterator, (void**)¤t_attribute)) { u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - + before_generate_position_offset = get_offset(this); generate_payload(this, current_attribute); after_generate_position_offset = get_offset(this); - + length_of_transform += (after_generate_position_offset - before_generate_position_offset); } - + iterator->destroy(iterator); - + int16_val = htons(length_of_transform); - write_bytes_to_buffer_at_offset(this, &int16_val, + write_bytes_to_buffer_at_offset(this, &int16_val, sizeof(u_int16_t),transform_length_position_offset); break; } case CONFIGURATION_ATTRIBUTES: { - u_int32_t configurations_length_position_offset = + u_int32_t configurations_length_position_offset = this->last_payload_length_position_offset; u_int16_t length_of_configurations = CP_PAYLOAD_HEADER_LENGTH; u_int16_t int16_val; @@ -738,29 +738,29 @@ static void generate_payload (private_generator_t *this,payload_t *payload) (this->data_struct + rules[i].offset)); iterator_t *iterator; payload_t *current_attribute; - + iterator = configuration_attributes->create_iterator( configuration_attributes,TRUE); while (iterator->iterate(iterator, (void**)¤t_attribute)) { u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - + before_generate_position_offset = get_offset(this); generate_payload(this, current_attribute); after_generate_position_offset = get_offset(this); - + length_of_configurations += after_generate_position_offset - before_generate_position_offset; } - + iterator->destroy(iterator); - + int16_val = htons(length_of_configurations); - write_bytes_to_buffer_at_offset(this, &int16_val, + write_bytes_to_buffer_at_offset(this, &int16_val, sizeof(u_int16_t),configurations_length_position_offset); break; - } + } case ATTRIBUTE_FORMAT: { generate_flag(this, rules[i].offset); @@ -768,7 +768,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) this->attribute_format = *((bool *)(this->data_struct + rules[i].offset)); break; - } + } case ATTRIBUTE_LENGTH_OR_VALUE: { @@ -797,7 +797,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload) } case TRAFFIC_SELECTORS: { - u_int32_t payload_length_position_offset = + u_int32_t payload_length_position_offset = this->last_payload_length_position_offset; u_int16_t length_of_ts_payload = TS_PAYLOAD_HEADER_LENGTH; u_int16_t int16_val; @@ -805,29 +805,29 @@ static void generate_payload (private_generator_t *this,payload_t *payload) (this->data_struct + rules[i].offset)); iterator_t *iterator; payload_t *current_tss; - + iterator = traffic_selectors->create_iterator( traffic_selectors,TRUE); while (iterator->iterate(iterator, (void **)¤t_tss)) { u_int32_t before_generate_position_offset; u_int32_t after_generate_position_offset; - + before_generate_position_offset = get_offset(this); generate_payload(this, current_tss); after_generate_position_offset = get_offset(this); - + length_of_ts_payload += (after_generate_position_offset - before_generate_position_offset); } iterator->destroy(iterator); - + int16_val = htons(length_of_ts_payload); write_bytes_to_buffer_at_offset(this, &int16_val, sizeof(u_int16_t),payload_length_position_offset); break; - } - + } + case ENCRYPTED_DATA: { generate_from_chunk(this, rules[i].offset); @@ -869,10 +869,10 @@ generator_t *generator_create() this->public.generate_payload = (void(*)(generator_t*, payload_t *))generate_payload; this->public.destroy = (void(*)(generator_t*)) destroy; this->public.write_to_chunk = (void (*) (generator_t *,chunk_t *))write_to_chunk; - + /* allocate memory for buffer */ this->buffer = malloc(GENERATOR_DATA_BUFFER_SIZE); - + /* initiate private variables */ this->out_position = this->buffer; this->roof_position = this->buffer + GENERATOR_DATA_BUFFER_SIZE; @@ -880,7 +880,9 @@ generator_t *generator_create() this->current_bit = 0; this->last_payload_length_position_offset = 0; this->header_length_position_offset = 0; - + this->attribute_format = FALSE; + this->attribute_length = 0; + return &(this->public); } diff --git a/src/charon/encoding/generator.h b/src/charon/encoding/generator.h index f6fb8981c..2221c84af 100644 --- a/src/charon/encoding/generator.h +++ b/src/charon/encoding/generator.h @@ -44,7 +44,7 @@ typedef struct generator_t generator_t; * A generator_t class used to generate IKEv2 payloads. * * After creation, multiple payloads can be generated with the generate_payload - * method. The generated bytes are appended. After all payloads are added, + * method. The generated bytes are appended. After all payloads are added, * the write_to_chunk method writes out all generated data since * the creation of the generator. After that, the generator must be destroyed. * The generater uses a set of encoding rules, which it can get from @@ -52,7 +52,7 @@ typedef struct generator_t generator_t; * the payload and all substructures automatically. */ struct generator_t { - + /** * Generates a specific payload from given payload object. * @@ -61,14 +61,14 @@ struct generator_t { * @param payload interface payload_t implementing object */ void (*generate_payload) (generator_t *this,payload_t *payload); - + /** * Writes all generated data of the generator to a chunk. * * @param data chunk to write the data to */ void (*write_to_chunk) (generator_t *this,chunk_t *data); - + /** * Destroys a generator_t object. */ @@ -77,7 +77,7 @@ struct generator_t { /** * Constructor to create a generator. - * + * * @return generator_t object. */ generator_t *generator_create(void); diff --git a/src/charon/encoding/message.c b/src/charon/encoding/message.c index 7c6fdb499..397a3c609 100644 --- a/src/charon/encoding/message.c +++ b/src/charon/encoding/message.c @@ -47,7 +47,7 @@ typedef struct payload_rule_t payload_rule_t; /** * A payload rule defines the rules for a payload - * in a specific message rule. It defines if and how + * in a specific message rule. It defines if and how * many times a payload must/can occur in a message * and if it must be encrypted. */ @@ -56,7 +56,7 @@ struct payload_rule_t { * Payload type. */ payload_type_t payload_type; - + /** * Minimal occurence of this payload. */ @@ -66,15 +66,15 @@ struct payload_rule_t { * Max occurence of this payload. */ size_t max_occurence; - + /** * TRUE if payload must be encrypted */ bool encrypted; - + /** * If this payload occurs, the message rule is - * fullfilled in any case. This applies e.g. to + * fullfilled in any case. This applies e.g. to * notify_payloads. */ bool sufficient; @@ -88,11 +88,11 @@ typedef struct payload_order_t payload_order_t; struct payload_order_t { /** - * payload type + * payload type */ payload_type_t type; - - /** + + /** * notify type, if payload == NOTIFY */ notify_type_t notify; @@ -111,7 +111,7 @@ struct message_rule_t { * Type of message. */ exchange_type_t exchange_type; - + /** * Is message a request or response. */ @@ -121,22 +121,22 @@ struct message_rule_t { * Message contains encrypted content. */ bool encrypted_content; - + /** * Number of payload rules which will follow */ int payload_rule_count; - + /** * Pointer to first payload rule */ payload_rule_t *payload_rules; - + /** * Number of payload order rules */ int payload_order_count; - + /** * payload ordering rules */ @@ -161,9 +161,9 @@ static payload_rule_t ike_sa_init_i_payload_rules[] = { static payload_order_t ike_sa_init_i_payload_order[] = { /* payload type notify type */ {NOTIFY, COOKIE}, - {SECURITY_ASSOCIATION, 0}, - {KEY_EXCHANGE, 0}, - {NONCE, 0}, + {SECURITY_ASSOCIATION, 0}, + {KEY_EXCHANGE, 0}, + {NONCE, 0}, {NOTIFY, NAT_DETECTION_SOURCE_IP}, {NOTIFY, NAT_DETECTION_DESTINATION_IP}, {NOTIFY, 0}, @@ -187,9 +187,9 @@ static payload_rule_t ike_sa_init_r_payload_rules[] = { */ static payload_order_t ike_sa_init_r_payload_order[] = { /* payload type notify type */ - {SECURITY_ASSOCIATION, 0}, - {KEY_EXCHANGE, 0}, - {NONCE, 0}, + {SECURITY_ASSOCIATION, 0}, + {KEY_EXCHANGE, 0}, + {NONCE, 0}, {NOTIFY, NAT_DETECTION_SOURCE_IP}, {NOTIFY, NAT_DETECTION_DESTINATION_IP}, {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, @@ -241,7 +241,7 @@ static payload_order_t ike_auth_i_payload_order[] = { {NOTIFY, USE_TRANSPORT_MODE}, {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, + {SECURITY_ASSOCIATION, 0}, {TRAFFIC_SELECTOR_INITIATOR, 0}, {TRAFFIC_SELECTOR_RESPONDER, 0}, {NOTIFY, MOBIKE_SUPPORTED}, @@ -283,7 +283,7 @@ static payload_order_t ike_auth_r_payload_order[] = { {NOTIFY, USE_TRANSPORT_MODE}, {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, + {SECURITY_ASSOCIATION, 0}, {TRAFFIC_SELECTOR_INITIATOR, 0}, {TRAFFIC_SELECTOR_RESPONDER, 0}, {NOTIFY, AUTH_LIFETIME}, @@ -370,9 +370,9 @@ static payload_order_t create_child_sa_i_payload_order[] = { {NOTIFY, USE_TRANSPORT_MODE}, {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, + {SECURITY_ASSOCIATION, 0}, {NONCE, 0}, - {KEY_EXCHANGE, 0}, + {KEY_EXCHANGE, 0}, {TRAFFIC_SELECTOR_INITIATOR, 0}, {TRAFFIC_SELECTOR_RESPONDER, 0}, {NOTIFY, 0}, @@ -402,9 +402,9 @@ static payload_order_t create_child_sa_r_payload_order[] = { {NOTIFY, USE_TRANSPORT_MODE}, {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, - {SECURITY_ASSOCIATION, 0}, + {SECURITY_ASSOCIATION, 0}, {NONCE, 0}, - {KEY_EXCHANGE, 0}, + {KEY_EXCHANGE, 0}, {TRAFFIC_SELECTOR_INITIATOR, 0}, {TRAFFIC_SELECTOR_RESPONDER, 0}, {NOTIFY, ADDITIONAL_TS_POSSIBLE}, @@ -516,7 +516,7 @@ static message_rule_t message_rules[] = { (sizeof(me_connect_r_payload_order)/sizeof(payload_order_t)), me_connect_r_payload_order, }, -#endif /* ME */ +#endif /* ME */ }; @@ -536,12 +536,12 @@ struct private_message_t { * Minor version of message. */ u_int8_t major_version; - + /** * Major version of message. */ u_int8_t minor_version; - + /** * First Payload in message. */ @@ -556,32 +556,32 @@ struct private_message_t { * TRUE if message is a request, FALSE if a reply. */ bool is_request; - + /** * Message ID of this message. */ u_int32_t message_id; - + /** * ID of assigned IKE_SA. */ ike_sa_id_t *ike_sa_id; - + /** * Assigned UDP packet, stores incoming packet or last generated one. */ packet_t *packet; - + /** * Linked List where payload data are stored in. */ linked_list_t *payloads; - + /** * Assigned parser to parse Header and Body of this message. */ parser_t *parser; - + /** * The message rule for this message instance */ @@ -594,7 +594,7 @@ struct private_message_t { static status_t set_message_rule(private_message_t *this) { int i; - + for (i = 0; i < (sizeof(message_rules) / sizeof(message_rule_t)); i++) { if ((this->exchange_type == message_rules[i].exchange_type) && @@ -612,10 +612,11 @@ static status_t set_message_rule(private_message_t *this) /** * Implementation of private_message_t.get_payload_rule. */ -static status_t get_payload_rule(private_message_t *this, payload_type_t payload_type, payload_rule_t **payload_rule) +static status_t get_payload_rule(private_message_t *this, + payload_type_t payload_type, payload_rule_t **payload_rule) { int i; - + for (i = 0; i < this->message_rule->payload_rule_count;i++) { if (this->message_rule->payload_rules[i].payload_type == payload_type) @@ -624,7 +625,7 @@ static status_t get_payload_rule(private_message_t *this, payload_type_t payload return SUCCESS; } } - + *payload_rule = NULL; return NOT_FOUND; } @@ -632,7 +633,7 @@ static status_t get_payload_rule(private_message_t *this, payload_type_t payload /** * Implementation of message_t.set_ike_sa_id. */ -static void set_ike_sa_id (private_message_t *this,ike_sa_id_t *ike_sa_id) +static void set_ike_sa_id(private_message_t *this,ike_sa_id_t *ike_sa_id) { DESTROY_IF(this->ike_sa_id); this->ike_sa_id = ike_sa_id->clone(ike_sa_id); @@ -641,7 +642,7 @@ static void set_ike_sa_id (private_message_t *this,ike_sa_id_t *ike_sa_id) /** * Implementation of message_t.get_ike_sa_id. */ -static ike_sa_id_t* get_ike_sa_id (private_message_t *this) +static ike_sa_id_t* get_ike_sa_id(private_message_t *this) { return this->ike_sa_id; } @@ -649,7 +650,7 @@ static ike_sa_id_t* get_ike_sa_id (private_message_t *this) /** * Implementation of message_t.set_message_id. */ -static void set_message_id (private_message_t *this,u_int32_t message_id) +static void set_message_id(private_message_t *this,u_int32_t message_id) { this->message_id = message_id; } @@ -657,7 +658,7 @@ static void set_message_id (private_message_t *this,u_int32_t message_id) /** * Implementation of message_t.get_message_id. */ -static u_int32_t get_message_id (private_message_t *this) +static u_int32_t get_message_id(private_message_t *this) { return this->message_id; } @@ -665,7 +666,7 @@ static u_int32_t get_message_id (private_message_t *this) /** * Implementation of message_t.get_initiator_spi. */ -static u_int64_t get_initiator_spi (private_message_t *this) +static u_int64_t get_initiator_spi(private_message_t *this) { return (this->ike_sa_id->get_initiator_spi(this->ike_sa_id)); } @@ -673,7 +674,7 @@ static u_int64_t get_initiator_spi (private_message_t *this) /** * Implementation of message_t.get_responder_spi. */ -static u_int64_t get_responder_spi (private_message_t *this) +static u_int64_t get_responder_spi(private_message_t *this) { return (this->ike_sa_id->get_responder_spi(this->ike_sa_id)); } @@ -681,16 +682,15 @@ static u_int64_t get_responder_spi (private_message_t *this) /** * Implementation of message_t.set_major_version. */ -static void set_major_version (private_message_t *this,u_int8_t major_version) +static void set_major_version(private_message_t *this,u_int8_t major_version) { this->major_version = major_version; } - /** * Implementation of message_t.set_major_version. */ -static u_int8_t get_major_version (private_message_t *this) +static u_int8_t get_major_version(private_message_t *this) { return this->major_version; } @@ -698,7 +698,7 @@ static u_int8_t get_major_version (private_message_t *this) /** * Implementation of message_t.set_minor_version. */ -static void set_minor_version (private_message_t *this,u_int8_t minor_version) +static void set_minor_version(private_message_t *this,u_int8_t minor_version) { this->minor_version = minor_version; } @@ -706,7 +706,7 @@ static void set_minor_version (private_message_t *this,u_int8_t minor_version) /** * Implementation of message_t.get_minor_version. */ -static u_int8_t get_minor_version (private_message_t *this) +static u_int8_t get_minor_version(private_message_t *this) { return this->minor_version; } @@ -714,7 +714,8 @@ static u_int8_t get_minor_version (private_message_t *this) /** * Implementation of message_t.set_exchange_type. */ -static void set_exchange_type (private_message_t *this,exchange_type_t exchange_type) +static void set_exchange_type(private_message_t *this, + exchange_type_t exchange_type) { this->exchange_type = exchange_type; } @@ -722,7 +723,7 @@ static void set_exchange_type (private_message_t *this,exchange_type_t exchange_ /** * Implementation of message_t.get_exchange_type. */ -static exchange_type_t get_exchange_type (private_message_t *this) +static exchange_type_t get_exchange_type(private_message_t *this) { return this->exchange_type; } @@ -730,7 +731,7 @@ static exchange_type_t get_exchange_type (private_message_t *this) /** * Implementation of message_t.get_first_payload_type. */ -static payload_type_t get_first_payload_type (private_message_t *this) +static payload_type_t get_first_payload_type(private_message_t *this) { return this->first_payload; } @@ -738,7 +739,7 @@ static payload_type_t get_first_payload_type (private_message_t *this) /** * Implementation of message_t.set_request. */ -static void set_request (private_message_t *this,bool request) +static void set_request(private_message_t *this, bool request) { this->is_request = request; } @@ -746,7 +747,7 @@ static void set_request (private_message_t *this,bool request) /** * Implementation of message_t.get_request. */ -static exchange_type_t get_request (private_message_t *this) +static exchange_type_t get_request(private_message_t *this) { return this->is_request; } @@ -757,7 +758,7 @@ static exchange_type_t get_request (private_message_t *this) static bool is_encoded(private_message_t *this) { chunk_t data = this->packet->get_data(this->packet); - + if (data.ptr == NULL) { return FALSE; @@ -791,15 +792,15 @@ static void add_payload(private_message_t *this, payload_t *payload) /** * Implementation of message_t.add_notify. */ -static void add_notify(private_message_t *this, bool flush, notify_type_t type, +static void add_notify(private_message_t *this, bool flush, notify_type_t type, chunk_t data) { notify_payload_t *notify; payload_t *payload; - + if (flush) { - while (this->payloads->remove_last(this->payloads, + while (this->payloads->remove_last(this->payloads, (void**)&payload) == SUCCESS) { payload->destroy(payload); @@ -858,7 +859,7 @@ static payload_t *get_payload(private_message_t *this, payload_type_t type) { payload_t *current, *found = NULL; enumerator_t *enumerator; - + enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, ¤t)) { @@ -880,7 +881,7 @@ static notify_payload_t* get_notify(private_message_t *this, notify_type_t type) enumerator_t *enumerator; notify_payload_t *notify = NULL; payload_t *payload; - + enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, &payload)) { @@ -907,12 +908,12 @@ static char* get_string(private_message_t *this, char *buf, int len) payload_t *payload; int written; char *pos = buf; - + memset(buf, 0, len); len--; - + written = snprintf(pos, len, "%N %s %d [", - exchange_type_names, this->exchange_type, + exchange_type_names, this->exchange_type, this->is_request ? "request" : "response", this->message_id); if (written >= len || written < 0) @@ -921,12 +922,12 @@ static char* get_string(private_message_t *this, char *buf, int len) } pos += written; len -= written; - + enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, &payload)) { written = snprintf(pos, len, " %N", payload_type_short_names, - payload->get_type(payload)); + payload->get_type(payload)); if (written >= len || written < 0) { return buf; @@ -937,7 +938,36 @@ static char* get_string(private_message_t *this, char *buf, int len) { notify_payload_t *notify = (notify_payload_t*)payload; written = snprintf(pos, len, "(%N)", notify_type_short_names, - notify->get_notify_type(notify)); + notify->get_notify_type(notify)); + if (written >= len || written < 0) + { + return buf; + } + pos += written; + len -= written; + } + if (payload->get_type(payload) == EXTENSIBLE_AUTHENTICATION) + { + eap_payload_t *eap = (eap_payload_t*)payload; + u_int32_t vendor; + eap_type_t type; + char method[64] = ""; + + type = eap->get_type(eap, &vendor); + if (type) + { + if (vendor) + { + snprintf(method, sizeof(method), "/%d-%d", type, vendor); + } + else + { + snprintf(method, sizeof(method), "/%N", + eap_type_short_names, type); + } + } + written = snprintf(pos, len, "/%N%s", eap_code_short_names, + eap->get_code(eap), method); if (written >= len || written < 0) { return buf; @@ -947,7 +977,7 @@ static char* get_string(private_message_t *this, char *buf, int len) } } enumerator->destroy(enumerator); - + /* remove last space */ snprintf(pos, len, " ]"); return buf; @@ -961,7 +991,7 @@ static void order_payloads(private_message_t *this) linked_list_t *list; payload_t *payload; int i; - + /* move to temp list */ list = linked_list_create(); while (this->payloads->remove_last(this->payloads, @@ -975,7 +1005,7 @@ static void order_payloads(private_message_t *this) enumerator_t *enumerator; notify_payload_t *notify; payload_order_t order = this->message_rule->payload_order[i]; - + /* ... find all payload ... */ enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &payload)) @@ -984,7 +1014,7 @@ static void order_payloads(private_message_t *this) if (payload->get_type(payload) == order.type) { notify = (notify_payload_t*)payload; - + /**... and check notify for type. */ if (order.type != NOTIFY || order.notify == 0 || order.notify == notify->get_notify_type(notify)) @@ -992,17 +1022,21 @@ static void order_payloads(private_message_t *this) list->remove_at(list, enumerator); add_payload(this, payload); } - } + } } enumerator->destroy(enumerator); } /* append all payloads without a rule to the end */ while (list->remove_last(list, (void**)&payload) == SUCCESS) { - DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s", - payload_type_names, payload->get_type(payload), - exchange_type_names, this->message_rule->exchange_type, - this->message_rule->is_request ? "request" : "response"); + /* do not complain about payloads in private use space */ + if (payload->get_type(payload) < 128) + { + DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s", + payload_type_names, payload->get_type(payload), + exchange_type_names, this->message_rule->exchange_type, + this->message_rule->is_request ? "request" : "response"); + } add_payload(this, payload); } list->destroy(list); @@ -1014,80 +1048,73 @@ static void order_payloads(private_message_t *this) static status_t encrypt_payloads(private_message_t *this, crypter_t *crypter, signer_t* signer) { - encryption_payload_t *encryption_payload = NULL; + encryption_payload_t *encryption; + linked_list_t *payloads; + payload_t *current; status_t status; - linked_list_t *all_payloads; - + if (!this->message_rule->encrypted_content) { DBG2(DBG_ENC, "message doesn't have to be encrypted"); /* message contains no content to encrypt */ return SUCCESS; } - + if (!crypter || !signer) { DBG2(DBG_ENC, "no crypter or signer specified, do not encrypt message"); /* message contains no content to encrypt */ return SUCCESS; } - + DBG2(DBG_ENC, "copy all payloads to a temporary list"); - all_payloads = linked_list_create(); - + payloads = linked_list_create(); + /* first copy all payloads in a temporary list */ while (this->payloads->get_count(this->payloads) > 0) { - void *current_payload; - this->payloads->remove_first(this->payloads,¤t_payload); - all_payloads->insert_last(all_payloads,current_payload); + this->payloads->remove_first(this->payloads, (void**)¤t); + payloads->insert_last(payloads, current); } - - encryption_payload = encryption_payload_create(); + + encryption = encryption_payload_create(); DBG2(DBG_ENC, "check each payloads if they have to get encrypted"); - while (all_payloads->get_count(all_payloads) > 0) + while (payloads->get_count(payloads) > 0) { - payload_rule_t *payload_rule; - payload_t *current_payload; - bool to_encrypt = FALSE; - - all_payloads->remove_first(all_payloads,(void **)¤t_payload); - - status = get_payload_rule(this, - current_payload->get_type(current_payload),&payload_rule); - /* for payload types which are not found in supported payload list, - * it is presumed that they don't have to be encrypted */ - if ((status == SUCCESS) && (payload_rule->encrypted)) + payload_rule_t *rule; + payload_type_t type; + bool to_encrypt = TRUE; + + payloads->remove_first(payloads, (void**)¤t); + + type = current->get_type(current); + if (get_payload_rule(this, type, &rule) == SUCCESS) { - DBG2(DBG_ENC, "payload %N gets encrypted", - payload_type_names, current_payload->get_type(current_payload)); - to_encrypt = TRUE; + to_encrypt = rule->encrypted; } - if (to_encrypt) { DBG2(DBG_ENC, "insert payload %N to encryption payload", - payload_type_names, current_payload->get_type(current_payload)); - encryption_payload->add_payload(encryption_payload,current_payload); + payload_type_names, current->get_type(current)); + encryption->add_payload(encryption, current); } else { DBG2(DBG_ENC, "insert payload %N unencrypted", - payload_type_names ,current_payload->get_type(current_payload)); - add_payload(this, (payload_t*)encryption_payload); + payload_type_names, current->get_type(current)); + add_payload(this, (payload_t*)current); } } - status = SUCCESS; DBG2(DBG_ENC, "encrypting encryption payload"); - encryption_payload->set_transforms(encryption_payload, crypter,signer); - status = encryption_payload->encrypt(encryption_payload); + encryption->set_transforms(encryption, crypter, signer); + status = encryption->encrypt(encryption); DBG2(DBG_ENC, "add encrypted payload to payload list"); - add_payload(this, (payload_t*)encryption_payload); - - all_payloads->destroy(all_payloads); - + add_payload(this, (payload_t*)encryption); + + payloads->destroy(payloads); + return status; } @@ -1104,28 +1131,28 @@ static status_t generate(private_message_t *this, crypter_t *crypter, status_t status; chunk_t packet_data; char str[256]; - + if (is_encoded(this)) { /* already generated, return a new packet clone */ *packet = this->packet->clone(this->packet); return SUCCESS; } - + if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED) { DBG1(DBG_ENC, "exchange type is not defined"); return INVALID_STATE; } - + if (this->packet->get_source(this->packet) == NULL || - this->packet->get_destination(this->packet) == NULL) + this->packet->get_destination(this->packet) == NULL) { DBG1(DBG_ENC, "%s not defined", !this->packet->get_source(this->packet) ? "source" : "destination"); return INVALID_STATE; } - + /* set the rules for this messge */ status = set_message_rule(this); if (status != SUCCESS) @@ -1133,11 +1160,11 @@ static status_t generate(private_message_t *this, crypter_t *crypter, DBG1(DBG_ENC, "no message rules specified for this message type"); return NOT_SUPPORTED; } - + order_payloads(this); - + DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str))); - + /* going to encrypt all content which have to be encrypted */ status = encrypt_payloads(this, crypter, signer); if (status != SUCCESS) @@ -1145,21 +1172,24 @@ static status_t generate(private_message_t *this, crypter_t *crypter, DBG1(DBG_ENC, "payload encryption failed"); return status; } - + /* build ike header */ ike_header = ike_header_create(); - + ike_header->set_exchange_type(ike_header, this->exchange_type); ike_header->set_message_id(ike_header, this->message_id); ike_header->set_response_flag(ike_header, !this->is_request); - ike_header->set_initiator_flag(ike_header, this->ike_sa_id->is_initiator(this->ike_sa_id)); - ike_header->set_initiator_spi(ike_header, this->ike_sa_id->get_initiator_spi(this->ike_sa_id)); - ike_header->set_responder_spi(ike_header, this->ike_sa_id->get_responder_spi(this->ike_sa_id)); - + ike_header->set_initiator_flag(ike_header, + this->ike_sa_id->is_initiator(this->ike_sa_id)); + ike_header->set_initiator_spi(ike_header, + this->ike_sa_id->get_initiator_spi(this->ike_sa_id)); + ike_header->set_responder_spi(ike_header, + this->ike_sa_id->get_responder_spi(this->ike_sa_id)); + generator = generator_create(); - + payload = (payload_t*)ike_header; - + /* generate every payload expect last one, this is done later*/ enumerator = create_payload_enumerator(this); while (enumerator->enumerate(enumerator, &next_payload)) @@ -1169,18 +1199,18 @@ static status_t generate(private_message_t *this, crypter_t *crypter, payload = next_payload; } enumerator->destroy(enumerator); - + /* last payload has no next payload*/ payload->set_next_type(payload, NO_PAYLOAD); generator->generate_payload(generator, payload); ike_header->destroy(ike_header); - + /* build packet */ generator->write_to_chunk(generator, &packet_data); generator->destroy(generator); - + /* if last payload is of type encrypted, integrity checksum if necessary */ if (payload->get_type(payload) == ENCRYPTED) { @@ -1192,12 +1222,12 @@ static status_t generate(private_message_t *this, crypter_t *crypter, return status; } } - + this->packet->set_data(this->packet, packet_data); - + /* clone packet for caller */ *packet = this->packet->clone(this->packet); - + DBG2(DBG_ENC, "message generated successfully"); return SUCCESS; } @@ -1205,7 +1235,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, /** * Implementation of message_t.get_packet. */ -static packet_t *get_packet (private_message_t *this) +static packet_t *get_packet(private_message_t *this) { if (this->packet == NULL) { @@ -1217,7 +1247,7 @@ static packet_t *get_packet (private_message_t *this) /** * Implementation of message_t.get_packet_data. */ -static chunk_t get_packet_data (private_message_t *this) +static chunk_t get_packet_data(private_message_t *this) { if (this->packet == NULL) { @@ -1233,48 +1263,51 @@ static status_t parse_header(private_message_t *this) { ike_header_t *ike_header; status_t status; - + DBG2(DBG_ENC, "parsing header of message"); - + this->parser->reset_context(this->parser); - status = this->parser->parse_payload(this->parser,HEADER,(payload_t **) &ike_header); + status = this->parser->parse_payload(this->parser, HEADER, + (payload_t**)&ike_header); if (status != SUCCESS) { DBG1(DBG_ENC, "header could not be parsed"); return status; - + } - + /* verify payload */ - status = ike_header->payload_interface.verify(&(ike_header->payload_interface)); + status = ike_header->payload_interface.verify( + &ike_header->payload_interface); if (status != SUCCESS) { DBG1(DBG_ENC, "header verification failed"); ike_header->destroy(ike_header); return status; } - + if (this->ike_sa_id != NULL) { this->ike_sa_id->destroy(this->ike_sa_id); } - + this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header), - ike_header->get_responder_spi(ike_header), - ike_header->get_initiator_flag(ike_header)); + ike_header->get_responder_spi(ike_header), + ike_header->get_initiator_flag(ike_header)); this->exchange_type = ike_header->get_exchange_type(ike_header); this->message_id = ike_header->get_message_id(ike_header); this->is_request = (!(ike_header->get_response_flag(ike_header))); this->major_version = ike_header->get_maj_version(ike_header); this->minor_version = ike_header->get_min_version(ike_header); - this->first_payload = ike_header->payload_interface.get_next_type(&(ike_header->payload_interface)); - + this->first_payload = ike_header->payload_interface.get_next_type( + &ike_header->payload_interface); + DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type, this->is_request ? "request" : "response"); - + ike_header->destroy(ike_header); - + /* get the rules for this messge */ status = set_message_rule(this); if (status != SUCCESS) @@ -1283,14 +1316,15 @@ static status_t parse_header(private_message_t *this) exchange_type_names, this->exchange_type, this->is_request ? "request" : "response"); } - + return status; } /** * Implementation of private_message_t.decrypt_and_verify_payloads. */ -static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, signer_t* signer) +static status_t decrypt_payloads(private_message_t *this, crypter_t *crypter, + signer_t* signer) { bool current_payload_was_encrypted = FALSE; payload_t *previous_payload = NULL; @@ -1306,20 +1340,20 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig { payload_rule_t *payload_rule; payload_type_t current_payload_type; - + /* needed to check */ current_payload_type = current_payload->get_type(current_payload); - + DBG2(DBG_ENC, "process payload of type %N", payload_type_names, current_payload_type); - + if (current_payload_type == ENCRYPTED) { encryption_payload_t *encryption_payload; payload_t *current_encrypted_payload; - + encryption_payload = (encryption_payload_t*)current_payload; - + DBG2(DBG_ENC, "found an encryption payload"); if (payload_number != this->payloads->get_count(this->payloads)) @@ -1330,7 +1364,8 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig return VERIFY_ERROR; } /* decrypt */ - encryption_payload->set_transforms(encryption_payload, crypter, signer); + encryption_payload->set_transforms(encryption_payload, + crypter, signer); DBG2(DBG_ENC, "verify signature of encryption payload"); status = encryption_payload->verify_signature(encryption_payload, this->packet->get_data(this->packet)); @@ -1348,10 +1383,10 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig iterator->destroy(iterator); return PARSE_ERROR; } - + /* needed later to find out if a payload was encrypted */ current_payload_was_encrypted = TRUE; - + /* check if there are payloads contained in the encryption payload */ if (encryption_payload->get_payload_count(encryption_payload) == 0) { @@ -1363,39 +1398,52 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig } else { - /* encryption_payload is replaced with first payload contained in encryption_payload */ - encryption_payload->remove_first_payload(encryption_payload, ¤t_encrypted_payload); - iterator->replace(iterator,NULL,(void *) current_encrypted_payload); - current_payload_type = current_encrypted_payload->get_type(current_encrypted_payload); + /* encryption_payload is replaced with first payload contained + * in encryption_payload */ + encryption_payload->remove_first_payload(encryption_payload, + ¤t_encrypted_payload); + iterator->replace(iterator, NULL, + (void *)current_encrypted_payload); + current_payload_type = current_encrypted_payload->get_type( + current_encrypted_payload); } - + /* is the current paylad the first in the message? */ if (previous_payload == NULL) { - /* yes, set the first payload type of the message to the current type */ + /* yes, set the first payload type of the message to the + * current type */ this->first_payload = current_payload_type; } else { - /* no, set the next_type of the previous payload to the current type */ - previous_payload->set_next_type(previous_payload, current_payload_type); + /* no, set the next_type of the previous payload to the + * current type */ + previous_payload->set_next_type(previous_payload, + current_payload_type); } - + /* all encrypted payloads are added to the payload list */ while (encryption_payload->get_payload_count(encryption_payload) > 0) { - encryption_payload->remove_first_payload(encryption_payload, ¤t_encrypted_payload); - DBG2(DBG_ENC, "insert unencrypted payload of type %N at end of list", - payload_type_names, current_encrypted_payload->get_type(current_encrypted_payload)); - this->payloads->insert_last(this->payloads,current_encrypted_payload); + encryption_payload->remove_first_payload(encryption_payload, + ¤t_encrypted_payload); + DBG2(DBG_ENC, "insert unencrypted payload of type " + "%N at end of list", payload_type_names, + current_encrypted_payload->get_type( + current_encrypted_payload)); + this->payloads->insert_last(this->payloads, + current_encrypted_payload); } - + /* encryption payload is processed, payloads are moved. Destroy it. */ - encryption_payload->destroy(encryption_payload); + encryption_payload->destroy(encryption_payload); } - /* we allow unknown payloads of any type and don't bother if it was encrypted. Not our problem. */ - if (current_payload_type != UNKNOWN_PAYLOAD && current_payload_type != NO_PAYLOAD) + /* we allow unknown payloads of any type and don't bother if it was + * encrypted. Not our problem. */ + if (current_payload_type != UNKNOWN_PAYLOAD && + current_payload_type != NO_PAYLOAD) { /* get the ruleset for found payload */ status = get_payload_rule(this, current_payload_type, &payload_rule); @@ -1407,11 +1455,13 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig iterator->destroy(iterator); return VERIFY_ERROR; } - - /* check if the payload was encrypted, and if it should been have encrypted */ + + /* check if the payload was encrypted, and if it should been have + * encrypted */ if (payload_rule->encrypted != current_payload_was_encrypted) { - /* payload was not encrypted, but should have been. or vice-versa */ + /* payload was not encrypted, but should have been. + * or vice-versa */ DBG1(DBG_ENC, "payload type %N should be %s!", payload_type_names, current_payload_type, (payload_rule->encrypted) ? "encrypted" : "not encrypted"); @@ -1437,24 +1487,24 @@ static status_t verify(private_message_t *this) enumerator_t *enumerator; payload_t *current_payload; size_t total_found_payloads = 0; - + DBG2(DBG_ENC, "verifying message structure"); - + /* check for payloads with wrong count*/ for (i = 0; i < this->message_rule->payload_rule_count; i++) { size_t found_payloads = 0; payload_rule_t *rule; - + rule = &this->message_rule->payload_rules[i]; enumerator = create_payload_enumerator(this); - + /* check all payloads for specific rule */ while (enumerator->enumerate(enumerator, ¤t_payload)) { payload_type_t current_payload_type; unknown_payload_t *unknown_payload; - + current_payload_type = current_payload->get_type(current_payload); if (current_payload_type == UNKNOWN_PAYLOAD) { @@ -1465,7 +1515,7 @@ static status_t verify(private_message_t *this) DBG1(DBG_ENC, "%N is not supported, but its critical!", payload_type_names, current_payload_type); enumerator->destroy(enumerator); - return NOT_SUPPORTED; + return NOT_SUPPORTED; } } else if (current_payload_type == rule->payload_type) @@ -1474,8 +1524,8 @@ static status_t verify(private_message_t *this) total_found_payloads++; DBG2(DBG_ENC, "found payload of type %N", payload_type_names, rule->payload_type); - - /* as soon as ohe payload occures more then specified, + + /* as soon as ohe payload occures more then specified, * the verification fails */ if (found_payloads > rule->max_occurence) @@ -1489,7 +1539,7 @@ static status_t verify(private_message_t *this) } } } - + if (found_payloads < rule->min_occurence) { DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)", @@ -1502,7 +1552,7 @@ static status_t verify(private_message_t *this) this->payloads->get_count(this->payloads) == total_found_payloads) { enumerator->destroy(enumerator); - return SUCCESS; + return SUCCESS; } enumerator->destroy(enumerator); } @@ -1512,14 +1562,15 @@ static status_t verify(private_message_t *this) /** * Implementation of message_t.parse_body. */ -static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t *signer) +static status_t parse_body(private_message_t *this, crypter_t *crypter, + signer_t *signer) { status_t status = SUCCESS; payload_type_t current_payload_type; char str[256]; - - current_payload_type = this->first_payload; - + + current_payload_type = this->first_payload; + DBG2(DBG_ENC, "parsing body of message, first payload is %N", payload_type_names, current_payload_type); @@ -1527,13 +1578,13 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t while ((current_payload_type != NO_PAYLOAD)) { payload_t *current_payload; - - DBG2(DBG_ENC, "starting parsing a %N payload", + + DBG2(DBG_ENC, "starting parsing a %N payload", payload_type_names, current_payload_type); - + /* parse current payload */ - status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) ¤t_payload); - + status = this->parser->parse_payload(this->parser, current_payload_type, + (payload_t**)¤t_payload); if (status != SUCCESS) { DBG1(DBG_ENC, "payload type %N could not be parsed", @@ -1543,7 +1594,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, current_payload_type); - + /* verify it, stop parsig if its invalid */ status = current_payload->verify(current_payload); if (status != SUCCESS) @@ -1553,19 +1604,20 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t current_payload->destroy(current_payload); return VERIFY_ERROR; } - + DBG2(DBG_ENC, "%N payload verified. Adding to payload list", payload_type_names, current_payload_type); this->payloads->insert_last(this->payloads,current_payload); - - /* an encryption payload is the last one, so STOP here. decryption is done later */ + + /* an encryption payload is the last one, so STOP here. decryption is + * done later */ if (current_payload_type == ENCRYPTED) { DBG2(DBG_ENC, "%N payload found. Stop parsing", payload_type_names, current_payload_type); break; } - + /* get next payload type */ current_payload_type = current_payload->get_next_type(current_payload); } @@ -1579,15 +1631,15 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t return status; } } - + status = verify(this); if (status != SUCCESS) { return status; } - + DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str))); - + return SUCCESS; } @@ -1641,26 +1693,26 @@ message_t *message_create_from_packet(packet_t *packet) this->public.get_packet = (packet_t * (*) (message_t*)) get_packet; this->public.get_packet_data = (chunk_t (*) (message_t *this)) get_packet_data; this->public.destroy = (void(*)(message_t*))destroy; - + /* private values */ this->exchange_type = EXCHANGE_TYPE_UNDEFINED; this->is_request = TRUE; this->ike_sa_id = NULL; this->first_payload = NO_PAYLOAD; this->message_id = 0; - + /* private values */ if (packet == NULL) { - packet = packet_create(); + packet = packet_create(); } this->message_rule = NULL; this->packet = packet; this->payloads = linked_list_create(); - + /* parser is created from data of packet */ this->parser = parser_create(this->packet->get_data(this->packet)); - + return (&this->public); } diff --git a/src/charon/encoding/message.h b/src/charon/encoding/message.h index 1db3ea0cc..2c7718f49 100644 --- a/src/charon/encoding/message.h +++ b/src/charon/encoding/message.h @@ -58,7 +58,7 @@ struct message_t { * @return major version of the message */ u_int8_t (*get_major_version) (message_t *this); - + /** * Sets the IKE minor version of the message. * @@ -86,7 +86,7 @@ struct message_t { * @return message_id type of the message */ u_int32_t (*get_message_id) (message_t *this); - + /** * Gets the initiator SPI of the message. * @@ -103,7 +103,7 @@ struct message_t { /** * Sets the IKE_SA ID of the message. - * + * * ike_sa_id gets cloned. * * @param ike_sa_id ike_sa_id to set @@ -132,10 +132,10 @@ struct message_t { * @return exchange type of the message */ exchange_type_t (*get_exchange_type) (message_t *this); - + /** * Gets the payload type of the first payload. - * + * * @return payload type of the first payload */ payload_type_t (*get_first_payload_type) (message_t *this); @@ -156,20 +156,20 @@ struct message_t { /** * Append a payload to the message. - * + * * If the payload must be encrypted is not specified here. Encryption * of payloads is evaluated via internal rules for the messages and * is done before generation. The order of payloads may change, since - * all payloads to encrypt are added to the encryption payload, which is + * all payloads to encrypt are added to the encryption payload, which is * always the last one. * * @param payload payload to append - */ + */ void (*add_payload) (message_t *this, payload_t *payload); /** * Build a notify payload and add it to the message. - * + * * This is a helper method to create notify messages or add * notify payload to messages. The flush parameter specifies if existing * payloads should get removed before appending the notify. @@ -177,13 +177,13 @@ struct message_t { * @param flush TRUE to remove existing payloads * @param type type of the notify * @param data a chunk of data to add to the notify, gets cloned - */ - void (*add_notify) (message_t *this, bool flush, notify_type_t type, + */ + void (*add_notify) (message_t *this, bool flush, notify_type_t type, chunk_t data); /** * Parses header of message. - * + * * Begins parisng of a message created via message_create_from_packet(). * The parsing context is stored, so a subsequent call to parse_body() * will continue the parsing process. @@ -194,17 +194,17 @@ struct message_t { * - FAILED if consistence check of header failed */ status_t (*parse_header) (message_t *this); - + /** * Parses body of message. - * - * The body gets not only parsed, but rather it gets verified. - * All payloads are verified if they are allowed to exist in the message - * of this type and if their own structure is ok. - * If there are encrypted payloads, they get decrypted via the supplied + * + * The body gets not only parsed, but rather it gets verified. + * All payloads are verified if they are allowed to exist in the message + * of this type and if their own structure is ok. + * If there are encrypted payloads, they get decrypted via the supplied * crypter. Also the message integrity gets verified with the supplied * signer. - * Crypter/signer can be omitted (by passing NULL) when no encryption + * Crypter/signer can be omitted (by passing NULL) when no encryption * payload is expected. * * @param crypter crypter to decrypt encryption payloads @@ -222,13 +222,13 @@ struct message_t { /** * Generates the UDP packet of specific message. - * + * * Payloads which must be encrypted are generated first and added to - * an encryption payload. This encryption payload will get encrypted via + * an encryption payload. This encryption payload will get encrypted via * the supplied crypter. Then all other payloads and the header get generated. - * After that, the checksum is added to the encryption payload over the full + * After that, the checksum is added to the encryption payload over the full * message. - * Crypter/signer can be omitted (by passing NULL) when no encryption + * Crypter/signer can be omitted (by passing NULL) when no encryption * payload is expected. * Generation is only done once, multiple calls will just return a packet copy. * @@ -240,66 +240,66 @@ struct message_t { * - INVALID_STATE if exchange type is currently not set * - NOT_FOUND if no rules found for message generation * - INVALID_STATE if crypter/signer not supplied but needed. - */ + */ status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet); /** - * Gets the source host informations. - * - * @warning Returned host_t object is not getting cloned, + * Gets the source host informations. + * + * @warning Returned host_t object is not getting cloned, * do not destroy nor modify. * * @return host_t object representing source host - */ + */ host_t * (*get_source) (message_t *this); - + /** - * Sets the source host informations. - * + * Sets the source host informations. + * * @warning host_t object is not getting cloned and gets destroyed by * message_t.destroy or next call of message_t.set_source. * * @param host host_t object representing source host - */ + */ void (*set_source) (message_t *this, host_t *host); /** - * Gets the destination host informations. - * - * @warning Returned host_t object is not getting cloned, + * Gets the destination host informations. + * + * @warning Returned host_t object is not getting cloned, * do not destroy nor modify. * * @return host_t object representing destination host - */ + */ host_t * (*get_destination) (message_t *this); /** - * Sets the destination host informations. - * + * Sets the destination host informations. + * * @warning host_t object is not getting cloned and gets destroyed by * message_t.destroy or next call of message_t.set_destination. * * @param host host_t object representing destination host - */ + */ void (*set_destination) (message_t *this, host_t *host); - + /** * Create an enumerator over all payloads. * * @return enumerator over payload_t - */ + */ enumerator_t * (*create_payload_enumerator) (message_t *this); - + /** * Find a payload of a specific type. - * - * Returns the first occurance. + * + * Returns the first occurance. * * @param type type of the payload to find * @return payload, or NULL if no such payload found - */ + */ payload_t* (*get_payload) (message_t *this, payload_type_t type); - + /** * Get the first notify payload of a specific type. * @@ -307,21 +307,21 @@ struct message_t { * @return notify payload, NULL if no such notify found */ notify_payload_t* (*get_notify)(message_t *this, notify_type_t type); - + /** * Returns a clone of the internal stored packet_t object. * * @return packet_t object as clone of internal one - */ + */ packet_t * (*get_packet) (message_t *this); - + /** * Returns a clone of the internal stored packet_t data. * * @return clone of the internal stored packet_t data. - */ + */ chunk_t (*get_packet_data) (message_t *this); - + /** * Destroys a message and all including objects. */ @@ -330,16 +330,16 @@ struct message_t { /** * Creates an message_t object from a incoming UDP Packet. - * - * @warning the given packet_t object is not copied and gets + * + * @warning the given packet_t object is not copied and gets * destroyed in message_t's destroy call. - * + * * - exchange_type is set to NOT_SET * - original_initiator is set to TRUE * - is_request is set to TRUE * Call message_t.parse_header afterwards. - * - * @param packet packet_t object which is assigned to message + * + * @param packet packet_t object which is assigned to message * @return message_t object */ message_t * message_create_from_packet(packet_t *packet); @@ -351,7 +351,7 @@ message_t * message_create_from_packet(packet_t *packet); * - exchange_type is set to NOT_SET * - original_initiator is set to TRUE * - is_request is set to TRUE - * + * * @return message_t object */ message_t * message_create(void); diff --git a/src/charon/encoding/parser.c b/src/charon/encoding/parser.c index ac2b78c28..9aa34b1bc 100644 --- a/src/charon/encoding/parser.c +++ b/src/charon/encoding/parser.c @@ -50,7 +50,7 @@ typedef struct private_parser_t private_parser_t; /** * Private data stored in a context. - * + * * Contains pointers and counters to store current state. */ struct private_parser_t { @@ -58,27 +58,27 @@ struct private_parser_t { * Public members, see parser_t. */ parser_t public; - + /** * Current bit for reading in input data. */ u_int8_t bit_pos; - + /** * Current byte for reading in input data. */ u_int8_t *byte_pos; - + /** * Input data to parse. */ u_int8_t *input; - + /** * Roof of input, used for length-checking. */ u_int8_t *input_roof; - + /** * Set of encoding rules for this parsing session. */ @@ -277,11 +277,11 @@ static bool parse_bit(private_parser_t *this, int rule_number, return short_input(this, rule_number); } if (output_pos) - { + { u_int8_t mask; mask = 0x01 << (7 - this->bit_pos); *output_pos = *this->byte_pos & mask; - + if (*output_pos) { /* set to a "clean", comparable true */ *output_pos = TRUE; @@ -303,7 +303,7 @@ static bool parse_list(private_parser_t *this, int rule_number, linked_list_t **output_pos, payload_type_t payload_type, int length) { linked_list_t *list = *output_pos; - + if (length < 0) { return short_input(this, rule_number); @@ -316,10 +316,10 @@ static bool parse_list(private_parser_t *this, int rule_number, { u_int8_t *pos_before = this->byte_pos; payload_t *payload; - + DBG2(DBG_ENC, " %d bytes left, parsing recursively %N", length, payload_type_names, payload_type); - + if (parse_payload(this, payload_type, &payload) != SUCCESS) { DBG1(DBG_ENC, " parsing of a %N substructure failed", @@ -377,25 +377,25 @@ static status_t parse_payload(private_parser_t *this, bool attribute_format = FALSE; int rule_number; encoding_rule_t *rule; - + /* create instance of the payload to parse */ pld = payload_create(payload_type); - + DBG2(DBG_ENC, "parsing %N payload, %d bytes left", payload_type_names, payload_type, this->input_roof - this->byte_pos); - + DBG3(DBG_ENC, "parsing payload from %b", this->byte_pos, this->input_roof - this->byte_pos); - + if (pld->get_type(pld) == UNKNOWN_PAYLOAD) { DBG1(DBG_ENC, " payload type %d is unknown, handling as %N", payload_type, payload_type_names, UNKNOWN_PAYLOAD); } - + /* base pointer for output, avoids casting in every rule */ output = pld; - + /* parse the payload with its own rulse */ pld->get_encoding_rules(pld, &this->rules, &rule_count); for (rule_number = 0; rule_number < rule_count; rule_number++) @@ -765,7 +765,7 @@ static status_t parse_payload(private_parser_t *this, case ADDRESS: { int address_length = (ts_type == TS_IPV4_ADDR_RANGE) ? 4 : 16; - + if (!parse_chunk(this, rule_number, output + rule->offset, address_length)) { @@ -808,7 +808,7 @@ static status_t parse_payload(private_parser_t *this, /* process next rulue */ rule++; } - + *payload = pld; DBG2(DBG_ENC, "parsing %N payload finished", payload_type_names, payload_type); @@ -846,17 +846,17 @@ static void destroy(private_parser_t *this) parser_t *parser_create(chunk_t data) { private_parser_t *this = malloc_thing(private_parser_t); - + this->public.parse_payload = (status_t(*)(parser_t*,payload_type_t,payload_t**))parse_payload; this->public.reset_context = (void(*)(parser_t*)) reset_context; this->public.get_remaining_byte_count = (int (*) (parser_t *))get_remaining_byte_count; this->public.destroy = (void(*)(parser_t*)) destroy; - + this->input = data.ptr; this->byte_pos = data.ptr; this->bit_pos = 0; this->input_roof = data.ptr + data.len; - + return &this->public; } diff --git a/src/charon/encoding/parser.h b/src/charon/encoding/parser.h index 230492438..27c5f03fe 100644 --- a/src/charon/encoding/parser.h +++ b/src/charon/encoding/parser.h @@ -36,32 +36,32 @@ typedef struct parser_t parser_t; * The parser remains the state until destroyed. */ struct parser_t { - + /** * Parses the next payload. - * + * * @warning Caller is responsible for freeing allocated payload. - * + * * Rules for parsing are described in the payload definition. * * @param payload_type payload type to parse * @param payload pointer where parsed payload was allocated - * @return + * @return * - SUCCESSFUL if succeeded, * - PARSE_ERROR if corrupted/invalid data found */ status_t (*parse_payload) (parser_t *this, payload_type_t payload_type, payload_t **payload); - + /** * Gets the remaining byte count which is not currently parsed. */ int (*get_remaining_byte_count) (parser_t *this); - + /** * Resets the current parser context. */ void (*reset_context) (parser_t *this); - + /** * Destroys a parser_t object. */ @@ -70,7 +70,7 @@ struct parser_t { /** * Constructor to create a parser_t object. - * + * * @param data chunk of data to parse with this parser_t object * @return parser_t object */ diff --git a/src/charon/encoding/payloads/auth_payload.c b/src/charon/encoding/payloads/auth_payload.c index 53406f564..d31208abb 100644 --- a/src/charon/encoding/payloads/auth_payload.c +++ b/src/charon/encoding/payloads/auth_payload.c @@ -23,15 +23,15 @@ typedef struct private_auth_payload_t private_auth_payload_t; /** * Private data of an auth_payload_t object. - * + * */ struct private_auth_payload_t { - + /** * Public auth_payload_t interface. */ auth_payload_t public; - + /** * Next payload type. */ @@ -41,17 +41,17 @@ struct private_auth_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Method of the AUTH Data. */ u_int8_t auth_method; - + /** * The contained auth data value. */ @@ -60,16 +60,16 @@ struct private_auth_payload_t { /** * Encoding rules to parse or generate a AUTH payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_auth_payload_t. */ encoding_rule_t auth_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_auth_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_auth_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ + /* 7 Bit reserved bits, nowhere stored */ { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, @@ -79,7 +79,7 @@ encoding_rule_t auth_payload_encodings[] = { { RESERVED_BIT, 0 }, /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_auth_payload_t, payload_length)}, - /* 1 Byte AUTH type*/ + /* 1 Byte AUTH type*/ { U_INT_8, offsetof(private_auth_payload_t, auth_method) }, /* 3 reserved bytes */ { RESERVED_BYTE, 0 }, @@ -221,8 +221,8 @@ static void destroy(private_auth_payload_t *this) { chunk_free(&(this->auth_data)); } - - free(this); + + free(this); } /* @@ -240,7 +240,7 @@ auth_payload_t *auth_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (auth_payload_t *)) destroy; this->public.set_auth_method = (void (*) (auth_payload_t *,auth_method_t)) set_auth_method; @@ -248,7 +248,7 @@ auth_payload_t *auth_payload_create() this->public.set_data = (void (*) (auth_payload_t *,chunk_t)) set_data; this->public.get_data_clone = (chunk_t (*) (auth_payload_t *)) get_data_clone; this->public.get_data = (chunk_t (*) (auth_payload_t *)) get_data; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; diff --git a/src/charon/encoding/payloads/auth_payload.h b/src/charon/encoding/payloads/auth_payload.h index 4287f14d9..37ee149db 100644 --- a/src/charon/encoding/payloads/auth_payload.h +++ b/src/charon/encoding/payloads/auth_payload.h @@ -39,7 +39,7 @@ typedef struct auth_payload_t auth_payload_t; * The AUTH payload format is described in RFC section 3.8. */ struct auth_payload_t { - + /** * The payload_t interface. */ @@ -51,41 +51,41 @@ struct auth_payload_t { * @param method auth_method_t to use */ void (*set_auth_method) (auth_payload_t *this, auth_method_t method); - + /** * Get the AUTH method. * * @return auth_method_t used */ auth_method_t (*get_auth_method) (auth_payload_t *this); - + /** * Set the AUTH data. - * + * * Data gets cloned. * * @param data AUTH data as chunk_t */ void (*set_data) (auth_payload_t *this, chunk_t data); - + /** * Get the AUTH data. - * + * * Returned data are a copy of the internal one. * * @return AUTH data as chunk_t */ chunk_t (*get_data_clone) (auth_payload_t *this); - + /** * Get the AUTH data. - * + * * Returned data are NOT copied * * @return AUTH data as chunk_t */ chunk_t (*get_data) (auth_payload_t *this); - + /** * Destroys an auth_payload_t object. */ @@ -94,7 +94,7 @@ struct auth_payload_t { /** * Creates an empty auth_payload_t object. - * + * * @return auth_payload_t object */ auth_payload_t *auth_payload_create(void); diff --git a/src/charon/encoding/payloads/cert_payload.c b/src/charon/encoding/payloads/cert_payload.c index 54a8c1392..6dd3141f0 100644 --- a/src/charon/encoding/payloads/cert_payload.c +++ b/src/charon/encoding/payloads/cert_payload.c @@ -43,14 +43,14 @@ typedef struct private_cert_payload_t private_cert_payload_t; /** * Private data of an cert_payload_t object. - * + * */ struct private_cert_payload_t { /** * Public cert_payload_t interface. */ cert_payload_t public; - + /** * Next payload type. */ @@ -60,22 +60,22 @@ struct private_cert_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Encoding of the CERT Data. */ u_int8_t encoding; - + /** * The contained cert data value. */ chunk_t data; - + /** * TRUE if the "Hash and URL" data is invalid */ @@ -84,17 +84,17 @@ struct private_cert_payload_t { /** * Encoding rules to parse or generate a CERT payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_cert_payload_t. - * + * */ encoding_rule_t cert_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_cert_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_cert_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ + /* 7 Bit reserved bits, nowhere stored */ { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, @@ -104,7 +104,7 @@ encoding_rule_t cert_payload_encodings[] = { { RESERVED_BIT, 0 }, /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_cert_payload_t, payload_length)}, - /* 1 Byte CERT type*/ + /* 1 Byte CERT type*/ { U_INT_8, offsetof(private_cert_payload_t, encoding) }, /* some cert data bytes, length is defined in PAYLOAD_LENGTH */ { CERT_DATA, offsetof(private_cert_payload_t, data) } @@ -139,7 +139,7 @@ static status_t verify(private_cert_payload_t *this) this->invalid_hash_and_url = TRUE; return SUCCESS; } - + int i = 20; /* skipping the hash */ for (; i < this->data.len; ++i) { @@ -156,7 +156,7 @@ static status_t verify(private_cert_payload_t *this) return SUCCESS; } } - + /* URL is not null terminated, correct that */ chunk_t data = chunk_alloc(this->data.len + 1); memcpy(data.ptr, this->data.ptr, this->data.len); @@ -268,7 +268,7 @@ static char *get_url(private_cert_payload_t *this) static void destroy(private_cert_payload_t *this) { chunk_free(&this->data); - free(this); + free(this); } /* @@ -285,13 +285,13 @@ cert_payload_t *cert_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; - + this->public.destroy = (void (*) (cert_payload_t*))destroy; this->public.get_cert = (certificate_t* (*) (cert_payload_t*))get_cert; this->public.get_cert_encoding = (cert_encoding_t (*) (cert_payload_t*))get_cert_encoding; this->public.get_hash = (chunk_t (*) (cert_payload_t*))get_hash; this->public.get_url = (char* (*) (cert_payload_t*))get_url; - + this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length = CERT_PAYLOAD_HEADER_LENGTH; @@ -331,14 +331,9 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert) cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url) { private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(); - chunk_t url_chunk; - + this->encoding = ENC_X509_HASH_AND_URL; - - url_chunk.ptr = url; - url_chunk.len = strlen(url) + 1; - - this->data = chunk_cat("cc", hash, url_chunk); + this->data = chunk_cat("cc", hash, chunk_create(url, strlen(url))); this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len; return &this->public; } diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/charon/encoding/payloads/cert_payload.h index fba404ee2..aa1c7bf5a 100644 --- a/src/charon/encoding/payloads/cert_payload.h +++ b/src/charon/encoding/payloads/cert_payload.h @@ -65,45 +65,45 @@ extern enum_name_t *cert_encoding_names; * The CERT payload format is described in RFC section 3.6. */ struct cert_payload_t { - + /** * The payload_t interface. */ payload_t payload_interface; - + /** * Get the playoads encoded certifcate. * * @return certifcate copy */ certificate_t *(*get_cert)(cert_payload_t *this); - + /** * Get the encoding of the certificate. - * + * * @return encoding */ cert_encoding_t (*get_cert_encoding)(cert_payload_t *this); - + /** * Get the hash if this is a hash and URL encoded certificate. - * + * * This function returns internal data, do not free. - * + * * @return hash */ chunk_t (*get_hash)(cert_payload_t *this); - + /** * Get the URL if this is a hash and URL encoded certificate. - * + * * This function returns internal data, do not free. - * + * * @return url */ char *(*get_url)(cert_payload_t *this); - - + + /** * Destroys the cert_payload object. */ @@ -112,14 +112,14 @@ struct cert_payload_t { /** * Creates an empty certificate payload. - * + * * @return cert_payload_t object */ cert_payload_t *cert_payload_create(void); /** * Creates a certificate payload with an embedded certificate. - * + * * @param cert certificate to embed * @return cert_payload_t object */ @@ -127,7 +127,7 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert); /** * Creates a certificate payload with hash and URL encoding of a certificate. - * + * * @param hash hash of the DER encoded certificate (get's cloned) * @param url the URL to locate the certificate (get's cloned) * @return cert_payload_t object diff --git a/src/charon/encoding/payloads/certreq_payload.c b/src/charon/encoding/payloads/certreq_payload.c index 50adedb28..9ff0bdde0 100644 --- a/src/charon/encoding/payloads/certreq_payload.c +++ b/src/charon/encoding/payloads/certreq_payload.c @@ -27,14 +27,14 @@ typedef struct private_certreq_payload_t private_certreq_payload_t; /** * Private data of an certreq_payload_t object. - * + * */ struct private_certreq_payload_t { /** * Public certreq_payload_t interface. */ certreq_payload_t public; - + /** * Next payload type. */ @@ -44,17 +44,17 @@ struct private_certreq_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Encoding of the CERT Data. */ u_int8_t encoding; - + /** * The contained certreq data value. */ @@ -63,10 +63,10 @@ struct private_certreq_payload_t { /** * Encoding rules to parse or generate a CERTREQ payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_certreq_payload_t. - * + * */ encoding_rule_t certreq_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -160,7 +160,7 @@ static size_t get_length(private_certreq_payload_t *this) { return this->payload_length; } - + /** * Implementation of certreq_payload_t.add_keyid. */ @@ -240,7 +240,7 @@ static certificate_type_t get_cert_type(private_certreq_payload_t *this) static void destroy(private_certreq_payload_t *this) { chunk_free(&this->data); - free(this); + free(this); } /* @@ -258,13 +258,13 @@ certreq_payload_t *certreq_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; - + /* public functions */ this->public.destroy = (void (*) (certreq_payload_t*)) destroy; this->public.create_keyid_enumerator = (enumerator_t*(*)(certreq_payload_t*))create_keyid_enumerator; this->public.get_cert_type = (certificate_type_t(*)(certreq_payload_t*))get_cert_type; this->public.add_keyid = (void(*)(certreq_payload_t*, chunk_t keyid))add_keyid; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; @@ -281,7 +281,7 @@ certreq_payload_t *certreq_payload_create() certreq_payload_t *certreq_payload_create_type(certificate_type_t type) { private_certreq_payload_t *this = (private_certreq_payload_t*)certreq_payload_create(); - + switch (type) { case CERT_X509: diff --git a/src/charon/encoding/payloads/certreq_payload.h b/src/charon/encoding/payloads/certreq_payload.h index ff9814f8a..914063628 100644 --- a/src/charon/encoding/payloads/certreq_payload.h +++ b/src/charon/encoding/payloads/certreq_payload.h @@ -50,14 +50,14 @@ struct certreq_payload_t { * @return enumerator over chunk_t's. */ enumerator_t* (*create_keyid_enumerator)(certreq_payload_t *this); - + /** * Get the type of contained certificate keyids. * * @return certificate keyid type */ certificate_type_t (*get_cert_type)(certreq_payload_t *this); - + /** * Add a certificates keyid to the payload. * @@ -65,7 +65,7 @@ struct certreq_payload_t { * @return */ void (*add_keyid)(certreq_payload_t *this, chunk_t keyid); - + /** * Destroys an certreq_payload_t object. */ @@ -74,14 +74,14 @@ struct certreq_payload_t { /** * Creates an empty certreq_payload_t object. - * + * * @return certreq payload */ certreq_payload_t *certreq_payload_create(void); /** * Creates an empty certreq_payload_t for a kind of certificates. - * + * * @param type type of the added keyids * @return certreq payload */ diff --git a/src/charon/encoding/payloads/configuration_attribute.c b/src/charon/encoding/payloads/configuration_attribute.c index 674feeddd..9094fd44d 100644 --- a/src/charon/encoding/payloads/configuration_attribute.c +++ b/src/charon/encoding/payloads/configuration_attribute.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -27,67 +27,45 @@ typedef struct private_configuration_attribute_t private_configuration_attribute /** * Private data of an configuration_attribute_t object. - * + * */ struct private_configuration_attribute_t { /** * Public configuration_attribute_t interface. */ configuration_attribute_t public; - + /** * Type of the attribute. */ - u_int16_t attribute_type; - + u_int16_t type; + /** * Length of the attribute. */ - u_int16_t attribute_length; + u_int16_t length; /** * Attribute value as chunk. */ - chunk_t attribute_value; + chunk_t value; }; -ENUM_BEGIN(configuration_attribute_type_names, INTERNAL_IP4_ADDRESS, INTERNAL_IP6_ADDRESS, - "INTERNAL_IP4_ADDRESS", - "INTERNAL_IP4_NETMASK", - "INTERNAL_IP4_DNS", - "INTERNAL_IP4_NBNS", - "INTERNAL_ADDRESS_EXPIRY", - "INTERNAL_IP4_DHCP", - "APPLICATION_VERSION", - "INTERNAL_IP6_ADDRESS"); -ENUM_NEXT(configuration_attribute_type_names, INTERNAL_IP6_DNS, INTERNAL_IP6_SUBNET, INTERNAL_IP6_ADDRESS, - "INTERNAL_IP6_DNS", - "INTERNAL_IP6_NBNS", - "INTERNAL_IP6_DHCP", - "INTERNAL_IP4_SUBNET", - "SUPPORTED_ATTRIBUTES", - "INTERNAL_IP6_SUBNET"); -ENUM_NEXT(configuration_attribute_type_names, INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, INTERNAL_IP6_SUBNET, - "INTERNAL_IP4_SERVER", - "INTERNAL_IP6_SERVER"); -ENUM_END(configuration_attribute_type_names, INTERNAL_IP6_SERVER); - /** * Encoding rules to parse or generate a configuration attribute. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_configuration_attribute_t. - * */ encoding_rule_t configuration_attribute_encodings[] = { - { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* type of the attribute as 15 bit unsigned integer */ - { ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, attribute_type) }, + { ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, type) }, /* Length of attribute value */ - { CONFIGURATION_ATTRIBUTE_LENGTH, offsetof(private_configuration_attribute_t, attribute_length)}, + { CONFIGURATION_ATTRIBUTE_LENGTH, offsetof(private_configuration_attribute_t, length) }, /* Value of attribute if attribute format flag is zero */ - { CONFIGURATION_ATTRIBUTE_VALUE, offsetof(private_configuration_attribute_t, attribute_value)} + { CONFIGURATION_ATTRIBUTE_VALUE, offsetof(private_configuration_attribute_t, value) } }; /* @@ -109,66 +87,65 @@ static status_t verify(private_configuration_attribute_t *this) { bool failed = FALSE; - if (this->attribute_length != this->attribute_value.len) + if (this->length != this->value.len) { DBG1(DBG_ENC, "invalid attribute length"); return FAILED; } - switch (this->attribute_type) + switch (this->type) { - case INTERNAL_IP4_ADDRESS: - case INTERNAL_IP4_NETMASK: + case INTERNAL_IP4_ADDRESS: + case INTERNAL_IP4_NETMASK: case INTERNAL_IP4_DNS: case INTERNAL_IP4_NBNS: case INTERNAL_ADDRESS_EXPIRY: case INTERNAL_IP4_DHCP: - if (this->attribute_length != 0 && this->attribute_length != 4) - { + if (this->length != 0 && this->length != 4) + { failed = TRUE; - } + } break; case INTERNAL_IP4_SUBNET: - if (this->attribute_length != 0 && this->attribute_length != 8) - { + if (this->length != 0 && this->length != 8) + { failed = TRUE; - } + } break; case INTERNAL_IP6_ADDRESS: case INTERNAL_IP6_SUBNET: - if (this->attribute_length != 0 && this->attribute_length != 17) - { + if (this->length != 0 && this->length != 17) + { failed = TRUE; - } + } break; case INTERNAL_IP6_DNS: case INTERNAL_IP6_NBNS: case INTERNAL_IP6_DHCP: - if (this->attribute_length != 0 && this->attribute_length != 16) - { + if (this->length != 0 && this->length != 16) + { failed = TRUE; - } + } break; case SUPPORTED_ATTRIBUTES: - if (this->attribute_length % 2) - { + if (this->length % 2) + { failed = TRUE; - } + } break; case APPLICATION_VERSION: - /* any length acceptable */ - break; + /* any length acceptable */ + break; default: - DBG1(DBG_ENC, "unknown attribute type %N", - configuration_attribute_type_names, this->attribute_type); - break; + DBG1(DBG_ENC, "unknown attribute type %N", + configuration_attribute_type_names, this->type); + break; } - + if (failed) { DBG1(DBG_ENC, "invalid attribute length %d for %N", - this->attribute_length, configuration_attribute_type_names, - this->attribute_type); + this->length, configuration_attribute_type_names, this->type); return FAILED; } return SUCCESS; @@ -177,7 +154,8 @@ static status_t verify(private_configuration_attribute_t *this) /** * Implementation of payload_t.get_encoding_rules. */ -static void get_encoding_rules(private_configuration_attribute_t *this, encoding_rule_t **rules, size_t *rule_count) +static void get_encoding_rules(private_configuration_attribute_t *this, + encoding_rule_t **rules, size_t *rule_count) { *rules = configuration_attribute_encodings; *rule_count = sizeof(configuration_attribute_encodings) / sizeof(encoding_rule_t); @@ -196,13 +174,14 @@ static payload_type_t get_type(private_configuration_attribute_t *this) */ static payload_type_t get_next_type(private_configuration_attribute_t *this) { - return (NO_PAYLOAD); + return NO_PAYLOAD; } /** * Implementation of payload_t.set_next_type. */ -static void set_next_type(private_configuration_attribute_t *this,payload_type_t type) +static void set_next_type(private_configuration_attribute_t *this, + payload_type_t type) { } @@ -211,99 +190,75 @@ static void set_next_type(private_configuration_attribute_t *this,payload_type_t */ static size_t get_length(private_configuration_attribute_t *this) { - return (this->attribute_value.len + CONFIGURATION_ATTRIBUTE_HEADER_LENGTH); + return this->value.len + CONFIGURATION_ATTRIBUTE_HEADER_LENGTH; } /** - * Implementation of configuration_attribute_t.set_value. + * Implementation of configuration_attribute_t.get_type. */ -static void set_value(private_configuration_attribute_t *this, chunk_t value) +static configuration_attribute_type_t get_configuration_attribute_type( + private_configuration_attribute_t *this) { - if (this->attribute_value.ptr != NULL) - { - /* free existing value */ - chunk_free(&(this->attribute_value)); - } - - this->attribute_value.ptr = clalloc(value.ptr,value.len); - this->attribute_value.len = value.len; - - this->attribute_length = this->attribute_value.len; + return this->type; } /** * Implementation of configuration_attribute_t.get_value. */ -static chunk_t get_value (private_configuration_attribute_t *this) +static chunk_t get_value(private_configuration_attribute_t *this) { - return this->attribute_value; + return this->value; } /** - * Implementation of configuration_attribute_t.set_type. + * Implementation of configuration_attribute_t.destroy and payload_t.destroy. */ -static void set_attribute_type (private_configuration_attribute_t *this, u_int16_t type) +static void destroy(private_configuration_attribute_t *this) { - this->attribute_type = type & 0x7FFF; + free(this->value.ptr); + free(this); } -/** - * Implementation of configuration_attribute_t.get_type. +/* + * Described in header. */ -static u_int16_t get_attribute_type (private_configuration_attribute_t *this) +configuration_attribute_t *configuration_attribute_create() { - return this->attribute_type; -} + private_configuration_attribute_t *this; -/** - * Implementation of configuration_attribute_t.get_length. - */ -static u_int16_t get_attribute_length (private_configuration_attribute_t *this) -{ - return this->attribute_length; -} + this = malloc_thing(private_configuration_attribute_t); + this->public.payload_interface.verify = (status_t(*)(payload_t *))verify; + this->public.payload_interface.get_encoding_rules = (void(*)(payload_t *, encoding_rule_t **, size_t *) )get_encoding_rules; + this->public.payload_interface.get_length = (size_t(*)(payload_t *))get_length; + this->public.payload_interface.get_next_type = (payload_type_t(*)(payload_t *))get_next_type; + this->public.payload_interface.set_next_type = (void(*)(payload_t *,payload_type_t))set_next_type; + this->public.payload_interface.get_type = (payload_type_t(*)(payload_t *))get_type; + this->public.payload_interface.destroy = (void(*)(payload_t*))destroy; + this->public.get_value = (chunk_t(*)(configuration_attribute_t *))get_value; + this->public.get_type = (configuration_attribute_type_t(*)(configuration_attribute_t *))get_configuration_attribute_type; + this->public.destroy = (void (*)(configuration_attribute_t*))destroy; -/** - * Implementation of configuration_attribute_t.destroy and payload_t.destroy. - */ -static void destroy(private_configuration_attribute_t *this) -{ - if (this->attribute_value.ptr != NULL) - { - free(this->attribute_value.ptr); - } - free(this); + this->type = 0; + this->value = chunk_empty; + this->length = 0; + + return &this->public; } /* * Described in header. */ -configuration_attribute_t *configuration_attribute_create() +configuration_attribute_t *configuration_attribute_create_value( + configuration_attribute_type_t type, chunk_t value) { - private_configuration_attribute_t *this = malloc_thing(private_configuration_attribute_t); - - /* payload interface */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.set_value = (void (*) (configuration_attribute_t *,chunk_t)) set_value; - this->public.get_value = (chunk_t (*) (configuration_attribute_t *)) get_value; - this->public.set_type = (void (*) (configuration_attribute_t *,u_int16_t type)) set_attribute_type; - this->public.get_type = (u_int16_t (*) (configuration_attribute_t *)) get_attribute_type; - this->public.get_length = (u_int16_t (*) (configuration_attribute_t *)) get_attribute_length; - this->public.destroy = (void (*) (configuration_attribute_t *)) destroy; - - /* set default values of the fields */ - this->attribute_type = 0; - this->attribute_value = chunk_empty; - this->attribute_length = 0; - - return (&(this->public)); + private_configuration_attribute_t *this; + + this = (private_configuration_attribute_t*)configuration_attribute_create(); + this->type = ((u_int16_t)type) & 0x7FFF; + this->value = chunk_clone(value); + this->length = value.len; + + return &this->public; } + diff --git a/src/charon/encoding/payloads/configuration_attribute.h b/src/charon/encoding/payloads/configuration_attribute.h index 404130114..6e4b018bb 100644 --- a/src/charon/encoding/payloads/configuration_attribute.h +++ b/src/charon/encoding/payloads/configuration_attribute.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -22,96 +22,43 @@ #ifndef CONFIGURATION_ATTRIBUTE_H_ #define CONFIGURATION_ATTRIBUTE_H_ -typedef enum configuration_attribute_type_t configuration_attribute_type_t; typedef struct configuration_attribute_t configuration_attribute_t; #include +#include #include - /** * Configuration attribute header length in bytes. */ #define CONFIGURATION_ATTRIBUTE_HEADER_LENGTH 4 -/** - * Type of the attribute, as in IKEv2 RFC 3.15.1. - */ -enum configuration_attribute_type_t { - INTERNAL_IP4_ADDRESS = 1, - INTERNAL_IP4_NETMASK = 2, - INTERNAL_IP4_DNS = 3, - INTERNAL_IP4_NBNS = 4, - INTERNAL_ADDRESS_EXPIRY = 5, - INTERNAL_IP4_DHCP = 6, - APPLICATION_VERSION = 7, - INTERNAL_IP6_ADDRESS = 8, - INTERNAL_IP6_DNS = 10, - INTERNAL_IP6_NBNS = 11, - INTERNAL_IP6_DHCP = 12, - INTERNAL_IP4_SUBNET = 13, - SUPPORTED_ATTRIBUTES = 14, - INTERNAL_IP6_SUBNET = 15, - /* proprietary Microsoft attributes */ - INTERNAL_IP4_SERVER = 23456, - INTERNAL_IP6_SERVER = 23457 -}; - -/** - * enum names for configuration_attribute_type_t. - */ -extern enum_name_t *configuration_attribute_type_names; - /** * Class representing an IKEv2-CONFIGURATION Attribute. - * + * * The CONFIGURATION ATTRIBUTE format is described in RFC section 3.15.1. */ struct configuration_attribute_t { + /** - * The payload_t interface. + * Implements payload_t interface. */ payload_t payload_interface; /** - * Returns the currently set value of the attribute. - * - * @warning Returned data are not copied. - * - * @return chunk_t pointing to the value - */ - chunk_t (*get_value) (configuration_attribute_t *this); - - /** - * Sets the value of the attribute. - * - * Value is getting copied. - * - * @param value chunk_t pointing to the value to set + * Get the type of the attribute. + * + * @return type of the configuration attribute */ - void (*set_value) (configuration_attribute_t *this, chunk_t value); + configuration_attribute_type_t (*get_type)(configuration_attribute_t *this); /** - * Sets the type of the attribute. - * - * @param type type to set (most significant bit is set to zero) + * Returns the value of the attribute. + * + * @return chunk_t pointing to the internal value */ - void (*set_type) (configuration_attribute_t *this, u_int16_t type); - - /** - * get the type of the attribute. - * - * @return type of the value - */ - u_int16_t (*get_type) (configuration_attribute_t *this); - - /** - * get the length of an attribute. - * - * @return type of the value - */ - u_int16_t (*get_length) (configuration_attribute_t *this); - + chunk_t (*get_value) (configuration_attribute_t *this); + /** * Destroys an configuration_attribute_t object. */ @@ -119,10 +66,20 @@ struct configuration_attribute_t { }; /** - * Creates an empty configuration_attribute_t object. - * - * @return created configuration_attribute_t object + * Creates an empty configuration attribute. + * + * @return created configuration attribute + */ +configuration_attribute_t *configuration_attribute_create(); + +/** + * Creates a configuration attribute with type and value. + * + * @param type type of configuration attribute + * @param value value, gets cloned + * @return created configuration attribute */ -configuration_attribute_t *configuration_attribute_create(void); +configuration_attribute_t *configuration_attribute_create_value( + configuration_attribute_type_t type, chunk_t value); #endif /** CONFIGURATION_ATTRIBUTE_H_ @}*/ diff --git a/src/charon/encoding/payloads/cp_payload.c b/src/charon/encoding/payloads/cp_payload.c index b5f1b35c7..f0a26eee2 100644 --- a/src/charon/encoding/payloads/cp_payload.c +++ b/src/charon/encoding/payloads/cp_payload.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -32,14 +32,14 @@ typedef struct private_cp_payload_t private_cp_payload_t; /** * Private data of an cp_payload_t object. - * + * */ struct private_cp_payload_t { /** * Public cp_payload_t interface. */ cp_payload_t public; - + /** * Next payload type. */ @@ -49,51 +49,51 @@ struct private_cp_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** - * Configuration Attributes in this payload are stored in a linked_list_t. + * List of attributes, as configuration_attribute_t */ - linked_list_t * attributes; - + linked_list_t *attributes; + /** * Config Type. */ - u_int8_t config_type; + u_int8_t type; }; /** * Encoding rules to parse or generate a IKEv2-CP Payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_cp_payload_t. - * + * */ encoding_rule_t cp_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_cp_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_cp_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { FLAG, offsetof(private_cp_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole CP payload*/ - { PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) }, - /* Proposals are stored in a proposal substructure, + { PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) }, + /* Proposals are stored in a proposal substructure, offset points to a linked_list_t pointer */ - { U_INT_8, offsetof(private_cp_payload_t, config_type) }, - { RESERVED_BYTE,0 }, - { RESERVED_BYTE,0 }, - { RESERVED_BYTE,0 }, + { U_INT_8, offsetof(private_cp_payload_t, type) }, + { RESERVED_BYTE,0 }, + { RESERVED_BYTE,0 }, + { RESERVED_BYTE,0 }, { CONFIGURATION_ATTRIBUTES, offsetof(private_cp_payload_t, attributes) } }; @@ -117,26 +117,27 @@ encoding_rule_t cp_payload_encodings[] = { static status_t verify(private_cp_payload_t *this) { status_t status = SUCCESS; - iterator_t *iterator; - configuration_attribute_t *attribute; - - iterator = this->attributes->create_iterator(this->attributes,TRUE); - while(iterator->iterate(iterator, (void**)&attribute)) + enumerator_t *enumerator; + payload_t *attribute; + + enumerator = this->attributes->create_enumerator(this->attributes); + while (enumerator->enumerate(enumerator, &attribute)) { - status = attribute->payload_interface.verify(&attribute->payload_interface); + status = attribute->verify(attribute); if (status != SUCCESS) { break; } } - iterator->destroy(iterator); + enumerator->destroy(enumerator); return status; } /** * Implementation of payload_t.get_encoding_rules. */ -static void get_encoding_rules(private_cp_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +static void get_encoding_rules(private_cp_payload_t *this, + encoding_rule_t **rules, size_t *rule_count) { *rules = cp_payload_encodings; *rule_count = sizeof(cp_payload_encodings) / sizeof(encoding_rule_t); @@ -155,7 +156,7 @@ static payload_type_t get_type(private_cp_payload_t *this) */ static payload_type_t get_next_type(private_cp_payload_t *this) { - return (this->next_payload); + return this->next_payload; } /** @@ -171,18 +172,17 @@ static void set_next_type(private_cp_payload_t *this,payload_type_t type) */ static void compute_length(private_cp_payload_t *this) { - iterator_t *iterator; - payload_t *current_attribute; - size_t length = CP_PAYLOAD_HEADER_LENGTH; - - iterator = this->attributes->create_iterator(this->attributes,TRUE); - while (iterator->iterate(iterator, (void**)¤t_attribute)) + enumerator_t *enumerator; + payload_t *attribute; + + this->payload_length = CP_PAYLOAD_HEADER_LENGTH; + + enumerator = this->attributes->create_enumerator(this->attributes); + while (enumerator->enumerate(enumerator, &attribute)) { - length += current_attribute->get_length(current_attribute); + this->payload_length += attribute->get_length(attribute); } - iterator->destroy(iterator); - - this->payload_length = length; + enumerator->destroy(enumerator); } /** @@ -190,41 +190,33 @@ static void compute_length(private_cp_payload_t *this) */ static size_t get_length(private_cp_payload_t *this) { - compute_length(this); return this->payload_length; } /** - * Implementation of cp_payload_t.create_configuration_attribute_iterator. + * Implementation of cp_payload_t.create_attribute_enumerator. */ -static iterator_t *create_attribute_iterator (private_cp_payload_t *this) +static enumerator_t *create_attribute_enumerator(private_cp_payload_t *this) { - return this->attributes->create_iterator(this->attributes, TRUE); + return this->attributes->create_enumerator(this->attributes); } /** - * Implementation of cp_payload_t.add_proposal_substructure. + * Implementation of cp_payload_t.add_attribute. */ -static void add_configuration_attribute (private_cp_payload_t *this,configuration_attribute_t *attribute) +static void add_attribute(private_cp_payload_t *this, + configuration_attribute_t *attribute) { - this->attributes->insert_last(this->attributes,(void *) attribute); + this->attributes->insert_last(this->attributes, attribute); compute_length(this); } /** - * Implementation of cp_payload_t.set_config_type. + * Implementation of cp_payload_t.get_type. */ -static void set_config_type (private_cp_payload_t *this,config_type_t config_type) +static config_type_t get_config_type(private_cp_payload_t *this) { - this->config_type = config_type; -} - -/** - * Implementation of cp_payload_t.get_config_type. - */ -static config_type_t get_config_type (private_cp_payload_t *this) -{ - return this->config_type; + return this->type; } /** @@ -233,7 +225,7 @@ static config_type_t get_config_type (private_cp_payload_t *this) static void destroy(private_cp_payload_t *this) { this->attributes->destroy_offset(this->attributes, - offsetof(configuration_attribute_t, destroy)); + offsetof(configuration_attribute_t, destroy)); free(this); } @@ -243,8 +235,7 @@ static void destroy(private_cp_payload_t *this) cp_payload_t *cp_payload_create() { private_cp_payload_t *this = malloc_thing(private_cp_payload_t); - - /* public interface */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; @@ -252,19 +243,31 @@ cp_payload_t *cp_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.create_attribute_iterator = (iterator_t* (*) (cp_payload_t *)) create_attribute_iterator; - this->public.add_configuration_attribute = (void (*) (cp_payload_t *,configuration_attribute_t *)) add_configuration_attribute; - this->public.set_config_type = (void (*) (cp_payload_t *, config_type_t)) set_config_type; - this->public.get_config_type = (config_type_t (*) (cp_payload_t *)) get_config_type; - this->public.destroy = (void (*) (cp_payload_t *)) destroy; - + + this->public.create_attribute_enumerator = (enumerator_t*(*)(cp_payload_t *))create_attribute_enumerator; + this->public.add_attribute = (void (*) (cp_payload_t *,configuration_attribute_t*))add_attribute; + this->public.get_type = (config_type_t (*) (cp_payload_t *))get_config_type; + this->public.destroy = (void (*)(cp_payload_t *))destroy; + /* set default values of the fields */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length = CP_PAYLOAD_HEADER_LENGTH; - this->attributes = linked_list_create(); - return (&(this->public)); + this->type = CFG_REQUEST; + + return &this->public; } + +/* + * Described in header. + */ +cp_payload_t *cp_payload_create_type(config_type_t type) +{ + private_cp_payload_t *this = (private_cp_payload_t*)cp_payload_create(); + + this->type = type; + + return &this->public; +} + diff --git a/src/charon/encoding/payloads/cp_payload.h b/src/charon/encoding/payloads/cp_payload.h index 6ffcca708..c0760885a 100644 --- a/src/charon/encoding/payloads/cp_payload.h +++ b/src/charon/encoding/payloads/cp_payload.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -28,7 +28,7 @@ typedef struct cp_payload_t cp_payload_t; #include #include #include -#include +#include /** * CP_PAYLOAD length in bytes without any proposal substructure. @@ -52,49 +52,38 @@ extern enum_name_t *config_type_names; /** * Class representing an IKEv2-CP Payload. - * + * * The CP Payload format is described in RFC section 3.15. */ struct cp_payload_t { + /** * The payload_t interface. */ payload_t payload_interface; - + /** * Creates an iterator of stored configuration_attribute_t objects. - * - * When deleting an attribute using this iterator, the length of this - * configuration_attribute_t has to be refreshed by calling get_length()! * - * @return created iterator_t object + * @return enumerator over configration_attribute_T */ - iterator_t *(*create_attribute_iterator) (cp_payload_t *this); - - /** - * Adds a configuration_attribute_t object to this object. - * - * The added configuration_attribute_t object is getting destroyed in - * destroy function of cp_payload_t. - * - * @param attribute configuration_attribute_t object to add - */ - void (*add_configuration_attribute) (cp_payload_t *this, configuration_attribute_t *attribute); - + enumerator_t *(*create_attribute_enumerator) (cp_payload_t *this); + /** - * Set the config type. + * Adds a configuration attribute to the configuration payload. * - * @param config_type config_type_t to set + * @param attribute attribute to add */ - void (*set_config_type) (cp_payload_t *this,config_type_t config_type); - + void (*add_attribute)(cp_payload_t *this, + configuration_attribute_t *attribute); + /** - * Get the config type. + * Get the configuration payload type. * - * @return config_type_t + * @return type of configuration payload */ - config_type_t (*get_config_type) (cp_payload_t *this); - + config_type_t (*get_type) (cp_payload_t *this); + /** * Destroys an cp_payload_t object. */ @@ -102,10 +91,18 @@ struct cp_payload_t { }; /** - * Creates an empty cp_payload_t object - * - * @return cp_payload_t object + * Creates an empty configuration payload + * + * @return empty configuration payload + */ +cp_payload_t *cp_payload_create(); + +/** + * Creates an cp_payload_t with type and value + * + * @param type type of configuration payload to create + * @return created configuration payload */ -cp_payload_t *cp_payload_create(void); +cp_payload_t *cp_payload_create_type(config_type_t config_type); #endif /** CP_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/delete_payload.c b/src/charon/encoding/payloads/delete_payload.c index c2be1e8b5..97b4743b2 100644 --- a/src/charon/encoding/payloads/delete_payload.c +++ b/src/charon/encoding/payloads/delete_payload.c @@ -23,14 +23,14 @@ typedef struct private_delete_payload_t private_delete_payload_t; /** * Private data of an delete_payload_t object. - * + * */ struct private_delete_payload_t { /** * Public delete_payload_t interface. */ delete_payload_t public; - + /** * Next payload type. */ @@ -40,12 +40,12 @@ struct private_delete_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Protocol ID. */ @@ -55,36 +55,36 @@ struct private_delete_payload_t { * SPI Size. */ u_int8_t spi_size; - + /** * Number of SPI's. */ u_int16_t spi_count; - + /** * The contained SPI's. */ chunk_t spis; - + /** - * List containing u_int32_t spis + * List containing u_int32_t spis */ linked_list_t *spi_list; }; /** * Encoding rules to parse or generate a DELETE payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_delete_payload_t. - * + * */ encoding_rule_t delete_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_delete_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_delete_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ + /* 7 Bit reserved bits, nowhere stored */ { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, @@ -223,7 +223,7 @@ static void add_spi(private_delete_payload_t *this, u_int32_t spi) static iterator_t* create_spi_iterator(private_delete_payload_t *this) { int i; - + if (this->spi_list == NULL) { this->spi_list = linked_list_create(); @@ -253,7 +253,7 @@ static void destroy(private_delete_payload_t *this) { this->spi_list->destroy(this->spi_list); } - free(this); + free(this); } /* @@ -271,13 +271,13 @@ delete_payload_t *delete_payload_create(protocol_id_t protocol_id) this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (delete_payload_t *)) destroy; this->public.get_protocol_id = (protocol_id_t (*) (delete_payload_t *)) get_protocol_id; this->public.add_spi = (void (*) (delete_payload_t *,u_int32_t))add_spi; this->public.create_spi_iterator = (iterator_t* (*) (delete_payload_t *)) create_spi_iterator; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; diff --git a/src/charon/encoding/payloads/delete_payload.h b/src/charon/encoding/payloads/delete_payload.h index 58840741a..3b62c1af1 100644 --- a/src/charon/encoding/payloads/delete_payload.h +++ b/src/charon/encoding/payloads/delete_payload.h @@ -43,21 +43,21 @@ struct delete_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Get the protocol ID. * * @return protocol ID */ protocol_id_t (*get_protocol_id) (delete_payload_t *this); - + /** * Add an SPI to the list of deleted SAs. * * @param spi spi to add */ void (*add_spi) (delete_payload_t *this, u_int32_t spi); - + /** * Get an iterator over the SPIs. * @@ -66,7 +66,7 @@ struct delete_payload_t { * @return iterator over SPIs */ iterator_t *(*create_spi_iterator) (delete_payload_t *this); - + /** * Destroys an delete_payload_t object. */ @@ -75,7 +75,7 @@ struct delete_payload_t { /** * Creates an empty delete_payload_t object. - * + * * @param protocol_id protocol, such as AH|ESP * @return delete_payload_t object */ diff --git a/src/charon/encoding/payloads/eap_payload.c b/src/charon/encoding/payloads/eap_payload.c index 1199bac45..21f34a642 100644 --- a/src/charon/encoding/payloads/eap_payload.c +++ b/src/charon/encoding/payloads/eap_payload.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -24,14 +24,14 @@ typedef struct private_eap_payload_t private_eap_payload_t; /** * Private data of an eap_payload_t object. - * + * */ struct private_eap_payload_t { /** * Public eap_payload_t interface. */ eap_payload_t public; - + /** * Next payload type. */ @@ -41,12 +41,12 @@ struct private_eap_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * EAP message data, if available */ @@ -55,17 +55,17 @@ struct private_eap_payload_t { /** * Encoding rules to parse or generate a EAP payload. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_eap_payload_t. - * + * */ -encoding_rule_t eap_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ +static encoding_rule_t eap_payload_encodings[] = { + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_eap_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_eap_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ + /* 7 Bit reserved bits, nowhere stored */ { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, @@ -91,27 +91,25 @@ encoding_rule_t eap_payload_encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- */ -/** - * Implementation of payload_t.verify. - */ -static status_t verify(private_eap_payload_t *this) +METHOD(payload_t, verify, status_t, + private_eap_payload_t *this) { u_int16_t length; u_int8_t code; - + if (this->data.len < 4) { DBG1(DBG_ENC, "EAP payloads EAP message too short (%d)", this->data.len); return FAILED; } - code = *this->data.ptr; - length = htons(*(u_int16_t*)(this->data.ptr + 2)); + length = untoh16(this->data.ptr + 2); if (this->data.len != length) { - DBG1(DBG_ENC, "EAP payload length (%d) does not match contained message length (%d)", - this->data.len, length); + DBG1(DBG_ENC, "EAP payload length (%d) does not match contained " + "message length (%d)", this->data.len, length); return FAILED; } + code = this->data.ptr[0]; switch (code) { case EAP_REQUEST: @@ -140,119 +138,97 @@ static status_t verify(private_eap_payload_t *this) return SUCCESS; } -/** - * Implementation of eap_payload_t.get_encoding_rules. - */ -static void get_encoding_rules(private_eap_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +METHOD(payload_t, get_encoding_rules, void, + private_eap_payload_t *this, encoding_rule_t **rules, size_t *rule_count) { *rules = eap_payload_encodings; *rule_count = sizeof(eap_payload_encodings) / sizeof(encoding_rule_t); } -/** - * Implementation of payload_t.get_type. - */ -static payload_type_t get_payload_type(private_eap_payload_t *this) +METHOD(payload_t, get_payload_type, payload_type_t, + private_eap_payload_t *this) { return EXTENSIBLE_AUTHENTICATION; } -/** - * Implementation of payload_t.get_next_type. - */ -static payload_type_t get_next_type(private_eap_payload_t *this) +METHOD(payload_t, get_next_type, payload_type_t, + private_eap_payload_t *this) { return (this->next_payload); } -/** - * Implementation of payload_t.set_next_type. - */ -static void set_next_type(private_eap_payload_t *this,payload_type_t type) +METHOD(payload_t, set_next_type, void, + private_eap_payload_t *this, payload_type_t type) { this->next_payload = type; } -/** - * Implementation of payload_t.get_length. - */ -static size_t get_length(private_eap_payload_t *this) +METHOD(payload_t, get_length, size_t, + private_eap_payload_t *this) { return this->payload_length; } -/** - * Implementation of eap_payload_t.get_data. - */ -static chunk_t get_data(private_eap_payload_t *this) +METHOD(eap_payload_t, get_data, chunk_t, + private_eap_payload_t *this) { return this->data; } -/** - * Implementation of eap_payload_t.set_data. - */ -static void set_data(private_eap_payload_t *this, chunk_t data) +METHOD(eap_payload_t, set_data, void, + private_eap_payload_t *this, chunk_t data) { - chunk_free(&this->data); + free(this->data.ptr); this->data = chunk_clone(data); this->payload_length = this->data.len + 4; } -/** - * Implementation of eap_payload_t.get_code. - */ -static eap_code_t get_code(private_eap_payload_t *this) +METHOD(eap_payload_t, get_code, eap_code_t, + private_eap_payload_t *this) { if (this->data.len > 0) { - return *this->data.ptr; + return this->data.ptr[0]; } /* should not happen, as it is verified */ return 0; } -/** - * Implementation of eap_payload_t.get_identifier. - */ -static u_int8_t get_identifier(private_eap_payload_t *this) +METHOD(eap_payload_t, get_identifier, u_int8_t, + private_eap_payload_t *this) { if (this->data.len > 1) { - return *(this->data.ptr + 1); + return this->data.ptr[1]; } /* should not happen, as it is verified */ return 0; } -/** - * Implementation of eap_payload_t.get_type. - */ -static eap_type_t get_type(private_eap_payload_t *this, u_int32_t *vendor) +METHOD(eap_payload_t, get_type, eap_type_t, + private_eap_payload_t *this, u_int32_t *vendor) { eap_type_t type; *vendor = 0; if (this->data.len > 4) { - type = *(this->data.ptr + 4); + type = this->data.ptr[4]; if (type != EAP_EXPANDED) { return type; } if (this->data.len >= 12) { - *vendor = ntohl(*(u_int32_t*)(this->data.ptr + 4)) & 0x00FFFFFF; - return ntohl(*(u_int32_t*)(this->data.ptr + 8)); + *vendor = untoh32(this->data.ptr + 4) & 0x00FFFFFF; + return untoh32(this->data.ptr + 8); } } return 0; } -/** - * Implementation of payload_t.destroy and eap_payload_t.destroy. - */ -static void destroy(private_eap_payload_t *this) +METHOD2(payload_t, eap_payload_t, destroy, void, + private_eap_payload_t *this) { chunk_free(&this->data); free(this); @@ -263,32 +239,30 @@ static void destroy(private_eap_payload_t *this) */ eap_payload_t *eap_payload_create() { - private_eap_payload_t *this = malloc_thing(private_eap_payload_t); - - /* interface functions */ - this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; - this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; - this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; - this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; - this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; - this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.destroy = (void (*) (eap_payload_t *)) destroy; - this->public.get_data = (chunk_t (*) (eap_payload_t*))get_data; - this->public.set_data = (void (*) (eap_payload_t *,chunk_t))set_data; - this->public.get_code = (eap_code_t (*) (eap_payload_t*))get_code; - this->public.get_identifier = (u_int8_t (*) (eap_payload_t*))get_identifier; - this->public.get_type = (eap_type_t (*) (eap_payload_t*,u_int32_t*))get_type; - - /* private variables */ - this->critical = FALSE; - this->next_payload = NO_PAYLOAD; - this->payload_length = EAP_PAYLOAD_HEADER_LENGTH; - this->data = chunk_empty; - - return &(this->public); + private_eap_payload_t *this; + + INIT(this, + .public = { + .payload_interface = { + .verify = _verify, + .get_encoding_rules = _get_encoding_rules, + .get_length = _get_length, + .get_next_type = _get_next_type, + .set_next_type = _set_next_type, + .get_type = _get_payload_type, + .destroy = _destroy, + }, + .get_data = _get_data, + .set_data = _set_data, + .get_code = _get_code, + .get_identifier = _get_identifier, + .get_type = _get_type, + .destroy = _destroy, + }, + .next_payload = NO_PAYLOAD, + .payload_length = EAP_PAYLOAD_HEADER_LENGTH, + ); + return &this->public; } /* @@ -297,7 +271,7 @@ eap_payload_t *eap_payload_create() eap_payload_t *eap_payload_create_data(chunk_t data) { eap_payload_t *this = eap_payload_create(); - + this->set_data(this, data); return this; } @@ -307,15 +281,11 @@ eap_payload_t *eap_payload_create_data(chunk_t data) */ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier) { - eap_payload_t *this = eap_payload_create(); - chunk_t data = chunk_alloca(4); - - *(data.ptr + 0) = code; - *(data.ptr + 1) = identifier; - *(u_int16_t*)(data.ptr + 2) = htons(data.len); - - this->set_data(this, data); - return this; + chunk_t data; + + data = chunk_from_chars(code, identifier, 0, 0); + htoun16(data.ptr + 2, data.len); + return eap_payload_create_data(data); } /* @@ -323,15 +293,10 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier) */ eap_payload_t *eap_payload_create_nak(u_int8_t identifier) { - eap_payload_t *this = eap_payload_create(); - chunk_t data = chunk_alloca(5); - - *(data.ptr + 0) = EAP_RESPONSE; - *(data.ptr + 1) = identifier; - *(u_int16_t*)(data.ptr + 2) = htons(data.len); - *(data.ptr + 4) = EAP_NAK; - - this->set_data(this, data); - return this; + chunk_t data; + + data = chunk_from_chars(EAP_RESPONSE, identifier, 0, 0, EAP_NAK); + htoun16(data.ptr + 2, data.len); + return eap_payload_create_data(data); } diff --git a/src/charon/encoding/payloads/eap_payload.h b/src/charon/encoding/payloads/eap_payload.h index a4d8a38c6..0bde4b15e 100644 --- a/src/charon/encoding/payloads/eap_payload.h +++ b/src/charon/encoding/payloads/eap_payload.h @@ -39,12 +39,12 @@ typedef struct eap_payload_t eap_payload_t; * The EAP payload format is described in RFC section 3.16. */ struct eap_payload_t { - + /** * The payload_t interface. */ payload_t payload_interface; - + /** * Set the contained EAP data. * @@ -54,7 +54,7 @@ struct eap_payload_t { * @param message EAP data */ void (*set_data) (eap_payload_t *this, chunk_t data); - + /** * Get the contained EAP data. * @@ -63,21 +63,21 @@ struct eap_payload_t { * @return EAP data (pointer to internal data) */ chunk_t (*get_data) (eap_payload_t *this); - + /** * Get the EAP code. * * @return EAP message as chunk_t */ eap_code_t (*get_code) (eap_payload_t *this); - + /** * Get the EAP identifier. * * @return unique identifier */ u_int8_t (*get_identifier) (eap_payload_t *this); - + /** * Get the EAP method type. * @@ -85,7 +85,7 @@ struct eap_payload_t { * @return EAP method type, vendor specific if vendor != 0 */ eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor); - + /** * Destroys an eap_payload_t object. */ @@ -109,7 +109,7 @@ eap_payload_t *eap_payload_create_data(chunk_t data); /** * Creates an eap_payload_t object with a code. * - * Could should be either EAP_SUCCESS/EAP_FAILURE, use + * Could should be either EAP_SUCCESS/EAP_FAILURE, use * constructor above otherwise. * * @param code EAP status code diff --git a/src/charon/encoding/payloads/encodings.h b/src/charon/encoding/payloads/encodings.h index 03554f0af..52af4a984 100644 --- a/src/charon/encoding/payloads/encodings.h +++ b/src/charon/encoding/payloads/encodings.h @@ -28,266 +28,266 @@ typedef struct encoding_rule_t encoding_rule_t; #include /** - * All different kinds of encoding types. + * All different kinds of encoding types. * - * Each field of an IKEv2-Message (in header or payload) + * Each field of an IKEv2-Message (in header or payload) * which has to be parsed or generated differently has its own * type defined here. * - * Header is parsed like a payload and gets its one payload_id - * from PRIVATE USE space. Also the substructures - * of specific payload types get their own payload_id + * Header is parsed like a payload and gets its one payload_id + * from PRIVATE USE space. Also the substructures + * of specific payload types get their own payload_id * from PRIVATE_USE space. See IKEv2-Draft for more informations. */ enum encoding_type_t { - + /** * Representing a 4 Bit unsigned int value. - * - * + * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 4 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 4 bit forward afterwards. */ U_INT_4, - + /** * Representing a 8 Bit unsigned int value. - * - * + * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 8 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 8 bit forward afterwards. */ U_INT_8, - + /** * Representing a 16 Bit unsigned int value. - * - * + * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. - * The current write position is moved 16 bit forward afterwards. - * + * The current write position is moved 16 bit forward afterwards. + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 16 bit forward afterwards. */ U_INT_16, - + /** * Representing a 32 Bit unsigned int value. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 32 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 32 bit forward afterwards. */ U_INT_32, - + /** * represents a RESERVED_BIT used in FLAG-Bytes. - * - * When generating, the next bit is set to zero and the current write + * + * When generating, the next bit is set to zero and the current write * position is moved one bit forward. * No value is read from the associated data struct. * The current write position is moved 1 bit forward afterwards. - * + * * When parsing, the current read pointer is moved one bit forward. * No value is written to the associated data struct. * The current read pointer is moved 1 bit forward afterwards. */ RESERVED_BIT, - + /** * represents a RESERVED_BYTE. - * - * When generating, the next byte is set to zero and the current write + * + * When generating, the next byte is set to zero and the current write * position is moved one byte forward. * No value is read from the associated data struct. * The current write position is moved 1 byte forward afterwards. - * + * * When parsing, the current read pointer is moved one byte forward. * No value is written to the associated data struct. * The current read pointer is moved 1 byte forward afterwards. */ RESERVED_BYTE, - + /** * Representing a 1 Bit flag. - * - * When generation, the next bit is set to 1 if the associated value - * in the data struct is TRUE, 0 otherwise. The current write position + * + * When generation, the next bit is set to 1 if the associated value + * in the data struct is TRUE, 0 otherwise. The current write position * is moved 1 bit forward afterwards. * - * When parsing, the next bit is read and stored in the associated data - * struct. 0 means FALSE, 1 means TRUE, The current read pointer + * When parsing, the next bit is read and stored in the associated data + * struct. 0 means FALSE, 1 means TRUE, The current read pointer * is moved 1 bit forward afterwards */ FLAG, - + /** * Representating a length field of a payload. - * - * When generating it must be changed from host to network order. + * + * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 16 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 16 bit forward afterwards. */ PAYLOAD_LENGTH, - + /** * Representating a length field of a header. - * - * When generating it must be changed from host to network order. + * + * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 32 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 32 bit forward afterwards. */ HEADER_LENGTH, - + /** * Representating a spi size field. - * - * When generating it must be changed from host to network order. + * + * When generating it must be changed from host to network order. * The value is read from the associated data struct. * The current write position is moved 8 bit forward afterwards. - * + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 8 bit forward afterwards. */ SPI_SIZE, - + /** * Representating a spi field. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing SPI_SIZE bytes are read and written into the chunk pointing to. */ SPI, - + /** * Representating a Key Exchange Data field. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. */ KEY_EXCHANGE_DATA, - + /** * Representating a Notification field. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - spi size - 8) bytes are read and written into the chunk pointing to. */ NOTIFICATION_DATA, - + /** * Representating one or more proposal substructures. - * + * * The offset points to a linked_list_t pointer. - * - * When generating the proposal_substructure_t objects are stored + * + * When generating the proposal_substructure_t objects are stored * in the pointed linked_list. - * - * When parsing the parsed proposal_substructure_t objects have + * + * When parsing the parsed proposal_substructure_t objects have * to be stored in the pointed linked_list. - */ + */ PROPOSALS, - + /** * Representating one or more transform substructures. - * + * * The offset points to a linked_list_t pointer. - * - * When generating the transform_substructure_t objects are stored + * + * When generating the transform_substructure_t objects are stored * in the pointed linked_list. - * - * When parsing the parsed transform_substructure_t objects have + * + * When parsing the parsed transform_substructure_t objects have * to be stored in the pointed linked_list. - */ + */ TRANSFORMS, - + /** * Representating one or more Attributes of a transform substructure. - * + * * The offset points to a linked_list_t pointer. - * - * When generating the transform_attribute_t objects are stored + * + * When generating the transform_attribute_t objects are stored * in the pointed linked_list. - * - * When parsing the parsed transform_attribute_t objects have + * + * When parsing the parsed transform_attribute_t objects have * to be stored in the pointed linked_list. - */ + */ TRANSFORM_ATTRIBUTES, /** * Representating one or more Attributes of a configuration payload. - * + * * The offset points to a linked_list_t pointer. - * - * When generating the configuration_attribute_t objects are stored + * + * When generating the configuration_attribute_t objects are stored * in the pointed linked_list. - * - * When parsing the parsed configuration_attribute_t objects have + * + * When parsing the parsed configuration_attribute_t objects have * to be stored in the pointed linked_list. - */ + */ CONFIGURATION_ATTRIBUTES, - + /** - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. */ CONFIGURATION_ATTRIBUTE_VALUE, - + /** * Representing a 1 Bit flag specifying the format of a transform attribute. - * - * When generation, the next bit is set to 1 if the associated value - * in the data struct is TRUE, 0 otherwise. The current write position + * + * When generation, the next bit is set to 1 if the associated value + * in the data struct is TRUE, 0 otherwise. The current write position * is moved 1 bit forward afterwards. * - * When parsing, the next bit is read and stored in the associated data - * struct. 0 means FALSE, 1 means TRUE, The current read pointer + * When parsing, the next bit is read and stored in the associated data + * struct. 0 means FALSE, 1 means TRUE, The current read pointer * is moved 1 bit forward afterwards. */ ATTRIBUTE_FORMAT, /** - * Representing a 15 Bit unsigned int value used as attribute type + * Representing a 15 Bit unsigned int value used as attribute type * in an attribute transform. - * - * + * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. - * The current write position is moved 15 bit forward afterwards. - * + * The current write position is moved 15 bit forward afterwards. + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 15 bit forward afterwards. @@ -298,11 +298,11 @@ enum encoding_type_t { * Depending on the field of type ATTRIBUTE_FORMAT * this field contains the length or the value of an transform attribute. * Its stored in a 16 unsigned integer field. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. - * The current write position is moved 16 bit forward afterwards. - * + * The current write position is moved 16 bit forward afterwards. + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 16 bit forward afterwards. @@ -312,11 +312,11 @@ enum encoding_type_t { /** * This field contains the length or the value of an configuration attribute. * Its stored in a 16 unsigned integer field. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. - * The current write position is moved 16 bit forward afterwards. - * + * The current write position is moved 16 bit forward afterwards. + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 16 bit forward afterwards. @@ -325,155 +325,155 @@ enum encoding_type_t { /** * Depending on the field of type ATTRIBUTE_FORMAT - * this field is available or missing and so parsed/generated + * this field is available or missing and so parsed/generated * or not parsed/not generated. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing SPI_SIZE bytes are read and written into the chunk pointing to. */ ATTRIBUTE_VALUE, - + /** * Representating one or more Traffic selectors of a TS payload. - * + * * The offset points to a linked_list_t pointer. - * - * When generating the traffic_selector_substructure_t objects are stored + * + * When generating the traffic_selector_substructure_t objects are stored * in the pointed linked_list. - * - * When parsing the parsed traffic_selector_substructure_t objects have + * + * When parsing the parsed traffic_selector_substructure_t objects have * to be stored in the pointed linked_list. - */ + */ TRAFFIC_SELECTORS, - + /** * Representating a Traffic selector type field. - * + * * When generating it must be changed from host to network order. * The value is read from the associated data struct. - * The current write position is moved 16 bit forward afterwards. - * + * The current write position is moved 16 bit forward afterwards. + * * When parsing it must be changed from network to host order. * The value is written to the associated data struct. * The current read pointer is moved 16 bit forward afterwards. */ TS_TYPE, - + /** * Representating an address field in a traffic selector. - * + * * Depending on the last field of type TS_TYPE * this field is either 4 or 16 byte long. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing 4 or 16 bytes are read and written into the chunk pointing to. */ ADDRESS, /** * Representating a Nonce Data field. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. */ NONCE_DATA, - + /** * Representating a ID Data field. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. */ ID_DATA, - + /** * Representating a AUTH Data field. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. */ AUTH_DATA, - + /** * Representating a CERT Data field. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 5) bytes are read and written into the chunk pointing to. */ CERT_DATA, /** * Representating a CERTREQ Data field. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 5) bytes are read and written into the chunk pointing to. */ CERTREQ_DATA, - + /** * Representating an EAP message field. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. */ EAP_DATA, - + /** * Representating the SPIS field in a DELETE payload. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. */ SPIS, - + /** * Representating the VID DATA field in a VENDOR ID payload. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. */ VID_DATA, - + /** * Representating the DATA of an unknown payload. - * - * When generating the content of the chunkt pointing to - * is written. - * + * + * When generating the content of the chunkt pointing to + * is written. + * * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. */ UNKNOWN_DATA, - + /** * Representating an IKE_SPI field in an IKEv2 Header. - * - * When generating the value of the u_int64_t pointing to - * is written (host and networ order is not changed). - * + * + * When generating the value of the u_int64_t pointing to + * is written (host and networ order is not changed). + * * When parsing 8 bytes are read and written into the u_int64_t pointing to. */ IKE_SPI, - + /** * Representing the encrypted data body of a encryption payload. */ @@ -488,25 +488,25 @@ extern enum_name_t *encoding_type_names; /** * Rule how to en-/decode a payload field. * - * An encoding rule is a mapping of a specific encoding type to + * An encoding rule is a mapping of a specific encoding type to * a location in the data struct where the current field is stored to * or read from. * This rules are used by parser and generator. */ struct encoding_rule_t { - + /** * Encoding type. */ encoding_type_t type; - + /** * Offset in the data struct. - * - * When parsing, data are written to this offset of the + * + * When parsing, data are written to this offset of the * data struct. - * - * When generating, data are read from this offset in the + * + * When generating, data are read from this offset in the * data struct. */ u_int32_t offset; diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/charon/encoding/payloads/encryption_payload.c index 55a37bb25..389ab09d7 100644 --- a/src/charon/encoding/payloads/encryption_payload.c +++ b/src/charon/encoding/payloads/encryption_payload.c @@ -32,19 +32,19 @@ typedef struct private_encryption_payload_t private_encryption_payload_t; /** * Private data of an encryption_payload_t' Object. - * + * */ struct private_encryption_payload_t { - + /** * Public encryption_payload_t interface. */ encryption_payload_t public; - + /** - * There is no next payload for an encryption payload, + * There is no next payload for an encryption payload, * since encryption payload MUST be the last one. - * next_payload means here the first payload of the + * next_payload means here the first payload of the * contained, encrypted payload. */ u_int8_t next_payload; @@ -53,33 +53,33 @@ struct private_encryption_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload */ u_int16_t payload_length; - + /** * Chunk containing the iv, data, padding, * and (an eventually not calculated) signature. */ chunk_t encrypted; - + /** * Chunk containing the data in decrypted (unpadded) form. */ chunk_t decrypted; - + /** * Signer set by set_signer. */ signer_t *signer; - + /** * Crypter, supplied by encrypt/decrypt */ crypter_t *crypter; - + /** * Contained payloads of this encrpytion_payload. */ @@ -88,10 +88,10 @@ struct private_encryption_payload_t { /** * Encoding rules to parse or generate a IKEv2-Encryption Payload. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_encryption_payload_t. - * + * */ encoding_rule_t encryption_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ @@ -170,7 +170,7 @@ static payload_type_t get_next_type(private_encryption_payload_t *this) */ static void set_next_type(private_encryption_payload_t *this, payload_type_t type) { - /* set next type is not allowed, since this payload MUST be the last one + /* set next type is not allowed, since this payload MUST be the last one * and so nothing is done in here*/ } @@ -190,7 +190,7 @@ static void compute_length(private_encryption_payload_t *this) length += current_payload->get_length(current_payload); } iterator->destroy(iterator); - + if (this->crypter && this->signer) { /* append one byte for padding length */ @@ -268,13 +268,13 @@ static void generate(private_encryption_payload_t *this) payload_t *current_payload, *next_payload; generator_t *generator; iterator_t *iterator; - + /* recalculate length before generating */ compute_length(this); - + /* create iterator */ iterator = this->payloads->create_iterator(this->payloads, TRUE); - + /* get first payload */ if (iterator->iterate(iterator, (void**)¤t_payload)) { @@ -289,9 +289,9 @@ static void generate(private_encryption_payload_t *this) iterator->destroy(iterator); return; } - + generator = generator_create(); - + /* build all payload, except last */ while(iterator->iterate(iterator, (void**)&next_payload)) { @@ -300,14 +300,14 @@ static void generate(private_encryption_payload_t *this) current_payload = next_payload; } iterator->destroy(iterator); - + /* build last payload */ current_payload->set_next_type(current_payload, NO_PAYLOAD); generator->generate_payload(generator, current_payload); - + /* free already generated data */ free(this->decrypted.ptr); - + generator->write_to_chunk(generator, &(this->decrypted)); generator->destroy(generator); DBG2(DBG_ENC, "successfully generated content in encryption payload"); @@ -321,13 +321,13 @@ static status_t encrypt(private_encryption_payload_t *this) chunk_t iv, padding, to_crypt, result; rng_t *rng; size_t block_size; - + if (this->signer == NULL || this->crypter == NULL) { DBG1(DBG_ENC, "could not encrypt, signer/crypter not set"); return INVALID_STATE; } - + /* for random data in iv and padding */ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) @@ -337,15 +337,15 @@ static status_t encrypt(private_encryption_payload_t *this) } /* build payload chunk */ generate(this); - + DBG2(DBG_ENC, "encrypting payloads"); DBG3(DBG_ENC, "data to encrypt %B", &this->decrypted); - + /* build padding */ block_size = this->crypter->get_block_size(this->crypter); padding.len = block_size - ((this->decrypted.len + 1) % block_size); rng->allocate_bytes(rng, padding.len, &padding); - + /* concatenate payload data, padding, padding len */ to_crypt.len = this->decrypted.len + padding.len + 1; to_crypt.ptr = malloc(to_crypt.len); @@ -353,36 +353,36 @@ static status_t encrypt(private_encryption_payload_t *this) memcpy(to_crypt.ptr, this->decrypted.ptr, this->decrypted.len); memcpy(to_crypt.ptr + this->decrypted.len, padding.ptr, padding.len); *(to_crypt.ptr + to_crypt.len - 1) = padding.len; - + /* build iv */ iv.len = block_size; rng->allocate_bytes(rng, iv.len, &iv); rng->destroy(rng); - + DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt); - + /* encrypt to_crypt chunk */ free(this->encrypted.ptr); this->crypter->encrypt(this->crypter, to_crypt, iv, &result); free(padding.ptr); free(to_crypt.ptr); - + DBG3(DBG_ENC, "data after encryption %B", &result); - + /* build encrypted result with iv and signature */ this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer); free(this->encrypted.ptr); this->encrypted.ptr = malloc(this->encrypted.len); - + /* fill in result, signature is left out */ memcpy(this->encrypted.ptr, iv.ptr, iv.len); memcpy(this->encrypted.ptr + iv.len, result.ptr, result.len); - + free(result.ptr); free(iv.ptr); DBG3(DBG_ENC, "data after encryption with IV and (invalid) signature %B", &this->encrypted); - + return SUCCESS; } @@ -394,16 +394,16 @@ static status_t parse(private_encryption_payload_t *this) parser_t *parser; status_t status; payload_type_t current_payload_type; - + /* build a parser on the decrypted data */ parser = parser_create(this->decrypted); - + current_payload_type = this->next_payload; /* parse all payloads */ while (current_payload_type != NO_PAYLOAD) { - payload_t *current_payload; - + payload_t *current_payload; + status = parser->parse_payload(parser, current_payload_type, (payload_t**)¤t_payload); if (status != SUCCESS) { @@ -423,7 +423,7 @@ static status_t parse(private_encryption_payload_t *this) /* get next payload type */ current_payload_type = current_payload->get_next_type(current_payload); - + this->payloads->insert_last(this->payloads,current_payload); } parser->destroy(parser); @@ -438,50 +438,50 @@ static status_t decrypt(private_encryption_payload_t *this) { chunk_t iv, concatenated; u_int8_t padding_length; - + DBG2(DBG_ENC, "decrypting encryption payload"); DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B", &this->encrypted); - + if (this->signer == NULL || this->crypter == NULL) { DBG1(DBG_ENC, "could not decrypt, no crypter/signer set"); return INVALID_STATE; } - + /* get IV */ iv.len = this->crypter->get_block_size(this->crypter); - + iv.ptr = this->encrypted.ptr; - + /* point concatenated to data + padding + padding_length*/ concatenated.ptr = this->encrypted.ptr + iv.len; concatenated.len = this->encrypted.len - iv.len - this->signer->get_block_size(this->signer); - + /* concatenated must be a multiple of block_size of crypter */ if (concatenated.len < iv.len || concatenated.len % iv.len) { DBG1(DBG_ENC, "could not decrypt, invalid input"); return FAILED; } - + /* free previus data, if any */ free(this->decrypted.ptr); - + DBG3(DBG_ENC, "data before decryption %B", &concatenated); - + this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted); DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted); - + /* get padding length, sits just bevore signature */ padding_length = *(this->decrypted.ptr + this->decrypted.len - 1); - /* add one byte to the padding length, since the padding_length field is + /* add one byte to the padding length, since the padding_length field is * not included */ padding_length++; this->decrypted.len -= padding_length; - + /* check size again */ if (padding_length > concatenated.len || this->decrypted.len < 0) { @@ -489,7 +489,7 @@ static status_t decrypt(private_encryption_payload_t *this) /* decryption failed :-/ */ return FAILED; } - + /* free padding */ this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len); DBG3(DBG_ENC, "data after decryption without padding %B", &this->decrypted); @@ -513,13 +513,13 @@ static status_t build_signature(private_encryption_payload_t *this, chunk_t data { chunk_t data_without_sig = data; chunk_t sig; - + if (this->signer == NULL) { DBG1(DBG_ENC, "unable to build signature, no signer set"); return INVALID_STATE; } - + sig.len = this->signer->get_block_size(this->signer); data_without_sig.len -= sig.len; sig.ptr = data.ptr + data_without_sig.len; @@ -535,7 +535,7 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat { chunk_t sig, data_without_sig; bool valid; - + if (this->signer == NULL) { DBG1(DBG_ENC, "unable to verify signature, no signer set"); @@ -549,18 +549,18 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat return FAILED; } sig.ptr = data.ptr + data.len - sig.len; - + /* verify it */ data_without_sig.len = data.len - sig.len; data_without_sig.ptr = data.ptr; valid = this->signer->verify_signature(this->signer, data_without_sig, sig); - + if (!valid) { DBG1(DBG_ENC, "signature verification failed"); return FAILED; } - + DBG2(DBG_ENC, "signature verification successful"); return SUCCESS; } @@ -582,7 +582,7 @@ static void destroy(private_encryption_payload_t *this) encryption_payload_t *encryption_payload_create() { private_encryption_payload_t *this = malloc_thing(private_encryption_payload_t); - + /* payload_t interface functions */ this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; @@ -591,20 +591,20 @@ encryption_payload_t *encryption_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.create_payload_iterator = (iterator_t * (*) (encryption_payload_t *,bool)) create_payload_iterator; this->public.add_payload = (void (*) (encryption_payload_t *,payload_t *)) add_payload; this->public.remove_first_payload = (status_t (*)(encryption_payload_t*, payload_t **)) remove_first_payload; this->public.get_payload_count = (size_t (*)(encryption_payload_t*)) get_payload_count; - + this->public.encrypt = (status_t (*) (encryption_payload_t *)) encrypt; this->public.decrypt = (status_t (*) (encryption_payload_t *)) decrypt; this->public.set_transforms = (void (*) (encryption_payload_t*,crypter_t*,signer_t*)) set_transforms; this->public.build_signature = (status_t (*) (encryption_payload_t*, chunk_t)) build_signature; this->public.verify_signature = (status_t (*) (encryption_payload_t*, chunk_t)) verify_signature; this->public.destroy = (void (*) (encryption_payload_t *)) destroy; - + /* set default values of the fields */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; @@ -614,6 +614,6 @@ encryption_payload_t *encryption_payload_create() this->signer = NULL; this->crypter = NULL; this->payloads = linked_list_create(); - + return (&(this->public)); } diff --git a/src/charon/encoding/payloads/encryption_payload.h b/src/charon/encoding/payloads/encryption_payload.h index 3b94587ec..ac5326b87 100644 --- a/src/charon/encoding/payloads/encryption_payload.h +++ b/src/charon/encoding/payloads/encryption_payload.h @@ -39,7 +39,7 @@ typedef struct encryption_payload_t encryption_payload_t; /** * The encryption payload as described in RFC section 3.14. * - * Before any crypt/decrypt/sign/verify operation can occur, + * Before any crypt/decrypt/sign/verify operation can occur, * the transforms must be set. After that, a parsed encryption payload * can be decrypted, which also will parse the contained payloads. * Encryption is done the same way, added payloads will get generated @@ -54,24 +54,24 @@ struct encryption_payload_t { * Implements payload_t interface. */ payload_t payload_interface; - + /** * Creates an iterator for all contained payloads. - * + * * iterator_t object has to get destroyed by the caller. * * @param forward iterator direction (TRUE: front to end) * return created iterator_t object */ iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward); - + /** * Adds a payload to this encryption payload. * * @param payload payload_t object to add */ void (*add_payload) (encryption_payload_t *this, payload_t *payload); - + /** * Reove the last payload in the contained payload list. * @@ -81,20 +81,20 @@ struct encryption_payload_t { * - NOT_FOUND if list empty */ status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload); - + /** * Get the number of payloads. * * @return number of contained payloads */ size_t (*get_payload_count) (encryption_payload_t *this); - + /** * Set transforms to use. - * + * * To decryption, encryption, signature building and verifying, * the payload needs a crypter and a signer object. - * + * * @warning Do NOT call this function again after encryption, since * the signer must be the same while encrypting and signature building! * @@ -102,10 +102,10 @@ struct encryption_payload_t { * @param signer signer_t to use for data signing/verifying */ void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer); - + /** * Generate and encrypt contained payloads. - * + * * This function generates the content for added payloads * and encrypts them. Signature is not built, since we need * additional data (the full message). @@ -113,11 +113,11 @@ struct encryption_payload_t { * @return SUCCESS, or INVALID_STATE if transforms not set */ status_t (*encrypt) (encryption_payload_t *this); - + /** * Decrypt and parse contained payloads. - * - * This function decrypts the contained data. After, + * + * This function decrypts the contained data. After, * the payloads are parsed internally and are accessible * via the iterator. * @@ -127,29 +127,29 @@ struct encryption_payload_t { * - FAILED if data is invalid */ status_t (*decrypt) (encryption_payload_t *this); - + /** * Build the signature. - * + * * The signature is built over the FULL message, so the header * and every payload (inclusive this one) must already be generated. * The generated message is supplied via the data paramater. - * + * * @param data chunk contains the already generated message * @return * - SUCCESS, or * - INVALID_STATE if transforms not set */ status_t (*build_signature) (encryption_payload_t *this, chunk_t data); - + /** * Verify the signature. - * + * * Since the signature is built over the full message, we need * this data to do the verification. The message data * is supplied via the data argument. - * - * @param data chunk contains the message + * + * @param data chunk contains the message * @return * - SUCCESS, or * - FAILED if signature invalid, or @@ -165,7 +165,7 @@ struct encryption_payload_t { /** * Creates an empty encryption_payload_t object. - * + * * @return encryption_payload_t object */ encryption_payload_t *encryption_payload_create(void); diff --git a/src/charon/encoding/payloads/endpoint_notify.c b/src/charon/encoding/payloads/endpoint_notify.c index c30d29942..faec1ea71 100644 --- a/src/charon/encoding/payloads/endpoint_notify.c +++ b/src/charon/encoding/payloads/endpoint_notify.c @@ -23,34 +23,33 @@ typedef struct private_endpoint_notify_t private_endpoint_notify_t; /** * Private data of an notify_payload_t object. - * */ struct private_endpoint_notify_t { /** * Public endpoint_notify_t interface. */ endpoint_notify_t public; - + /** * Priority */ u_int32_t priority; - + /** * Family */ me_endpoint_family_t family; - + /** * Endpoint type */ me_endpoint_type_t type; - + /** * Endpoint */ host_t *endpoint; - + /** * Base (used for server reflexive endpoints) */ @@ -65,7 +64,7 @@ struct private_endpoint_notify_t { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Family ! Type ! Port ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! IP Address (variable) + ! IP Address (variable) ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ @@ -122,9 +121,9 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t chunk_t addr; u_int8_t *cur = data.ptr; u_int8_t *top = data.ptr + data.len; - + DBG3(DBG_IKE, "me_endpoint_data %B", &data); - + if (parse_uint32(&cur, top, &this->priority) != SUCCESS) { DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid priority"); @@ -136,20 +135,19 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid family"); return FAILED; } - this->family = (me_endpoint_family_t)family; - - if (parse_uint8(&cur, top, &type) != SUCCESS || type >= MAX_TYPE) + + if (parse_uint8(&cur, top, &type) != SUCCESS || + type == NO_TYPE || type >= MAX_TYPE) { DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid type"); return FAILED; } - this->type = (me_endpoint_type_t)type; - + addr_family = AF_INET; addr.len = 4; - + switch(this->family) { case IPv6: @@ -160,24 +158,23 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t if (parse_uint16(&cur, top, &port) != SUCCESS) { DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid port"); - return FAILED; + return FAILED; } - + if (cur + addr.len > top) { DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid IP address"); return FAILED; } - + addr.ptr = cur; - this->endpoint = host_create_from_chunk(addr_family, addr, port); break; case NO_FAMILY: default: this->endpoint = NULL; break; - } + } return SUCCESS; } @@ -192,14 +189,14 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) u_int32_t prio; u_int16_t port; u_int8_t family, type; - + prio = htonl(this->priority); prio_chunk = chunk_from_thing(prio); family = this->family; family_chunk = chunk_from_thing(family); type = this->type; type_chunk = chunk_from_thing(type); - + if (this->endpoint) { port = htons(this->endpoint->get_port(this->endpoint)); @@ -208,15 +205,14 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) else { port = 0; - addr_chunk = chunk_empty; + addr_chunk = chunk_empty; } port_chunk = chunk_from_thing(port); - + /* data = prio | family | type | port | addr */ data = chunk_cat("ccccc", prio_chunk, family_chunk, type_chunk, - port_chunk, addr_chunk); + port_chunk, addr_chunk); DBG3(DBG_IKE, "me_endpoint_data %B", &data); - return data; } @@ -226,14 +222,14 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) static notify_payload_t *build_notify(private_endpoint_notify_t *this) { chunk_t data; - notify_payload_t *notify; - + notify_payload_t *notify; + notify = notify_payload_create(); notify->set_notify_type(notify, ME_ENDPOINT); data = build_notification_data(this); notify->set_notification_data(notify, data); chunk_free(&data); - + return notify; } @@ -291,7 +287,7 @@ static host_t *get_base(private_endpoint_notify_t *this) static endpoint_notify_t *_clone(private_endpoint_notify_t *this) { private_endpoint_notify_t *clone = (private_endpoint_notify_t*)endpoint_notify_create(); - + clone->priority = this->priority; clone->type = this->type; clone->family = this->family; @@ -299,12 +295,12 @@ static endpoint_notify_t *_clone(private_endpoint_notify_t *this) { clone->endpoint = this->endpoint->clone(this->endpoint); } - + if (this->base) { clone->base = this->base->clone(this->base); } - + return &clone->public; } @@ -336,14 +332,14 @@ endpoint_notify_t *endpoint_notify_create() this->public.build_notify = (notify_payload_t *(*) (endpoint_notify_t *)) build_notify; this->public.clone = (endpoint_notify_t *(*) (endpoint_notify_t *)) _clone; this->public.destroy = (void (*) (endpoint_notify_t *)) destroy; - + /* set default values of the fields */ this->priority = 0; this->family = NO_FAMILY; this->type = NO_TYPE; this->endpoint = NULL; this->base = NULL; - + return &this->public; } @@ -353,34 +349,34 @@ endpoint_notify_t *endpoint_notify_create() endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base) { private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create(); - + this->type = type; - + switch(type) { case HOST: - this->priority = pow(2, 16) * ME_PRIO_HOST; + this->priority = pow(2, 16) * ME_PRIO_HOST; break; case PEER_REFLEXIVE: - this->priority = pow(2, 16) * ME_PRIO_PEER; + this->priority = pow(2, 16) * ME_PRIO_PEER; break; case SERVER_REFLEXIVE: - this->priority = pow(2, 16) * ME_PRIO_SERVER; + this->priority = pow(2, 16) * ME_PRIO_SERVER; break; case RELAYED: default: - this->priority = pow(2, 16) * ME_PRIO_RELAY; + this->priority = pow(2, 16) * ME_PRIO_RELAY; break; } - + /* FIXME: if there is more than one ip address we should vary this priority */ this->priority += 65535; - + if (!host) { return &this->public; } - + switch(host->get_family(host)) { case AF_INET: @@ -394,14 +390,14 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, hos * (family is set to NO_FAMILY) */ return &this->public; } - + this->endpoint = host->clone(host); - + if (base) { this->base = base->clone(base); } - + return &this->public; } @@ -414,7 +410,7 @@ endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify) { return NULL; } - + private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create(); chunk_t data = notify->get_notification_data(notify); if (parse_notification_data(this, data) != SUCCESS) diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/charon/encoding/payloads/endpoint_notify.h index 66aabc683..120eef49a 100644 --- a/src/charon/encoding/payloads/endpoint_notify.h +++ b/src/charon/encoding/payloads/endpoint_notify.h @@ -36,34 +36,34 @@ typedef struct endpoint_notify_t endpoint_notify_t; * ME endpoint families. */ enum me_endpoint_family_t { - + NO_FAMILY = 0, - + IPv4 = 1, - + IPv6 = 2, - + MAX_FAMILY = 3 - + }; /** * ME endpoint types. */ enum me_endpoint_type_t { - + NO_TYPE = 0, - + HOST = 1, - + PEER_REFLEXIVE = 2, - + SERVER_REFLEXIVE = 3, - + RELAYED = 4, - + MAX_TYPE = 5 - + }; /** @@ -79,52 +79,52 @@ extern enum_name_t *me_endpoint_type_names; struct endpoint_notify_t { /** * Returns the priority of this endpoint. - * + * * @return priority */ u_int32_t (*get_priority) (endpoint_notify_t *this); - + /** * Sets the priority of this endpoint. - * + * * @param priority priority */ void (*set_priority) (endpoint_notify_t *this, u_int32_t priority); - + /** * Returns the endpoint type of this endpoint. - * + * * @return endpoint type */ me_endpoint_type_t (*get_type) (endpoint_notify_t *this); - + /** * Returns the endpoint family of this endpoint. - * + * * @return endpoint family */ me_endpoint_family_t (*get_family) (endpoint_notify_t *this); - + /** * Returns the host of this endpoint. - * + * * @return host */ host_t *(*get_host) (endpoint_notify_t *this); - + /** * Returns the base of this endpoint. - * + * * If this is not a SERVER_REFLEXIVE endpoint, the returned host is the same * as the one returned by get_host. - * + * * @return host */ host_t *(*get_base) (endpoint_notify_t *this); - + /** - * Generates a notification payload from this endpoint. - * + * Generates a notification payload from this endpoint. + * * @return built notify_payload_t */ notify_payload_t *(*build_notify) (endpoint_notify_t *this); @@ -135,7 +135,7 @@ struct endpoint_notify_t { * @return cloned object */ endpoint_notify_t *(*clone) (endpoint_notify_t *this); - + /** * Destroys an endpoint_notify_t object. */ @@ -144,7 +144,7 @@ struct endpoint_notify_t { /** * Creates an empty endpoint_notify_t object. - * + * * @return created endpoint_notify_t object */ endpoint_notify_t *endpoint_notify_create(void); @@ -152,7 +152,7 @@ endpoint_notify_t *endpoint_notify_create(void); /** * Creates an endpoint_notify_t object from a host. - * + * * @param type the endpoint type * @param host host to base the notify on (gets cloned) * @param base base of the endpoint, applies only to reflexive endpoints (gets cloned) @@ -163,7 +163,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, /** * Creates an endpoint_notify_t object from a notify payload. - * + * * @param notify the notify payload * @return - created endpoint_notify_t object * - NULL if invalid payload diff --git a/src/charon/encoding/payloads/id_payload.c b/src/charon/encoding/payloads/id_payload.c index 4a527cb24..4158c3e07 100644 --- a/src/charon/encoding/payloads/id_payload.c +++ b/src/charon/encoding/payloads/id_payload.c @@ -27,19 +27,19 @@ typedef struct private_id_payload_t private_id_payload_t; /** * Private data of an id_payload_t object. - * + * */ struct private_id_payload_t { /** * Public id_payload_t interface. */ id_payload_t public; - + /** * one of ID_INITIATOR, ID_RESPONDER */ payload_type_t payload_type; - + /** * Next payload type. */ @@ -49,17 +49,17 @@ struct private_id_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Type of the ID Data. */ u_int8_t id_type; - + /** * The contained id data value. */ @@ -68,17 +68,17 @@ struct private_id_payload_t { /** * Encoding rules to parse or generate a ID payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_id_payload_t. - * + * */ encoding_rule_t id_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_id_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_id_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ + /* 7 Bit reserved bits, nowhere stored */ { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, @@ -88,8 +88,8 @@ encoding_rule_t id_payload_encodings[] = { { RESERVED_BIT, 0 }, /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_id_payload_t, payload_length) }, - /* 1 Byte ID type*/ - { U_INT_8, offsetof(private_id_payload_t, id_type) }, + /* 1 Byte ID type*/ + { U_INT_8, offsetof(private_id_payload_t, id_type) }, /* 3 reserved bytes */ { RESERVED_BYTE, 0 }, { RESERVED_BYTE, 0 }, @@ -126,7 +126,7 @@ static status_t verify(private_id_payload_t *this) DBG1(DBG_ENC, "received ID with reserved type %d", this->id_type); return FAILED; } - + return SUCCESS; } @@ -242,7 +242,7 @@ static void destroy(private_id_payload_t *this) { chunk_free(&(this->id_data)); } - free(this); + free(this); } /* @@ -260,7 +260,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type) this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (id_payload_t *)) destroy; this->public.set_id_type = (void (*) (id_payload_t *,id_type_t)) set_id_type; @@ -268,7 +268,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type) this->public.set_data = (void (*) (id_payload_t *,chunk_t)) set_data; this->public.get_data = (chunk_t (*) (id_payload_t *)) get_data; this->public.get_data_clone = (chunk_t (*) (id_payload_t *)) get_data_clone; - + this->public.get_identification = (identification_t * (*) (id_payload_t *this)) get_identification; /* private variables */ diff --git a/src/charon/encoding/payloads/id_payload.h b/src/charon/encoding/payloads/id_payload.h index 555b1324b..5502dc961 100644 --- a/src/charon/encoding/payloads/id_payload.h +++ b/src/charon/encoding/payloads/id_payload.h @@ -51,35 +51,35 @@ struct id_payload_t { * @param type Type of ID */ void (*set_id_type) (id_payload_t *this, id_type_t type); - + /** * Get the ID type. * - * @return type of the ID + * @return type of the ID */ id_type_t (*get_id_type) (id_payload_t *this); - + /** * Set the ID data. - * + * * Data are getting cloned. * * @param data ID data as chunk_t */ void (*set_data) (id_payload_t *this, chunk_t data); - + /** * Get the ID data. - * + * * Returned data are a copy of the internal one * * @return ID data as chunk_t */ chunk_t (*get_data_clone) (id_payload_t *this); - + /** * Get the ID data. - * + * * Returned data are NOT copied. * * @return ID data as chunk_t @@ -88,13 +88,13 @@ struct id_payload_t { /** * Creates an identification object of this id payload. - * + * * Returned object has to get destroyed by the caller. * - * @return identification_t object + * @return identification_t object */ identification_t *(*get_identification) (id_payload_t *this); - + /** * Destroys an id_payload_t object. */ @@ -103,7 +103,7 @@ struct id_payload_t { /** * Creates an empty id_payload_t object. - * + * * @param payload_type one of ID_INITIATOR, ID_RESPONDER * @return id_payload_t object */ @@ -111,7 +111,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type); /** * Creates an id_payload_t from an existing identification_t object. - * + * * @param payload_type one of ID_INITIATOR, ID_RESPONDER * @param identification identification_t object * @return id_payload_t object diff --git a/src/charon/encoding/payloads/ike_header.c b/src/charon/encoding/payloads/ike_header.c index d27bfb82c..735f01304 100644 --- a/src/charon/encoding/payloads/ike_header.c +++ b/src/charon/encoding/payloads/ike_header.c @@ -27,14 +27,13 @@ typedef struct private_ike_header_t private_ike_header_t; /** * Private data of an ike_header_t object. - * */ struct private_ike_header_t { /** * Public interface. */ ike_header_t public; - + /** * SPI of the initiator. */ @@ -56,19 +55,18 @@ struct private_ike_header_t { /** * IKE minor version. - */ + */ u_int8_t min_version; /** * Exchange type . - */ + */ u_int8_t exchange_type; - + /** * Flags of the Message. - * */ - struct { + struct { /** * Sender is initiator of the associated IKE_SA_INIT-Exchange. */ @@ -89,11 +87,11 @@ struct private_ike_header_t { * Associated Message-ID. */ u_int32_t message_id; - + /** * Length of the whole IKEv2-Message (header and all payloads). */ - u_int32_t length; + u_int32_t length; }; ENUM_BEGIN(exchange_type_names, EXCHANGE_TYPE_UNDEFINED, EXCHANGE_TYPE_UNDEFINED, @@ -113,38 +111,37 @@ ENUM_END(exchange_type_names, INFORMATIONAL); /** * Encoding rules to parse or generate a IKEv2-Header. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * ike_header_t. - * */ encoding_rule_t ike_header_encodings[] = { - /* 8 Byte SPI, stored in the field initiator_spi */ + /* 8 Byte SPI, stored in the field initiator_spi */ { IKE_SPI, offsetof(private_ike_header_t, initiator_spi) }, - /* 8 Byte SPI, stored in the field responder_spi */ + /* 8 Byte SPI, stored in the field responder_spi */ { IKE_SPI, offsetof(private_ike_header_t, responder_spi) }, - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_ike_header_t, next_payload) }, - /* 4 Bit major version, stored in the field maj_version */ + /* 4 Bit major version, stored in the field maj_version */ { U_INT_4, offsetof(private_ike_header_t, maj_version) }, - /* 4 Bit minor version, stored in the field min_version */ + /* 4 Bit minor version, stored in the field min_version */ { U_INT_4, offsetof(private_ike_header_t, min_version) }, /* 8 Bit for the exchange type */ { U_INT_8, offsetof(private_ike_header_t, exchange_type) }, - /* 2 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - /* 3 Bit flags, stored in the fields response, version and initiator */ - { FLAG, offsetof(private_ike_header_t, flags.response) }, + /* 2 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + /* 3 Bit flags, stored in the fields response, version and initiator */ + { FLAG, offsetof(private_ike_header_t, flags.response) }, { FLAG, offsetof(private_ike_header_t, flags.version) }, { FLAG, offsetof(private_ike_header_t, flags.initiator) }, - /* 3 Bit reserved bits, nowhere stored */ + /* 3 Bit reserved bits, nowhere stored */ { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, - /* 4 Byte message id, stored in the field message_id */ + /* 4 Byte message id, stored in the field message_id */ { U_INT_32, offsetof(private_ike_header_t, message_id) }, - /* 4 Byte length fied, stored in the field length */ + /* 4 Byte length fied, stored in the field length */ { HEADER_LENGTH, offsetof(private_ike_header_t, length) } }; @@ -194,9 +191,9 @@ static status_t verify(private_ike_header_t *this) /* initiator spi not set */ return FAILED; } - + /* verification of version is not done in here */ - + return SUCCESS; } @@ -212,7 +209,7 @@ static void set_next_type(payload_t *this,payload_type_t type) */ static u_int64_t get_initiator_spi(private_ike_header_t *this) { - return this->initiator_spi; + return this->initiator_spi; } /** @@ -228,7 +225,7 @@ static void set_initiator_spi(private_ike_header_t *this, u_int64_t initiator_sp */ static u_int64_t get_responder_spi(private_ike_header_t *this) { - return this->responder_spi; + return this->responder_spi; } /** @@ -244,7 +241,7 @@ static void set_responder_spi(private_ike_header_t *this, u_int64_t responder_sp */ static u_int8_t get_maj_version(private_ike_header_t *this) { - return this->maj_version; + return this->maj_version; } /** @@ -252,7 +249,7 @@ static u_int8_t get_maj_version(private_ike_header_t *this) */ static u_int8_t get_min_version(private_ike_header_t *this) { - return this->min_version; + return this->min_version; } /** @@ -260,7 +257,7 @@ static u_int8_t get_min_version(private_ike_header_t *this) */ static bool get_response_flag(private_ike_header_t *this) { - return this->flags.response; + return this->flags.response; } /** @@ -268,7 +265,7 @@ static bool get_response_flag(private_ike_header_t *this) */ static void set_response_flag(private_ike_header_t *this, bool response) { - this->flags.response = response; + this->flags.response = response; } /** @@ -276,7 +273,7 @@ static void set_response_flag(private_ike_header_t *this, bool response) */ static bool get_version_flag(private_ike_header_t *this) { - return this->flags.version; + return this->flags.version; } /** @@ -284,7 +281,7 @@ static bool get_version_flag(private_ike_header_t *this) */ static bool get_initiator_flag(private_ike_header_t *this) { - return this->flags.initiator; + return this->flags.initiator; } /** @@ -292,7 +289,7 @@ static bool get_initiator_flag(private_ike_header_t *this) */ static void set_initiator_flag(private_ike_header_t *this, bool initiator) { - this->flags.initiator = initiator; + this->flags.initiator = initiator; } /** @@ -300,7 +297,7 @@ static void set_initiator_flag(private_ike_header_t *this, bool initiator) */ static u_int8_t get_exchange_type(private_ike_header_t *this) { - return this->exchange_type; + return this->exchange_type; } /** @@ -308,7 +305,7 @@ static u_int8_t get_exchange_type(private_ike_header_t *this) */ static void set_exchange_type(private_ike_header_t *this, u_int8_t exchange_type) { - this->exchange_type = exchange_type; + this->exchange_type = exchange_type; } /** @@ -317,7 +314,7 @@ static void set_exchange_type(private_ike_header_t *this, u_int8_t exchange_type */ static u_int32_t get_message_id(private_ike_header_t *this) { - return this->message_id; + return this->message_id; } /** @@ -375,7 +372,7 @@ static size_t get_length(payload_t *this) ike_header_t *ike_header_create() { private_ike_header_t *this = malloc_thing(private_ike_header_t); - + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = get_encoding_rules; this->public.payload_interface.get_length = get_length; @@ -384,7 +381,7 @@ ike_header_t *ike_header_create() this->public.payload_interface.get_type = get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.destroy = destroy; - + this->public.get_initiator_spi = (u_int64_t (*) (ike_header_t*))get_initiator_spi; this->public.set_initiator_spi = (void (*) (ike_header_t*,u_int64_t))set_initiator_spi; this->public.get_responder_spi = (u_int64_t (*) (ike_header_t*))get_responder_spi; @@ -400,7 +397,7 @@ ike_header_t *ike_header_create() this->public.set_exchange_type = (void (*) (ike_header_t*,u_int8_t))set_exchange_type; this->public.get_message_id = (u_int32_t (*) (ike_header_t*))get_message_id; this->public.set_message_id = (void (*) (ike_header_t*,u_int32_t))set_message_id; - + /* set default values of the fields */ this->initiator_spi = 0; this->responder_spi = 0; @@ -413,6 +410,6 @@ ike_header_t *ike_header_create() this->flags.response = FALSE; this->message_id = 0; this->length = IKE_HEADER_LENGTH; - + return (ike_header_t*)this; } diff --git a/src/charon/encoding/payloads/ike_header.h b/src/charon/encoding/payloads/ike_header.h index 8de316d19..e63e8bf06 100644 --- a/src/charon/encoding/payloads/ike_header.h +++ b/src/charon/encoding/payloads/ike_header.h @@ -60,7 +60,7 @@ enum exchange_type_t{ * EXCHANGE_TYPE_UNDEFINED. In private space, since not a official message type. */ EXCHANGE_TYPE_UNDEFINED = 255, - + /** * IKE_SA_INIT. */ @@ -94,11 +94,11 @@ enum exchange_type_t{ extern enum_name_t *exchange_type_names; /** - * An object of this type represents an IKEv2 header and is used to + * An object of this type represents an IKEv2 header and is used to * generate and parse IKEv2 headers. - * - * The header format of an IKEv2-Message is compatible to the - * ISAKMP-Header format to allow implementations supporting + * + * The header format of an IKEv2-Message is compatible to the + * ISAKMP-Header format to allow implementations supporting * both versions of the IKE-protocol. */ struct ike_header_t { @@ -106,61 +106,60 @@ struct ike_header_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Get the initiator spi. * * @return initiator_spi */ u_int64_t (*get_initiator_spi) (ike_header_t *this); - + /** * Set the initiator spi. * * @param initiator_spi initiator_spi */ void (*set_initiator_spi) (ike_header_t *this, u_int64_t initiator_spi); - + /** * Get the responder spi. * * @return responder_spi */ u_int64_t (*get_responder_spi) (ike_header_t *this); - + /** * Set the responder spi. * * @param responder_spi responder_spi */ void (*set_responder_spi) (ike_header_t *this, u_int64_t responder_spi); - + /** * Get the major version. * * @return major version */ u_int8_t (*get_maj_version) (ike_header_t *this); - + /** * Get the minor version. * * @return minor version */ u_int8_t (*get_min_version) (ike_header_t *this); - + /** * Get the response flag. * * @return response flag */ bool (*get_response_flag) (ike_header_t *this); - + /** * Set the response flag- * * @param response response flag - * */ void (*set_response_flag) (ike_header_t *this, bool response); /** @@ -169,14 +168,14 @@ struct ike_header_t { * @return version flag */ bool (*get_version_flag) (ike_header_t *this); - + /** * Get the initiator flag. * * @return initiator flag */ bool (*get_initiator_flag) (ike_header_t *this); - + /** * Set the initiator flag. * @@ -190,28 +189,28 @@ struct ike_header_t { * @return exchange type */ u_int8_t (*get_exchange_type) (ike_header_t *this); - + /** * Set the exchange type. * * @param exchange_type exchange type */ void (*set_exchange_type) (ike_header_t *this, u_int8_t exchange_type); - + /** * Get the message id. * * @return message id */ u_int32_t (*get_message_id) (ike_header_t *this); - + /** * Set the message id. * * @param initiator_spi message id */ void (*set_message_id) (ike_header_t *this, u_int32_t message_id); - + /** * Destroys a ike_header_t object. */ @@ -220,7 +219,7 @@ struct ike_header_t { /** * Create an ike_header_t object - * + * * @return ike_header_t object */ ike_header_t *ike_header_create(void); diff --git a/src/charon/encoding/payloads/ke_payload.c b/src/charon/encoding/payloads/ke_payload.c index aa3e075ca..1bc79f084 100644 --- a/src/charon/encoding/payloads/ke_payload.c +++ b/src/charon/encoding/payloads/ke_payload.c @@ -25,14 +25,14 @@ typedef struct private_ke_payload_t private_ke_payload_t; /** * Private data of an ke_payload_t object. - * + * */ struct private_ke_payload_t { /** * Public ke_payload_t interface. */ ke_payload_t public; - + /** * Next payload type. */ @@ -42,17 +42,17 @@ struct private_ke_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * DH Group Number. */ u_int16_t dh_group_number; - + /** * Key Exchange Data of this KE payload. */ @@ -61,30 +61,30 @@ struct private_ke_payload_t { /** * Encoding rules to parse or generate a IKEv2-KE Payload. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_ke_payload_t. - * + * */ encoding_rule_t ke_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_ke_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_ke_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { FLAG, offsetof(private_ke_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) }, + { PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) }, /* DH Group number as 16 bit field*/ { U_INT_16, offsetof(private_ke_payload_t, dh_group_number) }, - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, /* Key Exchange Data is from variable size */ { KEY_EXCHANGE_DATA, offsetof(private_ke_payload_t, key_exchange_data)} }; @@ -166,7 +166,7 @@ static void compute_length(private_ke_payload_t *this) if (this->key_exchange_data.ptr != NULL) { length += this->key_exchange_data.len; - } + } this->payload_length = length; } @@ -199,9 +199,9 @@ static void set_key_exchange_data(private_ke_payload_t *this, chunk_t key_exchan free(this->key_exchange_data.ptr); this->key_exchange_data.ptr = NULL; this->key_exchange_data.len = 0; - + } - + this->key_exchange_data = chunk_clone(key_exchange_data); compute_length(this); } @@ -244,7 +244,7 @@ ke_payload_t *ke_payload_create() this->public.get_dh_group_number = (diffie_hellman_group_t (*) (ke_payload_t *)) get_dh_group_number; this->public.set_dh_group_number =(void (*) (ke_payload_t *,diffie_hellman_group_t)) set_dh_group_number; this->public.destroy = (void (*) (ke_payload_t *)) destroy; - + /* set default values of the fields */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; @@ -261,10 +261,10 @@ ke_payload_t *ke_payload_create() ke_payload_t *ke_payload_create_from_diffie_hellman(diffie_hellman_t *dh) { private_ke_payload_t *this = (private_ke_payload_t*)ke_payload_create(); - + dh->get_my_public_value(dh, &this->key_exchange_data); this->dh_group_number = dh->get_dh_group(dh); compute_length(this); - + return &this->public; } diff --git a/src/charon/encoding/payloads/ke_payload.h b/src/charon/encoding/payloads/ke_payload.h index 7e182d970..3ca05009e 100644 --- a/src/charon/encoding/payloads/ke_payload.h +++ b/src/charon/encoding/payloads/ke_payload.h @@ -45,38 +45,38 @@ struct ke_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Returns the currently set key exchange data of this KE payload. - * + * * @warning Returned data are not copied. - * + * * @return chunk_t pointing to the value */ chunk_t (*get_key_exchange_data) (ke_payload_t *this); - + /** * Sets the key exchange data of this KE payload. - * + * * Value is getting copied. - * + * * @param key_exchange_data chunk_t pointing to the value to set */ void (*set_key_exchange_data) (ke_payload_t *this, chunk_t key_exchange_data); /** * Gets the Diffie-Hellman Group Number of this KE payload. - * + * * @return DH Group Number of this payload */ diffie_hellman_group_t (*get_dh_group_number) (ke_payload_t *this); /** * Sets the Diffie-Hellman Group Number of this KE payload. - * + * * @param dh_group_number DH Group to set */ - void (*set_dh_group_number) (ke_payload_t *this, + void (*set_dh_group_number) (ke_payload_t *this, diffie_hellman_group_t dh_group_number); /** @@ -87,14 +87,14 @@ struct ke_payload_t { /** * Creates an empty ke_payload_t object - * + * * @return ke_payload_t object */ ke_payload_t *ke_payload_create(void); /** * Creates a ke_payload_t from a diffie_hellman_t - * + * * @param diffie_hellman diffie hellman object containing group and key * @return ke_payload_t object */ diff --git a/src/charon/encoding/payloads/nonce_payload.c b/src/charon/encoding/payloads/nonce_payload.c index f9e075380..4ad5ce9dd 100644 --- a/src/charon/encoding/payloads/nonce_payload.c +++ b/src/charon/encoding/payloads/nonce_payload.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /* offsetof macro */ #include @@ -26,14 +26,14 @@ typedef struct private_nonce_payload_t private_nonce_payload_t; /** * Private data of an nonce_payload_t object. - * + * */ struct private_nonce_payload_t { /** * Public nonce_payload_t interface. */ nonce_payload_t public; - + /** * Next payload type. */ @@ -43,12 +43,12 @@ struct private_nonce_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * The contained nonce value. */ @@ -57,26 +57,26 @@ struct private_nonce_payload_t { /** * Encoding rules to parse or generate a nonce payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_nonce_payload_t. - * + * */ encoding_rule_t nonce_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_nonce_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_nonce_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { FLAG, offsetof(private_nonce_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole nonce payload*/ - { PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) }, + { PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) }, /* some nonce bytes, lenth is defined in PAYLOAD_LENGTH */ { NONCE_DATA, offsetof(private_nonce_payload_t, nonce) } }; @@ -102,7 +102,7 @@ static status_t verify(private_nonce_payload_t *this) /* nonce length is wrong */ return FAILED; } - + return SUCCESS; } @@ -187,8 +187,8 @@ static void destroy(private_nonce_payload_t *this) { free(this->nonce.ptr); } - - free(this); + + free(this); } /* @@ -206,12 +206,12 @@ nonce_payload_t *nonce_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (nonce_payload_t *)) destroy; this->public.set_nonce = (void (*) (nonce_payload_t *,chunk_t)) set_nonce; this->public.get_nonce = (chunk_t (*) (nonce_payload_t *)) get_nonce; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; diff --git a/src/charon/encoding/payloads/nonce_payload.h b/src/charon/encoding/payloads/nonce_payload.h index 4adaba481..e9212202e 100644 --- a/src/charon/encoding/payloads/nonce_payload.h +++ b/src/charon/encoding/payloads/nonce_payload.h @@ -39,7 +39,7 @@ typedef struct nonce_payload_t nonce_payload_t; /** * Object representing an IKEv2 Nonce payload. - * + * * The Nonce payload format is described in RFC section 3.3. */ struct nonce_payload_t { @@ -51,17 +51,17 @@ struct nonce_payload_t { /** * Set the nonce value. * - * @param nonce chunk containing the nonce, will be cloned + * @param nonce chunk containing the nonce, will be cloned */ void (*set_nonce) (nonce_payload_t *this, chunk_t nonce); - + /** * Get the nonce value. * * @return a chunk containing the cloned nonce */ chunk_t (*get_nonce) (nonce_payload_t *this); - + /** * Destroys an nonce_payload_t object. */ @@ -70,7 +70,7 @@ struct nonce_payload_t { /** * Creates an empty nonce_payload_t object - * + * * @return nonce_payload_t object */ nonce_payload_t *nonce_payload_create(void); diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/charon/encoding/payloads/notify_payload.c index d2a995ace..469698ef5 100644 --- a/src/charon/encoding/payloads/notify_payload.c +++ b/src/charon/encoding/payloads/notify_payload.c @@ -41,7 +41,7 @@ ENUM_NEXT(notify_type_names, INVALID_KE_PAYLOAD, INVALID_KE_PAYLOAD, NO_PROPOSAL "INVALID_KE_PAYLOAD"); ENUM_NEXT(notify_type_names, AUTHENTICATION_FAILED, AUTHENTICATION_FAILED, INVALID_KE_PAYLOAD, "AUTHENTICATION_FAILED"); -ENUM_NEXT(notify_type_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED, AUTHENTICATION_FAILED, +ENUM_NEXT(notify_type_names, SINGLE_PAIR_REQUIRED, USE_ASSIGNED_HoA, AUTHENTICATION_FAILED, "SINGLE_PAIR_REQUIRED", "NO_ADDITIONAL_SAS", "INTERNAL_ADDRESS_FAILURE", @@ -49,10 +49,11 @@ ENUM_NEXT(notify_type_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED, AUTH "TS_UNACCEPTABLE", "INVALID_SELECTORS", "UNACCEPTABLE_ADDRESSES", - "UNEXPECTED_NAT_DETECTED"); -ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED, + "UNEXPECTED_NAT_DETECTED", + "USE_ASSIGNED_HoA"); +ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, USE_ASSIGNED_HoA, "ME_CONNECT_FAILED"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT, ANOTHER_AUTH_FOLLOWS, ME_CONNECT_FAILED, +ENUM_NEXT(notify_type_names, INITIAL_CONTACT, LINK_ID, ME_CONNECT_FAILED, "INITIAL_CONTACT", "SET_WINDOW_SIZE", "ADDITIONAL_TS_POSSIBLE", @@ -74,8 +75,17 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, ANOTHER_AUTH_FOLLOWS, ME_CONNECT_F "NO_NATS_ALLOWED", "AUTH_LIFETIME", "MULTIPLE_AUTH_SUPPORTED", - "ANOTHER_AUTH_FOLLOWS"); -ENUM_NEXT(notify_type_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICATION, ANOTHER_AUTH_FOLLOWS, + "ANOTHER_AUTH_FOLLOWS", + "REDIRECT_SUPPORTED", + "REDIRECT", + "REDIRECTED_FROM", + "TICKET_LT_OPAQUE", + "TICKET_REQUEST", + "TICKET_ACK", + "TICKET_NACK", + "TICKET_OPAQUE", + "LINK_ID"); +ENUM_NEXT(notify_type_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICATION, LINK_ID, "EAP_ONLY_AUTHENTICATION"); ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION, "USE_BEET_MODE"); @@ -107,7 +117,7 @@ ENUM_NEXT(notify_type_short_names, INVALID_KE_PAYLOAD, INVALID_KE_PAYLOAD, NO_PR "INVAL_KE"); ENUM_NEXT(notify_type_short_names, AUTHENTICATION_FAILED, AUTHENTICATION_FAILED, INVALID_KE_PAYLOAD, "AUTH_FAILED"); -ENUM_NEXT(notify_type_short_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED, AUTHENTICATION_FAILED, +ENUM_NEXT(notify_type_short_names, SINGLE_PAIR_REQUIRED, USE_ASSIGNED_HoA, AUTHENTICATION_FAILED, "SINGLE_PAIR", "NO_ADD_SAS", "INT_ADDR_FAIL", @@ -115,10 +125,11 @@ ENUM_NEXT(notify_type_short_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED "TS_UNACCEPT", "INVAL_SEL", "UNACCEPT_ADDR", - "UNEXPECT_NAT"); -ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED, + "UNEXPECT_NAT", + "ASSIGNED_HoA"); +ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, USE_ASSIGNED_HoA, "ME_CONN_FAIL"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, ANOTHER_AUTH_FOLLOWS, ME_CONNECT_FAILED, +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, LINK_ID, ME_CONNECT_FAILED, "INIT_CONTACT", "SET_WINSIZE", "ADD_TS_POSS", @@ -140,8 +151,17 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, ANOTHER_AUTH_FOLLOWS, ME_CON "NO_NATS", "AUTH_LFT", "MULT_AUTH", - "AUTH_FOLLOWS"); -ENUM_NEXT(notify_type_short_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICATION, ANOTHER_AUTH_FOLLOWS, + "AUTH_FOLLOWS", + "REDIR_SUP", + "REDIR", + "REDIR_FROM", + "TKT_LT_OPAK", + "TKT_REQ", + "TKT_ACK", + "TKT_NACK", + "TKT_OPAK", + "LINK_ID"); +ENUM_NEXT(notify_type_short_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICATION, LINK_ID, "EAP_ONLY"); ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION, "BEET_MODE"); @@ -160,14 +180,14 @@ typedef struct private_notify_payload_t private_notify_payload_t; /** * Private data of an notify_payload_t object. - * + * */ struct private_notify_payload_t { /** * Public notify_payload_t interface. */ notify_payload_t public; - + /** * Next payload type. */ @@ -177,27 +197,27 @@ struct private_notify_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Protocol id. */ u_int8_t protocol_id; - + /** * Spi size. */ u_int8_t spi_size; - + /** * Notify message type. */ u_int16_t notify_type; - + /** * Security parameter index (spi). */ @@ -211,26 +231,26 @@ struct private_notify_payload_t { /** * Encoding rules to parse or generate a IKEv2-Notify Payload. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_notify_payload_t. - * + * */ encoding_rule_t notify_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_notify_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_notify_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { FLAG, offsetof(private_notify_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) }, + { PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) }, /* Protocol ID as 8 bit field*/ { U_INT_8, offsetof(private_notify_payload_t, protocol_id) }, /* SPI Size as 8 bit field*/ @@ -238,7 +258,7 @@ encoding_rule_t notify_payload_encodings[] = { /* Notify message type as 16 bit field*/ { U_INT_16, offsetof(private_notify_payload_t, notify_type) }, /* SPI as variable length field*/ - { SPI, offsetof(private_notify_payload_t, spi) }, + { SPI, offsetof(private_notify_payload_t, spi) }, /* Key Exchange Data is from variable size */ { NOTIFICATION_DATA, offsetof(private_notify_payload_t, notification_data) } }; @@ -279,7 +299,7 @@ static status_t verify(private_notify_payload_t *this) DBG1(DBG_ENC, "Unknown protocol (%d)", this->protocol_id); return FAILED; } - + switch (this->notify_type) { case INVALID_KE_PAYLOAD: @@ -567,7 +587,7 @@ notify_payload_t *notify_payload_create() this->public.get_notification_data = (chunk_t (*) (notify_payload_t *)) get_notification_data; this->public.set_notification_data = (void (*) (notify_payload_t *,chunk_t)) set_notification_data; this->public.destroy = (void (*) (notify_payload_t *)) destroy; - + /* set default values of the fields */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; @@ -579,7 +599,7 @@ notify_payload_t *notify_payload_create() this->spi_size = 0; this->notification_data.ptr = NULL; this->notification_data.len = 0; - + return &this->public; } @@ -592,6 +612,6 @@ notify_payload_t *notify_payload_create_from_protocol_and_type(protocol_id_t pro notify->set_notify_type(notify,notify_type); notify->set_protocol_id(notify,protocol_id); - + return notify; } diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h index a5f501dca..0e1bc23b8 100644 --- a/src/charon/encoding/payloads/notify_payload.h +++ b/src/charon/encoding/payloads/notify_payload.h @@ -59,11 +59,15 @@ enum notify_type_t { FAILED_CP_REQUIRED = 37, TS_UNACCEPTABLE = 38, INVALID_SELECTORS = 39, + /* mobile extension, RFC 4555 */ UNACCEPTABLE_ADDRESSES = 40, UNEXPECTED_NAT_DETECTED = 41, + /* mobile IPv6 bootstrapping, RFC 5026 */ + USE_ASSIGNED_HoA = 42, + /* IKE-ME, private use */ ME_CONNECT_FAILED = 8192, - + /* notify status messages */ INITIAL_CONTACT = 16384, SET_WINDOW_SIZE = 16385, @@ -87,9 +91,21 @@ enum notify_type_t { NO_NATS_ALLOWED = 16402, /* repeated authentication extension, RFC4478 */ AUTH_LIFETIME = 16403, - /* multiple authentication exchanges, RFC 4739 */ + /* multiple authentication exchanges, RFC 4739 */ MULTIPLE_AUTH_SUPPORTED = 16404, ANOTHER_AUTH_FOLLOWS = 16405, + /* redirect mechanism, RFC 5685 */ + REDIRECT_SUPPORTED = 16406, + REDIRECT = 16407, + REDIRECTED_FROM = 16408, + /* draft-ietf-ipsecme-ikev2-resumption, assigned by IANA */ + TICKET_LT_OPAQUE = 16409, + TICKET_REQUEST = 16410, + TICKET_ACK = 16411, + TICKET_NACK = 16412, + TICKET_OPAQUE = 16413, + LINK_ID = 16414, + /* draft-eronen-ipsec-ikev2-eap-auth, not assigned by IANA yet */ EAP_ONLY_AUTHENTICATION = 40960, /* BEET mode, not even a draft yet. private use */ @@ -116,7 +132,7 @@ extern enum_name_t *notify_type_short_names; /** * Class representing an IKEv2-Notify Payload. - * + * * The Notify Payload format is described in Draft section 3.10. */ struct notify_payload_t { @@ -124,67 +140,67 @@ struct notify_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Gets the protocol id of this payload. - * + * * @return protocol id of this payload */ u_int8_t (*get_protocol_id) (notify_payload_t *this); /** * Sets the protocol id of this payload. - * + * * @param protocol_id protocol id to set */ void (*set_protocol_id) (notify_payload_t *this, u_int8_t protocol_id); /** * Gets the notify message type of this payload. - * + * * @return notify message type of this payload */ notify_type_t (*get_notify_type) (notify_payload_t *this); /** * Sets notify message type of this payload. - * + * * @param type notify message type to set */ void (*set_notify_type) (notify_payload_t *this, notify_type_t type); /** * Returns the currently set spi of this payload. - * + * * This is only valid for notifys with protocol AH|ESP * * @return SPI value */ u_int32_t (*get_spi) (notify_payload_t *this); - + /** * Sets the spi of this payload. - * + * * This is only valid for notifys with protocol AH|ESP - * + * * @param spi SPI value */ void (*set_spi) (notify_payload_t *this, u_int32_t spi); /** * Returns the currently set notification data of payload. - * + * * Returned data are not copied. - * + * * @return chunk_t pointing to the value */ chunk_t (*get_notification_data) (notify_payload_t *this); - + /** * Sets the notification data of this payload. - * + * * @warning Value is getting copied. - * + * * @param notification_data chunk_t pointing to the value to set */ void (*set_notification_data) (notify_payload_t *this, @@ -198,14 +214,14 @@ struct notify_payload_t { /** * Creates an empty notify_payload_t object - * + * * @return created notify_payload_t object */ notify_payload_t *notify_payload_create(void); /** * Creates an notify_payload_t object of specific type for specific protocol id. - * + * * @param protocol_id protocol id (IKE, AH or ESP) * @param type notify type (see notify_type_t) * @return notify_payload_t object diff --git a/src/charon/encoding/payloads/payload.h b/src/charon/encoding/payloads/payload.h index 78f5b7b97..2e783cb30 100644 --- a/src/charon/encoding/payloads/payload.h +++ b/src/charon/encoding/payloads/payload.h @@ -33,7 +33,7 @@ typedef struct payload_t payload_t; /** * Payload-Types of a IKEv2-Message. * - * Header and substructures are also defined as + * Header and substructures are also defined as * payload types with values from PRIVATE USE space. */ enum payload_type_t{ @@ -42,7 +42,7 @@ enum payload_type_t{ * End of payload list in next_payload */ NO_PAYLOAD = 0, - + /** * The security association (SA) payload containing proposals. */ @@ -122,67 +122,67 @@ enum payload_type_t{ * Extensible authentication payload (EAP). */ EXTENSIBLE_AUTHENTICATION = 48, - + #ifdef ME /** * Identification payload for peers has a value from - * the PRIVATE USE space. + * the PRIVATE USE space. */ ID_PEER = 128, #endif /* ME */ - + /** * Header has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just + * + * This payload type is not sent over wire and just * used internally to handle IKEv2-Header like a payload. */ HEADER = 140, - + /** * PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just + * + * This payload type is not sent over wire and just * used internally to handle a proposal substructure like a payload. */ PROPOSAL_SUBSTRUCTURE = 141, /** * TRANSFORM_SUBSTRUCTURE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just + * + * This payload type is not sent over wire and just * used internally to handle a transform substructure like a payload. */ TRANSFORM_SUBSTRUCTURE = 142, - + /** * TRANSFORM_ATTRIBUTE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just + * + * This payload type is not sent over wire and just * used internally to handle a transform attribute like a payload. */ TRANSFORM_ATTRIBUTE = 143, /** * TRAFFIC_SELECTOR_SUBSTRUCTURE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just + * + * This payload type is not sent over wire and just * used internally to handle a transform selector like a payload. - */ + */ TRAFFIC_SELECTOR_SUBSTRUCTURE = 144, - + /** * CONFIGURATION_ATTRIBUTE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just + * + * This payload type is not sent over wire and just * used internally to handle a transform attribute like a payload. */ CONFIGURATION_ATTRIBUTE = 145, - + /** * A unknown payload has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just + * + * This payload type is not sent over wire and just * used internally to handle a unknown payload. */ UNKNOWN_PAYLOAD = 146, @@ -201,13 +201,13 @@ extern enum_name_t *payload_type_short_names; /** * Generic interface for all payload types (incl.header and substructures). - * + * * To handle all kinds of payloads on a generic way, this interface must * be implemented by every payload. This allows parser_t/generator_t a simple * handling of all payloads. */ struct payload_t { - + /** * Get encoding rules for this payload. * @@ -229,7 +229,7 @@ struct payload_t { * @return type of next payload */ payload_type_t (*get_next_type) (payload_t *this); - + /** * Set type of next payload. * @@ -243,14 +243,14 @@ struct payload_t { * @return length of this payload */ size_t (*get_length) (payload_t *this); - + /** * Verifies payload structure and makes consistence check. * * @return SUCCESS, FAILED if consistence not given */ status_t (*verify) (payload_t *this); - + /** * Destroys a payload and all included substructures. */ @@ -259,11 +259,11 @@ struct payload_t { /** * Create an empty payload. - * + * * Useful for the parser, who wants a generic constructor for all payloads. - * It supports all payload_t methods. If a payload type is not known, + * It supports all payload_t methods. If a payload type is not known, * an unknwon_paylod is created with the chunk of data in it. - * + * * @param type type of the payload to create * @return payload_t object */ diff --git a/src/charon/encoding/payloads/proposal_substructure.c b/src/charon/encoding/payloads/proposal_substructure.c index a8166023c..c93f73a68 100644 --- a/src/charon/encoding/payloads/proposal_substructure.c +++ b/src/charon/encoding/payloads/proposal_substructure.c @@ -35,14 +35,14 @@ typedef struct private_proposal_substructure_t private_proposal_substructure_t; /** * Private data of an proposal_substructure_t object. - * + * */ struct private_proposal_substructure_t { /** * Public proposal_substructure_t interface. */ proposal_substructure_t public; - + /** * Next payload type. */ @@ -52,12 +52,12 @@ struct private_proposal_substructure_t { * Length of this payload. */ u_int16_t proposal_length; - + /** * Proposal number. */ u_int8_t proposal_number; - + /** * Protocol ID. */ @@ -66,32 +66,32 @@ struct private_proposal_substructure_t { /** * SPI size of the following SPI. */ - u_int8_t spi_size; + u_int8_t spi_size; /** * Number of transforms. */ - u_int8_t transforms_count; - - /** - * SPI is stored as chunk. - */ - chunk_t spi; - - /** - * Transforms are stored in a linked_list_t. - */ + u_int8_t transforms_count; + + /** + * SPI is stored as chunk. + */ + chunk_t spi; + + /** + * Transforms are stored in a linked_list_t. + */ linked_list_t * transforms; }; /** * Encoding rules to parse or generate a Proposal substructure. * - * The defined offsets are the positions in a object of type + * The defined offsets are the positions in a object of type * private_proposal_substructure_t. */ encoding_rule_t proposal_substructure_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_proposal_substructure_t, next_payload) }, /* Reserved Byte is skipped */ { RESERVED_BYTE, 0 }, @@ -107,7 +107,7 @@ encoding_rule_t proposal_substructure_encodings[] = { { U_INT_8, offsetof(private_proposal_substructure_t, transforms_count) }, /* SPI is a chunk of variable size*/ { SPI, offsetof(private_proposal_substructure_t, spi) }, - /* Transforms are stored in a transform substructure, + /* Transforms are stored in a transform substructure, offset points to a linked_list_t pointer */ { TRANSFORMS, offsetof(private_proposal_substructure_t, transforms) } }; @@ -136,7 +136,7 @@ static status_t verify(private_proposal_substructure_t *this) status_t status = SUCCESS; iterator_t *iterator; payload_t *current_transform; - + if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2)) { /* must be 0 or 2 */ @@ -178,7 +178,7 @@ static status_t verify(private_proposal_substructure_t *this) DBG1(DBG_ENC, "invalid protocol"); return FAILED; } - + iterator = this->transforms->create_iterator(this->transforms,TRUE); while(iterator->iterate(iterator, (void**)¤t_transform)) { @@ -190,8 +190,8 @@ static status_t verify(private_proposal_substructure_t *this) } } iterator->destroy(iterator); - - /* proposal number is checked in SA payload */ + + /* proposal number is checked in SA payload */ return status; } @@ -236,7 +236,7 @@ static void compute_length(private_proposal_substructure_t *this) payload_t *current_transform; size_t transforms_count = 0; size_t length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH; - + iterator = this->transforms->create_iterator(this->transforms,TRUE); while (iterator->iterate(iterator, (void**)¤t_transform)) { @@ -244,7 +244,7 @@ static void compute_length(private_proposal_substructure_t *this) transforms_count++; } iterator->destroy(iterator); - + length += this->spi.len; this->transforms_count = transforms_count; this->proposal_length = length; @@ -282,7 +282,7 @@ static void add_transform_substructure (private_proposal_substructure_t *this,tr } transform->set_is_last_transform(transform,TRUE); - + this->transforms->insert_last(this->transforms,(void *) transform); compute_length(this); } @@ -340,7 +340,7 @@ static void set_spi(private_proposal_substructure_t *this, chunk_t spi) this->spi.len = 0; compute_length(this); } - + this->spi.ptr = clalloc(spi.ptr,spi.len); this->spi.len = spi.len; this->spi_size = spi.len; @@ -355,7 +355,7 @@ static chunk_t get_spi(private_proposal_substructure_t *this) chunk_t spi; spi.ptr = this->spi.ptr; spi.len = this->spi.len; - + return spi; } @@ -384,24 +384,24 @@ proposal_t* get_proposal(private_proposal_substructure_t *this) transform_substructure_t *transform; proposal_t *proposal; u_int64_t spi; - + proposal = proposal_create(this->protocol_id); - + iterator = this->transforms->create_iterator(this->transforms, TRUE); while (iterator->iterate(iterator, (void**)&transform)) { transform_type_t transform_type; u_int16_t transform_id; u_int16_t key_length = 0; - + transform_type = transform->get_transform_type(transform); transform_id = transform->get_transform_id(transform); transform->get_key_length(transform, &key_length); - + proposal->add_algorithm(proposal, transform_type, transform_id, key_length); } iterator->destroy(iterator); - + switch (this->spi.len) { case 4: @@ -414,7 +414,7 @@ proposal_t* get_proposal(private_proposal_substructure_t *this) spi = 0; } proposal->set_spi(proposal, spi); - + return proposal; } @@ -426,7 +426,7 @@ static private_proposal_substructure_t* clone_(private_proposal_substructure_t * private_proposal_substructure_t *clone; iterator_t *transforms; transform_substructure_t *current_transform; - + clone = (private_proposal_substructure_t *) proposal_substructure_create(); clone->next_payload = this->next_payload; clone->proposal_number = this->proposal_number; @@ -444,8 +444,8 @@ static private_proposal_substructure_t* clone_(private_proposal_substructure_t * current_transform = current_transform->clone(current_transform); clone->public.add_transform_substructure(&clone->public, current_transform); } - transforms->destroy(transforms); - + transforms->destroy(transforms); + return clone; } @@ -468,16 +468,16 @@ proposal_substructure_t *proposal_substructure_create() { private_proposal_substructure_t *this = malloc_thing(private_proposal_substructure_t); - /* interface functions */ + /* interface functions */ this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - + + /* public functions */ this->public.create_transform_substructure_iterator = (iterator_t* (*) (proposal_substructure_t *,bool)) create_transform_substructure_iterator; this->public.add_transform_substructure = (void (*) (proposal_substructure_t *,transform_substructure_t *)) add_transform_substructure; @@ -490,10 +490,10 @@ proposal_substructure_t *proposal_substructure_create() this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi; this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi; this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count; - this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size; + this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size; this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone_; this->public.destroy = (void (*) (proposal_substructure_t *)) destroy; - + /* set default values of the fields */ this->next_payload = NO_PAYLOAD; this->proposal_length = 0; @@ -503,9 +503,9 @@ proposal_substructure_t *proposal_substructure_create() this->spi_size = 0; this->spi.ptr = NULL; this->spi.len = 0; - + this->transforms = linked_list_create(); - + return (&(this->public)); } @@ -518,9 +518,9 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * private_proposal_substructure_t *this; u_int16_t alg, key_size; enumerator_t *enumerator; - + this = (private_proposal_substructure_t*)proposal_substructure_create(); - + /* encryption algorithm is only availble in ESP */ enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); while (enumerator->enumerate(enumerator, &alg, &key_size)) @@ -530,7 +530,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * add_transform_substructure(this, transform); } enumerator->destroy(enumerator); - + /* integrity algorithms */ enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); while (enumerator->enumerate(enumerator, &alg, &key_size)) @@ -540,7 +540,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * add_transform_substructure(this, transform); } enumerator->destroy(enumerator); - + /* prf algorithms */ enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION); while (enumerator->enumerate(enumerator, &alg, &key_size)) @@ -550,17 +550,17 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * add_transform_substructure(this, transform); } enumerator->destroy(enumerator); - + /* dh groups */ enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP); while (enumerator->enumerate(enumerator, &alg, NULL)) { - transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, + transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, alg, 0); add_transform_substructure(this, transform); } enumerator->destroy(enumerator); - + /* extended sequence numbers */ enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS); while (enumerator->enumerate(enumerator, &alg, NULL)) @@ -570,7 +570,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * add_transform_substructure(this, transform); } enumerator->destroy(enumerator); - + /* add SPI, if necessary */ switch (proposal->get_protocol(proposal)) { @@ -593,6 +593,6 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t * } this->proposal_number = 0; this->protocol_id = proposal->get_protocol(proposal); - + return &this->public; } diff --git a/src/charon/encoding/payloads/proposal_substructure.h b/src/charon/encoding/payloads/proposal_substructure.h index 8ccb917d6..4934802af 100644 --- a/src/charon/encoding/payloads/proposal_substructure.h +++ b/src/charon/encoding/payloads/proposal_substructure.h @@ -38,7 +38,7 @@ typedef struct proposal_substructure_t proposal_substructure_t; /** * Class representing an IKEv2-PROPOSAL SUBSTRUCTURE. - * + * * The PROPOSAL SUBSTRUCTURE format is described in RFC section 3.3.1. */ struct proposal_substructure_t { @@ -55,7 +55,7 @@ struct proposal_substructure_t { */ iterator_t *(*create_transform_substructure_iterator) ( proposal_substructure_t *this, bool forward); - + /** * Adds a transform_substructure_t object to this object. * @@ -63,7 +63,7 @@ struct proposal_substructure_t { */ void (*add_transform_substructure) (proposal_substructure_t *this, transform_substructure_t *transform); - + /** * Sets the proposal number of current proposal. * @@ -71,24 +71,24 @@ struct proposal_substructure_t { */ void (*set_proposal_number) (proposal_substructure_t *this, u_int8_t proposal_number); - + /** * get proposal number of current proposal. - * + * * @return proposal number of current proposal substructure. */ u_int8_t (*get_proposal_number) (proposal_substructure_t *this); /** * get the number of transforms in current proposal. - * + * * @return transform count in current proposal */ size_t (*get_transform_count) (proposal_substructure_t *this); /** * get size of the set spi in bytes. - * + * * @return size of the spi in bytes */ size_t (*get_spi_size) (proposal_substructure_t *this); @@ -100,43 +100,43 @@ struct proposal_substructure_t { */ void (*set_protocol_id) (proposal_substructure_t *this, u_int8_t protocol_id); - + /** * get protocol id of current proposal. - * + * * @return protocol id of current proposal substructure. */ u_int8_t (*get_protocol_id) (proposal_substructure_t *this); - + /** * Sets the next_payload field of this substructure - * + * * If this is the last proposal, next payload field is set to 0, * otherwise to 2 * * @param is_last When TRUE, next payload field is set to 0, otherwise to 2 */ void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last); - + /** * Returns the currently set SPI of this proposal. * * @return chunk_t pointing to the value */ chunk_t (*get_spi) (proposal_substructure_t *this); - + /** * Sets the SPI of the current proposal. - * + * * @warning SPI is getting copied - * + * * @param spi chunk_t pointing to the value to set */ void (*set_spi) (proposal_substructure_t *this, chunk_t spi); - + /** * Get a proposal_t from the propsal_substructure_t. - * + * * @return proposal_t */ proposal_t * (*get_proposal) (proposal_substructure_t *this); @@ -156,7 +156,7 @@ struct proposal_substructure_t { /** * Creates an empty proposal_substructure_t object - * + * * @return proposal_substructure_t object */ proposal_substructure_t *proposal_substructure_create(void); diff --git a/src/charon/encoding/payloads/sa_payload.c b/src/charon/encoding/payloads/sa_payload.c index 3ca2f08c8..187a8fee0 100644 --- a/src/charon/encoding/payloads/sa_payload.c +++ b/src/charon/encoding/payloads/sa_payload.c @@ -27,14 +27,14 @@ typedef struct private_sa_payload_t private_sa_payload_t; /** * Private data of an sa_payload_t object. - * + * */ struct private_sa_payload_t { /** * Public sa_payload_t interface. */ sa_payload_t public; - + /** * Next payload type. */ @@ -44,12 +44,12 @@ struct private_sa_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Proposals in this payload are stored in a linked_list_t. */ @@ -58,27 +58,27 @@ struct private_sa_payload_t { /** * Encoding rules to parse or generate a IKEv2-SA Payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_sa_payload_t. - * + * */ encoding_rule_t sa_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_sa_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_sa_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { FLAG, offsetof(private_sa_payload_t, critical) }, + /* 7 Bit reserved bits, nowhere stored */ + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole SA payload*/ - { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) }, - /* Proposals are stored in a proposal substructure, + { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) }, + /* Proposals are stored in a proposal substructure, offset points to a linked_list_t pointer */ { PROPOSALS, offsetof(private_sa_payload_t, proposals) } }; @@ -108,12 +108,12 @@ static status_t verify(private_sa_payload_t *this) /* check proposal numbering */ iterator = this->proposals->create_iterator(this->proposals,TRUE); - + while(iterator->iterate(iterator, (void**)¤t_proposal)) { current_number = current_proposal->get_proposal_number(current_proposal); if (current_number < expected_number) - { + { if (current_number != (expected_number + 1)) { DBG1(DBG_ENC, "proposal number is %d, expected %d or %d", @@ -129,7 +129,7 @@ static status_t verify(private_sa_payload_t *this) status = FAILED; break; } - + status = current_proposal->payload_interface.verify(&(current_proposal->payload_interface)); if (status != SUCCESS) { @@ -139,7 +139,7 @@ static status_t verify(private_sa_payload_t *this) first = FALSE; expected_number = current_number; } - + iterator->destroy(iterator); return status; } @@ -197,14 +197,14 @@ static void compute_length (private_sa_payload_t *this) iterator_t *iterator; payload_t *current_proposal; size_t length = SA_PAYLOAD_HEADER_LENGTH; - + iterator = this->proposals->create_iterator(this->proposals,TRUE); while (iterator->iterate(iterator, (void **)¤t_proposal)) { length += current_proposal->get_length(current_proposal); } iterator->destroy(iterator); - + this->payload_length = length; } @@ -232,7 +232,7 @@ static void add_proposal_substructure(private_sa_payload_t *this,proposal_substr { status_t status; u_int proposal_count = this->proposals->get_count(this->proposals); - + if (proposal_count > 0) { proposal_substructure_t *last_proposal; @@ -252,7 +252,7 @@ static void add_proposal_substructure(private_sa_payload_t *this,proposal_substr static void add_proposal(private_sa_payload_t *this, proposal_t *proposal) { proposal_substructure_t *substructure; - + substructure = proposal_substructure_create_from_proposal(proposal); add_proposal_substructure(this, substructure); } @@ -267,10 +267,10 @@ static linked_list_t *get_proposals(private_sa_payload_t *this) iterator_t *iterator; proposal_substructure_t *proposal_struct; linked_list_t *proposal_list; - + /* this list will hold our proposals */ proposal_list = linked_list_create(); - + /* we do not support proposals split up to two proposal substructures, as * AH+ESP bundles are not supported in RFC4301 anymore. * To handle such structures safely, we just skip proposals with multiple @@ -280,7 +280,7 @@ static linked_list_t *get_proposals(private_sa_payload_t *this) while (iterator->iterate(iterator, (void **)&proposal_struct)) { proposal_t *proposal; - + /* check if a proposal has a single protocol */ if (proposal_struct->get_proposal_number(proposal_struct) == struct_number) { @@ -310,7 +310,7 @@ static linked_list_t *get_proposals(private_sa_payload_t *this) sa_payload_t *sa_payload_create() { private_sa_payload_t *this = malloc_thing(private_sa_payload_t); - + /* public interface */ this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; @@ -319,14 +319,14 @@ sa_payload_t *sa_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator; this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure; this->public.add_proposal = (void (*) (sa_payload_t*,proposal_t*))add_proposal; this->public.get_proposals = (linked_list_t* (*) (sa_payload_t *)) get_proposals; this->public.destroy = (void (*) (sa_payload_t *)) destroy; - + /* set default values of the fields */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; @@ -343,7 +343,7 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals) iterator_t *iterator; proposal_t *proposal; sa_payload_t *sa_payload = sa_payload_create(); - + /* add every payload from the list */ iterator = proposals->create_iterator(proposals, TRUE); while (iterator->iterate(iterator, (void**)&proposal)) @@ -351,7 +351,7 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals) add_proposal((private_sa_payload_t*)sa_payload, proposal); } iterator->destroy(iterator); - + return sa_payload; } @@ -361,8 +361,8 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals) sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal) { sa_payload_t *sa_payload = sa_payload_create(); - + add_proposal((private_sa_payload_t*)sa_payload, proposal); - + return sa_payload; } diff --git a/src/charon/encoding/payloads/sa_payload.h b/src/charon/encoding/payloads/sa_payload.h index 58ae72544..25f5a2407 100644 --- a/src/charon/encoding/payloads/sa_payload.h +++ b/src/charon/encoding/payloads/sa_payload.h @@ -44,12 +44,12 @@ struct sa_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Creates an iterator of stored proposal_substructure_t objects. - * - * When deleting an proposal using this iterator, - * the length of this transform substructure has to be refreshed + * + * When deleting an proposal using this iterator, + * the length of this transform substructure has to be refreshed * by calling get_length()! * * @param forward iterator direction (TRUE: front to end) @@ -57,7 +57,7 @@ struct sa_payload_t { */ iterator_t *(*create_proposal_substructure_iterator) (sa_payload_t *this, bool forward); - + /** * Adds a proposal_substructure_t object to this object. * @@ -68,18 +68,18 @@ struct sa_payload_t { /** * Gets the proposals in this payload as a list. - * + * * @return a list containing proposal_t s */ linked_list_t *(*get_proposals) (sa_payload_t *this); - + /** * Add a child proposal (AH/ESP) to the payload. - * + * * @param proposal child proposal to add to the payload */ void (*add_proposal) (sa_payload_t *this, proposal_t *proposal); - + /** * Destroys an sa_payload_t object. */ @@ -88,14 +88,14 @@ struct sa_payload_t { /** * Creates an empty sa_payload_t object - * + * * @return created sa_payload_t object */ sa_payload_t *sa_payload_create(void); /** * Creates a sa_payload_t object from a list of proposals. - * + * * @param proposals list of proposals to build the payload from * @return sa_payload_t object */ @@ -103,10 +103,10 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals); /** * Creates a sa_payload_t object from a single proposal. - * + * * This is only for convenience. Use sa_payload_create_from_proposal_list * if you want to add more than one proposal. - * + * * @param proposal proposal from which the payload should be built. * @return sa_payload_t object */ diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.c b/src/charon/encoding/payloads/traffic_selector_substructure.c index 7dcdce6aa..f24857591 100644 --- a/src/charon/encoding/payloads/traffic_selector_substructure.c +++ b/src/charon/encoding/payloads/traffic_selector_substructure.c @@ -24,19 +24,19 @@ typedef struct private_traffic_selector_substructure_t private_traffic_selector_ /** * Private data of an traffic_selector_substructure_t object. - * + * */ struct private_traffic_selector_substructure_t { /** * Public traffic_selector_substructure_t interface. */ traffic_selector_substructure_t public; - + /** * Type of traffic selector. */ u_int8_t ts_type; - + /** * IP Protocol ID. */ @@ -46,7 +46,7 @@ struct private_traffic_selector_substructure_t { * Length of this payload. */ u_int16_t payload_length; - + /** * Start port number. */ @@ -56,7 +56,7 @@ struct private_traffic_selector_substructure_t { * End port number. */ u_int16_t end_port; - + /** * Starting address. */ @@ -70,21 +70,21 @@ struct private_traffic_selector_substructure_t { /** * Encoding rules to parse or generate a TS payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_traffic_selector_substructure_t. - * + * */ encoding_rule_t traffic_selector_substructure_encodings[] = { - /* 1 Byte next ts type*/ + /* 1 Byte next ts type*/ { TS_TYPE, offsetof(private_traffic_selector_substructure_t, ts_type) }, - /* 1 Byte IP protocol id*/ + /* 1 Byte IP protocol id*/ { U_INT_8, offsetof(private_traffic_selector_substructure_t, ip_protocol_id) }, - /* Length of the whole payload*/ + /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_traffic_selector_substructure_t, payload_length) }, - /* 2 Byte start port*/ + /* 2 Byte start port*/ { U_INT_16, offsetof(private_traffic_selector_substructure_t, start_port) }, - /* 2 Byte end port*/ + /* 2 Byte end port*/ { U_INT_16, offsetof(private_traffic_selector_substructure_t, end_port) }, /* starting address is either 4 or 16 byte */ { ADDRESS, offsetof(private_traffic_selector_substructure_t, starting_address) }, @@ -124,7 +124,7 @@ static status_t verify(private_traffic_selector_substructure_t *this) { case TS_IPV4_ADDR_RANGE: { - if ((this->starting_address.len != 4) || + if ((this->starting_address.len != 4) || (this->ending_address.len != 4)) { /* ipv4 address must be 4 bytes long */ @@ -148,7 +148,7 @@ static status_t verify(private_traffic_selector_substructure_t *this) return FAILED; } } - + return SUCCESS; } @@ -182,7 +182,7 @@ static payload_type_t get_next_type(private_traffic_selector_substructure_t *thi */ static void set_next_type(private_traffic_selector_substructure_t *this,payload_type_t type) { - + } /** @@ -199,8 +199,8 @@ static size_t get_length(private_traffic_selector_substructure_t *this) static traffic_selector_t *get_traffic_selector(private_traffic_selector_substructure_t *this) { traffic_selector_t *ts; - ts = traffic_selector_create_from_bytes(this->ip_protocol_id, this->ts_type, - this->starting_address, this->start_port, + ts = traffic_selector_create_from_bytes(this->ip_protocol_id, this->ts_type, + this->starting_address, this->start_port, this->ending_address, this->end_port); return ts; } @@ -221,7 +221,7 @@ static void destroy(private_traffic_selector_substructure_t *this) { free(this->starting_address.ptr); free(this->ending_address.ptr); - free(this); + free(this); } /* @@ -239,11 +239,11 @@ traffic_selector_substructure_t *traffic_selector_substructure_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.get_traffic_selector = (traffic_selector_t* (*)(traffic_selector_substructure_t*))get_traffic_selector; this->public.destroy = (void (*) (traffic_selector_substructure_t *)) destroy; - + /* private variables */ this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH; this->start_port = 0; @@ -269,8 +269,8 @@ traffic_selector_substructure_t *traffic_selector_substructure_create_from_traff this->end_port = traffic_selector->get_to_port(traffic_selector); this->starting_address = chunk_clone(traffic_selector->get_from_address(traffic_selector)); this->ending_address = chunk_clone(traffic_selector->get_to_address(traffic_selector)); - + compute_length(this); - + return &(this->public); } diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.h b/src/charon/encoding/payloads/traffic_selector_substructure.h index ee3e204a0..0109fd7f5 100644 --- a/src/charon/encoding/payloads/traffic_selector_substructure.h +++ b/src/charon/encoding/payloads/traffic_selector_substructure.h @@ -25,9 +25,9 @@ typedef struct traffic_selector_substructure_t traffic_selector_substructure_t; #include -#include #include -#include +#include +#include /** * Length of a TRAFFIC SELECTOR SUBSTRUCTURE without start and end address. @@ -36,7 +36,7 @@ typedef struct traffic_selector_substructure_t traffic_selector_substructure_t; /** * Class representing an IKEv2 TRAFFIC SELECTOR. - * + * * The TRAFFIC SELECTOR format is described in RFC section 3.13.1. */ struct traffic_selector_substructure_t { @@ -44,49 +44,49 @@ struct traffic_selector_substructure_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Get the type of Traffic selector. * * @return type of traffic selector - * + * */ ts_type_t (*get_ts_type) (traffic_selector_substructure_t *this); - + /** * Set the type of Traffic selector. * - * @param ts_type type of traffic selector + * @param ts_type type of traffic selector */ void (*set_ts_type) (traffic_selector_substructure_t *this, ts_type_t ts_type); - + /** * Get the IP protocol ID of Traffic selector. * * @return type of traffic selector - * + * */ u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this); - + /** * Set the IP protocol ID of Traffic selector * - * @param protocol_id protocol ID of traffic selector + * @param protocol_id protocol ID of traffic selector */ void (*set_protocol_id) (traffic_selector_substructure_t *this, u_int8_t protocol_id); - + /** * Get the start port and address as host_t object. * * Returned host_t object has to get destroyed by the caller. - * + * * @return start host as host_t object - * + * */ host_t *(*get_start_host) (traffic_selector_substructure_t *this); - + /** * Set the start port and address as host_t object. * @@ -94,17 +94,17 @@ struct traffic_selector_substructure_t { */ void (*set_start_host) (traffic_selector_substructure_t *this, host_t *start_host); - + /** * Get the end port and address as host_t object. * * Returned host_t object has to get destroyed by the caller. - * + * * @return end host as host_t object - * + * */ host_t *(*get_end_host) (traffic_selector_substructure_t *this); - + /** * Set the end port and address as host_t object. * @@ -112,17 +112,17 @@ struct traffic_selector_substructure_t { */ void (*set_end_host) (traffic_selector_substructure_t *this, host_t *end_host); - + /** * Get a traffic_selector_t from this substructure. * * @warning traffic_selector_t must be destroyed after usage. - * + * * @return contained traffic_selector_t */ traffic_selector_t *(*get_traffic_selector) ( traffic_selector_substructure_t *this); - + /** * Destroys an traffic_selector_substructure_t object. */ @@ -133,7 +133,7 @@ struct traffic_selector_substructure_t { * Creates an empty traffic_selector_substructure_t object. * * TS type is set to default TS_IPV4_ADDR_RANGE! - * + * * @return traffic_selector_substructure_t object */ traffic_selector_substructure_t *traffic_selector_substructure_create(void); @@ -141,7 +141,7 @@ traffic_selector_substructure_t *traffic_selector_substructure_create(void); /** * Creates an initialized traffif selector substructure using * the values from a traffic_selector_t. - * + * * @param traffic_selector traffic_selector_t to use for initialization * @return traffic_selector_substructure_t object */ diff --git a/src/charon/encoding/payloads/transform_attribute.c b/src/charon/encoding/payloads/transform_attribute.c index 507d04a34..8bf2ddef4 100644 --- a/src/charon/encoding/payloads/transform_attribute.c +++ b/src/charon/encoding/payloads/transform_attribute.c @@ -26,32 +26,32 @@ typedef struct private_transform_attribute_t private_transform_attribute_t; /** * Private data of an transform_attribute_t object. - * + * */ struct private_transform_attribute_t { /** * Public transform_attribute_t interface. */ transform_attribute_t public; - + /** * Attribute Format Flag. - * + * * - TRUE means value is stored in attribute_length_or_value * - FALSE means value is stored in attribute_value */ bool attribute_format; - + /** * Type of the attribute. */ u_int16_t attribute_type; - + /** * Attribute Length if attribute_format is 0, attribute Value otherwise. */ u_int16_t attribute_length_or_value; - + /** * Attribute value as chunk if attribute_format is 0 (FALSE). */ @@ -67,16 +67,16 @@ ENUM_END(transform_attribute_type_name, KEY_LENGTH); /** * Encoding rules to parse or generate a Transform attribute. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_transform_attribute_t. - * + * */ encoding_rule_t transform_attribute_encodings[] = { /* Flag defining the format of this payload */ { ATTRIBUTE_FORMAT, offsetof(private_transform_attribute_t, attribute_format) }, /* type of the attribute as 15 bit unsigned integer */ - { ATTRIBUTE_TYPE, offsetof(private_transform_attribute_t, attribute_type) }, + { ATTRIBUTE_TYPE, offsetof(private_transform_attribute_t, attribute_type) }, /* Length or value, depending on the attribute format flag */ { ATTRIBUTE_LENGTH_OR_VALUE, offsetof(private_transform_attribute_t, attribute_length_or_value) }, /* Value of attribute if attribute format flag is zero */ @@ -104,7 +104,7 @@ static status_t verify(private_transform_attribute_t *this) { return FAILED; } - + return SUCCESS; } @@ -164,16 +164,16 @@ static void set_value_chunk(private_transform_attribute_t *this, chunk_t value) free(this->attribute_value.ptr); this->attribute_value.ptr = NULL; this->attribute_value.len = 0; - + } - + if (value.len > 2) { this->attribute_value.ptr = clalloc(value.ptr,value.len); this->attribute_value.len = value.len; this->attribute_length_or_value = value.len; /* attribute has not a fixed length */ - this->attribute_format = FALSE; + this->attribute_format = FALSE; } else { @@ -192,7 +192,7 @@ static void set_value(private_transform_attribute_t *this, u_int16_t value) free(this->attribute_value.ptr); this->attribute_value.ptr = NULL; this->attribute_value.len = 0; - + } this->attribute_length_or_value = value; } @@ -207,14 +207,14 @@ static chunk_t get_value_chunk (private_transform_attribute_t *this) if (this->attribute_format == FALSE) { value.ptr = this->attribute_value.ptr; - value.len = this->attribute_value.len; + value.len = this->attribute_value.len; } else { value.ptr = (void *) &(this->attribute_length_or_value); value.len = 2; } - + return value; } @@ -249,19 +249,19 @@ static u_int16_t get_attribute_type (private_transform_attribute_t *this) static transform_attribute_t * _clone(private_transform_attribute_t *this) { private_transform_attribute_t *new_clone; - + new_clone = (private_transform_attribute_t *) transform_attribute_create(); - + new_clone->attribute_format = this->attribute_format; new_clone->attribute_type = this->attribute_type; new_clone->attribute_length_or_value = this->attribute_length_or_value; - + if (!new_clone->attribute_format) { - new_clone->attribute_value.ptr = clalloc(this->attribute_value.ptr,this->attribute_value.len); + new_clone->attribute_value.ptr = clalloc(this->attribute_value.ptr,this->attribute_value.len); new_clone->attribute_value.len = this->attribute_value.len; } - + return (transform_attribute_t *) new_clone; } @@ -273,7 +273,7 @@ static void destroy(private_transform_attribute_t *this) if (this->attribute_value.ptr != NULL) { free(this->attribute_value.ptr); - } + } free(this); } @@ -292,7 +292,7 @@ transform_attribute_t *transform_attribute_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.set_value_chunk = (void (*) (transform_attribute_t *,chunk_t)) set_value_chunk; this->public.set_value = (void (*) (transform_attribute_t *,u_int16_t)) set_value; @@ -302,7 +302,7 @@ transform_attribute_t *transform_attribute_create() this->public.get_attribute_type = (u_int16_t (*) (transform_attribute_t *)) get_attribute_type; this->public.clone = (transform_attribute_t * (*) (transform_attribute_t *)) _clone; this->public.destroy = (void (*) (transform_attribute_t *)) destroy; - + /* set default values of the fields */ this->attribute_format = TRUE; this->attribute_type = 0; diff --git a/src/charon/encoding/payloads/transform_attribute.h b/src/charon/encoding/payloads/transform_attribute.h index f7d71a9df..a5fe0154b 100644 --- a/src/charon/encoding/payloads/transform_attribute.h +++ b/src/charon/encoding/payloads/transform_attribute.h @@ -37,14 +37,14 @@ enum transform_attribute_type_t { KEY_LENGTH = 14 }; -/** +/** * enum name for transform_attribute_type_t. */ extern enum_name_t *transform_attribute_type_names; /** * Class representing an IKEv2- TRANSFORM Attribute. - * + * * The TRANSFORM ATTRIBUTE format is described in RFC section 3.3.5. */ struct transform_attribute_t { @@ -55,52 +55,52 @@ struct transform_attribute_t { /** * Returns the currently set value of the attribute. - * + * * Returned data are not copied. - * + * * @return chunk_t pointing to the value */ chunk_t (*get_value_chunk) (transform_attribute_t *this); - + /** * Returns the currently set value of the attribute. - * + * * Returned data are not copied. - * + * * @return value */ u_int16_t (*get_value) (transform_attribute_t *this); - + /** * Sets the value of the attribute. - * + * * Value is getting copied. - * + * * @param value chunk_t pointing to the value to set */ void (*set_value_chunk) (transform_attribute_t *this, chunk_t value); /** * Sets the value of the attribute. - * + * * @param value value to set */ void (*set_value) (transform_attribute_t *this, u_int16_t value); /** * Sets the type of the attribute. - * + * * @param type type to set (most significant bit is set to zero) */ void (*set_attribute_type) (transform_attribute_t *this, u_int16_t type); - + /** * get the type of the attribute. - * + * * @return type of the value */ u_int16_t (*get_attribute_type) (transform_attribute_t *this); - + /** * Clones an transform_attribute_t object. * @@ -116,14 +116,14 @@ struct transform_attribute_t { /** * Creates an empty transform_attribute_t object. - * + * * @return transform_attribute_t object */ transform_attribute_t *transform_attribute_create(void); /** * Creates an transform_attribute_t of type KEY_LENGTH. - * + * * @param key_length key length in bytes * @return transform_attribute_t object */ diff --git a/src/charon/encoding/payloads/transform_substructure.c b/src/charon/encoding/payloads/transform_substructure.c index 497bd53b2..c94f6c1a2 100644 --- a/src/charon/encoding/payloads/transform_substructure.c +++ b/src/charon/encoding/payloads/transform_substructure.c @@ -29,37 +29,37 @@ typedef struct private_transform_substructure_t private_transform_substructure_t /** * Private data of an transform_substructure_t object. - * + * */ struct private_transform_substructure_t { /** * Public transform_substructure_t interface. */ transform_substructure_t public; - + /** * Next payload type. */ u_int8_t next_payload; - + /** * Length of this payload. */ u_int16_t transform_length; - - + + /** * Type of the transform. */ u_int8_t transform_type; - + /** * Transform ID. */ u_int16_t transform_id; - - /** + + /** * Transforms Attributes are stored in a linked_list_t. */ linked_list_t *attributes; @@ -68,25 +68,25 @@ struct private_transform_substructure_t { /** * Encoding rules to parse or generate a Transform substructure. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_transform_substructure_t. - * + * */ encoding_rule_t transform_substructure_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_transform_substructure_t, next_payload) }, /* Reserved Byte is skipped */ - { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, /* Length of the whole transform substructure*/ - { PAYLOAD_LENGTH, offsetof(private_transform_substructure_t, transform_length) }, + { PAYLOAD_LENGTH, offsetof(private_transform_substructure_t, transform_length) }, /* transform type is a number of 8 bit */ - { U_INT_8, offsetof(private_transform_substructure_t, transform_type) }, + { U_INT_8, offsetof(private_transform_substructure_t, transform_type) }, /* Reserved Byte is skipped */ - { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, /* tranform ID is a number of 8 bit */ - { U_INT_16, offsetof(private_transform_substructure_t, transform_id) }, - /* Attributes are stored in a transform attribute, + { U_INT_16, offsetof(private_transform_substructure_t, transform_id) }, + /* Attributes are stored in a transform attribute, offset points to a linked_list_t pointer */ { TRANSFORM_ATTRIBUTES, offsetof(private_transform_substructure_t, attributes) } }; @@ -114,7 +114,7 @@ static status_t verify(private_transform_substructure_t *this) status_t status = SUCCESS; iterator_t *iterator; payload_t *current_attributes; - + if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3)) { /* must be 0 or 3 */ @@ -139,7 +139,7 @@ static status_t verify(private_transform_substructure_t *this) } } iterator = this->attributes->create_iterator(this->attributes,TRUE); - + while(iterator->iterate(iterator, (void**)¤t_attributes)) { status = current_attributes->verify(current_attributes); @@ -149,8 +149,8 @@ static status_t verify(private_transform_substructure_t *this) } } iterator->destroy(iterator); - - /* proposal number is checked in SA payload */ + + /* proposal number is checked in SA payload */ return status; } @@ -187,14 +187,14 @@ static void compute_length (private_transform_substructure_t *this) iterator_t *iterator; payload_t *current_attribute; size_t length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; - + iterator = this->attributes->create_iterator(this->attributes,TRUE); while (iterator->iterate(iterator, (void**)¤t_attribute)) { length += current_attribute->get_length(current_attribute); } iterator->destroy(iterator); - + this->transform_length = length; } @@ -254,7 +254,7 @@ static void set_transform_type (private_transform_substructure_t *this,u_int8_t { this->transform_type = type; } - + /** * Implementation of transform_substructure_t.get_transform_type. */ @@ -270,7 +270,7 @@ static void set_transform_id (private_transform_substructure_t *this,u_int16_t i { this->transform_id = id; } - + /** * Implementation of transform_substructure_t.get_transform_id. */ @@ -287,20 +287,20 @@ static transform_substructure_t *clone_(private_transform_substructure_t *this) private_transform_substructure_t *clone; iterator_t *attributes; transform_attribute_t *current_attribute; - + clone = (private_transform_substructure_t *) transform_substructure_create(); clone->next_payload = this->next_payload; clone->transform_type = this->transform_type; clone->transform_id = this->transform_id; - + attributes = this->attributes->create_iterator(this->attributes, FALSE); while (attributes->iterate(attributes, (void**)¤t_attribute)) { current_attribute = current_attribute->clone(current_attribute); clone->public.add_transform_attribute(&clone->public, current_attribute); } - attributes->destroy(attributes); - + attributes->destroy(attributes); + return &clone->public; } @@ -312,14 +312,14 @@ static status_t get_key_length(private_transform_substructure_t *this, u_int16_t { iterator_t *attributes; transform_attribute_t *current_attribute; - + attributes = this->attributes->create_iterator(this->attributes, TRUE); while (attributes->iterate(attributes, (void**)¤t_attribute)) { if (current_attribute->get_attribute_type(current_attribute) == KEY_LENGTH) { *key_length = current_attribute->get_value(current_attribute); - attributes->destroy(attributes); + attributes->destroy(attributes); return SUCCESS; } } @@ -350,10 +350,10 @@ transform_substructure_t *transform_substructure_create() this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; - this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; + this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.create_transform_attribute_iterator = (iterator_t * (*) (transform_substructure_t *,bool)) create_transform_attribute_iterator; this->public.add_transform_attribute = (void (*) (transform_substructure_t *,transform_attribute_t *)) add_transform_attribute; @@ -366,14 +366,14 @@ transform_substructure_t *transform_substructure_create() this->public.get_key_length = (status_t (*) (transform_substructure_t *,u_int16_t *)) get_key_length; this->public.clone = (transform_substructure_t* (*) (transform_substructure_t *)) clone_; this->public.destroy = (void (*) (transform_substructure_t *)) destroy; - + /* set default values of the fields */ this->next_payload = NO_PAYLOAD; this->transform_length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; this->transform_id = 0; this->transform_type = 0; this->attributes = linked_list_create(); - + return (&(this->public)); } @@ -385,17 +385,17 @@ transform_substructure_t *transform_substructure_create_type( u_int16_t transform_id, u_int16_t key_length) { transform_substructure_t *transform = transform_substructure_create(); - + transform->set_transform_type(transform,transform_type); transform->set_transform_id(transform,transform_id); - + if (key_length) { transform_attribute_t *attribute; - + attribute = transform_attribute_create_key_length(key_length); transform->add_transform_attribute(transform, attribute); - + } return transform; } diff --git a/src/charon/encoding/payloads/transform_substructure.h b/src/charon/encoding/payloads/transform_substructure.h index b02a94a6c..5d31f8c0a 100644 --- a/src/charon/encoding/payloads/transform_substructure.h +++ b/src/charon/encoding/payloads/transform_substructure.h @@ -48,7 +48,7 @@ typedef struct transform_substructure_t transform_substructure_t; /** * Class representing an IKEv2- TRANSFORM SUBSTRUCTURE. - * + * * The TRANSFORM SUBSTRUCTURE format is described in RFC section 3.3.2. */ struct transform_substructure_t { @@ -56,12 +56,12 @@ struct transform_substructure_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Creates an iterator of stored transform_attribute_t objects. - * - * When deleting an transform attribute using this iterator, - * the length of this transform substructure has to be refreshed + * + * When deleting an transform attribute using this iterator, + * the length of this transform substructure has to be refreshed * by calling get_length(). * * @param forward iterator direction (TRUE: front to end) @@ -69,7 +69,7 @@ struct transform_substructure_t { */ iterator_t * (*create_transform_attribute_iterator) ( transform_substructure_t *this, bool forward); - + /** * Adds a transform_attribute_t object to this object. * @@ -77,59 +77,59 @@ struct transform_substructure_t { */ void (*add_transform_attribute) (transform_substructure_t *this, transform_attribute_t *attribute); - + /** * Sets the next_payload field of this substructure - * + * * If this is the last transform, next payload field is set to 0, * otherwise to 3 * * @param is_last When TRUE, next payload field is set to 0, otherwise to 3 */ void (*set_is_last_transform) (transform_substructure_t *this, bool is_last); - + /** * Checks if this is the last transform. - * + * * @return TRUE if this is the last Transform, FALSE otherwise */ bool (*get_is_last_transform) (transform_substructure_t *this); - + /** * Sets transform type of the current transform substructure. * * @param type type value to set */ void (*set_transform_type) (transform_substructure_t *this, u_int8_t type); - + /** * get transform type of the current transform. - * + * * @return Transform type of current transform substructure. */ u_int8_t (*get_transform_type) (transform_substructure_t *this); - + /** * Sets transform id of the current transform substructure. * * @param id transform id to set */ void (*set_transform_id) (transform_substructure_t *this, u_int16_t id); - + /** * get transform id of the current transform. - * + * * @return Transform id of current transform substructure. */ u_int16_t (*get_transform_id) (transform_substructure_t *this); - + /** * get transform id of the current transform. - * - * @param key_length The key length is written to this location - * @return + * + * @param key_length The key length is written to this location + * @return * - SUCCESS if a key length attribute is contained - * - FAILED if no key length attribute is part of this + * - FAILED if no key length attribute is part of this * transform or key length uses more then 16 bit! */ status_t (*get_key_length) (transform_substructure_t *this, @@ -150,18 +150,18 @@ struct transform_substructure_t { /** * Creates an empty transform_substructure_t object. - * + * * @return created transform_substructure_t object */ transform_substructure_t *transform_substructure_create(void); /** * Creates an empty transform_substructure_t object. - * + * * The key length is used for the transport types ENCRYPTION_ALGORITHM, - * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all + * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all * other transport types the key_length parameter is not used - * + * * @param transform_type type of transform to create * @param transform_id transform id specifying the specific algorithm of a transform type * @param key_length Key length for key lenght attribute diff --git a/src/charon/encoding/payloads/ts_payload.c b/src/charon/encoding/payloads/ts_payload.c index 92ddc380f..6bf3e4293 100644 --- a/src/charon/encoding/payloads/ts_payload.c +++ b/src/charon/encoding/payloads/ts_payload.c @@ -25,19 +25,19 @@ typedef struct private_ts_payload_t private_ts_payload_t; /** * Private data of an ts_payload_t object. - * + * */ struct private_ts_payload_t { /** * Public ts_payload_t interface. */ ts_payload_t public; - + /** * TRUE if this TS payload is of type TSi, FALSE for TSr. */ bool is_initiator; - + /** * Next payload type. */ @@ -47,17 +47,17 @@ struct private_ts_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * Number of traffic selectors */ u_int8_t number_of_traffic_selectors; - + /** * Contains the traffic selectors of type traffic_selector_substructure_t. */ @@ -66,17 +66,17 @@ struct private_ts_payload_t { /** * Encoding rules to parse or generate a TS payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_ts_payload_t. - * + * */ encoding_rule_t ts_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_ts_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_ts_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ + /* 7 Bit reserved bits, nowhere stored */ { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, @@ -84,9 +84,9 @@ encoding_rule_t ts_payload_encodings[] = { { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, - /* Length of the whole payload*/ + /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_ts_payload_t, payload_length)}, - /* 1 Byte TS type*/ + /* 1 Byte TS type*/ { U_INT_8, offsetof(private_ts_payload_t, number_of_traffic_selectors) }, /* 3 reserved bytes */ { RESERVED_BYTE, 0 }, @@ -118,13 +118,13 @@ static status_t verify(private_ts_payload_t *this) iterator_t *iterator; payload_t *current_traffic_selector; status_t status = SUCCESS; - + if (this->number_of_traffic_selectors != (this->traffic_selectors->get_count(this->traffic_selectors))) { /* must be the same */ return FAILED; } - + iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); while(iterator->iterate(iterator, (void**)¤t_traffic_selector)) { @@ -135,7 +135,7 @@ static status_t verify(private_ts_payload_t *this) } } iterator->destroy(iterator); - + return status; } @@ -188,7 +188,7 @@ static void compute_length (private_ts_payload_t *this) size_t ts_count = 0; size_t length = TS_PAYLOAD_HEADER_LENGTH; payload_t *current_traffic_selector; - + iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); while (iterator->iterate(iterator, (void**)¤t_traffic_selector)) { @@ -196,9 +196,9 @@ static void compute_length (private_ts_payload_t *this) ts_count++; } iterator->destroy(iterator); - + this->number_of_traffic_selectors= ts_count; - this->payload_length = length; + this->payload_length = length; } /** @@ -252,7 +252,7 @@ static linked_list_t *get_traffic_selectors(private_ts_payload_t *this) iterator_t *iterator; traffic_selector_substructure_t *ts_substructure; linked_list_t *ts_list = linked_list_create(); - + iterator = this->traffic_selectors->create_iterator(this->traffic_selectors, TRUE); while (iterator->iterate(iterator, (void**)&ts_substructure)) { @@ -260,7 +260,7 @@ static linked_list_t *get_traffic_selectors(private_ts_payload_t *this) ts_list->insert_last(ts_list, (void*)ts); } iterator->destroy(iterator); - + return ts_list; } @@ -289,7 +289,7 @@ ts_payload_t *ts_payload_create(bool is_initiator) this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (ts_payload_t *)) destroy; this->public.get_initiator = (bool (*) (ts_payload_t *)) get_initiator; @@ -297,14 +297,14 @@ ts_payload_t *ts_payload_create(bool is_initiator) this->public.add_traffic_selector_substructure = (void (*) (ts_payload_t *,traffic_selector_substructure_t *)) add_traffic_selector_substructure; this->public.create_traffic_selector_substructure_iterator = (iterator_t* (*) (ts_payload_t *,bool)) create_traffic_selector_substructure_iterator; this->public.get_traffic_selectors = (linked_list_t *(*) (ts_payload_t *)) get_traffic_selectors; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length =TS_PAYLOAD_HEADER_LENGTH; this->is_initiator = is_initiator; this->number_of_traffic_selectors = 0; - this->traffic_selectors = linked_list_create(); + this->traffic_selectors = linked_list_create(); return &(this->public); } @@ -318,9 +318,9 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked traffic_selector_t *ts; traffic_selector_substructure_t *ts_substructure; private_ts_payload_t *this; - + this = (private_ts_payload_t*)ts_payload_create(is_initiator); - + iterator = traffic_selectors->create_iterator(traffic_selectors, TRUE); while (iterator->iterate(iterator, (void**)&ts)) { @@ -328,7 +328,7 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked this->public.add_traffic_selector_substructure(&(this->public), ts_substructure); } iterator->destroy(iterator); - + return &(this->public); } diff --git a/src/charon/encoding/payloads/ts_payload.h b/src/charon/encoding/payloads/ts_payload.h index 3c8a6d595..d322ff1a8 100644 --- a/src/charon/encoding/payloads/ts_payload.h +++ b/src/charon/encoding/payloads/ts_payload.h @@ -27,7 +27,7 @@ typedef struct ts_payload_t ts_payload_t; #include #include -#include +#include #include #include @@ -47,7 +47,7 @@ struct ts_payload_t { * The payload_t interface. */ payload_t payload_interface; - + /** * Get the type of TSpayload (TSi or TSr). * @@ -56,16 +56,16 @@ struct ts_payload_t { * - FALSE if this payload is of type TSr */ bool (*get_initiator) (ts_payload_t *this); - + /** * Set the type of TS payload (TSi or TSr). * - * @param is_initiator + * @param is_initiator * - TRUE if this payload is of type TSi * - FALSE if this payload is of type TSr */ void (*set_initiator) (ts_payload_t *this,bool is_initiator); - + /** * Adds a traffic_selector_substructure_t object to this object. * @@ -73,12 +73,12 @@ struct ts_payload_t { */ void (*add_traffic_selector_substructure) (ts_payload_t *this, traffic_selector_substructure_t *traffic_selector); - + /** * Creates an iterator of stored traffic_selector_substructure_t objects. - * - * When removing an traffic_selector_substructure_t object - * using this iterator, the length of this payload + * + * When removing an traffic_selector_substructure_t object + * using this iterator, the length of this payload * has to get refreshed by calling payload_t.get_length! * * @param forward iterator direction (TRUE: front to end) @@ -86,10 +86,10 @@ struct ts_payload_t { */ iterator_t *(*create_traffic_selector_substructure_iterator) ( ts_payload_t *this, bool forward); - + /** * Get a list of nested traffic selectors as traffic_selector_t. - * + * * Resulting list and its traffic selectors must be destroyed after usage * * @return list of traffic selectors @@ -104,8 +104,8 @@ struct ts_payload_t { /** * Creates an empty ts_payload_t object. - * - * @param is_initiator + * + * @param is_initiator * - TRUE if this payload is of type TSi * - FALSE if this payload is of type TSr * @return ts_payload_t object @@ -114,14 +114,14 @@ ts_payload_t *ts_payload_create(bool is_initiator); /** * Creates ts_payload with a list of traffic_selector_t - * - * @param is_initiator + * + * @param is_initiator * - TRUE if this payload is of type TSi * - FALSE if this payload is of type TSr * @param traffic_selectors list of traffic selectors to include * @return ts_payload_t object */ -ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, +ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked_list_t *traffic_selectors); #endif /** TS_PAYLOAD_H_ @}*/ diff --git a/src/charon/encoding/payloads/unknown_payload.c b/src/charon/encoding/payloads/unknown_payload.c index 309663233..dd5547dc3 100644 --- a/src/charon/encoding/payloads/unknown_payload.c +++ b/src/charon/encoding/payloads/unknown_payload.c @@ -26,12 +26,12 @@ typedef struct private_unknown_payload_t private_unknown_payload_t; * Private data of an unknown_payload_t object. */ struct private_unknown_payload_t { - + /** * Public unknown_payload_t interface. */ unknown_payload_t public; - + /** * Next payload type. */ @@ -41,12 +41,12 @@ struct private_unknown_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** * The contained data. */ @@ -55,17 +55,17 @@ struct private_unknown_payload_t { /** * Encoding rules to parse an payload which is not further specified. - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_unknown_payload_t. - * + * */ encoding_rule_t unknown_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_unknown_payload_t, next_payload)}, /* the critical bit */ { FLAG, offsetof(private_unknown_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ + /* 7 Bit reserved bits, nowhere stored */ { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, @@ -146,7 +146,7 @@ static size_t get_length(private_unknown_payload_t *this) */ static bool is_critical(private_unknown_payload_t *this) { - return this->critical; + return this->critical; } /** @@ -166,8 +166,8 @@ static void destroy(private_unknown_payload_t *this) { chunk_free(&(this->data)); } - - free(this); + + free(this); } /* @@ -185,12 +185,12 @@ unknown_payload_t *unknown_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - + /* public functions */ this->public.destroy = (void (*) (unknown_payload_t *)) destroy; this->public.is_critical = (bool (*) (unknown_payload_t *)) is_critical; this->public.get_data = (chunk_t (*) (unknown_payload_t *)) get_data; - + /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; diff --git a/src/charon/encoding/payloads/unknown_payload.h b/src/charon/encoding/payloads/unknown_payload.h index 44b6e1a71..c761ed2b6 100644 --- a/src/charon/encoding/payloads/unknown_payload.h +++ b/src/charon/encoding/payloads/unknown_payload.h @@ -40,29 +40,29 @@ typedef struct unknown_payload_t unknown_payload_t; * a check for the critical bit in the header. */ struct unknown_payload_t { - + /** * The payload_t interface. */ payload_t payload_interface; - + /** - * Get the raw data of this payload, without + * Get the raw data of this payload, without * the generic payload header. - * + * * Returned data are NOT copied and must not be freed. * * @return data as chunk_t */ chunk_t (*get_data) (unknown_payload_t *this); - + /** * Get the critical flag. * * @return TRUE if payload is critical, FALSE if not */ bool (*is_critical) (unknown_payload_t *this); - + /** * Destroys an unknown_payload_t object. */ @@ -71,7 +71,7 @@ struct unknown_payload_t { /** * Creates an empty unknown_payload_t object. - * + * * @return unknown_payload_t object */ unknown_payload_t *unknown_payload_create(void); diff --git a/src/charon/encoding/payloads/vendor_id_payload.c b/src/charon/encoding/payloads/vendor_id_payload.c index 52d9e12a5..bf33d2418 100644 --- a/src/charon/encoding/payloads/vendor_id_payload.c +++ b/src/charon/encoding/payloads/vendor_id_payload.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -18,19 +18,18 @@ #include "vendor_id_payload.h" - typedef struct private_vendor_id_payload_t private_vendor_id_payload_t; /** * Private data of an vendor_id_payload_t object. - * */ struct private_vendor_id_payload_t { + /** * Public vendor_id_payload_t interface. */ vendor_id_payload_t public; - + /** * Next payload type. */ @@ -40,31 +39,30 @@ struct private_vendor_id_payload_t { * Critical flag. */ bool critical; - + /** * Length of this payload. */ u_int16_t payload_length; - + /** - * The contained vendor_id data value. + * The contained data. */ - chunk_t vendor_id_data; + chunk_t data; }; /** * Encoding rules to parse or generate a VENDOR ID payload - * - * The defined offsets are the positions in a object of type + * + * The defined offsets are the positions in a object of type * private_vendor_id_payload_t. - * */ encoding_rule_t vendor_id_payload_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ + /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_vendor_id_payload_t, next_payload) }, /* the critical bit */ { FLAG, offsetof(private_vendor_id_payload_t, critical) }, - /* 7 Bit reserved bits, nowhere stored */ + /* 7 Bit reserved bits, nowhere stored */ { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, @@ -75,7 +73,7 @@ encoding_rule_t vendor_id_payload_encodings[] = { /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_vendor_id_payload_t, payload_length)}, /* some vendor_id data bytes, length is defined in PAYLOAD_LENGTH */ - { VID_DATA, offsetof(private_vendor_id_payload_t, vendor_id_data) } + { VID_DATA, offsetof(private_vendor_id_payload_t, data) } }; /* @@ -101,7 +99,8 @@ static status_t verify(private_vendor_id_payload_t *this) /** * Implementation of vendor_id_payload_t.get_encoding_rules. */ -static void get_encoding_rules(private_vendor_id_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +static void get_encoding_rules(private_vendor_id_payload_t *this, + encoding_rule_t **rules, size_t *rule_count) { *rules = vendor_id_payload_encodings; *rule_count = sizeof(vendor_id_payload_encodings) / sizeof(encoding_rule_t); @@ -120,7 +119,7 @@ static payload_type_t get_payload_type(private_vendor_id_payload_t *this) */ static payload_type_t get_next_type(private_vendor_id_payload_t *this) { - return (this->next_payload); + return this->next_payload; } /** @@ -139,41 +138,12 @@ static size_t get_length(private_vendor_id_payload_t *this) return this->payload_length; } -/** - * Implementation of vendor_id_payload_t.set_data. - */ -static void set_data (private_vendor_id_payload_t *this, chunk_t data) -{ - if (this->vendor_id_data.ptr != NULL) - { - chunk_free(&(this->vendor_id_data)); - } - this->vendor_id_data.ptr = clalloc(data.ptr,data.len); - this->vendor_id_data.len = data.len; - this->payload_length = VENDOR_ID_PAYLOAD_HEADER_LENGTH + this->vendor_id_data.len; -} - /** * Implementation of vendor_id_payload_t.get_data. */ -static chunk_t get_data (private_vendor_id_payload_t *this) -{ - return (this->vendor_id_data); -} - -/** - * Implementation of vendor_id_payload_t.get_data_clone. - */ -static chunk_t get_data_clone (private_vendor_id_payload_t *this) +static chunk_t get_data(private_vendor_id_payload_t *this) { - chunk_t cloned_data; - if (this->vendor_id_data.ptr == NULL) - { - return (this->vendor_id_data); - } - cloned_data.ptr = clalloc(this->vendor_id_data.ptr,this->vendor_id_data.len); - cloned_data.len = this->vendor_id_data.len; - return cloned_data; + return this->data; } /** @@ -181,11 +151,8 @@ static chunk_t get_data_clone (private_vendor_id_payload_t *this) */ static void destroy(private_vendor_id_payload_t *this) { - if (this->vendor_id_data.ptr != NULL) - { - chunk_free(&(this->vendor_id_data)); - } - free(this); + free(this->data.ptr); + free(this); } /* @@ -195,7 +162,6 @@ vendor_id_payload_t *vendor_id_payload_create() { private_vendor_id_payload_t *this = malloc_thing(private_vendor_id_payload_t); - /* interface functions */ this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; @@ -203,18 +169,27 @@ vendor_id_payload_t *vendor_id_payload_create() this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; - - /* public functions */ - this->public.destroy = (void (*) (vendor_id_payload_t *)) destroy; - this->public.set_data = (void (*) (vendor_id_payload_t *,chunk_t)) set_data; - this->public.get_data_clone = (chunk_t (*) (vendor_id_payload_t *)) get_data_clone; this->public.get_data = (chunk_t (*) (vendor_id_payload_t *)) get_data; - - /* private variables */ + this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length = VENDOR_ID_PAYLOAD_HEADER_LENGTH; - this->vendor_id_data = chunk_empty; + this->data = chunk_empty; - return (&(this->public)); + return &this->public; } + +/* + * Described in header + */ +vendor_id_payload_t *vendor_id_payload_create_data(chunk_t data) +{ + private_vendor_id_payload_t *this; + + this = (private_vendor_id_payload_t*)vendor_id_payload_create(); + this->payload_length += data.len; + this->data = data; + + return &this->public; +} + diff --git a/src/charon/encoding/payloads/vendor_id_payload.h b/src/charon/encoding/payloads/vendor_id_payload.h index 9ee9ea1d4..241535cac 100644 --- a/src/charon/encoding/payloads/vendor_id_payload.h +++ b/src/charon/encoding/payloads/vendor_id_payload.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -32,56 +32,39 @@ typedef struct vendor_id_payload_t vendor_id_payload_t; */ #define VENDOR_ID_PAYLOAD_HEADER_LENGTH 4 - /** * Class representing an IKEv2 VENDOR ID payload. * * The VENDOR ID payload format is described in RFC section 3.12. */ struct vendor_id_payload_t { + /** * The payload_t interface. */ payload_t payload_interface; - /** - * Set the VID data. - * - * Data are getting cloned. - * - * @param data VID data as chunk_t - */ - void (*set_data) (vendor_id_payload_t *this, chunk_t data); - - /** - * Get the VID data. - * - * Returned data are a copy of the internal one. - * - * @return VID data as chunk_t - */ - chunk_t (*get_data_clone) (vendor_id_payload_t *this); - /** * Get the VID data. - * - * Returned data are NOT copied. * - * @return VID data as chunk_t - */ - chunk_t (*get_data) (vendor_id_payload_t *this); - - /** - * Destroys an vendor_id_payload_t object. + * @return VID data, pointing to an internal chunk_t */ - void (*destroy) (vendor_id_payload_t *this); + chunk_t (*get_data)(vendor_id_payload_t *this); }; /** - * Creates an empty vendor_id_payload_t object. - * - * @return vendor_id_payload_t object + * Creates an empty Vendor ID payload. + * + * @return vendor ID payload + */ +vendor_id_payload_t *vendor_id_payload_create(); + +/** + * Creates a vendor ID payload using a chunk of data + * + * @param data data to use in vendor ID payload, gets owned by payload + * @return vendor ID payload */ -vendor_id_payload_t *vendor_id_payload_create(void); +vendor_id_payload_t *vendor_id_payload_create_data(chunk_t data); #endif /** VENDOR_ID_PAYLOAD_H_ @}*/ diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index 53ae1d200..99bf94e9b 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2009 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,8 +15,6 @@ #include "kernel_interface.h" -#include - #include typedef struct private_kernel_interface_t private_kernel_interface_t; @@ -30,12 +28,12 @@ struct private_kernel_interface_t { * Public part of kernel_interface_t object. */ kernel_interface_t public; - + /** * ipsec interface */ kernel_ipsec_t *ipsec; - + /** * network interface */ @@ -45,7 +43,7 @@ struct private_kernel_interface_t { /** * Implementation of kernel_interface_t.get_spi */ -static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst, +static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { if (!this->ipsec) @@ -58,7 +56,7 @@ static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *d /** * Implementation of kernel_interface_t.get_cpi */ -static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst, +static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { if (!this->ipsec) @@ -73,26 +71,27 @@ static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *d */ static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - u_int64_t expire_soft, u_int64_t expire_hard, + lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, - bool inbound) + bool inbound, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts) { if (!this->ipsec) { return NOT_SUPPORTED; } return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, - expire_soft, expire_hard, enc_alg, enc_key, int_alg, int_key, - mode, ipcomp, cpi, encap, inbound); + lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi, + encap, inbound, src_ts, dst_ts); } /** * Implementation of kernel_interface_t.update_sa */ static status_t update_sa(private_kernel_interface_t *this, u_int32_t spi, - protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst, + protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap) { if (!this->ipsec) @@ -289,13 +288,13 @@ static status_t get_address_by_ts(private_kernel_interface_t *this, host_t *host; int family; bool found = FALSE; - + DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts); - + /* if we have a family which includes localhost, we do not * search for an IP, we use the default */ family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6; - + if (family == AF_INET) { host = host_create_from_string("127.0.0.1", 0); @@ -304,7 +303,7 @@ static status_t get_address_by_ts(private_kernel_interface_t *this, { host = host_create_from_string("::1", 0); } - + if (ts->includes(ts, host)) { *ip = host_create_any(family); @@ -313,7 +312,7 @@ static status_t get_address_by_ts(private_kernel_interface_t *this, return SUCCESS; } host->destroy(host); - + addrs = create_address_enumerator(this, TRUE, TRUE); while (addrs->enumerate(addrs, (void**)&host)) { @@ -325,13 +324,13 @@ static status_t get_address_by_ts(private_kernel_interface_t *this, } } addrs->destroy(addrs); - + if (!found) { DBG1(DBG_KNL, "no local address found in traffic selector %R", ts); return FAILED; } - + DBG2(DBG_KNL, "using host %H", *ip); return SUCCESS; } @@ -395,17 +394,17 @@ static void destroy(private_kernel_interface_t *this) kernel_interface_t *kernel_interface_create() { private_kernel_interface_t *this = malloc_thing(private_kernel_interface_t); - + this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; - this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa; + this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa; this->public.update_sa = (status_t(*)(kernel_interface_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa; this->public.query_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa; this->public.del_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa; this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.del_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - + this->public.get_source_addr = (host_t*(*)(kernel_interface_t*, host_t *dest, host_t *src))get_source_addr; this->public.get_nexthop = (host_t*(*)(kernel_interface_t*, host_t *dest))get_nexthop; this->public.get_interface = (char*(*)(kernel_interface_t*,host_t*))get_interface; @@ -414,18 +413,18 @@ kernel_interface_t *kernel_interface_create() this->public.del_ip = (status_t(*)(kernel_interface_t*,host_t*)) del_ip; this->public.add_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route; this->public.del_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route; - + this->public.get_address_by_ts = (status_t(*)(kernel_interface_t*,traffic_selector_t*,host_t**))get_address_by_ts; - + this->public.add_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))add_ipsec_interface; this->public.remove_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))remove_ipsec_interface; this->public.add_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))add_net_interface; this->public.remove_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))remove_net_interface; - + this->public.destroy = (void (*)(kernel_interface_t*))destroy; - + this->ipsec = NULL; this->net = NULL; - + return &this->public; } diff --git a/src/charon/kernel/kernel_interface.h b/src/charon/kernel/kernel_interface.h index c4a273a34..c39246e72 100644 --- a/src/charon/kernel/kernel_interface.h +++ b/src/charon/kernel/kernel_interface.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2008 Tobias Brunner + * Copyright (C) 2006-2009 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -45,7 +45,7 @@ typedef kernel_net_t* (*kernel_net_constructor_t)(void); /** * Manager and wrapper for different kernel interfaces. - * + * * The kernel interface handles the communication with the kernel * for SA and policy management and interface and IP address management. */ @@ -61,39 +61,36 @@ struct kernel_interface_t { * @param spi allocated spi * @return SUCCESS if operation completed */ - status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst, + status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi); - + /** * Get a Compression Parameter Index (CPI) from the kernel. - * + * * @param src source address of SA * @param dst destination address of SA * @param reqid unique ID for the corresponding SA * @param cpi allocated cpi * @return SUCCESS if operation completed */ - status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst, + status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi); - + /** * Add an SA to the SAD. - * + * * add_sa() may update an already allocated * SPI (via get_spi). In this case, the replace * flag must be set. * This function does install a single SA for a - * single protocol in one direction. The kernel-interface - * gets the keys itself from the PRF, as we don't know - * his algorithms and key sizes. - * + * single protocol in one direction. + * * @param src source address for this SA * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer * @param protocol protocol for this SA (ESP/AH) * @param reqid unique ID for this SA - * @param expire_soft lifetime in seconds before rekeying - * @param expire_hard lifetime in seconds before delete + * @param lifetime lifetime_cfg_t for this SA * @param enc_alg Algorithm to use for encryption (ESP only) * @param enc_key key to use for encryption * @param int_alg Algorithm to use for integrity protection @@ -103,17 +100,20 @@ struct kernel_interface_t { * @param cpi CPI for IPComp * @param encap enable UDP encapsulation for NAT traversal * @param inbound TRUE if this is an inbound SA + * @param src_ts traffic selector with BEET source address + * @param dst_ts traffic selector with BEET destination address * @return SUCCESS if operation completed */ status_t (*add_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - u_int64_t expire_soft, u_int64_t expire_hard, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, + lifetime_cfg_t *lifetime, + u_int16_t enc_alg, chunk_t enc_key, + u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound); - + bool encap, bool inbound, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts); + /** * Update the hosts on an installed SA. * @@ -132,17 +132,17 @@ struct kernel_interface_t { * @param encap current use of UDP encapsulation * @param new_encap new use of UDP encapsulation * @return SUCCESS if operation completed, NOT_SUPPORTED if - * the kernel interface can't update the SA + * the kernel interface can't update the SA */ status_t (*update_sa)(kernel_interface_t *this, u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, + host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap); - + /** * Query the number of bytes processed by an SA from the SAD. - * + * * @param src source address for this SA * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer @@ -152,10 +152,10 @@ struct kernel_interface_t { */ status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes); - + /** * Delete a previously installed SA from the SAD. - * + * * @param src source address for this SA * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer @@ -165,13 +165,13 @@ struct kernel_interface_t { */ status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int16_t cpi); - + /** * Add a policy to the SPD. - * + * * A policy is always associated to an SA. Traffic which matches a * policy is handled by the SA with the same reqid. - * + * * @param src source address of SA * @param dst dest address of SA * @param src_ts traffic selector to match traffic source @@ -194,13 +194,13 @@ struct kernel_interface_t { protocol_id_t protocol, u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool routed); - + /** * Query the use time of a policy. * * The use time of a policy is the time the policy was used * for the last time. - * + * * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD @@ -208,10 +208,10 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*query_policy) (kernel_interface_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time); - + /** * Remove a policy from the SPD. * @@ -227,11 +227,11 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*del_policy) (kernel_interface_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted); - + /** * Get our outgoing source address for a destination. * @@ -246,7 +246,7 @@ struct kernel_interface_t { */ host_t* (*get_source_addr)(kernel_interface_t *this, host_t *dest, host_t *src); - + /** * Get the next hop for a destination. * @@ -257,7 +257,7 @@ struct kernel_interface_t { * @return next hop address, NULL if unreachable */ host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest); - + /** * Get the interface name of a local address. * @@ -265,21 +265,21 @@ struct kernel_interface_t { * @return allocated interface name, or NULL if not found */ char* (*get_interface) (kernel_interface_t *this, host_t *host); - + /** * Creates an enumerator over all local addresses. - * + * * This function blocks an internal cached address list until the * enumerator gets destroyed. * The hosts are read-only, do not modify of free. - * + * * @param include_down_ifaces TRUE to enumerate addresses from down interfaces * @param include_virtual_ips TRUE to enumerate virtual ip addresses * @return enumerator over host_t's */ enumerator_t *(*create_address_enumerator) (kernel_interface_t *this, bool include_down_ifaces, bool include_virtual_ips); - + /** * Add a virtual IP to an interface. * @@ -294,7 +294,7 @@ struct kernel_interface_t { */ status_t (*add_ip) (kernel_interface_t *this, host_t *virtual_ip, host_t *iface_ip); - + /** * Remove a virtual IP from an interface. * @@ -304,10 +304,10 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*del_ip) (kernel_interface_t *this, host_t *virtual_ip); - + /** * Add a route. - * + * * @param dst_net destination net * @param prefixlen destination net prefix length * @param gateway gateway for this route @@ -318,10 +318,10 @@ struct kernel_interface_t { */ status_t (*add_route) (kernel_interface_t *this, chunk_t dst_net, u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); - + /** * Delete a route. - * + * * @param dst_net destination net * @param prefixlen destination net prefix length * @param gateway gateway for this route @@ -331,50 +331,50 @@ struct kernel_interface_t { */ status_t (*del_route) (kernel_interface_t *this, chunk_t dst_net, u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); - + /** * manager methods */ - + /** * Tries to find an ip address of a local interface that is included in the * supplied traffic selector. - * + * * @param ts traffic selector * @param ip returned ip (has to be destroyed) * @return SUCCESS if address found */ status_t (*get_address_by_ts) (kernel_interface_t *this, traffic_selector_t *ts, host_t **ip); - + /** * Register an ipsec kernel interface constructor on the manager. * * @param create constructor to register */ void (*add_ipsec_interface)(kernel_interface_t *this, kernel_ipsec_constructor_t create); - + /** * Unregister an ipsec kernel interface constructor. * * @param create constructor to unregister */ void (*remove_ipsec_interface)(kernel_interface_t *this, kernel_ipsec_constructor_t create); - + /** * Register a network kernel interface constructor on the manager. * * @param create constructor to register */ void (*add_net_interface)(kernel_interface_t *this, kernel_net_constructor_t create); - + /** * Unregister a network kernel interface constructor. * * @param create constructor to unregister */ void (*remove_net_interface)(kernel_interface_t *this, kernel_net_constructor_t create); - + /** * Destroys a kernel_interface_manager_t object. */ diff --git a/src/charon/kernel/kernel_ipsec.c b/src/charon/kernel/kernel_ipsec.c index 45eef4907..5b0335b16 100644 --- a/src/charon/kernel/kernel_ipsec.c +++ b/src/charon/kernel/kernel_ipsec.c @@ -18,8 +18,6 @@ ENUM(ipsec_mode_names, MODE_TRANSPORT, MODE_BEET, "TRANSPORT", "TUNNEL", - "2", - "3", "BEET", ); diff --git a/src/charon/kernel/kernel_ipsec.h b/src/charon/kernel/kernel_ipsec.h index d6438c197..73ad29b0e 100644 --- a/src/charon/kernel/kernel_ipsec.h +++ b/src/charon/kernel/kernel_ipsec.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2008 Tobias Brunner + * Copyright (C) 2006-2009 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -30,7 +30,8 @@ typedef struct kernel_ipsec_t kernel_ipsec_t; #include #include -#include +#include +#include /** * Mode of a CHILD_SA. @@ -70,9 +71,9 @@ extern enum_name_t *policy_dir_names; /** * Interface to the ipsec subsystem of the kernel. - * + * * The kernel ipsec interface handles the communication with the kernel - * for SA and policy management. It allows setup of these, and provides + * for SA and policy management. It allows setup of these, and provides * further the handling of kernel events. * Policy information are cached in the interface. This is necessary to do * reference counting. The Linux kernel does not allow the same policy @@ -80,7 +81,7 @@ extern enum_name_t *policy_dir_names; * when rekeying. Thats why we do reference counting of policies. */ struct kernel_ipsec_t { - + /** * Get a SPI from the kernel. * @@ -91,39 +92,36 @@ struct kernel_ipsec_t { * @param spi allocated spi * @return SUCCESS if operation completed */ - status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst, + status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi); - + /** * Get a Compression Parameter Index (CPI) from the kernel. - * + * * @param src source address of SA * @param dst destination address of SA * @param reqid unique ID for the corresponding SA * @param cpi allocated cpi * @return SUCCESS if operation completed */ - status_t (*get_cpi)(kernel_ipsec_t *this, host_t *src, host_t *dst, + status_t (*get_cpi)(kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi); - + /** * Add an SA to the SAD. - * + * * add_sa() may update an already allocated * SPI (via get_spi). In this case, the replace * flag must be set. * This function does install a single SA for a - * single protocol in one direction. The kernel-interface - * gets the keys itself from the PRF, as we don't know - * his algorithms and key sizes. - * + * single protocol in one direction. + * * @param src source address for this SA * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer * @param protocol protocol for this SA (ESP/AH) * @param reqid unique ID for this SA - * @param expire_soft lifetime in seconds before rekeying - * @param expire_hard lifetime in seconds before delete + * @param lifetime lifetime_cfg_t for this SA * @param enc_alg Algorithm to use for encryption (ESP only) * @param enc_key key to use for encryption * @param int_alg Algorithm to use for integrity protection @@ -133,17 +131,20 @@ struct kernel_ipsec_t { * @param cpi CPI for IPComp * @param encap enable UDP encapsulation for NAT traversal * @param inbound TRUE if this is an inbound SA + * @param src_ts traffic selector with BEET source address + * @param dst_ts traffic selector with BEET destination address * @return SUCCESS if operation completed */ status_t (*add_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - u_int64_t expire_soft, u_int64_t expire_hard, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, + lifetime_cfg_t *lifetime, + u_int16_t enc_alg, chunk_t enc_key, + u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound); - + bool encap, bool inbound, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts); + /** * Update the hosts on an installed SA. * @@ -162,17 +163,17 @@ struct kernel_ipsec_t { * @param encap current use of UDP encapsulation * @param new_encap new use of UDP encapsulation * @return SUCCESS if operation completed, NOT_SUPPORTED if - * the kernel interface can't update the SA + * the kernel interface can't update the SA */ status_t (*update_sa)(kernel_ipsec_t *this, u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, + host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap); - + /** * Query the number of bytes processed by an SA from the SAD. - * + * * @param src source address for this SA * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer @@ -182,10 +183,10 @@ struct kernel_ipsec_t { */ status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes); - + /** * Delete a previusly installed SA from the SAD. - * + * * @param src source address for this SA * @param dst destination address for this SA * @param spi SPI allocated by us or remote peer @@ -195,13 +196,13 @@ struct kernel_ipsec_t { */ status_t (*del_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int16_t cpi); - + /** * Add a policy to the SPD. - * + * * A policy is always associated to an SA. Traffic which matches a * policy is handled by the SA with the same reqid. - * + * * @param src source address of SA * @param dst dest address of SA * @param src_ts traffic selector to match traffic source @@ -224,24 +225,25 @@ struct kernel_ipsec_t { protocol_id_t protocol, u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool routed); - + /** * Query the use time of a policy. * - * The use time of a policy is the time the policy was used - * for the last time. - * + * The use time of a policy is the time the policy was used for the last + * time. It is not the system time, but a monotonic timestamp as returned + * by time_monotonic. + * * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD - * @param[out] use_time the time of this SA's last use + * @param[out] use_time the monotonic timestamp of this SA's last use * @return SUCCESS if operation completed */ status_t (*query_policy) (kernel_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time); - + /** * Remove a policy from the SPD. * @@ -257,11 +259,11 @@ struct kernel_ipsec_t { * @return SUCCESS if operation completed */ status_t (*del_policy) (kernel_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted); - + /** * Destroy the implementation. */ diff --git a/src/charon/kernel/kernel_net.h b/src/charon/kernel/kernel_net.h index 02242f3a8..efb221f88 100644 --- a/src/charon/kernel/kernel_net.h +++ b/src/charon/kernel/kernel_net.h @@ -29,7 +29,7 @@ typedef struct kernel_net_t kernel_net_t; /** * Interface to the network subsystem of the kernel. - * + * * The kernel network interface handles the communication with the kernel * for interface and IP address management. */ @@ -48,7 +48,7 @@ struct kernel_net_t { * @return outgoing source address, NULL if unreachable */ host_t* (*get_source_addr)(kernel_net_t *this, host_t *dest, host_t *src); - + /** * Get the next hop for a destination. * @@ -59,7 +59,7 @@ struct kernel_net_t { * @return next hop address, NULL if unreachable */ host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest); - + /** * Get the interface name of a local address. * @@ -67,21 +67,21 @@ struct kernel_net_t { * @return allocated interface name, or NULL if not found */ char* (*get_interface) (kernel_net_t *this, host_t *host); - + /** * Creates an enumerator over all local addresses. - * + * * This function blocks an internal cached address list until the * enumerator gets destroyed. * The hosts are read-only, do not modify of free. - * + * * @param include_down_ifaces TRUE to enumerate addresses from down interfaces * @param include_virtual_ips TRUE to enumerate virtual ip addresses * @return enumerator over host_t's */ enumerator_t *(*create_address_enumerator) (kernel_net_t *this, bool include_down_ifaces, bool include_virtual_ips); - + /** * Add a virtual IP to an interface. * @@ -96,7 +96,7 @@ struct kernel_net_t { */ status_t (*add_ip) (kernel_net_t *this, host_t *virtual_ip, host_t *iface_ip); - + /** * Remove a virtual IP from an interface. * @@ -106,10 +106,10 @@ struct kernel_net_t { * @return SUCCESS if operation completed */ status_t (*del_ip) (kernel_net_t *this, host_t *virtual_ip); - + /** * Add a route. - * + * * @param dst_net destination net * @param prefixlen destination net prefix length * @param gateway gateway for this route @@ -120,10 +120,10 @@ struct kernel_net_t { */ status_t (*add_route) (kernel_net_t *this, chunk_t dst_net, u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); - + /** * Delete a route. - * + * * @param dst_net destination net * @param prefixlen destination net prefix length * @param gateway gateway for this route @@ -133,7 +133,7 @@ struct kernel_net_t { */ status_t (*del_route) (kernel_net_t *this, chunk_t dst_net, u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); - + /** * Destroy the implementation. */ diff --git a/src/charon/network/packet.c b/src/charon/network/packet.c index fd3a274bd..19a62603d 100644 --- a/src/charon/network/packet.c +++ b/src/charon/network/packet.c @@ -27,17 +27,17 @@ struct private_packet_t { * Public part of a packet_t object. */ packet_t public; - + /** * source address */ host_t *source; - + /** * destination address */ host_t *destination; - + /** * message data */ @@ -77,7 +77,7 @@ static host_t *get_destination(private_packet_t *this) { return this->destination; } - + /** * Implements packet_t.get_data */ @@ -103,7 +103,7 @@ static void destroy(private_packet_t *this) if (this->source != NULL) { this->source->destroy(this->source); - } + } if (this->destination != NULL) { this->destination->destroy(this->destination); @@ -118,7 +118,7 @@ static void destroy(private_packet_t *this) static packet_t *clone_(private_packet_t *this) { private_packet_t *other = (private_packet_t*)packet_create(); - + if (this->destination != NULL) { other->destination = this->destination->clone(this->destination); @@ -150,10 +150,10 @@ packet_t *packet_create(void) this->public.get_destination = (host_t*(*) (packet_t *)) get_destination; this->public.clone = (packet_t*(*) (packet_t *))clone_; this->public.destroy = (void(*) (packet_t *)) destroy; - + this->destination = NULL; this->source = NULL; this->data = chunk_empty; - + return &(this->public); } diff --git a/src/charon/network/packet.h b/src/charon/network/packet.h index aacb203e9..18d82c6fc 100644 --- a/src/charon/network/packet.h +++ b/src/charon/network/packet.h @@ -34,71 +34,71 @@ struct packet_t { /** * Set the source address. - * + * * Set host_t is now owned by packet_t, it will destroy * it if necessary. - * + * * @param source address to set as source */ void (*set_source) (packet_t *packet, host_t *source); - + /** * Set the destination address. - * + * * Set host_t is now owned by packet_t, it will destroy * it if necessary. - * + * * @param source address to set as destination */ void (*set_destination) (packet_t *packet, host_t *destination); - + /** * Get the source address. - * + * * Set host_t is still owned by packet_t, clone it * if needed. - * + * * @return source address */ host_t *(*get_source) (packet_t *packet); - + /** * Get the destination address. - * + * * Set host_t is still owned by packet_t, clone it * if needed. - * + * * @return destination address */ host_t *(*get_destination) (packet_t *packet); - + /** * Get the data from the packet. - * - * The data pointed by the chunk is still owned + * + * The data pointed by the chunk is still owned * by the packet. Clone it if needed. - * + * * @return chunk containing the data */ chunk_t (*get_data) (packet_t *packet); - + /** * Set the data in the packet. - * - * Supplied chunk data is now owned by the + * + * Supplied chunk data is now owned by the * packet. It will free it. - * + * * @param data chunk with data to set */ void (*set_data) (packet_t *packet, chunk_t data); - + /** * Clones a packet_t object. - * + * * @param clone clone of the packet */ packet_t* (*clone) (packet_t *packet); - + /** * Destroy the packet, freeing contained data. */ @@ -107,7 +107,7 @@ struct packet_t { /** * create an empty packet - * + * * @return packet_t object */ packet_t *packet_create(void); diff --git a/src/charon/network/receiver.c b/src/charon/network/receiver.c index ab4d6d592..6cd99439b 100644 --- a/src/charon/network/receiver.c +++ b/src/charon/network/receiver.c @@ -17,7 +17,6 @@ #include #include -#include #include "receiver.h" @@ -50,57 +49,52 @@ struct private_receiver_t { * Public part of a receiver_t object. */ receiver_t public; - + /** * Threads job receiving packets */ callback_job_t *job; - - /** - * Assigned thread. - */ - pthread_t assigned_thread; - + /** * current secret to use for cookie calculation */ char secret[SECRET_LENGTH]; - + /** * previous secret used to verify older cookies */ char secret_old[SECRET_LENGTH]; - + /** * how many times we have used "secret" so far */ u_int32_t secret_used; - + /** * time we did the cookie switch */ u_int32_t secret_switch; - + /** * time offset to use, hides our system time */ u_int32_t secret_offset; - + /** * the RNG to use for secret generation */ rng_t *rng; - + /** * hasher to use for cookie calculation */ hasher_t *hasher; - + /** * require cookies after this many half open IKE_SAs */ u_int32_t cookie_threshold; - + /** * how many half open IKE_SAs per peer before blocking */ @@ -119,7 +113,7 @@ static void send_notify(message_t *request, notify_type_t type, chunk_t data) host_t *src, *dst; packet_t *packet; ike_sa_id_t *ike_sa_id; - + response = message_create(); dst = request->get_source(request); src = request->get_destination(request); @@ -149,7 +143,7 @@ static chunk_t cookie_build(private_receiver_t *this, message_t *message, u_int64_t spi = message->get_initiator_spi(message); host_t *ip = message->get_source(message); chunk_t input, hash; - + /* COOKIE = t | sha1( IPi | SPIi | t | secret ) */ input = chunk_cata("cccc", ip->get_address(ip), chunk_from_thing(spi), chunk_from_thing(t), secret); @@ -167,18 +161,18 @@ static bool cookie_verify(private_receiver_t *this, message_t *message, u_int32_t t, now; chunk_t reference; chunk_t secret; - - now = time(NULL); + + now = time_monotonic(NULL); t = *(u_int32_t*)cookie.ptr; - + if (cookie.len != sizeof(u_int32_t) + - this->hasher->get_hash_size(this->hasher) || + this->hasher->get_hash_size(this->hasher) || t < now - this->secret_offset - COOKIE_LIFETIME) { DBG2(DBG_NET, "received cookie lifetime expired, rejecting"); - return FALSE; + return FALSE; } - + /* check if cookie is derived from old_secret */ if (t + this->secret_offset > this->secret_switch) { @@ -188,7 +182,7 @@ static bool cookie_verify(private_receiver_t *this, message_t *message, { secret = chunk_from_thing(this->secret_old); } - + /* compare own calculation against received */ reference = cookie_build(this, message, t, secret); if (chunk_equals(reference, cookie)) @@ -206,20 +200,20 @@ static bool cookie_verify(private_receiver_t *this, message_t *message, static bool cookie_required(private_receiver_t *this, message_t *message) { bool failed = FALSE; - + if (charon->ike_sa_manager->get_half_open_count(charon->ike_sa_manager, NULL) >= this->cookie_threshold) { /* check for a cookie. We don't use our parser here and do it - * quick and dirty for performance reasons. - * we assume the cookie is the first payload (which is a MUST), and + * quick and dirty for performance reasons. + * we assume the cookie is the first payload (which is a MUST), and * the cookie's SPI length is zero. */ packet_t *packet = message->get_packet(message); chunk_t data = packet->get_data(packet); - if (data.len < + if (data.len < IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH + sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher) || - *(data.ptr + 16) != NOTIFY || + *(data.ptr + 16) != NOTIFY || *(u_int16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE)) { /* no cookie found */ @@ -261,14 +255,14 @@ static job_requeue_t receive_packets(private_receiver_t *this) packet_t *packet; message_t *message; job_t *job; - + /* read in a packet */ if (charon->socket->receive(charon->socket, &packet) != SUCCESS) { DBG2(DBG_NET, "receiving from socket failed!"); return JOB_REQUEUE_FAIR; } - + /* parse message header */ message = message_create_from_packet(packet); if (message->parse_header(message) != SUCCESS) @@ -278,28 +272,28 @@ static job_requeue_t receive_packets(private_receiver_t *this) message->destroy(message); return JOB_REQUEUE_DIRECT; } - + /* check IKE major version */ if (message->get_major_version(message) != IKE_MAJOR_VERSION) { DBG1(DBG_NET, "received unsupported IKE version %d.%d from %H, " - "sending INVALID_MAJOR_VERSION", message->get_major_version(message), + "sending INVALID_MAJOR_VERSION", message->get_major_version(message), message->get_minor_version(message), packet->get_source(packet)); send_notify(message, INVALID_MAJOR_VERSION, chunk_empty); message->destroy(message); return JOB_REQUEUE_DIRECT; } - + if (message->get_request(message) && message->get_exchange_type(message) == IKE_SA_INIT) { /* check for cookies */ if (this->cookie_threshold && cookie_required(this, message)) { - u_int32_t now = time(NULL); + u_int32_t now = time_monotonic(NULL); chunk_t cookie = cookie_build(this, message, now - this->secret_offset, - chunk_from_thing(this->secret)); - + chunk_from_thing(this->secret)); + DBG2(DBG_NET, "received packet from: %#H to %#H", message->get_source(message), message->get_destination(message)); @@ -312,7 +306,7 @@ static job_requeue_t receive_packets(private_receiver_t *this) /* create new cookie */ DBG1(DBG_NET, "generating new cookie secret after %d uses", this->secret_used); - memcpy(this->secret_old, this->secret, SECRET_LENGTH); + memcpy(this->secret_old, this->secret, SECRET_LENGTH); this->rng->get_bytes(this->rng, SECRET_LENGTH, this->secret); this->secret_switch = now; this->secret_used = 0; @@ -320,7 +314,7 @@ static job_requeue_t receive_packets(private_receiver_t *this) message->destroy(message); return JOB_REQUEUE_DIRECT; } - + /* check if peer has not too many IKE_SAs half open */ if (this->block_threshold && peer_to_aggressive(this, message)) { @@ -352,10 +346,10 @@ static void destroy(private_receiver_t *this) receiver_t *receiver_create() { private_receiver_t *this = malloc_thing(private_receiver_t); - u_int32_t now = time(NULL); - + u_int32_t now = time_monotonic(NULL); + this->public.destroy = (void(*)(receiver_t*)) destroy; - + this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED); if (this->hasher == NULL) { @@ -385,11 +379,11 @@ receiver_t *receiver_create() this->cookie_threshold = 0; this->block_threshold = 0; } - + this->job = callback_job_create((callback_job_cb_t)receive_packets, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/network/receiver.h b/src/charon/network/receiver.h index 87797634e..690d8dbab 100644 --- a/src/charon/network/receiver.h +++ b/src/charon/network/receiver.h @@ -29,7 +29,7 @@ typedef struct receiver_t receiver_t; /** * Receives packets from the socket and adds them to the job queue. - * + * * The receiver starts a thread, wich reads on the blocking socket. A received * packet is preparsed and a process_message_job is queued in the job queue. * @@ -41,16 +41,16 @@ typedef struct receiver_t receiver_t; * find out wich key was used for cookie creation. Further, we can set a * lifetime for the cookie, which allows us to reuse the secret for a longer * time. - * COOKIE = time | sha1( IPi | SPIi | time | secret ) + * COOKIE = time | sha1( IPi | SPIi | time | secret ) * * The secret is changed after a certain amount of cookies sent. The old * secret is stored to allow a clean migration between secret changes. - * + * * Further, the number of half-initiated IKE_SAs is limited per peer. This * mades it impossible for a peer to flood the server with its real IP address. */ struct receiver_t { - + /** * Destroys a receiver_t object. */ @@ -59,10 +59,10 @@ struct receiver_t { /** * Create a receiver_t object. - * + * * The receiver thread will start working, get data * from the socket and add those packets to the job queue. - * + * * @return receiver_t object, NULL if initialization fails */ receiver_t * receiver_create(void); diff --git a/src/charon/network/sender.c b/src/charon/network/sender.c index 19f589115..3be5861dd 100644 --- a/src/charon/network/sender.c +++ b/src/charon/network/sender.c @@ -15,14 +15,15 @@ */ #include -#include #include "sender.h" #include #include #include -#include +#include +#include +#include typedef struct private_sender_t private_sender_t; @@ -40,7 +41,7 @@ struct private_sender_t { * Sender threads job. */ callback_job_t *job; - + /** * The packets are stored in a linked list */ @@ -55,7 +56,7 @@ struct private_sender_t { * condvar to signal for packets added to list */ condvar_t *got; - + /** * condvar to signal for packets sent */ @@ -68,11 +69,11 @@ struct private_sender_t { static void send_(private_sender_t *this, packet_t *packet) { host_t *src, *dst; - + src = packet->get_source(packet); dst = packet->get_destination(packet); DBG1(DBG_NET, "sending packet: from %#H to %#H", src, dst); - + this->mutex->lock(this->mutex); this->list->insert_last(this->list, packet); this->got->signal(this->got); @@ -85,24 +86,24 @@ static void send_(private_sender_t *this, packet_t *packet) static job_requeue_t send_packets(private_sender_t * this) { packet_t *packet; - int oldstate; - + bool oldstate; + this->mutex->lock(this->mutex); while (this->list->get_count(this->list) == 0) { /* add cleanup handler, wait for packet, remove cleanup handler */ - pthread_cleanup_push((void(*)(void*))this->mutex->unlock, this->mutex); - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); - + thread_cleanup_push((thread_cleanup_t)this->mutex->unlock, this->mutex); + oldstate = thread_cancelability(TRUE); + this->got->wait(this->got, this->mutex); - - pthread_setcancelstate(oldstate, NULL); - pthread_cleanup_pop(0); + + thread_cancelability(oldstate); + thread_cleanup_pop(FALSE); } this->list->remove_first(this->list, (void**)&packet); this->sent->signal(this->sent); this->mutex->unlock(this->mutex); - + charon->socket->send(charon->socket, packet); packet->destroy(packet); return JOB_REQUEUE_DIRECT; @@ -134,19 +135,19 @@ static void destroy(private_sender_t *this) sender_t * sender_create() { private_sender_t *this = malloc_thing(private_sender_t); - + this->public.send = (void(*)(sender_t*,packet_t*))send_; this->public.destroy = (void(*)(sender_t*)) destroy; - + this->list = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->got = condvar_create(CONDVAR_TYPE_DEFAULT); this->sent = condvar_create(CONDVAR_TYPE_DEFAULT); - + this->job = callback_job_create((callback_job_cb_t)send_packets, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/network/sender.h b/src/charon/network/sender.h index 55f67af70..f77fadab2 100644 --- a/src/charon/network/sender.h +++ b/src/charon/network/sender.h @@ -31,7 +31,7 @@ typedef struct sender_t sender_t; * Thread responsible for sending packets over the socket. */ struct sender_t { - + /** * Send a packet over the network. * @@ -39,10 +39,10 @@ struct sender_t { * Whenever the sender thread thinks it's good to send the packet, * it'll do so. * - * @param packet packet to send + * @param packet packet to send */ void (*send) (sender_t *this, packet_t *packet); - + /** * Destroys a sender object. */ @@ -51,10 +51,10 @@ struct sender_t { /** * Create the sender thread. - * + * * The thread will start to work, getting packets * from its queue and sends them out. - * + * * @return created sender object */ sender_t * sender_create(void); diff --git a/src/charon/network/socket-raw.c b/src/charon/network/socket-raw.c index 148be486c..6cc0463b2 100644 --- a/src/charon/network/socket-raw.c +++ b/src/charon/network/socket-raw.c @@ -18,7 +18,6 @@ /* for struct in6_pktinfo */ #define _GNU_SOURCE -#include #include #include #include @@ -38,6 +37,7 @@ #include "socket.h" #include +#include /* constants for packet handling */ #define IP_LEN sizeof(struct iphdr) @@ -85,12 +85,12 @@ struct private_socket_t{ * port used for nat-t */ int natt_port; - + /** * raw receiver socket for IPv4 */ int recv4; - + /** * raw receiver socket for IPv6 */ @@ -127,12 +127,12 @@ static status_t receiver(private_socket_t *this, packet_t **packet) packet_t *pkt; struct udphdr *udp; host_t *source = NULL, *dest = NULL; - int bytes_read = 0; - int data_offset, oldstate; + int bytes_read = 0, data_offset; + bool oldstate; fd_set rfds; FD_ZERO(&rfds); - + if (this->recv4) { FD_SET(this->recv4, &rfds); @@ -141,24 +141,24 @@ static status_t receiver(private_socket_t *this, packet_t **packet) { FD_SET(this->recv6, &rfds); } - + DBG2(DBG_NET, "waiting for data on raw sockets"); - - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + + oldstate = thread_cancelability(TRUE); if (select(max(this->recv4, this->recv6) + 1, &rfds, NULL, NULL, NULL) <= 0) { - pthread_setcancelstate(oldstate, NULL); + thread_cancelability(oldstate); return FAILED; } - pthread_setcancelstate(oldstate, NULL); - + thread_cancelability(oldstate); + if (this->recv4 && FD_ISSET(this->recv4, &rfds)) { /* IPv4 raw sockets return the IP header. We read src/dest * information directly from the raw header */ struct iphdr *ip; struct sockaddr_in src, dst; - + bytes_read = recv(this->recv4, buffer, MAX_PACKET, 0); if (bytes_read < 0) { @@ -166,7 +166,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return FAILED; } DBG3(DBG_NET, "received IPv4 packet %b", buffer, bytes_read); - + /* read source/dest from raw IP/UDP header */ if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN) { @@ -184,13 +184,13 @@ static status_t receiver(private_socket_t *this, packet_t **packet) dst.sin_port = udp->dest; source = host_create_from_sockaddr((sockaddr_t*)&src); dest = host_create_from_sockaddr((sockaddr_t*)&dst); - + pkt = packet_create(); pkt->set_source(pkt, source); pkt->set_destination(pkt, dest); DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest); data_offset = IP_LEN + UDP_LEN; - /* remove non esp marker */ + /* remove non esp marker */ if (dest->get_port(dest) == IKEV2_NATT_PORT) { data_offset += MARKER_LEN; @@ -210,7 +210,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) struct sockaddr_in6 src, dst; struct iovec iov; char ancillary[64]; - + msg.msg_name = &src; msg.msg_namelen = sizeof(src); iov.iov_base = buffer; @@ -220,7 +220,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) msg.msg_control = ancillary; msg.msg_controllen = sizeof(ancillary); msg.msg_flags = 0; - + bytes_read = recvmsg(this->recv6, &msg, 0); if (bytes_read < 0) { @@ -228,14 +228,14 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return FAILED; } DBG3(DBG_NET, "received IPv6 packet %b", buffer, bytes_read); - + if (bytes_read < IP_LEN + UDP_LEN + MARKER_LEN) { DBG3(DBG_NET, "received IPv6 packet too short (%d bytes)", bytes_read); return FAILED; } - + /* read ancillary data to get destination address */ for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL; cmsgptr = CMSG_NXTHDR(&msg, cmsgptr)) @@ -244,13 +244,13 @@ static status_t receiver(private_socket_t *this, packet_t **packet) { DBG1(DBG_NET, "error reading IPv6 ancillary data"); return FAILED; - } + } if (cmsgptr->cmsg_level == SOL_IPV6 && cmsgptr->cmsg_type == IPV6_2292PKTINFO) { struct in6_pktinfo *pktinfo; pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr); - + memset(&dst, 0, sizeof(dst)); memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr)); dst.sin6_family = AF_INET6; @@ -266,15 +266,15 @@ static status_t receiver(private_socket_t *this, packet_t **packet) DBG1(DBG_NET, "error reading IPv6 packet header"); return FAILED; } - + source = host_create_from_sockaddr((sockaddr_t*)&src); - + pkt = packet_create(); pkt->set_source(pkt, source); pkt->set_destination(pkt, dest); DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest); data_offset = UDP_LEN; - /* remove non esp marker */ + /* remove non esp marker */ if (dest->get_port(dest) == IKEV2_NATT_PORT) { data_offset += MARKER_LEN; @@ -290,7 +290,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) /* oops, shouldn't happen */ return FAILED; } - + /* return packet */ *packet = pkt; return SUCCESS; @@ -308,13 +308,13 @@ status_t sender(private_socket_t *this, packet_t *packet) struct msghdr msg; struct cmsghdr *cmsg; struct iovec iov; - + src = packet->get_source(packet); dst = packet->get_destination(packet); data = packet->get_data(packet); DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst); - + /* send data */ sport = src->get_port(src); family = dst->get_family(dst); @@ -362,7 +362,7 @@ status_t sender(private_socket_t *this, packet_t *packet) DBG1(DBG_NET, "unable to locate a send socket for port %d", sport); return FAILED; } - + memset(&msg, 0, sizeof(struct msghdr)); msg.msg_name = dst->get_sockaddr(dst);; msg.msg_namelen = *dst->get_sockaddr_len(dst); @@ -371,7 +371,7 @@ status_t sender(private_socket_t *this, packet_t *packet) msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_flags = 0; - + if (!src->is_anyaddr(src)) { if (family == AF_INET) @@ -379,7 +379,7 @@ status_t sender(private_socket_t *this, packet_t *packet) char buf[CMSG_SPACE(sizeof(struct in_pktinfo))]; struct in_pktinfo *pktinfo; struct sockaddr_in *sin; - + msg.msg_control = buf; msg.msg_controllen = sizeof(buf); cmsg = CMSG_FIRSTHDR(&msg); @@ -396,7 +396,7 @@ status_t sender(private_socket_t *this, packet_t *packet) char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; struct in6_pktinfo *pktinfo; struct sockaddr_in6 *sin; - + msg.msg_control = buf; msg.msg_controllen = sizeof(buf); cmsg = CMSG_FIRSTHDR(&msg); @@ -409,7 +409,7 @@ status_t sender(private_socket_t *this, packet_t *packet) memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr)); } } - + bytes_sent = sendmsg(skt, &msg, 0); if (bytes_sent != data.len) @@ -430,7 +430,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) struct sockaddr_storage addr; u_int sol; int skt; - + memset(&addr, 0, sizeof(addr)); /* precalculate constants depending on address family */ switch (family) @@ -456,14 +456,14 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) default: return 0; } - + skt = socket(family, SOCK_DGRAM, IPPROTO_UDP); if (skt < 0) { DBG1(DBG_NET, "could not open send socket: %s", strerror(errno)); return 0; } - + if (setsockopt(skt, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0) { DBG1(DBG_NET, "unable to set SO_REUSEADDR on send socket: %s", @@ -471,7 +471,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) close(skt); return 0; } - + /* bind the send socket */ if (bind(skt, (struct sockaddr *)&addr, sizeof(addr)) < 0) { @@ -480,7 +480,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) close(skt); return 0; } - + if (family == AF_INET) { /* enable UDP decapsulation globally, only for one socket needed */ @@ -490,7 +490,7 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) strerror(errno)); } } - + return skt; } @@ -502,7 +502,7 @@ static int open_recv_socket(private_socket_t *this, int family) int skt; int on = TRUE; u_int proto_offset, ip_len, sol, udp_header, ike_header; - + /* precalculate constants depending on address family */ switch (family) { @@ -521,7 +521,7 @@ static int open_recv_socket(private_socket_t *this, int family) } udp_header = ip_len; ike_header = ip_len + UDP_LEN; - + /* This filter code filters out all non-IKEv2 traffic on * a SOCK_RAW IP_PROTP_UDP socket. Handling of other * IKE versions is done in pluto. @@ -560,7 +560,7 @@ static int open_recv_socket(private_socket_t *this, int family) sizeof(ikev2_filter_code) / sizeof(struct sock_filter), ikev2_filter_code }; - + /* set up a raw socket */ skt = socket(family, SOCK_RAW, IPPROTO_UDP); if (skt < 0) @@ -568,7 +568,7 @@ static int open_recv_socket(private_socket_t *this, int family) DBG1(DBG_NET, "unable to create raw socket: %s", strerror(errno)); return 0; } - + if (setsockopt(skt, SOL_SOCKET, SO_ATTACH_FILTER, &ikev2_filter, sizeof(ikev2_filter)) < 0) { @@ -577,7 +577,7 @@ static int open_recv_socket(private_socket_t *this, int family) close(skt); return 0; } - + if (family == AF_INET6 && /* we use IPV6_2292PKTINFO, as IPV6_PKTINFO is defined as * 2 or 50 depending on kernel header version */ @@ -588,7 +588,7 @@ static int open_recv_socket(private_socket_t *this, int family) close(skt); return 0; } - + return skt; } @@ -621,7 +621,7 @@ static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port { offsetof(private_socket_t, send4_natt), AF_INET, IKEV2_NATT_PORT }, { offsetof(private_socket_t, send6_natt), AF_INET6, IKEV2_NATT_PORT } }; - + while(++this->index < countof(sockets)) { int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset); @@ -643,7 +643,7 @@ static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port static enumerator_t *create_enumerator(private_socket_t *this) { socket_enumerator_t *enumerator; - + enumerator = malloc_thing(socket_enumerator_t); enumerator->index = -1; enumerator->socket = this; @@ -690,20 +690,20 @@ static void destroy(private_socket_t *this) socket_t *socket_create() { private_socket_t *this = malloc_thing(private_socket_t); - + /* public functions */ this->public.send = (status_t(*)(socket_t*, packet_t*))sender; this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver; this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator; this->public.destroy = (void(*)(socket_t*)) destroy; - + this->recv4 = 0; this->recv6 = 0; this->send4 = 0; this->send6 = 0; this->send4_natt = 0; this->send6_natt = 0; - + this->recv4 = open_recv_socket(this, AF_INET); if (this->recv4 == 0) { @@ -726,7 +726,7 @@ socket_t *socket_create() } } } - + this->recv6 = open_recv_socket(this, AF_INET6); if (this->recv6 == 0) { @@ -749,13 +749,13 @@ socket_t *socket_create() } } } - + if (!(this->send4 || this->send6) || !(this->recv4 || this->recv6)) { DBG1(DBG_NET, "could not create any sockets"); destroy(this); charon->kill(charon, "socket initialization failed"); } - + return (socket_t*)this; } diff --git a/src/charon/network/socket.c b/src/charon/network/socket.c index 97c88be79..81f860b15 100644 --- a/src/charon/network/socket.c +++ b/src/charon/network/socket.c @@ -23,7 +23,6 @@ #define __EXTENSIONS__ #endif -#include #include #include #include @@ -35,7 +34,6 @@ #include #include #include -#include #include #include #ifdef __APPLE__ @@ -45,6 +43,7 @@ #include "socket.h" #include +#include /* length of non-esp marker */ #define MARKER_LEN sizeof(u_int32_t) @@ -72,9 +71,16 @@ /* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that * previously defined IPV6_PKTINFO */ #ifndef IPV6_RECVPKTINFO -#define IPV6_RECVPKTINFO IPV6_PKTINFO; +#define IPV6_RECVPKTINFO IPV6_PKTINFO #endif +#ifndef IN6ADDR_ANY_INIT +#define IN6ADDR_ANY_INIT {{{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}} +#endif + +#ifndef HAVE_IN6ADDR_ANY +static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; +#endif typedef struct private_socket_t private_socket_t; @@ -86,22 +92,22 @@ struct private_socket_t { * public functions */ socket_t public; - + /** * IPv4 socket (500) */ int ipv4; - + /** * IPv4 socket for NATT (4500) */ int ipv4_natt; - + /** * IPv6 socket (500) */ int ipv6; - + /** * IPv6 socket for NATT (4500) */ @@ -117,14 +123,15 @@ static status_t receiver(private_socket_t *this, packet_t **packet) chunk_t data; packet_t *pkt; host_t *source = NULL, *dest = NULL; - int bytes_read = 0; - int data_offset, oldstate; + int bytes_read = 0, data_offset; + bool oldstate; + fd_set rfds; int max_fd = 0, selected = 0; u_int16_t port = 0; - + FD_ZERO(&rfds); - + if (this->ipv4) { FD_SET(this->ipv4, &rfds); @@ -142,16 +149,16 @@ static status_t receiver(private_socket_t *this, packet_t **packet) FD_SET(this->ipv6_natt, &rfds); } max_fd = max(max(this->ipv4, this->ipv4_natt), max(this->ipv6, this->ipv6_natt)); - + DBG2(DBG_NET, "waiting for data on sockets"); - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + oldstate = thread_cancelability(TRUE); if (select(max_fd + 1, &rfds, NULL, NULL, NULL) <= 0) { - pthread_setcancelstate(oldstate, NULL); + thread_cancelability(oldstate); return FAILED; } - pthread_setcancelstate(oldstate, NULL); - + thread_cancelability(oldstate); + if (FD_ISSET(this->ipv4, &rfds)) { port = IKEV2_UDP_PORT; @@ -182,7 +189,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) struct sockaddr_in in4; struct sockaddr_in6 in6; } src; - + msg.msg_name = &src; msg.msg_namelen = sizeof(src); iov.iov_base = buffer; @@ -199,14 +206,14 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return FAILED; } DBG3(DBG_NET, "received packet %b", buffer, bytes_read); - + if (bytes_read < MARKER_LEN) { DBG3(DBG_NET, "received packet too short (%d bytes)", bytes_read); return FAILED; } - + /* read ancillary data to get destination address */ for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL; cmsgptr = CMSG_NXTHDR(&msg, cmsgptr)) @@ -216,20 +223,22 @@ static status_t receiver(private_socket_t *this, packet_t **packet) DBG1(DBG_NET, "error reading ancillary data"); return FAILED; } - + +#ifdef HAVE_IN6_PKTINFO if (cmsgptr->cmsg_level == SOL_IPV6 && cmsgptr->cmsg_type == IPV6_PKTINFO) { struct in6_pktinfo *pktinfo; pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr); struct sockaddr_in6 dst; - + memset(&dst, 0, sizeof(dst)); memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr)); dst.sin6_family = AF_INET6; dst.sin6_port = htons(port); dest = host_create_from_sockaddr((sockaddr_t*)&dst); } +#endif /* HAVE_IN6_PKTINFO */ if (cmsgptr->cmsg_level == SOL_IP && #ifdef IP_PKTINFO cmsgptr->cmsg_type == IP_PKTINFO @@ -252,7 +261,7 @@ static status_t receiver(private_socket_t *this, packet_t **packet) #endif memset(&dst, 0, sizeof(dst)); memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr)); - + dst.sin_family = AF_INET; dst.sin_port = htons(port); dest = host_create_from_sockaddr((sockaddr_t*)&dst); @@ -268,13 +277,13 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return FAILED; } source = host_create_from_sockaddr((sockaddr_t*)&src); - + pkt = packet_create(); pkt->set_source(pkt, source); pkt->set_destination(pkt, dest); DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest); data_offset = 0; - /* remove non esp marker */ + /* remove non esp marker */ if (dest->get_port(dest) == IKEV2_NATT_PORT) { data_offset += MARKER_LEN; @@ -307,13 +316,13 @@ status_t sender(private_socket_t *this, packet_t *packet) struct msghdr msg; struct cmsghdr *cmsg; struct iovec iov; - + src = packet->get_source(packet); dst = packet->get_destination(packet); data = packet->get_data(packet); DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst); - + /* send data */ sport = src->get_port(src); family = dst->get_family(dst); @@ -361,7 +370,7 @@ status_t sender(private_socket_t *this, packet_t *packet) DBG1(DBG_NET, "unable to locate a send socket for port %d", sport); return FAILED; } - + memset(&msg, 0, sizeof(struct msghdr)); msg.msg_name = dst->get_sockaddr(dst);; msg.msg_namelen = *dst->get_sockaddr_len(dst); @@ -370,7 +379,7 @@ status_t sender(private_socket_t *this, packet_t *packet) msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_flags = 0; - + if (!src->is_anyaddr(src)) { if (family == AF_INET) @@ -403,12 +412,13 @@ status_t sender(private_socket_t *this, packet_t *packet) memcpy(addr, &sin->sin_addr, sizeof(struct in_addr)); #endif /* IP_PKTINFO || IP_SENDSRCADDR */ } +#ifdef HAVE_IN6_PKTINFO else { char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; struct in6_pktinfo *pktinfo; struct sockaddr_in6 *sin; - + msg.msg_control = buf; msg.msg_controllen = sizeof(buf); cmsg = CMSG_FIRSTHDR(&msg); @@ -420,8 +430,9 @@ status_t sender(private_socket_t *this, packet_t *packet) sin = (struct sockaddr_in6*)src->get_sockaddr(src); memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr)); } +#endif /* HAVE_IN6_PKTINFO */ } - + bytes_sent = sendmsg(skt, &msg, 0); if (bytes_sent != data.len) @@ -442,7 +453,7 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port) socklen_t addrlen; u_int sol, pktinfo = 0; int skt; - + memset(&addr, 0, sizeof(addr)); /* precalculate constants depending on address family */ switch (family) @@ -476,7 +487,7 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port) default: return 0; } - + skt = socket(family, SOCK_DGRAM, IPPROTO_UDP); if (skt < 0) { @@ -489,7 +500,7 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port) close(skt); return 0; } - + /* bind the socket */ if (bind(skt, (struct sockaddr *)&addr, addrlen) < 0) { @@ -497,7 +508,7 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port) close(skt); return 0; } - + /* get additional packet info on receive */ if (pktinfo > 0) { @@ -550,7 +561,7 @@ static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port { offsetof(private_socket_t, ipv4_natt), AF_INET, IKEV2_NATT_PORT }, { offsetof(private_socket_t, ipv6_natt), AF_INET6, IKEV2_NATT_PORT } }; - + while(++this->index < countof(sockets)) { int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset); @@ -572,7 +583,7 @@ static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port static enumerator_t *create_enumerator(private_socket_t *this) { socket_enumerator_t *enumerator; - + enumerator = malloc_thing(socket_enumerator_t); enumerator->index = -1; enumerator->socket = this; @@ -617,7 +628,7 @@ socket_t *socket_create() this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver; this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator; this->public.destroy = (void(*)(socket_t*)) destroy; - + this->ipv4 = 0; this->ipv6 = 0; this->ipv4_natt = 0; @@ -634,7 +645,7 @@ socket_t *socket_create() } } #endif - + this->ipv4 = open_socket(this, AF_INET, IKEV2_UDP_PORT); if (this->ipv4 == 0) { @@ -648,7 +659,7 @@ socket_t *socket_create() DBG1(DBG_NET, "could not open IPv4 NAT-T socket"); } } - + this->ipv6 = open_socket(this, AF_INET6, IKEV2_UDP_PORT); if (this->ipv6 == 0) { @@ -662,13 +673,13 @@ socket_t *socket_create() DBG1(DBG_NET, "could not open IPv6 NAT-T socket"); } } - + if (!this->ipv4 && !this->ipv6) { DBG1(DBG_NET, "could not create any sockets"); destroy(this); charon->kill(charon, "socket initialization failed"); - } + } return (socket_t*)this; } diff --git a/src/charon/network/socket.h b/src/charon/network/socket.h index 81f2ec5fe..83bb9d4c9 100644 --- a/src/charon/network/socket.h +++ b/src/charon/network/socket.h @@ -44,48 +44,48 @@ typedef struct socket_t socket_t; * All available sockets are bound and the receive function * reads from them. There are actually two implementations: * The first uses raw sockets to allow binding of other daemons (pluto) to - * UDP/500. An installed "Linux socket filter" filters out all non-IKEv2 - * traffic and handles just IKEv2 messages. An other daemon (pluto) must - * handle all traffic separately, e.g. ignore IKEv2 traffic, since charon + * UDP/500. An installed "Linux socket filter" filters out all non-IKEv2 + * traffic and handles just IKEv2 messages. An other daemon (pluto) must + * handle all traffic separately, e.g. ignore IKEv2 traffic, since charon * handles that. * The other implementation uses normal sockets and is built if * --disable-pluto is given to the configure script. */ struct socket_t { - + /** * Receive a packet. - * + * * Reads a packet from the socket and sets source/dest * appropriately. - * + * * @param packet pinter gets address from allocated packet_t - * @return + * @return * - SUCCESS when packet successfully received * - FAILED when unable to receive */ status_t (*receive) (socket_t *this, packet_t **packet); - + /** * Send a packet. - * + * * Sends a packet to the net using source and destination addresses of * the packet. - * + * * @param packet packet_t to send - * @return + * @return * - SUCCESS when packet successfully sent * - FAILED when unable to send */ status_t (*send) (socket_t *this, packet_t *packet); - + /** * Enumerate all underlying socket file descriptors. - * + * * @return enumerator over (int fd, int family, int port) */ enumerator_t *(*create_enumerator) (socket_t *this); - + /** * Destroy socket. */ diff --git a/src/charon/plugins/attr/Makefile.in b/src/charon/plugins/attr/Makefile.in index 5c94771e1..689bb3244 100644 --- a/src/charon/plugins/attr/Makefile.in +++ b/src/charon/plugins/attr/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/attr DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_attr_la_LIBADD = am_libstrongswan_attr_la_OBJECTS = attr_plugin.lo attr_provider.lo @@ -58,6 +82,7 @@ libstrongswan_attr_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon @@ -242,9 +271,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/attr/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/attr/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/attr/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/attr/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -262,23 +291,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -303,21 +337,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -340,7 +374,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -348,29 +382,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -391,13 +430,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -428,6 +471,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -449,6 +493,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -457,18 +503,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -507,6 +563,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/attr/attr_plugin.c b/src/charon/plugins/attr/attr_plugin.c index 9d5532310..6dfb10271 100644 --- a/src/charon/plugins/attr/attr_plugin.c +++ b/src/charon/plugins/attr/attr_plugin.c @@ -24,12 +24,12 @@ typedef struct private_attr_plugin_t private_attr_plugin_t; * private data of attr plugin */ struct private_attr_plugin_t { - + /** * implements plugin interface */ attr_plugin_t public; - + /** * CFG attributes provider */ @@ -41,7 +41,7 @@ struct private_attr_plugin_t { */ static void destroy(private_attr_plugin_t *this) { - charon->attributes->remove_provider(charon->attributes, &this->provider->provider); + lib->attributes->remove_provider(lib->attributes, &this->provider->provider); this->provider->destroy(this->provider); free(this); } @@ -52,12 +52,12 @@ static void destroy(private_attr_plugin_t *this) plugin_t *plugin_create() { private_attr_plugin_t *this = malloc_thing(private_attr_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->provider = attr_provider_create(); - charon->attributes->add_provider(charon->attributes, &this->provider->provider); - + lib->attributes->add_provider(lib->attributes, &this->provider->provider); + return &this->public.plugin; } diff --git a/src/charon/plugins/attr/attr_plugin.h b/src/charon/plugins/attr/attr_plugin.h index 9cbbd8bf5..9f31b60e1 100644 --- a/src/charon/plugins/attr/attr_plugin.h +++ b/src/charon/plugins/attr/attr_plugin.h @@ -32,7 +32,7 @@ typedef struct attr_plugin_t attr_plugin_t; * Plugin providing configuration attribute through strongswan.conf. */ struct attr_plugin_t { - + /** * implements plugin interface */ diff --git a/src/charon/plugins/attr/attr_provider.c b/src/charon/plugins/attr/attr_provider.c index 02fa11327..548896f56 100644 --- a/src/charon/plugins/attr/attr_provider.c +++ b/src/charon/plugins/attr/attr_provider.c @@ -28,12 +28,12 @@ typedef struct attribute_entry_t attribute_entry_t; * private data of attr_provider */ struct private_attr_provider_t { - + /** * public functions */ attr_provider_t public; - + /** * List of attributes, attribute_entry_t */ @@ -61,12 +61,16 @@ static bool attr_enum_filter(void *null, attribute_entry_t **in, /** * Implementation of attribute_provider_t.create_attribute_enumerator */ -static enumerator_t* create_attribute_enumerator( - private_attr_provider_t *this, identification_t *id) +static enumerator_t* create_attribute_enumerator(private_attr_provider_t *this, + identification_t *id, host_t *vip) { - return enumerator_create_filter( + if (vip) + { + return enumerator_create_filter( this->attributes->create_enumerator(this->attributes), (void*)attr_enum_filter, NULL, NULL); + } + return enumerator_create_empty(); } /** @@ -75,7 +79,7 @@ static enumerator_t* create_attribute_enumerator( static void destroy(private_attr_provider_t *this) { attribute_entry_t *entry; - + while (this->attributes->remove_last(this->attributes, (void**)&entry) == SUCCESS) { @@ -89,13 +93,13 @@ static void destroy(private_attr_provider_t *this) /** * Add an attribute entry to the list */ -static void add_entry(private_attr_provider_t *this, char *key, int nr, - configuration_attribute_type_t type) +static void add_legacy_entry(private_attr_provider_t *this, char *key, int nr, + configuration_attribute_type_t type) { attribute_entry_t *entry; host_t *host; char *str; - + str = lib->settings->get_str(lib->settings, "charon.%s%d", NULL, key, nr); if (str) { @@ -103,7 +107,7 @@ static void add_entry(private_attr_provider_t *this, char *key, int nr, if (host) { entry = malloc_thing(attribute_entry_t); - + if (host->get_family(host) == AF_INET6) { switch (type) @@ -126,6 +130,82 @@ static void add_entry(private_attr_provider_t *this, char *key, int nr, } } +/** + * Key to attribute type mappings, for v4 and v6 attributes + */ +static struct { + char *name; + configuration_attribute_type_t v4; + configuration_attribute_type_t v6; +} keys[] = { + {"address", INTERNAL_IP4_ADDRESS, INTERNAL_IP6_ADDRESS}, + {"dns", INTERNAL_IP4_DNS, INTERNAL_IP6_DNS}, + {"nbns", INTERNAL_IP4_NBNS, INTERNAL_IP6_NBNS}, + {"dhcp", INTERNAL_IP4_DHCP, INTERNAL_IP6_DHCP}, + {"netmask", INTERNAL_IP4_NETMASK, INTERNAL_IP6_NETMASK}, + {"server", INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER}, +}; + +/** + * Load (numerical) entries from the plugins.attr namespace + */ +static void load_entries(private_attr_provider_t *this) +{ + enumerator_t *enumerator, *tokens; + char *key, *value, *token; + + enumerator = lib->settings->create_key_value_enumerator(lib->settings, + "charon.plugins.attr"); + while (enumerator->enumerate(enumerator, &key, &value)) + { + configuration_attribute_type_t type; + attribute_entry_t *entry; + host_t *host; + int i; + + type = atoi(key); + tokens = enumerator_create_token(value, ",", " "); + while (tokens->enumerate(tokens, &token)) + { + host = host_create_from_string(token, 0); + if (!host) + { + DBG1(DBG_CFG, "invalid host in key %s: %s", key, token); + continue; + } + if (!type) + { + for (i = 0; i < countof(keys); i++) + { + if (streq(key, keys[i].name)) + { + if (host->get_family(host) == AF_INET) + { + type = keys[i].v4; + } + else + { + type = keys[i].v6; + } + } + } + if (!type) + { + DBG1(DBG_CFG, "mapping attribute type %s failed", key); + break; + } + } + entry = malloc_thing(attribute_entry_t); + entry->type = type; + entry->value = chunk_clone(host->get_address(host)); + host->destroy(host); + this->attributes->insert_last(this->attributes, entry); + } + tokens->destroy(tokens); + } + enumerator->destroy(enumerator); +} + /* * see header file */ @@ -133,22 +213,24 @@ attr_provider_t *attr_provider_create(database_t *db) { private_attr_provider_t *this; int i; - + this = malloc_thing(private_attr_provider_t); - + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))return_null; this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))return_false; - this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))create_attribute_enumerator; + this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id, host_t *vip))create_attribute_enumerator; this->public.destroy = (void(*)(attr_provider_t*))destroy; - + this->attributes = linked_list_create(); - + for (i = 1; i <= SERVER_MAX; i++) { - add_entry(this, "dns", i, INTERNAL_IP4_DNS); - add_entry(this, "nbns", i, INTERNAL_IP4_NBNS); + add_legacy_entry(this, "dns", i, INTERNAL_IP4_DNS); + add_legacy_entry(this, "nbns", i, INTERNAL_IP4_NBNS); } - + + load_entries(this); + return &this->public; } diff --git a/src/charon/plugins/attr/attr_provider.h b/src/charon/plugins/attr/attr_provider.h index 03cbadb4e..a41466718 100644 --- a/src/charon/plugins/attr/attr_provider.h +++ b/src/charon/plugins/attr/attr_provider.h @@ -21,7 +21,7 @@ #ifndef ATTR_PROVIDER_H_ #define ATTR_PROVIDER_H_ -#include +#include typedef struct attr_provider_t attr_provider_t; @@ -29,12 +29,12 @@ typedef struct attr_provider_t attr_provider_t; * Provide configuration attributes through static strongswan.conf definition. */ struct attr_provider_t { - + /** * Implements attribute provider interface */ attribute_provider_t provider; - + /** * Destroy a attr_provider instance. */ diff --git a/src/charon/plugins/eap_aka/Makefile.am b/src/charon/plugins/eap_aka/Makefile.am index 1a3ea1857..e007f5f00 100644 --- a/src/charon/plugins/eap_aka/Makefile.am +++ b/src/charon/plugins/eap_aka/Makefile.am @@ -1,11 +1,14 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \ + -I$(top_srcdir)/src/libsimaka AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapaka.la +plugin_LTLIBRARIES = libstrongswan-eap-aka.la -libstrongswan_eapaka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c eap_aka.h eap_aka.c -libstrongswan_eapaka_la_LDFLAGS = -module -avoid-version -libstrongswan_eapaka_la_LIBADD = -lgmp +libstrongswan_eap_aka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c \ + eap_aka_peer.h eap_aka_peer.c \ + eap_aka_server.h eap_aka_server.c +libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_aka/Makefile.in b/src/charon/plugins/eap_aka/Makefile.in index 2d2405379..d241e1ad0 100644 --- a/src/charon/plugins/eap_aka/Makefile.in +++ b/src/charon/plugins/eap_aka/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,30 +37,55 @@ host_triplet = @host@ subdir = src/charon/plugins/eap_aka DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eapaka_la_DEPENDENCIES = -am_libstrongswan_eapaka_la_OBJECTS = eap_aka_plugin.lo eap_aka.lo -libstrongswan_eapaka_la_OBJECTS = \ - $(am_libstrongswan_eapaka_la_OBJECTS) -libstrongswan_eapaka_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +libstrongswan_eap_aka_la_DEPENDENCIES = \ + $(top_builddir)/src/libsimaka/libsimaka.la +am_libstrongswan_eap_aka_la_OBJECTS = eap_aka_plugin.lo \ + eap_aka_peer.lo eap_aka_server.lo +libstrongswan_eap_aka_la_OBJECTS = \ + $(am_libstrongswan_eap_aka_la_OBJECTS) +libstrongswan_eap_aka_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libstrongswan_eapaka_la_LDFLAGS) $(LDFLAGS) -o $@ + $(libstrongswan_eap_aka_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -68,8 +95,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_eapaka_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eapaka_la_SOURCES) +SOURCES = $(libstrongswan_eap_aka_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_aka_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -106,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,14 +251,20 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \ + -I$(top_srcdir)/src/libsimaka + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapaka.la -libstrongswan_eapaka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c eap_aka.h eap_aka.c -libstrongswan_eapaka_la_LDFLAGS = -module -avoid-version -libstrongswan_eapaka_la_LIBADD = -lgmp +plugin_LTLIBRARIES = libstrongswan-eap-aka.la +libstrongswan_eap_aka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c \ + eap_aka_peer.h eap_aka_peer.c \ + eap_aka_server.h eap_aka_server.c + +libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: @@ -242,9 +278,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -262,23 +298,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -289,8 +330,8 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-eapaka.la: $(libstrongswan_eapaka_la_OBJECTS) $(libstrongswan_eapaka_la_DEPENDENCIES) - $(libstrongswan_eapaka_la_LINK) -rpath $(plugindir) $(libstrongswan_eapaka_la_OBJECTS) $(libstrongswan_eapaka_la_LIBADD) $(LIBS) +libstrongswan-eap-aka.la: $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_DEPENDENCIES) + $(libstrongswan_eap_aka_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -298,26 +339,27 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_peer.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_server.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -340,7 +382,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -348,29 +390,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -391,13 +438,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -428,6 +479,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -449,6 +501,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -457,18 +511,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -507,6 +571,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/eap_aka/eap_aka.c b/src/charon/plugins/eap_aka/eap_aka.c deleted file mode 100644 index 82ee6c3f0..000000000 --- a/src/charon/plugins/eap_aka/eap_aka.c +++ /dev/null @@ -1,1553 +0,0 @@ -/* - * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - - -/* The EAP-AKA method uses it's own simple parser for processing EAP-AKA - * payloads, as the IKEv2 parser is not suitable for that job. There are - * two simple methods for parsing payloads, read_header() and read_attribute(). - * Every EAP-AKA payload consists of a header and a list of attributes. Those - * functions mentioned read the data and return the type of the found - * attribute/EAP-AKA-type. For generating a EAP-AKA message, we have a - * build_aka_payload(), which builds the whole message from a variable - * argument list containing its attributes. - * The processing of messages is split up in various functions: - * - peer_process() - General processing multiplexer for the peer - * - peer_process_challenge() - Specific AKA-Challenge processor - * - peer_process_notification() - Processing of AKA-Notification - * - server_process() - General processing multiplexer for the server - * - peer_process_challenge() - Processing of a received Challenge response - * - peer_process_synchronize() - Process a sequence number synchronization - * - server_initiate() - Initiation method for the server, calls - * - server_initiate_challenge() - Initiation of AKA-Challenge - */ - -#include -#include -#include -#include -#include -#include - -#include "eap_aka.h" - -#include -#include -#include - -/* Use test vectors specified in S.S0055 -#define TEST_VECTORS */ - -#define RAND_LENGTH 16 -#define RES_LENGTH 16 -#define SQN_LENGTH 6 -#define K_LENGTH 16 -#define MAC_LENGTH 8 -#define CK_LENGTH 16 -#define IK_LENGTH 16 -#define AK_LENGTH 6 -#define AMF_LENGTH 2 -#define FMK_LENGTH 4 -#define AUTN_LENGTH (SQN_LENGTH + AMF_LENGTH + MAC_LENGTH) -#define AUTS_LENGTH (SQN_LENGTH + MAC_LENGTH) -#define PAYLOAD_LENGTH 64 -#define MK_LENGTH 20 -#define MSK_LENGTH 64 -#define EMSK_LENGTH 64 -#define KAUTH_LENGTH 16 -#define KENCR_LENGTH 16 -#define AT_MAC_LENGTH 16 - -#define F1 0x42 -#define F1STAR 0x43 -#define F2 0x44 -#define F3 0x45 -#define F4 0x46 -#define F5 0x47 -#define F5STAR 0x48 - -typedef enum aka_subtype_t aka_subtype_t; -typedef enum aka_attribute_t aka_attribute_t; - -/** - * Subtypes of AKA messages - */ -enum aka_subtype_t { - AKA_CHALLENGE = 1, - AKA_AUTHENTICATION_REJECT = 2, - AKA_SYNCHRONIZATION_FAILURE = 4, - AKA_IDENTITY = 5, - AKA_NOTIFICATION = 12, - AKA_REAUTHENTICATION = 13, - AKA_CLIENT_ERROR = 14, -}; - -/** - * Attribute types in AKA messages - */ -enum aka_attribute_t { - /** defines the end of attribute list */ - AT_END = -1, - AT_RAND = 1, - AT_AUTN = 2, - AT_RES = 3, - AT_AUTS = 4, - AT_PADDING = 6, - AT_NONCE_MT = 7, - AT_PERMANENT_ID_REQ = 10, - AT_MAC = 11, - AT_NOTIFICATION = 12, - AT_ANY_ID_REQ = 13, - AT_IDENTITY = 14, - AT_VERSION_LIST = 15, - AT_SELECTED_VERSION = 16, - AT_FULLAUTH_ID_REQ = 17, - AT_COUNTER = 19, - AT_COUNTER_TOO_SMALL = 20, - AT_NONCE_S = 21, - AT_CLIENT_ERROR_CODE = 22, - AT_IV = 129, - AT_ENCR_DATA = 130, - AT_NEXT_PSEUDONYM = 132, - AT_NEXT_REAUTH_ID = 133, - AT_CHECKCODE = 134, - AT_RESULT_IND = 135, -}; - -ENUM_BEGIN(aka_subtype_names, AKA_CHALLENGE, AKA_IDENTITY, - "AKA_CHALLENGE", - "AKA_AUTHENTICATION_REJECT", - "AKA_3", - "AKA_SYNCHRONIZATION_FAILURE", - "AKA_IDENTITY"); -ENUM_NEXT(aka_subtype_names, AKA_NOTIFICATION, AKA_CLIENT_ERROR, AKA_IDENTITY, - "AKA_NOTIFICATION", - "AKA_REAUTHENTICATION", - "AKA_CLIENT_ERROR"); -ENUM_END(aka_subtype_names, AKA_CLIENT_ERROR); - - -ENUM_BEGIN(aka_attribute_names, AT_END, AT_CLIENT_ERROR_CODE, - "AT_END", - "AT_0", - "AT_RAND", - "AT_AUTN", - "AT_RES", - "AT_AUTS", - "AT_5", - "AT_PADDING", - "AT_NONCE_MT", - "AT_8", - "AT_9", - "AT_PERMANENT_ID_REQ", - "AT_MAC", - "AT_NOTIFICATION", - "AT_ANY_ID_REQ", - "AT_IDENTITY", - "AT_VERSION_LIST", - "AT_SELECTED_VERSION", - "AT_FULLAUTH_ID_REQ", - "AT_18", - "AT_COUNTER", - "AT_COUNTER_TOO_SMALL", - "AT_NONCE_S", - "AT_CLIENT_ERROR_CODE"); -ENUM_NEXT(aka_attribute_names, AT_IV, AT_RESULT_IND, AT_CLIENT_ERROR_CODE, - "AT_IV", - "AT_ENCR_DATA", - "AT_131", - "AT_NEXT_PSEUDONYM", - "AT_NEXT_REAUTH_ID", - "AT_CHECKCODE", - "AT_RESULT_IND"); -ENUM_END(aka_attribute_names, AT_RESULT_IND); - - -typedef struct private_eap_aka_t private_eap_aka_t; - -/** - * Private data of an eap_aka_t object. - */ -struct private_eap_aka_t { - - /** - * Public authenticator_t interface. - */ - eap_aka_t public; - - /** - * ID of the server - */ - identification_t *server; - - /** - * ID of the peer - */ - identification_t *peer; - - /** - * SHA11 hasher - */ - hasher_t *sha1; - - /** - * MAC function used in EAP-AKA - */ - signer_t *signer; - - /** - * pseudo random function used in EAP-aka - */ - prf_t *prf; - - /** - * Special keyed SHA1 hasher used in EAP-AKA, implemented as PRF - */ - prf_t *keyed_prf; - - /** - * Key for EAP MAC - */ - chunk_t k_auth; - - /** - * Key for EAP encryption - */ - chunk_t k_encr; - - /** - * MSK - */ - chunk_t msk; - - /** - * Extendend MSK - */ - chunk_t emsk; - - /** - * Expected result from client XRES - */ - chunk_t xres; - - /** - * Shared secret K from ipsec.conf (padded) - */ - chunk_t k; - - /** - * random value RAND generated by server - */ - chunk_t rand; -}; - -/** Family key, as proposed in S.S0055 */ -static u_int8_t fmk_buf[] = {0x41, 0x48, 0x41, 0x47}; -static chunk_t fmk = chunk_from_buf(fmk_buf); - -/** Authentication management field */ -static u_int8_t amf_buf[] = {0x00, 0x01}; -static chunk_t amf = chunk_from_buf(amf_buf); - -/** AT_CLIENT_ERROR_CODE AKA attribute */ -static u_int8_t client_error_code_buf[] = {0, 0}; -static chunk_t client_error_code = chunk_from_buf(client_error_code_buf); - -/** previously used sqn by peer, next one must be greater */ -static u_int8_t peer_sqn_buf[6]; -static chunk_t peer_sqn = chunk_from_buf(peer_sqn_buf); - -/** set SQN to the current time */ -static void update_sqn(u_int8_t *sqn, time_t offset) -{ - timeval_t time; - gettimeofday(&time, NULL); - /* set sqb_sqn to an integer containing seconds followed by most - * significant useconds */ - time.tv_sec = htonl(time.tv_sec + offset); - /* usec's are never larger than 0x000f423f, so we shift the 12 first bits */ - time.tv_usec <<= 12; - time.tv_usec = htonl(time.tv_usec); - memcpy(sqn, &time.tv_sec, 4); - memcpy(sqn + 4, &time.tv_usec, 2); -} - -/** initialize peers SQN to the current system time at startup */ -static void __attribute__ ((constructor))init_sqn(void) -{ - update_sqn(peer_sqn_buf, 0); -} - -/** - * Binary represnation of the polynom T^160 + T^5 + T^3 + T^2 + 1 - */ -static u_int8_t g[] = { - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x2d -}; - -/** - * Predefined random bits from the RAND Corporation book - */ -static u_int8_t a[] = { - 0x9d, 0xe9, 0xc9, 0xc8, 0xef, 0xd5, 0x78, 0x11, - 0x48, 0x23, 0x14, 0x01, 0x90, 0x1f, 0x2d, 0x49, - 0x3f, 0x4c, 0x63, 0x65 -}; - -/** - * Predefined random bits from the RAND Corporation book - */ -static u_int8_t b[] = { - 0x75, 0xef, 0xd1, 0x5c, 0x4b, 0x8f, 0x8f, 0x51, - 0x4e, 0xf3, 0xbc, 0xc3, 0x79, 0x4a, 0x76, 0x5e, - 0x7e, 0xec, 0x45, 0xe0 -}; - -/** - * Multiplicate two mpz_t with bits interpreted as polynoms. - */ -static void mpz_mul_poly(mpz_t r, mpz_t a, mpz_t b) -{ - mpz_t bm, rm; - int current = 0, shifted = 0, shift; - - mpz_init_set(bm, b); - mpz_init_set_ui(rm, 0); - /* scan through a, for each found bit: */ - while ((current = mpz_scan1(a, current)) != ULONG_MAX) - { - /* XOR shifted b into r */ - shift = current - shifted; - mpz_mul_2exp(bm, bm, shift); - shifted += shift; - mpz_xor(rm, rm, bm); - current++; - } - - mpz_swap(r, rm); - mpz_clear(rm); - mpz_clear(bm); -} - -/** - * Calculate the sum of a + b interpreted as polynoms. - */ -static void mpz_add_poly(mpz_t res, mpz_t a, mpz_t b) -{ - /* addition of polynominals is just the XOR */ - mpz_xor(res, a, b); -} - -/** - * Calculate the remainder of a/b interpreted as polynoms. - */ -static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b) -{ - /* Example: - * a = 10001010 - * b = 00000101 - */ - int a_bit, b_bit, diff; - mpz_t bm, am; - - mpz_init_set(am, a); - mpz_init(bm); - - a_bit = mpz_sizeinbase(a, 2); - b_bit = mpz_sizeinbase(b, 2); - - /* don't do anything if b > a */ - if (a_bit >= b_bit) - { - /* shift b left to align up most signaficant "1" to a: - * a = 10001010 - * b = 10100000 - */ - mpz_mul_2exp(bm, b, a_bit - b_bit); - do - { - /* XOR b into a, this kills the most significant "1": - * a = 00101010 - */ - mpz_xor(am, am, bm); - /* find the next most significant "1" in a, and align up b: - * a = 00101010 - * b = 00101000 - */ - diff = a_bit - mpz_sizeinbase(am, 2); - mpz_div_2exp(bm, bm, diff); - a_bit -= diff; - } - while (b_bit <= mpz_sizeinbase(bm, 2)); - /* While b is not shifted to its original value */ - } - /* after another iteration: - * a = 00000010 - * which is the polynomial modulo - */ - - mpz_swap(r, am); - mpz_clear(am); - mpz_clear(bm); -} - -/** - * Step 4 of the various fx() functions: - * Polynomial whiten calculations - */ -static void step4(private_eap_aka_t *this, u_int8_t x[]) -{ - mpz_t xm, am, bm, gm; - - mpz_init(xm); - mpz_init(am); - mpz_init(bm); - mpz_init(gm); - - mpz_import(xm, HASH_SIZE_SHA1, 1, 1, 1, 0, x); - mpz_import(am, sizeof(a), 1, 1, 1, 0, a); - mpz_import(bm, sizeof(b), 1, 1, 1, 0, b); - mpz_import(gm, sizeof(g), 1, 1, 1, 0, g); - - mpz_mul_poly(xm, am, xm); - mpz_add_poly(xm, bm, xm); - mpz_mod_poly(xm, xm, gm); - - mpz_export(x, NULL, 1, HASH_SIZE_SHA1, 1, 0, xm); - - mpz_clear(xm); - mpz_clear(am); - mpz_clear(bm); - mpz_clear(gm); -} - -/** - * Step 3 of the various fx() functions: - * XOR the key into the SHA1 IV - */ -static void step3(private_eap_aka_t *this, - chunk_t k, chunk_t payload, u_int8_t h[]) -{ - u_int8_t buf[64]; - - if (payload.len < sizeof(buf)) - { - /* pad c with zeros */ - memset(buf, 0, sizeof(buf)); - memcpy(buf, payload.ptr, payload.len); - payload.ptr = buf; - payload.len = sizeof(buf); - } - else - { - /* not more than 512 bits can be G()-ed */ - payload.len = sizeof(buf); - } - - /* use the keyed hasher to build the hash */ - this->keyed_prf->set_key(this->keyed_prf, k); - this->keyed_prf->get_bytes(this->keyed_prf, payload, h); -} - -/** - * Calculation function for f2(), f3(), f4() - */ -static void fx(private_eap_aka_t *this, - u_int8_t f, chunk_t k, chunk_t rand, u_int8_t out[]) -{ - chunk_t payload = chunk_alloca(PAYLOAD_LENGTH); - u_int8_t h[HASH_SIZE_SHA1]; - u_int8_t i; - - for (i = 0; i < 2; i++) - { - memset(payload.ptr, 0x5c, payload.len); - payload.ptr[11] ^= f; - memxor(payload.ptr + 12, fmk.ptr, fmk.len); - memxor(payload.ptr + 24, rand.ptr, rand.len); - - payload.ptr[3] ^= i; - payload.ptr[19] ^= i; - payload.ptr[35] ^= i; - payload.ptr[51] ^= i; - - step3(this, k, payload, h); - step4(this, h); - memcpy(out + i * 8, h, 8); - } -} - -/** - * Calculation function of f1() and f1star() - */ -static void f1x(private_eap_aka_t *this, - u_int8_t f, chunk_t k, chunk_t rand, chunk_t sqn, - chunk_t amf, u_int8_t mac[]) -{ - /* generate MAC = f1(FMK, SQN, RAND, AMF) - * K is loaded into hashers IV; FMK, RAND, SQN, AMF are XORed in a 512-bit - * payload which gets hashed - */ - chunk_t payload = chunk_alloca(PAYLOAD_LENGTH); - u_int8_t h[HASH_SIZE_SHA1]; - - memset(payload.ptr, 0x5c, PAYLOAD_LENGTH); - payload.ptr[11] ^= f; - memxor(payload.ptr + 12, fmk.ptr, fmk.len); - memxor(payload.ptr + 16, rand.ptr, rand.len); - memxor(payload.ptr + 34, sqn.ptr, sqn.len); - memxor(payload.ptr + 42, amf.ptr, amf.len); - - step3(this, k, payload, h); - step4(this, h); - memcpy(mac, h, MAC_LENGTH); -} - -/** - * Calculation function of f5() and f5star() - */ -static void f5x(private_eap_aka_t *this, - u_int8_t f, chunk_t k, chunk_t rand, u_int8_t ak[]) -{ - chunk_t payload = chunk_alloca(PAYLOAD_LENGTH); - u_int8_t h[HASH_SIZE_SHA1]; - - memset(payload.ptr, 0x5c, payload.len); - payload.ptr[11] ^= f; - memxor(payload.ptr + 12, fmk.ptr, fmk.len); - memxor(payload.ptr + 16, rand.ptr, rand.len); - - step3(this, k, payload, h); - step4(this, h); - memcpy(ak, h, AK_LENGTH); -} - -/** - * Calculate the MAC from a RAND, SQN, AMF value using K - */ -static void f1(private_eap_aka_t *this, chunk_t k, chunk_t rand, chunk_t sqn, - chunk_t amf, u_int8_t mac[]) -{ - f1x(this, F1, k, rand, sqn, amf, mac); - DBG3(DBG_IKE, "MAC %b", mac, MAC_LENGTH); -} - -/** - * Calculate the MACS from a RAND, SQN, AMF value using K - */ -static void f1star(private_eap_aka_t *this, chunk_t k, chunk_t rand, - chunk_t sqn, chunk_t amf, u_int8_t macs[]) -{ - f1x(this, F1STAR, k, rand, sqn, amf, macs); - DBG3(DBG_IKE, "MACS %b", macs, MAC_LENGTH); -} - -/** - * Calculate RES from RAND using K - */ -static void f2(private_eap_aka_t *this, chunk_t k, chunk_t rand, u_int8_t res[]) -{ - fx(this, F2, k, rand, res); - DBG3(DBG_IKE, "RES %b", res, RES_LENGTH); -} - -/** - * Calculate CK from RAND using K - */ -static void f3(private_eap_aka_t *this, chunk_t k, chunk_t rand, u_int8_t ck[]) -{ - fx(this, F3, k, rand, ck); - DBG3(DBG_IKE, "CK %b", ck, CK_LENGTH); -} - -/** - * Calculate IK from RAND using K - */ -static void f4(private_eap_aka_t *this, chunk_t k, chunk_t rand, u_int8_t ik[]) -{ - fx(this, F4, k, rand, ik); - DBG3(DBG_IKE, "IK %b", ik, IK_LENGTH); -} - -/** - * Calculate AK from a RAND using K - */ -static void f5(private_eap_aka_t *this, chunk_t k, chunk_t rand, u_int8_t ak[]) -{ - f5x(this, F5, k, rand, ak); - DBG3(DBG_IKE, "AK %b", ak, AK_LENGTH); -} - -/** - * Calculate AKS from a RAND using K - */ -static void f5star(private_eap_aka_t *this, chunk_t k, chunk_t rand, u_int8_t aks[]) -{ - f5x(this, F5STAR, k, rand, aks); - DBG3(DBG_IKE, "AKS %b", aks, AK_LENGTH); -} - -/** - * derive the keys needed for EAP_AKA - */ -static bool derive_keys(private_eap_aka_t *this, identification_t *id) -{ - chunk_t ck, ik, mk, identity, tmp; - - ck = chunk_alloca(CK_LENGTH); - ik = chunk_alloca(IK_LENGTH); - mk = chunk_alloca(MK_LENGTH); - identity = id->get_encoding(id); - - /* MK = SHA1( Identity | IK | CK ) */ - f3(this, this->k, this->rand, ck.ptr); - f4(this, this->k, this->rand, ik.ptr); - DBG3(DBG_IKE, "Identity %B", &identity); - tmp = chunk_cata("ccc", identity, ik, ck); - DBG3(DBG_IKE, "Identity|IK|CK %B", &tmp); - this->sha1->get_hash(this->sha1, tmp, mk.ptr); - - /* K_encr | K_auth | MSK | EMSK = prf(0) | prf(0) - * FIPS PRF has 320 bit block size, we need 160 byte for keys - * => run prf four times */ - this->prf->set_key(this->prf, mk); - tmp = chunk_alloca(this->prf->get_block_size(this->prf) * 4); - this->prf->get_bytes(this->prf, chunk_empty, tmp.ptr); - this->prf->get_bytes(this->prf, chunk_empty, tmp.ptr + tmp.len / 4 * 1); - this->prf->get_bytes(this->prf, chunk_empty, tmp.ptr + tmp.len / 4 * 2); - this->prf->get_bytes(this->prf, chunk_empty, tmp.ptr + tmp.len / 4 * 3); - chunk_free(&this->k_encr); - chunk_free(&this->k_auth); - chunk_free(&this->msk); - chunk_free(&this->emsk); - chunk_split(tmp, "aaaa", 16, &this->k_encr, 16, &this->k_auth, - 64, &this->msk, 64, &this->emsk); - DBG3(DBG_IKE, "MK %B", &mk); - DBG3(DBG_IKE, "PRF res %B", &tmp); - DBG3(DBG_IKE, "K_encr %B", &this->k_encr); - DBG3(DBG_IKE, "K_auth %B", &this->k_auth); - DBG3(DBG_IKE, "MSK %B", &this->msk); - DBG3(DBG_IKE, "EMSK %B", &this->emsk); - return TRUE; -} - -/* - * Get a shared key from ipsec.secrets. - * We use the standard keys as used in preshared key authentication. As - * these keys have an undefined length, we: - * - strip them if they are longer - * - fill them up with '\0' if they are shorter - */ -static status_t load_key(identification_t *me, identification_t *other, chunk_t *k) -{ - shared_key_t *shared; - chunk_t key; - - shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, - me, other); - if (shared == NULL) - { - return NOT_FOUND; - } - key = shared->get_key(shared); - chunk_free(k); - *k = chunk_alloc(K_LENGTH); - memset(k->ptr, '\0', k->len); - memcpy(k->ptr, key.ptr, min(key.len, k->len)); - shared->destroy(shared); - return SUCCESS; -} - -/** - * skip EAP_AKA header in message and returns its AKA subtype - */ -static aka_subtype_t read_header(chunk_t *message) -{ - aka_subtype_t type; - - if (message->len < 8) - { - *message = chunk_empty; - return 0; - } - type = *(message->ptr + 5); - *message = chunk_skip(*message, 8); - return type; -} - -/** - * read the next attribute from the chunk data - */ -static aka_attribute_t read_attribute(chunk_t *data, chunk_t *attr_data) -{ - aka_attribute_t attribute; - size_t length; - - DBG3(DBG_IKE, "reading attribute from %B", data); - - if (data->len < 2) - { - return AT_END; - } - /* read attribute and length */ - attribute = *data->ptr++; - length = *data->ptr++ * 4 - 2; - data->len -= 2; - DBG3(DBG_IKE, "found attribute %N with length %d", - aka_attribute_names, attribute, length); - if (length > data->len) - { - return AT_END; - } - /* apply attribute value to attr_data */ - attr_data->len = length; - attr_data->ptr = data->ptr; - /* update data to point to next attribute */ - *data = chunk_skip(*data, length); - return attribute; -} - -/** - * Build an AKA payload from different attributes. - * The variable argument takes an aka_attribute_t - * followed by its data in a chunk. - */ -static eap_payload_t *build_aka_payload(private_eap_aka_t *this, eap_code_t code, - u_int8_t identifier, aka_subtype_t type, ...) -{ - chunk_t message = chunk_alloca(512); /* is enought for all current messages */ - chunk_t pos = message; - eap_payload_t *payload; - va_list args; - aka_attribute_t attr; - u_int8_t *mac_pos = NULL; - - /* write EAP header, skip length bytes */ - *pos.ptr++ = code; - *pos.ptr++ = identifier; - pos.ptr += 2; - pos.len -= 4; - /* write AKA header with type and subtype, null reserved bytes */ - *pos.ptr++ = EAP_AKA; - *pos.ptr++ = type; - *pos.ptr++ = 0; - *pos.ptr++ = 0; - pos.len -= 4; - - va_start(args, type); - while ((attr = va_arg(args, aka_attribute_t)) != AT_END) - { - chunk_t data = va_arg(args, chunk_t); - - DBG3(DBG_IKE, "building %N %B", aka_attribute_names, attr, &data); - - /* write attribute header */ - *pos.ptr++ = attr; - pos.len--; - - switch (attr) - { - case AT_RES: - { - /* attribute length in 4byte words */ - *pos.ptr = data.len/4 + 1; - pos = chunk_skip(pos, 1); - /* RES length in bits */ - *(u_int16_t*)pos.ptr = htons(data.len * 8); - pos = chunk_skip(pos, sizeof(u_int16_t)); - memcpy(pos.ptr, data.ptr, data.len); - pos = chunk_skip(pos, data.len); - break; - } - case AT_AUTN: - case AT_RAND: - { - *pos.ptr++ = data.len/4 + 1; pos.len--; - *pos.ptr++ = 0; pos.len--; - *pos.ptr++ = 0; pos.len--; - memcpy(pos.ptr, data.ptr, data.len); - pos = chunk_skip(pos, data.len); - break; - } - case AT_MAC: - { - *pos.ptr++ = 5; pos.len--; - *pos.ptr++ = 0; pos.len--; - *pos.ptr++ = 0; pos.len--; - mac_pos = pos.ptr; - /* MAC is calculated over message including zeroed AT_MAC attribute */ - memset(mac_pos, 0, AT_MAC_LENGTH); - pos.ptr += AT_MAC_LENGTH; - pos.len -= AT_MAC_LENGTH; - break; - } - default: - { - /* length is data length in 4-bytes + 1 for header */ - *pos.ptr = data.len/4 + 1; - pos = chunk_skip(pos, 1); - memcpy(pos.ptr, data.ptr, data.len); - pos = chunk_skip(pos, data.len); - } - } - } - va_end(args); - - /* calculate message length, write into header */ - message.len = pos.ptr - message.ptr; - *(u_int16_t*)(message.ptr + 2) = htons(message.len); - - /* create MAC if AT_MAC attribte was included */ - if (mac_pos) - { - this->signer->set_key(this->signer, this->k_auth); - DBG3(DBG_IKE, "AT_MAC signature of %B", &message); - DBG3(DBG_IKE, "using key %B", &this->k_auth); - this->signer->get_signature(this->signer, message, mac_pos); - DBG3(DBG_IKE, "is %b", mac_pos, AT_MAC_LENGTH); - } - - /* payload constructor takes data with some bytes skipped */ - payload = eap_payload_create_data(message); - - DBG3(DBG_IKE, "created EAP message %B", &message); - return payload; -} - -/** - * generate a new non-zero identifier - */ -static u_char get_identifier() -{ - u_char id; - - do { - id = random(); - } while (!id); - return id; -} - -/** - * Initiate a AKA-Challenge using SQN - */ -static status_t server_initiate_challenge(private_eap_aka_t *this, chunk_t sqn, - eap_payload_t **out) -{ - rng_t *rng; - chunk_t mac, ak, autn; - - mac = chunk_alloca(MAC_LENGTH); - ak = chunk_alloca(AK_LENGTH); - chunk_free(&this->rand); - chunk_free(&this->xres); - - /* generate RAND: - * we use a registered RNG, not f0() proposed in S.S0055 - */ - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) - { - DBG1(DBG_IKE, "generating RAND for EAP-AKA authentication failed"); - return FAILED; - } - rng->allocate_bytes(rng, RAND_LENGTH, &this->rand); - rng->destroy(rng); - -# ifdef TEST_VECTORS - /* Test vector for RAND */ - u_int8_t test_rand[] = { - 0x4b,0x05,0x2b,0x20,0xe2,0xa0,0x6c,0x8f, - 0xf7,0x00,0xda,0x51,0x2b,0x4e,0x11,0x1e, - }; - memcpy(this->rand.ptr, test_rand, this->rand.len); -# endif /* TEST_VECTORS */ - - /* Get the shared key K: */ - if (load_key(this->server, this->peer, &this->k) != SUCCESS) - { - DBG1(DBG_IKE, "no shared key found for IDs '%Y' - '%Y' to authenticate " - "with EAP-AKA", this->server, this->peer); - return FAILED; - } - -# ifdef TEST_VECTORS - /* Test vector for K */ - u_int8_t test_k[] = { - 0xad,0x1b,0x5a,0x15,0x9b,0xe8,0x6b,0x2c, - 0xa6,0x6c,0x7a,0xe4,0x0b,0xba,0x9b,0x9d, - }; - memcpy(this->k.ptr, test_k, this->k.len); -# endif /* TEST_VECTORS */ - - /* generate MAC */ - f1(this, this->k, this->rand, sqn, amf, mac.ptr); - - /* generate AK */ - f5(this, this->k, this->rand, ak.ptr); - - /* precalculate XRES as expected from client */ - this->xres = chunk_alloc(RES_LENGTH); - f2(this, this->k, this->rand, this->xres.ptr); - - /* calculate AUTN = (SQN xor AK) || AMF || MAC */ - autn = chunk_cata("ccc", sqn, amf, mac); - memxor(autn.ptr, ak.ptr, ak.len); - DBG3(DBG_IKE, "AUTN %B", &autn); - - - /* derive K_encr, K_auth, MSK, EMSK */ - derive_keys(this, this->peer); - - /* build payload */ - *out = build_aka_payload(this, EAP_REQUEST, get_identifier(), AKA_CHALLENGE, - AT_RAND, this->rand, AT_AUTN, autn, AT_MAC, - chunk_empty, AT_END); - return NEED_MORE; -} - -/** - * Implementation of eap_method_t.initiate for an EAP_AKA server - */ -static status_t server_initiate(private_eap_aka_t *this, eap_payload_t **out) -{ - chunk_t sqn = chunk_alloca(SQN_LENGTH); - - /* we use an offset of 3 minutes to tolerate clock inaccuracy - * without the need to synchronize sequence numbers */ - update_sqn(sqn.ptr, 180); - -# ifdef TEST_VECTORS - /* Test vector for SQN */ - u_int8_t test_sqn[] = {0x00,0x00,0x00,0x00,0x00,0x01}; - memcpy(sqn.ptr, test_sqn, sqn.len); -# endif /* TEST_VECTORS */ - - return server_initiate_challenge(this, sqn, out); -} - -static status_t server_process_synchronize(private_eap_aka_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - chunk_t attr, auts = chunk_empty, pos, message, macs, xmacs, sqn, aks, amf; - u_int i; - - message = in->get_data(in); - pos = message; - read_header(&pos); - - /* iterate over attributes */ - while (TRUE) - { - aka_attribute_t attribute = read_attribute(&pos, &attr); - switch (attribute) - { - case AT_END: - break; - case AT_AUTS: - auts = attr; - continue; - default: - if (attribute >= 0 && attribute <= 127) - { - DBG1(DBG_IKE, "found non skippable attribute %N", - aka_attribute_names, attribute); - return FAILED; - } - DBG1(DBG_IKE, "ignoring skippable attribute %N", - aka_attribute_names, attribute); - continue; - } - break; - } - - if (auts.len != AUTS_LENGTH) - { - DBG1(DBG_IKE, "synchronization request didn't contain useable AUTS"); - return FAILED; - } - - chunk_split(auts, "mm", SQN_LENGTH, &sqn, MAC_LENGTH, &macs); - aks = chunk_alloca(AK_LENGTH); - f5star(this, this->k, this->rand, aks.ptr); - /* decrypt serial number by XORing AKS */ - memxor(sqn.ptr, aks.ptr, aks.len); - - /* verify MACS */ - xmacs = chunk_alloca(MAC_LENGTH); - amf = chunk_alloca(AMF_LENGTH); - /* an AMF of zero is used for MACS calculation */ - memset(amf.ptr, 0, amf.len); - f1star(this, this->k, this->rand, sqn, amf, xmacs.ptr); - if (!chunk_equals(macs, xmacs)) - { - DBG1(DBG_IKE, "received MACS does not match XMACS"); - DBG3(DBG_IKE, "MACS %B XMACS %B", &macs, &xmacs); - return FAILED; - } - - /* retry the challenge with the received SQN + 1*/ - for (i = SQN_LENGTH - 1; i >= 0; i--) - { - if (++sqn.ptr[i] != 0) - { - break; - } - } - return server_initiate_challenge(this, sqn, out); -} - -/** - * process an AKA_Challenge response - */ -static status_t server_process_challenge(private_eap_aka_t *this, eap_payload_t *in) -{ - chunk_t attr, res = chunk_empty, at_mac = chunk_empty, pos, message; - - message = in->get_data(in); - pos = message; - read_header(&pos); - - /* iterate over attributes */ - while (TRUE) - { - aka_attribute_t attribute = read_attribute(&pos, &attr); - switch (attribute) - { - case AT_END: - break; - case AT_RES: - res = attr; - if (attr.len == 2 + RES_LENGTH && - *(u_int16_t*)attr.ptr == htons(RES_LENGTH * 8)) - { - res = chunk_skip(attr, 2); - } - continue; - - case AT_MAC: - attr = chunk_skip(attr, 2); - at_mac = chunk_clonea(attr); - /* zero MAC in message for MAC verification */ - memset(attr.ptr, 0, attr.len); - continue; - default: - if (attribute >= 0 && attribute <= 127) - { - DBG1(DBG_IKE, "found non skippable attribute %N", - aka_attribute_names, attribute); - return FAILED; - } - DBG1(DBG_IKE, "ignoring skippable attribute %N", - aka_attribute_names, attribute); - continue; - } - break; - } - - /* verify EAP message MAC AT_MAC */ - { - this->signer->set_key(this->signer, this->k_auth); - DBG3(DBG_IKE, "verifying AT_MAC signature of %B", &message); - DBG3(DBG_IKE, "using key %B", &this->k_auth); - if (!this->signer->verify_signature(this->signer, message, at_mac)) - { - DBG1(DBG_IKE, "MAC in AT_MAC attribute verification failed"); - return FAILED; - } - } - - /* compare received RES against stored precalculated XRES */ - if (!chunk_equals(res, this->xres)) - { - DBG1(DBG_IKE, "received RES does not match XRES"); - DBG3(DBG_IKE, "RES %Bb XRES %B", &res, &this->xres); - return FAILED; - } - return SUCCESS; -} - -/** - * Implementation of eap_method_t.process for EAP_AKA servers - */ -static status_t server_process(private_eap_aka_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - chunk_t message; - aka_subtype_t type; - - message = in->get_data(in); - type = read_header(&message); - - DBG3(DBG_IKE, "received EAP message %B", &message); - - switch (type) - { - case AKA_CHALLENGE: - { - return server_process_challenge(this, in); - } - case AKA_AUTHENTICATION_REJECT: - case AKA_CLIENT_ERROR: - { - DBG1(DBG_IKE, "received %N, authentication failed", - aka_subtype_names, type); - return FAILED; - } - case AKA_SYNCHRONIZATION_FAILURE: - { - DBG1(DBG_IKE, "received %N, retrying with received SQN", - aka_subtype_names, type); - return server_process_synchronize(this, in, out); - } - default: - DBG1(DBG_IKE, "received unknown AKA subtype %N, authentication failed", - aka_subtype_names, type); - return FAILED; - } -} - -/** - * Process an incoming AKA-Challenge client side - */ -static status_t peer_process_challenge(private_eap_aka_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - chunk_t attr = chunk_empty; - chunk_t autn = chunk_empty, at_mac = chunk_empty; - chunk_t ak, sqn, sqn_ak, mac, xmac, res, amf, message, pos; - u_int8_t identifier; - - ak = chunk_alloca(AK_LENGTH); - xmac = chunk_alloca(MAC_LENGTH); - res = chunk_alloca(RES_LENGTH); - chunk_free(&this->rand); - - message = in->get_data(in); - pos = message; - read_header(&pos); - identifier = in->get_identifier(in); - - DBG3(DBG_IKE, "reading attributes from %B", &pos); - - /* iterate over attributes */ - while (TRUE) - { - aka_attribute_t attribute = read_attribute(&pos, &attr); - switch (attribute) - { - case AT_END: - break; - case AT_RAND: - this->rand = chunk_clone(chunk_skip(attr, 2)); - continue; - case AT_AUTN: - autn = chunk_skip(attr, 2); - continue; - case AT_MAC: - attr = chunk_skip(attr, 2); - at_mac = chunk_clonea(attr); - /* set MAC in message to zero for own MAC verification */ - memset(attr.ptr, 0, attr.len); - continue; - default: - if (attribute >= 0 && attribute <= 127) - { - /* non skippable attribute, abort */ - *out = build_aka_payload(this, EAP_RESPONSE, identifier, AKA_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_code, AT_END); - DBG1(DBG_IKE, "found non skippable attribute %N, sending %N %d", - aka_attribute_names, attribute, - aka_attribute_names, AT_CLIENT_ERROR_CODE, 0); - return NEED_MORE; - } - DBG1(DBG_IKE, "ignoring skippable attribute %N", - aka_attribute_names, attribute); - continue; - } - break; - } - - if (this->rand.len != RAND_LENGTH || autn.len != AUTN_LENGTH) - { - /* required attributes wrong/not found, abort */ - *out = build_aka_payload(this, EAP_RESPONSE, identifier, AKA_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_code, AT_END); - DBG1(DBG_IKE, "could not find valid RAND/AUTN attribute, sending %N %d", - aka_attribute_names, AT_CLIENT_ERROR_CODE, 0); - return NEED_MORE; - } - - DBG3(DBG_IKE, "using autn %B", &autn); - /* split up AUTN = SQN xor AK | AMF | MAC */ - chunk_split(autn, "mmm", SQN_LENGTH, &sqn_ak, AMF_LENGTH, &amf, MAC_LENGTH, &mac); - - /* Get the shared key K: */ - chunk_free(&this->k); - if (load_key(this->peer, this->server, &this->k) != SUCCESS) - { - *out = build_aka_payload(this, EAP_RESPONSE, identifier, - AKA_AUTHENTICATION_REJECT, AT_END); - DBG3(DBG_IKE, "no shared key found for IDs '%Y' - '%Y' to authenticate " - "with EAP-AKA, sending %N", this->peer, this->server, - aka_subtype_names, AKA_AUTHENTICATION_REJECT); - return NEED_MORE; - } - DBG3(DBG_IKE, "using K %B", &this->k); -# ifdef TEST_VECTORS - /* Test vector for K */ - u_int8_t test_k[] = { - 0xad,0x1b,0x5a,0x15,0x9b,0xe8,0x6b,0x2c, - 0xa6,0x6c,0x7a,0xe4,0x0b,0xba,0x9b,0x9d, - }; - memcpy(this->k.ptr, test_k, this->k.len); -# endif /* TEST_VECTORS */ - - /* calculate anonymity key AK */ - f5(this, this->k, this->rand, ak.ptr); - DBG3(DBG_IKE, "using rand %B", &this->rand); - DBG3(DBG_IKE, "using ak %B", &ak); - /* XOR AK into SQN to decrypt it */ - - sqn = chunk_clonea(sqn_ak); - - DBG3(DBG_IKE, "using ak xor sqn %B", &sqn_ak); - memxor(sqn.ptr, ak.ptr, sqn.len); - DBG3(DBG_IKE, "using sqn %B", &sqn); - - /* calculate expected MAC and compare against received one */ - f1(this, this->k, this->rand, sqn, amf, xmac.ptr); - if (!chunk_equals(mac, xmac)) - { - *out = build_aka_payload(this, EAP_RESPONSE, identifier, - AKA_AUTHENTICATION_REJECT, AT_END); - DBG1(DBG_IKE, "received MAC does not match XMAC, sending %N", - aka_subtype_names, AKA_AUTHENTICATION_REJECT); - DBG3(DBG_IKE, "MAC %B\nXMAC %B", &mac, &xmac); - return NEED_MORE; - } - -#if SEQ_CHECK - if (memcmp(peer_sqn.ptr, sqn.ptr, sqn.len) >= 0) - { - /* sequence number invalid. send AUTS */ - chunk_t auts, macs, aks, amf; - - macs = chunk_alloca(MAC_LENGTH); - aks = chunk_alloca(AK_LENGTH); - amf = chunk_alloca(AMF_LENGTH); - - /* AMF is set to zero in AKA_SYNCHRONIZATION_FAILURE */ - memset(amf.ptr, 0, amf.len); - /* AKS = f5*(RAND) */ - f5star(this, this->k, this->rand, aks.ptr); - /* MACS = f1*(RAND) */ - f1star(this, this->k, this->rand, peer_sqn, amf, macs.ptr); - /* AUTS = SQN xor AKS | MACS */ - memxor(aks.ptr, peer_sqn.ptr, aks.len); - auts = chunk_cata("cc", aks, macs); - - *out = build_aka_payload(this, EAP_RESPONSE, identifier, - AKA_SYNCHRONIZATION_FAILURE, - AT_AUTS, auts, AT_END); - DBG1(DBG_IKE, "received SQN invalid, sending %N", - aka_subtype_names, AKA_SYNCHRONIZATION_FAILURE); - DBG3(DBG_IKE, "received SQN %B\ncurrent SQN %B", &sqn, &peer_sqn); - return NEED_MORE; - } -#endif /* SEQ_CHECK */ - - /* derive K_encr, K_auth, MSK, EMSK */ - derive_keys(this, this->peer); - - /* verify EAP message MAC AT_MAC */ - DBG3(DBG_IKE, "verifying AT_MAC signature of %B", &message); - DBG3(DBG_IKE, "using key %B", &this->k_auth); - this->signer->set_key(this->signer, this->k_auth); - if (!this->signer->verify_signature(this->signer, message, at_mac)) - { - *out = build_aka_payload(this, EAP_RESPONSE, identifier, AKA_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_code, AT_END); - DBG1(DBG_IKE, "MAC in AT_MAC attribute verification " - "failed, sending %N %d", aka_attribute_names, - AT_CLIENT_ERROR_CODE, 0); - return NEED_MORE; - } - - /* update stored SQN to the received one */ - memcpy(peer_sqn.ptr, sqn.ptr, sqn.len); - - /* calculate RES */ - f2(this, this->k, this->rand, res.ptr); - - /* build response */ - *out = build_aka_payload(this, EAP_RESPONSE, identifier, AKA_CHALLENGE, - AT_RES, res, AT_MAC, chunk_empty, AT_END); - return NEED_MORE; -} - -/** - * Process an incoming AKA-Notification as client - */ -static status_t peer_process_notification(private_eap_aka_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - chunk_t message, pos, attr; - u_int8_t identifier; - - message = in->get_data(in); - pos = message; - read_header(&pos); - identifier = in->get_identifier(in); - - DBG3(DBG_IKE, "reading attributes from %B", &pos); - - /* iterate over attributes */ - while (TRUE) - { - aka_attribute_t attribute = read_attribute(&pos, &attr); - switch (attribute) - { - case AT_END: - break; - case AT_NOTIFICATION: - { - u_int16_t code; - - if (attr.len != 2) - { - DBG1(DBG_IKE, "received invalid AKA notification, ignored"); - continue; - } - code = ntohs(*(u_int16_t*)attr.ptr); - switch (code) - { - case 0: - DBG1(DBG_IKE, "received AKA notification 'general " - "failure after authentication' (%d)", code); - return FAILED; - case 16384: - DBG1(DBG_IKE, "received AKA notification 'general " - "failure' (%d)", code); - return FAILED; - case 32768: - DBG1(DBG_IKE, "received AKA notification 'successfully " - "authenticated' (%d)", code); - continue; - case 1026: - DBG1(DBG_IKE, "received AKA notification 'access " - "temporarily denied' (%d)", code); - return FAILED; - case 1031: - DBG1(DBG_IKE, "received AKA notification 'not " - "subscribed to service' (%d)", code); - return FAILED; - default: - DBG1(DBG_IKE, "received AKA notification code %d, " - "ignored", code); - continue; - } - } - default: - if (attribute >= 0 && attribute <= 127) - { - DBG1(DBG_IKE, "ignoring non-skippable attribute %N in %N", - aka_attribute_names, attribute, aka_subtype_names, - AKA_NOTIFICATION); - } - else - { - DBG1(DBG_IKE, "ignoring skippable attribute %N", - aka_attribute_names, attribute); - } - continue; - } - break; - } - return NEED_MORE; -} - -/** - * Implementation of eap_method_t.process for an EAP_AKA peer - */ -static status_t peer_process(private_eap_aka_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - aka_subtype_t type; - chunk_t message; - u_int8_t identifier; - - message = in->get_data(in); - type = read_header(&message); - identifier = in->get_identifier(in); - - DBG3(DBG_IKE, "received EAP message %B", &message); - - switch (type) - { - case AKA_CHALLENGE: - { - return peer_process_challenge(this, in, out); - } - case AKA_NOTIFICATION: - { - return peer_process_notification(this, in, out); - } - default: - { - *out = build_aka_payload(this, EAP_RESPONSE, identifier, AKA_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_code, AT_END); - DBG1(DBG_IKE, "received unsupported %N request, sending %N %d", - aka_subtype_names, type, - aka_attribute_names, AT_CLIENT_ERROR_CODE, 0); - return NEED_MORE; - } - } -} - -/** - * Implementation of eap_method_t.initiate for an EAP AKA peer - */ -static status_t peer_initiate(private_eap_aka_t *this, eap_payload_t **out) -{ - /* peer never initiates */ - return FAILED; -} - -/** - * Implementation of eap_method_t.get_type. - */ -static eap_type_t get_type(private_eap_aka_t *this, u_int32_t *vendor) -{ - *vendor = 0; - return EAP_AKA; -} - -/** - * Implementation of eap_method_t.get_msk. - */ -static status_t get_msk(private_eap_aka_t *this, chunk_t *msk) -{ - if (this->msk.ptr) - { - *msk = this->msk; - return SUCCESS; - } - return FAILED; -} - -/** - * Implementation of eap_method_t.is_mutual. - */ -static bool is_mutual(private_eap_aka_t *this) -{ - return TRUE; -} - -/** - * Implementation of eap_method_t.destroy. - */ -static void destroy(private_eap_aka_t *this) -{ - this->server->destroy(this->server); - this->peer->destroy(this->peer); - DESTROY_IF(this->sha1); - DESTROY_IF(this->signer); - DESTROY_IF(this->prf); - DESTROY_IF(this->keyed_prf); - chunk_free(&this->k_encr); - chunk_free(&this->k_auth); - chunk_free(&this->msk); - chunk_free(&this->emsk); - chunk_free(&this->xres); - chunk_free(&this->k); - chunk_free(&this->rand); - free(this); -} - -/** - * generic constructor used by client & server - */ -static private_eap_aka_t *eap_aka_create_generic(identification_t *server, - identification_t *peer) -{ - private_eap_aka_t *this = malloc_thing(private_eap_aka_t); - - this->public.eap_method_interface.initiate = NULL; - this->public.eap_method_interface.process = NULL; - this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; - this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; - this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; - this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - - /* private data */ - this->server = server->clone(server); - this->peer = peer->clone(peer); - this->k_encr = chunk_empty; - this->k_auth = chunk_empty; - this->msk = chunk_empty; - this->emsk = chunk_empty; - this->xres = chunk_empty; - this->k = chunk_empty; - this->rand = chunk_empty; - - this->sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128); - this->prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160); - this->keyed_prf = lib->crypto->create_prf(lib->crypto, PRF_KEYED_SHA1); - - if (!this->sha1 || !this->signer || !this->prf || !this->keyed_prf) - { - DBG1(DBG_IKE, "unable to initiate EAP-AKA, FIPS-PRF/SHA1 not supported"); - DESTROY_IF(this->sha1); - DESTROY_IF(this->signer); - DESTROY_IF(this->prf); - DESTROY_IF(this->keyed_prf); - destroy(this); - return NULL; - } - return this; -} - -/* - * Described in header. - */ -eap_aka_t *eap_aka_create_server(identification_t *server, identification_t *peer) -{ - private_eap_aka_t *this = eap_aka_create_generic(server, peer); - - if (this) - { - this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))server_initiate; - this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))server_process; - } - return (eap_aka_t*)this; -} - -/* - * Described in header. - */ -eap_aka_t *eap_aka_create_peer(identification_t *server, identification_t *peer) -{ - private_eap_aka_t *this = eap_aka_create_generic(server, peer); - - if (this) - { - this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))peer_initiate; - this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))peer_process; - } - return (eap_aka_t*)this; -} - diff --git a/src/charon/plugins/eap_aka/eap_aka.h b/src/charon/plugins/eap_aka/eap_aka.h deleted file mode 100644 index 7686802cf..000000000 --- a/src/charon/plugins/eap_aka/eap_aka.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup eap_aka_i eap_aka - * @{ @ingroup eap_aka - */ - -#ifndef EAP_AKA_H_ -#define EAP_AKA_H_ - -typedef struct eap_aka_t eap_aka_t; - -#include - -/** check SEQ values as client for validity, disabled by default */ -#ifndef SEQ_CHECK -# define SEQ_CHECK 0 -#endif - -/** - * Implementation of the eap_method_t interface using EAP-AKA. - * - * EAP-AKA uses 3rd generation mobile phone standard authentication - * mechanism for authentication. It is a mutual authentication - * mechanism which establishs a shared key and therefore supports EAP_ONLY - * authentication. This implementation follows the standard of the - * 3GPP2 (S.S0055) and not the one of 3GGP. - * The shared key used for authentication is from ipsec.secrets. The - * peers ID is used to query it. - * The AKA mechanism uses sequence numbers to detect replay attacks. The - * peer stores the sequence number normally in a USIM and accepts - * incremental sequence numbers (incremental for lifetime of the USIM). To - * prevent a complex sequence number management, this implementation uses - * a sequence number derived from time. It is initialized to the startup - * time of the daemon. As long as the (UTC) time of the system is not - * turned back while the daemon is not running, this method is secure. - * To enable time based SEQs, define SEQ_CHECK as 1. Default is to accept - * any SEQ numbers. This allows an attacker to do replay attacks. But since - * the server has proven his identity via IKE, such an attack is only - * possible between server and AAA (if any). - */ -struct eap_aka_t { - - /** - * Implemented eap_method_t interface. - */ - eap_method_t eap_method_interface; -}; - -/** - * Creates the server implementation of the EAP method EAP-AKA. - * - * @param server ID of the EAP server - * @param peer ID of the EAP client - * @return eap_aka_t object - */ -eap_aka_t *eap_aka_create_server(identification_t *server, identification_t *peer); - -/** - * Creates the peer implementation of the EAP method EAP-AKA. - * - * @param server ID of the EAP server - * @param peer ID of the EAP client - * @return eap_aka_t object - */ -eap_aka_t *eap_aka_create_peer(identification_t *server, identification_t *peer); - -#endif /** EAP_AKA_H_ @}*/ diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.c b/src/charon/plugins/eap_aka/eap_aka_peer.c new file mode 100644 index 000000000..26546809d --- /dev/null +++ b/src/charon/plugins/eap_aka/eap_aka_peer.c @@ -0,0 +1,583 @@ +/* + * Copyright (C) 2006-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_aka_peer.h" + +#include +#include + +#include +#include + +typedef struct private_eap_aka_peer_t private_eap_aka_peer_t; + +/** + * Private data of an eap_aka_peer_t object. + */ +struct private_eap_aka_peer_t { + + /** + * Public authenticator_t interface. + */ + eap_aka_peer_t public; + + /** + * EAP-AKA crypto helper + */ + simaka_crypto_t *crypto; + + /** + * permanent ID of peer + */ + identification_t *permanent; + + /** + * Pseudonym identity the peer uses + */ + identification_t *pseudonym; + + /** + * Reauthentication identity the peer uses + */ + identification_t *reauth; + + /** + * MSK + */ + chunk_t msk; + + /** + * Master key, if reauthentication is used + */ + char mk[HASH_SIZE_SHA1]; + + /** + * Counter value if reauthentication is used + */ + u_int16_t counter; +}; + +/** + * Create a AKA_CLIENT_ERROR: "Unable to process" + */ +static eap_payload_t* create_client_error(private_eap_aka_peer_t *this, + u_int8_t identifier) +{ + simaka_message_t *message; + eap_payload_t *out; + u_int16_t encoded; + + DBG1(DBG_IKE, "sending client error '%N'", + simaka_client_error_names, AKA_UNABLE_TO_PROCESS); + + message = simaka_message_create(FALSE, identifier, EAP_AKA, + AKA_CLIENT_ERROR, this->crypto); + encoded = htons(AKA_UNABLE_TO_PROCESS); + message->add_attribute(message, AT_CLIENT_ERROR_CODE, + chunk_create((char*)&encoded, sizeof(encoded))); + out = message->generate(message, chunk_empty); + message->destroy(message); + return out; +} + +/** + * process an EAP-AKA/Request/Identity message + */ +static status_t process_identity(private_eap_aka_peer_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, id = chunk_empty; + simaka_attribute_t id_req = 0; + + /* reset previously uses reauthentication/pseudonym data */ + this->crypto->clear_keys(this->crypto); + DESTROY_IF(this->pseudonym); + this->pseudonym = NULL; + DESTROY_IF(this->reauth); + this->reauth = NULL; + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_ANY_ID_REQ: + case AT_FULLAUTH_ID_REQ: + case AT_PERMANENT_ID_REQ: + id_req = type; + break; + default: + if (!simaka_attribute_skippable(type)) + { + *out = create_client_error(this, in->get_identifier(in)); + enumerator->destroy(enumerator); + return NEED_MORE; + } + break; + } + } + enumerator->destroy(enumerator); + + switch (id_req) + { + case AT_ANY_ID_REQ: + this->reauth = charon->sim->card_get_reauth(charon->sim, + this->permanent, this->mk, &this->counter); + if (this->reauth) + { + id = this->reauth->get_encoding(this->reauth); + break; + } + /* FALL */ + case AT_FULLAUTH_ID_REQ: + this->pseudonym = charon->sim->card_get_pseudonym(charon->sim, + this->permanent); + if (this->pseudonym) + { + id = this->pseudonym->get_encoding(this->pseudonym); + break; + } + /* FALL */ + case AT_PERMANENT_ID_REQ: + id = this->permanent->get_encoding(this->permanent); + break; + default: + break; + } + message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, + AKA_IDENTITY, this->crypto); + if (id.len) + { + message->add_attribute(message, AT_IDENTITY, id); + } + *out = message->generate(message, chunk_empty); + message->destroy(message); + + return NEED_MORE; +} + +/** + * Process an EAP-AKA/Request/Challenge message + */ +static status_t process_challenge(private_eap_aka_peer_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, rand = chunk_empty, autn = chunk_empty, mk; + u_char res[AKA_RES_MAX], ck[AKA_CK_LEN], ik[AKA_IK_LEN], auts[AKA_AUTS_LEN]; + int res_len; + identification_t *id; + status_t status; + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_RAND: + rand = data; + break; + case AT_AUTN: + autn = data; + break; + default: + if (!simaka_attribute_skippable(type)) + { + *out = create_client_error(this, in->get_identifier(in)); + enumerator->destroy(enumerator); + return NEED_MORE; + } + break; + } + } + enumerator->destroy(enumerator); + + if (!rand.len || !autn.len) + { + DBG1(DBG_IKE, "received invalid EAP-AKA challenge message"); + *out = create_client_error(this, in->get_identifier(in)); + return NEED_MORE; + } + + status = charon->sim->card_get_quintuplet(charon->sim, this->permanent, + rand.ptr, autn.ptr, ck, ik, res, &res_len); + if (status == INVALID_STATE && + charon->sim->card_resync(charon->sim, this->permanent, rand.ptr, auts)) + { + DBG1(DBG_IKE, "received SQN invalid, sending %N", + simaka_subtype_names, AKA_SYNCHRONIZATION_FAILURE); + message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, + AKA_SYNCHRONIZATION_FAILURE, this->crypto); + message->add_attribute(message, AT_AUTS, + chunk_create(auts, AKA_AUTS_LEN)); + *out = message->generate(message, chunk_empty); + message->destroy(message); + return NEED_MORE; + } + if (status != SUCCESS) + { + DBG1(DBG_IKE, "no USIM found with quintuplets for '%Y', sending %N", + this->permanent, simaka_subtype_names, AKA_AUTHENTICATION_REJECT); + message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, + AKA_AUTHENTICATION_REJECT, this->crypto); + *out = message->generate(message, chunk_empty); + message->destroy(message); + return NEED_MORE; + } + + id = this->permanent; + if (this->pseudonym) + { + id = this->pseudonym; + } + data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN), + chunk_create(ck, AKA_CK_LEN)); + free(this->msk.ptr); + this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk); + memcpy(this->mk, mk.ptr, mk.len); + free(mk.ptr); + + /* Verify AT_MAC attribute and parse() again after key derivation, + * reading encrypted attributes */ + if (!in->verify(in, chunk_empty) || !in->parse(in)) + { + *out = create_client_error(this, in->get_identifier(in)); + return NEED_MORE; + } + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_NEXT_REAUTH_ID: + this->counter = 0; + id = identification_create_from_data(data); + charon->sim->card_set_reauth(charon->sim, this->permanent, id, + this->mk, this->counter); + id->destroy(id); + break; + case AT_NEXT_PSEUDONYM: + id = identification_create_from_data(data); + charon->sim->card_set_pseudonym(charon->sim, this->permanent, id); + id->destroy(id); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, + AKA_CHALLENGE, this->crypto); + message->add_attribute(message, AT_RES, chunk_create(res, res_len)); + *out = message->generate(message, chunk_empty); + message->destroy(message); + return NEED_MORE; +} + +/** + * Check if a received counter value is acceptable + */ +static bool counter_too_small(private_eap_aka_peer_t *this, chunk_t chunk) +{ + u_int16_t counter; + + memcpy(&counter, chunk.ptr, sizeof(counter)); + counter = htons(counter); + return counter < this->counter; +} + +/** + * process an EAP-AKA/Request/Reauthentication message + */ +static status_t process_reauthentication(private_eap_aka_peer_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, counter = chunk_empty, nonce = chunk_empty, id = chunk_empty; + + if (!this->reauth) + { + DBG1(DBG_IKE, "received %N, but not expected", + simaka_subtype_names, AKA_REAUTHENTICATION); + *out = create_client_error(this, in->get_identifier(in)); + return NEED_MORE; + } + + this->crypto->derive_keys_reauth(this->crypto, + chunk_create(this->mk, HASH_SIZE_SHA1)); + + /* verify MAC and parse again with decryption key */ + if (!in->verify(in, chunk_empty) || !in->parse(in)) + { + *out = create_client_error(this, in->get_identifier(in)); + return NEED_MORE; + } + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_COUNTER: + counter = data; + break; + case AT_NONCE_S: + nonce = data; + break; + case AT_NEXT_REAUTH_ID: + id = data; + break; + default: + if (!simaka_attribute_skippable(type)) + { + *out = create_client_error(this, in->get_identifier(in)); + enumerator->destroy(enumerator); + return NEED_MORE; + } + break; + } + } + enumerator->destroy(enumerator); + + if (!nonce.len || !counter.len) + { + DBG1(DBG_IKE, "EAP-AKA/Request/Reauthentication message incomplete"); + *out = create_client_error(this, in->get_identifier(in)); + return NEED_MORE; + } + + message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, + AKA_REAUTHENTICATION, this->crypto); + if (counter_too_small(this, counter)) + { + DBG1(DBG_IKE, "reauthentication counter too small"); + message->add_attribute(message, AT_COUNTER_TOO_SMALL, chunk_empty); + } + else + { + free(this->msk.ptr); + this->msk = this->crypto->derive_keys_reauth_msk(this->crypto, + this->reauth, counter, nonce, + chunk_create(this->mk, HASH_SIZE_SHA1)); + if (id.len) + { + identification_t *reauth; + + reauth = identification_create_from_data(data); + charon->sim->card_set_reauth(charon->sim, this->permanent, reauth, + this->mk, this->counter); + reauth->destroy(reauth); + } + } + message->add_attribute(message, AT_COUNTER, counter); + *out = message->generate(message, nonce); + message->destroy(message); + return NEED_MORE; +} + +/** + * Process an EAP-AKA/Request/Notification message + */ +static status_t process_notification(private_eap_aka_peer_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data; + bool success = TRUE; + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + if (type == AT_NOTIFICATION) + { + u_int16_t code; + + memcpy(&code, data.ptr, sizeof(code)); + code = ntohs(code); + + /* test success bit */ + if (!(data.ptr[0] & 0x80)) + { + success = FALSE; + DBG1(DBG_IKE, "received EAP-AKA notification error '%N'", + simaka_notification_names, code); + } + else + { + DBG1(DBG_IKE, "received EAP-AKA notification '%N'", + simaka_notification_names, code); + } + } + else if (!simaka_attribute_skippable(type)) + { + success = FALSE; + break; + } + } + enumerator->destroy(enumerator); + + if (success) + { /* empty notification reply */ + message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA, + AKA_NOTIFICATION, this->crypto); + *out = message->generate(message, chunk_empty); + message->destroy(message); + } + else + { + *out = create_client_error(this, in->get_identifier(in)); + } + return NEED_MORE; +} + + +/** + * Implementation of eap_method_t.process + */ +static status_t process(private_eap_aka_peer_t *this, + eap_payload_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + status_t status; + + message = simaka_message_create_from_payload(in, this->crypto); + if (!message) + { + *out = create_client_error(this, in->get_identifier(in)); + return NEED_MORE; + } + if (!message->parse(message)) + { + message->destroy(message); + *out = create_client_error(this, in->get_identifier(in)); + return NEED_MORE; + } + switch (message->get_subtype(message)) + { + case AKA_IDENTITY: + status = process_identity(this, message, out); + break; + case AKA_CHALLENGE: + status = process_challenge(this, message, out); + break; + case AKA_REAUTHENTICATION: + status = process_reauthentication(this, message, out); + break; + case AKA_NOTIFICATION: + status = process_notification(this, message, out); + break; + default: + DBG1(DBG_IKE, "unable to process EAP-AKA subtype %N", + simaka_subtype_names, message->get_subtype(message)); + *out = create_client_error(this, in->get_identifier(in)); + status = NEED_MORE; + break; + } + message->destroy(message); + return status; +} + +/** + * Implementation of eap_method_t.initiate + */ +static status_t initiate(private_eap_aka_peer_t *this, eap_payload_t **out) +{ + /* peer never initiates */ + return FAILED; +} + +/** + * Implementation of eap_method_t.get_type. + */ +static eap_type_t get_type(private_eap_aka_peer_t *this, u_int32_t *vendor) +{ + *vendor = 0; + return EAP_AKA; +} + +/** + * Implementation of eap_method_t.get_msk. + */ +static status_t get_msk(private_eap_aka_peer_t *this, chunk_t *msk) +{ + if (this->msk.ptr) + { + *msk = this->msk; + return SUCCESS; + } + return FAILED; +} + +/** + * Implementation of eap_method_t.is_mutual. + */ +static bool is_mutual(private_eap_aka_peer_t *this) +{ + return TRUE; +} + +/** + * Implementation of eap_method_t.destroy. + */ +static void destroy(private_eap_aka_peer_t *this) +{ + this->crypto->destroy(this->crypto); + this->permanent->destroy(this->permanent); + DESTROY_IF(this->pseudonym); + DESTROY_IF(this->reauth); + free(this->msk.ptr); + free(this); +} + +/* + * Described in header. + */ +eap_aka_peer_t *eap_aka_peer_create(identification_t *server, + identification_t *peer) +{ + private_eap_aka_peer_t *this = malloc_thing(private_eap_aka_peer_t); + + this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; + this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; + this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; + this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; + this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; + this->public.interface.destroy = (void(*)(eap_method_t*))destroy; + + this->crypto = simaka_crypto_create(); + if (!this->crypto) + { + free(this); + return NULL; + } + this->permanent = peer->clone(peer); + this->pseudonym = NULL; + this->reauth = NULL; + this->msk = chunk_empty; + + return &this->public; +} + diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.h b/src/charon/plugins/eap_aka/eap_aka_peer.h new file mode 100644 index 000000000..65a210406 --- /dev/null +++ b/src/charon/plugins/eap_aka/eap_aka_peer.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_aka_peer eap_aka_peer + * @{ @ingroup eap_aka + */ + +#ifndef EAP_AKA_PEER_H_ +#define EAP_AKA_PEER_H_ + +typedef struct eap_aka_peer_t eap_aka_peer_t; + +#include + +/** + * Implementation of the eap_method_t interface using EAP-AKA as a client. + */ +struct eap_aka_peer_t { + + /** + * Implemented eap_method_t interface. + */ + eap_method_t interface; +}; + +/** + * Creates the peer implementation of the EAP method EAP-AKA. + * + * @param server ID of the EAP server + * @param peer ID of the EAP client + * @return eap_aka_peer_t object + */ +eap_aka_peer_t *eap_aka_peer_create(identification_t *server, + identification_t *peer); + +#endif /** EAP_AKA_PEER_H_ @}*/ diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.c b/src/charon/plugins/eap_aka/eap_aka_plugin.c index e4a5326fe..c44a08966 100644 --- a/src/charon/plugins/eap_aka/eap_aka_plugin.c +++ b/src/charon/plugins/eap_aka/eap_aka_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,7 +15,8 @@ #include "eap_aka_plugin.h" -#include "eap_aka.h" +#include "eap_aka_peer.h" +#include "eap_aka_server.h" #include @@ -25,9 +26,9 @@ static void destroy(eap_aka_plugin_t *this) { charon->eap->remove_method(charon->eap, - (eap_constructor_t)eap_aka_create_server); + (eap_constructor_t)eap_aka_server_create); charon->eap->remove_method(charon->eap, - (eap_constructor_t)eap_aka_create_peer); + (eap_constructor_t)eap_aka_peer_create); free(this); } @@ -37,14 +38,14 @@ static void destroy(eap_aka_plugin_t *this) plugin_t *plugin_create() { eap_aka_plugin_t *this = malloc_thing(eap_aka_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_SERVER, - (eap_constructor_t)eap_aka_create_server); + (eap_constructor_t)eap_aka_server_create); charon->eap->add_method(charon->eap, EAP_AKA, 0, EAP_PEER, - (eap_constructor_t)eap_aka_create_peer); - + (eap_constructor_t)eap_aka_peer_create); + return &this->plugin; } diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.h b/src/charon/plugins/eap_aka/eap_aka_plugin.h index 2c086ca80..938e5ecbd 100644 --- a/src/charon/plugins/eap_aka/eap_aka_plugin.h +++ b/src/charon/plugins/eap_aka/eap_aka_plugin.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -29,7 +29,10 @@ typedef struct eap_aka_plugin_t eap_aka_plugin_t; /** - * EAP-AKA plugin + * EAP-AKA plugin. + * + * EAP-AKA uses 3rd generation mobile phone standard authentication + * mechanism for authentication, as defined RFC4187. */ struct eap_aka_plugin_t { diff --git a/src/charon/plugins/eap_aka/eap_aka_server.c b/src/charon/plugins/eap_aka/eap_aka_server.c new file mode 100644 index 000000000..9baff3e23 --- /dev/null +++ b/src/charon/plugins/eap_aka/eap_aka_server.c @@ -0,0 +1,700 @@ +/* + * Copyright (C) 2006-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_aka_server.h" + +#include +#include + +#include +#include + +/** length of the AT_NONCE_S value */ +#define NONCE_LEN 16 + +typedef struct private_eap_aka_server_t private_eap_aka_server_t; + +/** + * Private data of an eap_aka_server_t object. + */ +struct private_eap_aka_server_t { + + /** + * Public authenticator_t interface. + */ + eap_aka_server_t public; + + /** + * EAP-AKA crypto helper + */ + simaka_crypto_t *crypto; + + /** + * permanent ID of the peer + */ + identification_t *permanent; + + /** + * pseudonym ID of peer + */ + identification_t *pseudonym; + + /** + * reauthentication ID of peer + */ + identification_t *reauth; + + /** + * EAP identifier value + */ + u_int8_t identifier; + + /** + * Expected Result XRES + */ + chunk_t xres; + + /** + * Random value RAND + */ + chunk_t rand; + + /** + * MSK + */ + chunk_t msk; + + /** + * Nonce value used in AT_NONCE_S + */ + chunk_t nonce; + + /** + * Counter value negotiated, network order + */ + chunk_t counter; + + /** + * Do we request fast reauthentication? + */ + bool use_reauth; + + /** + * Do we request pseudonym identities? + */ + bool use_pseudonym; + + /** + * Do we request permanent identities? + */ + bool use_permanent; + + /** + * EAP-AKA message we have initiated + */ + simaka_subtype_t pending; + + /** + * Did the client send a synchronize request? + */ + bool synchronized; +}; + +/** + * Create EAP-AKA/Request/Identity message + */ +static status_t identity(private_eap_aka_server_t *this, eap_payload_t **out) +{ + simaka_message_t *message; + + message = simaka_message_create(TRUE, this->identifier++, EAP_AKA, + AKA_IDENTITY, this->crypto); + if (this->use_reauth) + { + message->add_attribute(message, AT_ANY_ID_REQ, chunk_empty); + } + else if (this->use_pseudonym) + { + message->add_attribute(message, AT_FULLAUTH_ID_REQ, chunk_empty); + } + else if (this->use_permanent) + { + message->add_attribute(message, AT_PERMANENT_ID_REQ, chunk_empty); + } + *out = message->generate(message, chunk_empty); + message->destroy(message); + + this->pending = AKA_IDENTITY; + return NEED_MORE; +} + +/** + * Create EAP-AKA/Request/Challenge message + */ +static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out) +{ + simaka_message_t *message; + char rand[AKA_RAND_LEN], xres[AKA_RES_MAX]; + char ck[AKA_CK_LEN], ik[AKA_IK_LEN], autn[AKA_AUTN_LEN]; + int xres_len; + chunk_t data, mk; + identification_t *id; + + if (!charon->sim->provider_get_quintuplet(charon->sim, this->permanent, + rand, xres, &xres_len, ck, ik, autn)) + { + if (this->use_pseudonym) + { + /* probably received a pseudonym/reauth id we couldn't map */ + DBG1(DBG_IKE, "failed to map pseudonym/reauth identity '%Y', " + "fallback to permanent identity request", this->permanent); + this->use_pseudonym = FALSE; + DESTROY_IF(this->pseudonym); + this->pseudonym = NULL; + return identity(this, out); + } + return FAILED; + } + id = this->permanent; + if (this->pseudonym) + { + id = this->pseudonym; + } + data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN), + chunk_create(ck, AKA_CK_LEN)); + free(this->msk.ptr); + this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk); + this->rand = chunk_clone(chunk_create(rand, AKA_RAND_LEN)); + this->xres = chunk_clone(chunk_create(xres, xres_len)); + + message = simaka_message_create(TRUE, this->identifier++, EAP_AKA, + AKA_CHALLENGE, this->crypto); + message->add_attribute(message, AT_RAND, this->rand); + message->add_attribute(message, AT_AUTN, chunk_create(autn, AKA_AUTN_LEN)); + id = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk.ptr); + if (id) + { + message->add_attribute(message, AT_NEXT_REAUTH_ID, + id->get_encoding(id)); + id->destroy(id); + } + else + { + id = charon->sim->provider_gen_pseudonym(charon->sim, this->permanent); + if (id) + { + message->add_attribute(message, AT_NEXT_PSEUDONYM, + id->get_encoding(id)); + id->destroy(id); + } + } + *out = message->generate(message, chunk_empty); + message->destroy(message); + + free(mk.ptr); + this->pending = AKA_CHALLENGE; + return NEED_MORE; +} + +/** + * Initiate EAP-AKA/Request/Re-authentication message + */ +static status_t reauthenticate(private_eap_aka_server_t *this, + char mk[HASH_SIZE_SHA1], u_int16_t counter, + eap_payload_t **out) +{ + simaka_message_t *message; + identification_t *next; + chunk_t mkc; + rng_t *rng; + + DBG1(DBG_IKE, "initiating EAP-AKA reauthentication"); + + rng = this->crypto->get_rng(this->crypto); + rng->allocate_bytes(rng, NONCE_LEN, &this->nonce); + + mkc = chunk_create(mk, HASH_SIZE_SHA1); + counter = htons(counter); + this->counter = chunk_clone(chunk_create((char*)&counter, sizeof(counter))); + + this->crypto->derive_keys_reauth(this->crypto, mkc); + this->msk = this->crypto->derive_keys_reauth_msk(this->crypto, + this->reauth, this->counter, this->nonce, mkc); + + message = simaka_message_create(TRUE, this->identifier++, EAP_AKA, + AKA_REAUTHENTICATION, this->crypto); + message->add_attribute(message, AT_COUNTER, this->counter); + message->add_attribute(message, AT_NONCE_S, this->nonce); + next = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk); + if (next) + { + message->add_attribute(message, AT_NEXT_REAUTH_ID, + next->get_encoding(next)); + next->destroy(next); + } + *out = message->generate(message, chunk_empty); + message->destroy(message); + + this->pending = SIM_REAUTHENTICATION; + return NEED_MORE; +} + +/** + * Implementation of eap_method_t.initiate + */ +static status_t initiate(private_eap_aka_server_t *this, eap_payload_t **out) +{ + if (this->use_permanent || this->use_pseudonym || this->use_reauth) + { + return identity(this, out); + } + return challenge(this, out); +} + +/** + * Process EAP-AKA/Response/Identity message + */ +static status_t process_identity(private_eap_aka_server_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + identification_t *permanent, *id; + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, identity = chunk_empty; + + if (this->pending != AKA_IDENTITY) + { + DBG1(DBG_IKE, "received %N, but not expected", + simaka_subtype_names, AKA_IDENTITY); + return FAILED; + } + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_IDENTITY: + identity = data; + break; + default: + if (!simaka_attribute_skippable(type)) + { + enumerator->destroy(enumerator); + return FAILED; + } + break; + } + } + enumerator->destroy(enumerator); + + if (!identity.len) + { + DBG1(DBG_IKE, "received incomplete Identity response"); + return FAILED; + } + + id = identification_create_from_data(identity); + if (this->use_reauth) + { + char mk[HASH_SIZE_SHA1]; + u_int16_t counter; + + permanent = charon->sim->provider_is_reauth(charon->sim, id, + mk, &counter); + if (permanent) + { + this->permanent->destroy(this->permanent); + this->permanent = permanent; + this->reauth = id; + return reauthenticate(this, mk, counter, out); + } + /* unable to map, maybe a pseudonym? */ + DBG1(DBG_IKE, "'%Y' is not a reauth identity", id); + this->use_reauth = FALSE; + } + if (this->use_pseudonym) + { + permanent = charon->sim->provider_is_pseudonym(charon->sim, id); + if (permanent) + { + this->permanent->destroy(this->permanent); + this->permanent = permanent; + this->pseudonym = id->clone(id); + /* we already have a new permanent identity now */ + this->use_permanent = FALSE; + } + else + { + DBG1(DBG_IKE, "'%Y' is not a pseudonym", id); + } + } + if (!this->pseudonym && this->use_permanent) + { + /* got a permanent identity or a pseudonym reauth id wou couldn't map, + * try to get quintuplets */ + DBG1(DBG_IKE, "received identity '%Y'", id); + this->permanent->destroy(this->permanent); + this->permanent = id->clone(id); + } + id->destroy(id); + + return challenge(this, out); +} + +/** + * Process EAP-AKA/Response/Challenge message + */ +static status_t process_challenge(private_eap_aka_server_t *this, + simaka_message_t *in) +{ + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, res = chunk_empty; + + if (this->pending != AKA_CHALLENGE) + { + DBG1(DBG_IKE, "received %N, but not expected", + simaka_subtype_names, AKA_CHALLENGE); + return FAILED; + } + /* verify MAC of EAP message, AT_MAC */ + if (!in->verify(in, chunk_empty)) + { + return FAILED; + } + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_RES: + res = data; + break; + default: + if (!simaka_attribute_skippable(type)) + { + enumerator->destroy(enumerator); + return FAILED; + } + break; + } + } + enumerator->destroy(enumerator); + + /* compare received RES against stored XRES */ + if (!chunk_equals(res, this->xres)) + { + DBG1(DBG_IKE, "received RES does not match XRES"); + return FAILED; + } + return SUCCESS; +} + +/** + * process an EAP-AKA/Response/Reauthentication message + */ +static status_t process_reauthentication(private_eap_aka_server_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, counter = chunk_empty; + bool too_small = FALSE; + + if (this->pending != AKA_REAUTHENTICATION) + { + DBG1(DBG_IKE, "received %N, but not expected", + simaka_subtype_names, AKA_REAUTHENTICATION); + return FAILED; + } + /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_S" */ + if (!in->verify(in, this->nonce)) + { + return FAILED; + } + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_COUNTER: + counter = data; + break; + case AT_COUNTER_TOO_SMALL: + too_small = TRUE; + break; + default: + if (!simaka_attribute_skippable(type)) + { + enumerator->destroy(enumerator); + return FAILED; + } + break; + } + } + enumerator->destroy(enumerator); + + if (too_small) + { + DBG1(DBG_IKE, "received %N, initiating full authentication", + simaka_attribute_names, AT_COUNTER_TOO_SMALL); + this->use_reauth = FALSE; + this->crypto->clear_keys(this->crypto); + return challenge(this, out); + } + if (!chunk_equals(counter, this->counter)) + { + DBG1(DBG_IKE, "received counter does not match"); + return FAILED; + } + return SUCCESS; +} + +/** + * Process EAP-AKA/Response/SynchronizationFailure message + */ +static status_t process_synchronize(private_eap_aka_server_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, auts = chunk_empty; + + if (this->synchronized) + { + DBG1(DBG_IKE, "received %N, but peer did already resynchronize", + simaka_subtype_names, AKA_SYNCHRONIZATION_FAILURE); + return FAILED; + } + + DBG1(DBG_IKE, "received synchronization request, retrying..."); + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_AUTS: + auts = data; + break; + default: + if (!simaka_attribute_skippable(type)) + { + enumerator->destroy(enumerator); + return FAILED; + } + break; + } + } + enumerator->destroy(enumerator); + + if (!auts.len) + { + DBG1(DBG_IKE, "synchronization request didn't contain usable AUTS"); + return FAILED; + } + + if (!charon->sim->provider_resync(charon->sim, this->permanent, + this->rand.ptr, auts.ptr)) + { + DBG1(DBG_IKE, "no AKA provider found supporting " + "resynchronization for '%Y'", this->permanent); + return FAILED; + } + this->synchronized = TRUE; + return challenge(this, out); +} + +/** + * Process EAP-AKA/Response/ClientErrorCode message + */ +static status_t process_client_error(private_eap_aka_server_t *this, + simaka_message_t *in) +{ + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data; + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + if (type == AT_CLIENT_ERROR_CODE) + { + u_int16_t code; + + memcpy(&code, data.ptr, sizeof(code)); + DBG1(DBG_IKE, "received EAP-AKA client error '%N'", + simaka_client_error_names, ntohs(code)); + } + else if (!simaka_attribute_skippable(type)) + { + break; + } + } + enumerator->destroy(enumerator); + return FAILED; +} + +/** + * Process EAP-AKA/Response/AuthenticationReject message + */ +static status_t process_authentication_reject(private_eap_aka_server_t *this, + simaka_message_t *in) +{ + DBG1(DBG_IKE, "received %N, authentication failed", + simaka_subtype_names, in->get_subtype(in)); + return FAILED; +} + +/** + * Implementation of eap_method_t.process + */ +static status_t process(private_eap_aka_server_t *this, + eap_payload_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + status_t status; + + message = simaka_message_create_from_payload(in, this->crypto); + if (!message) + { + return FAILED; + } + if (!message->parse(message)) + { + message->destroy(message); + return FAILED; + } + switch (message->get_subtype(message)) + { + case AKA_IDENTITY: + status = process_identity(this, message, out); + break; + case AKA_CHALLENGE: + status = process_challenge(this, message); + break; + case AKA_REAUTHENTICATION: + status = process_reauthentication(this, message, out); + break; + case AKA_SYNCHRONIZATION_FAILURE: + status = process_synchronize(this, message, out); + break; + case AKA_CLIENT_ERROR: + status = process_client_error(this, message); + break; + case AKA_AUTHENTICATION_REJECT: + status = process_authentication_reject(this, message); + break; + default: + DBG1(DBG_IKE, "unable to process EAP-AKA subtype %N", + simaka_subtype_names, message->get_subtype(message)); + status = FAILED; + break; + } + message->destroy(message); + return status; +} + +/** + * Implementation of eap_method_t.get_type. + */ +static eap_type_t get_type(private_eap_aka_server_t *this, u_int32_t *vendor) +{ + *vendor = 0; + return EAP_AKA; +} + +/** + * Implementation of eap_method_t.get_msk. + */ +static status_t get_msk(private_eap_aka_server_t *this, chunk_t *msk) +{ + if (this->msk.ptr) + { + *msk = this->msk; + return SUCCESS; + } + return FAILED; +} + +/** + * Implementation of eap_method_t.is_mutual. + */ +static bool is_mutual(private_eap_aka_server_t *this) +{ + return TRUE; +} + +/** + * Implementation of eap_method_t.destroy. + */ +static void destroy(private_eap_aka_server_t *this) +{ + this->crypto->destroy(this->crypto); + this->permanent->destroy(this->permanent); + DESTROY_IF(this->pseudonym); + DESTROY_IF(this->reauth); + free(this->xres.ptr); + free(this->rand.ptr); + free(this->nonce.ptr); + free(this->msk.ptr); + free(this->counter.ptr); + free(this); +} + +/* + * Described in header. + */ +eap_aka_server_t *eap_aka_server_create(identification_t *server, + identification_t *peer) +{ + private_eap_aka_server_t *this = malloc_thing(private_eap_aka_server_t); + + this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; + this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; + this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; + this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; + this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; + this->public.interface.destroy = (void(*)(eap_method_t*))destroy; + + this->crypto = simaka_crypto_create(); + if (!this->crypto) + { + free(this); + return NULL; + } + this->permanent = peer->clone(peer); + this->pseudonym = NULL; + this->reauth = NULL; + this->xres = chunk_empty; + this->rand = chunk_empty; + this->nonce = chunk_empty; + this->msk = chunk_empty; + this->counter = chunk_empty; + this->pending = 0; + this->synchronized = FALSE; + this->use_reauth = this->use_pseudonym = this->use_permanent = + lib->settings->get_bool(lib->settings, + "charon.plugins.eap-aka.request_identity", TRUE); + /* generate a non-zero identifier */ + do { + this->identifier = random(); + } while (!this->identifier); + + return &this->public; +} + diff --git a/src/charon/plugins/eap_aka/eap_aka_server.h b/src/charon/plugins/eap_aka/eap_aka_server.h new file mode 100644 index 000000000..d48fc4c34 --- /dev/null +++ b/src/charon/plugins/eap_aka/eap_aka_server.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_aka_server eap_aka_server + * @{ @ingroup eap_aka + */ + +#ifndef EAP_AKA_SERVER_H_ +#define EAP_AKA_SERVER_H_ + +typedef struct eap_aka_server_t eap_aka_server_t; + +#include + +/** + * Implementation of the eap_method_t interface using EAP-AKA as server. + */ +struct eap_aka_server_t { + + /** + * Implemented eap_method_t interface. + */ + eap_method_t interface; +}; + +/** + * Creates the server implementation of the EAP method EAP-AKA. + * + * @param server ID of the EAP server + * @param peer ID of the EAP client + * @return eap_aka_server_t object + */ +eap_aka_server_t *eap_aka_server_create(identification_t *server, + identification_t *peer); + +#endif /** EAP_AKA_SERVER_H_ @}*/ diff --git a/src/charon/plugins/eap_aka_3gpp2/Makefile.am b/src/charon/plugins/eap_aka_3gpp2/Makefile.am new file mode 100644 index 000000000..1a4a3765b --- /dev/null +++ b/src/charon/plugins/eap_aka_3gpp2/Makefile.am @@ -0,0 +1,15 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la + +libstrongswan_eap_aka_3gpp2_la_SOURCES = \ + eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \ + eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \ + eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \ + eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c +libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp + diff --git a/src/charon/plugins/eap_aka_3gpp2/Makefile.in b/src/charon/plugins/eap_aka_3gpp2/Makefile.in new file mode 100644 index 000000000..b80f97f95 --- /dev/null +++ b/src/charon/plugins/eap_aka_3gpp2/Makefile.in @@ -0,0 +1,579 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/charon/plugins/eap_aka_3gpp2 +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_eap_aka_3gpp2_la_DEPENDENCIES = +am_libstrongswan_eap_aka_3gpp2_la_OBJECTS = eap_aka_3gpp2_plugin.lo \ + eap_aka_3gpp2_card.lo eap_aka_3gpp2_provider.lo \ + eap_aka_3gpp2_functions.lo +libstrongswan_eap_aka_3gpp2_la_OBJECTS = \ + $(am_libstrongswan_eap_aka_3gpp2_la_OBJECTS) +libstrongswan_eap_aka_3gpp2_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_eap_aka_3gpp2_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_eap_aka_3gpp2_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_aka_3gpp2_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la +libstrongswan_eap_aka_3gpp2_la_SOURCES = \ + eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \ + eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \ + eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \ + eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c + +libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_aka_3gpp2/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_aka_3gpp2/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-eap-aka-3gpp2.la: $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_DEPENDENCIES) + $(libstrongswan_eap_aka_3gpp2_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp2_card.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp2_functions.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp2_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp2_provider.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c new file mode 100644 index 000000000..5c0fe38ad --- /dev/null +++ b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c @@ -0,0 +1,178 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_aka_3gpp2_card.h" + +#include + +typedef struct private_eap_aka_3gpp2_card_t private_eap_aka_3gpp2_card_t; + +/** + * Private data of an eap_aka_3gpp2_card_t object. + */ +struct private_eap_aka_3gpp2_card_t { + + /** + * Public eap_aka_3gpp2_card_t interface. + */ + eap_aka_3gpp2_card_t public; + + /** + * AKA functions + */ + eap_aka_3gpp2_functions_t *f; + + /** + * do sequence number checking? + */ + bool seq_check; + + /** + * SQN stored in this pseudo-USIM + */ + char sqn[AKA_SQN_LEN]; +}; + +/** + * Functions from eap_aka_3gpp2_provider.c + */ +bool eap_aka_3gpp2_get_k(identification_t *id, char k[AKA_K_LEN]); +void eap_aka_3gpp2_get_sqn(char sqn[AKA_SQN_LEN], int offset); + +/** + * Implementation of sim_card_t.get_quintuplet + */ +static status_t get_quintuplet(private_eap_aka_3gpp2_card_t *this, + identification_t *id, char rand[AKA_RAND_LEN], + char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], + char ik[AKA_IK_LEN], char res[AKA_RES_MAX], + int *res_len) +{ + char *amf, *mac; + char k[AKA_K_LEN], ak[AKA_AK_LEN], sqn[AKA_SQN_LEN], xmac[AKA_MAC_LEN]; + + if (!eap_aka_3gpp2_get_k(id, k)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); + return FAILED; + } + + /* AUTN = SQN xor AK | AMF | MAC */ + DBG3(DBG_IKE, "received autn %b", autn, AKA_AUTN_LEN); + DBG3(DBG_IKE, "using K %b", k, AKA_K_LEN); + DBG3(DBG_IKE, "using rand %b", rand, AKA_RAND_LEN); + memcpy(sqn, autn, AKA_SQN_LEN); + amf = autn + AKA_SQN_LEN; + mac = autn + AKA_SQN_LEN + AKA_AMF_LEN; + + /* XOR anonymity key AK into SQN to decrypt it */ + this->f->f5(this->f, k, rand, ak); + DBG3(DBG_IKE, "using ak %b", ak, AKA_AK_LEN); + memxor(sqn, ak, AKA_SQN_LEN); + DBG3(DBG_IKE, "using sqn %b", sqn, AKA_SQN_LEN); + + /* calculate expected MAC and compare against received one */ + this->f->f1(this->f, k, rand, sqn, amf, xmac); + if (!memeq(mac, xmac, AKA_MAC_LEN)) + { + DBG1(DBG_IKE, "received MAC does not match XMAC"); + DBG3(DBG_IKE, "MAC %b\nXMAC %b", mac, AKA_MAC_LEN, xmac, AKA_MAC_LEN); + return FAILED; + } + + if (this->seq_check && memcmp(this->sqn, sqn, AKA_SQN_LEN) >= 0) + { + DBG3(DBG_IKE, "received SQN %b\ncurrent SQN %b", + sqn, AKA_SQN_LEN, this->sqn, AKA_SQN_LEN); + return INVALID_STATE; + } + + /* update stored SQN to the received one */ + memcpy(this->sqn, sqn, AKA_SQN_LEN); + + /* CK/IK */ + this->f->f3(this->f, k, rand, ck); + this->f->f4(this->f, k, rand, ik); + /* calculate RES */ + this->f->f2(this->f, k, rand, res); + *res_len = AKA_RES_MAX; + + return SUCCESS; +} + +/** + * Implementation of sim_card_t.resync + */ +static bool resync(private_eap_aka_3gpp2_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +{ + char amf[AKA_AMF_LEN], k[AKA_K_LEN], aks[AKA_AK_LEN], macs[AKA_MAC_LEN]; + + if (!eap_aka_3gpp2_get_k(id, k)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to resync AKA", id); + return FALSE; + } + + /* AMF is set to zero in resync */ + memset(amf, 0, AKA_AMF_LEN); + this->f->f5star(this->f, k, rand, aks); + this->f->f1star(this->f, k, rand, this->sqn, amf, macs); + /* AUTS = SQN xor AKS | MACS */ + memcpy(auts, this->sqn, AKA_SQN_LEN); + memxor(auts, aks, AKA_AK_LEN); + memcpy(auts + AKA_AK_LEN, macs, AKA_MAC_LEN); + + return TRUE; +} + +/** + * Implementation of eap_aka_3gpp2_card_t.destroy. + */ +static void destroy(private_eap_aka_3gpp2_card_t *this) +{ + free(this); +} + +/** + * See header + */ +eap_aka_3gpp2_card_t *eap_aka_3gpp2_card_create(eap_aka_3gpp2_functions_t *f) +{ + private_eap_aka_3gpp2_card_t *this = malloc_thing(private_eap_aka_3gpp2_card_t); + + this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false; + this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet; + this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync; + this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *id))return_null; + this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))nop; + this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null; + this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop; + this->public.destroy = (void(*)(eap_aka_3gpp2_card_t*))destroy; + + this->f = f; + this->seq_check = lib->settings->get_bool(lib->settings, + "charon.plugins.eap-aka-3gpp2.seq_check", +#ifdef SEQ_CHECK /* handle legacy compile time configuration as default */ + TRUE); +#else /* !SEQ_CHECK */ + FALSE); +#endif /* SEQ_CHECK */ + + eap_aka_3gpp2_get_sqn(this->sqn, 0); + + return &this->public; +} + diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h new file mode 100644 index 000000000..b95bc52af --- /dev/null +++ b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_aka_3gpp2_card eap_aka_3gpp2_card + * @{ @ingroup eap_aka_3gpp2 + */ + +#ifndef EAP_AKA_3GPP2_CARD_H_ +#define EAP_AKA_3GPP2_CARD_H_ + +#include "eap_aka_3gpp2_functions.h" + +#include + +typedef struct eap_aka_3gpp2_card_t eap_aka_3gpp2_card_t; + +/** + * SIM card implementation using a set of AKA functions. + */ +struct eap_aka_3gpp2_card_t { + + /** + * Implements sim_card_t interface + */ + sim_card_t card; + + /** + * Destroy a eap_aka_3gpp2_card_t. + */ + void (*destroy)(eap_aka_3gpp2_card_t *this); +}; + +/** + * Create a eap_aka_3gpp2_card instance. + * + * @param f AKA functions + */ +eap_aka_3gpp2_card_t *eap_aka_3gpp2_card_create(eap_aka_3gpp2_functions_t *f); + +#endif /** EAP_AKA_3GPP2_CARD_H_ @}*/ diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c new file mode 100644 index 000000000..1d3d246d1 --- /dev/null +++ b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c @@ -0,0 +1,394 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_aka_3gpp2_functions.h" + +#include +#include + +#include + +typedef struct private_eap_aka_3gpp2_functions_t private_eap_aka_3gpp2_functions_t; + +/** + * Private data of an eap_aka_3gpp2_functions_t object. + */ +struct private_eap_aka_3gpp2_functions_t { + + /** + * Public eap_aka_3gpp2_functions_t interface. + */ + eap_aka_3gpp2_functions_t public; + + /** + * Used keyed SHA1 function, as PRF + */ + prf_t *prf; +}; + +#define AKA_PAYLOAD_LEN 64 + +#define F1 0x42 +#define F1STAR 0x43 +#define F2 0x44 +#define F3 0x45 +#define F4 0x46 +#define F5 0x47 +#define F5STAR 0x48 + +/** Family key, as proposed in S.S0055 */ +static chunk_t fmk = chunk_from_chars(0x41, 0x48, 0x41, 0x47); + +/** + * Binary represnation of the polynom T^160 + T^5 + T^3 + T^2 + 1 + */ +static u_int8_t g[] = { + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x2d +}; + +/** + * Predefined random bits from the RAND Corporation book + */ +static u_int8_t a[] = { + 0x9d, 0xe9, 0xc9, 0xc8, 0xef, 0xd5, 0x78, 0x11, + 0x48, 0x23, 0x14, 0x01, 0x90, 0x1f, 0x2d, 0x49, + 0x3f, 0x4c, 0x63, 0x65 +}; + +/** + * Predefined random bits from the RAND Corporation book + */ +static u_int8_t b[] = { + 0x75, 0xef, 0xd1, 0x5c, 0x4b, 0x8f, 0x8f, 0x51, + 0x4e, 0xf3, 0xbc, 0xc3, 0x79, 0x4a, 0x76, 0x5e, + 0x7e, 0xec, 0x45, 0xe0 +}; + +/** + * Multiplicate two mpz_t with bits interpreted as polynoms. + */ +static void mpz_mul_poly(mpz_t r, mpz_t a, mpz_t b) +{ + mpz_t bm, rm; + int current = 0, shifted = 0, shift; + + mpz_init_set(bm, b); + mpz_init_set_ui(rm, 0); + /* scan through a, for each found bit: */ + while ((current = mpz_scan1(a, current)) != ULONG_MAX) + { + /* XOR shifted b into r */ + shift = current - shifted; + mpz_mul_2exp(bm, bm, shift); + shifted += shift; + mpz_xor(rm, rm, bm); + current++; + } + + mpz_swap(r, rm); + mpz_clear(rm); + mpz_clear(bm); +} + +/** + * Calculate the sum of a + b interpreted as polynoms. + */ +static void mpz_add_poly(mpz_t res, mpz_t a, mpz_t b) +{ + /* addition of polynominals is just the XOR */ + mpz_xor(res, a, b); +} + +/** + * Calculate the remainder of a/b interpreted as polynoms. + */ +static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b) +{ + /* Example: + * a = 10001010 + * b = 00000101 + */ + int a_bit, b_bit, diff; + mpz_t bm, am; + + mpz_init_set(am, a); + mpz_init(bm); + + a_bit = mpz_sizeinbase(a, 2); + b_bit = mpz_sizeinbase(b, 2); + + /* don't do anything if b > a */ + if (a_bit >= b_bit) + { + /* shift b left to align up most signaficant "1" to a: + * a = 10001010 + * b = 10100000 + */ + mpz_mul_2exp(bm, b, a_bit - b_bit); + do + { + /* XOR b into a, this kills the most significant "1": + * a = 00101010 + */ + mpz_xor(am, am, bm); + /* find the next most significant "1" in a, and align up b: + * a = 00101010 + * b = 00101000 + */ + diff = a_bit - mpz_sizeinbase(am, 2); + mpz_div_2exp(bm, bm, diff); + a_bit -= diff; + } + while (b_bit <= mpz_sizeinbase(bm, 2)); + /* While b is not shifted to its original value */ + } + /* after another iteration: + * a = 00000010 + * which is the polynomial modulo + */ + + mpz_swap(r, am); + mpz_clear(am); + mpz_clear(bm); +} + +/** + * Step 3 of the various fx() functions: + * XOR the key into the SHA1 IV + */ +static void step3(prf_t *prf, u_char k[AKA_K_LEN], + u_char payload[AKA_PAYLOAD_LEN], u_int8_t h[HASH_SIZE_SHA1]) +{ + /* use the keyed hasher to build the hash */ + prf->set_key(prf, chunk_create(k, AKA_K_LEN)); + prf->get_bytes(prf, chunk_create(payload, AKA_PAYLOAD_LEN), h); +} + +/** + * Step 4 of the various fx() functions: + * Polynomial whiten calculations + */ +static void step4(u_char x[HASH_SIZE_SHA1]) +{ + mpz_t xm, am, bm, gm; + + mpz_init(xm); + mpz_init(am); + mpz_init(bm); + mpz_init(gm); + + mpz_import(xm, HASH_SIZE_SHA1, 1, 1, 1, 0, x); + mpz_import(am, sizeof(a), 1, 1, 1, 0, a); + mpz_import(bm, sizeof(b), 1, 1, 1, 0, b); + mpz_import(gm, sizeof(g), 1, 1, 1, 0, g); + + mpz_mul_poly(xm, am, xm); + mpz_add_poly(xm, bm, xm); + mpz_mod_poly(xm, xm, gm); + + mpz_export(x, NULL, 1, HASH_SIZE_SHA1, 1, 0, xm); + + mpz_clear(xm); + mpz_clear(am); + mpz_clear(bm); + mpz_clear(gm); +} + +/** + * Calculation function for f2(), f3(), f4() + */ +static void fx(prf_t *prf, u_char f, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char out[AKA_MAC_LEN]) +{ + u_char payload[AKA_PAYLOAD_LEN]; + u_char h[HASH_SIZE_SHA1]; + u_char i; + + for (i = 0; i < 2; i++) + { + memset(payload, 0x5c, AKA_PAYLOAD_LEN); + payload[11] ^= f; + memxor(payload + 12, fmk.ptr, fmk.len); + memxor(payload + 24, rand, AKA_RAND_LEN); + + payload[3] ^= i; + payload[19] ^= i; + payload[35] ^= i; + payload[51] ^= i; + + step3(prf, k, payload, h); + step4(h); + memcpy(out + i * 8, h, 8); + } +} + +/** + * Calculation function of f1() and f1star() + */ +static void f1x(prf_t *prf, u_int8_t f, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN], + u_char amf[AKA_AMF_LEN], u_char mac[AKA_MAC_LEN]) +{ + /* generate MAC = f1(FMK, SQN, RAND, AMF) + * K is loaded into hashers IV; FMK, RAND, SQN, AMF are XORed in a 512-bit + * payload which gets hashed + */ + u_char payload[AKA_PAYLOAD_LEN]; + u_char h[HASH_SIZE_SHA1]; + + memset(payload, 0x5c, AKA_PAYLOAD_LEN); + payload[11] ^= f; + memxor(payload + 12, fmk.ptr, fmk.len); + memxor(payload + 16, rand, AKA_RAND_LEN); + memxor(payload + 34, sqn, AKA_SQN_LEN); + memxor(payload + 42, amf, AKA_AMF_LEN); + + step3(prf, k, payload, h); + step4(h); + memcpy(mac, h, AKA_MAC_LEN); +} + +/** + * Calculation function of f5() and f5star() + */ +static void f5x(prf_t *prf, u_char f, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char ak[AKA_AK_LEN]) +{ + u_char payload[AKA_PAYLOAD_LEN]; + u_char h[HASH_SIZE_SHA1]; + + memset(payload, 0x5c, AKA_PAYLOAD_LEN); + payload[11] ^= f; + memxor(payload + 12, fmk.ptr, fmk.len); + memxor(payload + 16, rand, AKA_RAND_LEN); + + step3(prf, k, payload, h); + step4(h); + memcpy(ak, h, AKA_AK_LEN); +} + +/** + * Calculate MAC from RAND, SQN, AMF using K + */ +static void f1(private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN], + u_char amf[AKA_AMF_LEN], u_char mac[AKA_MAC_LEN]) +{ + f1x(this->prf, F1, k, rand, sqn, amf, mac); + DBG3(DBG_IKE, "MAC %b", mac, AKA_MAC_LEN); +} + +/** + * Calculate MACS from RAND, SQN, AMF using K + */ +static void f1star(private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN], + u_char amf[AKA_AMF_LEN], u_char macs[AKA_MAC_LEN]) +{ + f1x(this->prf, F1STAR, k, rand, sqn, amf, macs); + DBG3(DBG_IKE, "MACS %b", macs, AKA_MAC_LEN); +} + +/** + * Calculate RES from RAND using K + */ +static void f2(private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char res[AKA_RES_MAX]) +{ + fx(this->prf, F2, k, rand, res); + DBG3(DBG_IKE, "RES %b", res, AKA_RES_MAX); +} + +/** + * Calculate CK from RAND using K + */ +static void f3(private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char ck[AKA_CK_LEN]) +{ + fx(this->prf, F3, k, rand, ck); + DBG3(DBG_IKE, "CK %b", ck, AKA_CK_LEN); +} + +/** + * Calculate IK from RAND using K + */ +static void f4(private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char ik[AKA_IK_LEN]) +{ + fx(this->prf, F4, k, rand, ik); + DBG3(DBG_IKE, "IK %b", ik, AKA_IK_LEN); +} + +/** + * Calculate AK from a RAND using K + */ +static void f5(private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char ak[AKA_AK_LEN]) +{ + f5x(this->prf, F5, k, rand, ak); + DBG3(DBG_IKE, "AK %b", ak, AKA_AK_LEN); +} + +/** + * Calculate AKS from a RAND using K + */ +static void f5star(private_eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char aks[AKA_AK_LEN]) +{ + f5x(this->prf, F5STAR, k, rand, aks); + DBG3(DBG_IKE, "AKS %b", aks, AKA_AK_LEN); +} + + +/** + * Implementation of eap_aka_3gpp2_functions_t.destroy. + */ +static void destroy(private_eap_aka_3gpp2_functions_t *this) +{ + this->prf->destroy(this->prf); + free(this); +} + +/** + * See header + */ +eap_aka_3gpp2_functions_t *eap_aka_3gpp2_functions_create() +{ + private_eap_aka_3gpp2_functions_t *this; + + this = malloc_thing(private_eap_aka_3gpp2_functions_t); + + this->public.f1 = (void(*)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN], u_char amf[AKA_AMF_LEN], u_char mac[AKA_MAC_LEN]))f1; + this->public.f1star = (void(*)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN], u_char amf[AKA_AMF_LEN], u_char macs[AKA_MAC_LEN]))f1star; + this->public.f2 = (void(*)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], u_char rand[AKA_RAND_LEN], u_char res[AKA_RES_MAX]))f2; + this->public.f3 = (void(*)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], u_char rand[AKA_RAND_LEN], u_char ck[AKA_CK_LEN]))f3; + this->public.f4 = (void(*)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], u_char rand[AKA_RAND_LEN], u_char ik[AKA_IK_LEN]))f4; + this->public.f5 = (void(*)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], u_char rand[AKA_RAND_LEN], u_char ak[AKA_AK_LEN]))f5; + this->public.f5star = (void(*)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], u_char rand[AKA_RAND_LEN], u_char aks[AKA_AK_LEN]))f5star; + this->public.destroy = (void(*)(eap_aka_3gpp2_functions_t*))destroy; + + this->prf = lib->crypto->create_prf(lib->crypto, PRF_KEYED_SHA1); + if (!this->prf) + { + DBG1(DBG_CFG, "%N not supported, unable to use 3GPP2 algorithm", + pseudo_random_function_names, PRF_KEYED_SHA1); + free(this); + return NULL; + } + return &this->public; +} + diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h new file mode 100644 index 000000000..95c6da6a9 --- /dev/null +++ b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h @@ -0,0 +1,125 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_aka_3gpp2_functions eap_aka_3gpp2_functions + * @{ @ingroup eap_aka_3gpp2 + */ + +#ifndef EAP_AKA_3GPP2_FUNCTIONS_H_ +#define EAP_AKA_3GPP2_FUNCTIONS_H_ + +#include + +#define AKA_SQN_LEN 6 +#define AKA_K_LEN 16 +#define AKA_MAC_LEN 8 +#define AKA_AK_LEN 6 +#define AKA_AMF_LEN 2 +#define AKA_FMK_LEN 4 + +typedef struct eap_aka_3gpp2_functions_t eap_aka_3gpp2_functions_t; + +/** + * f1-f5(), f1*() and f5*() functions from the 3GPP2 (S.S0055) standard. + */ +struct eap_aka_3gpp2_functions_t { + + /** + * Calculate MAC from RAND, SQN, AMF using K. + * + * @param k secret key K + * @param rand random value rand + * @param sqn sequence number + * @param amf authentication management field + * @param mac buffer receiving mac MAC + */ + void (*f1)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN], + u_char amf[AKA_AMF_LEN], u_char mac[AKA_MAC_LEN]); + + /** + * Calculate MACS from RAND, SQN, AMF using K + * + * @param k secret key K + * @param rand random value RAND + * @param sqn sequence number + * @param amf authentication management field + * @param macs buffer receiving resynchronization mac MACS + */ + void (*f1star)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN], + u_char amf[AKA_AMF_LEN], u_char macs[AKA_MAC_LEN]); + + /** + * Calculate RES from RAND using K + * + * @param k secret key K + * @param rand random value RAND + * @param res buffer receiving result RES, uses full 128 bit + */ + void (*f2)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char res[AKA_RES_MAX]); + /** + * Calculate CK from RAND using K + * + * @param k secret key K + * @param rand random value RAND + * @param macs buffer receiving encryption key CK + */ + void (*f3)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char ck[AKA_CK_LEN]); + /** + * Calculate IK from RAND using K + * + * @param k secret key K + * @param rand random value RAND + * @param macs buffer receiving integrity key IK + */ + void (*f4)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char ik[AKA_IK_LEN]); + /** + * Calculate AK from a RAND using K + * + * @param k secret key K + * @param rand random value RAND + * @param macs buffer receiving anonymity key AK + */ + void (*f5)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char ak[AKA_AK_LEN]); + /** + * Calculate AKS from a RAND using K + * + * @param k secret key K + * @param rand random value RAND + * @param macs buffer receiving resynchronization anonymity key AKS + */ + void (*f5star)(eap_aka_3gpp2_functions_t *this, u_char k[AKA_K_LEN], + u_char rand[AKA_RAND_LEN], u_char aks[AKA_AK_LEN]); + + /** + * Destroy a eap_aka_3gpp2_functions_t. + */ + void (*destroy)(eap_aka_3gpp2_functions_t *this); +}; + +/** + * Create a eap_aka_3gpp2_functions instance. + * + * @return function set, NULL on error + */ +eap_aka_3gpp2_functions_t *eap_aka_3gpp2_functions_create(); + +#endif /** EAP_AKA_3GPP2_FUNCTIONS_H_ @}*/ diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c new file mode 100644 index 000000000..5286e0986 --- /dev/null +++ b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_aka_3gpp2_plugin.h" +#include "eap_aka_3gpp2_card.h" +#include "eap_aka_3gpp2_provider.h" +#include "eap_aka_3gpp2_functions.h" + +#include + +typedef struct private_eap_aka_3gpp2_t private_eap_aka_3gpp2_t; + +/** + * Private data of an eap_aka_3gpp2_t object. + */ +struct private_eap_aka_3gpp2_t { + + /** + * Public eap_aka_3gpp2_plugin_t interface. + */ + eap_aka_3gpp2_plugin_t public; + + /** + * SIM card + */ + eap_aka_3gpp2_card_t *card; + + /** + * SIM provider + */ + eap_aka_3gpp2_provider_t *provider; + + /** + * AKA functions + */ + eap_aka_3gpp2_functions_t *functions; +}; + +/** + * Implementation of eap_aka_3gpp2_t.destroy. + */ +static void destroy(private_eap_aka_3gpp2_t *this) +{ + charon->sim->remove_card(charon->sim, &this->card->card); + charon->sim->remove_provider(charon->sim, &this->provider->provider); + this->card->destroy(this->card); + this->provider->destroy(this->provider); + this->functions->destroy(this->functions); + free(this); +} + +/** + * See header + */ +plugin_t *plugin_create() +{ + private_eap_aka_3gpp2_t *this = malloc_thing(private_eap_aka_3gpp2_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->functions = eap_aka_3gpp2_functions_create(); + if (!this->functions) + { + free(this); + return NULL; + } + this->card = eap_aka_3gpp2_card_create(this->functions); + this->provider = eap_aka_3gpp2_provider_create(this->functions); + + charon->sim->add_card(charon->sim, &this->card->card); + charon->sim->add_provider(charon->sim, &this->provider->provider); + + return &this->public.plugin; +} + diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h new file mode 100644 index 000000000..ed5c4cf3e --- /dev/null +++ b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_aka_3gpp2 eap_aka_3gpp2 + * @ingroup cplugins + * + * @defgroup eap_aka_3gpp2_plugin eap_aka_3gpp2_plugin + * @{ @ingroup eap_aka_3gpp2 + */ + +#ifndef EAP_AKA_3GPP2_PLUGIN_H_ +#define EAP_AKA_3GPP2_PLUGIN_H_ + +#include + +typedef struct eap_aka_3gpp2_plugin_t eap_aka_3gpp2_plugin_t; + +/** + * Plugin to provide a SIM card/provider using the 3GPP2 (S.S0055) standard. + * + * This plugin implements the standard of the 3GPP2 (S.S0055) and not the one + * of 3GGP, completely in software using the libgmp library.. + * The shared key used for authentication is from ipsec.secrets. The + * peers ID is used to query it. + * The AKA mechanism uses sequence numbers to detect replay attacks. The + * peer stores the sequence number normally in a USIM and accepts + * incremental sequence numbers (incremental for lifetime of the USIM). To + * prevent a complex sequence number management, this implementation uses + * a sequence number derived from time. It is initialized to the startup + * time of the daemon. + * To enable time based SEQs, define SEQ_CHECK as 1. Default is to accept + * any SEQ numbers. This allows an attacker to do replay attacks. But since + * the server has proven his identity via IKE, such an attack is only + * possible between server and AAA (if any). + */ +struct eap_aka_3gpp2_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a eap_aka_3gpp2_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** EAP_AKA_3GPP2_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c new file mode 100644 index 000000000..9817fff8f --- /dev/null +++ b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c @@ -0,0 +1,204 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_aka_3gpp2_provider.h" + +#include +#include + +typedef struct private_eap_aka_3gpp2_provider_t private_eap_aka_3gpp2_provider_t; + +/** + * Private data of an eap_aka_3gpp2_provider_t object. + */ +struct private_eap_aka_3gpp2_provider_t { + + /** + * Public eap_aka_3gpp2_provider_t interface. + */ + eap_aka_3gpp2_provider_t public; + + /** + * AKA functions + */ + eap_aka_3gpp2_functions_t *f; + + /** + * time based SQN, we use the same for all peers + */ + char sqn[AKA_SQN_LEN]; +}; + +/** Authentication management field */ +static char amf[AKA_AMF_LEN] = {0x00, 0x01}; + +/** + * Get a shared key K from the credential database + */ +bool eap_aka_3gpp2_get_k(identification_t *id, char k[AKA_K_LEN]) +{ + shared_key_t *shared; + chunk_t key; + + shared = charon->credentials->get_shared(charon->credentials, + SHARED_EAP, id, NULL); + if (shared == NULL) + { + return FALSE; + } + key = shared->get_key(shared); + memset(k, '\0', AKA_K_LEN); + memcpy(k, key.ptr, min(key.len, AKA_K_LEN)); + shared->destroy(shared); + return TRUE; +} + +/** + * get SQN using current time + */ +void eap_aka_3gpp2_get_sqn(char sqn[AKA_SQN_LEN], int offset) +{ + timeval_t time; + + gettimeofday(&time, NULL); + /* set sqn to an integer containing 4 bytes seconds + 2 bytes usecs */ + time.tv_sec = htonl(time.tv_sec + offset); + /* usec's are never larger than 0x000f423f, so we shift the 12 first bits */ + time.tv_usec = htonl(time.tv_usec << 12); + memcpy(sqn, (char*)&time.tv_sec + sizeof(time_t) - 4, 4); + memcpy(sqn + 4, &time.tv_usec, 2); +} + +/** + * Implementation of usim_provider_t.get_quintuplet + */ +static bool get_quintuplet(private_eap_aka_3gpp2_provider_t *this, + identification_t *id, char rand[AKA_RAND_LEN], + char xres[AKA_RES_MAX], int *xres_len, + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], + char autn[AKA_AUTN_LEN]) +{ + rng_t *rng; + char mac[AKA_MAC_LEN], ak[AKA_AK_LEN], k[AKA_K_LEN]; + + /* generate RAND: we use a registered RNG, not f0() proposed in S.S0055 */ + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (!rng) + { + DBG1(DBG_IKE, "generating RAND for AKA failed"); + return FALSE; + } + rng->get_bytes(rng, AKA_RAND_LEN, rand); + rng->destroy(rng); + + if (!eap_aka_3gpp2_get_k(id, k)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); + return FALSE; + } + + DBG3(DBG_IKE, "generated rand %b", rand, AKA_RAND_LEN); + DBG3(DBG_IKE, "using K %b", k, AKA_K_LEN); + + /* MAC */ + this->f->f1(this->f, k, rand, this->sqn, amf, mac); + /* AK */ + this->f->f5(this->f, k, rand, ak); + /* XRES as expected from client */ + this->f->f2(this->f, k, rand, xres); + *xres_len = AKA_RES_MAX; + /* AUTN = (SQN xor AK) || AMF || MAC */ + memcpy(autn, this->sqn, AKA_SQN_LEN); + memxor(autn, ak, AKA_AK_LEN); + memcpy(autn + AKA_SQN_LEN, amf, AKA_AMF_LEN); + memcpy(autn + AKA_SQN_LEN + AKA_AMF_LEN, mac, AKA_MAC_LEN); + DBG3(DBG_IKE, "AUTN %b", autn, AKA_AUTN_LEN); + /* CK/IK */ + this->f->f3(this->f, k, rand, ck); + this->f->f4(this->f, k, rand, ik); + + return TRUE; +} + +/** + * Implementation of usim_provider_t.resync + */ +static bool resync(private_eap_aka_3gpp2_provider_t *this, + identification_t *id, char rand[AKA_RAND_LEN], + char auts[AKA_AUTS_LEN]) +{ + char *sqn, *macs; + char aks[AKA_AK_LEN], k[AKA_K_LEN], amf[AKA_AMF_LEN], xmacs[AKA_MAC_LEN]; + + if (!eap_aka_3gpp2_get_k(id, k)) + { + DBG1(DBG_IKE, "no EAP key found for %Y to authenticate with AKA", id); + return FALSE; + } + + /* AUTHS = (AK xor SQN) | MAC */ + sqn = auts; + macs = auts + AKA_SQN_LEN; + this->f->f5star(this->f, k, rand, aks); + memxor(sqn, aks, AKA_AK_LEN); + + /* verify XMACS, AMF of zero is used in resynchronization */ + memset(amf, 0, AKA_AMF_LEN); + this->f->f1star(this->f, k, rand, sqn, amf, xmacs); + if (!memeq(macs, xmacs, AKA_MAC_LEN)) + { + DBG1(DBG_IKE, "received MACS does not match XMACS"); + DBG3(DBG_IKE, "MACS %b XMACS %b", + macs, AKA_MAC_LEN, xmacs, AKA_MAC_LEN); + return FALSE; + } + /* update stored SQN to received SQN + 1 */ + memcpy(this->sqn, sqn, AKA_SQN_LEN); + chunk_increment(chunk_create(this->sqn, AKA_SQN_LEN)); + return TRUE; +} + +/** + * Implementation of eap_aka_3gpp2_provider_t.destroy. + */ +static void destroy(private_eap_aka_3gpp2_provider_t *this) +{ + free(this); +} + +/** + * See header + */ +eap_aka_3gpp2_provider_t *eap_aka_3gpp2_provider_create( + eap_aka_3gpp2_functions_t *f) +{ + private_eap_aka_3gpp2_provider_t *this = malloc_thing(private_eap_aka_3gpp2_provider_t); + + this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false; + this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))get_quintuplet; + this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))resync; + this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null; + this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null; + this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null; + this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null; + this->public.destroy = (void(*)(eap_aka_3gpp2_provider_t*))destroy; + + this->f = f; + /* use an offset to accept clock skew between client/server without resync */ + eap_aka_3gpp2_get_sqn(this->sqn, 180); + + return &this->public; +} + diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h new file mode 100644 index 000000000..22ac0a96e --- /dev/null +++ b/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_aka_3gpp2_provider eap_aka_3gpp2_provider + * @{ @ingroup eap_aka_3gpp2 + */ + +#ifndef EAP_AKA_3GPP2_PROVIDER_H_ +#define EAP_AKA_3GPP2_PROVIDER_H_ + +#include "eap_aka_3gpp2_functions.h" + +#include + +typedef struct eap_aka_3gpp2_provider_t eap_aka_3gpp2_provider_t; + +/** + * SIM provider implementation using a set of AKA functions. + */ +struct eap_aka_3gpp2_provider_t { + + /** + * Implements sim_provider_t interface. + */ + sim_provider_t provider; + + /** + * Destroy a eap_aka_3gpp2_provider_t. + */ + void (*destroy)(eap_aka_3gpp2_provider_t *this); +}; + +/** + * Create a eap_aka_3gpp2_provider instance. + */ +eap_aka_3gpp2_provider_t *eap_aka_3gpp2_provider_create( + eap_aka_3gpp2_functions_t *f); + +#endif /** EAP_AKA_3GPP2_PROVIDER_H_ @}*/ diff --git a/src/charon/plugins/eap_gtc/Makefile.am b/src/charon/plugins/eap_gtc/Makefile.am index 547a8dfc5..0d938cacd 100644 --- a/src/charon/plugins/eap_gtc/Makefile.am +++ b/src/charon/plugins/eap_gtc/Makefile.am @@ -3,8 +3,8 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapgtc.la +plugin_LTLIBRARIES = libstrongswan-eap-gtc.la -libstrongswan_eapgtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c -libstrongswan_eapgtc_la_LDFLAGS = -module -avoid-version -lpam +libstrongswan_eap_gtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c +libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam diff --git a/src/charon/plugins/eap_gtc/Makefile.in b/src/charon/plugins/eap_gtc/Makefile.in index 46d438a97..f3662e1cd 100644 --- a/src/charon/plugins/eap_gtc/Makefile.in +++ b/src/charon/plugins/eap_gtc/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,30 +37,53 @@ host_triplet = @host@ subdir = src/charon/plugins/eap_gtc DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eapgtc_la_LIBADD = -am_libstrongswan_eapgtc_la_OBJECTS = eap_gtc_plugin.lo eap_gtc.lo -libstrongswan_eapgtc_la_OBJECTS = \ - $(am_libstrongswan_eapgtc_la_OBJECTS) -libstrongswan_eapgtc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +libstrongswan_eap_gtc_la_LIBADD = +am_libstrongswan_eap_gtc_la_OBJECTS = eap_gtc_plugin.lo eap_gtc.lo +libstrongswan_eap_gtc_la_OBJECTS = \ + $(am_libstrongswan_eap_gtc_la_OBJECTS) +libstrongswan_eap_gtc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libstrongswan_eapgtc_la_LDFLAGS) $(LDFLAGS) -o $@ + $(libstrongswan_eap_gtc_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -68,8 +93,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_eapgtc_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eapgtc_la_SOURCES) +SOURCES = $(libstrongswan_eap_gtc_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_gtc_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,13 +249,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapgtc.la -libstrongswan_eapgtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c -libstrongswan_eapgtc_la_LDFLAGS = -module -avoid-version -lpam +plugin_LTLIBRARIES = libstrongswan-eap-gtc.la +libstrongswan_eap_gtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c +libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam all: all-am .SUFFIXES: @@ -241,9 +270,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_gtc/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_gtc/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_gtc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_gtc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -261,23 +290,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -288,8 +322,8 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-eapgtc.la: $(libstrongswan_eapgtc_la_OBJECTS) $(libstrongswan_eapgtc_la_DEPENDENCIES) - $(libstrongswan_eapgtc_la_LINK) -rpath $(plugindir) $(libstrongswan_eapgtc_la_OBJECTS) $(libstrongswan_eapgtc_la_LIBADD) $(LIBS) +libstrongswan-eap-gtc.la: $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_DEPENDENCIES) + $(libstrongswan_eap_gtc_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -302,21 +336,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -339,7 +373,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -347,29 +381,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -390,13 +429,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -427,6 +470,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -448,6 +492,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -456,18 +502,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -506,6 +562,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/eap_gtc/eap_gtc.c b/src/charon/plugins/eap_gtc/eap_gtc.c index cb4ab2e59..c7f55fa70 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc.c +++ b/src/charon/plugins/eap_gtc/eap_gtc.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "eap_gtc.h" #include @@ -30,22 +30,22 @@ typedef struct private_eap_gtc_t private_eap_gtc_t; * Private data of an eap_gtc_t object. */ struct private_eap_gtc_t { - + /** * Public authenticator_t interface. */ eap_gtc_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * EAP message identififier */ @@ -83,10 +83,10 @@ static status_t initiate_peer(private_eap_gtc_t *this, eap_payload_t **out) * PAM conv callback function */ static int auth_conv(int num_msg, const struct pam_message **msg, - struct pam_response **resp, char *password) + struct pam_response **resp, char *password) { struct pam_response *response; - + if (num_msg != 1) { return PAM_CONV_ERR; @@ -103,13 +103,13 @@ static int auth_conv(int num_msg, const struct pam_message **msg, */ static bool authenticate(char *service, char *user, char *password) { - pam_handle_t *pamh = NULL; + pam_handle_t *pamh = NULL; static struct pam_conv conv; - int ret; - + int ret; + conv.conv = (void*)auth_conv; conv.appdata_ptr = password; - + ret = pam_start(service, user, &conv, &pamh); if (ret != PAM_SUCCESS) { @@ -143,7 +143,7 @@ static status_t initiate_server(private_eap_gtc_t *this, eap_payload_t **out) { eap_gtc_header_t *req; size_t len; - + len = strlen(GTC_REQUEST_MSG); req = alloca(sizeof(eap_gtc_header_t) + len); req->length = htons(sizeof(eap_gtc_header_t) + len); @@ -151,7 +151,7 @@ static status_t initiate_server(private_eap_gtc_t *this, eap_payload_t **out) req->identifier = this->identifier; req->type = EAP_GTC; memcpy(req->data, GTC_REQUEST_MSG, len); - + *out = eap_payload_create_data(chunk_create((void*)req, sizeof(eap_gtc_header_t) + len)); return NEED_MORE; @@ -178,7 +178,7 @@ static status_t process_peer(private_eap_gtc_t *this, } key = shared->get_key(shared); len = key.len; - + /* TODO: According to the draft we should "SASLprep" password, RFC4013. */ res = alloca(sizeof(eap_gtc_header_t) + len); @@ -187,9 +187,9 @@ static status_t process_peer(private_eap_gtc_t *this, res->identifier = in->get_identifier(in); res->type = EAP_GTC; memcpy(res->data, key.ptr, len); - + shared->destroy(shared); - + *out = eap_payload_create_data(chunk_create((void*)res, sizeof(eap_gtc_header_t) + len)); return NEED_MORE; @@ -203,14 +203,14 @@ static status_t process_server(private_eap_gtc_t *this, { chunk_t data, encoding; char *user, *password, *service, *pos; - + data = chunk_skip(in->get_data(in), 5); if (this->identifier != in->get_identifier(in) || !data.len) { DBG1(DBG_IKE, "received invalid EAP-GTC message"); return FAILED; } - + encoding = this->peer->get_encoding(this->peer); /* if a RFC822_ADDR id is provided, we use the username part only */ pos = memchr(encoding.ptr, '@', encoding.len); @@ -221,14 +221,14 @@ static status_t process_server(private_eap_gtc_t *this, user = alloca(encoding.len + 1); memcpy(user, encoding.ptr, encoding.len); user[encoding.len] = '\0'; - + password = alloca(data.len + 1); memcpy(password, data.ptr, data.len); password[data.len] = '\0'; - + service = lib->settings->get_str(lib->settings, - "charon.plugins.eap_gtc.pam_service", GTC_PAM_SERVICE); - + "charon.plugins.eap-gtc.pam_service", GTC_PAM_SERVICE); + if (!authenticate(service, user, password)) { return FAILED; @@ -278,19 +278,19 @@ static private_eap_gtc_t *eap_gtc_create_generic(identification_t *server, identification_t *peer) { private_eap_gtc_t *this = malloc_thing(private_eap_gtc_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->peer = peer->clone(peer); this->server = server->clone(server); this->identifier = 0; - + return this; } @@ -300,7 +300,7 @@ static private_eap_gtc_t *eap_gtc_create_generic(identification_t *server, eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *peer) { private_eap_gtc_t *this = eap_gtc_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server; @@ -318,7 +318,7 @@ eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *pee eap_gtc_t *eap_gtc_create_peer(identification_t *server, identification_t *peer) { private_eap_gtc_t *this = eap_gtc_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer; diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c b/src/charon/plugins/eap_gtc/eap_gtc_plugin.c index fda6c744a..8550c254c 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c +++ b/src/charon/plugins/eap_gtc/eap_gtc_plugin.c @@ -40,17 +40,17 @@ static void destroy(eap_gtc_plugin_t *this) plugin_t *plugin_create() { eap_gtc_plugin_t *this = malloc_thing(eap_gtc_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + /* required for PAM authentication */ charon->keep_cap(charon, CAP_AUDIT_WRITE); - + charon->eap->add_method(charon->eap, EAP_GTC, 0, EAP_SERVER, (eap_constructor_t)eap_gtc_create_server); charon->eap->add_method(charon->eap, EAP_GTC, 0, EAP_PEER, (eap_constructor_t)eap_gtc_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_identity/Makefile.am b/src/charon/plugins/eap_identity/Makefile.am index 79ddee3e8..992eb43f7 100644 --- a/src/charon/plugins/eap_identity/Makefile.am +++ b/src/charon/plugins/eap_identity/Makefile.am @@ -3,8 +3,8 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapidentity.la -libstrongswan_eapidentity_la_SOURCES = \ +plugin_LTLIBRARIES = libstrongswan-eap-identity.la +libstrongswan_eap_identity_la_SOURCES = \ eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c -libstrongswan_eapidentity_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_identity/Makefile.in b/src/charon/plugins/eap_identity/Makefile.in index 0adb9ce10..80709246f 100644 --- a/src/charon/plugins/eap_identity/Makefile.in +++ b/src/charon/plugins/eap_identity/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,32 +37,55 @@ host_triplet = @host@ subdir = src/charon/plugins/eap_identity DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eapidentity_la_LIBADD = -am_libstrongswan_eapidentity_la_OBJECTS = eap_identity_plugin.lo \ +libstrongswan_eap_identity_la_LIBADD = +am_libstrongswan_eap_identity_la_OBJECTS = eap_identity_plugin.lo \ eap_identity.lo -libstrongswan_eapidentity_la_OBJECTS = \ - $(am_libstrongswan_eapidentity_la_OBJECTS) -libstrongswan_eapidentity_la_LINK = $(LIBTOOL) --tag=CC \ +libstrongswan_eap_identity_la_OBJECTS = \ + $(am_libstrongswan_eap_identity_la_OBJECTS) +libstrongswan_eap_identity_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eapidentity_la_LDFLAGS) \ - $(LDFLAGS) -o $@ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_eap_identity_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -70,8 +95,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_eapidentity_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eapidentity_la_SOURCES) +SOURCES = $(libstrongswan_eap_identity_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_identity_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -108,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -138,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -171,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -196,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -204,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -223,15 +251,16 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapidentity.la -libstrongswan_eapidentity_la_SOURCES = \ +plugin_LTLIBRARIES = libstrongswan-eap-identity.la +libstrongswan_eap_identity_la_SOURCES = \ eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c -libstrongswan_eapidentity_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: @@ -245,9 +274,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_identity/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_identity/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_identity/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_identity/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -265,23 +294,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -292,8 +326,8 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-eapidentity.la: $(libstrongswan_eapidentity_la_OBJECTS) $(libstrongswan_eapidentity_la_DEPENDENCIES) - $(libstrongswan_eapidentity_la_LINK) -rpath $(plugindir) $(libstrongswan_eapidentity_la_OBJECTS) $(libstrongswan_eapidentity_la_LIBADD) $(LIBS) +libstrongswan-eap-identity.la: $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_DEPENDENCIES) + $(libstrongswan_eap_identity_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/eap_identity/eap_identity.c b/src/charon/plugins/eap_identity/eap_identity.c index e43c50c50..ab082a955 100644 --- a/src/charon/plugins/eap_identity/eap_identity.c +++ b/src/charon/plugins/eap_identity/eap_identity.c @@ -24,17 +24,17 @@ typedef struct private_eap_identity_t private_eap_identity_t; * Private data of an eap_identity_t object. */ struct private_eap_identity_t { - + /** * Public authenticator_t interface. */ eap_identity_t public; - + /** * ID of the peer */ identification_t *peer; - + /** * received identity chunk */ @@ -68,17 +68,17 @@ static status_t process_peer(private_eap_identity_t *this, chunk_t id; eap_identity_header_t *hdr; size_t len; - + id = this->peer->get_encoding(this->peer); len = sizeof(eap_identity_header_t) + id.len; - + hdr = alloca(len); hdr->code = EAP_RESPONSE; hdr->identifier = in->get_identifier(in); hdr->length = htons(len); hdr->type = EAP_IDENTITY; memcpy(hdr->data, id.ptr, id.len); - + *out = eap_payload_create_data(chunk_create((u_char*)hdr, len)); return SUCCESS; } @@ -99,7 +99,7 @@ static status_t process_server(private_eap_identity_t *this, eap_payload_t *in, eap_payload_t **out) { chunk_t data; - + data = chunk_skip(in->get_data(in), 5); if (data.len) { @@ -114,12 +114,12 @@ static status_t process_server(private_eap_identity_t *this, static status_t initiate_server(private_eap_identity_t *this, eap_payload_t **out) { eap_identity_header_t hdr; - + hdr.code = EAP_REQUEST; hdr.identifier = 0; hdr.length = htons(sizeof(eap_identity_header_t)); hdr.type = EAP_IDENTITY; - + *out = eap_payload_create_data(chunk_create((u_char*)&hdr, sizeof(eap_identity_header_t))); return NEED_MORE; @@ -172,17 +172,17 @@ static private_eap_identity_t *eap_identity_create(identification_t *server, identification_t *peer) { private_eap_identity_t *this = malloc_thing(private_eap_identity_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + this->peer = peer->clone(peer); this->identity = chunk_empty; - + return this; } @@ -193,11 +193,11 @@ eap_identity_t *eap_identity_create_peer(identification_t *server, identification_t *peer) { private_eap_identity_t *this = eap_identity_create(server, peer); - + /* public functions */ this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer; - + return &this->public; } @@ -208,11 +208,11 @@ eap_identity_t *eap_identity_create_server(identification_t *server, identification_t *peer) { private_eap_identity_t *this = eap_identity_create(server, peer); - + /* public functions */ this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server; - + return &this->public; } diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.c b/src/charon/plugins/eap_identity/eap_identity_plugin.c index 809254ccb..a623e1951 100644 --- a/src/charon/plugins/eap_identity/eap_identity_plugin.c +++ b/src/charon/plugins/eap_identity/eap_identity_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_identity_plugin_t *this) plugin_t *plugin_create() { eap_identity_plugin_t *this = malloc_thing(eap_identity_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_IDENTITY, 0, EAP_SERVER, (eap_constructor_t)eap_identity_create_server); charon->eap->add_method(charon->eap, EAP_IDENTITY, 0, EAP_PEER, (eap_constructor_t)eap_identity_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_md5/Makefile.am b/src/charon/plugins/eap_md5/Makefile.am index 8bad64368..f49928cd2 100644 --- a/src/charon/plugins/eap_md5/Makefile.am +++ b/src/charon/plugins/eap_md5/Makefile.am @@ -3,8 +3,8 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapmd5.la +plugin_LTLIBRARIES = libstrongswan-eap-md5.la -libstrongswan_eapmd5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c -libstrongswan_eapmd5_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_md5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c +libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_md5/Makefile.in b/src/charon/plugins/eap_md5/Makefile.in index c11837b91..21ac7fa92 100644 --- a/src/charon/plugins/eap_md5/Makefile.in +++ b/src/charon/plugins/eap_md5/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,30 +37,53 @@ host_triplet = @host@ subdir = src/charon/plugins/eap_md5 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eapmd5_la_LIBADD = -am_libstrongswan_eapmd5_la_OBJECTS = eap_md5_plugin.lo eap_md5.lo -libstrongswan_eapmd5_la_OBJECTS = \ - $(am_libstrongswan_eapmd5_la_OBJECTS) -libstrongswan_eapmd5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +libstrongswan_eap_md5_la_LIBADD = +am_libstrongswan_eap_md5_la_OBJECTS = eap_md5_plugin.lo eap_md5.lo +libstrongswan_eap_md5_la_OBJECTS = \ + $(am_libstrongswan_eap_md5_la_OBJECTS) +libstrongswan_eap_md5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libstrongswan_eapmd5_la_LDFLAGS) $(LDFLAGS) -o $@ + $(libstrongswan_eap_md5_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -68,8 +93,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_eapmd5_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eapmd5_la_SOURCES) +SOURCES = $(libstrongswan_eap_md5_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_md5_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,13 +249,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapmd5.la -libstrongswan_eapmd5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c -libstrongswan_eapmd5_la_LDFLAGS = -module -avoid-version +plugin_LTLIBRARIES = libstrongswan-eap-md5.la +libstrongswan_eap_md5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c +libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: @@ -241,9 +270,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_md5/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_md5/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_md5/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_md5/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -261,23 +290,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -288,8 +322,8 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-eapmd5.la: $(libstrongswan_eapmd5_la_OBJECTS) $(libstrongswan_eapmd5_la_DEPENDENCIES) - $(libstrongswan_eapmd5_la_LINK) -rpath $(plugindir) $(libstrongswan_eapmd5_la_OBJECTS) $(libstrongswan_eapmd5_la_LIBADD) $(LIBS) +libstrongswan-eap-md5.la: $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_DEPENDENCIES) + $(libstrongswan_eap_md5_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -302,21 +336,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -339,7 +373,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -347,29 +381,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -390,13 +429,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -427,6 +470,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -448,6 +492,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -456,18 +502,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -506,6 +562,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/eap_md5/eap_md5.c b/src/charon/plugins/eap_md5/eap_md5.c index 36d726947..0eda8f755 100644 --- a/src/charon/plugins/eap_md5/eap_md5.c +++ b/src/charon/plugins/eap_md5/eap_md5.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "eap_md5.h" #include @@ -25,27 +25,27 @@ typedef struct private_eap_md5_t private_eap_md5_t; * Private data of an eap_md5_t object. */ struct private_eap_md5_t { - + /** * Public authenticator_t interface. */ eap_md5_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * challenge sent by the server */ chunk_t challenge; - + /** * EAP message identififier */ @@ -78,21 +78,21 @@ struct eap_md5_header_t { /** * Hash the challenge string, create response */ -static status_t hash_challenge(private_eap_md5_t *this, chunk_t *response) -{ +static status_t hash_challenge(private_eap_md5_t *this, chunk_t *response, + identification_t *me, identification_t *other) +{ shared_key_t *shared; chunk_t concat; hasher_t *hasher; shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, - this->server, this->peer); + me, other); if (shared == NULL) { - DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'", - this->server, this->peer); + DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'", me, other); return NOT_FOUND; } - concat = chunk_cata("ccc", chunk_from_thing(this->identifier), + concat = chunk_cata("ccc", chunk_from_thing(this->identifier), shared->get_key(shared), this->challenge); shared->destroy(shared); hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); @@ -122,7 +122,7 @@ static status_t initiate_server(private_eap_md5_t *this, eap_payload_t **out) { rng_t *rng; eap_md5_header_t *req; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -130,7 +130,7 @@ static status_t initiate_server(private_eap_md5_t *this, eap_payload_t **out) } rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge); rng->destroy(rng); - + req = alloca(PAYLOAD_LEN); req->length = htons(PAYLOAD_LEN); req->code = EAP_REQUEST; @@ -138,7 +138,7 @@ static status_t initiate_server(private_eap_md5_t *this, eap_payload_t **out) req->type = EAP_MD5; req->value_size = this->challenge.len; memcpy(req->value, this->challenge.ptr, this->challenge.len); - + *out = eap_payload_create_data(chunk_create((void*)req, PAYLOAD_LEN)); return NEED_MORE; } @@ -152,7 +152,7 @@ static status_t process_peer(private_eap_md5_t *this, chunk_t response; chunk_t data; eap_md5_header_t *req; - + this->identifier = in->get_identifier(in); data = in->get_data(in); this->challenge = chunk_clone(chunk_skip(data, 6)); @@ -161,7 +161,7 @@ static status_t process_peer(private_eap_md5_t *this, DBG1(DBG_IKE, "received invalid EAP-MD5 message"); return FAILED; } - if (hash_challenge(this, &response) != SUCCESS) + if (hash_challenge(this, &response, this->peer, this->server) != SUCCESS) { return FAILED; } @@ -173,7 +173,7 @@ static status_t process_peer(private_eap_md5_t *this, req->value_size = response.len; memcpy(req->value, response.ptr, response.len); chunk_free(&response); - + *out = eap_payload_create_data(chunk_create((void*)req, PAYLOAD_LEN)); return NEED_MORE; } @@ -186,19 +186,19 @@ static status_t process_server(private_eap_md5_t *this, { chunk_t response, expected; chunk_t data; - + if (this->identifier != in->get_identifier(in)) { DBG1(DBG_IKE, "received invalid EAP-MD5 message"); return FAILED; } - if (hash_challenge(this, &expected) != SUCCESS) + if (hash_challenge(this, &expected, this->server, this->peer) != SUCCESS) { return FAILED; } data = in->get_data(in); response = chunk_skip(data, 6); - + if (response.len < expected.len || !memeq(response.ptr, expected.ptr, expected.len)) { @@ -253,20 +253,20 @@ static private_eap_md5_t *eap_md5_create_generic(identification_t *server, identification_t *peer) { private_eap_md5_t *this = malloc_thing(private_eap_md5_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->peer = peer->clone(peer); this->server = server->clone(server); this->challenge = chunk_empty; this->identifier = 0; - + return this; } @@ -276,7 +276,7 @@ static private_eap_md5_t *eap_md5_create_generic(identification_t *server, eap_md5_t *eap_md5_create_server(identification_t *server, identification_t *peer) { private_eap_md5_t *this = eap_md5_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_server; @@ -294,7 +294,7 @@ eap_md5_t *eap_md5_create_server(identification_t *server, identification_t *pee eap_md5_t *eap_md5_create_peer(identification_t *server, identification_t *peer) { private_eap_md5_t *this = eap_md5_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process_peer; diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.c b/src/charon/plugins/eap_md5/eap_md5_plugin.c index e30152fc5..629255ebf 100644 --- a/src/charon/plugins/eap_md5/eap_md5_plugin.c +++ b/src/charon/plugins/eap_md5/eap_md5_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_md5_plugin_t *this) plugin_t *plugin_create() { eap_md5_plugin_t *this = malloc_thing(eap_md5_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_MD5, 0, EAP_SERVER, (eap_constructor_t)eap_md5_create_server); charon->eap->add_method(charon->eap, EAP_MD5, 0, EAP_PEER, (eap_constructor_t)eap_md5_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_mschapv2/Makefile.am b/src/charon/plugins/eap_mschapv2/Makefile.am index 179da70fc..4758ad5f3 100644 --- a/src/charon/plugins/eap_mschapv2/Makefile.am +++ b/src/charon/plugins/eap_mschapv2/Makefile.am @@ -3,10 +3,10 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapmschapv2.la +plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la -libstrongswan_eapmschapv2_la_SOURCES = \ +libstrongswan_eap_mschapv2_la_SOURCES = \ eap_mschapv2_plugin.h eap_mschapv2_plugin.c \ eap_mschapv2.h eap_mschapv2.c -libstrongswan_eapmschapv2_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_mschapv2_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_mschapv2/Makefile.in b/src/charon/plugins/eap_mschapv2/Makefile.in index d6dd74b88..001818481 100644 --- a/src/charon/plugins/eap_mschapv2/Makefile.in +++ b/src/charon/plugins/eap_mschapv2/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,32 +37,55 @@ host_triplet = @host@ subdir = src/charon/plugins/eap_mschapv2 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eapmschapv2_la_LIBADD = -am_libstrongswan_eapmschapv2_la_OBJECTS = eap_mschapv2_plugin.lo \ +libstrongswan_eap_mschapv2_la_LIBADD = +am_libstrongswan_eap_mschapv2_la_OBJECTS = eap_mschapv2_plugin.lo \ eap_mschapv2.lo -libstrongswan_eapmschapv2_la_OBJECTS = \ - $(am_libstrongswan_eapmschapv2_la_OBJECTS) -libstrongswan_eapmschapv2_la_LINK = $(LIBTOOL) --tag=CC \ +libstrongswan_eap_mschapv2_la_OBJECTS = \ + $(am_libstrongswan_eap_mschapv2_la_OBJECTS) +libstrongswan_eap_mschapv2_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eapmschapv2_la_LDFLAGS) \ - $(LDFLAGS) -o $@ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_eap_mschapv2_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -70,8 +95,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_eapmschapv2_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eapmschapv2_la_SOURCES) +SOURCES = $(libstrongswan_eap_mschapv2_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_mschapv2_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -108,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -138,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -171,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -196,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -204,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -223,16 +251,17 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapmschapv2.la -libstrongswan_eapmschapv2_la_SOURCES = \ +plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la +libstrongswan_eap_mschapv2_la_SOURCES = \ eap_mschapv2_plugin.h eap_mschapv2_plugin.c \ eap_mschapv2.h eap_mschapv2.c -libstrongswan_eapmschapv2_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_mschapv2_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: @@ -246,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -266,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -293,8 +327,8 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-eapmschapv2.la: $(libstrongswan_eapmschapv2_la_OBJECTS) $(libstrongswan_eapmschapv2_la_DEPENDENCIES) - $(libstrongswan_eapmschapv2_la_LINK) -rpath $(plugindir) $(libstrongswan_eapmschapv2_la_OBJECTS) $(libstrongswan_eapmschapv2_la_LIBADD) $(LIBS) +libstrongswan-eap-mschapv2.la: $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_DEPENDENCIES) + $(libstrongswan_eap_mschapv2_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -307,21 +341,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -344,7 +378,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -352,29 +386,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -395,13 +434,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -432,6 +475,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -453,6 +497,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -461,18 +507,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -511,6 +567,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c index 0e3fac780..f0222840d 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c @@ -35,47 +35,47 @@ struct private_eap_mschapv2_t * Public authenticator_t interface. */ eap_mschapv2_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * challenge sent by the server */ chunk_t challenge; - + /** * generated NT-Response */ chunk_t nt_response; - + /** * generated Authenticator Response */ chunk_t auth_response; - + /** * generated MSK */ chunk_t msk; - + /** * EAP message identifier */ u_int8_t identifier; - + /** * MS-CHAPv2-ID (session ID, increases with each retry) */ u_int8_t mschapv2id; - + /** * Number of retries */ @@ -248,7 +248,7 @@ static chunk_t ExpandDESKey(chunk_t key) int i; u_char carry = 0; chunk_t expanded; - + /* expand the 7 octets to 8 octets */ expanded = chunk_alloc(8); for (i = 0; i < 7; i++) @@ -257,7 +257,7 @@ static chunk_t ExpandDESKey(chunk_t key) carry = key.ptr[i] & ~bitmask[i]; } expanded.ptr[7] = carry << 1; - + /* add parity bits to each octet */ for (i = 0; i < 8; i++) { @@ -269,7 +269,7 @@ static chunk_t ExpandDESKey(chunk_t key) } /** - * Calculate the NT password hash (i.e. hash the (unicode) password with MD4) + * Calculate the NT password hash (i.e. hash the (unicode) password with MD4) */ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) { @@ -277,7 +277,7 @@ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD4); if (hasher == NULL) { - DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, MD4 not supported"); + DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no MD4 hasher available"); return FAILED; } hasher->allocate_hash(hasher, password, password_hash); @@ -287,7 +287,7 @@ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) /** * Calculate the challenge hash (i.e. hash [peer_challenge | server_challenge | - * username (without domain part)] with SHA1) + * username (without domain part)] with SHA1) */ static status_t ChallengeHash(chunk_t peer_challenge, chunk_t server_challenge, chunk_t username, chunk_t *challenge_hash) @@ -331,7 +331,7 @@ static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash, memset(z_password_hash.ptr, 0, z_password_hash.len); memcpy(z_password_hash.ptr, password_hash.ptr, password_hash.len); chunk_split(z_password_hash, "mmm", 7, &keys[0], 7, &keys[1], 7, &keys[2]); - + *response = chunk_alloc(24); for (i = 0; i < 3; i++) { @@ -353,35 +353,32 @@ static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash, static status_t AuthenticatorResponse(chunk_t password_hash_hash, chunk_t challenge_hash, chunk_t nt_response, chunk_t *response) { - static u_int8_t magic1_data[] = - { 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, - 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, - 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 }; - static u_int8_t magic2_data[] = - { 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, - 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, - 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, - 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, - 0x6E }; - static const chunk_t magic1 = chunk_from_buf(magic1_data); - static const chunk_t magic2 = chunk_from_buf(magic2_data); - + chunk_t magic1 = chunk_from_chars( + 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, + 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74); + chunk_t magic2 = chunk_from_chars( + 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, + 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, + 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, + 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, + 0x6E); chunk_t digest = chunk_empty, concat; hasher_t *hasher; - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported"); return FAILED; } - + concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1); hasher->allocate_hash(hasher, concat, &digest); concat = chunk_cata("ccc", digest, challenge_hash, magic2); hasher->allocate_hash(hasher, concat, response); - + hasher->destroy(hasher); chunk_free(&digest); return SUCCESS; @@ -393,71 +390,67 @@ static status_t AuthenticatorResponse(chunk_t password_hash_hash, static status_t GenerateMSK(chunk_t password_hash_hash, chunk_t nt_response, chunk_t *msk) { - static u_int8_t magic1_data[] = - { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, - 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, - 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; - static u_int8_t magic2_data[] = - { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, - 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, - 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, - 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, - 0x6b, 0x65, 0x79, 0x2e }; - static u_int8_t magic3_data[] = - { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, - 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, - 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, - 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, - 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, - 0x6b, 0x65, 0x79, 0x2e }; - static u_int8_t shapad1_data[] = - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - static u_int8_t shapad2_data[] = - { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; - static const chunk_t magic1 = chunk_from_buf(magic1_data); - static const chunk_t magic2 = chunk_from_buf(magic2_data); - static const chunk_t magic3 = chunk_from_buf(magic3_data); - static const chunk_t shapad1 = chunk_from_buf(shapad1_data); - static const chunk_t shapad2 = chunk_from_buf(shapad2_data); - static const chunk_t keypad = { shapad1_data, 16 }; - + chunk_t magic1 = chunk_from_chars( + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, + 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79); + chunk_t magic2 = chunk_from_chars( + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, + 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x2e); + chunk_t magic3 = chunk_from_chars( + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, + 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, + 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, + 0x6b, 0x65, 0x79, 0x2e); + chunk_t shapad1 = chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00); + chunk_t shapad2 = chunk_from_chars( + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2); + chunk_t keypad = chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00); chunk_t concat, master_key, master_receive_key, master_send_key; hasher_t *hasher; - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported"); return FAILED; } - + concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1); hasher->allocate_hash(hasher, concat, &master_key); master_key.len = 16; - + concat = chunk_cata("cccc", master_key, shapad1, magic2, shapad2); hasher->allocate_hash(hasher, concat, &master_receive_key); master_receive_key.len = 16; - + concat = chunk_cata("cccc", master_key, shapad1, magic3, shapad2); hasher->allocate_hash(hasher, concat, &master_send_key); master_send_key.len = 16; - + *msk = chunk_cat("cccc", master_receive_key, master_send_key, keypad, keypad); - + hasher->destroy(hasher); chunk_free(&master_key); chunk_free(&master_receive_key); @@ -472,7 +465,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, status_t status = FAILED; chunk_t password_hash = chunk_empty, password_hash_hash = chunk_empty, challenge_hash = chunk_empty; - + if (NtPasswordHash(password, &password_hash) != SUCCESS) { goto error; @@ -486,7 +479,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, { goto error; } - + if (ChallengeResponse(challenge_hash, password_hash, &this->nt_response) != SUCCESS) { @@ -501,9 +494,9 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, { goto error; } - + status = SUCCESS; - + error: chunk_free(&password_hash); chunk_free(&password_hash_hash); @@ -532,7 +525,7 @@ static chunk_t ascii_to_unicode(chunk_t ascii) static char* sanitize(char *str) { char *pos = str; - + while (pos && *pos) { if (!isprint(*pos)) @@ -592,7 +585,7 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou eap_mschapv2_challenge_t *cha; const char *name = MSCHAPV2_HOST_NAME; u_int16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -601,7 +594,7 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou } rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge); rng->destroy(rng); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = this->identifier; @@ -610,12 +603,12 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou eap->opcode = MSCHAPV2_CHALLENGE; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + cha = (eap_mschapv2_challenge_t*)eap->data; cha->value_size = CHALLENGE_LEN; memcpy(cha->challenge, this->challenge.ptr, this->challenge.len); memcpy(cha->name, name, sizeof(MSCHAPV2_HOST_NAME) - 1); - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); return NEED_MORE; } @@ -634,29 +627,29 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, shared_key_t *shared; chunk_t data, peer_challenge, username, password; u_int16_t len = RESPONSE_PAYLOAD_LEN; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + /* the name MUST be at least one octet long */ if (data.len < CHALLENGE_PAYLOAD_LEN + 1) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + cha = (eap_mschapv2_challenge_t*)eap->data; - + if (cha->value_size != CHALLENGE_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "invalid challenge size"); return FAILED; } - + this->mschapv2id = eap->ms_chapv2_id; this->challenge = chunk_clone(chunk_create(cha->challenge, CHALLENGE_LEN)); - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -666,7 +659,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, peer_challenge = chunk_alloca(CHALLENGE_LEN); rng->get_bytes(rng, CHALLENGE_LEN, peer_challenge.ptr); rng->destroy(rng); - + shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, this->peer, this->server); if (shared == NULL) @@ -675,13 +668,13 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, this->server, this->peer); return NOT_FOUND; } - + password = ascii_to_unicode(shared->get_key(shared)); shared->destroy(shared); - + username = extract_username(this->peer); len += username.len; - + if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 generating NT-Response failed"); @@ -689,7 +682,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, return FAILED; } chunk_clear(&password); - + eap = alloca(len); eap->code = EAP_RESPONSE; eap->identifier = this->identifier; @@ -698,16 +691,16 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_RESPONSE; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + res = (eap_mschapv2_response_t*)eap->data; res->value_size = RESPONSE_LEN; memset(&res->response, 0, RESPONSE_LEN); memcpy(res->response.peer_challenge, peer_challenge.ptr, peer_challenge.len); memcpy(res->response.nt_response, this->nt_response.ptr, this->nt_response.len); - + username = this->peer->get_encoding(this->peer); memcpy(res->name, username.ptr, username.len); - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); return NEED_MORE; } @@ -725,21 +718,21 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, char *message, *token, *msg = NULL; int message_len; u_int16_t len = SHORT_HEADER_LEN; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < AUTH_RESPONSE_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + message_len = data.len - HEADER_LEN; message = malloc(message_len + 1); memcpy(message, eap->data, message_len); message[message_len] = '\0'; - + /* S= M= */ enumerator = enumerator_create_token(message, " ", " "); while (enumerator->enumerate(enumerator, &token)) @@ -764,32 +757,32 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, } } enumerator->destroy(enumerator); - - if (auth_string.ptr == NULL) + + if (auth_string.ptr == NULL) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "auth string missing"); goto error; } - + if (!chunk_equals(this->auth_response, auth_string)) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); goto error; } - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 succeeded: '%s'", sanitize(msg)); - + eap = alloca(len); eap->code = EAP_RESPONSE; eap->identifier = this->identifier; eap->length = htons(len); eap->type = EAP_MSCHAPV2; eap->opcode = MSCHAPV2_SUCCESS; - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); status = NEED_MORE; - + error: chunk_free(&auth_string); free(message); @@ -807,21 +800,21 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, char *message, *token, *msg = NULL; int message_len, error, retryable; chunk_t challenge = chunk_empty; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < 3) /* we want at least an error code: E=e */ { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + message_len = data.len - HEADER_LEN; message = malloc(message_len + 1); memcpy(message, eap->data, message_len); message[message_len] = '\0'; - + /* E=eeeeeeeeee R=r C=cccccccccccccccccccccccccccccccc V=vvvvvvvvvv M= */ enumerator = enumerator_create_token(message, " ", " "); while (enumerator->enumerate(enumerator, &token)) @@ -862,28 +855,28 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, } } enumerator->destroy(enumerator); - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed with error %N: '%s'", mschapv2_error_names, error, sanitize(msg)); - + /** * at this point, if the error is retryable, we MAY retry the authentication * or MAY send a Change Password packet. - * + * * if the error is not retryable (or if we do neither of the above), we * SHOULD send a Failure Response packet. * windows clients don't do that, and since windows server 2008 r2 behaves * pretty odd if we do send a Failure Response, we just don't send one * either. windows 7 actually sends a delete notify (which, according to the - * logs, results in an error on windows server 2008 r2). - * + * logs, results in an error on windows server 2008 r2). + * * btw, windows server 2008 r2 does not send non-retryable errors for e.g. * a disabled account but returns the windows error code in a notify payload * of type 12345. */ - + status = FAILED; - + error: chunk_free(&challenge); free(message); @@ -899,7 +892,7 @@ static status_t process_peer(private_eap_mschapv2_t *this, eap_payload_t *in, { chunk_t data; eap_mschapv2_header_t *eap; - + this->identifier = in->get_identifier(in); data = in->get_data(in); if (data.len < SHORT_HEADER_LEN) @@ -907,9 +900,9 @@ static status_t process_peer(private_eap_mschapv2_t *this, eap_payload_t *in, DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message"); return FAILED; } - + eap = (eap_mschapv2_header_t*)data.ptr; - + switch (eap->opcode) { case MSCHAPV2_CHALLENGE: @@ -945,7 +938,7 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, chunk_t hex; char msg[FAILURE_MESSAGE_LEN]; u_int16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */ - + if (++this->retries > MAX_RETRIES) { /* we MAY send a Failure Request with R=0, but windows 7 does not @@ -957,9 +950,9 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, "maximum number of retries reached"); return FAILED; } - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed, retry (%d)", this->retries); - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -968,11 +961,11 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, } rng->get_bytes(rng, CHALLENGE_LEN, this->challenge.ptr); rng->destroy(rng); - + chunk_free(&this->nt_response); chunk_free(&this->auth_response); chunk_free(&this->msk); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = ++this->identifier; @@ -981,16 +974,16 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_FAILURE; eap->ms_chapv2_id = this->mschapv2id++; /* increase for each retry */ set_ms_length(eap, len); - + hex = chunk_to_hex(this->challenge, NULL, TRUE); snprintf(msg, FAILURE_MESSAGE_LEN, "%s%s", FAILURE_MESSAGE, hex.ptr); chunk_free(&hex); memcpy(eap->data, msg, FAILURE_MESSAGE_LEN - 1); /* no null byte */ *out = eap_payload_create_data(chunk_create((void*) eap, len)); - + /* delay the response for some time to make brute-force attacks harder */ sleep(RETRY_DELAY); - + return NEED_MORE; } @@ -1007,25 +1000,25 @@ static status_t process_server_response(private_eap_mschapv2_t *this, shared_key_t *shared; int name_len; char buf[256]; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < RESPONSE_PAYLOAD_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + res = (eap_mschapv2_response_t*)eap->data; peer_challenge = chunk_create(res->response.peer_challenge, CHALLENGE_LEN); - + name_len = min(data.len - RESPONSE_PAYLOAD_LEN, 255); snprintf(buf, sizeof(buf), "%.*s", name_len, res->name); userid = identification_create_from_string(buf); DBG2(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid); username = extract_username(userid); - + shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, this->server, userid); if (shared == NULL) @@ -1035,33 +1028,33 @@ static status_t process_server_response(private_eap_mschapv2_t *this, /* FIXME: windows 7 always sends the username that is first entered in * the username box, even, if the user changes it during retries (probably * to keep consistent with the EAP-Identity). - * thus, we could actually fail here, because retries do not make much - * sense. on the other hand, an attacker could guess usernames, if the - * error messages were different. */ + * thus, we could actually fail here, because retries do not make much + * sense. on the other hand, an attacker could guess usernames, if the + * error messages were different. */ userid->destroy(userid); return process_server_retry(this, out); } - + password = ascii_to_unicode(shared->get_key(shared)); shared->destroy(shared); - + if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS) { - DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); + DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); userid->destroy(userid); chunk_clear(&password); return FAILED; } userid->destroy(userid); chunk_clear(&password); - + if (memeq(res->response.nt_response, this->nt_response.ptr, this->nt_response.len)) { chunk_t hex; char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)]; u_int16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = ++this->identifier; @@ -1070,7 +1063,7 @@ static status_t process_server_response(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_SUCCESS; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + hex = chunk_to_hex(this->auth_response, NULL, TRUE); snprintf(msg, AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE), "S=%s%s", hex.ptr, SUCCESS_MESSAGE); @@ -1091,23 +1084,23 @@ static status_t process_server(private_eap_mschapv2_t *this, eap_payload_t *in, { eap_mschapv2_header_t *eap; chunk_t data; - + if (this->identifier != in->get_identifier(in)) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "unexpected identifier"); return FAILED; } - + data = in->get_data(in); if (data.len < SHORT_HEADER_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + eap = (eap_mschapv2_header_t*)data.ptr; - + switch (eap->opcode) { case MSCHAPV2_RESPONSE: @@ -1159,7 +1152,7 @@ static status_t get_msk(private_eap_mschapv2_t *this, chunk_t *msk) */ static bool is_mutual(private_eap_mschapv2_t *this) { - return TRUE; + return FALSE; } /** @@ -1182,14 +1175,14 @@ static void destroy(private_eap_mschapv2_t *this) static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = malloc_thing(private_eap_mschapv2_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->peer = peer->clone(peer); this->server = server->clone(server); @@ -1200,7 +1193,7 @@ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *ser this->identifier = 0; this->mschapv2id = 0; this->retries = 0; - + return this; } @@ -1210,7 +1203,7 @@ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *ser eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*, eap_payload_t**))process_server; @@ -1219,9 +1212,9 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat { this->identifier = random(); } while (!this->identifier); - + this->mschapv2id = this->identifier; - + return &this->public; } @@ -1231,10 +1224,10 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat eap_mschapv2_t *eap_mschapv2_create_peer(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*, eap_payload_t**))process_peer; - + return &this->public; } diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c index d0995c477..404cecb20 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_mschapv2_plugin_t *this) plugin_t *plugin_create() { eap_mschapv2_plugin_t *this = malloc_thing(eap_mschapv2_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_MSCHAPV2, 0, EAP_SERVER, (eap_constructor_t)eap_mschapv2_create_server); charon->eap->add_method(charon->eap, EAP_MSCHAPV2, 0, EAP_PEER, (eap_constructor_t)eap_mschapv2_create_peer); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_radius/Makefile.am b/src/charon/plugins/eap_radius/Makefile.am index df5c94656..e476fbed6 100644 --- a/src/charon/plugins/eap_radius/Makefile.am +++ b/src/charon/plugins/eap_radius/Makefile.am @@ -3,12 +3,12 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapradius.la +plugin_LTLIBRARIES = libstrongswan-eap-radius.la -libstrongswan_eapradius_la_SOURCES = \ +libstrongswan_eap_radius_la_SOURCES = \ eap_radius_plugin.h eap_radius_plugin.c \ eap_radius.h eap_radius.c \ radius_client.h radius_client.c \ radius_message.h radius_message.c -libstrongswan_eapradius_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_radius/Makefile.in b/src/charon/plugins/eap_radius/Makefile.in index c30111fad..eb135e750 100644 --- a/src/charon/plugins/eap_radius/Makefile.in +++ b/src/charon/plugins/eap_radius/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,32 +37,55 @@ host_triplet = @host@ subdir = src/charon/plugins/eap_radius DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eapradius_la_LIBADD = -am_libstrongswan_eapradius_la_OBJECTS = eap_radius_plugin.lo \ +libstrongswan_eap_radius_la_LIBADD = +am_libstrongswan_eap_radius_la_OBJECTS = eap_radius_plugin.lo \ eap_radius.lo radius_client.lo radius_message.lo -libstrongswan_eapradius_la_OBJECTS = \ - $(am_libstrongswan_eapradius_la_OBJECTS) -libstrongswan_eapradius_la_LINK = $(LIBTOOL) --tag=CC \ +libstrongswan_eap_radius_la_OBJECTS = \ + $(am_libstrongswan_eap_radius_la_OBJECTS) +libstrongswan_eap_radius_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eapradius_la_LDFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eap_radius_la_LDFLAGS) \ $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -70,8 +95,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_eapradius_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eapradius_la_SOURCES) +SOURCES = $(libstrongswan_eap_radius_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_radius_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -108,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -138,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -171,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -196,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -204,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -223,18 +251,19 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapradius.la -libstrongswan_eapradius_la_SOURCES = \ +plugin_LTLIBRARIES = libstrongswan-eap-radius.la +libstrongswan_eap_radius_la_SOURCES = \ eap_radius_plugin.h eap_radius_plugin.c \ eap_radius.h eap_radius.c \ radius_client.h radius_client.c \ radius_message.h radius_message.c -libstrongswan_eapradius_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: @@ -248,9 +277,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -268,23 +297,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -295,8 +329,8 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-eapradius.la: $(libstrongswan_eapradius_la_OBJECTS) $(libstrongswan_eapradius_la_DEPENDENCIES) - $(libstrongswan_eapradius_la_LINK) -rpath $(plugindir) $(libstrongswan_eapradius_la_OBJECTS) $(libstrongswan_eapradius_la_LIBADD) $(LIBS) +libstrongswan-eap-radius.la: $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_DEPENDENCIES) + $(libstrongswan_eap_radius_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -311,21 +345,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -348,7 +382,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -356,29 +390,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -399,13 +438,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -436,6 +479,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -457,6 +501,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -465,18 +511,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -515,6 +571,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/eap_radius/eap_radius.c b/src/charon/plugins/eap_radius/eap_radius.c index deb3b648b..f041fda54 100644 --- a/src/charon/plugins/eap_radius/eap_radius.c +++ b/src/charon/plugins/eap_radius/eap_radius.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "eap_radius.h" #include "radius_message.h" @@ -26,47 +26,47 @@ typedef struct private_eap_radius_t private_eap_radius_t; * Private data of an eap_radius_t object. */ struct private_eap_radius_t { - + /** * Public authenticator_t interface. */ eap_radius_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * EAP method type we are proxying */ eap_type_t type; - + /** * EAP vendor, if any */ u_int32_t vendor; - + /** * EAP MSK, if method established one */ chunk_t msk; - + /** * RADIUS client instance */ radius_client_t *client; - + /** * TRUE to use EAP-Start, FALSE to send EAP-Identity Response directly */ bool eap_start; - + /** * Prefix to prepend to EAP identity */ @@ -93,11 +93,11 @@ static void add_eap_identity(private_eap_radius_t *this, } __attribute__((__packed__)) *hdr; chunk_t id, prefix; size_t len; - + id = this->peer->get_encoding(this->peer); prefix = chunk_create(this->id_prefix, strlen(this->id_prefix)); len = sizeof(*hdr) + prefix.len + id.len; - + hdr = alloca(len); hdr->code = EAP_RESPONSE; hdr->identifier = 0; @@ -105,7 +105,7 @@ static void add_eap_identity(private_eap_radius_t *this, hdr->type = EAP_IDENTITY; memcpy(hdr->data, prefix.ptr, prefix.len); memcpy(hdr->data + prefix.len, id.ptr, id.len); - + request->add(request, RAT_EAP_MESSAGE, chunk_create((u_char*)hdr, len)); } @@ -117,22 +117,26 @@ static bool radius2ike(private_eap_radius_t *this, { enumerator_t *enumerator; eap_payload_t *payload; - chunk_t data; + chunk_t data, message = chunk_empty; int type; - + enumerator = msg->create_enumerator(msg); while (enumerator->enumerate(enumerator, &type, &data)) { - if (type == RAT_EAP_MESSAGE) + if (type == RAT_EAP_MESSAGE && data.len) { - *out = payload = eap_payload_create_data(data); - /* apply EAP method selected by RADIUS server */ - this->type = payload->get_type(payload, &this->vendor); - enumerator->destroy(enumerator); - return TRUE; + message = chunk_cat("mc", message, data); } } enumerator->destroy(enumerator); + if (message.len) + { + *out = payload = eap_payload_create_data(message); + free(message.ptr); + /* apply EAP method selected by RADIUS server */ + this->type = payload->get_type(payload, &this->vendor); + return TRUE; + } return FALSE; } @@ -144,12 +148,12 @@ static status_t initiate(private_eap_radius_t *this, eap_payload_t **out) radius_message_t *request, *response; status_t status = FAILED; chunk_t username; - + request = radius_message_create_request(); username = chunk_create(this->id_prefix, strlen(this->id_prefix)); username = chunk_cata("cc", username, this->peer->get_encoding(this->peer)); request->add(request, RAT_USER_NAME, username); - + if (this->eap_start) { request->add(request, RAT_EAP_MESSAGE, chunk_empty); @@ -158,7 +162,7 @@ static status_t initiate(private_eap_radius_t *this, eap_payload_t **out) { add_eap_identity(this, request); } - + response = this->client->request(this->client, request); if (response) { @@ -180,11 +184,19 @@ static status_t process(private_eap_radius_t *this, { radius_message_t *request, *response; status_t status = FAILED; - + chunk_t data; + request = radius_message_create_request(); request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer)); - request->add(request, RAT_EAP_MESSAGE, in->get_data(in)); - + data = in->get_data(in); + /* fragment data suitable for RADIUS (not more than 253 bytes) */ + while (data.len > 253) + { + request->add(request, RAT_EAP_MESSAGE, chunk_create(data.ptr, 253)); + data = chunk_skip(data, 253); + } + request->add(request, RAT_EAP_MESSAGE, data); + response = this->client->request(this->client, request); if (response) { @@ -271,14 +283,14 @@ static void destroy(private_eap_radius_t *this) eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer) { private_eap_radius_t *this = malloc_thing(private_eap_radius_t); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + this->client = radius_client_create(); if (!this->client) { @@ -291,10 +303,10 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer this->type = EAP_RADIUS; this->vendor = 0; this->msk = chunk_empty; - this->eap_start = lib->settings->get_bool(lib->settings, - "charon.plugins.eap_radius.eap_start", FALSE); + this->eap_start = lib->settings->get_bool(lib->settings, + "charon.plugins.eap-radius.eap_start", FALSE); this->id_prefix = lib->settings->get_str(lib->settings, - "charon.plugins.eap_radius.id_prefix", ""); + "charon.plugins.eap-radius.id_prefix", ""); return &this->public; } diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.c b/src/charon/plugins/eap_radius/eap_radius_plugin.c index 7c6a3c9ff..51e6a69c8 100644 --- a/src/charon/plugins/eap_radius/eap_radius_plugin.c +++ b/src/charon/plugins/eap_radius/eap_radius_plugin.c @@ -36,19 +36,19 @@ static void destroy(eap_radius_plugin_t *this) plugin_t *plugin_create() { eap_radius_plugin_t *this; - + if (!radius_client_init()) { DBG1(DBG_CFG, "RADIUS plugin initialization failed"); return NULL; } - + this = malloc_thing(eap_radius_plugin_t); this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_RADIUS, 0, EAP_SERVER, (eap_constructor_t)eap_radius_create); - + return &this->plugin; } diff --git a/src/charon/plugins/eap_radius/radius_client.c b/src/charon/plugins/eap_radius/radius_client.c index de1bafc6d..1d1f21742 100644 --- a/src/charon/plugins/eap_radius/radius_client.c +++ b/src/charon/plugins/eap_radius/radius_client.c @@ -21,7 +21,8 @@ #include #include #include -#include +#include +#include /** * Default RADIUS server port, when not configured @@ -63,12 +64,12 @@ struct entry_t { * Private data of an radius_client_t object. */ struct private_radius_client_t { - + /** * Public radius_client_t interface. */ radius_client_t public; - + /** * RADIUS servers State attribute */ @@ -106,7 +107,7 @@ static chunk_t nas_identifier; void radius_client_cleanup() { entry_t *entry; - + mutex->destroy(mutex); condvar->destroy(condvar); while (sockets->remove_last(sockets, (void**)&entry) == SUCCESS) @@ -130,13 +131,13 @@ bool radius_client_init() entry_t *entry; host_t *host; char *server; - + nas_identifier.ptr = lib->settings->get_str(lib->settings, - "charon.plugins.eap_radius.nas_identifier", "strongSwan"); + "charon.plugins.eap-radius.nas_identifier", "strongSwan"); nas_identifier.len = strlen(nas_identifier.ptr); - + secret.ptr = lib->settings->get_str(lib->settings, - "charon.plugins.eap_radius.secret", NULL); + "charon.plugins.eap-radius.secret", NULL); if (!secret.ptr) { DBG1(DBG_CFG, "no RADUIS secret defined"); @@ -144,22 +145,22 @@ bool radius_client_init() } secret.len = strlen(secret.ptr); server = lib->settings->get_str(lib->settings, - "charon.plugins.eap_radius.server", NULL); + "charon.plugins.eap-radius.server", NULL); if (!server) { DBG1(DBG_CFG, "no RADUIS server defined"); return FALSE; } port = lib->settings->get_int(lib->settings, - "charon.plugins.eap_radius.port", RADIUS_PORT); + "charon.plugins.eap-radius.port", RADIUS_PORT); host = host_create_from_dns(server, 0, port); if (!host) { return FALSE; } count = lib->settings->get_int(lib->settings, - "charon.plugins.eap_radius.sockets", 1); - + "charon.plugins.eap-radius.sockets", 1); + sockets = linked_list_create(); mutex = mutex_create(MUTEX_TYPE_DEFAULT); condvar = condvar_create(CONDVAR_TYPE_DEFAULT); @@ -214,7 +215,7 @@ bool radius_client_init() static entry_t* get_socket() { entry_t *entry; - + mutex->lock(mutex); while (sockets->remove_first(sockets, (void**)&entry) != SUCCESS) { @@ -243,7 +244,7 @@ static void save_state(private_radius_client_t *this, radius_message_t *msg) enumerator_t *enumerator; int type; chunk_t data; - + enumerator = msg->create_enumerator(msg); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -270,9 +271,9 @@ static radius_message_t* request(private_radius_client_t *this, entry_t *socket; chunk_t data; int i; - + socket = get_socket(); - + /* set Message Identifier */ req->set_identifier(req, socket->identifier++); /* we add the "Virtual" NAS-Port-Type, as we SHOULD include one */ @@ -286,7 +287,7 @@ static radius_message_t* request(private_radius_client_t *this, } /* sign the request */ req->sign(req, socket->rng, socket->signer); - + data = req->get_encoding(req); /* timeout after 2, 3, 4, 5 seconds */ for (i = 2; i <= 5; i++) @@ -294,10 +295,10 @@ static radius_message_t* request(private_radius_client_t *this, radius_message_t *response; bool retransmit = FALSE; struct timeval tv; - char buf[1024]; + char buf[4096]; fd_set fds; int res; - + if (send(socket->fd, data.ptr, data.len, 0) != data.len) { DBG1(DBG_CFG, "sending RADIUS message failed: %s", strerror(errno)); @@ -306,7 +307,7 @@ static radius_message_t* request(private_radius_client_t *this, } tv.tv_sec = i; tv.tv_usec = 0; - + while (TRUE) { FD_ZERO(&fds); @@ -334,7 +335,7 @@ static radius_message_t* request(private_radius_client_t *this, } response = radius_message_parse_response(chunk_create(buf, res)); if (response) - { + { if (response->verify(response, req->get_authenticator(req), secret, socket->hasher, socket->signer)) { @@ -366,7 +367,7 @@ static chunk_t decrypt_mppe_key(private_radius_client_t *this, u_int16_t salt, chunk_t A, R, P, seed; u_char *c, *p; hasher_t *hasher; - + /** * From RFC2548 (encryption): * b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1) @@ -374,42 +375,42 @@ static chunk_t decrypt_mppe_key(private_radius_client_t *this, u_int16_t salt, * . . . * b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i) */ - + if (C.len % HASH_SIZE_MD5 || C.len < HASH_SIZE_MD5) { return chunk_empty; } - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); if (!hasher) { return chunk_empty; } - + A = chunk_create((u_char*)&salt, sizeof(salt)); R = chunk_create(request->get_authenticator(request), HASH_SIZE_MD5); P = chunk_alloca(C.len); p = P.ptr; c = C.ptr; - + seed = chunk_cata("cc", R, A); - + while (c < C.ptr + C.len) { /* b(i) = MD5(S + c(i-1)) */ hasher->get_hash(hasher, secret, NULL); hasher->get_hash(hasher, seed, p); - + /* p(i) = b(i) xor c(1) */ memxor(p, c, HASH_SIZE_MD5); - + /* prepare next round */ seed = chunk_create(c, HASH_SIZE_MD5); c += HASH_SIZE_MD5; p += HASH_SIZE_MD5; } hasher->destroy(hasher); - + /* remove truncation, first byte is key length */ if (*P.ptr >= P.len) { /* decryption failed? */ @@ -434,7 +435,7 @@ static chunk_t decrypt_msk(private_radius_client_t *this, enumerator_t *enumerator; chunk_t data, send = chunk_empty, recv = chunk_empty; int type; - + enumerator = response->create_enumerator(response); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -482,13 +483,13 @@ static void destroy(private_radius_client_t *this) radius_client_t *radius_client_create() { private_radius_client_t *this = malloc_thing(private_radius_client_t); - + this->public.request = (radius_message_t*(*)(radius_client_t*, radius_message_t *msg))request; this->public.decrypt_msk = (chunk_t(*)(radius_client_t*, radius_message_t *, radius_message_t *))decrypt_msk; this->public.destroy = (void(*)(radius_client_t*))destroy; - + this->state = chunk_empty; - + return &this->public; } diff --git a/src/charon/plugins/eap_radius/radius_client.h b/src/charon/plugins/eap_radius/radius_client.h index 889861a16..77ba94807 100644 --- a/src/charon/plugins/eap_radius/radius_client.h +++ b/src/charon/plugins/eap_radius/radius_client.h @@ -33,11 +33,11 @@ typedef struct radius_client_t radius_client_t; * a socket during request() and releases it afterwards. */ struct radius_client_t { - + /** * Send a RADIUS request and wait for the response. * - * The client fills in RADIUS Message identifier, NAS-Identifier, + * The client fills in RADIUS Message identifier, NAS-Identifier, * NAS-Port-Type, builds a Request-Authenticator and calculates the * Message-Authenticator attribute. * The received response gets verified using the Response-Identifier @@ -47,7 +47,7 @@ struct radius_client_t { * @return response, NULL if timed out/verification failed */ radius_message_t* (*request)(radius_client_t *this, radius_message_t *msg); - + /** * Decrypt the MSK encoded in a messages MS-MPPE-Send/Recv-Key. * @@ -57,7 +57,7 @@ struct radius_client_t { */ chunk_t (*decrypt_msk)(radius_client_t *this, radius_message_t *response, radius_message_t *request); - + /** * Destroy the client, release the socket. */ diff --git a/src/charon/plugins/eap_radius/radius_message.c b/src/charon/plugins/eap_radius/radius_message.c index 59a639f31..11a1d8dfc 100644 --- a/src/charon/plugins/eap_radius/radius_message.c +++ b/src/charon/plugins/eap_radius/radius_message.c @@ -54,12 +54,12 @@ struct rattr_t { * Private data of an radius_message_t object. */ struct private_radius_message_t { - + /** * Public radius_message_t interface. */ radius_message_t public; - + /** * message data, allocated */ @@ -247,12 +247,12 @@ static bool attribute_enumerate(attribute_enumerator_t *this, static enumerator_t* create_enumerator(private_radius_message_t *this) { attribute_enumerator_t *e; - + if (ntohs(this->msg->length) < sizeof(rmsg_t) + sizeof(rattr_t)) { return enumerator_create_empty(); } - + e = malloc_thing(attribute_enumerator_t); e->public.enumerate = (void*)attribute_enumerate; e->public.destroy = (void*)free; @@ -268,7 +268,8 @@ static void add(private_radius_message_t *this, radius_attribute_type_t type, chunk_t data) { rattr_t *attribute; - + + data.len = min(data.len, 253); this->msg = realloc(this->msg, ntohs(this->msg->length) + sizeof(rattr_t) + data.len); attribute = ((void*)this->msg) + ntohs(this->msg->length); @@ -284,10 +285,10 @@ static void add(private_radius_message_t *this, radius_attribute_type_t type, static void sign(private_radius_message_t *this, rng_t *rng, signer_t *signer) { char buf[HASH_SIZE_MD5]; - + /* build Request-Authenticator */ rng->get_bytes(rng, HASH_SIZE_MD5, this->msg->authenticator); - + /* build Message-Authenticator attribute, using 16 null bytes */ memset(buf, 0, sizeof(buf)); add(this, RAT_MESSAGE_AUTHENTICATOR, chunk_create(buf, sizeof(buf))); @@ -307,12 +308,12 @@ static bool verify(private_radius_message_t *this, u_int8_t *req_auth, int type; chunk_t data, msg; bool has_eap = FALSE, has_auth = FALSE; - + /* replace Response by Request Authenticator for verification */ memcpy(res_auth, this->msg->authenticator, HASH_SIZE_MD5); memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5); msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length)); - + /* verify Response-Authenticator */ hasher->get_hash(hasher, msg, NULL); hasher->get_hash(hasher, secret, buf); @@ -321,7 +322,7 @@ static bool verify(private_radius_message_t *this, u_int8_t *req_auth, DBG1(DBG_CFG, "RADIUS Response-Authenticator verification failed"); return FALSE; } - + /* verify Message-Authenticator attribute */ enumerator = create_enumerator(this); while (enumerator->enumerate(enumerator, &type, &data)) @@ -359,7 +360,7 @@ static bool verify(private_radius_message_t *this, u_int8_t *req_auth, enumerator->destroy(enumerator); /* restore Response-Authenticator */ memcpy(this->msg->authenticator, res_auth, HASH_SIZE_MD5); - + if (has_eap && !has_auth) { /* Message-Authenticator is required if we have an EAP-Message */ DBG1(DBG_CFG, "RADIUS Message-Authenticator attribute missing"); @@ -424,7 +425,7 @@ static void destroy(private_radius_message_t *this) static private_radius_message_t *radius_message_create() { private_radius_message_t *this = malloc_thing(private_radius_message_t); - + this->public.create_enumerator = (enumerator_t*(*)(radius_message_t*))create_enumerator; this->public.add = (void(*)(radius_message_t*, radius_attribute_type_t,chunk_t))add; this->public.get_code = (radius_message_code_t(*)(radius_message_t*))get_code; @@ -435,7 +436,7 @@ static private_radius_message_t *radius_message_create() this->public.sign = (void(*)(radius_message_t*, rng_t *rng, signer_t *signer))sign; this->public.verify = (bool(*)(radius_message_t*, u_int8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer))verify; this->public.destroy = (void(*)(radius_message_t*))destroy; - + return this; } @@ -445,12 +446,12 @@ static private_radius_message_t *radius_message_create() radius_message_t *radius_message_create_request() { private_radius_message_t *this = radius_message_create(); - + this->msg = malloc_thing(rmsg_t); this->msg->code = RMC_ACCESS_REQUEST; this->msg->identifier = 0; this->msg->length = htons(sizeof(rmsg_t)); - + return &this->public; } @@ -460,7 +461,7 @@ radius_message_t *radius_message_create_request() radius_message_t *radius_message_parse_response(chunk_t data) { private_radius_message_t *this = radius_message_create(); - + this->msg = malloc(data.len); memcpy(this->msg, data.ptr, data.len); if (data.len < sizeof(rmsg_t) || diff --git a/src/charon/plugins/eap_radius/radius_message.h b/src/charon/plugins/eap_radius/radius_message.h index d4eec8590..266839d3b 100644 --- a/src/charon/plugins/eap_radius/radius_message.h +++ b/src/charon/plugins/eap_radius/radius_message.h @@ -181,14 +181,14 @@ extern enum_name_t *radius_attribute_type_names; * A RADIUS message, contains attributes. */ struct radius_message_t { - + /** * Create an enumerator over contained RADIUS attributes. * * @return enumerator over (int type, chunk_t data) */ enumerator_t* (*create_enumerator)(radius_message_t *this); - + /** * Add a RADIUS attribute to the message. * @@ -197,42 +197,42 @@ struct radius_message_t { */ void (*add)(radius_message_t *this, radius_attribute_type_t type, chunk_t data); - + /** * Get the message type (code). * * @return message code */ radius_message_code_t (*get_code)(radius_message_t *this); - + /** * Get the message identifier. * * @return message identifier */ u_int8_t (*get_identifier)(radius_message_t *this); - + /** * Set the message identifier. * * @param identifier message identifier */ void (*set_identifier)(radius_message_t *this, u_int8_t identifier); - + /** * Get the 16 byte authenticator. * * @return pointer to the Authenticator field */ u_int8_t* (*get_authenticator)(radius_message_t *this); - + /** * Get the RADIUS message in its encoded form. * * @return chunk pointing to internal RADIUS message. */ chunk_t (*get_encoding)(radius_message_t *this); - + /** * Calculate and add the Message-Authenticator attribute to the message. * @@ -240,7 +240,7 @@ struct radius_message_t { * @param signer HMAC-MD5 signer with secret set */ void (*sign)(radius_message_t *this, rng_t *rng, signer_t *signer); - + /** * Verify the integrity of a received RADIUS response. * @@ -251,7 +251,7 @@ struct radius_message_t { */ bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer); - + /** * Destroy the message. */ diff --git a/src/charon/plugins/eap_sim/Makefile.am b/src/charon/plugins/eap_sim/Makefile.am index e503bddab..74b9bb4e8 100644 --- a/src/charon/plugins/eap_sim/Makefile.am +++ b/src/charon/plugins/eap_sim/Makefile.am @@ -1,11 +1,14 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \ + -I$(top_srcdir)/src/libsimaka -AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DSIM_READER_LIB=\"${simreader}\" +AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapsim.la +plugin_LTLIBRARIES = libstrongswan-eap-sim.la -libstrongswan_eapsim_la_SOURCES = eap_sim.h eap_sim.c \ - eap_sim_plugin.h eap_sim_plugin.c -libstrongswan_eapsim_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_sim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c \ + eap_sim_peer.h eap_sim_peer.c \ + eap_sim_server.h eap_sim_server.c +libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_sim/Makefile.in b/src/charon/plugins/eap_sim/Makefile.in index 8f6daacad..d9b568a42 100644 --- a/src/charon/plugins/eap_sim/Makefile.in +++ b/src/charon/plugins/eap_sim/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,30 +37,55 @@ host_triplet = @host@ subdir = src/charon/plugins/eap_sim DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eapsim_la_LIBADD = -am_libstrongswan_eapsim_la_OBJECTS = eap_sim.lo eap_sim_plugin.lo -libstrongswan_eapsim_la_OBJECTS = \ - $(am_libstrongswan_eapsim_la_OBJECTS) -libstrongswan_eapsim_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +libstrongswan_eap_sim_la_DEPENDENCIES = \ + $(top_builddir)/src/libsimaka/libsimaka.la +am_libstrongswan_eap_sim_la_OBJECTS = eap_sim_plugin.lo \ + eap_sim_peer.lo eap_sim_server.lo +libstrongswan_eap_sim_la_OBJECTS = \ + $(am_libstrongswan_eap_sim_la_OBJECTS) +libstrongswan_eap_sim_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libstrongswan_eapsim_la_LDFLAGS) $(LDFLAGS) -o $@ + $(libstrongswan_eap_sim_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -68,8 +95,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_eapsim_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eapsim_la_SOURCES) +SOURCES = $(libstrongswan_eap_sim_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_sim_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -106,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,15 +251,20 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -DSIM_READER_LIB=\"${simreader}\" -plugin_LTLIBRARIES = libstrongswan-eapsim.la -libstrongswan_eapsim_la_SOURCES = eap_sim.h eap_sim.c \ - eap_sim_plugin.h eap_sim_plugin.c +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \ + -I$(top_srcdir)/src/libsimaka + +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-eap-sim.la +libstrongswan_eap_sim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c \ + eap_sim_peer.h eap_sim_peer.c \ + eap_sim_server.h eap_sim_server.c -libstrongswan_eapsim_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: @@ -243,9 +278,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_sim/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_sim/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_sim/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_sim/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +298,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -290,8 +330,8 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-eapsim.la: $(libstrongswan_eapsim_la_OBJECTS) $(libstrongswan_eapsim_la_DEPENDENCIES) - $(libstrongswan_eapsim_la_LINK) -rpath $(plugindir) $(libstrongswan_eapsim_la_OBJECTS) $(libstrongswan_eapsim_la_LIBADD) $(LIBS) +libstrongswan-eap-sim.la: $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_DEPENDENCIES) + $(libstrongswan_eap_sim_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -299,26 +339,27 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_sim.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_sim_peer.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_sim_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_sim_server.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -341,7 +382,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -349,29 +390,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -392,13 +438,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -429,6 +479,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -450,6 +501,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -458,18 +511,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -508,6 +571,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/eap_sim/eap_sim.c b/src/charon/plugins/eap_sim/eap_sim.c deleted file mode 100644 index 2dd6e534b..000000000 --- a/src/charon/plugins/eap_sim/eap_sim.c +++ /dev/null @@ -1,1149 +0,0 @@ -/* - * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "eap_sim.h" - -#include - -#include -#include - -#define MAX_TRIES 3 - -/* number of triplets for one authentication */ -#define TRIPLET_COUNT 3 - -typedef enum sim_subtype_t sim_subtype_t; - -/** - * Subtypes of SIM messages - */ -enum sim_subtype_t { - SIM_START = 10, - SIM_CHALLENGE = 11, - SIM_NOTIFICATION = 12, - SIM_CLIENT_ERROR = 14, -}; - -ENUM(sim_subtype_names, SIM_START, SIM_CLIENT_ERROR, - "SIM_START", - "SIM_CHALLENGE", - "SIM_NOTIFICATION", - "SIM_13", - "SIM_CLIENT_ERROR", -); - -typedef enum sim_attribute_t sim_attribute_t; - -/** - * Attributes in SIM messages - */ -enum sim_attribute_t { - /** defines the end of attribute list */ - AT_END = -1, - AT_RAND = 1, - AT_AUTN = 2, - AT_RES = 3, - AT_AUTS = 4, - AT_PADDING = 6, - AT_NONCE_MT = 7, - AT_PERMANENT_ID_REQ = 10, - AT_MAC = 11, - AT_NOTIFICATION = 12, - AT_ANY_ID_REQ = 13, - AT_IDENTITY = 14, - AT_VERSION_LIST = 15, - AT_SELECTED_VERSION = 16, - AT_FULLAUTH_ID_REQ = 17, - AT_COUNTER = 19, - AT_COUNTER_TOO_SMALL = 20, - AT_NONCE_S = 21, - AT_CLIENT_ERROR_CODE = 22, - AT_IV = 129, - AT_ENCR_DATA = 130, - AT_NEXT_PSEUDONYM = 132, - AT_NEXT_REAUTH_ID = 133, - AT_CHECKCODE = 134, - AT_RESULT_IND = 135, -}; - -ENUM_BEGIN(sim_attribute_names, AT_END, AT_CLIENT_ERROR_CODE, - "AT_END", - "AT_0", - "AT_RAND", - "AT_AUTN", - "AT_RES", - "AT_AUTS", - "AT_5", - "AT_PADDING", - "AT_NONCE_MT", - "AT_8", - "AT_9", - "AT_PERMANENT_ID_REQ", - "AT_MAC", - "AT_NOTIFICATION", - "AT_ANY_ID_REQ", - "AT_IDENTITY", - "AT_VERSION_LIST", - "AT_SELECTED_VERSION", - "AT_FULLAUTH_ID_REQ", - "AT_18", - "AT_COUNTER", - "AT_COUNTER_TOO_SMALL", - "AT_NONCE_S", - "AT_CLIENT_ERROR_CODE"); -ENUM_NEXT(sim_attribute_names, AT_IV, AT_RESULT_IND, AT_CLIENT_ERROR_CODE, - "AT_IV", - "AT_ENCR_DATA", - "AT_131", - "AT_NEXT_PSEUDONYM", - "AT_NEXT_REAUTH_ID", - "AT_CHECKCODE", - "AT_RESULT_IND"); -ENUM_END(sim_attribute_names, AT_RESULT_IND); - - -typedef struct private_eap_sim_t private_eap_sim_t; - -/** - * Private data of an eap_sim_t object. - */ -struct private_eap_sim_t { - - /** - * Public authenticator_t interface. - */ - eap_sim_t public; - - /** - * ID of ourself - */ - identification_t *peer; - - /** - * hashing function - */ - hasher_t *hasher; - - /** - * prf - */ - prf_t *prf; - - /** - * MAC function - */ - signer_t *signer; - - /** - * how many times we try to authenticate - */ - int tries; - - /** - * unique EAP identifier - */ - u_int8_t identifier; - - /** - * EAP message type this role sends - */ - u_int8_t type; - - /** - * version this implementation uses - */ - chunk_t version; - - /** - * version list received from server - */ - chunk_t version_list; - - /** - * Nonce value used in AT_NONCE_MT - */ - chunk_t nonce; - - /** - * concatenated SRES values - */ - chunk_t sreses; - - /** - * k_encr key derived from MK - */ - chunk_t k_encr; - - /** - * k_auth key derived from MK, used for AT_MAC verification - */ - chunk_t k_auth; - - /** - * MSK, used for EAP-SIM based IKEv2 authentication - */ - chunk_t msk; - - /** - * EMSK, extended MSK for further uses - */ - chunk_t emsk; -}; - -/** length of the AT_NONCE_MT nonce value */ -#define NONCE_LEN 16 -/** length of the AT_MAC value */ -#define MAC_LEN 16 -/** length of the AT_RAND value */ -#define RAND_LEN 16 -/** length of Kc */ -#define KC_LEN 8 -/** length of SRES */ -#define SRES_LEN 4 -/** length of the k_encr key */ -#define KENCR_LEN 16 -/** length of the k_auth key */ -#define KAUTH_LEN 16 -/** length of the MSK */ -#define MSK_LEN 64 -/** length of the EMSK */ -#define EMSK_LEN 64 - -static char version[] = {0x00,0x01}; -/* client error codes used in AT_CLIENT_ERROR_CODE */ -char client_error_general_buf[] = {0x00, 0x01}; -char client_error_unsupported_buf[] = {0x00, 0x02}; -char client_error_insufficient_buf[] = {0x00, 0x03}; -char client_error_notfresh_buf[] = {0x00, 0x04}; -chunk_t client_error_general = chunk_from_buf(client_error_general_buf); -chunk_t client_error_unsupported = chunk_from_buf(client_error_unsupported_buf); -chunk_t client_error_insufficient = chunk_from_buf(client_error_insufficient_buf); -chunk_t client_error_notfresh = chunk_from_buf(client_error_notfresh_buf); - -/** - * Read EAP and EAP-SIM header, return SIM type - */ -static sim_subtype_t read_header(chunk_t *message) -{ - sim_subtype_t type; - - if (message->len < 8) - { - *message = chunk_empty; - return 0; - } - type = *(message->ptr + 5); - *message = chunk_skip(*message, 8); - return type; -} - -/** - * read the next attribute from the chunk data - */ -static sim_attribute_t read_attribute(chunk_t *message, chunk_t *data) -{ - sim_attribute_t attribute; - size_t length; - - DBG3(DBG_IKE, "reading attribute from %B", message); - - if (message->len < 2) - { - return AT_END; - } - attribute = *message->ptr++; - length = *message->ptr++ * 4 - 2; - message->len -= 2; - DBG3(DBG_IKE, "found attribute %N with length %d", - sim_attribute_names, attribute, length); - - if (length > message->len) - { - return AT_END; - } - data->len = length; - data->ptr = message->ptr; - *message = chunk_skip(*message, length); - return attribute; -} - -/** - * Build an EAP-SIM payload using a variable length attribute list. - * The variable argument takes a sim_attribute_t followed by its data in a chunk. - */ -static eap_payload_t *build_payload(private_eap_sim_t *this, u_int8_t identifier, - sim_subtype_t type, ...) -{ - chunk_t message = chunk_alloca(512); - chunk_t pos = message; - eap_payload_t *payload; - va_list args; - sim_attribute_t attr; - u_int8_t *mac_pos = NULL; - chunk_t mac_data = chunk_empty; - - /* write EAP header, skip length bytes */ - *pos.ptr++ = this->type; - *pos.ptr++ = identifier; - pos.ptr += 2; - pos.len -= 4; - /* write SIM header with type and subtype, zero reserved bytes */ - *pos.ptr++ = EAP_SIM; - *pos.ptr++ = type; - *pos.ptr++ = 0; - *pos.ptr++ = 0; - pos.len -= 4; - - va_start(args, type); - while ((attr = va_arg(args, sim_attribute_t)) != AT_END) - { - chunk_t data = va_arg(args, chunk_t); - - DBG3(DBG_IKE, "building %N %B", sim_attribute_names, attr, &data); - - /* write attribute header */ - *pos.ptr++ = attr; - pos.len--; - - switch (attr) - { - case AT_CLIENT_ERROR_CODE: - case AT_SELECTED_VERSION: - { - *pos.ptr = data.len/4 + 1; - pos = chunk_skip(pos, 1); - memcpy(pos.ptr, data.ptr, data.len); - pos = chunk_skip(pos, data.len); - break; - } - case AT_IDENTITY: - case AT_VERSION_LIST: - { - u_int16_t act_len = data.len; - /* align up to four byte */ - if (data.len % 4) - { - chunk_t tmp = chunk_alloca((data.len/4)*4 + 4); - memset(tmp.ptr, 0, tmp.len); - memcpy(tmp.ptr, data.ptr, data.len); - data = tmp; - } - *pos.ptr = data.len/4 + 1; - pos = chunk_skip(pos, 1); - /* actual length in bytes */ - *(u_int16_t*)pos.ptr = htons(act_len); - pos = chunk_skip(pos, sizeof(u_int16_t)); - memcpy(pos.ptr, data.ptr, data.len); - pos = chunk_skip(pos, data.len); - break; - } - case AT_NONCE_MT: - { - *pos.ptr = data.len/4 + 1; - pos = chunk_skip(pos, 1); - memset(pos.ptr, 0, 2); - pos = chunk_skip(pos, 2); - memcpy(pos.ptr, data.ptr, data.len); - pos = chunk_skip(pos, data.len); - break; - } - case AT_MAC: - { - *pos.ptr++ = 5; pos.len--; - *pos.ptr++ = 0; pos.len--; - *pos.ptr++ = 0; pos.len--; - mac_pos = pos.ptr; - memset(mac_pos, 0, MAC_LEN); - pos = chunk_skip(pos, MAC_LEN); - mac_data = data; - break; - } - case AT_RAND: - { - *pos.ptr++ = data.len/4 + 1; pos.len--; - *pos.ptr++ = 0; pos.len--; - *pos.ptr++ = 0; pos.len--; - memcpy(pos.ptr, data.ptr, data.len); - pos = chunk_skip(pos, data.len); - break; - } - default: - DBG1(DBG_IKE, "no rule to build EAP_SIM attribute %N, skipped", - sim_attribute_names, attr); - break; - } - } - va_end(args); - - /* calculate message length, write into header */ - message.len = pos.ptr - message.ptr; - *(u_int16_t*)(message.ptr + 2) = htons(message.len); - - /* create MAC if AT_MAC attribte was included. Append supplied va_arg - * chunk mac_data to "to-sign" chunk */ - if (mac_pos) - { - this->signer->set_key(this->signer, this->k_auth); - mac_data = chunk_cata("cc", message, mac_data); - this->signer->get_signature(this->signer, mac_data, mac_pos); - DBG3(DBG_IKE, "AT_MAC signature of %B\n is %b", - &mac_data, mac_pos, MAC_LEN); - } - - payload = eap_payload_create_data(message); - - DBG3(DBG_IKE, "created EAP message %B", &message); - return payload; -} - -/** - * process an EAP-SIM/Request/Start message - */ -static status_t peer_process_start(private_eap_sim_t *this, eap_payload_t *in, - eap_payload_t **out) -{ - chunk_t message, data; - sim_attribute_t attribute, include_id = AT_END; - u_int8_t identifier; - - identifier = in->get_identifier(in); - message = in->get_data(in); - read_header(&message); - - while ((attribute = read_attribute(&message, &data)) != AT_END) - { - switch (attribute) - { - case AT_VERSION_LIST: - { - /* check if server supports our implementation */ - bool found = FALSE; - if (data.len > 2) - { - /* read actual length first */ - data.len = min(data.len, ntohs(*(u_int16_t*)data.ptr) + 2); - data = chunk_skip(data, 2); - chunk_free(&this->version_list); - this->version_list = chunk_clone(data); - while (data.len >= this->version.len) - { - if (memeq(data.ptr, this->version.ptr, this->version.len)) - { - found = TRUE; - break; - } - data = chunk_skip(data, this->version.len); - } - } - if (!found) - { - DBG1(DBG_IKE, "server does not support EAP_SIM " - "version number %#B", &this->version); - *out = build_payload(this, identifier, SIM_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_unsupported, - AT_END); - return NEED_MORE; - } - break; - } - case AT_PERMANENT_ID_REQ: - case AT_FULLAUTH_ID_REQ: - case AT_ANY_ID_REQ: - /* only include AT_IDENTITY if requested */ - include_id = AT_IDENTITY; - break; - case AT_NOTIFICATION: - { - u_int16_t code = 0; - if (data.len == 2) - { - code = ntohs(*(u_int16_t*)data.ptr); - } - if (code <= 32767) /* no success bit */ - { - DBG1(DBG_IKE, "received %N error %d", - sim_attribute_names, attribute, code); - *out = build_payload(this, - in->get_identifier(in), SIM_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_general, - AT_END); - return NEED_MORE; - } - else - { - DBG1(DBG_IKE, "received %N code %d", - sim_attribute_names, attribute, code); - } - break; - } - default: - DBG1(DBG_IKE, "ignoring EAP_SIM attribute %N", - sim_attribute_names, attribute); - break; - } - } - - /* build payload. If "include_id" is AT_END, AT_IDENTITY is ommited */ - *out = build_payload(this, identifier, SIM_START, - AT_SELECTED_VERSION, this->version, - AT_NONCE_MT, this->nonce, - include_id, this->peer->get_encoding(this->peer), - AT_END); - return NEED_MORE; -} - -/** - * derive EAP keys from kc - */ -static void derive_keys(private_eap_sim_t *this, chunk_t kcs) -{ - chunk_t tmp, mk; - int i; - - /* build MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) */ - tmp = chunk_cata("ccccc", this->peer->get_encoding(this->peer), kcs, - this->nonce, this->version_list, this->version); - mk = chunk_alloca(this->hasher->get_hash_size(this->hasher)); - this->hasher->get_hash(this->hasher, tmp, mk.ptr); - DBG3(DBG_IKE, "MK = SHA1(%B\n) = %B", &tmp, &mk); - - /* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() - * FIPS PRF has 320 bit block size, we need 160 byte for keys - * => run prf four times */ - this->prf->set_key(this->prf, mk); - tmp = chunk_alloca(this->prf->get_block_size(this->prf) * 4); - for (i = 0; i < 4; i++) - { - this->prf->get_bytes(this->prf, chunk_empty, tmp.ptr + tmp.len / 4 * i); - } - chunk_free(&this->k_encr); - chunk_free(&this->k_auth); - chunk_free(&this->msk); - chunk_free(&this->emsk); - chunk_split(tmp, "aaaa", KENCR_LEN, &this->k_encr, KAUTH_LEN, &this->k_auth, - MSK_LEN, &this->msk, EMSK_LEN, &this->emsk); - DBG3(DBG_IKE, "K_encr %B\nK_auth %B\nMSK %B\nEMSK %B", - &this->k_encr, &this->k_auth, &this->msk, &this->emsk); -} - -/** - * Read a triplet from the SIM card - */ -static bool get_card_triplet(private_eap_sim_t *this, - char *rand, char *sres, char *kc) -{ - enumerator_t *enumerator; - sim_card_t *card = NULL, *current; - id_match_t match, best = ID_MATCH_NONE; - bool success = FALSE; - - /* find the best matching SIM */ - enumerator = charon->sim->create_card_enumerator(charon->sim); - while (enumerator->enumerate(enumerator, ¤t)) - { - match = this->peer->matches(this->peer, current->get_imsi(current)); - if (match > best) - { - card = current; - best = match; - break; - } - } - if (card) - { - success = card->get_triplet(card, rand, sres, kc); - } - enumerator->destroy(enumerator); - if (!card) - { - DBG1(DBG_IKE, "no SIM card found matching '%Y'", this->peer); - } - return success; -} - -/** - * process an EAP-SIM/Request/Challenge message - */ -static status_t peer_process_challenge(private_eap_sim_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - chunk_t message, data, tmp, kcs, kc, sreses, sres; - sim_attribute_t attribute; - u_int8_t identifier; - chunk_t mac = chunk_empty, rands = chunk_empty; - - if (this->tries-- <= 0) - { - /* give up without notification. This hack is required as some buggy - * server implementations won't respect our client-error. */ - return FAILED; - } - - identifier = in->get_identifier(in); - message = in->get_data(in); - read_header(&message); - - while ((attribute = read_attribute(&message, &data)) != AT_END) - { - switch (attribute) - { - case AT_RAND: - { - rands = chunk_skip(data, 2); - break; - } - case AT_MAC: - { - /* backup MAC, zero it inline for later verification */ - data = chunk_skip(data, 2); - mac = chunk_clonea(data); - memset(data.ptr, 0, data.len); - break; - } - case AT_NOTIFICATION: - { - u_int16_t code = 0; - if (data.len == 2) - { - code = ntohs(*(u_int16_t*)data.ptr); - } - if (code <= 32767) /* no success bit */ - { - DBG1(DBG_IKE, "received %N error %d", - sim_attribute_names, attribute, code); - *out = build_payload(this, - in->get_identifier(in), SIM_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_general, - AT_END); - return NEED_MORE; - } - else - { - DBG1(DBG_IKE, "received %N code %d", - sim_attribute_names, attribute, code); - } - break; - } - default: - DBG1(DBG_IKE, "ignoring EAP_SIM attribute %N", - sim_attribute_names, attribute); - break; - } - } - - /* excepting two or three RAND, each 16 bytes. We require two valid - * and different RANDs */ - if ((rands.len != 2 * RAND_LEN && rands.len != 3 * RAND_LEN) || - memeq(rands.ptr, rands.ptr + RAND_LEN, RAND_LEN)) - { - DBG1(DBG_IKE, "no valid AT_RAND received"); - *out = build_payload(this, identifier, SIM_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_insufficient, - AT_END); - return NEED_MORE; - } - if (mac.len != MAC_LEN) - { - DBG1(DBG_IKE, "no valid AT_MAC received"); - *out = build_payload(this, identifier, SIM_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_general, - AT_END); - return NEED_MORE; - } - - /* get two or three KCs/SRESes from SIM using RANDs */ - kcs = kc = chunk_alloca(rands.len / 2); - sreses = sres = chunk_alloca(rands.len / 4); - while (rands.len >= RAND_LEN) - { - if (!get_card_triplet(this, rands.ptr, sres.ptr, kc.ptr)) - { - DBG1(DBG_IKE, "unable to get EAP-SIM triplet"); - *out = build_payload(this, identifier, SIM_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_general, - AT_END); - return NEED_MORE; - } - DBG3(DBG_IKE, "got triplet for RAND %b\n Kc %b\n SRES %b", - rands.ptr, RAND_LEN, sres.ptr, SRES_LEN, kc.ptr, KC_LEN); - kc = chunk_skip(kc, KC_LEN); - sres = chunk_skip(sres, SRES_LEN); - rands = chunk_skip(rands, RAND_LEN); - } - - derive_keys(this, kcs); - - /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_MT" */ - this->signer->set_key(this->signer, this->k_auth); - tmp = chunk_cata("cc", in->get_data(in), this->nonce); - if (!this->signer->verify_signature(this->signer, tmp, mac)) - { - DBG1(DBG_IKE, "AT_MAC verification failed"); - *out = build_payload(this, identifier, SIM_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_general, - AT_END); - return NEED_MORE; - } - - /* build response, AT_MAC is built over "EAP packet | n*SRES" */ - *out = build_payload(this, identifier, SIM_CHALLENGE, - AT_MAC, sreses, - AT_END); - return NEED_MORE; -} - -/** - * process an EAP-SIM/Response/Challenge message - */ -static status_t server_process_challenge(private_eap_sim_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - chunk_t message, data; - sim_attribute_t attribute; - chunk_t mac = chunk_empty, tmp; - - message = in->get_data(in); - read_header(&message); - - while ((attribute = read_attribute(&message, &data)) != AT_END) - { - switch (attribute) - { - case AT_MAC: - /* MAC has two reserved bytes */ - if (data.len == MAC_LEN + 2) - { /* clone and zero MAC for verification */ - mac = chunk_clonea(chunk_skip(data, 2)); - memset(data.ptr, 0, data.len); - } - break; - default: - DBG1(DBG_IKE, "ignoring EAP_SIM attribute %N", - sim_attribute_names, attribute); - break; - } - } - if (!mac.ptr) - { - DBG1(DBG_IKE, "no valid AT_MAC attribute received"); - return FAILED; - } - /* verify AT_MAC attribute, signature is over "EAP packet | n*SRES" */ - this->signer->set_key(this->signer, this->k_auth); - tmp = chunk_cata("cc", in->get_data(in), this->sreses); - if (!this->signer->verify_signature(this->signer, tmp, mac)) - { - DBG1(DBG_IKE, "AT_MAC verification failed"); - return FAILED; - } - return SUCCESS; -} - -/** - * Fetch a triplet from a provider - */ -static bool get_provider_triplet(private_eap_sim_t *this, - char *rand, char *sres, char *kc) -{ - enumerator_t *enumerator; - sim_provider_t *provider; - int tried = 0; - - enumerator = charon->sim->create_provider_enumerator(charon->sim); - while (enumerator->enumerate(enumerator, &provider)) - { - if (provider->get_triplet(provider, this->peer, rand, sres, kc)) - { - enumerator->destroy(enumerator); - return TRUE; - } - tried++; - } - enumerator->destroy(enumerator); - DBG1(DBG_IKE, "tried %d SIM providers, but none had a triplet for '%Y'", - tried, this->peer); - return FALSE; -} - -/** - * process an EAP-SIM/Response/Start message - */ -static status_t server_process_start(private_eap_sim_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - chunk_t message, data; - sim_attribute_t attribute; - bool supported = FALSE; - chunk_t rands, rand, kcs, kc, sreses, sres; - int i; - - message = in->get_data(in); - read_header(&message); - - while ((attribute = read_attribute(&message, &data)) != AT_END) - { - switch (attribute) - { - case AT_NONCE_MT: - if (data.len == NONCE_LEN + 2) - { - this->nonce = chunk_clone(chunk_skip(data, 2)); - } - break; - case AT_SELECTED_VERSION: - if (chunk_equals(data, this->version)) - { - supported = TRUE; - } - break; - default: - DBG1(DBG_IKE, "ignoring EAP_SIM attribute %N", - sim_attribute_names, attribute); - break; - } - } - if (!supported || !this->nonce.ptr) - { - DBG1(DBG_IKE, "received incomplete EAP-SIM/Response/Start"); - return FAILED; - } - - /* read triplets from provider */ - rand = rands = chunk_alloca(RAND_LEN * TRIPLET_COUNT); - kc = kcs = chunk_alloca(KC_LEN * TRIPLET_COUNT); - sres = sreses = chunk_alloca(SRES_LEN * TRIPLET_COUNT); - rands.len = 0; - kcs.len = 0; - sreses.len = 0; - for (i = 0; i < TRIPLET_COUNT; i++) - { - if (!get_provider_triplet(this, rand.ptr, sres.ptr, kc.ptr)) - { - DBG1(DBG_IKE, "getting EAP-SIM triplet %d failed", i); - return FAILED; - } - rands.len += RAND_LEN; - sreses.len += SRES_LEN; - kcs.len += KC_LEN; - rand = chunk_skip(rand, RAND_LEN); - sres = chunk_skip(sres, SRES_LEN); - kc = chunk_skip(kc, KC_LEN); - } - derive_keys(this, kcs); - - /* build MAC over "EAP packet | NONCE_MT" */ - *out = build_payload(this, this->identifier++, SIM_CHALLENGE, AT_RAND, - rands, AT_MAC, this->nonce, AT_END); - this->sreses = chunk_clone(sreses); - return NEED_MORE; -} - -/** - * process an EAP-SIM/Request/Notification message - */ -static status_t peer_process_notification(private_eap_sim_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - chunk_t message, data; - sim_attribute_t attribute; - - message = in->get_data(in); - read_header(&message); - - while ((attribute = read_attribute(&message, &data)) != AT_END) - { - switch (attribute) - { - case AT_NOTIFICATION: - { - u_int16_t code = 0; - if (data.len == 2) - { - code = ntohs(*(u_int16_t*)data.ptr); - } - if (code <= 32767) /* no success bit */ - { - DBG1(DBG_IKE, "received %N error %d", - sim_attribute_names, attribute, code); - *out = build_payload(this, - in->get_identifier(in), SIM_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_general, - AT_END); - return NEED_MORE; - } - else - { - DBG1(DBG_IKE, "received %N code %d", - sim_attribute_names, attribute, code); - } - break; - } - default: - DBG1(DBG_IKE, "ignoring EAP_SIM attribute %N", - sim_attribute_names, attribute); - break; - } - } - /* reply with empty notification */ - *out = build_payload(this, in->get_identifier(in), SIM_NOTIFICATION, AT_END); - return NEED_MORE; -} - -/** - * Process a client error - */ -static status_t server_process_client_error(private_eap_sim_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - chunk_t message, data; - sim_attribute_t attribute; - - message = in->get_data(in); - read_header(&message); - - while ((attribute = read_attribute(&message, &data)) != AT_END) - { - if (attribute == AT_CLIENT_ERROR_CODE) - { - u_int16_t code = 0; - if (data.len == 2) - { - code = ntohs(*(u_int16_t*)data.ptr); - } - DBG1(DBG_IKE, "received %N error %d", - sim_attribute_names, attribute, code); - } - else - { - DBG1(DBG_IKE, "ignoring EAP_SIM attribute %N", - sim_attribute_names, attribute); - } - } - return FAILED; -} - -/** - * Implementation of eap_method_t.process for the peer - */ -static status_t peer_process(private_eap_sim_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - sim_subtype_t type; - chunk_t message; - - message = in->get_data(in); - type = read_header(&message); - - switch (type) - { - case SIM_START: - return peer_process_start(this, in, out); - case SIM_CHALLENGE: - return peer_process_challenge(this, in, out); - case SIM_NOTIFICATION: - return peer_process_notification(this, in, out); - default: - DBG1(DBG_IKE, "unable to process EAP_SIM subtype %N", - sim_subtype_names, type); - *out = build_payload(this, in->get_identifier(in), SIM_CLIENT_ERROR, - AT_CLIENT_ERROR_CODE, client_error_general, AT_END); - return NEED_MORE; - } -} - -/** - * Implementation of eap_method_t.process for the server - */ -static status_t server_process(private_eap_sim_t *this, - eap_payload_t *in, eap_payload_t **out) -{ - sim_subtype_t type; - chunk_t message; - - message = in->get_data(in); - type = read_header(&message); - - switch (type) - { - case SIM_START: - return server_process_start(this, in, out); - case SIM_CHALLENGE: - return server_process_challenge(this, in, out); - case SIM_CLIENT_ERROR: - return server_process_client_error(this, in, out); - default: - DBG1(DBG_IKE, "unable to process EAP_SIM subtype %N", - sim_subtype_names, type); - return FAILED; - } -} - -/** - * Implementation of eap_method_t.initiate for the peer - */ -static status_t peer_initiate(private_eap_sim_t *this, eap_payload_t **out) -{ - /* peer never initiates */ - return FAILED; -} - -/** - * Implementation of eap_method_t.initiate for the server - */ -static status_t server_initiate(private_eap_sim_t *this, eap_payload_t **out) -{ - /* version_list to derive MK, no padding */ - this->version_list = chunk_clone(this->version); - /* build_payloads adds padding itself */ - *out = build_payload(this, this->identifier++, SIM_START, - AT_VERSION_LIST, this->version, AT_END); - return NEED_MORE; -} - -/** - * Implementation of eap_method_t.get_type. - */ -static eap_type_t get_type(private_eap_sim_t *this, u_int32_t *vendor) -{ - *vendor = 0; - return EAP_SIM; -} - -/** - * Implementation of eap_method_t.get_msk. - */ -static status_t get_msk(private_eap_sim_t *this, chunk_t *msk) -{ - if (this->msk.ptr) - { - *msk = this->msk; - return SUCCESS; - } - return FAILED; -} - -/** - * Implementation of eap_method_t.is_mutual. - */ -static bool is_mutual(private_eap_sim_t *this) -{ - return TRUE; -} - -/** - * Implementation of eap_method_t.destroy. - */ -static void destroy(private_eap_sim_t *this) -{ - this->peer->destroy(this->peer); - DESTROY_IF(this->hasher); - DESTROY_IF(this->prf); - DESTROY_IF(this->signer); - chunk_free(&this->nonce); - chunk_free(&this->sreses); - chunk_free(&this->version_list); - chunk_free(&this->k_auth); - chunk_free(&this->k_encr); - chunk_free(&this->msk); - chunk_free(&this->emsk); - free(this); -} - -/** - * Generic constructor for both roles - */ -eap_sim_t *eap_sim_create_generic(eap_role_t role, identification_t *server, - identification_t *peer) -{ - private_eap_sim_t *this = malloc_thing(private_eap_sim_t); - rng_t *rng; - - this->nonce = chunk_empty; - this->sreses = chunk_empty; - this->peer = peer->clone(peer); - this->tries = MAX_TRIES; - this->version.ptr = version; - this->version.len = sizeof(version); - this->version_list = chunk_empty; - this->k_auth = chunk_empty; - this->k_encr = chunk_empty; - this->msk = chunk_empty; - this->emsk = chunk_empty; - /* generate a non-zero identifier */ - do { - this->identifier = random(); - } while (!this->identifier); - - switch (role) - { - case EAP_SERVER: - this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))server_initiate; - this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))server_process; - this->type = EAP_REQUEST; - break; - case EAP_PEER: - this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))peer_initiate; - this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))peer_process; - this->type = EAP_RESPONSE; - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) - { - DBG1(DBG_IKE, "unable to generate NONCE for EAP_SIM"); - free(this); - return NULL; - } - rng->allocate_bytes(rng, NONCE_LEN, &this->nonce); - rng->destroy(rng); - break; - default: - free(this); - return NULL; - } - this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; - this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; - this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; - this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - - this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - this->prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160); - this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128); - if (!this->hasher || !this->prf || !this->signer) - { - DBG1(DBG_IKE, "initiating EAP-SIM failed, FIPS-PRF/SHA1 not supported"); - destroy(this); - return NULL; - } - return &this->public; -} - -/* - * Described in header. - */ -eap_sim_t *eap_sim_create_server(identification_t *server, - identification_t *peer) -{ - return eap_sim_create_generic(EAP_SERVER, server, peer); -} - -/* - * Described in header. - */ -eap_sim_t *eap_sim_create_peer(identification_t *server, - identification_t *peer) -{ - return eap_sim_create_generic(EAP_PEER, server, peer); -} - diff --git a/src/charon/plugins/eap_sim/eap_sim.h b/src/charon/plugins/eap_sim/eap_sim.h deleted file mode 100644 index af1aa2aa5..000000000 --- a/src/charon/plugins/eap_sim/eap_sim.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (C) 2007-2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup eap_sim_i eap_sim - * @{ @ingroup eap_sim - */ - -#ifndef EAP_SIM_H_ -#define EAP_SIM_H_ - -typedef struct eap_sim_t eap_sim_t; - -#include - -/** - * Implementation of the eap_method_t interface using EAP-SIM. - * - * This EAP-SIM client implementation handles the protocol level of EAP-SIM - * only, it does not provide triplet calculation/fetching. Other plugins may - * provide these services using the sim_manager_t of charon. - */ -struct eap_sim_t { - - /** - * Implemented eap_method_t interface. - */ - eap_method_t eap_method_interface; -}; - -/** - * Creates the EAP method EAP-SIM acting as server. - * - * @param server ID of the EAP server - * @param peer ID of the EAP client - * @return eap_sim_t object - */ -eap_sim_t *eap_sim_create_server(identification_t *server, identification_t *peer); - -/** - * Creates the EAP method EAP-SIM acting as peer. - * - * @param server ID of the EAP server - * @param peer ID of the EAP client - * @return eap_sim_t object - */ -eap_sim_t *eap_sim_create_peer(identification_t *server, identification_t *peer); - -#endif /** EAP_SIM_H_ @}*/ diff --git a/src/charon/plugins/eap_sim/eap_sim_peer.c b/src/charon/plugins/eap_sim/eap_sim_peer.c new file mode 100644 index 000000000..961cfd30d --- /dev/null +++ b/src/charon/plugins/eap_sim/eap_sim_peer.c @@ -0,0 +1,654 @@ +/* + * Copyright (C) 2007-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_sim_peer.h" + +#include + +#include + +/* number of tries we do authenticate */ +#define MAX_TRIES 3 + +/* number of triplets for one authentication */ +#define TRIPLET_COUNT 3 + +/** length of the AT_NONCE_MT nonce value */ +#define NONCE_LEN 16 + +typedef struct private_eap_sim_peer_t private_eap_sim_peer_t; + +/** + * Private data of an eap_sim_peer_t object. + */ +struct private_eap_sim_peer_t { + + /** + * Public authenticator_t interface. + */ + eap_sim_peer_t public; + + /** + * permanent ID of peer + */ + identification_t *permanent; + + /** + * Pseudonym identity the peer uses + */ + identification_t *pseudonym; + + /** + * Reauthentication identity the peer uses + */ + identification_t *reauth; + + /** + * EAP-SIM crypto helper + */ + simaka_crypto_t *crypto; + + /** + * how many times we try to authenticate + */ + int tries; + + /** + * version list received from server + */ + chunk_t version_list; + + /** + * Nonce value used in AT_NONCE_MT/AT_NONCE_S + */ + chunk_t nonce; + + /** + * MSK, used for EAP-SIM based IKEv2 authentication + */ + chunk_t msk; + + /** + * Master key, if reauthentication is used + */ + char mk[HASH_SIZE_SHA1]; + + /** + * Counter value if reauthentication is used + */ + u_int16_t counter; +}; + +/* version of SIM protocol we speak */ +static chunk_t version = chunk_from_chars(0x00,0x01); + +/** + * Create a SIM_CLIENT_ERROR + */ +static eap_payload_t* create_client_error(private_eap_sim_peer_t *this, + u_int8_t identifier, simaka_client_error_t code) +{ + simaka_message_t *message; + eap_payload_t *out; + u_int16_t encoded; + + DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, code); + + message = simaka_message_create(FALSE, identifier, EAP_SIM, + SIM_CLIENT_ERROR, this->crypto); + encoded = htons(code); + message->add_attribute(message, AT_CLIENT_ERROR_CODE, + chunk_create((char*)&encoded, sizeof(encoded))); + out = message->generate(message, chunk_empty); + message->destroy(message); + return out; +} + +/** + * process an EAP-SIM/Request/Start message + */ +static status_t process_start(private_eap_sim_peer_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, id = chunk_empty; + rng_t *rng; + bool supported = FALSE; + simaka_attribute_t id_req = 0; + + /* reset previously uses reauthentication/pseudonym data */ + this->crypto->clear_keys(this->crypto); + DESTROY_IF(this->pseudonym); + this->pseudonym = NULL; + DESTROY_IF(this->reauth); + this->reauth = NULL; + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_VERSION_LIST: + { + free(this->version_list.ptr); + this->version_list = chunk_clone(data); + while (data.len >= version.len) + { + if (memeq(data.ptr, version.ptr, version.len)) + { + supported = TRUE; + break; + } + } + break; + } + case AT_ANY_ID_REQ: + case AT_FULLAUTH_ID_REQ: + case AT_PERMANENT_ID_REQ: + id_req = type; + break; + default: + if (!simaka_attribute_skippable(type)) + { + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + enumerator->destroy(enumerator); + return NEED_MORE; + } + break; + } + } + enumerator->destroy(enumerator); + + if (!supported) + { + DBG1(DBG_IKE, "server does not support EAP-SIM version number 1"); + *out = create_client_error(this, in->get_identifier(in), + SIM_UNSUPPORTED_VERSION); + return NEED_MORE; + } + + switch (id_req) + { + case AT_ANY_ID_REQ: + this->reauth = charon->sim->card_get_reauth(charon->sim, + this->permanent, this->mk, &this->counter); + if (this->reauth) + { + id = this->reauth->get_encoding(this->reauth); + break; + } + /* FALL */ + case AT_FULLAUTH_ID_REQ: + this->pseudonym = charon->sim->card_get_pseudonym(charon->sim, + this->permanent); + if (this->pseudonym) + { + id = this->pseudonym->get_encoding(this->pseudonym); + break; + } + /* FALL */ + case AT_PERMANENT_ID_REQ: + id = this->permanent->get_encoding(this->permanent); + break; + default: + break; + } + + /* generate AT_NONCE_MT value */ + rng = this->crypto->get_rng(this->crypto); + free(this->nonce.ptr); + rng->allocate_bytes(rng, NONCE_LEN, &this->nonce); + + message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM, + SIM_START, this->crypto); + if (!this->reauth) + { + message->add_attribute(message, AT_SELECTED_VERSION, version); + message->add_attribute(message, AT_NONCE_MT, this->nonce); + } + if (id.len) + { + message->add_attribute(message, AT_IDENTITY, id); + } + *out = message->generate(message, chunk_empty); + message->destroy(message); + + return NEED_MORE; +} + +/** + * process an EAP-SIM/Request/Challenge message + */ +static status_t process_challenge(private_eap_sim_peer_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, rands = chunk_empty, kcs, kc, sreses, sres, mk; + identification_t *id; + + if (this->tries-- <= 0) + { + /* give up without notification. This hack is required as some buggy + * server implementations won't respect our client-error. */ + return FAILED; + } + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_RAND: + rands = data; + break; + default: + if (!simaka_attribute_skippable(type)) + { + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + enumerator->destroy(enumerator); + return NEED_MORE; + } + break; + } + } + enumerator->destroy(enumerator); + + /* excepting two or three RAND, each 16 bytes. We require two valid + * and different RANDs */ + if ((rands.len != 2 * SIM_RAND_LEN && rands.len != 3 * SIM_RAND_LEN) || + memeq(rands.ptr, rands.ptr + SIM_RAND_LEN, SIM_RAND_LEN)) + { + DBG1(DBG_IKE, "no valid AT_RAND received"); + *out = create_client_error(this, in->get_identifier(in), + SIM_INSUFFICIENT_CHALLENGES); + return NEED_MORE; + } + /* get two or three KCs/SRESes from SIM using RANDs */ + kcs = kc = chunk_alloca(rands.len / 2); + sreses = sres = chunk_alloca(rands.len / 4); + while (rands.len >= SIM_RAND_LEN) + { + if (!charon->sim->card_get_triplet(charon->sim, this->permanent, + rands.ptr, sres.ptr, kc.ptr)) + { + DBG1(DBG_IKE, "unable to get EAP-SIM triplet"); + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + return NEED_MORE; + } + DBG3(DBG_IKE, "got triplet for RAND %b\n Kc %b\n SRES %b", + rands.ptr, SIM_RAND_LEN, sres.ptr, SIM_SRES_LEN, kc.ptr, SIM_KC_LEN); + kc = chunk_skip(kc, SIM_KC_LEN); + sres = chunk_skip(sres, SIM_SRES_LEN); + rands = chunk_skip(rands, SIM_RAND_LEN); + } + + id = this->permanent; + if (this->pseudonym) + { + id = this->pseudonym; + } + data = chunk_cata("cccc", kcs, this->nonce, this->version_list, version); + free(this->msk.ptr); + this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk); + memcpy(this->mk, mk.ptr, mk.len); + free(mk.ptr); + + /* Verify AT_MAC attribute, signature is over "EAP packet | NONCE_MT", and + * parse() again after key derivation, reading encrypted attributes */ + if (!in->verify(in, this->nonce) || !in->parse(in)) + { + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + return NEED_MORE; + } + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_NEXT_REAUTH_ID: + this->counter = 0; + id = identification_create_from_data(data); + charon->sim->card_set_reauth(charon->sim, this->permanent, id, + this->mk, this->counter); + id->destroy(id); + break; + case AT_NEXT_PSEUDONYM: + id = identification_create_from_data(data); + charon->sim->card_set_pseudonym(charon->sim, this->permanent, id); + id->destroy(id); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + /* build response with AT_MAC, built over "EAP packet | n*SRES" */ + message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM, + SIM_CHALLENGE, this->crypto); + *out = message->generate(message, sreses); + message->destroy(message); + return NEED_MORE; +} + +/** + * Check if a received counter value is acceptable + */ +static bool counter_too_small(private_eap_sim_peer_t *this, chunk_t chunk) +{ + u_int16_t counter; + + memcpy(&counter, chunk.ptr, sizeof(counter)); + counter = htons(counter); + return counter < this->counter; +} + +/** + * process an EAP-SIM/Request/Re-Authentication message + */ +static status_t process_reauthentication(private_eap_sim_peer_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, counter = chunk_empty, nonce = chunk_empty, id = chunk_empty; + + if (!this->reauth) + { + DBG1(DBG_IKE, "received %N, but not expected", + simaka_subtype_names, SIM_REAUTHENTICATION); + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + return NEED_MORE; + } + + this->crypto->derive_keys_reauth(this->crypto, + chunk_create(this->mk, HASH_SIZE_SHA1)); + + /* verify MAC and parse again with decryption key */ + if (!in->verify(in, chunk_empty) || !in->parse(in)) + { + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + return NEED_MORE; + } + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_COUNTER: + counter = data; + break; + case AT_NONCE_S: + nonce = data; + break; + case AT_NEXT_REAUTH_ID: + id = data; + break; + default: + if (!simaka_attribute_skippable(type)) + { + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + enumerator->destroy(enumerator); + return NEED_MORE; + } + break; + } + } + enumerator->destroy(enumerator); + + if (!nonce.len || !counter.len) + { + DBG1(DBG_IKE, "EAP-SIM/Request/Re-Authentication message incomplete"); + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + return NEED_MORE; + } + + message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM, + SIM_REAUTHENTICATION, this->crypto); + if (counter_too_small(this, counter)) + { + DBG1(DBG_IKE, "reauthentication counter too small"); + message->add_attribute(message, AT_COUNTER_TOO_SMALL, chunk_empty); + } + else + { + free(this->msk.ptr); + this->msk = this->crypto->derive_keys_reauth_msk(this->crypto, + this->reauth, counter, nonce, + chunk_create(this->mk, HASH_SIZE_SHA1)); + if (id.len) + { + identification_t *reauth; + + reauth = identification_create_from_data(data); + charon->sim->card_set_reauth(charon->sim, this->permanent, reauth, + this->mk, this->counter); + reauth->destroy(reauth); + } + } + message->add_attribute(message, AT_COUNTER, counter); + *out = message->generate(message, nonce); + message->destroy(message); + return NEED_MORE; +} + +/** + * process an EAP-SIM/Request/Notification message + */ +static status_t process_notification(private_eap_sim_peer_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data; + bool success = TRUE; + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + if (type == AT_NOTIFICATION) + { + u_int16_t code; + + memcpy(&code, data.ptr, sizeof(code)); + code = ntohs(code); + + /* test success bit */ + if (!(data.ptr[0] & 0x80)) + { + success = FALSE; + DBG1(DBG_IKE, "received EAP-SIM notification error '%N'", + simaka_notification_names, code); + } + else + { + DBG1(DBG_IKE, "received EAP-SIM notification '%N'", + simaka_notification_names, code); + } + } + else if (!simaka_attribute_skippable(type)) + { + success = FALSE; + break; + } + } + enumerator->destroy(enumerator); + + if (success) + { /* empty notification reply */ + message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM, + SIM_NOTIFICATION, this->crypto); + *out = message->generate(message, chunk_empty); + message->destroy(message); + } + else + { + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + } + return NEED_MORE; +} + +/** + * Implementation of eap_method_t.process + */ +static status_t process(private_eap_sim_peer_t *this, + eap_payload_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + status_t status; + + message = simaka_message_create_from_payload(in, this->crypto); + if (!message) + { + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + return NEED_MORE; + } + if (!message->parse(message)) + { + message->destroy(message); + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + return NEED_MORE; + } + switch (message->get_subtype(message)) + { + case SIM_START: + status = process_start(this, message, out); + break; + case SIM_CHALLENGE: + status = process_challenge(this, message, out); + break; + case SIM_REAUTHENTICATION: + status = process_reauthentication(this, message, out); + break; + case SIM_NOTIFICATION: + status = process_notification(this, message, out); + break; + default: + DBG1(DBG_IKE, "unable to process EAP-SIM subtype %N", + simaka_subtype_names, message->get_subtype(message)); + *out = create_client_error(this, in->get_identifier(in), + SIM_UNABLE_TO_PROCESS); + status = NEED_MORE; + break; + } + message->destroy(message); + return status; +} + +/** + * Implementation of eap_method_t.initiate + */ +static status_t initiate(private_eap_sim_peer_t *this, eap_payload_t **out) +{ + /* peer never initiates */ + return FAILED; +} + +/** + * Implementation of eap_method_t.get_type. + */ +static eap_type_t get_type(private_eap_sim_peer_t *this, u_int32_t *vendor) +{ + *vendor = 0; + return EAP_SIM; +} + +/** + * Implementation of eap_method_t.get_msk. + */ +static status_t get_msk(private_eap_sim_peer_t *this, chunk_t *msk) +{ + if (this->msk.ptr) + { + *msk = this->msk; + return SUCCESS; + } + return FAILED; +} + +/** + * Implementation of eap_method_t.is_mutual. + */ +static bool is_mutual(private_eap_sim_peer_t *this) +{ + return TRUE; +} + +/** + * Implementation of eap_method_t.destroy. + */ +static void destroy(private_eap_sim_peer_t *this) +{ + this->permanent->destroy(this->permanent); + DESTROY_IF(this->pseudonym); + DESTROY_IF(this->reauth); + this->crypto->destroy(this->crypto); + free(this->version_list.ptr); + free(this->nonce.ptr); + free(this->msk.ptr); + free(this); +} + +/* + * Described in header. + */ +eap_sim_peer_t *eap_sim_peer_create(identification_t *server, + identification_t *peer) +{ + private_eap_sim_peer_t *this = malloc_thing(private_eap_sim_peer_t); + + this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; + this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; + this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; + this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; + this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; + this->public.interface.destroy = (void(*)(eap_method_t*))destroy; + + this->crypto = simaka_crypto_create(); + if (!this->crypto) + { + free(this); + return NULL; + } + this->permanent = peer->clone(peer); + this->pseudonym = NULL; + this->reauth = NULL; + this->tries = MAX_TRIES; + this->version_list = chunk_empty; + this->nonce = chunk_empty; + this->msk = chunk_empty; + + return &this->public; +} + diff --git a/src/charon/plugins/eap_sim/eap_sim_peer.h b/src/charon/plugins/eap_sim/eap_sim_peer.h new file mode 100644 index 000000000..89f81301e --- /dev/null +++ b/src/charon/plugins/eap_sim/eap_sim_peer.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_sim_peer eap_sim_peer + * @{ @ingroup eap_sim + */ + +#ifndef EAP_SIM_PEER_H_ +#define EAP_SIM_PEER_H_ + +#include + +typedef struct eap_sim_peer_t eap_sim_peer_t; + +/** + * EAP-SIM peer implementation. + * + * This EAP-SIM module uses sim_card_t implementations for triplet calculation, + * found via the eap_sim_manager_t. + */ +struct eap_sim_peer_t { + + /** + * Implemented eap_method_t interface. + */ + eap_method_t interface; + + /** + * Destroy a eap_sim_peer_t. + */ + void (*destroy)(eap_sim_peer_t *this); +}; + +/** + * Creates the EAP method EAP-SIM acting as peer. + * + * @param server ID of the EAP server + * @param peer ID of the EAP peer + * @return eap_sim_t object + */ +eap_sim_peer_t *eap_sim_peer_create(identification_t *server, + identification_t *peer); + +#endif /** EAP_SIM_PEER_H_ @}*/ diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.c b/src/charon/plugins/eap_sim/eap_sim_plugin.c index cf18007c0..1d2b9cf4f 100644 --- a/src/charon/plugins/eap_sim/eap_sim_plugin.c +++ b/src/charon/plugins/eap_sim/eap_sim_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,7 +15,8 @@ #include "eap_sim_plugin.h" -#include "eap_sim.h" +#include "eap_sim_server.h" +#include "eap_sim_peer.h" #include @@ -25,9 +26,9 @@ static void destroy(eap_sim_plugin_t *this) { charon->eap->remove_method(charon->eap, - (eap_constructor_t)eap_sim_create_server); + (eap_constructor_t)eap_sim_server_create); charon->eap->remove_method(charon->eap, - (eap_constructor_t)eap_sim_create_peer); + (eap_constructor_t)eap_sim_peer_create); free(this); } @@ -37,14 +38,14 @@ static void destroy(eap_sim_plugin_t *this) plugin_t *plugin_create() { eap_sim_plugin_t *this = malloc_thing(eap_sim_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_SERVER, - (eap_constructor_t)eap_sim_create_server); + (eap_constructor_t)eap_sim_server_create); charon->eap->add_method(charon->eap, EAP_SIM, 0, EAP_PEER, - (eap_constructor_t)eap_sim_create_peer); - + (eap_constructor_t)eap_sim_peer_create); + return &this->plugin; } diff --git a/src/charon/plugins/eap_sim/eap_sim_server.c b/src/charon/plugins/eap_sim/eap_sim_server.c new file mode 100644 index 000000000..f6d5df09b --- /dev/null +++ b/src/charon/plugins/eap_sim/eap_sim_server.c @@ -0,0 +1,611 @@ +/* + * Copyright (C) 2007-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_sim_server.h" + +#include + +#include +#include + +/* number of triplets for one authentication */ +#define TRIPLET_COUNT 3 + +/** length of the AT_NONCE_S value */ +#define NONCE_LEN 16 + +typedef struct private_eap_sim_server_t private_eap_sim_server_t; + +/** + * Private data of an eap_sim_server_t object. + */ +struct private_eap_sim_server_t { + + /** + * Public authenticator_t interface. + */ + eap_sim_server_t public; + + /** + * permanent ID of peer + */ + identification_t *permanent; + + /** + * pseudonym ID of peer + */ + identification_t *pseudonym; + + /** + * reauthentication ID of peer + */ + identification_t *reauth; + + /** + * EAP-SIM/AKA crypto helper + */ + simaka_crypto_t *crypto; + + /** + * unique EAP identifier + */ + u_int8_t identifier; + + /** + * concatenated SRES values + */ + chunk_t sreses; + + /** + * Nonce value used in AT_NONCE_S + */ + chunk_t nonce; + + /** + * Counter value negotiated, network order + */ + chunk_t counter; + + /** + * MSK, used for EAP-SIM based IKEv2 authentication + */ + chunk_t msk; + + /** + * Do we request fast reauthentication? + */ + bool use_reauth; + + /** + * Do we request pseudonym identities? + */ + bool use_pseudonym; + + /** + * Do we request permanent identities? + */ + bool use_permanent; + + /** + * EAP-SIM message we have initiated + */ + simaka_subtype_t pending; +}; + +/* version of SIM protocol we speak */ +static chunk_t version = chunk_from_chars(0x00,0x01); + +/** + * Implementation of eap_method_t.initiate + */ +static status_t initiate(private_eap_sim_server_t *this, eap_payload_t **out) +{ + simaka_message_t *message; + + message = simaka_message_create(TRUE, this->identifier++, EAP_SIM, + SIM_START, this->crypto); + message->add_attribute(message, AT_VERSION_LIST, version); + if (this->use_reauth) + { + message->add_attribute(message, AT_ANY_ID_REQ, chunk_empty); + } + else if (this->use_pseudonym) + { + message->add_attribute(message, AT_FULLAUTH_ID_REQ, chunk_empty); + } + else if (this->use_permanent) + { + message->add_attribute(message, AT_PERMANENT_ID_REQ, chunk_empty); + } + *out = message->generate(message, chunk_empty); + message->destroy(message); + + this->pending = SIM_START; + return NEED_MORE; +} + +/** + * Initiate EAP-SIM/Request/Re-authentication message + */ +static status_t reauthenticate(private_eap_sim_server_t *this, + char mk[HASH_SIZE_SHA1], u_int16_t counter, + eap_payload_t **out) +{ + simaka_message_t *message; + identification_t *next; + chunk_t mkc; + rng_t *rng; + + DBG1(DBG_IKE, "initiating EAP-SIM reauthentication"); + + rng = this->crypto->get_rng(this->crypto); + rng->allocate_bytes(rng, NONCE_LEN, &this->nonce); + + mkc = chunk_create(mk, HASH_SIZE_SHA1); + counter = htons(counter); + this->counter = chunk_clone(chunk_create((char*)&counter, sizeof(counter))); + + this->crypto->derive_keys_reauth(this->crypto, mkc); + this->msk = this->crypto->derive_keys_reauth_msk(this->crypto, + this->reauth, this->counter, this->nonce, mkc); + + message = simaka_message_create(TRUE, this->identifier++, EAP_SIM, + SIM_REAUTHENTICATION, this->crypto); + message->add_attribute(message, AT_COUNTER, this->counter); + message->add_attribute(message, AT_NONCE_S, this->nonce); + next = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk); + if (next) + { + message->add_attribute(message, AT_NEXT_REAUTH_ID, + next->get_encoding(next)); + next->destroy(next); + } + *out = message->generate(message, chunk_empty); + message->destroy(message); + + this->pending = SIM_REAUTHENTICATION; + return NEED_MORE; +} + +/** + * process an EAP-SIM/Response/Reauthentication message + */ +static status_t process_reauthentication(private_eap_sim_server_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, counter = chunk_empty; + bool too_small = FALSE; + + if (this->pending != SIM_REAUTHENTICATION) + { + DBG1(DBG_IKE, "received %N, but not expected", + simaka_subtype_names, SIM_REAUTHENTICATION); + return FAILED; + } + /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_S" */ + if (!in->verify(in, this->nonce)) + { + return FAILED; + } + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_COUNTER: + counter = data; + break; + case AT_COUNTER_TOO_SMALL: + too_small = TRUE; + break; + default: + if (!simaka_attribute_skippable(type)) + { + enumerator->destroy(enumerator); + return FAILED; + } + break; + } + } + enumerator->destroy(enumerator); + + if (too_small) + { + DBG1(DBG_IKE, "received %N, initiating full authentication", + simaka_attribute_names, AT_COUNTER_TOO_SMALL); + this->use_reauth = FALSE; + this->crypto->clear_keys(this->crypto); + return initiate(this, out); + } + if (!chunk_equals(counter, this->counter)) + { + DBG1(DBG_IKE, "received counter does not match"); + return FAILED; + } + return SUCCESS; +} + +/** + * process an EAP-SIM/Response/Start message + */ +static status_t process_start(private_eap_sim_server_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data, identity = chunk_empty, nonce = chunk_empty, mk; + chunk_t rands, rand, kcs, kc, sreses, sres; + bool supported = FALSE; + identification_t *id; + int i; + + if (this->pending != SIM_START) + { + DBG1(DBG_IKE, "received %N, but not expected", + simaka_subtype_names, SIM_START); + return FAILED; + } + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + switch (type) + { + case AT_NONCE_MT: + nonce = data; + break; + case AT_SELECTED_VERSION: + if (chunk_equals(data, version)) + { + supported = TRUE; + } + break; + case AT_IDENTITY: + identity = data; + break; + default: + if (!simaka_attribute_skippable(type)) + { + enumerator->destroy(enumerator); + return FAILED; + } + break; + } + } + enumerator->destroy(enumerator); + + if (identity.len) + { + identification_t *permanent; + + id = identification_create_from_data(identity); + if (this->use_reauth && !nonce.len) + { + char mk[HASH_SIZE_SHA1]; + u_int16_t counter; + + permanent = charon->sim->provider_is_reauth(charon->sim, id, + mk, &counter); + if (permanent) + { + this->permanent->destroy(this->permanent); + this->permanent = permanent; + this->reauth = id; + return reauthenticate(this, mk, counter, out); + } + DBG1(DBG_IKE, "received unknown reauthentication identity '%Y', " + "initiating full authentication", id); + this->use_reauth = FALSE; + id->destroy(id); + return initiate(this, out); + } + if (this->use_pseudonym) + { + permanent = charon->sim->provider_is_pseudonym(charon->sim, id); + if (permanent) + { + this->permanent->destroy(this->permanent); + this->permanent = permanent; + this->pseudonym = id->clone(id); + /* we already have a new permanent identity now */ + this->use_permanent = FALSE; + } + } + if (!this->pseudonym && this->use_permanent) + { + DBG1(DBG_IKE, "received %spermanent identity '%Y'", + this->use_pseudonym ? "pseudonym or " : "", id); + this->permanent->destroy(this->permanent); + this->permanent = id->clone(id); + } + id->destroy(id); + } + + if (!supported || !nonce.len) + { + DBG1(DBG_IKE, "received incomplete EAP-SIM/Response/Start"); + return FAILED; + } + + /* read triplets from provider */ + rand = rands = chunk_alloca(SIM_RAND_LEN * TRIPLET_COUNT); + kc = kcs = chunk_alloca(SIM_KC_LEN * TRIPLET_COUNT); + sres = sreses = chunk_alloca(SIM_SRES_LEN * TRIPLET_COUNT); + rands.len = kcs.len = sreses.len = 0; + for (i = 0; i < TRIPLET_COUNT; i++) + { + if (!charon->sim->provider_get_triplet(charon->sim, this->permanent, + rand.ptr, sres.ptr, kc.ptr)) + { + if (this->use_pseudonym) + { + /* probably received a pseudonym we couldn't map */ + DBG1(DBG_IKE, "failed to map pseudonym identity '%Y', " + "fallback to permanent identity request", this->permanent); + this->use_pseudonym = FALSE; + DESTROY_IF(this->pseudonym); + this->pseudonym = NULL; + return initiate(this, out); + } + return FAILED; + } + rands.len += SIM_RAND_LEN; + sreses.len += SIM_SRES_LEN; + kcs.len += SIM_KC_LEN; + rand = chunk_skip(rand, SIM_RAND_LEN); + sres = chunk_skip(sres, SIM_SRES_LEN); + kc = chunk_skip(kc, SIM_KC_LEN); + } + free(this->sreses.ptr); + this->sreses = chunk_clone(sreses); + + data = chunk_cata("cccc", kcs, nonce, version, version); + free(this->msk.ptr); + id = this->permanent; + if (this->pseudonym) + { + id = this->pseudonym; + } + this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk); + + /* build response with AT_MAC, built over "EAP packet | NONCE_MT" */ + message = simaka_message_create(TRUE, this->identifier++, EAP_SIM, + SIM_CHALLENGE, this->crypto); + message->add_attribute(message, AT_RAND, rands); + id = charon->sim->provider_gen_reauth(charon->sim, this->permanent, mk.ptr); + if (id) + { + message->add_attribute(message, AT_NEXT_REAUTH_ID, + id->get_encoding(id)); + id->destroy(id); + } + else + { + id = charon->sim->provider_gen_pseudonym(charon->sim, this->permanent); + if (id) + { + message->add_attribute(message, AT_NEXT_PSEUDONYM, + id->get_encoding(id)); + id->destroy(id); + } + } + *out = message->generate(message, nonce); + message->destroy(message); + + free(mk.ptr); + this->pending = SIM_CHALLENGE; + return NEED_MORE; +} + +/** + * process an EAP-SIM/Response/Challenge message + */ +static status_t process_challenge(private_eap_sim_server_t *this, + simaka_message_t *in, eap_payload_t **out) +{ + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data; + + if (this->pending != SIM_CHALLENGE) + { + DBG1(DBG_IKE, "received %N, but not expected", + simaka_subtype_names, SIM_CHALLENGE); + return FAILED; + } + /* verify AT_MAC attribute, signature is over "EAP packet | n*SRES" */ + if (!in->verify(in, this->sreses)) + { + return FAILED; + } + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + if (!simaka_attribute_skippable(type)) + { + enumerator->destroy(enumerator); + return FAILED; + } + } + enumerator->destroy(enumerator); + + return SUCCESS; +} + +/** + * EAP-SIM/Response/ClientErrorCode message + */ +static status_t process_client_error(private_eap_sim_server_t *this, + simaka_message_t *in) +{ + enumerator_t *enumerator; + simaka_attribute_t type; + chunk_t data; + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &type, &data)) + { + if (type == AT_CLIENT_ERROR_CODE) + { + u_int16_t code; + + memcpy(&code, data.ptr, sizeof(code)); + DBG1(DBG_IKE, "received EAP-SIM client error '%N'", + simaka_client_error_names, ntohs(code)); + } + else if (!simaka_attribute_skippable(type)) + { + break; + } + } + enumerator->destroy(enumerator); + return FAILED; +} + +/** + * Implementation of eap_method_t.process + */ +static status_t process(private_eap_sim_server_t *this, + eap_payload_t *in, eap_payload_t **out) +{ + simaka_message_t *message; + status_t status; + + message = simaka_message_create_from_payload(in, this->crypto); + if (!message) + { + return FAILED; + } + if (!message->parse(message)) + { + message->destroy(message); + return FAILED; + } + switch (message->get_subtype(message)) + { + case SIM_START: + status = process_start(this, message, out); + break; + case SIM_CHALLENGE: + status = process_challenge(this, message, out); + break; + case SIM_REAUTHENTICATION: + status = process_reauthentication(this, message, out); + break; + case SIM_CLIENT_ERROR: + status = process_client_error(this, message); + break; + default: + DBG1(DBG_IKE, "unable to process EAP-SIM subtype %N", + simaka_subtype_names, message->get_subtype(message)); + status = FAILED; + break; + } + message->destroy(message); + return status; +} + +/** + * Implementation of eap_method_t.get_type. + */ +static eap_type_t get_type(private_eap_sim_server_t *this, u_int32_t *vendor) +{ + *vendor = 0; + return EAP_SIM; +} + +/** + * Implementation of eap_method_t.get_msk. + */ +static status_t get_msk(private_eap_sim_server_t *this, chunk_t *msk) +{ + if (this->msk.ptr) + { + *msk = this->msk; + return SUCCESS; + } + return FAILED; +} + +/** + * Implementation of eap_method_t.is_mutual. + */ +static bool is_mutual(private_eap_sim_server_t *this) +{ + return TRUE; +} + +/** + * Implementation of eap_method_t.destroy. + */ +static void destroy(private_eap_sim_server_t *this) +{ + this->crypto->destroy(this->crypto); + this->permanent->destroy(this->permanent); + DESTROY_IF(this->pseudonym); + DESTROY_IF(this->reauth); + free(this->sreses.ptr); + free(this->nonce.ptr); + free(this->msk.ptr); + free(this->counter.ptr); + free(this); +} + +/* + * Described in header. + */ +eap_sim_server_t *eap_sim_server_create(identification_t *server, + identification_t *peer) +{ + private_eap_sim_server_t *this = malloc_thing(private_eap_sim_server_t); + + this->public.interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate; + this->public.interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process; + this->public.interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; + this->public.interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; + this->public.interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; + this->public.interface.destroy = (void(*)(eap_method_t*))destroy; + + this->crypto = simaka_crypto_create(); + if (!this->crypto) + { + free(this); + return NULL; + } + this->permanent = peer->clone(peer); + this->pseudonym = NULL; + this->reauth = NULL; + this->sreses = chunk_empty; + this->nonce = chunk_empty; + this->msk = chunk_empty; + this->counter = chunk_empty; + this->pending = 0; + this->use_reauth = this->use_pseudonym = this->use_permanent = + lib->settings->get_bool(lib->settings, + "charon.plugins.eap-sim.request_identity", TRUE); + + /* generate a non-zero identifier */ + do { + this->identifier = random(); + } while (!this->identifier); + + return &this->public; +} + diff --git a/src/charon/plugins/eap_sim/eap_sim_server.h b/src/charon/plugins/eap_sim/eap_sim_server.h new file mode 100644 index 000000000..978e1e1e9 --- /dev/null +++ b/src/charon/plugins/eap_sim/eap_sim_server.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_sim_server eap_sim_server + * @{ @ingroup eap_sim + */ + +#ifndef EAP_SIM_SERVER_H_ +#define EAP_SIM_SERVER_H_ + +#include + +typedef struct eap_sim_server_t eap_sim_server_t; + +/** + * EAP-SIM server implementation. + * + * This EAP-SIM module uses sim_provider_t implementations for triplet + * calculation, found via the eap_sim_manager_t. + */ +struct eap_sim_server_t { + + /** + * Implemented eap_method_t interface. + */ + eap_method_t interface; + + /** + * Destroy a eap_sim_server_t. + */ + void (*destroy)(eap_sim_server_t *this); +}; + +/** + * Creates the EAP method EAP-SIM acting as server. + * + * @param server ID of the EAP server + * @param peer ID of the EAP peer + * @return eap_sim_t object + */ +eap_sim_server_t *eap_sim_server_create(identification_t *server, + identification_t *peer); + +#endif /** EAP_SIM_SERVER_H_ @}*/ diff --git a/src/charon/plugins/eap_sim_file/Makefile.am b/src/charon/plugins/eap_sim_file/Makefile.am index 1cd1dd9e2..350d4244f 100644 --- a/src/charon/plugins/eap_sim_file/Makefile.am +++ b/src/charon/plugins/eap_sim_file/Makefile.am @@ -1,14 +1,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" +AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\" -plugin_LTLIBRARIES = libstrongswan-eapsim-file.la +plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la -libstrongswan_eapsim_file_la_SOURCES = \ +libstrongswan_eap_sim_file_la_SOURCES = \ eap_sim_file_plugin.h eap_sim_file_plugin.c \ eap_sim_file_card.h eap_sim_file_card.c \ eap_sim_file_provider.h eap_sim_file_provider.c \ eap_sim_file_triplets.h eap_sim_file_triplets.c -libstrongswan_eapsim_file_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_sim_file/Makefile.in b/src/charon/plugins/eap_sim_file/Makefile.in index b19cc839f..232c2a133 100644 --- a/src/charon/plugins/eap_sim_file/Makefile.in +++ b/src/charon/plugins/eap_sim_file/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,33 +37,56 @@ host_triplet = @host@ subdir = src/charon/plugins/eap_sim_file DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eapsim_file_la_LIBADD = -am_libstrongswan_eapsim_file_la_OBJECTS = eap_sim_file_plugin.lo \ +libstrongswan_eap_sim_file_la_LIBADD = +am_libstrongswan_eap_sim_file_la_OBJECTS = eap_sim_file_plugin.lo \ eap_sim_file_card.lo eap_sim_file_provider.lo \ eap_sim_file_triplets.lo -libstrongswan_eapsim_file_la_OBJECTS = \ - $(am_libstrongswan_eapsim_file_la_OBJECTS) -libstrongswan_eapsim_file_la_LINK = $(LIBTOOL) --tag=CC \ +libstrongswan_eap_sim_file_la_OBJECTS = \ + $(am_libstrongswan_eap_sim_file_la_OBJECTS) +libstrongswan_eap_sim_file_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eapsim_file_la_LDFLAGS) \ - $(LDFLAGS) -o $@ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_eap_sim_file_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -71,8 +96,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_eapsim_file_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eapsim_file_la_SOURCES) +SOURCES = $(libstrongswan_eap_sim_file_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_sim_file_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -109,25 +134,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -139,11 +161,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -172,9 +197,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -197,7 +222,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -205,6 +230,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -213,10 +239,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -224,18 +252,19 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${confdir}\" -plugin_LTLIBRARIES = libstrongswan-eapsim-file.la -libstrongswan_eapsim_file_la_SOURCES = \ +AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\" +plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la +libstrongswan_eap_sim_file_la_SOURCES = \ eap_sim_file_plugin.h eap_sim_file_plugin.c \ eap_sim_file_card.h eap_sim_file_card.c \ eap_sim_file_provider.h eap_sim_file_provider.c \ eap_sim_file_triplets.h eap_sim_file_triplets.c -libstrongswan_eapsim_file_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: @@ -249,9 +278,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_sim_file/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_sim_file/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_sim_file/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_sim_file/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -269,23 +298,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -296,8 +330,8 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-eapsim-file.la: $(libstrongswan_eapsim_file_la_OBJECTS) $(libstrongswan_eapsim_file_la_DEPENDENCIES) - $(libstrongswan_eapsim_file_la_LINK) -rpath $(plugindir) $(libstrongswan_eapsim_file_la_OBJECTS) $(libstrongswan_eapsim_file_la_LIBADD) $(LIBS) +libstrongswan-eap-sim-file.la: $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_DEPENDENCIES) + $(libstrongswan_eap_sim_file_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -312,21 +346,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -349,7 +383,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -357,29 +391,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -400,13 +439,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -437,6 +480,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -458,6 +502,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -466,18 +512,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -516,6 +572,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c b/src/charon/plugins/eap_sim_file/eap_sim_file_card.c index 7d441ffb2..d132a38f6 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_card.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,54 +15,53 @@ #include "eap_sim_file_card.h" +#include + typedef struct private_eap_sim_file_card_t private_eap_sim_file_card_t; /** * Private data of an eap_sim_file_card_t object. */ struct private_eap_sim_file_card_t { - + /** * Public eap_sim_file_card_t interface. */ eap_sim_file_card_t public; - + /** - * IMSI, is ID_ANY for file implementation + * source of triplets */ - identification_t *imsi; - - /** - * source of triplets - */ eap_sim_file_triplets_t *triplets; }; -#include - /** * Implementation of sim_card_t.get_triplet */ static bool get_triplet(private_eap_sim_file_card_t *this, - char *rand, char *sres, char *kc) + identification_t *id, char *rand, char *sres, char *kc) { enumerator_t *enumerator; - identification_t *id; + identification_t *cand; char *c_rand, *c_sres, *c_kc; - - DBG2(DBG_CFG, "looking for rand: %b", rand, RAND_LEN); - + + DBG2(DBG_CFG, "looking for triplet: %Y rand %b", id, rand, SIM_RAND_LEN); + enumerator = this->triplets->create_enumerator(this->triplets); - while (enumerator->enumerate(enumerator, &id, &c_rand, &c_sres, &c_kc)) + while (enumerator->enumerate(enumerator, &cand, &c_rand, &c_sres, &c_kc)) { - DBG2(DBG_CFG, "found triplet: rand %b\nsres %b\n kc %b", - c_rand, RAND_LEN, c_sres, SRES_LEN, c_kc, KC_LEN); - if (memeq(c_rand, rand, RAND_LEN)) + DBG2(DBG_CFG, "got a triplet: %Y rand %b\nsres %b\n kc %b", cand, + c_rand, SIM_RAND_LEN, c_sres, SIM_SRES_LEN, c_kc, SIM_KC_LEN); + if (id->matches(id, cand)) { - memcpy(sres, c_sres, SRES_LEN); - memcpy(kc, c_kc, KC_LEN); - enumerator->destroy(enumerator); - return TRUE; + if (memeq(c_rand, rand, SIM_RAND_LEN)) + { + DBG2(DBG_CFG, " => triplet matches"); + memcpy(sres, c_sres, SIM_SRES_LEN); + memcpy(kc, c_kc, SIM_KC_LEN); + enumerator->destroy(enumerator); + return TRUE; + } } } enumerator->destroy(enumerator); @@ -70,11 +69,11 @@ static bool get_triplet(private_eap_sim_file_card_t *this, } /** - * Implementation of sim_card_t.get_imsi + * Implementation of sim_card_t.get_quintuplet */ -static identification_t* get_imsi(private_eap_sim_file_card_t *this) +static status_t get_quintuplet() { - return this->imsi; + return NOT_SUPPORTED; } /** @@ -82,7 +81,6 @@ static identification_t* get_imsi(private_eap_sim_file_card_t *this) */ static void destroy(private_eap_sim_file_card_t *this) { - this->imsi->destroy(this->imsi); free(this); } @@ -92,15 +90,18 @@ static void destroy(private_eap_sim_file_card_t *this) eap_sim_file_card_t *eap_sim_file_card_create(eap_sim_file_triplets_t *triplets) { private_eap_sim_file_card_t *this = malloc_thing(private_eap_sim_file_card_t); - - this->public.card.get_triplet = (bool(*)(sim_card_t*, char *rand, char *sres, char *kc))get_triplet; - this->public.card.get_imsi = (identification_t*(*)(sim_card_t*))get_imsi; + + this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet; + this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet; + this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; + this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))return_null; + this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))nop; + this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null; + this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop; this->public.destroy = (void(*)(eap_sim_file_card_t*))destroy; - - /* this SIM card implementation does not have an ID, serve ID_ANY */ - this->imsi = identification_create_from_encoding(ID_ANY, chunk_empty); + this->triplets = triplets; - + return &this->public; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h b/src/charon/plugins/eap_sim_file/eap_sim_file_card.h index e7160a33b..1a5470968 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_card.h @@ -36,7 +36,7 @@ struct eap_sim_file_card_t { * Implements sim_card_t interface */ sim_card_t card; - + /** * Destroy a eap_sim_file_card_t. */ @@ -50,4 +50,4 @@ struct eap_sim_file_card_t { */ eap_sim_file_card_t *eap_sim_file_card_create(eap_sim_file_triplets_t *triplets); -#endif /** EAP_SIM_FILE_CARD_ @}*/ +#endif /** EAP_SIM_FILE_CARD_H_ @}*/ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c b/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c index eb6fb4c9c..22ad31703 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c @@ -28,22 +28,22 @@ typedef struct private_eap_sim_file_t private_eap_sim_file_t; * Private data of an eap_sim_file_t object. */ struct private_eap_sim_file_t { - + /** * Public eap_sim_file_plugin_t interface. */ eap_sim_file_plugin_t public; - + /** * SIM card */ eap_sim_file_card_t *card; - + /** * SIM provider */ eap_sim_file_provider_t *provider; - + /** * Triplet source */ @@ -69,16 +69,22 @@ static void destroy(private_eap_sim_file_t *this) plugin_t *plugin_create() { private_eap_sim_file_t *this = malloc_thing(private_eap_sim_file_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->triplets = eap_sim_file_triplets_create(TRIPLET_FILE); - this->card = eap_sim_file_card_create(this->triplets); this->provider = eap_sim_file_provider_create(this->triplets); - + if (!this->provider) + { + this->triplets->destroy(this->triplets); + free(this); + return NULL; + } + this->card = eap_sim_file_card_create(this->triplets); + charon->sim->add_card(charon->sim, &this->card->card); charon->sim->add_provider(charon->sim, &this->provider->provider); - + return &this->public.plugin; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c index 89866ade6..9bee31fc3 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,21 +15,23 @@ #include "eap_sim_file_provider.h" +#include + typedef struct private_eap_sim_file_provider_t private_eap_sim_file_provider_t; /** * Private data of an eap_sim_file_provider_t object. */ struct private_eap_sim_file_provider_t { - + /** * Public eap_sim_file_provider_t interface. */ eap_sim_file_provider_t public; - + /** - * source of triplets - */ + * source of triplets + */ eap_sim_file_triplets_t *triplets; }; @@ -37,21 +39,20 @@ struct private_eap_sim_file_provider_t { * Implementation of sim_provider_t.get_triplet */ static bool get_triplet(private_eap_sim_file_provider_t *this, - identification_t *imsi, - char *rand, char *sres, char *kc) + identification_t *id, char *rand, char *sres, char *kc) { enumerator_t *enumerator; - identification_t *id; + identification_t *cand; char *c_rand, *c_sres, *c_kc; - + enumerator = this->triplets->create_enumerator(this->triplets); - while (enumerator->enumerate(enumerator, &id, &c_rand, &c_sres, &c_kc)) + while (enumerator->enumerate(enumerator, &cand, &c_rand, &c_sres, &c_kc)) { - if (imsi->matches(imsi, id)) + if (id->matches(id, cand)) { - memcpy(rand, c_rand, RAND_LEN); - memcpy(sres, c_sres, SRES_LEN); - memcpy(kc, c_kc, KC_LEN); + memcpy(rand, c_rand, SIM_RAND_LEN); + memcpy(sres, c_sres, SIM_SRES_LEN); + memcpy(kc, c_kc, SIM_KC_LEN); enumerator->destroy(enumerator); return TRUE; } @@ -75,12 +76,18 @@ eap_sim_file_provider_t *eap_sim_file_provider_create( eap_sim_file_triplets_t *triplets) { private_eap_sim_file_provider_t *this = malloc_thing(private_eap_sim_file_provider_t); - - this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *imsi, char rand[16], char sres[4], char kc[8]))get_triplet; + + this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))get_triplet; + this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false; + this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; + this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null; + this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null; + this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null; + this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null; this->public.destroy = (void(*)(eap_sim_file_provider_t*))destroy; - + this->triplets = triplets; - + return &this->public; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h index ec3bfb469..10fda282a 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h @@ -23,8 +23,6 @@ #include "eap_sim_file_triplets.h" -#include - typedef struct eap_sim_file_provider_t eap_sim_file_provider_t; /** @@ -36,7 +34,7 @@ struct eap_sim_file_provider_t { * Implements sim_provider_t interface. */ sim_provider_t provider; - + /** * Destroy a eap_sim_file_provider_t. */ @@ -49,4 +47,4 @@ struct eap_sim_file_provider_t { eap_sim_file_provider_t *eap_sim_file_provider_create( eap_sim_file_triplets_t *triplets); -#endif /** EAP_SIM_FILE_PROVIDER_ @}*/ +#endif /** EAP_SIM_FILE_PROVIDER_H_ @}*/ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c index e27ed6860..6b7d99fb7 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c @@ -20,7 +20,7 @@ #include #include -#include +#include typedef struct private_eap_sim_file_triplets_t private_eap_sim_file_triplets_t; @@ -28,17 +28,17 @@ typedef struct private_eap_sim_file_triplets_t private_eap_sim_file_triplets_t; * Private data of an eap_sim_file_triplets_t object. */ struct private_eap_sim_file_triplets_t { - + /** * Public eap_sim_file_triplets_t interface. */ eap_sim_file_triplets_t public; - + /** * List of triplets, as triplet_t */ linked_list_t *triplets; - + /** * mutex to lock triplets list */ @@ -50,9 +50,9 @@ struct private_eap_sim_file_triplets_t { */ typedef struct { identification_t *imsi; - char rand[RAND_LEN]; - char sres[SRES_LEN]; - char kc[KC_LEN]; + char rand[SIM_RAND_LEN]; + char sres[SIM_SRES_LEN]; + char kc[SIM_KC_LEN]; } triplet_t; /** @@ -60,7 +60,7 @@ typedef struct { */ static void triplet_destroy(triplet_t *this) { - this->imsi->destroy(this->imsi); + DESTROY_IF(this->imsi); free(this); } @@ -103,7 +103,7 @@ static bool enumerator_enumerate(triplet_enumerator_t *e, identification_t **ims char **rand, char **sres, char **kc) { triplet_t *triplet; - + if (e->inner->enumerate(e->inner, &triplet)) { e->current = triplet; @@ -123,14 +123,14 @@ static bool enumerator_enumerate(triplet_enumerator_t *e, identification_t **ims static enumerator_t* create_enumerator(private_eap_sim_file_triplets_t *this) { triplet_enumerator_t *enumerator = malloc_thing(triplet_enumerator_t); - + this->mutex->lock(this->mutex); enumerator->public.enumerate = (void*)enumerator_enumerate; enumerator->public.destroy = (void*)enumerator_destroy; enumerator->inner = this->triplets->create_enumerator(this->triplets); enumerator->current = NULL; enumerator->this = this; - + return &enumerator->public; } @@ -140,7 +140,7 @@ static enumerator_t* create_enumerator(private_eap_sim_file_triplets_t *this) static void parse_token(char *to, char *from, size_t len) { chunk_t chunk; - + chunk = chunk_create(from, min(strlen(from), len * 2)); chunk = chunk_from_hex(chunk, NULL); memset(to, 0, len); @@ -156,22 +156,22 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) char line[512]; FILE *file; int i, nr = 0; - + file = fopen(path, "r"); if (file == NULL) { - DBG1(DBG_CFG, "opening triplet file %s failed: %s", + DBG1(DBG_CFG, "opening triplet file %s failed: %s", path, strerror(errno)); return; } - + /* read line by line */ while (fgets(line, sizeof(line), file)) { triplet_t *triplet; enumerator_t *enumerator; char *token; - + nr++; /* skip comments, empty lines */ switch (line[0]) @@ -186,7 +186,7 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) } triplet = malloc_thing(triplet_t); memset(triplet, 0, sizeof(triplet_t)); - + i = 0; enumerator = enumerator_create_token(line, ",", " \n\r#"); while (enumerator->enumerate(enumerator, &token)) @@ -197,13 +197,13 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) triplet->imsi = identification_create_from_string(token); continue; case 1: /* rand */ - parse_token(triplet->rand, token, RAND_LEN); + parse_token(triplet->rand, token, SIM_RAND_LEN); continue; case 2: /* sres */ - parse_token(triplet->sres, token, SRES_LEN); + parse_token(triplet->sres, token, SIM_SRES_LEN); continue; case 3: /* kc */ - parse_token(triplet->kc, token, KC_LEN); + parse_token(triplet->kc, token, SIM_KC_LEN); continue; default: break;; @@ -217,15 +217,15 @@ static void read_triplets(private_eap_sim_file_triplets_t *this, char *path) triplet_destroy(triplet); continue; } - + DBG2(DBG_CFG, "triplet: imsi %Y\nrand %b\nsres %b\nkc %b", - triplet->imsi, triplet->rand, RAND_LEN, - triplet->sres, SRES_LEN, triplet->kc, KC_LEN); - + triplet->imsi, triplet->rand, SIM_RAND_LEN, + triplet->sres, SIM_SRES_LEN, triplet->kc, SIM_KC_LEN); + this->triplets->insert_last(this->triplets, triplet); } fclose(file); - + DBG1(DBG_CFG, "read %d triplets from %s", this->triplets->get_count(this->triplets), path); } @@ -246,15 +246,15 @@ static void destroy(private_eap_sim_file_triplets_t *this) eap_sim_file_triplets_t *eap_sim_file_triplets_create(char *file) { private_eap_sim_file_triplets_t *this = malloc_thing(private_eap_sim_file_triplets_t); - + this->public.create_enumerator = (enumerator_t*(*)(eap_sim_file_triplets_t*))create_enumerator; this->public.destroy = (void(*)(eap_sim_file_triplets_t*))destroy; - + this->triplets = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + read_triplets(this, file); - + return &this->public; } diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h index d4ff2a781..8f8130810 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h +++ b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h @@ -21,23 +21,7 @@ #ifndef EAP_SIM_FILE_TRIPLETS_H_ #define EAP_SIM_FILE_TRIPLETS_H_ -#include -#include - -/** - * size of RAND value - */ -#define RAND_LEN 16 - -/** - * size of SRES value - */ -#define SRES_LEN 4 - -/** - * size of KC value - */ -#define KC_LEN 8 +#include typedef struct eap_sim_file_triplets_t eap_sim_file_triplets_t; @@ -69,4 +53,4 @@ struct eap_sim_file_triplets_t { */ eap_sim_file_triplets_t *eap_sim_file_triplets_create(char *file); -#endif /** EAP_SIM_FILE_TRIPLETS_ @}*/ +#endif /** EAP_SIM_FILE_TRIPLETS_H_ @}*/ diff --git a/src/charon/plugins/eap_simaka_pseudonym/Makefile.am b/src/charon/plugins/eap_simaka_pseudonym/Makefile.am new file mode 100644 index 000000000..fe87d6d62 --- /dev/null +++ b/src/charon/plugins/eap_simaka_pseudonym/Makefile.am @@ -0,0 +1,13 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la + +libstrongswan_eap_simaka_pseudonym_la_SOURCES = \ + eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \ + eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \ + eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c +libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version + diff --git a/src/charon/plugins/eap_simaka_pseudonym/Makefile.in b/src/charon/plugins/eap_simaka_pseudonym/Makefile.in new file mode 100644 index 000000000..392331fb1 --- /dev/null +++ b/src/charon/plugins/eap_simaka_pseudonym/Makefile.in @@ -0,0 +1,577 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/charon/plugins/eap_simaka_pseudonym +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_eap_simaka_pseudonym_la_LIBADD = +am_libstrongswan_eap_simaka_pseudonym_la_OBJECTS = \ + eap_simaka_pseudonym_plugin.lo eap_simaka_pseudonym_card.lo \ + eap_simaka_pseudonym_provider.lo +libstrongswan_eap_simaka_pseudonym_la_OBJECTS = \ + $(am_libstrongswan_eap_simaka_pseudonym_la_OBJECTS) +libstrongswan_eap_simaka_pseudonym_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_eap_simaka_pseudonym_la_LDFLAGS) $(LDFLAGS) -o \ + $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_eap_simaka_pseudonym_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_simaka_pseudonym_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la +libstrongswan_eap_simaka_pseudonym_la_SOURCES = \ + eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \ + eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \ + eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c + +libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_pseudonym/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_pseudonym/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-eap-simaka-pseudonym.la: $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_DEPENDENCIES) + $(libstrongswan_eap_simaka_pseudonym_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_simaka_pseudonym_card.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_simaka_pseudonym_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_simaka_pseudonym_provider.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c new file mode 100644 index 000000000..9b0f1bc71 --- /dev/null +++ b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c @@ -0,0 +1,154 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_simaka_pseudonym_card.h" + +#include +#include + +typedef struct private_eap_simaka_pseudonym_card_t private_eap_simaka_pseudonym_card_t; + +/** + * Private data of an eap_simaka_pseudonym_card_t object. + */ +struct private_eap_simaka_pseudonym_card_t { + + /** + * Public eap_simaka_pseudonym_card_t interface. + */ + eap_simaka_pseudonym_card_t public; + + /** + * Permanent -> pseudonym mappings + */ + hashtable_t *pseudonym; + + /** + * Reverse pseudonym -> permanent mappings + */ + hashtable_t *permanent; +}; + +/** + * hashtable hash function + */ +static u_int hash(identification_t *key) +{ + return chunk_hash(key->get_encoding(key)); +} + +/** + * hashtable equals function + */ +static bool equals(identification_t *key1, identification_t *key2) +{ + return key1->equals(key1, key2); +} + +/** + * Implementation of sim_card_t.get_pseudonym + */ +static identification_t *get_pseudonym(private_eap_simaka_pseudonym_card_t *this, + identification_t *id) +{ + identification_t *pseudonym; + + pseudonym = this->pseudonym->get(this->pseudonym, id); + if (pseudonym) + { + return pseudonym->clone(pseudonym); + } + return NULL; +} + +/** + * Implementation of sim_card_t.set_pseudonym + */ +static void set_pseudonym(private_eap_simaka_pseudonym_card_t *this, + identification_t *id, identification_t *pseudonym) +{ + identification_t *permanent; + + /* create new entries */ + id = id->clone(id); + pseudonym = pseudonym->clone(pseudonym); + permanent = this->permanent->put(this->permanent, pseudonym, id); + pseudonym = this->pseudonym->put(this->pseudonym, id, pseudonym); + + /* delete old entries */ + DESTROY_IF(permanent); + DESTROY_IF(pseudonym); +} + +/** + * Implementation of sim_card_t.get_quintuplet + */ +static status_t get_quintuplet() +{ + return NOT_SUPPORTED; +} + +/** + * Implementation of eap_simaka_pseudonym_card_t.destroy. + */ +static void destroy(private_eap_simaka_pseudonym_card_t *this) +{ + enumerator_t *enumerator; + identification_t *id; + void *key; + + enumerator = this->pseudonym->create_enumerator(this->pseudonym); + while (enumerator->enumerate(enumerator, &key, &id)) + { + id->destroy(id); + } + enumerator->destroy(enumerator); + + enumerator = this->permanent->create_enumerator(this->permanent); + while (enumerator->enumerate(enumerator, &key, &id)) + { + id->destroy(id); + } + enumerator->destroy(enumerator); + + this->pseudonym->destroy(this->pseudonym); + this->permanent->destroy(this->permanent); + free(this); +} + +/** + * See header + */ +eap_simaka_pseudonym_card_t *eap_simaka_pseudonym_card_create() +{ + private_eap_simaka_pseudonym_card_t *this; + + this = malloc_thing(private_eap_simaka_pseudonym_card_t); + + this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false; + this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet; + this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; + this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))get_pseudonym; + this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))set_pseudonym; + this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))return_null; + this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))nop; + this->public.destroy = (void(*)(eap_simaka_pseudonym_card_t*))destroy; + + this->pseudonym = hashtable_create((void*)hash, (void*)equals, 0); + this->permanent = hashtable_create((void*)hash, (void*)equals, 0); + + return &this->public; +} + diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h new file mode 100644 index 000000000..1b5940fdc --- /dev/null +++ b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_simaka_pseudonym_card eap_simaka_pseudonym_card + * @{ @ingroup eap_simaka_pseudonym + */ + +#ifndef EAP_SIMAKA_PSEUDONYM_CARD_H_ +#define EAP_SIMAKA_PSEUDONYM_CARD_H_ + +#include + +typedef struct eap_simaka_pseudonym_card_t eap_simaka_pseudonym_card_t; + +/** + * SIM card implementing volatile in-memory pseudonym storage. + */ +struct eap_simaka_pseudonym_card_t { + + /** + * Implements sim_card_t interface + */ + sim_card_t card; + + /** + * Destroy a eap_simaka_pseudonym_card_t. + */ + void (*destroy)(eap_simaka_pseudonym_card_t *this); +}; + +/** + * Create a eap_simaka_pseudonym_card instance. + */ +eap_simaka_pseudonym_card_t *eap_simaka_pseudonym_card_create(); + +#endif /** EAP_SIMAKA_PSEUDONYM_CARD_H_ @}*/ diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c new file mode 100644 index 000000000..e4e179a7d --- /dev/null +++ b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_simaka_pseudonym_plugin.h" +#include "eap_simaka_pseudonym_card.h" +#include "eap_simaka_pseudonym_provider.h" + +#include + +typedef struct private_eap_simaka_pseudonym_t private_eap_simaka_pseudonym_t; + +/** + * Private data of an eap_simaka_pseudonym_t object. + */ +struct private_eap_simaka_pseudonym_t { + + /** + * Public eap_simaka_pseudonym_plugin_t interface. + */ + eap_simaka_pseudonym_plugin_t public; + + /** + * SIM card + */ + eap_simaka_pseudonym_card_t *card; + + /** + * SIM provider + */ + eap_simaka_pseudonym_provider_t *provider; +}; + +/** + * Implementation of eap_simaka_pseudonym_t.destroy. + */ +static void destroy(private_eap_simaka_pseudonym_t *this) +{ + charon->sim->remove_card(charon->sim, &this->card->card); + charon->sim->remove_provider(charon->sim, &this->provider->provider); + this->card->destroy(this->card); + this->provider->destroy(this->provider); + free(this); +} + +/** + * See header + */ +plugin_t *plugin_create() +{ + private_eap_simaka_pseudonym_t *this; + + this = malloc_thing(private_eap_simaka_pseudonym_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->provider = eap_simaka_pseudonym_provider_create(); + if (!this->provider) + { + free(this); + return NULL; + } + this->card = eap_simaka_pseudonym_card_create(); + + charon->sim->add_card(charon->sim, &this->card->card); + charon->sim->add_provider(charon->sim, &this->provider->provider); + + return &this->public.plugin; +} + diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h new file mode 100644 index 000000000..032604eb1 --- /dev/null +++ b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_simaka_pseudonym eap_simaka_pseudonym + * @ingroup cplugins + * + * @defgroup eap_simaka_pseudonym_plugin eap_simaka_pseudonym_plugin + * @{ @ingroup eap_simaka_pseudonym + */ + +#ifndef EAP_SIMAKA_PSEUDONYM_PLUGIN_H_ +#define EAP_SIMAKA_PSEUDONYM_PLUGIN_H_ + +#include + +typedef struct eap_simaka_pseudonym_plugin_t eap_simaka_pseudonym_plugin_t; + +/** + * Plugin to provide in-memory storage of EAP-SIM/AKA pseudonyms. + */ +struct eap_simaka_pseudonym_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a eap_simaka_pseudonym_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** EAP_SIMAKA_PSEUDONYM_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c new file mode 100644 index 000000000..0613b8807 --- /dev/null +++ b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c @@ -0,0 +1,182 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_simaka_pseudonym_provider.h" + +#include + +typedef struct private_eap_simaka_pseudonym_provider_t private_eap_simaka_pseudonym_provider_t; + +/** + * Private data of an eap_simaka_pseudonym_provider_t object. + */ +struct private_eap_simaka_pseudonym_provider_t { + + /** + * Public eap_simaka_pseudonym_provider_t interface. + */ + eap_simaka_pseudonym_provider_t public; + + /** + * Permanent -> pseudonym mappings + */ + hashtable_t *pseudonym; + + /** + * Reverse pseudonym -> permanent mappings + */ + hashtable_t *permanent; + + /** + * RNG for pseudonyms/reauth identities + */ + rng_t *rng; +}; + +/** + * hashtable hash function + */ +static u_int hash(identification_t *key) +{ + return chunk_hash(key->get_encoding(key)); +} + +/** + * hashtable equals function + */ +static bool equals(identification_t *key1, identification_t *key2) +{ + return key1->equals(key1, key2); +} + +/** + * Implementation of sim_provider_t.is_pseudonym + */ +static identification_t* is_pseudonym( + private_eap_simaka_pseudonym_provider_t *this, identification_t *id) +{ + identification_t *permanent; + + permanent = this->permanent->get(this->permanent, id); + if (permanent) + { + return permanent->clone(permanent); + } + return NULL; +} + +/** + * Generate a random identity + */ +static identification_t *gen_identity( + private_eap_simaka_pseudonym_provider_t *this) +{ + char buf[8], hex[sizeof(buf) * 2 + 1]; + + this->rng->get_bytes(this->rng, sizeof(buf), buf); + chunk_to_hex(chunk_create(buf, sizeof(buf)), hex, FALSE); + + return identification_create_from_string(hex); +} + +/** + * Implementation of sim_provider_t.get_pseudonym + */ +static identification_t* gen_pseudonym( + private_eap_simaka_pseudonym_provider_t *this, identification_t *id) +{ + identification_t *pseudonym, *permanent; + + /* remove old entry */ + pseudonym = this->pseudonym->remove(this->pseudonym, id); + if (pseudonym) + { + permanent = this->permanent->remove(this->permanent, pseudonym); + if (permanent) + { + permanent->destroy(permanent); + } + pseudonym->destroy(pseudonym); + } + + pseudonym = gen_identity(this); + + /* create new entries */ + id = id->clone(id); + this->pseudonym->put(this->pseudonym, id, pseudonym); + this->permanent->put(this->permanent, pseudonym, id); + + return pseudonym->clone(pseudonym); +} + +/** + * Implementation of eap_simaka_pseudonym_provider_t.destroy. + */ +static void destroy(private_eap_simaka_pseudonym_provider_t *this) +{ + enumerator_t *enumerator; + identification_t *id; + void *key; + + enumerator = this->pseudonym->create_enumerator(this->pseudonym); + while (enumerator->enumerate(enumerator, &key, &id)) + { + id->destroy(id); + } + enumerator->destroy(enumerator); + + enumerator = this->permanent->create_enumerator(this->permanent); + while (enumerator->enumerate(enumerator, &key, &id)) + { + id->destroy(id); + } + enumerator->destroy(enumerator); + + this->pseudonym->destroy(this->pseudonym); + this->permanent->destroy(this->permanent); + this->rng->destroy(this->rng); + free(this); +} + +/** + * See header + */ +eap_simaka_pseudonym_provider_t *eap_simaka_pseudonym_provider_create() +{ + private_eap_simaka_pseudonym_provider_t *this; + + this = malloc_thing(private_eap_simaka_pseudonym_provider_t); + + this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false; + this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false; + this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; + this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))is_pseudonym; + this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))gen_pseudonym; + this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))return_null; + this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))return_null; + this->public.destroy = (void(*)(eap_simaka_pseudonym_provider_t*))destroy; + + this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (!this->rng) + { + free(this); + return NULL; + } + this->pseudonym = hashtable_create((void*)hash, (void*)equals, 0); + this->permanent = hashtable_create((void*)hash, (void*)equals, 0); + + return &this->public; +} + diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h new file mode 100644 index 000000000..5d8e6d221 --- /dev/null +++ b/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_simaka_pseudonym_provider eap_simaka_pseudonym_provider + * @{ @ingroup eap_simaka_pseudonym + */ + +#ifndef EAP_SIMAKA_PSEDUONYM_PROVIDER_H_ +#define EAP_SIMAKA_PSEDUONYM_PROVIDER_H_ + +#include + +typedef struct eap_simaka_pseudonym_provider_t eap_simaka_pseudonym_provider_t; + +/** + * SIM provider implementing volatile in-memory pseudonym storage. + */ +struct eap_simaka_pseudonym_provider_t { + + /** + * Implements sim_provider_t interface. + */ + sim_provider_t provider; + + /** + * Destroy a eap_simaka_pseudonym_provider_t. + */ + void (*destroy)(eap_simaka_pseudonym_provider_t *this); +}; + +/** + * Create a eap_simaka_pseudonym_provider instance. + */ +eap_simaka_pseudonym_provider_t *eap_simaka_pseudonym_provider_create(); + +#endif /** EAP_SIMAKA_PSEDUONYM_PROVIDER_H_ @}*/ diff --git a/src/charon/plugins/eap_simaka_reauth/Makefile.am b/src/charon/plugins/eap_simaka_reauth/Makefile.am new file mode 100644 index 000000000..0ba727136 --- /dev/null +++ b/src/charon/plugins/eap_simaka_reauth/Makefile.am @@ -0,0 +1,13 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la + +libstrongswan_eap_simaka_reauth_la_SOURCES = \ + eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \ + eap_simaka_reauth_card.h eap_simaka_reauth_card.c \ + eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c +libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version + diff --git a/src/charon/plugins/eap_simaka_reauth/Makefile.in b/src/charon/plugins/eap_simaka_reauth/Makefile.in new file mode 100644 index 000000000..d709acb70 --- /dev/null +++ b/src/charon/plugins/eap_simaka_reauth/Makefile.in @@ -0,0 +1,576 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/charon/plugins/eap_simaka_reauth +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_eap_simaka_reauth_la_LIBADD = +am_libstrongswan_eap_simaka_reauth_la_OBJECTS = \ + eap_simaka_reauth_plugin.lo eap_simaka_reauth_card.lo \ + eap_simaka_reauth_provider.lo +libstrongswan_eap_simaka_reauth_la_OBJECTS = \ + $(am_libstrongswan_eap_simaka_reauth_la_OBJECTS) +libstrongswan_eap_simaka_reauth_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_eap_simaka_reauth_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_eap_simaka_reauth_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_simaka_reauth_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la +libstrongswan_eap_simaka_reauth_la_SOURCES = \ + eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \ + eap_simaka_reauth_card.h eap_simaka_reauth_card.c \ + eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c + +libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_reauth/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_reauth/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-eap-simaka-reauth.la: $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_DEPENDENCIES) + $(libstrongswan_eap_simaka_reauth_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_simaka_reauth_card.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_simaka_reauth_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_simaka_reauth_provider.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c new file mode 100644 index 000000000..14d0416d9 --- /dev/null +++ b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c @@ -0,0 +1,170 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_simaka_reauth_card.h" + +#include +#include + +typedef struct private_eap_simaka_reauth_card_t private_eap_simaka_reauth_card_t; + +/** + * Private data of an eap_simaka_reauth_card_t object. + */ +struct private_eap_simaka_reauth_card_t { + + /** + * Public eap_simaka_reauth_card_t interface. + */ + eap_simaka_reauth_card_t public; + + /** + * Permanent -> reauth_data_t mappings + */ + hashtable_t *reauth; +}; + +/** + * Data associated to a reauthentication identity + */ +typedef struct { + /** currently used reauthentication identity */ + identification_t *id; + /** associated permanent identity */ + identification_t *permanent; + /** counter value */ + u_int16_t counter; + /** master key */ + char mk[HASH_SIZE_SHA1]; +} reauth_data_t; + +/** + * hashtable hash function + */ +static u_int hash(identification_t *key) +{ + return chunk_hash(key->get_encoding(key)); +} + +/** + * hashtable equals function + */ +static bool equals(identification_t *key1, identification_t *key2) +{ + return key1->equals(key1, key2); +} + +/** + * Implementation of sim_card_t.get_reauth + */ +static identification_t *get_reauth(private_eap_simaka_reauth_card_t *this, + identification_t *id, char mk[HASH_SIZE_SHA1], + u_int16_t *counter) +{ + reauth_data_t *data; + identification_t *reauth; + + /* look up reauthentication data */ + data = this->reauth->remove(this->reauth, id); + if (!data) + { + return NULL; + } + *counter = ++data->counter; + memcpy(mk, data->mk, HASH_SIZE_SHA1); + reauth = data->id; + data->permanent->destroy(data->permanent); + free(data); + return reauth; +} + +/** + * Implementation of sim_card_t.set_reauth + */ +static void set_reauth(private_eap_simaka_reauth_card_t *this, + identification_t *id, identification_t* next, + char mk[HASH_SIZE_SHA1], u_int16_t counter) +{ + reauth_data_t *data; + + data = this->reauth->get(this->reauth, id); + if (data) + { + data->id->destroy(data->id); + } + else + { + data = malloc_thing(reauth_data_t); + data->permanent = id->clone(id); + this->reauth->put(this->reauth, data->permanent, data); + } + data->counter = counter; + data->id = next->clone(next); + memcpy(data->mk, mk, HASH_SIZE_SHA1); +} + +/** + * Implementation of sim_card_t.get_quintuplet + */ +static status_t get_quintuplet() +{ + return NOT_SUPPORTED; +} + +/** + * Implementation of eap_simaka_reauth_card_t.destroy. + */ +static void destroy(private_eap_simaka_reauth_card_t *this) +{ + enumerator_t *enumerator; + reauth_data_t *data; + void *key; + + enumerator = this->reauth->create_enumerator(this->reauth); + while (enumerator->enumerate(enumerator, &key, &data)) + { + data->id->destroy(data->id); + data->permanent->destroy(data->permanent); + free(data); + } + enumerator->destroy(enumerator); + + this->reauth->destroy(this->reauth); + free(this); +} + +/** + * See header + */ +eap_simaka_reauth_card_t *eap_simaka_reauth_card_create() +{ + private_eap_simaka_reauth_card_t *this; + + this = malloc_thing(private_eap_simaka_reauth_card_t); + + this->public.card.get_triplet = (bool(*)(sim_card_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_null; + this->public.card.get_quintuplet = (status_t(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))get_quintuplet; + this->public.card.resync = (bool(*)(sim_card_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; + this->public.card.get_pseudonym = (identification_t*(*)(sim_card_t*, identification_t *perm))return_null; + this->public.card.set_pseudonym = (void(*)(sim_card_t*, identification_t *id, identification_t *pseudonym))nop; + this->public.card.get_reauth = (identification_t*(*)(sim_card_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))get_reauth; + this->public.card.set_reauth = (void(*)(sim_card_t*, identification_t *id, identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter))set_reauth; + this->public.destroy = (void(*)(eap_simaka_reauth_card_t*))destroy; + + this->reauth = hashtable_create((void*)hash, (void*)equals, 0); + + return &this->public; +} + diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h new file mode 100644 index 000000000..f24dc8a15 --- /dev/null +++ b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_simaka_reauth_card eap_simaka_reauth_card + * @{ @ingroup eap_simaka_reauth + */ + +#ifndef EAP_SIMAKA_REAUTH_CARD_H_ +#define EAP_SIMAKA_REAUTH_CARD_H_ + +#include + +typedef struct eap_simaka_reauth_card_t eap_simaka_reauth_card_t; + +/** + * SIM card implementing volatile in-memory reauthentication data storage. + */ +struct eap_simaka_reauth_card_t { + + /** + * Implements sim_card_t interface + */ + sim_card_t card; + + /** + * Destroy a eap_simaka_reauth_card_t. + */ + void (*destroy)(eap_simaka_reauth_card_t *this); +}; + +/** + * Create a eap_simaka_reauth_card instance. + */ +eap_simaka_reauth_card_t *eap_simaka_reauth_card_create(); + +#endif /** EAP_SIMAKA_REAUTH_CARD_H_ @}*/ diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c new file mode 100644 index 000000000..b2e853e21 --- /dev/null +++ b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_simaka_reauth_plugin.h" +#include "eap_simaka_reauth_card.h" +#include "eap_simaka_reauth_provider.h" + +#include + +typedef struct private_eap_simaka_reauth_t private_eap_simaka_reauth_t; + +/** + * Private data of an eap_simaka_reauth_t object. + */ +struct private_eap_simaka_reauth_t { + + /** + * Public eap_simaka_reauth_plugin_t interface. + */ + eap_simaka_reauth_plugin_t public; + + /** + * SIM card + */ + eap_simaka_reauth_card_t *card; + + /** + * SIM provider + */ + eap_simaka_reauth_provider_t *provider; +}; + +/** + * Implementation of eap_simaka_reauth_t.destroy. + */ +static void destroy(private_eap_simaka_reauth_t *this) +{ + charon->sim->remove_card(charon->sim, &this->card->card); + charon->sim->remove_provider(charon->sim, &this->provider->provider); + this->card->destroy(this->card); + this->provider->destroy(this->provider); + free(this); +} + +/** + * See header + */ +plugin_t *plugin_create() +{ + private_eap_simaka_reauth_t *this = malloc_thing(private_eap_simaka_reauth_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->provider = eap_simaka_reauth_provider_create(); + if (!this->provider) + { + free(this); + return NULL; + } + this->card = eap_simaka_reauth_card_create(); + + charon->sim->add_card(charon->sim, &this->card->card); + charon->sim->add_provider(charon->sim, &this->provider->provider); + + return &this->public.plugin; +} + diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h new file mode 100644 index 000000000..e86832c0e --- /dev/null +++ b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_simaka_reauth eap_simaka_reauth + * @ingroup cplugins + * + * @defgroup eap_simaka_reauth_plugin eap_simaka_reauth_plugin + * @{ @ingroup eap_simaka_reauth + */ + +#ifndef EAP_SIMAKA_REAUTH_PLUGIN_H_ +#define EAP_SIMAKA_REAUTH_PLUGIN_H_ + +#include + +typedef struct eap_simaka_reauth_plugin_t eap_simaka_reauth_plugin_t; + +/** + * Plugin to provide in-memory EAP-SIM/AKA reauthentication data storage. + */ +struct eap_simaka_reauth_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a eap_simaka_reauth_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** EAP_SIMAKA_REAUTH_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c new file mode 100644 index 000000000..f962b2d84 --- /dev/null +++ b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c @@ -0,0 +1,209 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "eap_simaka_reauth_provider.h" + +#include +#include + +typedef struct private_eap_simaka_reauth_provider_t private_eap_simaka_reauth_provider_t; + +/** + * Private data of an eap_simaka_reauth_provider_t object. + */ +struct private_eap_simaka_reauth_provider_t { + + /** + * Public eap_simaka_reauth_provider_t interface. + */ + eap_simaka_reauth_provider_t public; + + /** + * Permanent -> reauth_data_t mappings + */ + hashtable_t *reauth; + + /** + * Reverse reauth -> permanent mappings + */ + hashtable_t *permanent; + + /** + * RNG for pseudonyms/reauth identities + */ + rng_t *rng; +}; + +/** + * Data associated to a reauthentication identity + */ +typedef struct { + /** currently used reauthentication identity */ + identification_t *id; + /** counter value */ + u_int16_t counter; + /** master key */ + char mk[HASH_SIZE_SHA1]; +} reauth_data_t; + +/** + * hashtable hash function + */ +static u_int hash(identification_t *key) +{ + return chunk_hash(key->get_encoding(key)); +} + +/** + * hashtable equals function + */ +static bool equals(identification_t *key1, identification_t *key2) +{ + return key1->equals(key1, key2); +} + +/** + * Generate a random identity + */ +static identification_t *gen_identity(private_eap_simaka_reauth_provider_t *this) +{ + char buf[8], hex[sizeof(buf) * 2 + 1]; + + this->rng->get_bytes(this->rng, sizeof(buf), buf); + chunk_to_hex(chunk_create(buf, sizeof(buf)), hex, FALSE); + + return identification_create_from_string(hex); +} + +/** + * Implementation of sim_provider_t.is_reauth + */ +static identification_t *is_reauth(private_eap_simaka_reauth_provider_t *this, + identification_t *id, char mk[HASH_SIZE_SHA1], + u_int16_t *counter) +{ + identification_t *permanent; + reauth_data_t *data; + + /* look up permanent identity */ + permanent = this->permanent->get(this->permanent, id); + if (!permanent) + { + return NULL; + } + /* look up reauthentication data */ + data = this->reauth->get(this->reauth, permanent); + if (!data) + { + return NULL; + } + *counter = ++data->counter; + memcpy(mk, data->mk, HASH_SIZE_SHA1); + return permanent->clone(permanent); +} + +/** + * Implementation of sim_provider_t.gen_reauth + */ +static identification_t *gen_reauth(private_eap_simaka_reauth_provider_t *this, + identification_t *id, char mk[HASH_SIZE_SHA1]) +{ + reauth_data_t *data; + identification_t *permanent; + + data = this->reauth->get(this->reauth, id); + if (data) + { /* update existing entry */ + permanent = this->permanent->remove(this->permanent, data->id); + if (permanent) + { + data->id->destroy(data->id); + data->id = gen_identity(this); + this->permanent->put(this->permanent, data->id, permanent); + } + } + else + { /* generate new entry */ + data = malloc_thing(reauth_data_t); + data->counter = 0; + data->id = gen_identity(this); + id = id->clone(id); + this->reauth->put(this->reauth, id, data); + this->permanent->put(this->permanent, data->id, id); + } + memcpy(data->mk, mk, HASH_SIZE_SHA1); + + return data->id->clone(data->id); +} + +/** + * Implementation of eap_simaka_reauth_provider_t.destroy. + */ +static void destroy(private_eap_simaka_reauth_provider_t *this) +{ + enumerator_t *enumerator; + identification_t *id; + reauth_data_t *data; + void *key; + + enumerator = this->permanent->create_enumerator(this->permanent); + while (enumerator->enumerate(enumerator, &key, &id)) + { + id->destroy(id); + } + enumerator->destroy(enumerator); + + enumerator = this->reauth->create_enumerator(this->reauth); + while (enumerator->enumerate(enumerator, &key, &data)) + { + data->id->destroy(data->id); + free(data); + } + enumerator->destroy(enumerator); + + this->permanent->destroy(this->permanent); + this->reauth->destroy(this->reauth); + this->rng->destroy(this->rng); + free(this); +} + +/** + * See header + */ +eap_simaka_reauth_provider_t *eap_simaka_reauth_provider_create() +{ + private_eap_simaka_reauth_provider_t *this = malloc_thing(private_eap_simaka_reauth_provider_t); + + this->public.provider.get_triplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))return_false; + this->public.provider.get_quintuplet = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))return_false; + this->public.provider.resync = (bool(*)(sim_provider_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))return_false; + this->public.provider.is_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null; + this->public.provider.gen_pseudonym = (identification_t*(*)(sim_provider_t*, identification_t *id))return_null; + this->public.provider.is_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char [HASH_SIZE_SHA1], u_int16_t *counter))is_reauth; + this->public.provider.gen_reauth = (identification_t*(*)(sim_provider_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))gen_reauth; + this->public.destroy = (void(*)(eap_simaka_reauth_provider_t*))destroy; + + this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (!this->rng) + { + free(this); + return NULL; + } + this->permanent = hashtable_create((void*)hash, (void*)equals, 0); + this->reauth = hashtable_create((void*)hash, (void*)equals, 0); + + return &this->public; +} + diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h new file mode 100644 index 000000000..7ae151a27 --- /dev/null +++ b/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup eap_simaka_reauth_provider eap_simaka_reauth_provider + * @{ @ingroup eap_simaka_reauth + */ + +#ifndef EAP_SIMAKA_REAUTH_PROVIDER_H_ +#define EAP_SIMAKA_REAUTH_PROVIDER_H_ + +#include + +typedef struct eap_simaka_reauth_provider_t eap_simaka_reauth_provider_t; + +/** + * SIM provider implementing volatile in-memory reauthentication data storage. + */ +struct eap_simaka_reauth_provider_t { + + /** + * Implements sim_provider_t interface. + */ + sim_provider_t provider; + + /** + * Destroy a eap_simaka_reauth_provider_t. + */ + void (*destroy)(eap_simaka_reauth_provider_t *this); +}; + +/** + * Create a eap_simaka_reauth_provider instance. + */ +eap_simaka_reauth_provider_t *eap_simaka_reauth_provider_create(); + +#endif /** EAP_SIMAKA_REAUTH_PROVIDER_H_ @}*/ diff --git a/src/charon/plugins/kernel_klips/Makefile.am b/src/charon/plugins/kernel_klips/Makefile.am index 0c0987cca..a7ae06df1 100644 --- a/src/charon/plugins/kernel_klips/Makefile.am +++ b/src/charon/plugins/kernel_klips/Makefile.am @@ -1,5 +1,5 @@ -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic diff --git a/src/charon/plugins/kernel_klips/Makefile.in b/src/charon/plugins/kernel_klips/Makefile.in index 4b1c27352..bf194ae16 100644 --- a/src/charon/plugins/kernel_klips/Makefile.in +++ b/src/charon/plugins/kernel_klips/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/kernel_klips DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_kernel_klips_la_LIBADD = am_libstrongswan_kernel_klips_la_OBJECTS = kernel_klips_plugin.lo \ @@ -61,6 +85,7 @@ libstrongswan_kernel_klips_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -108,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -138,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -171,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -196,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -204,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -223,9 +251,10 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-kernel-klips.la libstrongswan_kernel_klips_la_SOURCES = kernel_klips_plugin.h kernel_klips_plugin.c \ @@ -245,9 +274,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_klips/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/kernel_klips/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_klips/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/kernel_klips/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -265,23 +294,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c index 9a903d027..fea1b83a1 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c @@ -21,7 +21,6 @@ #include #include #include -#include #include #include #include @@ -30,7 +29,8 @@ #include "kernel_klips_ipsec.h" #include -#include +#include +#include #include #include #include @@ -78,7 +78,7 @@ /** the prefix of the name of KLIPS ipsec devices */ #define IPSEC_DEV_PREFIX "ipsec" /** this is the default number of ipsec devices */ -#define DEFAULT_IPSEC_DEV_COUNT 4 +#define DEFAULT_IPSEC_DEV_COUNT 4 /** TRUE if the given name matches an ipsec device */ #define IS_IPSEC_DEV(name) (strneq((name), IPSEC_DEV_PREFIX, sizeof(IPSEC_DEV_PREFIX) - 1)) @@ -88,7 +88,7 @@ struct ipsectunnelconf __u32 cf_cmd; union { - char cfu_name[12]; + char cfu_name[12]; } cf_u; #define cf_name cf_u.cfu_name }; @@ -108,62 +108,62 @@ struct private_kernel_klips_ipsec_t * Public part of the kernel_klips_t object. */ kernel_klips_ipsec_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * List of installed policies (policy_entry_t) */ linked_list_t *policies; - + /** * List of allocated SPIs without installed SA (sa_entry_t) */ linked_list_t *allocated_spis; - + /** * List of installed SAs (sa_entry_t) */ linked_list_t *installed_sas; - + /** * whether to install routes along policies */ bool install_routes; - + /** * List of ipsec devices (ipsec_dev_t) */ linked_list_t *ipsec_devices; - + /** * job receiving PF_KEY events */ callback_job_t *job; - + /** * mutex to lock access to the PF_KEY socket */ mutex_t *mutex_pfkey; - + /** * PF_KEY socket to communicate with the kernel */ int socket; - + /** * PF_KEY socket to receive acquire and expire events */ int socket_events; - + /** * sequence number for messages sent to the kernel */ int seq; - + }; @@ -175,10 +175,10 @@ typedef struct ipsec_dev_t ipsec_dev_t; struct ipsec_dev_t { /** name of the virtual ipsec interface */ char name[IFNAMSIZ]; - + /** name of the physical interface */ char phys_name[IFNAMSIZ]; - + /** by how many CHILD_SA's this ipsec device is used */ u_int refcount; }; @@ -229,14 +229,14 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) struct ipsectunnelconf *itc = (struct ipsectunnelconf*)&req.ifr_data; short phys_flags; int mtu; - + DBG2(DBG_KNL, "attaching virtual interface %s to %s", name, phys_name); - + if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) <= 0) { return FAILED; } - + strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req) < 0) { @@ -251,18 +251,18 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) close(sock); return FAILED; } - + if (req.ifr_flags & IFF_UP) { /* if it's already up, it is already attached, detach it first */ ioctl(sock, IPSEC_DEL_DEV, &req); } - + /* attach it */ strncpy(req.ifr_name, name, IFNAMSIZ); strncpy(itc->cf_name, phys_name, sizeof(itc->cf_name)); ioctl(sock, IPSEC_SET_DEV, &req); - + /* copy address from physical to virtual */ strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFADDR, &req) == 0) @@ -270,7 +270,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) strncpy(req.ifr_name, name, IFNAMSIZ); ioctl(sock, SIOCSIFADDR, &req); } - + /* copy net mask from physical to virtual */ strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFNETMASK, &req) == 0) @@ -278,7 +278,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) strncpy(req.ifr_name, name, IFNAMSIZ); ioctl(sock, SIOCSIFNETMASK, &req); } - + /* copy other flags and addresses */ strncpy(req.ifr_name, name, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req) == 0) @@ -288,7 +288,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) req.ifr_flags |= IFF_POINTOPOINT; req.ifr_flags &= ~IFF_BROADCAST; ioctl(sock, SIOCSIFFLAGS, &req); - + strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFDSTADDR, &req) == 0) { @@ -301,7 +301,7 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) req.ifr_flags &= ~IFF_POINTOPOINT; req.ifr_flags |= IFF_BROADCAST; ioctl(sock, SIOCSIFFLAGS, &req); - + strncpy(req.ifr_name, phys_name, IFNAMSIZ); if (ioctl(sock, SIOCGIFBRDADDR, &req)==0) { @@ -318,13 +318,13 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) } mtu = lib->settings->get_int(lib->settings, - "charon.plugins.kernel_klips.ipsec_dev_mtu", 0); + "charon.plugins.kernel-klips.ipsec_dev_mtu", 0); if (mtu <= 0) { /* guess MTU as physical MTU - ESP overhead [- NAT-T overhead] * ESP overhead : 73 bytes * NAT-T overhead : 8 bytes ==> 81 bytes - * + * * assuming tunnel mode with AES encryption and integrity * outer IP header : 20 bytes * (NAT-T UDP header: 8 bytes) @@ -338,19 +338,19 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) ioctl(sock, SIOCGIFMTU, &req); mtu = req.ifr_mtu - 81; } - + /* set MTU */ strncpy(req.ifr_name, name, IFNAMSIZ); req.ifr_mtu = mtu; ioctl(sock, SIOCSIFMTU, &req); - + /* bring ipsec device UP */ if (ioctl(sock, SIOCGIFFLAGS, &req) == 0) { req.ifr_flags |= IFF_UP; ioctl(sock, SIOCSIFFLAGS, &req); } - + close(sock); return SUCCESS; } @@ -362,37 +362,37 @@ static status_t detach_ipsec_dev(char* name, char *phys_name) { int sock; struct ifreq req; - + DBG2(DBG_KNL, "detaching virtual interface %s from %s", name, strlen(phys_name) ? phys_name : "any physical interface"); - + if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) <= 0) { return FAILED; } - + strncpy(req.ifr_name, name, IFNAMSIZ); if (ioctl(sock, SIOCGIFFLAGS, &req) < 0) { close(sock); return FAILED; } - + /* shutting interface down */ if (req.ifr_flags & IFF_UP) { req.ifr_flags &= ~IFF_UP; ioctl(sock, SIOCSIFFLAGS, &req); } - + /* unset address */ memset(&req.ifr_addr, 0, sizeof(req.ifr_addr)); req.ifr_addr.sa_family = AF_INET; ioctl(sock, SIOCSIFADDR, &req); - + /* detach interface */ ioctl(sock, IPSEC_DEL_DEV, &req); - + close(sock); return SUCCESS; } @@ -415,10 +415,10 @@ typedef struct route_entry_t route_entry_t; struct route_entry_t { /** Name of the interface the route is bound to */ char *if_name; - + /** Source ip of the route */ host_t *src_ip; - + /** Gateway for this route */ host_t *gateway; @@ -447,13 +447,13 @@ typedef struct policy_entry_t policy_entry_t; * installed kernel policy. */ struct policy_entry_t { - + /** reqid of this policy, if setup as trap */ u_int32_t reqid; - + /** direction of this policy: in, out, forward */ u_int8_t direction; - + /** parameters of installed policy */ struct { /** subnet and port */ @@ -463,13 +463,13 @@ struct policy_entry_t { /** protocol */ u_int8_t proto; } src, dst; - + /** associated route installed for this policy */ route_entry_t *route; - + /** by how many CHILD_SA's this policy is actively used */ u_int activecount; - + /** by how many CHILD_SA's this policy is trapped */ u_int trapcount; }; @@ -499,22 +499,22 @@ static bool is_host_in_net(host_t *host, host_t *net, u_int8_t mask) static const u_char bitmask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; chunk_t host_chunk, net_chunk; int bytes = mask / 8, bits = mask % 8; - + host_chunk = host->get_address(host); net_chunk = net->get_address(net); - + if (host_chunk.len != net_chunk.len) { return FALSE; } - + if (memeq(host_chunk.ptr, net_chunk.ptr, bytes)) { return (bits == 0) || - (host_chunk.ptr[bytes] & bitmask[bits]) == + (host_chunk.ptr[bytes] & bitmask[bits]) == (net_chunk.ptr[bytes] & bitmask[bits]); } - + return FALSE; } @@ -530,15 +530,15 @@ static policy_entry_t *create_policy_entry(traffic_selector_t *src_ts, policy->route = NULL; policy->activecount = 0; policy->trapcount = 0; - + src_ts->to_subnet(src_ts, &policy->src.net, &policy->src.mask); dst_ts->to_subnet(dst_ts, &policy->dst.net, &policy->dst.mask); - + /* src or dest proto may be "any" (0), use more restrictive one */ policy->src.proto = max(src_ts->get_protocol(src_ts), dst_ts->get_protocol(dst_ts)); - policy->src.proto = policy->src.proto ? policy->src.proto : 0; + policy->src.proto = policy->src.proto ? policy->src.proto : 0; policy->dst.proto = policy->src.proto; - + return policy; } @@ -585,25 +585,25 @@ typedef struct sa_entry_t sa_entry_t; * - installed inbound SAs with enabled UDP encapsulation */ struct sa_entry_t { - + /** protocol of this SA */ protocol_id_t protocol; - + /** reqid of this SA */ u_int32_t reqid; - + /** SPI of this SA */ u_int32_t spi; - + /** src address of this SA */ host_t *src; - + /** dst address of this SA */ host_t *dst; - + /** TRUE if this SA uses UDP encapsulation */ bool encap; - + /** TRUE if this SA is inbound */ bool inbound; }; @@ -672,8 +672,8 @@ struct pfkey_msg_t * PF_KEY message base */ struct sadb_msg *msg; - - + + /** * PF_KEY message extensions */ @@ -761,7 +761,7 @@ struct kernel_algorithm_t { * Identifier specified in IKEv2 */ int ikev2; - + /** * Identifier as defined in pfkeyv2.h */ @@ -774,32 +774,32 @@ struct kernel_algorithm_t { * Algorithms for encryption */ static kernel_algorithm_t encryption_algs[] = { -/* {ENCR_DES_IV64, 0 }, */ - {ENCR_DES, SADB_EALG_DESCBC }, - {ENCR_3DES, SADB_EALG_3DESCBC }, -/* {ENCR_RC5, 0 }, */ -/* {ENCR_IDEA, 0 }, */ -/* {ENCR_CAST, 0 }, */ - {ENCR_BLOWFISH, SADB_EALG_BFCBC }, -/* {ENCR_3IDEA, 0 }, */ -/* {ENCR_DES_IV32, 0 }, */ - {ENCR_NULL, SADB_EALG_NULL }, - {ENCR_AES_CBC, SADB_EALG_AESCBC }, -/* {ENCR_AES_CTR, 0 }, */ +/* {ENCR_DES_IV64, 0 }, */ + {ENCR_DES, SADB_EALG_DESCBC }, + {ENCR_3DES, SADB_EALG_3DESCBC }, +/* {ENCR_RC5, 0 }, */ +/* {ENCR_IDEA, 0 }, */ +/* {ENCR_CAST, 0 }, */ + {ENCR_BLOWFISH, SADB_EALG_BFCBC }, +/* {ENCR_3IDEA, 0 }, */ +/* {ENCR_DES_IV32, 0 }, */ + {ENCR_NULL, SADB_EALG_NULL }, + {ENCR_AES_CBC, SADB_EALG_AESCBC }, +/* {ENCR_AES_CTR, 0 }, */ /* {ENCR_AES_CCM_ICV8, 0 }, */ /* {ENCR_AES_CCM_ICV12, 0 }, */ /* {ENCR_AES_CCM_ICV16, 0 }, */ /* {ENCR_AES_GCM_ICV8, 0 }, */ /* {ENCR_AES_GCM_ICV12, 0 }, */ /* {ENCR_AES_GCM_ICV16, 0 }, */ - {END_OF_LIST, 0 }, + {END_OF_LIST, 0 }, }; /** * Algorithms for integrity protection */ static kernel_algorithm_t integrity_algs[] = { - {AUTH_HMAC_MD5_96, SADB_AALG_MD5HMAC }, + {AUTH_HMAC_MD5_96, SADB_AALG_MD5HMAC }, {AUTH_HMAC_SHA1_96, SADB_AALG_SHA1HMAC }, {AUTH_HMAC_SHA2_256_128, SADB_AALG_SHA256_HMAC }, {AUTH_HMAC_SHA2_384_192, SADB_AALG_SHA384_HMAC }, @@ -807,7 +807,7 @@ static kernel_algorithm_t integrity_algs[] = { /* {AUTH_DES_MAC, 0, }, */ /* {AUTH_KPDK_MD5, 0, }, */ /* {AUTH_AES_XCBC_96, 0, }, */ - {END_OF_LIST, 0, }, + {END_OF_LIST, 0, }, }; #if 0 @@ -815,11 +815,11 @@ static kernel_algorithm_t integrity_algs[] = { * Algorithms for IPComp, unused yet */ static kernel_algorithm_t compression_algs[] = { -/* {IPCOMP_OUI, 0 }, */ +/* {IPCOMP_OUI, 0 }, */ {IPCOMP_DEFLATE, SADB_X_CALG_DEFLATE }, {IPCOMP_LZS, SADB_X_CALG_LZS }, /* {IPCOMP_LZJH, 0 }, */ - {END_OF_LIST, 0 }, + {END_OF_LIST, 0 }, }; #endif @@ -846,8 +846,8 @@ static void host2ext(host_t *host, struct sadb_address *ext) { sockaddr_t *host_addr = host->get_sockaddr(host); socklen_t *len = host->get_sockaddr_len(host); - memcpy((char*)(ext + 1), host_addr, *len); - ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + *len); + memcpy((char*)(ext + 1), host_addr, *len); + ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + *len); } /** @@ -872,7 +872,7 @@ static void add_anyaddr_ext(struct sadb_msg *msg, int family, u_int8_t type) addr->sadb_address_exttype = type; sockaddr_t *saddr = (sockaddr_t*)(addr + 1); saddr->sa_family = family; - addr->sadb_address_len = PFKEY_LEN(sizeof(*addr) + len); + addr->sadb_address_len = PFKEY_LEN(sizeof(*addr) + len); PFKEY_EXT_ADD(msg, addr); } @@ -884,7 +884,7 @@ static void add_encap_ext(struct sadb_msg *msg, host_t *src, host_t *dst, { struct sadb_x_nat_t_type* nat_type; struct sadb_x_nat_t_port* nat_port; - + if (!ports_only) { nat_type = (struct sadb_x_nat_t_type*)PFKEY_EXT_ADD_NEXT(msg); @@ -893,13 +893,13 @@ static void add_encap_ext(struct sadb_msg *msg, host_t *src, host_t *dst, nat_type->sadb_x_nat_t_type_type = UDP_ENCAP_ESPINUDP; PFKEY_EXT_ADD(msg, nat_type); } - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); nat_port->sadb_x_nat_t_port_port = src->get_port(src); PFKEY_EXT_ADD(msg, nat_port); - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); @@ -917,19 +917,19 @@ static void build_addflow(struct sadb_msg *msg, u_int8_t satype, u_int32_t spi, struct sadb_sa *sa; struct sadb_protocol *proto; host_t *host; - + msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_ADDFLOW; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_spi = spi; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_flags = replace ? SADB_X_SAFLAGS_REPLACEFLOW : 0; PFKEY_EXT_ADD(msg, sa); - + if (!src) { add_anyaddr_ext(msg, src_net->get_family(src_net), SADB_EXT_ADDRESS_SRC); @@ -938,7 +938,7 @@ static void build_addflow(struct sadb_msg *msg, u_int8_t satype, u_int32_t spi, { add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); } - + if (!dst) { add_anyaddr_ext(msg, dst_net->get_family(dst_net), SADB_EXT_ADDRESS_DST); @@ -947,18 +947,18 @@ static void build_addflow(struct sadb_msg *msg, u_int8_t satype, u_int32_t spi, { add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); } - + add_addr_ext(msg, src_net, SADB_X_EXT_ADDRESS_SRC_FLOW); add_addr_ext(msg, dst_net, SADB_X_EXT_ADDRESS_DST_FLOW); - + host = mask2host(src_net->get_family(src_net), src_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_SRC_MASK); host->destroy(host); - + host = mask2host(dst_net->get_family(dst_net), dst_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_DST_MASK); host->destroy(host); - + proto = (struct sadb_protocol*)PFKEY_EXT_ADD_NEXT(msg); proto->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; proto->sadb_protocol_len = PFKEY_LEN(sizeof(struct sadb_protocol)); @@ -975,25 +975,25 @@ static void build_delflow(struct sadb_msg *msg, u_int8_t satype, { struct sadb_protocol *proto; host_t *host; - + msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_DELFLOW; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + add_addr_ext(msg, src_net, SADB_X_EXT_ADDRESS_SRC_FLOW); add_addr_ext(msg, dst_net, SADB_X_EXT_ADDRESS_DST_FLOW); - + host = mask2host(src_net->get_family(src_net), src_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_SRC_MASK); host->destroy(host); - + host = mask2host(dst_net->get_family(dst_net), dst_mask); add_addr_ext(msg, host, SADB_X_EXT_ADDRESS_DST_MASK); host->destroy(host); - + proto = (struct sadb_protocol*)PFKEY_EXT_ADD_NEXT(msg); proto->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; proto->sadb_protocol_len = PFKEY_LEN(sizeof(struct sadb_protocol)); @@ -1008,15 +1008,15 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) { struct sadb_ext* ext; size_t len; - + memset(out, 0, sizeof(pfkey_msg_t)); out->msg = msg; - + len = msg->sadb_msg_len; len -= PFKEY_LEN(sizeof(struct sadb_msg)); - + ext = (struct sadb_ext*)(((char*)msg) + sizeof(struct sadb_msg)); - + while (len >= PFKEY_LEN(sizeof(struct sadb_ext))) { if (ext->sadb_ext_len < PFKEY_LEN(sizeof(struct sadb_ext)) || @@ -1025,19 +1025,19 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) DBG1(DBG_KNL, "length of PF_KEY extension (%d) is invalid", ext->sadb_ext_type); break; } - + if ((ext->sadb_ext_type > SADB_EXT_MAX) || (!ext->sadb_ext_type)) { DBG1(DBG_KNL, "type of PF_KEY extension (%d) is invalid", ext->sadb_ext_type); break; } - + if (out->ext[ext->sadb_ext_type]) { - DBG1(DBG_KNL, "duplicate PF_KEY extension of type (%d)", ext->sadb_ext_type); + DBG1(DBG_KNL, "duplicate PF_KEY extension of type (%d)", ext->sadb_ext_type); break; } - + out->ext[ext->sadb_ext_type] = ext; ext = PFKEY_EXT_NEXT_LEN(ext, len); } @@ -1047,7 +1047,7 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) DBG1(DBG_KNL, "PF_KEY message length is invalid"); return FAILED; } - + return SUCCESS; } @@ -1060,7 +1060,7 @@ static status_t pfkey_send_socket(private_kernel_klips_ipsec_t *this, int socket unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg; int in_len, len; - + this->mutex_pfkey->lock(this->mutex_pfkey); in->sadb_msg_seq = ++this->seq; @@ -1093,13 +1093,13 @@ static status_t pfkey_send_socket(private_kernel_klips_ipsec_t *this, int socket } break; } - + while (TRUE) - { + { msg = (struct sadb_msg*)buf; - + len = recv(socket, buf, sizeof(buf), 0); - + if (len < 0) { if (errno == EINTR) @@ -1149,13 +1149,13 @@ static status_t pfkey_send_socket(private_kernel_klips_ipsec_t *this, int socket } break; } - + *out_len = len; *out = (struct sadb_msg*)malloc(len); memcpy(*out, buf, len); - + this->mutex_pfkey->unlock(this->mutex_pfkey); - + return SUCCESS; } @@ -1175,7 +1175,7 @@ static status_t pfkey_send_ack(private_kernel_klips_ipsec_t *this, struct sadb_m { struct sadb_msg *out; size_t len; - + if (pfkey_send(this, in, &out, &len) != SUCCESS) { return FAILED; @@ -1200,12 +1200,12 @@ static status_t add_eroute(private_kernel_klips_ipsec_t *this, u_int8_t satype, { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)request; - + memset(&request, 0, sizeof(request)); - + build_addflow(msg, satype, spi, src, dst, src_net, src_mask, dst_net, dst_mask, protocol, replace); - + return pfkey_send_ack(this, msg); } @@ -1218,11 +1218,11 @@ static status_t del_eroute(private_kernel_klips_ipsec_t *this, u_int8_t satype, { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)request; - + memset(&request, 0, sizeof(request)); - + build_delflow(msg, satype, src_net, src_mask, dst_net, dst_mask, protocol); - + return pfkey_send_ack(this, msg); } @@ -1237,7 +1237,7 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* u_int8_t proto; policy_entry_t *policy; job_t *job; - + switch (msg->sadb_msg_satype) { case SADB_SATYPE_UNSPEC: @@ -1248,13 +1248,13 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* /* acquire for AH/ESP only */ return; } - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_ACQUIRE from kernel failed"); return; } - + /* KLIPS provides us only with the source and destination address, * and the transport protocol of the packet that triggered the policy. * we use this information to find a matching policy in our cache. @@ -1269,7 +1269,7 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* DBG1(DBG_KNL, "received an SADB_ACQUIRE with invalid hosts"); return; } - + DBG2(DBG_KNL, "received an SADB_ACQUIRE for %H == %H : %d", src, dst, proto); this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1286,17 +1286,17 @@ static void process_acquire(private_kernel_klips_ipsec_t *this, struct sadb_msg* DBG1(DBG_KNL, "received an SADB_ACQUIRE, but policy is not routed anymore"); return; } - + /* add a broad %hold eroute that replaces the %trap eroute */ add_eroute(this, SADB_X_SATYPE_INT, htonl(SPI_HOLD), NULL, NULL, policy->src.net, policy->src.mask, policy->dst.net, policy->dst.mask, policy->src.proto, TRUE); - + /* remove the narrow %hold eroute installed by KLIPS */ del_eroute(this, SADB_X_SATYPE_INT, src, 32, dst, 32, proto); - + this->mutex->unlock(this->mutex); - + DBG2(DBG_KNL, "received an SADB_ACQUIRE"); DBG1(DBG_KNL, "creating acquire job for CHILD_SA with reqid {%d}", reqid); job = (job_t*)acquire_job_create(reqid, NULL, NULL); @@ -1312,23 +1312,23 @@ static void process_mapping(private_kernel_klips_ipsec_t *this, struct sadb_msg* u_int32_t spi, reqid; host_t *old_src, *new_src; job_t *job; - + DBG2(DBG_KNL, "received an SADB_X_NAT_T_NEW_MAPPING"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_X_NAT_T_NEW_MAPPING from kernel failed"); return; } - + spi = response.sa->sadb_sa_spi; - + if (proto_satype2ike(msg->sadb_msg_satype) == PROTO_ESP) { sa_entry_t *sa; sockaddr_t *addr = (sockaddr_t*)(response.src + 1); old_src = host_create_from_sockaddr(addr); - + this->mutex->lock(this->mutex); if (!old_src || this->installed_sas->find_first(this->installed_sas, (linked_list_match_t)sa_entry_match_encapbysrc, @@ -1340,7 +1340,7 @@ static void process_mapping(private_kernel_klips_ipsec_t *this, struct sadb_msg* } reqid = sa->reqid; this->mutex->unlock(this->mutex); - + addr = (sockaddr_t*)(response.dst + 1); switch (addr->sa_family) { @@ -1352,7 +1352,7 @@ static void process_mapping(private_kernel_klips_ipsec_t *this, struct sadb_msg* case AF_INET6: { struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)addr; - sin6->sin6_port = htons(response.x_natt_dport->sadb_x_nat_t_port_port); + sin6->sin6_port = htons(response.x_natt_dport->sadb_x_nat_t_port_port); } default: break; @@ -1375,12 +1375,13 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) { unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)buf; - int len, oldstate; - - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + int len; + bool oldstate; + + oldstate = thread_cancelability(TRUE); len = recv(this->socket_events, buf, sizeof(buf), 0); - pthread_setcancelstate(oldstate, NULL); - + thread_cancelability(oldstate); + if (len < 0) { switch (errno) @@ -1397,7 +1398,7 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) return JOB_REQUEUE_FAIR; } } - + if (len < sizeof(struct sadb_msg) || msg->sadb_msg_len < PFKEY_LEN(sizeof(struct sadb_msg))) { @@ -1413,7 +1414,7 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) DBG1(DBG_KNL, "buffer was too small to receive the complete PF_KEY message"); return JOB_REQUEUE_DIRECT; } - + switch (msg->sadb_msg_type) { case SADB_ACQUIRE: @@ -1433,7 +1434,7 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this) default: break; } - + return JOB_REQUEUE_DIRECT; } @@ -1473,11 +1474,11 @@ static job_requeue_t sa_expires(sa_expire_t *expire) sa_entry_t *cached_sa; linked_list_t *list; job_t *job; - + /* for an expired SPI we first check whether the CHILD_SA got installed * in the meantime, for expired SAs we check whether they are still installed */ list = expire->type == EXPIRE_TYPE_SPI ? this->allocated_spis : this->installed_sas; - + this->mutex->lock(this->mutex); if (list->find_first(list, (linked_list_match_t)sa_entry_match_byid, (void**)&cached_sa, &protocol, &spi, &reqid) != SUCCESS) @@ -1494,10 +1495,10 @@ static job_requeue_t sa_expires(sa_expire_t *expire) sa_entry_destroy(cached_sa); } this->mutex->unlock(this->mutex); - + DBG2(DBG_KNL, "%N CHILD_SA with SPI %.8x and reqid {%d} expired", protocol_id_names, protocol, ntohl(spi), reqid); - + DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}", hard ? "delete" : "rekey", protocol_id_names, protocol, ntohl(spi), reqid); @@ -1514,7 +1515,7 @@ static job_requeue_t sa_expires(sa_expire_t *expire) } /** - * Schedule an expire job for an SA. Time is in seconds. + * Schedule an expire job for an SA. Time is in seconds. */ static void schedule_expire(private_kernel_klips_ipsec_t *this, protocol_id_t protocol, u_int32_t spi, @@ -1534,8 +1535,8 @@ static void schedule_expire(private_kernel_klips_ipsec_t *this, /** * Implementation of kernel_interface_t.get_spi. */ -static status_t get_spi(private_kernel_klips_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_spi(private_kernel_klips_ipsec_t *this, + host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { @@ -1545,7 +1546,7 @@ static status_t get_spi(private_kernel_klips_ipsec_t *this, */ rng_t *rng; u_int32_t spi_gen; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -1554,29 +1555,29 @@ static status_t get_spi(private_kernel_klips_ipsec_t *this, } rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen); rng->destroy(rng); - + /* charon's SPIs lie within the range from 0xc0000000 to 0xcFFFFFFF */ spi_gen = 0xc0000000 | (spi_gen & 0x0FFFFFFF); - + DBG2(DBG_KNL, "allocated SPI %.8x for %N SA between %#H..%#H", spi_gen, protocol_id_names, protocol, src, dst); - + *spi = htonl(spi_gen); - + this->mutex->lock(this->mutex); this->allocated_spis->insert_last(this->allocated_spis, create_sa_entry(protocol, *spi, reqid, NULL, NULL, FALSE, TRUE)); this->mutex->unlock(this->mutex); schedule_expire(this, protocol, *spi, reqid, EXPIRE_TYPE_SPI, SPI_TIMEOUT); - + return SUCCESS; } /** * Implementation of kernel_interface_t.get_cpi. */ -static status_t get_cpi(private_kernel_klips_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_cpi(private_kernel_klips_ipsec_t *this, + host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { return FAILED; @@ -1592,27 +1593,27 @@ static status_t add_ipip_sa(private_kernel_klips_ipsec_t *this, struct sadb_msg *msg, *out; struct sadb_sa *sa; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding pseudo IPIP SA with SPI %.8x and reqid {%d}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_ADD; msg->sadb_msg_satype = SADB_X_SATYPE_IPIP; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add pseudo IPIP SA with SPI %.8x", ntohl(spi)); @@ -1625,7 +1626,7 @@ static status_t add_ipip_sa(private_kernel_klips_ipsec_t *this, free(out); return FAILED; } - + free(out); return SUCCESS; } @@ -1642,41 +1643,41 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, struct sadb_sa *sa; struct sadb_x_satype *satype; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "grouping SAs with SPI %.8x and reqid {%d}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_GRPSA; msg->sadb_msg_satype = SADB_X_SATYPE_IPIP; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + satype = (struct sadb_x_satype*)PFKEY_EXT_ADD_NEXT(msg); satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2; satype->sadb_x_satype_len = PFKEY_LEN(sizeof(struct sadb_x_satype)); satype->sadb_x_satype_satype = proto_ike2satype(protocol); PFKEY_EXT_ADD(msg, satype); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_X_EXT_SA2; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, dst, SADB_X_EXT_ADDRESS_DST2); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to group SAs with SPI %.8x", ntohl(spi)); @@ -1689,7 +1690,7 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, free(out); return FAILED; } - + free(out); return SUCCESS; } @@ -1700,18 +1701,19 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, static status_t add_sa(private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - u_int64_t expire_soft, u_int64_t expire_hard, + lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound) + bool encap, bool inbound, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct sadb_sa *sa; struct sadb_key *key; size_t len; - + if (inbound) { /* for inbound SAs we allocated an SPI via get_spi, so we first check @@ -1733,17 +1735,17 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, } this->mutex->unlock(this->mutex); } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%d}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_ADD; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); @@ -1753,10 +1755,10 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg); sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg); PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + if (enc_alg != ENCR_UNDEFINED) { if (!sa->sadb_sa_encrypt) @@ -1767,16 +1769,16 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; key->sadb_key_bits = enc_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + enc_key.len); memcpy(key + 1, enc_key.ptr, enc_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (int_alg != AUTH_UNDEFINED) { if (!sa->sadb_sa_auth) @@ -1787,26 +1789,26 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_AUTH; key->sadb_key_bits = int_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + int_key.len); memcpy(key + 1, int_key.ptr, int_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (ipcomp != IPCOMP_NONE) { /*TODO*/ } - + if (encap) { add_encap_ext(msg, src, dst, FALSE); } - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); @@ -1820,7 +1822,7 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + /* for tunnel mode SAs we have to install an additional IPIP SA and * group the two SAs together */ if (mode == MODE_TUNNEL) @@ -1832,7 +1834,7 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, return FAILED; } } - + this->mutex->lock(this->mutex); /* we cache this SA for two reasons: * - in case an SADB_X_NAT_T_MAPPING_NEW event occurs (we need to find the reqid then) @@ -1840,20 +1842,20 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, this->installed_sas->insert_last(this->installed_sas, create_sa_entry(protocol, spi, reqid, src, dst, encap, inbound)); this->mutex->unlock(this->mutex); - + /* Although KLIPS supports SADB_EXT_LIFETIME_SOFT/HARD, we handle the lifetime * of SAs manually in the plugin. Refer to the comments in receive_events() * for details. */ - if (expire_soft) + if (lifetime->time.rekey) { - schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_SOFT, expire_soft); + schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_SOFT, lifetime->time.rekey); } - - if (expire_hard) + + if (lifetime->time.life) { - schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_HARD, expire_hard); + schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_HARD, lifetime->time.life); } - + return SUCCESS; } @@ -1870,7 +1872,7 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, struct sadb_msg *msg, *out; struct sadb_sa *sa; size_t len; - + /* we can't update the SA if any of the ip addresses have changed. * that's because we can't use SADB_UPDATE and by deleting and readding the * SA the sequence numbers would get lost */ @@ -1881,7 +1883,7 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, " are not supported", ntohl(spi)); return NOT_SUPPORTED; } - + /* because KLIPS does not allow us to change the NAT-T type in an SADB_UPDATE, * we can't update the SA if the encap flag has changed since installing it */ if (encap != new_encap) @@ -1890,18 +1892,18 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, " encapsulation is not supported", ntohl(spi)); return NOT_SUPPORTED; } - + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_UPDATE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); @@ -1910,12 +1912,12 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, sa->sadb_sa_auth = SADB_AALG_SHA1HMAC; /* ignored */ sa->sadb_sa_state = SADB_SASTATE_MATURE; PFKEY_EXT_ADD(msg, sa); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + add_encap_ext(msg, new_src, new_dst, TRUE); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); @@ -1929,7 +1931,7 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + return SUCCESS; } @@ -1955,13 +1957,13 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, struct sadb_sa *sa; sa_entry_t *cached_sa; size_t len; - + memset(&request, 0, sizeof(request)); - + /* all grouped SAs are automatically deleted by KLIPS as soon as * one of them is deleted, therefore we delete only the main one */ DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); - + this->mutex->lock(this->mutex); /* this should not fail, but we don't care if it does, let the kernel decide * whether this SA exists or not */ @@ -1973,24 +1975,24 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, sa_entry_destroy(cached_sa); } this->mutex->unlock(this->mutex); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_DELETE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the kernel wants an SADB_EXT_ADDRESS_SRC to be present even though * it is not used for anything. */ add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); @@ -2003,7 +2005,7 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, free(out); return FAILED; } - + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi)); free(out); return SUCCESS; @@ -2012,7 +2014,7 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, /** * Implementation of kernel_interface_t.add_policy. */ -static status_t add_policy(private_kernel_klips_ipsec_t *this, +static status_t add_policy(private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, @@ -2025,21 +2027,21 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, struct sadb_msg *msg, *out; policy_entry_t *policy, *found = NULL; u_int8_t satype; - size_t len; - + size_t len; + if (direction == POLICY_FWD) { /* no forward policies for KLIPS */ return SUCCESS; } - + /* tunnel mode policies direct the packets into the pseudo IPIP SA */ satype = (mode == MODE_TUNNEL) ? SADB_X_SATYPE_IPIP : proto_ike2satype(protocol); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -2057,21 +2059,21 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, /* apply the new one, if we have no such policy */ this->policies->insert_last(this->policies, policy); } - + if (routed) { /* we install this as a %trap eroute in the kernel, later to be * triggered by packets matching the policy (-> ACQUIRE). */ spi = htonl(SPI_TRAP); satype = SADB_X_SATYPE_INT; - + /* the reqid is always set to the latest child SA that trapped this * policy. we will need this reqid upon receiving an acquire. */ policy->reqid = reqid; - + /* increase the trap counter */ policy->trapcount++; - + if (policy->activecount) { /* we do not replace the current policy in the kernel while a @@ -2085,21 +2087,21 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, /* increase the reference counter */ policy->activecount++; } - + DBG2(DBG_KNL, "adding policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; - + /* FIXME: SADB_X_SAFLAGS_INFLOW may be required, if we add an inbound policy for an IPIP SA */ build_addflow(msg, satype, spi, routed ? NULL : src, routed ? NULL : dst, policy->src.net, policy->src.mask, policy->dst.net, policy->dst.mask, policy->src.proto, found != NULL); - + this->mutex->unlock(this->mutex); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add policy %R === %R %N", src_ts, dst_ts, @@ -2115,9 +2117,9 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + this->mutex->lock(this->mutex); - + /* we try to find the policy again and install the route if needed */ if (this->policies->find_last(this->policies, NULL, (void**)&policy) != SUCCESS) { @@ -2126,7 +2128,7 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, src_ts, dst_ts, policy_dir_names, direction); return SUCCESS; } - + /* KLIPS requires a special route that directs traffic that matches this * policy to one of the virtual ipsec interfaces. The virtual interface * has to be attached to the physical one the traffic runs over. @@ -2144,19 +2146,19 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, ipsec_dev_t *dev; route_entry_t *route = malloc_thing(route_entry_t); route->src_ip = NULL; - + if (mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 && this->install_routes) { charon->kernel_interface->get_address_by_ts(charon->kernel_interface, src_ts, &route->src_ip); } - + if (!route->src_ip) { route->src_ip = host_create_any(src->get_family(src)); } - + /* find the virtual interface */ iface = charon->kernel_interface->get_interface(charon->kernel_interface, src); @@ -2203,13 +2205,13 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, } free(iface); route->if_name = strdup(dev->name); - + /* get the nexthop to dst */ route->gateway = charon->kernel_interface->get_nexthop( charon->kernel_interface, dst); route->dst_net = chunk_clone(policy->dst.net->get_address(policy->dst.net)); route->prefixlen = policy->dst.mask; - + switch (charon->kernel_interface->add_route(charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, route->src_ip, route->if_name)) @@ -2227,10 +2229,10 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, policy->route = route; break; } - } - - this->mutex->unlock(this->mutex); - + } + + this->mutex->unlock(this->mutex); + return SUCCESS; } @@ -2238,7 +2240,7 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, * Implementation of kernel_interface_t.query_policy. */ static status_t query_policy(private_kernel_klips_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { @@ -2250,19 +2252,19 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, char *said = NULL, *pos; policy_entry_t *policy, *found = NULL; status_t status = FAILED; - + if (direction == POLICY_FWD) { /* we do not install forward policies */ return FAILED; } - + DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -2276,7 +2278,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, } policy_entry_destroy(policy); policy = found; - + /* src and dst selectors in KLIPS are of the form NET_ADDR/NETBITS:PROTO */ snprintf(src, sizeof(src), "%H/%d:%d", policy->src.net, policy->src.mask, policy->src.proto); @@ -2284,9 +2286,9 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, snprintf(dst, sizeof(dst), "%H/%d:%d", policy->dst.net, policy->dst.mask, policy->dst.proto); dst[sizeof(dst) - 1] = '\0'; - + this->mutex->unlock(this->mutex); - + /* we try to find the matching eroute first */ file = fopen(path_eroute, "r"); if (file == NULL) @@ -2295,7 +2297,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, dst_ts, policy_dir_names, direction, strerror(errno), errno); return FAILED; } - + /* read line by line where each line looks like: * packets src -> dst => said */ while (fgets(line, sizeof(line), file)) @@ -2303,7 +2305,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, enumerator_t *enumerator; char *token; int i = 0; - + enumerator = enumerator_create_token(line, " \t", " \t\n"); while (enumerator->enumerate(enumerator, &token)) { @@ -2334,7 +2336,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, break; } enumerator->destroy(enumerator); - + if (i == 5) { /* eroute matched */ @@ -2342,19 +2344,19 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, } } fclose(file); - + if (said == NULL) { DBG1(DBG_KNL, "unable to query policy %R === %R %N: found no matching" " eroute", src_ts, dst_ts, policy_dir_names, direction); return FAILED; } - + /* compared with the one in the spi entry the SA ID from the eroute entry * has an additional ":PROTO" appended, which we need to cut off */ pos = strrchr(said, ':'); *pos = '\0'; - + /* now we try to find the matching spi entry */ file = fopen(path_spi, "r"); if (file == NULL) @@ -2363,7 +2365,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, dst_ts, policy_dir_names, direction, strerror(errno), errno); return FAILED; } - + while (fgets(line, sizeof(line), file)) { if (strneq(line, said, strlen(said))) @@ -2381,15 +2383,15 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, /* idle time not valid */ break; } - - *use_time = time(NULL) - idle_time; + + *use_time = time_monotonic(NULL) - idle_time; status = SUCCESS; break; } } fclose(file); free(said); - + return status; } @@ -2397,7 +2399,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, * Implementation of kernel_interface_t.del_policy. */ static status_t del_policy(private_kernel_klips_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { @@ -2406,19 +2408,19 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, policy_entry_t *policy, *found = NULL; route_entry_t *route; size_t len; - + if (direction == POLICY_FWD) { /* no forward policies for KLIPS */ return SUCCESS; } - + DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -2431,10 +2433,10 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, return NOT_FOUND; } policy_entry_destroy(policy); - + /* decrease appropriate counter */ unrouted ? found->trapcount-- : found->activecount--; - + if (found->trapcount == 0) { /* if this policy is finally unrouted, we reset the reqid because it @@ -2442,7 +2444,7 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, * this policy. */ found->reqid = 0; } - + if (found->activecount > 0) { /* is still used by SAs, keep in kernel */ @@ -2462,22 +2464,22 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, this->mutex->unlock(this->mutex); return pfkey_send_ack(this, msg); } - + /* remove if last reference */ this->policies->remove(this->policies, found, NULL); policy = found; - + this->mutex->unlock(this->mutex); - + memset(&request, 0, sizeof(request)); - + build_delflow(msg, 0, policy->src.net, policy->src.mask, policy->dst.net, policy->dst.mask, policy->src.proto); - + route = policy->route; policy->route = NULL; policy_entry_destroy(policy); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, @@ -2493,11 +2495,11 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, return FAILED; } free(out); - + if (route) { ipsec_dev_t *dev; - + if (charon->kernel_interface->del_route(charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, route->src_ip, route->if_name) != SUCCESS) @@ -2506,11 +2508,11 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, " policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); } - + /* we have to detach the ipsec interface from the physical one over which * this SA ran (if it is not used by any other) */ this->mutex->lock(this->mutex); - + if (find_ipsec_dev(this, route->if_name, &dev) == SUCCESS) { /* fine, we found a matching device object, let's check if we have @@ -2525,12 +2527,12 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, dev->phys_name[0] = '\0'; } } - + this->mutex->unlock(this->mutex); - + route_entry_destroy(route); } - + return SUCCESS; } @@ -2540,9 +2542,9 @@ static status_t del_policy(private_kernel_klips_ipsec_t *this, static void init_ipsec_devices(private_kernel_klips_ipsec_t *this) { int i, count = lib->settings->get_int(lib->settings, - "charon.plugins.kernel_klips.ipsec_dev_count", + "charon.plugins.kernel-klips.ipsec_dev_count", DEFAULT_IPSEC_DEV_COUNT); - + for (i = 0; i < count; ++i) { ipsec_dev_t *dev = malloc_thing(ipsec_dev_t); @@ -2551,7 +2553,7 @@ static void init_ipsec_devices(private_kernel_klips_ipsec_t *this) dev->phys_name[0] = '\0'; dev->refcount = 0; this->ipsec_devices->insert_last(this->ipsec_devices, dev); - + /* detach any previously attached ipsec device */ detach_ipsec_dev(dev->name, dev->phys_name); } @@ -2565,15 +2567,15 @@ static status_t register_pfkey_socket(private_kernel_klips_ipsec_t *this, u_int8 unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; size_t len; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_REGISTER; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + if (pfkey_send_socket(this, this->socket_events, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to register PF_KEY socket"); @@ -2613,18 +2615,18 @@ static void destroy(private_kernel_klips_ipsec_t *this) kernel_klips_ipsec_t *kernel_klips_ipsec_create() { private_kernel_klips_ipsec_t *this = malloc_thing(private_kernel_klips_ipsec_t); - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; - this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa; + this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa; this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa; this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa; this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa; this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - + this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; /* private members */ @@ -2636,34 +2638,34 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create() this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT); this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE); this->seq = 0; - + /* initialize ipsec devices */ init_ipsec_devices(this); - + /* create a PF_KEY socket to communicate with the kernel */ this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket <= 0) { charon->kill(charon, "unable to create PF_KEY socket"); } - + /* create a PF_KEY socket for ACQUIRE & EXPIRE */ this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket_events <= 0) { charon->kill(charon, "unable to create PF_KEY event socket"); } - + /* register the event socket */ if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS || register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS) { charon->kill(charon, "unable to register PF_KEY event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c b/src/charon/plugins/kernel_klips/kernel_klips_plugin.c index d153ea8af..b0117c10c 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c +++ b/src/charon/plugins/kernel_klips/kernel_klips_plugin.c @@ -47,10 +47,10 @@ static void destroy(private_kernel_klips_plugin_t *this) plugin_t *plugin_create() { private_kernel_klips_plugin_t *this = malloc_thing(private_kernel_klips_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)kernel_klips_ipsec_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/kernel_klips/pfkeyv2.h b/src/charon/plugins/kernel_klips/pfkeyv2.h index 78d3dfa91..20d1c298d 100644 --- a/src/charon/plugins/kernel_klips/pfkeyv2.h +++ b/src/charon/plugins/kernel_klips/pfkeyv2.h @@ -169,7 +169,7 @@ struct sadb_x_satype { uint8_t sadb_x_satype_satype; uint8_t sadb_x_satype_reserved[3]; }; - + struct sadb_x_debug { uint16_t sadb_x_debug_len; uint16_t sadb_x_debug_exttype; @@ -200,7 +200,7 @@ struct sadb_x_nat_t_port { uint16_t sadb_x_nat_t_port_port; uint16_t sadb_x_nat_t_port_reserved; }; - + /* * A protocol structure for passing through the transport level * protocol. It contains more fields than are actually used/needed diff --git a/src/charon/plugins/kernel_netlink/Makefile.am b/src/charon/plugins/kernel_netlink/Makefile.am index 6351280d6..31d9c6d5c 100644 --- a/src/charon/plugins/kernel_netlink/Makefile.am +++ b/src/charon/plugins/kernel_netlink/Makefile.am @@ -1,7 +1,9 @@ -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic \ +-DROUTING_TABLE=${routing_table} \ +-DROUTING_TABLE_PRIO=${routing_table_prio} plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la diff --git a/src/charon/plugins/kernel_netlink/Makefile.in b/src/charon/plugins/kernel_netlink/Makefile.in index 46d2a1c65..09be50587 100644 --- a/src/charon/plugins/kernel_netlink/Makefile.in +++ b/src/charon/plugins/kernel_netlink/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/kernel_netlink DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_kernel_netlink_la_LIBADD = am_libstrongswan_kernel_netlink_la_OBJECTS = kernel_netlink_plugin.lo \ @@ -62,6 +86,7 @@ libstrongswan_kernel_netlink_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -109,25 +134,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -139,11 +161,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -172,9 +197,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -197,7 +222,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -205,6 +230,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -213,10 +239,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -224,10 +252,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -AM_CFLAGS = -rdynamic +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +AM_CFLAGS = -rdynamic \ +-DROUTING_TABLE=${routing_table} \ +-DROUTING_TABLE_PRIO=${routing_table_prio} + plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la libstrongswan_kernel_netlink_la_SOURCES = kernel_netlink_plugin.h kernel_netlink_plugin.c \ kernel_netlink_ipsec.h kernel_netlink_ipsec.c kernel_netlink_net.h kernel_netlink_net.c \ @@ -247,9 +279,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_netlink/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/kernel_netlink/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_netlink/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/kernel_netlink/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -267,23 +299,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -310,21 +347,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -347,7 +384,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -355,29 +392,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -398,13 +440,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -435,6 +481,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -456,6 +503,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -464,18 +513,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -514,6 +573,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 2051316f6..850876b9d 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2006-2008 Tobias Brunner - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2006-2009 Tobias Brunner + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2008 Andreas Steffen * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser * Copyright (C) 2006 Daniel Roethlisberger @@ -20,23 +20,24 @@ #include #include -#include #include #include #include #include #include #include -#include #include +#include #include #include +#include #include "kernel_netlink_ipsec.h" #include "kernel_netlink_shared.h" #include -#include +#include +#include #include #include #include @@ -51,27 +52,32 @@ #endif /** from linux/in.h */ -#ifndef IP_IPSEC_POLICY -#define IP_IPSEC_POLICY 16 +#ifndef IP_XFRM_POLICY +#define IP_XFRM_POLICY 17 #endif /* missing on uclibc */ -#ifndef IPV6_IPSEC_POLICY -#define IPV6_IPSEC_POLICY 34 -#endif /*IPV6_IPSEC_POLICY*/ +#ifndef IPV6_XFRM_POLICY +#define IPV6_XFRM_POLICY 34 +#endif /*IPV6_XFRM_POLICY*/ /** default priority of installed policies */ #define PRIO_LOW 3000 #define PRIO_HIGH 2000 +/** + * map the limit for bytes and packets to XFRM_INF per default + */ +#define XFRM_LIMIT(x) ((x) == 0 ? XFRM_INF : (x)) + /** * Create ORable bitfield of XFRM NL groups */ #define XFRMNLGRP(x) (1<<(XFRMNLGRP_##x-1)) /** - * returns a pointer to the first rtattr following the nlmsghdr *nlh and the - * 'usual' netlink data x like 'struct xfrm_usersa_info' + * returns a pointer to the first rtattr following the nlmsghdr *nlh and the + * 'usual' netlink data x like 'struct xfrm_usersa_info' */ #define XFRM_RTA(nlh, x) ((struct rtattr*)(NLMSG_DATA(nlh) + NLMSG_ALIGN(sizeof(x)))) /** @@ -80,8 +86,8 @@ */ #define XFRM_RTA_NEXT(rta) ((struct rtattr*)(((char*)(rta)) + RTA_ALIGN((rta)->rta_len))) /** - * returns the total size of attached rta data - * (after 'usual' netlink data x like 'struct xfrm_usersa_info') + * returns the total size of attached rta data + * (after 'usual' netlink data x like 'struct xfrm_usersa_info') */ #define XFRM_PAYLOAD(nlh, x) NLMSG_PAYLOAD(nlh, sizeof(x)) @@ -95,7 +101,7 @@ struct kernel_algorithm_t { * Identifier specified in IKEv2 */ int ikev2; - + /** * Name of the algorithm in linux crypto API */ @@ -157,18 +163,18 @@ ENUM(xfrm_attr_type_names, XFRMA_UNSPEC, XFRMA_KMADDRESS, * Algorithms for encryption */ static kernel_algorithm_t encryption_algs[] = { -/* {ENCR_DES_IV64, "***" }, */ - {ENCR_DES, "des" }, - {ENCR_3DES, "des3_ede" }, -/* {ENCR_RC5, "***" }, */ -/* {ENCR_IDEA, "***" }, */ - {ENCR_CAST, "cast128" }, - {ENCR_BLOWFISH, "blowfish" }, -/* {ENCR_3IDEA, "***" }, */ -/* {ENCR_DES_IV32, "***" }, */ - {ENCR_NULL, "cipher_null" }, - {ENCR_AES_CBC, "aes" }, - {ENCR_AES_CTR, "rfc3686(ctr(aes))" }, +/* {ENCR_DES_IV64, "***" }, */ + {ENCR_DES, "des" }, + {ENCR_3DES, "des3_ede" }, +/* {ENCR_RC5, "***" }, */ +/* {ENCR_IDEA, "***" }, */ + {ENCR_CAST, "cast128" }, + {ENCR_BLOWFISH, "blowfish" }, +/* {ENCR_3IDEA, "***" }, */ +/* {ENCR_DES_IV32, "***" }, */ + {ENCR_NULL, "cipher_null" }, + {ENCR_AES_CBC, "aes" }, + {ENCR_AES_CTR, "rfc3686(ctr(aes))" }, {ENCR_AES_CCM_ICV8, "rfc4309(ccm(aes))" }, {ENCR_AES_CCM_ICV12, "rfc4309(ccm(aes))" }, {ENCR_AES_CCM_ICV16, "rfc4309(ccm(aes))" }, @@ -181,33 +187,34 @@ static kernel_algorithm_t encryption_algs[] = { /* {ENCR_CAMELLIA_CCM_ICV8, "***" }, */ /* {ENCR_CAMELLIA_CCM_ICV12, "***" }, */ /* {ENCR_CAMELLIA_CCM_ICV16, "***" }, */ - {END_OF_LIST, NULL } + {END_OF_LIST, NULL } }; /** * Algorithms for integrity protection */ static kernel_algorithm_t integrity_algs[] = { - {AUTH_HMAC_MD5_96, "md5" }, + {AUTH_HMAC_MD5_96, "md5" }, {AUTH_HMAC_SHA1_96, "sha1" }, - {AUTH_HMAC_SHA2_256_128, "sha256" }, - {AUTH_HMAC_SHA2_384_192, "sha384" }, - {AUTH_HMAC_SHA2_512_256, "sha512" }, + {AUTH_HMAC_SHA2_256_96, "sha256" }, + {AUTH_HMAC_SHA2_256_128, "hmac(sha256)" }, + {AUTH_HMAC_SHA2_384_192, "hmac(sha384)" }, + {AUTH_HMAC_SHA2_512_256, "hmac(sha512)" }, /* {AUTH_DES_MAC, "***" }, */ /* {AUTH_KPDK_MD5, "***" }, */ {AUTH_AES_XCBC_96, "xcbc(aes)" }, - {END_OF_LIST, NULL } + {END_OF_LIST, NULL } }; /** * Algorithms for IPComp */ static kernel_algorithm_t compression_algs[] = { -/* {IPCOMP_OUI, "***" }, */ +/* {IPCOMP_OUI, "***" }, */ {IPCOMP_DEFLATE, "deflate" }, {IPCOMP_LZS, "lzs" }, {IPCOMP_LZJH, "lzjh" }, - {END_OF_LIST, NULL } + {END_OF_LIST, NULL } }; /** @@ -234,10 +241,10 @@ typedef struct route_entry_t route_entry_t; struct route_entry_t { /** Name of the interface the route is bound to */ char *if_name; - + /** Source ip of the route */ host_t *src_ip; - + /** gateway for this route */ host_t *gateway; @@ -255,7 +262,7 @@ static void route_entry_destroy(route_entry_t *this) { free(this->if_name); this->src_ip->destroy(this->src_ip); - this->gateway->destroy(this->gateway); + DESTROY_IF(this->gateway); chunk_free(&this->dst_net); free(this); } @@ -266,16 +273,16 @@ typedef struct policy_entry_t policy_entry_t; * installed kernel policy. */ struct policy_entry_t { - + /** direction of this policy: in, out, forward */ u_int8_t direction; - + /** parameters of installed policy */ struct xfrm_selector sel; - + /** associated route installed for this policy */ route_entry_t *route; - + /** by how many CHILD_SA's this policy is used */ u_int refcount; }; @@ -308,32 +315,32 @@ struct private_kernel_netlink_ipsec_t { * Public part of the kernel_netlink_t object. */ kernel_netlink_ipsec_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * Hash table of installed policies (policy_entry_t) */ hashtable_t *policies; - + /** * job receiving netlink events */ callback_job_t *job; - + /** * Netlink xfrm socket (IPsec) */ netlink_socket_t *socket_xfrm; - + /** * netlink xfrm socket to receive acquire and expire events */ int socket_xfrm_events; - + /** * whether to install routes along policies */ @@ -396,7 +403,7 @@ static u_int8_t mode2kernel(ipsec_mode_t mode) static void host2xfrm(host_t *host, xfrm_address_t *xfrm) { chunk_t chunk = host->get_address(host); - memcpy(xfrm, chunk.ptr, min(chunk.len, sizeof(xfrm_address_t))); + memcpy(xfrm, chunk.ptr, min(chunk.len, sizeof(xfrm_address_t))); } /** @@ -405,7 +412,7 @@ static void host2xfrm(host_t *host, xfrm_address_t *xfrm) static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port) { chunk_t chunk; - + switch (family) { case AF_INET: @@ -423,12 +430,12 @@ static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port) /** * convert a traffic selector address range to subnet and its mask. */ -static void ts2subnet(traffic_selector_t* ts, +static void ts2subnet(traffic_selector_t* ts, xfrm_address_t *net, u_int8_t *mask) { host_t *net_host; chunk_t net_chunk; - + ts->to_subnet(ts, &net_host, mask); net_chunk = net_host->get_address(net_host); memcpy(net, net_chunk.ptr, net_chunk.len); @@ -438,7 +445,7 @@ static void ts2subnet(traffic_selector_t* ts, /** * convert a traffic selector port range to port/portmask */ -static void ts2ports(traffic_selector_t* ts, +static void ts2ports(traffic_selector_t* ts, u_int16_t *port, u_int16_t *mask) { /* linux does not seem to accept complex portmasks. Only @@ -446,10 +453,10 @@ static void ts2ports(traffic_selector_t* ts, * a port range, or to a specific, if we have one port only. */ u_int16_t from, to; - + from = ts->get_from_port(ts); to = ts->get_to_port(ts); - + if (from == to) { *port = htons(from); @@ -465,7 +472,7 @@ static void ts2ports(traffic_selector_t* ts, /** * convert a pair of traffic_selectors to a xfrm_selector */ -static struct xfrm_selector ts2selector(traffic_selector_t *src, +static struct xfrm_selector ts2selector(traffic_selector_t *src, traffic_selector_t *dst) { struct xfrm_selector sel; @@ -480,12 +487,12 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, ts2ports(src, &sel.sport, &sel.sport_mask); sel.ifindex = 0; sel.user = 0; - + return sel; } /** - * convert a xfrm_selector to a src|dst traffic_selector + * convert a xfrm_selector to a src|dst traffic_selector */ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) { @@ -493,7 +500,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) u_int8_t prefixlen; u_int16_t port = 0; host_t *host = NULL; - + if (src) { addr = (u_char*)&sel->saddr; @@ -512,9 +519,9 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) port = htons(sel->dport); } } - + /* The Linux 2.6 kernel does not set the selector's family field, - * so as a kludge we additionally test the prefix length. + * so as a kludge we additionally test the prefix length. */ if (sel->family == AF_INET || sel->prefixlen_s == 32) { @@ -524,7 +531,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) { host = host_create_from_chunk(AF_INET6, chunk_create(addr, 16), 0); } - + if (host) { return traffic_selector_create_from_subnet(host, prefixlen, @@ -545,7 +552,7 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this, struct nlmsghd struct rtattr *rta; size_t rtasize; job_t *job; - + acquire = (struct xfrm_user_acquire*)NLMSG_DATA(hdr); rta = XFRM_RTA(hdr, struct xfrm_user_acquire); rtasize = XFRM_PAYLOAD(hdr, struct xfrm_user_acquire); @@ -593,21 +600,21 @@ static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr protocol_id_t protocol; u_int32_t spi, reqid; struct xfrm_user_expire *expire; - + expire = (struct xfrm_user_expire*)NLMSG_DATA(hdr); protocol = proto_kernel2ike(expire->state.id.proto); spi = expire->state.id.spi; reqid = expire->state.reqid; - + DBG2(DBG_KNL, "received a XFRM_MSG_EXPIRE"); - + if (protocol != PROTO_ESP && protocol != PROTO_AH) { DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and reqid {%u} " "which is not a CHILD_SA", ntohl(spi), reqid); return; } - + DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}", expire->hard ? "delete" : "rekey", protocol_id_names, protocol, ntohl(spi), reqid); @@ -643,7 +650,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this, struct nlmsghd rtasize = XFRM_PAYLOAD(hdr, struct xfrm_userpolicy_id); DBG2(DBG_KNL, "received a XFRM_MSG_MIGRATE"); - + src_ts = selector2ts(&policy_id->sel, TRUE); dst_ts = selector2ts(&policy_id->sel, FALSE); dir = (policy_dir_t)policy_id->dir; @@ -712,13 +719,13 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this, u_int32_t spi, reqid; struct xfrm_user_mapping *mapping; host_t *host; - + mapping = (struct xfrm_user_mapping*)NLMSG_DATA(hdr); spi = mapping->id.spi; reqid = mapping->reqid; - + DBG2(DBG_KNL, "received a XFRM_MSG_MAPPING"); - + if (proto_kernel2ike(mapping->id.proto) == PROTO_ESP) { host = xfrm2host(mapping->id.family, &mapping->new_saddr, @@ -742,13 +749,14 @@ static job_requeue_t receive_events(private_kernel_netlink_ipsec_t *this) struct nlmsghdr *hdr = (struct nlmsghdr*)response; struct sockaddr_nl addr; socklen_t addr_len = sizeof(addr); - int len, oldstate; + int len; + bool oldstate; - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + oldstate = thread_cancelability(TRUE); len = recvfrom(this->socket_xfrm_events, response, sizeof(response), 0, (struct sockaddr*)&addr, &addr_len); - pthread_setcancelstate(oldstate, NULL); - + thread_cancelability(oldstate); + if (len < 0) { switch (errno) @@ -765,12 +773,12 @@ static job_requeue_t receive_events(private_kernel_netlink_ipsec_t *this) return JOB_REQUEUE_FAIR; } } - + if (addr.nl_pid != 0) { /* not from kernel. not interested, try another one */ return JOB_REQUEUE_DIRECT; } - + while (NLMSG_OK(hdr, len)) { switch (hdr->nlmsg_type) @@ -788,6 +796,7 @@ static job_requeue_t receive_events(private_kernel_netlink_ipsec_t *this) process_mapping(this, hdr); break; default: + DBG1(DBG_KNL, "received unknown event from xfrm event socket: %d", hdr->nlmsg_type); break; } hdr = NLMSG_NEXT(hdr, len); @@ -807,9 +816,9 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, struct xfrm_userspi_info *userspi; u_int32_t received_spi = 0; size_t len; - + memset(&request, 0, sizeof(request)); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_ALLOCSPI; @@ -824,7 +833,7 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, userspi->info.family = src->get_family(src); userspi->min = min; userspi->max = max; - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -841,7 +850,7 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, case NLMSG_ERROR: { struct nlmsgerr *err = NLMSG_DATA(hdr); - + DBG1(DBG_KNL, "allocating SPI failed: %s (%d)", strerror(-err->error), -err->error); break; @@ -856,12 +865,12 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, } free(out); } - + if (received_spi == 0) { return FAILED; } - + *spi = received_spi; return SUCCESS; } @@ -869,47 +878,47 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, /** * Implementation of kernel_interface_t.get_spi. */ -static status_t get_spi(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_spi(private_kernel_netlink_ipsec_t *this, + host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { DBG2(DBG_KNL, "getting SPI for reqid {%u}", reqid); - + if (get_spi_internal(this, src, dst, proto_ike2kernel(protocol), 0xc0000000, 0xcFFFFFFF, reqid, spi) != SUCCESS) { DBG1(DBG_KNL, "unable to get SPI for reqid {%u}", reqid); return FAILED; } - + DBG2(DBG_KNL, "got SPI %.8x for reqid {%u}", ntohl(*spi), reqid); - + return SUCCESS; } /** * Implementation of kernel_interface_t.get_cpi. */ -static status_t get_cpi(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_cpi(private_kernel_netlink_ipsec_t *this, + host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { u_int32_t received_spi = 0; DBG2(DBG_KNL, "getting CPI for reqid {%u}", reqid); - + if (get_spi_internal(this, src, dst, IPPROTO_COMP, 0x100, 0xEFFF, reqid, &received_spi) != SUCCESS) { DBG1(DBG_KNL, "unable to get CPI for reqid {%u}", reqid); return FAILED; } - + *cpi = htons((u_int16_t)ntohl(received_spi)); - + DBG2(DBG_KNL, "got CPI %.4x for reqid {%u}", ntohs(*cpi), reqid); - + return SUCCESS; } @@ -919,38 +928,42 @@ static status_t get_cpi(private_kernel_netlink_ipsec_t *this, static status_t add_sa(private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - u_int64_t expire_soft, u_int64_t expire_hard, + lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound) + bool encap, bool inbound, + traffic_selector_t* src_ts, traffic_selector_t* dst_ts) { netlink_buf_t request; char *alg_name; struct nlmsghdr *hdr; struct xfrm_usersa_info *sa; - u_int16_t icv_size = 64; - + u_int16_t icv_size = 64; + /* if IPComp is used, we install an additional IPComp SA. if the cpi is 0 * we are in the recursive call below */ if (ipcomp != IPCOMP_NONE && cpi != 0) { - add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, 0, 0, - ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty, - mode, ipcomp, 0, FALSE, inbound); + lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}}; + add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, &lft, + ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty, + mode, ipcomp, 0, FALSE, inbound, NULL, NULL); ipcomp = IPCOMP_NONE; + /* use transport mode ESP SA, IPComp uses tunnel mode */ + mode = MODE_TRANSPORT; } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}", ntohl(spi), reqid); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = inbound ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); - + sa = (struct xfrm_usersa_info*)NLMSG_DATA(hdr); host2xfrm(src, &sa->saddr); host2xfrm(dst, &sa->id.daddr); @@ -958,25 +971,35 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, sa->id.proto = proto_ike2kernel(protocol); sa->family = src->get_family(src); sa->mode = mode2kernel(mode); - if (mode == MODE_TUNNEL) + switch (mode) { - sa->flags |= XFRM_STATE_AF_UNSPEC; + case MODE_TUNNEL: + sa->flags |= XFRM_STATE_AF_UNSPEC; + break; + case MODE_BEET: + if(src_ts && dst_ts) + { + sa->sel = ts2selector(src_ts, dst_ts); + } + break; + default: + break; } + sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32; sa->reqid = reqid; - /* we currently do not expire SAs by volume/packet count */ - sa->lft.soft_byte_limit = XFRM_INF; - sa->lft.hard_byte_limit = XFRM_INF; - sa->lft.soft_packet_limit = XFRM_INF; - sa->lft.hard_packet_limit = XFRM_INF; + sa->lft.soft_byte_limit = XFRM_LIMIT(lifetime->bytes.rekey); + sa->lft.hard_byte_limit = XFRM_LIMIT(lifetime->bytes.life); + sa->lft.soft_packet_limit = XFRM_LIMIT(lifetime->packets.rekey); + sa->lft.hard_packet_limit = XFRM_LIMIT(lifetime->packets.life); /* we use lifetimes since added, not since used */ - sa->lft.soft_add_expires_seconds = expire_soft; - sa->lft.hard_add_expires_seconds = expire_hard; + sa->lft.soft_add_expires_seconds = lifetime->time.rekey; + sa->lft.hard_add_expires_seconds = lifetime->time.life; sa->lft.soft_use_expires_seconds = 0; sa->lft.hard_use_expires_seconds = 0; - + struct rtattr *rthdr = XFRM_RTA(hdr, struct xfrm_usersa_info); - + switch (enc_alg) { case ENCR_UNDEFINED: @@ -1007,7 +1030,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + rthdr->rta_type = XFRMA_ALG_AEAD; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_aead) + enc_key.len); hdr->nlmsg_len += rthdr->rta_len; @@ -1015,13 +1038,13 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, { return FAILED; } - + algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr); algo->alg_key_len = enc_key.len * 8; algo->alg_icv_len = icv_size; strcpy(algo->alg_name, alg_name); memcpy(algo->alg_key, enc_key.ptr, enc_key.len); - + rthdr = XFRM_RTA_NEXT(rthdr); break; } @@ -1038,7 +1061,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + rthdr->rta_type = XFRMA_ALG_CRYPT; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + enc_key.len); hdr->nlmsg_len += rthdr->rta_len; @@ -1046,71 +1069,97 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, { return FAILED; } - + algo = (struct xfrm_algo*)RTA_DATA(rthdr); algo->alg_key_len = enc_key.len * 8; strcpy(algo->alg_name, alg_name); memcpy(algo->alg_key, enc_key.ptr, enc_key.len); - + rthdr = XFRM_RTA_NEXT(rthdr); } } - + if (int_alg != AUTH_UNDEFINED) { - rthdr->rta_type = XFRMA_ALG_AUTH; alg_name = lookup_algorithm(integrity_algs, int_alg); if (alg_name == NULL) { - DBG1(DBG_KNL, "algorithm %N not supported by kernel!", + DBG1(DBG_KNL, "algorithm %N not supported by kernel!", integrity_algorithm_names, int_alg); return FAILED; } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); - - rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len); - hdr->nlmsg_len += rthdr->rta_len; - if (hdr->nlmsg_len > sizeof(request)) + + if (int_alg == AUTH_HMAC_SHA2_256_128) { - return FAILED; + struct xfrm_algo_auth* algo; + + /* the kernel uses SHA256 with 96 bit truncation by default, + * use specified truncation size supported by newer kernels */ + rthdr->rta_type = XFRMA_ALG_AUTH_TRUNC; + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_auth) + int_key.len); + + hdr->nlmsg_len += rthdr->rta_len; + if (hdr->nlmsg_len > sizeof(request)) + { + return FAILED; + } + + algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr); + algo->alg_key_len = int_key.len * 8; + algo->alg_trunc_len = 128; + strcpy(algo->alg_name, alg_name); + memcpy(algo->alg_key, int_key.ptr, int_key.len); + } + else + { + struct xfrm_algo* algo; + + rthdr->rta_type = XFRMA_ALG_AUTH; + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo) + int_key.len); + + hdr->nlmsg_len += rthdr->rta_len; + if (hdr->nlmsg_len > sizeof(request)) + { + return FAILED; + } + + algo = (struct xfrm_algo*)RTA_DATA(rthdr); + algo->alg_key_len = int_key.len * 8; + strcpy(algo->alg_name, alg_name); + memcpy(algo->alg_key, int_key.ptr, int_key.len); } - - struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr); - algo->alg_key_len = int_key.len * 8; - strcpy(algo->alg_name, alg_name); - memcpy(algo->alg_key, int_key.ptr, int_key.len); - rthdr = XFRM_RTA_NEXT(rthdr); } - + if (ipcomp != IPCOMP_NONE) { rthdr->rta_type = XFRMA_ALG_COMP; alg_name = lookup_algorithm(compression_algs, ipcomp); if (alg_name == NULL) { - DBG1(DBG_KNL, "algorithm %N not supported by kernel!", + DBG1(DBG_KNL, "algorithm %N not supported by kernel!", ipcomp_transform_names, ipcomp); return FAILED; } DBG2(DBG_KNL, " using compression algorithm %N", ipcomp_transform_names, ipcomp); - + rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo)); hdr->nlmsg_len += rthdr->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr); algo->alg_key_len = 0; strcpy(algo->alg_name, alg_name); - + rthdr = XFRM_RTA_NEXT(rthdr); } - + if (encap) { rthdr->rta_type = XFRMA_ENCAP; @@ -1127,13 +1176,13 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, tmpl->encap_sport = htons(src->get_port(src)); tmpl->encap_dport = htons(dst->get_port(dst)); memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); - /* encap_oa could probably be derived from the - * traffic selectors [rfc4306, p39]. In the netlink kernel implementation - * pluto does the same as we do here but it uses encap_oa in the - * pfkey implementation. BUT as /usr/src/linux/net/key/af_key.c indicates + /* encap_oa could probably be derived from the + * traffic selectors [rfc4306, p39]. In the netlink kernel implementation + * pluto does the same as we do here but it uses encap_oa in the + * pfkey implementation. BUT as /usr/src/linux/net/key/af_key.c indicates * the kernel ignores it anyway * -> does that mean that NAT-T encap doesn't work in transport mode? - * No. The reason the kernel ignores NAT-OA is that it recomputes + * No. The reason the kernel ignores NAT-OA is that it recomputes * (or, rather, just ignores) the checksum. If packets pass * the IPsec checks it marks them "checksum ok" so OA isn't needed. */ rthdr = XFRM_RTA_NEXT(rthdr); @@ -1160,24 +1209,24 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, size_t len; struct rtattr *rta; size_t rtasize; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x", ntohl(spi)); hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETAE; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); - + aevent_id = (struct xfrm_aevent_id*)NLMSG_DATA(hdr); aevent_id->flags = XFRM_AE_RVAL; - + host2xfrm(dst, &aevent_id->sa_id.daddr); aevent_id->sa_id.spi = spi; aevent_id->sa_id.proto = proto_ike2kernel(protocol); aevent_id->sa_id.family = dst->get_family(dst); - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1206,7 +1255,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, break; } } - + if (out_aevent == NULL) { DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x", @@ -1214,7 +1263,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + rta = XFRM_RTA(out, struct xfrm_aevent_id); rtasize = XFRM_PAYLOAD(out, struct xfrm_aevent_id); while(RTA_OK(rta, rtasize)) @@ -1228,7 +1277,7 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, } rta = RTA_NEXT(rta, rtasize); } - + DBG1(DBG_KNL, "unable to query replay state from SAD entry with SPI %.8x", ntohl(spi)); free(out); @@ -1247,7 +1296,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, struct xfrm_usersa_id *sa_id; struct xfrm_usersa_info *sa = NULL; size_t len; - + memset(&request, 0, sizeof(request)); DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); @@ -1262,7 +1311,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, sa_id->spi = spi; sa_id->proto = proto_ike2kernel(protocol); sa_id->family = dst->get_family(dst); - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1291,7 +1340,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, break; } } - + if (sa == NULL) { DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); @@ -1299,7 +1348,7 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, return FAILED; } *bytes = sa->curlft.bytes; - + free(out); return SUCCESS; } @@ -1313,28 +1362,28 @@ static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *src, netlink_buf_t request; struct nlmsghdr *hdr; struct xfrm_usersa_id *sa_id; - + /* if IPComp was used, we first delete the additional IPComp SA */ if (cpi) { del_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, 0); } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_DELSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - + sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); host2xfrm(dst, &sa_id->daddr); sa_id->spi = spi; sa_id->proto = proto_ike2kernel(protocol); sa_id->family = dst->get_family(dst); - + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); @@ -1364,30 +1413,30 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, struct xfrm_encap_tmpl* tmpl = NULL; bool got_replay_state = FALSE; struct xfrm_replay_state replay; - + /* if IPComp is used, we first update the IPComp SA */ if (cpi) { update_sa(this, htonl(ntohs(cpi)), IPPROTO_COMP, 0, src, dst, new_src, new_dst, FALSE, FALSE); } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi)); - + /* query the existing SA first */ hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST; hdr->nlmsg_type = XFRM_MSG_GETSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); - + sa_id = (struct xfrm_usersa_id*)NLMSG_DATA(hdr); host2xfrm(dst, &sa_id->daddr); sa_id->spi = spi; sa_id->proto = proto_ike2kernel(protocol); sa_id->family = dst->get_family(dst); - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1422,13 +1471,13 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + /* try to get the replay state */ if (get_replay_state(this, spi, protocol, dst, &replay) == SUCCESS) { got_replay_state = TRUE; } - + /* delete the old SA (without affecting the IPComp SA) */ if (del_sa(this, src, dst, spi, protocol, 0) != SUCCESS) { @@ -1436,18 +1485,18 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); /* copy over the SA from out to request */ hdr = (struct nlmsghdr*)request; memcpy(hdr, out, min(out->nlmsg_len, sizeof(request))); - hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; + hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); sa = NLMSG_DATA(hdr); sa->family = new_dst->get_family(new_dst); - + if (!src->ip_equals(src, new_src)) { host2xfrm(new_src, &sa->saddr); @@ -1456,7 +1505,7 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, { host2xfrm(new_dst, &sa->id.daddr); } - + rta = XFRM_RTA(out, struct xfrm_usersa_info); rtasize = XFRM_PAYLOAD(out, struct xfrm_usersa_info); pos = (u_char*)XFRM_RTA(hdr, struct xfrm_usersa_info); @@ -1470,47 +1519,47 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rta); tmpl->encap_sport = ntohs(new_src->get_port(new_src)); tmpl->encap_dport = ntohs(new_dst->get_port(new_dst)); - } + } memcpy(pos, rta, rta->rta_len); pos += RTA_ALIGN(rta->rta_len); hdr->nlmsg_len += RTA_ALIGN(rta->rta_len); } rta = RTA_NEXT(rta, rtasize); } - + rta = (struct rtattr*)pos; if (tmpl == NULL && new_encap) { /* add tmpl if we are enabling it */ rta->rta_type = XFRMA_ENCAP; rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_encap_tmpl)); - + hdr->nlmsg_len += rta->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rta); tmpl->encap_type = UDP_ENCAP_ESPINUDP; tmpl->encap_sport = ntohs(new_src->get_port(new_src)); tmpl->encap_dport = ntohs(new_dst->get_port(new_dst)); memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); - + rta = XFRM_RTA_NEXT(rta); } - + if (got_replay_state) { /* copy the replay data if available */ rta->rta_type = XFRMA_REPLAY_VAL; rta->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state)); - + hdr->nlmsg_len += rta->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } memcpy(RTA_DATA(rta), &replay, sizeof(replay)); - + rta = XFRM_RTA_NEXT(rta); } @@ -1521,14 +1570,14 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, return FAILED; } free(out); - + return SUCCESS; } /** * Implementation of kernel_interface_t.add_policy. */ -static status_t add_policy(private_kernel_netlink_ipsec_t *this, +static status_t add_policy(private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, @@ -1542,13 +1591,13 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, netlink_buf_t request; struct xfrm_userpolicy_info *policy_info; struct nlmsghdr *hdr; - + /* create a policy */ policy = malloc_thing(policy_entry_t); memset(policy, 0, sizeof(policy_entry_t)); policy->sel = ts2selector(src_ts, dst_ts); policy->direction = direction; - + /* find the policy, which matches EXACTLY */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, policy); @@ -1568,10 +1617,10 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, this->policies->put(this->policies, policy, policy); policy->refcount = 1; } - + DBG2(DBG_KNL, "adding policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; @@ -1589,7 +1638,7 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, policy_info->action = XFRM_POLICY_ALLOW; policy_info->share = XFRM_SHARE_ANY; this->mutex->unlock(this->mutex); - + /* policies don't expire */ policy_info->lft.soft_byte_limit = XFRM_INF; policy_info->lft.soft_packet_limit = XFRM_INF; @@ -1599,19 +1648,19 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, policy_info->lft.hard_add_expires_seconds = 0; policy_info->lft.soft_use_expires_seconds = 0; policy_info->lft.hard_use_expires_seconds = 0; - + struct rtattr *rthdr = XFRM_RTA(hdr, struct xfrm_userpolicy_info); rthdr->rta_type = XFRMA_TMPL; rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); - + hdr->nlmsg_len += rthdr->rta_len; if (hdr->nlmsg_len > sizeof(request)) { return FAILED; } - + struct xfrm_user_tmpl *tmpl = (struct xfrm_user_tmpl*)RTA_DATA(rthdr); - + if (ipcomp != IPCOMP_NONE) { tmpl->reqid = reqid; @@ -1620,10 +1669,10 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, tmpl->mode = mode2kernel(mode); tmpl->optional = direction != POLICY_OUT; tmpl->family = src->get_family(src); - + host2xfrm(src, &tmpl->saddr); host2xfrm(dst, &tmpl->id.daddr); - + /* add an additional xfrm_user_tmpl */ rthdr->rta_len += RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); hdr->nlmsg_len += RTA_LENGTH(sizeof(struct xfrm_user_tmpl)); @@ -1631,53 +1680,58 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, { return FAILED; } - + tmpl++; + + /* use transport mode for ESP if we have a tunnel mode IPcomp SA */ + mode = MODE_TRANSPORT; + } + else + { + /* when using IPcomp, only the IPcomp SA uses tmp src/dst addresses */ + host2xfrm(src, &tmpl->saddr); + host2xfrm(dst, &tmpl->id.daddr); } - + tmpl->reqid = reqid; tmpl->id.proto = proto_ike2kernel(protocol); tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0; tmpl->mode = mode2kernel(mode); tmpl->family = src->get_family(src); - - host2xfrm(src, &tmpl->saddr); - host2xfrm(dst, &tmpl->id.daddr); - + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { DBG1(DBG_KNL, "unable to add policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); return FAILED; } - + /* install a route, if: * - we are NOT updating a policy * - this is a forward policy (to just get one for each child) - * - we are in tunnel mode - * - we are not using IPv6 (does not work correctly yet!) + * - we are in tunnel/BEET mode * - routing is not disabled via strongswan.conf */ if (policy->route == NULL && direction == POLICY_FWD && - mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 && - this->install_routes) + mode != MODE_TRANSPORT && this->install_routes) { route_entry_t *route = malloc_thing(route_entry_t); - + if (charon->kernel_interface->get_address_by_ts(charon->kernel_interface, dst_ts, &route->src_ip) == SUCCESS) { /* get the nexthop to src (src as we are in POLICY_FWD).*/ route->gateway = charon->kernel_interface->get_nexthop( - charon->kernel_interface, src); + charon->kernel_interface, src); + /* install route via outgoing interface */ route->if_name = charon->kernel_interface->get_interface( - charon->kernel_interface, dst); + charon->kernel_interface, dst); route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16); memcpy(route->dst_net.ptr, &policy->sel.saddr, route->dst_net.len); route->prefixlen = policy->sel.prefixlen_s; - + if (route->if_name) - { + { switch (charon->kernel_interface->add_route( charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, @@ -1714,7 +1768,7 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, * Implementation of kernel_interface_t.query_policy. */ static status_t query_policy(private_kernel_netlink_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { @@ -1723,9 +1777,9 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, struct xfrm_userpolicy_id *policy_id; struct xfrm_userpolicy_info *policy = NULL; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); @@ -1737,7 +1791,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr); policy_id->sel = ts2selector(src_ts, dst_ts); policy_id->dir = direction; - + if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS) { hdr = out; @@ -1766,7 +1820,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, break; } } - + if (policy == NULL) { DBG2(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts, @@ -1774,8 +1828,17 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - *use_time = (time_t)policy->curlft.use_time; - + + if (policy->curlft.use_time) + { + /* we need the monotonic time, but the kernel returns system time. */ + *use_time = time_monotonic(NULL) - (time(NULL) - policy->curlft.use_time); + } + else + { + *use_time = 0; + } + free(out); return SUCCESS; } @@ -1784,7 +1847,7 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, * Implementation of kernel_interface_t.del_policy. */ static status_t del_policy(private_kernel_netlink_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { @@ -1793,15 +1856,15 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, netlink_buf_t request; struct nlmsghdr *hdr; struct xfrm_userpolicy_id *policy_id; - + DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ memset(&policy, 0, sizeof(policy_entry_t)); policy.sel = ts2selector(src_ts, dst_ts); policy.direction = direction; - + /* find the policy */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, &policy); @@ -1825,9 +1888,9 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, dst_ts, policy_dir_names, direction); return NOT_FOUND; } - + memset(&request, 0, sizeof(request)); - + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; hdr->nlmsg_type = XFRM_MSG_DELPOLICY; @@ -1836,10 +1899,10 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, policy_id = (struct xfrm_userpolicy_id*)NLMSG_DATA(hdr); policy_id->sel = to_delete->sel; policy_id->dir = direction; - + route = to_delete->route; free(to_delete); - + if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, @@ -1856,7 +1919,7 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, DBG1(DBG_KNL, "error uninstalling route installed with " "policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - } + } route_entry_destroy(route); } return SUCCESS; @@ -1869,7 +1932,7 @@ static void destroy(private_kernel_netlink_ipsec_t *this) { enumerator_t *enumerator; policy_entry_t *policy; - + this->job->cancel(this->job); close(this->socket_xfrm_events); this->socket_xfrm->destroy(this->socket_xfrm); @@ -1892,43 +1955,32 @@ static bool add_bypass_policies() int fd, family, port; enumerator_t *sockets; bool status = TRUE; - - /* we open an AF_KEY socket to autoload the af_key module. Otherwise - * setsockopt(IPSEC_POLICY) won't work. */ - fd = socket(AF_KEY, SOCK_RAW, PF_KEY_V2); - if (fd == 0) - { - DBG1(DBG_KNL, "could not open AF_KEY socket"); - return FALSE; - } - close(fd); - + sockets = charon->socket->create_enumerator(charon->socket); while (sockets->enumerate(sockets, &fd, &family, &port)) { - struct sadb_x_policy policy; + struct xfrm_userpolicy_info policy; u_int sol, ipsec_policy; - + switch (family) { case AF_INET: sol = SOL_IP; - ipsec_policy = IP_IPSEC_POLICY; + ipsec_policy = IP_XFRM_POLICY; break; case AF_INET6: sol = SOL_IPV6; - ipsec_policy = IPV6_IPSEC_POLICY; + ipsec_policy = IPV6_XFRM_POLICY; break; default: continue; } - + memset(&policy, 0, sizeof(policy)); - policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t); - policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY; - policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS; - - policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND; + policy.action = XFRM_POLICY_ALLOW; + policy.sel.family = family; + + policy.dir = XFRM_POLICY_OUT; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", @@ -1936,10 +1988,10 @@ static bool add_bypass_policies() status = FALSE; break; } - policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND; + policy.dir = XFRM_POLICY_IN; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", strerror(errno)); status = FALSE; break; @@ -1956,11 +2008,12 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() { private_kernel_netlink_ipsec_t *this = malloc_thing(private_kernel_netlink_ipsec_t); struct sockaddr_nl addr; - + int fd; + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; - this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa; + this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa; this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa; this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa; this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa; @@ -1975,18 +2028,20 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE); - - /* add bypass policies on the sockets used by charon */ - if (!add_bypass_policies()) + + /* disable lifetimes for allocated SPIs in kernel */ + fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY); + if (fd) { - charon->kill(charon, "unable to add bypass policies on sockets"); + ignore_result(write(fd, "165", 3)); + close(fd); } - + this->socket_xfrm = netlink_socket_create(NETLINK_XFRM); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; - + /* create and bind XFRM socket for ACQUIRE, EXPIRE, MIGRATE & MAPPING */ this->socket_xfrm_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM); if (this->socket_xfrm_events <= 0) @@ -1999,10 +2054,16 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() { charon->kill(charon, "unable to bind XFRM event socket"); } - + + /* add bypass policies on the sockets used by charon */ + if (!add_bypass_policies()) + { + charon->kill(charon, "unable to add bypass policies on sockets"); + } + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c b/src/charon/plugins/kernel_netlink/kernel_netlink_net.c index e5c0b5da7..4a9fdf69a 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_net.c @@ -17,8 +17,6 @@ #include #include #include -#include -#include #include #include #include @@ -27,7 +25,9 @@ #include "kernel_netlink_shared.h" #include -#include +#include +#include +#include #include #include #include @@ -35,30 +35,22 @@ /** delay before firing roam jobs (ms) */ #define ROAM_DELAY 100 -/** routing table for routes installed by us */ -#ifndef IPSEC_ROUTING_TABLE -#define IPSEC_ROUTING_TABLE 100 -#endif -#ifndef IPSEC_ROUTING_TABLE_PRIO -#define IPSEC_ROUTING_TABLE_PRIO 100 -#endif - typedef struct addr_entry_t addr_entry_t; /** * IP address in an inface_entry_t */ struct addr_entry_t { - + /** The ip address */ host_t *ip; - + /** virtual IP managed by us */ bool virtual; - + /** scope of the address */ u_char scope; - + /** Number of times this IP is used, if virtual */ u_int refcount; }; @@ -78,16 +70,16 @@ typedef struct iface_entry_t iface_entry_t; * A network interface on this system, containing addr_entry_t's */ struct iface_entry_t { - + /** interface index */ int ifindex; - + /** name of the interface */ char ifname[IFNAMSIZ]; - + /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ u_int flags; - + /** list of addresses as host_t */ linked_list_t *addrs; }; @@ -111,57 +103,57 @@ struct private_kernel_netlink_net_t { * Public part of the kernel_netlink_net_t object. */ kernel_netlink_net_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * condition variable to signal virtual IP add/removal */ condvar_t *condvar; - + /** * Cached list of interfaces and its addresses (iface_entry_t) */ linked_list_t *ifaces; - + /** * job receiving netlink events */ callback_job_t *job; - + /** * netlink rt socket (routing) */ netlink_socket_t *socket; - + /** * Netlink rt socket to receive address change events */ int socket_events; - + /** * time of the last roam_job */ - struct timeval last_roam; - + timeval_t last_roam; + /** * routing table to install routes */ int routing_table; - + /** * priority of used routing table */ int routing_table_prio; - + /** * whether to react to RTM_NEWROUTE or RTM_DELROUTE events */ bool process_route; - + /** * whether to actually install virtual IPs */ @@ -177,7 +169,7 @@ static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip) iface_entry_t *iface; addr_entry_t *addr; int refcount = 0; - + ifaces = this->ifaces->create_iterator(this->ifaces, TRUE); while (ifaces->iterate(ifaces, (void**)&iface)) { @@ -198,7 +190,7 @@ static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip) } } ifaces->destroy(ifaces); - + return refcount; } @@ -208,22 +200,20 @@ static int get_vip_refcount(private_kernel_netlink_net_t *this, host_t* ip) */ static void fire_roam_job(private_kernel_netlink_net_t *this, bool address) { - struct timeval now; - - if (gettimeofday(&now, NULL) == 0) + timeval_t now; + + time_monotonic(&now); + if (timercmp(&now, &this->last_roam, >)) { - if (timercmp(&now, &this->last_roam, >)) + now.tv_usec += ROAM_DELAY * 1000; + while (now.tv_usec > 1000000) { - now.tv_usec += ROAM_DELAY * 1000; - while (now.tv_usec > 1000000) - { - now.tv_sec++; - now.tv_usec -= 1000000; - } - this->last_roam = now; - charon->scheduler->schedule_job_ms(charon->scheduler, - (job_t*)roam_job_create(address), ROAM_DELAY); + now.tv_sec++; + now.tv_usec -= 1000000; } + this->last_roam = now; + charon->scheduler->schedule_job_ms(charon->scheduler, + (job_t*)roam_job_create(address), ROAM_DELAY); } } @@ -240,7 +230,7 @@ static void process_link(private_kernel_netlink_net_t *this, iface_entry_t *current, *entry = NULL; char *name = NULL; bool update = FALSE; - + while(RTA_OK(rta, rtasize)) { switch (rta->rta_type) @@ -255,7 +245,7 @@ static void process_link(private_kernel_netlink_net_t *this, { name = "(unknown)"; } - + this->mutex->lock(this->mutex); switch (hdr->nlmsg_type) { @@ -308,7 +298,7 @@ static void process_link(private_kernel_netlink_net_t *this, { if (current->ifindex == msg->ifi_index) { - /* we do not remove it, as an address may be added to a + /* we do not remove it, as an address may be added to a * "down" interface and we wan't to know that. */ current->flags = msg->ifi_flags; break; @@ -319,7 +309,7 @@ static void process_link(private_kernel_netlink_net_t *this, } } this->mutex->unlock(this->mutex); - + /* send an update to all IKE_SAs */ if (update && event) { @@ -342,7 +332,7 @@ static void process_addr(private_kernel_netlink_net_t *this, addr_entry_t *addr; chunk_t local = chunk_empty, address = chunk_empty; bool update = FALSE, found = FALSE, changed = FALSE; - + while(RTA_OK(rta, rtasize)) { switch (rta->rta_type) @@ -358,7 +348,7 @@ static void process_addr(private_kernel_netlink_net_t *this, } rta = RTA_NEXT(rta, rtasize); } - + /* For PPP interfaces, we need the IFA_LOCAL address, * IFA_ADDRESS is the peers address. But IFA_LOCAL is * not included in all cases (IPv6?), so fallback to IFA_ADDRESS. */ @@ -370,12 +360,12 @@ static void process_addr(private_kernel_netlink_net_t *this, { host = host_create_from_chunk(msg->ifa_family, address, 0); } - + if (host == NULL) { /* bad family? */ return; } - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -406,7 +396,7 @@ static void process_addr(private_kernel_netlink_net_t *this, } } addrs->destroy(addrs); - + if (hdr->nlmsg_type == RTM_NEWADDR) { if (!found) @@ -418,7 +408,7 @@ static void process_addr(private_kernel_netlink_net_t *this, addr->virtual = FALSE; addr->refcount = 1; addr->scope = msg->ifa_scope; - + iface->addrs->insert_last(iface->addrs, addr); if (event) { @@ -436,7 +426,7 @@ static void process_addr(private_kernel_netlink_net_t *this, ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); host->destroy(host); - + /* send an update to all IKE_SAs */ if (update && event && changed) { @@ -453,13 +443,13 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h struct rtattr *rta = RTM_RTA(msg); size_t rtasize = RTM_PAYLOAD(hdr); host_t *host = NULL; - + /* ignore routes added by us */ if (msg->rtm_table && msg->rtm_table == this->routing_table) { return; } - + while (RTA_OK(rta, rtasize)) { switch (rta->rta_type) @@ -492,13 +482,14 @@ static job_requeue_t receive_events(private_kernel_netlink_net_t *this) struct nlmsghdr *hdr = (struct nlmsghdr*)response; struct sockaddr_nl addr; socklen_t addr_len = sizeof(addr); - int len, oldstate; + int len; + bool oldstate; - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + oldstate = thread_cancelability(TRUE); len = recvfrom(this->socket_events, response, sizeof(response), 0, (struct sockaddr*)&addr, &addr_len); - pthread_setcancelstate(oldstate, NULL); - + thread_cancelability(oldstate); + if (len < 0) { switch (errno) @@ -515,12 +506,12 @@ static job_requeue_t receive_events(private_kernel_netlink_net_t *this) return JOB_REQUEUE_FAIR; } } - + if (addr.nl_pid != 0) { /* not from kernel. not interested, try another one */ return JOB_REQUEUE_DIRECT; } - + while (NLMSG_OK(hdr, len)) { /* looks good so far, dispatch netlink message */ @@ -556,7 +547,7 @@ typedef struct { private_kernel_netlink_net_t* this; /** whether to enumerate down interfaces */ bool include_down_ifaces; - /** whether to enumerate virtual ip addresses */ + /** whether to enumerate virtual ip addresses */ bool include_virtual_ips; } address_enumerator_t; @@ -618,7 +609,7 @@ static enumerator_t *create_address_enumerator(private_kernel_netlink_net_t *thi data->this = this; data->include_down_ifaces = include_down_ifaces; data->include_virtual_ips = include_virtual_ips; - + this->mutex->lock(this->mutex); return enumerator_create_nested( enumerator_create_filter(this->ifaces->create_enumerator(this->ifaces), @@ -635,9 +626,9 @@ static char *get_interface_name(private_kernel_netlink_net_t *this, host_t* ip) iface_entry_t *iface; addr_entry_t *addr; char *name = NULL; - + DBG2(DBG_KNL, "getting interface name for %H", ip); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -659,7 +650,7 @@ static char *get_interface_name(private_kernel_netlink_net_t *this, host_t* ip) } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + if (name) { DBG2(DBG_KNL, "%H is on interface %s", ip, name); @@ -679,9 +670,9 @@ static int get_interface_index(private_kernel_netlink_net_t *this, char* name) enumerator_t *ifaces; iface_entry_t *iface; int ifindex = 0; - + DBG2(DBG_KNL, "getting iface index for %s", name); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -711,7 +702,7 @@ static bool is_interface_up(private_kernel_netlink_net_t *this, int index) iface_entry_t *iface; /* default to TRUE for interface we do not monitor (e.g. lo) */ bool up = TRUE; - + ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) { @@ -733,11 +724,14 @@ static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len) static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe }; int byte = 0; + if (net_len == 0) + { /* any address matches a /0 network */ + return TRUE; + } if (addr.len != net.len || net_len > 8 * net.len ) { return FALSE; } - /* scan through all bytes in network order */ while (net_len > 0) { @@ -771,35 +765,42 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, size_t len; int best = -1; host_t *src = NULL, *gtw = NULL; - + DBG2(DBG_KNL, "getting address to reach %H", dest); - + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; - hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP | NLM_F_ROOT; + hdr->nlmsg_flags = NLM_F_REQUEST; + if (dest->get_family(dest) == AF_INET) + { + /* We dump all addresses for IPv4, as we want to ignore IPsec specific + * routes installed by us. But the kernel does not return source + * addresses in a IPv6 dump, so fall back to get() for v6 routes. */ + hdr->nlmsg_flags |= NLM_F_ROOT | NLM_F_DUMP; + } hdr->nlmsg_type = RTM_GETROUTE; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); msg = (struct rtmsg*)NLMSG_DATA(hdr); msg->rtm_family = dest->get_family(dest); - - chunk = dest->get_address(dest); - netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request)); if (candidate) { chunk = candidate->get_address(candidate); netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request)); } - + chunk = dest->get_address(dest); + netlink_add_attribute(hdr, RTA_DST, chunk, sizeof(request)); + if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "getting address to %H failed", dest); return NULL; } this->mutex->lock(this->mutex); - current = out; - while (NLMSG_OK(current, len)) + + for (current = out; NLMSG_OK(current, len); + current = NLMSG_NEXT(current, len)) { switch (current->nlmsg_type) { @@ -811,10 +812,8 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, size_t rtasize; chunk_t rta_gtw, rta_src, rta_dst; u_int32_t rta_oif = 0; - enumerator_t *ifaces, *addrs; - iface_entry_t *iface; - addr_entry_t *addr; - + host_t *new_src, *new_gtw; + rta_gtw = rta_src = rta_dst = chunk_empty; msg = (struct rtmsg*)(NLMSG_DATA(current)); rta = RTM_RTA(msg); @@ -841,81 +840,74 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, } rta = RTA_NEXT(rta, rtasize); } - if (rta_oif && !is_interface_up(this, rta_oif)) - { /* interface is down */ - goto next; + if (msg->rtm_dst_len <= best) + { /* not better than a previous one */ + continue; } if (this->routing_table != 0 && msg->rtm_table == this->routing_table) { /* route is from our own ipsec routing table */ - goto next; + continue; } - if (msg->rtm_dst_len <= best) - { /* not better than a previous one */ - goto next; + if (rta_oif && !is_interface_up(this, rta_oif)) + { /* interface is down */ + continue; } - if (msg->rtm_dst_len != 0 && - (!rta_dst.ptr || - !addr_in_subnet(chunk, rta_dst, msg->rtm_dst_len))) - { /* is not the default route and not contained in our dst */ - goto next; + if (!addr_in_subnet(chunk, rta_dst, msg->rtm_dst_len)) + { /* route destination does not contain dest */ + continue; } - - best = msg->rtm_dst_len; + if (nexthop) { + /* nexthop lookup, return gateway if any */ DESTROY_IF(gtw); gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0); - goto next; + best = msg->rtm_dst_len; + continue; } if (rta_src.ptr) { - DESTROY_IF(src); - src = host_create_from_chunk(msg->rtm_family, rta_src, 0); - if (get_vip_refcount(this, src)) - { /* skip source address if it is installed by us */ - DESTROY_IF(src); - src = NULL; - } - goto next; - } - /* no source addr, get one from the interfaces */ - ifaces = this->ifaces->create_enumerator(this->ifaces); - while (ifaces->enumerate(ifaces, &iface)) - { - if (iface->ifindex == rta_oif && - iface->flags & IFF_UP) + /* got a source address */ + new_src = host_create_from_chunk(msg->rtm_family, rta_src, 0); + if (new_src) { - addrs = iface->addrs->create_enumerator(iface->addrs); - while (addrs->enumerate(addrs, &addr)) + if (get_vip_refcount(this, new_src)) + { /* skip source address if it is installed by us */ + new_src->destroy(new_src); + } + else { - chunk_t ip = addr->ip->get_address(addr->ip); - if ((msg->rtm_dst_len == 0 && - addr->ip->get_family(addr->ip) == - dest->get_family(dest)) || - addr_in_subnet(ip, rta_dst, msg->rtm_dst_len)) - { - DESTROY_IF(src); - src = addr->ip->clone(addr->ip); - break; - } + DESTROY_IF(src); + src = new_src; + best = msg->rtm_dst_len; } - addrs->destroy(addrs); } + continue; } - ifaces->destroy(ifaces); - goto next; + if (rta_gtw.ptr) + { /* no source, but a gateway. Lookup source to reach gtw. */ + new_gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0); + new_src = get_route(this, new_gtw, FALSE, candidate); + new_gtw->destroy(new_gtw); + if (new_src) + { + DESTROY_IF(src); + src = new_src; + best = msg->rtm_dst_len; + } + continue; + } + continue; } default: - next: - current = NLMSG_NEXT(current, len); continue; } break; } free(out); this->mutex->unlock(this->mutex); - + if (nexthop) { if (gtw) @@ -955,23 +947,23 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type struct nlmsghdr *hdr; struct ifaddrmsg *msg; chunk_t chunk; - + memset(&request, 0, sizeof(request)); - + chunk = ip->get_address(ip); - - hdr = (struct nlmsghdr*)request; + + hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; - hdr->nlmsg_type = nlmsg_type; + hdr->nlmsg_type = nlmsg_type; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg)); - + msg = (struct ifaddrmsg*)NLMSG_DATA(hdr); - msg->ifa_family = ip->get_family(ip); - msg->ifa_flags = 0; - msg->ifa_prefixlen = 8 * chunk.len; - msg->ifa_scope = RT_SCOPE_UNIVERSE; - msg->ifa_index = if_index; - + msg->ifa_family = ip->get_family(ip); + msg->ifa_flags = 0; + msg->ifa_prefixlen = 8 * chunk.len; + msg->ifa_scope = RT_SCOPE_UNIVERSE; + msg->ifa_index = if_index; + netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request)); return this->socket->send_ack(this->socket, hdr); @@ -980,27 +972,27 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type /** * Implementation of kernel_net_t.add_ip. */ -static status_t add_ip(private_kernel_netlink_net_t *this, +static status_t add_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip, host_t *iface_ip) { iface_entry_t *iface; addr_entry_t *addr; enumerator_t *addrs, *ifaces; int ifindex; - + if (!this->install_virtual_ip) { /* disabled by config */ return SUCCESS; } - + DBG2(DBG_KNL, "adding virtual IP %H", virtual_ip); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) { bool iface_found = FALSE; - + addrs = iface->addrs->create_enumerator(iface->addrs); while (addrs->enumerate(addrs, &addr)) { @@ -1020,7 +1012,7 @@ static status_t add_ip(private_kernel_netlink_net_t *this, } } addrs->destroy(addrs); - + if (iface_found) { ifindex = iface->ifindex; @@ -1030,7 +1022,7 @@ static status_t add_ip(private_kernel_netlink_net_t *this, addr->virtual = TRUE; addr->scope = RT_SCOPE_UNIVERSE; iface->addrs->insert_last(iface->addrs, addr); - + if (manage_ipaddr(this, RTM_NEWADDR, NLM_F_CREATE | NLM_F_EXCL, ifindex, virtual_ip) == SUCCESS) { @@ -1050,7 +1042,7 @@ static status_t add_ip(private_kernel_netlink_net_t *this, } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + DBG1(DBG_KNL, "interface address %H not found, unable to install" "virtual IP %H", iface_ip, virtual_ip); return FAILED; @@ -1066,14 +1058,14 @@ static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip) enumerator_t *addrs, *ifaces; status_t status; int ifindex; - + if (!this->install_virtual_ip) { /* disabled by config */ return SUCCESS; } - + DBG2(DBG_KNL, "deleting virtual IP %H", virtual_ip); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -1087,7 +1079,7 @@ static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip) if (addr->refcount == 1) { status = manage_ipaddr(this, RTM_DELADDR, 0, - ifindex, virtual_ip); + ifindex, virtual_ip); if (status == SUCCESS) { /* wait until the address is really gone */ while (get_vip_refcount(this, virtual_ip) > 0) @@ -1116,7 +1108,7 @@ static status_t del_ip(private_kernel_netlink_net_t *this, host_t *virtual_ip) } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + DBG2(DBG_KNL, "virtual IP %H not cached, unable to delete", virtual_ip); return FAILED; } @@ -1143,11 +1135,11 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty chunk_t half_net; u_int8_t half_prefixlen; status_t status; - + half_net = chunk_alloca(dst_net.len); memset(half_net.ptr, 0, half_net.len); half_prefixlen = 1; - + status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen, gateway, src_ip, if_name); half_net.ptr[0] |= 0x80; @@ -1155,7 +1147,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty gateway, src_ip, if_name); return status; } - + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; @@ -1170,12 +1162,15 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_ty msg->rtm_protocol = RTPROT_STATIC; msg->rtm_type = RTN_UNICAST; msg->rtm_scope = RT_SCOPE_UNIVERSE; - + netlink_add_attribute(hdr, RTA_DST, dst_net, sizeof(request)); chunk = src_ip->get_address(src_ip); netlink_add_attribute(hdr, RTA_PREFSRC, chunk, sizeof(request)); - chunk = gateway->get_address(gateway); - netlink_add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request)); + if (gateway && gateway->get_family(gateway) == src_ip->get_family(src_ip)) + { + chunk = gateway->get_address(gateway); + netlink_add_attribute(hdr, RTA_GATEWAY, chunk, sizeof(request)); + } ifindex = get_interface_index(this, if_name); chunk.ptr = (char*)&ifindex; chunk.len = sizeof(ifindex); @@ -1193,7 +1188,7 @@ static status_t add_route(private_kernel_netlink_net_t *this, chunk_t dst_net, return manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, dst_net, prefixlen, gateway, src_ip, if_name); } - + /** * Implementation of kernel_net_t.del_route. */ @@ -1216,9 +1211,9 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) enumerator_t *ifaces, *addrs; iface_entry_t *iface; addr_entry_t *addr; - + DBG1(DBG_KNL, "listening on interfaces:"); - + memset(&request, 0, sizeof(request)); in = (struct nlmsghdr*)&request; @@ -1226,7 +1221,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) in->nlmsg_flags = NLM_F_REQUEST | NLM_F_MATCH | NLM_F_ROOT; msg = (struct rtgenmsg*)NLMSG_DATA(in); msg->rtgen_family = AF_UNSPEC; - + /* get all links */ in->nlmsg_type = RTM_GETLINK; if (this->socket->send(this->socket, in, &out, &len) != SUCCESS) @@ -1250,7 +1245,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) break; } free(out); - + /* get all interface addresses */ in->nlmsg_type = RTM_GETADDR; if (this->socket->send(this->socket, in, &out, &len) != SUCCESS) @@ -1274,7 +1269,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) break; } free(out); - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -1299,17 +1294,17 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) * create or delete a rule to use our routing table */ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, - u_int32_t table, u_int32_t prio) + int family, u_int32_t table, u_int32_t prio) { netlink_buf_t request; struct nlmsghdr *hdr; struct rtmsg *msg; chunk_t chunk; - memset(&request, 0, sizeof(request)); + memset(&request, 0, sizeof(request)); hdr = (struct nlmsghdr*)request; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; - hdr->nlmsg_type = nlmsg_type; + hdr->nlmsg_type = nlmsg_type; if (nlmsg_type == RTM_NEWRULE) { hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL; @@ -1318,7 +1313,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, msg = (struct rtmsg*)NLMSG_DATA(hdr); msg->rtm_table = table; - msg->rtm_family = AF_INET; + msg->rtm_family = family; msg->rtm_protocol = RTPROT_BOOT; msg->rtm_scope = RT_SCOPE_UNIVERSE; msg->rtm_type = RTN_UNICAST; @@ -1336,7 +1331,9 @@ static void destroy(private_kernel_netlink_net_t *this) { if (this->routing_table) { - manage_rule(this, RTM_DELRULE, this->routing_table, + manage_rule(this, RTM_DELRULE, AF_INET, this->routing_table, + this->routing_table_prio); + manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table, this->routing_table_prio); } @@ -1356,7 +1353,7 @@ kernel_netlink_net_t *kernel_netlink_net_create() { private_kernel_netlink_net_t *this = malloc_thing(private_kernel_netlink_net_t); struct sockaddr_nl addr; - + /* public functions */ this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name; this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator; @@ -1370,53 +1367,58 @@ kernel_netlink_net_t *kernel_netlink_net_create() /* private members */ this->ifaces = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); timerclear(&this->last_roam); this->routing_table = lib->settings->get_int(lib->settings, - "charon.routing_table", IPSEC_ROUTING_TABLE); + "charon.routing_table", ROUTING_TABLE); this->routing_table_prio = lib->settings->get_int(lib->settings, - "charon.routing_table_prio", IPSEC_ROUTING_TABLE_PRIO); + "charon.routing_table_prio", ROUTING_TABLE_PRIO); this->process_route = lib->settings->get_bool(lib->settings, "charon.process_route", TRUE); this->install_virtual_ip = lib->settings->get_bool(lib->settings, "charon.install_virtual_ip", TRUE); - + this->socket = netlink_socket_create(NETLINK_ROUTE); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; - + /* create and bind RT socket for events (address/interface/route changes) */ this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (this->socket_events <= 0) { charon->kill(charon, "unable to create RT event socket"); } - addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR | + addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE | RTMGRP_IPV4_ROUTE | RTMGRP_LINK; if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr))) { charon->kill(charon, "unable to bind RT event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + if (init_address_list(this) != SUCCESS) { charon->kill(charon, "unable to get interface list"); } - + if (this->routing_table) { - if (manage_rule(this, RTM_NEWRULE, this->routing_table, + if (manage_rule(this, RTM_NEWRULE, AF_INET, this->routing_table, this->routing_table_prio) != SUCCESS) { - DBG1(DBG_KNL, "unable to create routing table rule"); + DBG1(DBG_KNL, "unable to create IPv4 routing table rule"); + } + if (manage_rule(this, RTM_NEWRULE, AF_INET6, this->routing_table, + this->routing_table_prio) != SUCCESS) + { + DBG1(DBG_KNL, "unable to create IPv6 routing table rule"); } } - + return &this->public; } diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c index 77005e871..cdf20f14a 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -49,11 +49,11 @@ static void destroy(private_kernel_netlink_plugin_t *this) plugin_t *plugin_create() { private_kernel_netlink_plugin_t *this = malloc_thing(private_kernel_netlink_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)kernel_netlink_ipsec_create); charon->kernel_interface->add_net_interface(charon->kernel_interface, (kernel_net_constructor_t)kernel_netlink_net_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c index ec1187083..b96186a3a 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -22,7 +22,7 @@ #include "kernel_netlink_shared.h" #include -#include +#include typedef struct private_netlink_socket_t private_netlink_socket_t; @@ -34,7 +34,7 @@ struct private_netlink_socket_t { * public part of the netlink_socket_t object. */ netlink_socket_t public; - + /** * mutex to lock access to netlink socket */ @@ -46,12 +46,12 @@ struct private_netlink_socket_t { int seq; /** - * netlink socket protocol + * netlink socket protocol */ int protocol; /** - * netlink socket + * netlink socket */ int socket; }; @@ -71,12 +71,12 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in struct sockaddr_nl addr; chunk_t result = chunk_empty, tmp; struct nlmsghdr *msg, peek; - + this->mutex->lock(this->mutex); - + in->nlmsg_seq = ++this->seq; in->nlmsg_pid = getpid(); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; addr.nl_pid = 0; @@ -91,11 +91,11 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in while (TRUE) { - len = sendto(this->socket, in, in->nlmsg_len, 0, + len = sendto(this->socket, in, in->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); - + if (len != in->nlmsg_len) - { + { if (errno == EINTR) { /* interrupted, try again */ @@ -107,23 +107,23 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in } break; } - + while (TRUE) - { + { char buf[4096]; tmp.len = sizeof(buf); tmp.ptr = buf; msg = (struct nlmsghdr*)tmp.ptr; - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; addr.nl_pid = getpid(); addr.nl_groups = 0; addr_len = sizeof(addr); - + len = recvfrom(this->socket, tmp.ptr, tmp.len, 0, (struct sockaddr*)&addr, &addr_len); - + if (len < 0) { if (errno == EINTR) @@ -155,17 +155,17 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in free(result.ptr); return FAILED; } - + tmp.len = len; result.ptr = realloc(result.ptr, result.len + tmp.len); memcpy(result.ptr + result.len, tmp.ptr, tmp.len); result.len += tmp.len; - + /* NLM_F_MULTI flag does not seem to be set correctly, we use sequence * numbers to detect multi header messages */ len = recvfrom(this->socket, &peek, sizeof(peek), MSG_PEEK | MSG_DONTWAIT, (struct sockaddr*)&addr, &addr_len); - + if (len == sizeof(peek) && peek.nlmsg_seq == this->seq) { /* seems to be multipart */ @@ -173,12 +173,12 @@ static status_t netlink_send(private_netlink_socket_t *this, struct nlmsghdr *in } break; } - + *out_len = result.len; *out = (struct nlmsghdr*)result.ptr; - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -202,7 +202,7 @@ static status_t netlink_send_ack(private_netlink_socket_t *this, struct nlmsghdr case NLMSG_ERROR: { struct nlmsgerr* err = (struct nlmsgerr*)NLMSG_DATA(hdr); - + if (err->error) { if (-err->error == EEXIST) @@ -247,7 +247,7 @@ static void destroy(private_netlink_socket_t *this) netlink_socket_t *netlink_socket_create(int protocol) { private_netlink_socket_t *this = malloc_thing(private_netlink_socket_t); struct sockaddr_nl addr; - + /* public functions */ this->public.send = (status_t(*)(netlink_socket_t*,struct nlmsghdr*, struct nlmsghdr**, size_t*))netlink_send; this->public.send_ack = (status_t(*)(netlink_socket_t*,struct nlmsghdr*))netlink_send_ack; @@ -256,23 +256,23 @@ netlink_socket_t *netlink_socket_create(int protocol) { /* private members */ this->seq = 200; this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; - + this->protocol = protocol; this->socket = socket(AF_NETLINK, SOCK_RAW, protocol); if (this->socket <= 0) { charon->kill(charon, "unable to create netlink socket"); } - + addr.nl_groups = 0; if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr))) { charon->kill(charon, "unable to bind netlink socket"); } - + return &this->public; } @@ -283,13 +283,13 @@ void netlink_add_attribute(struct nlmsghdr *hdr, int rta_type, chunk_t data, size_t buflen) { struct rtattr *rta; - + if (NLMSG_ALIGN(hdr->nlmsg_len) + RTA_ALIGN(data.len) > buflen) { DBG1(DBG_KNL, "unable to add attribute, buffer too small"); return; } - + rta = (struct rtattr*)(((char*)hdr) + NLMSG_ALIGN(hdr->nlmsg_len)); rta->rta_type = rta_type; rta->rta_len = RTA_LENGTH(data.len); diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h index 5a70e4d9b..dfd27a21a 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h @@ -37,20 +37,20 @@ struct netlink_socket_t { /** * Send a netlink message and wait for a reply. - * + * * @param in netlink message to send * @param out received netlink message * @param out_len length of the received message */ status_t (*send)(netlink_socket_t *this, struct nlmsghdr *in, struct nlmsghdr **out, size_t *out_len); - + /** * Send a netlink message and wait for its acknowledge. - * + * * @param in netlink message to send */ status_t (*send_ack)(netlink_socket_t *this, struct nlmsghdr *in); - + /** * Destroy the socket. */ @@ -59,14 +59,14 @@ struct netlink_socket_t { /** * Create a netlink_socket_t object. - * + * * @param protocol protocol type (e.g. NETLINK_XFRM or NETLINK_ROUTE) */ netlink_socket_t *netlink_socket_create(int protocol); /** * Creates an rtattr and adds it to the given netlink message. - * + * * @param hdr netlink message * @param rta_type type of the rtattr * @param data data to add to the rtattr diff --git a/src/charon/plugins/kernel_pfkey/Makefile.am b/src/charon/plugins/kernel_pfkey/Makefile.am index e03a0ca02..a72c6a999 100644 --- a/src/charon/plugins/kernel_pfkey/Makefile.am +++ b/src/charon/plugins/kernel_pfkey/Makefile.am @@ -1,5 +1,5 @@ -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic diff --git a/src/charon/plugins/kernel_pfkey/Makefile.in b/src/charon/plugins/kernel_pfkey/Makefile.in index e01510127..8a0961a7d 100644 --- a/src/charon/plugins/kernel_pfkey/Makefile.in +++ b/src/charon/plugins/kernel_pfkey/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/kernel_pfkey DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_kernel_pfkey_la_LIBADD = am_libstrongswan_kernel_pfkey_la_OBJECTS = kernel_pfkey_plugin.lo \ @@ -61,6 +85,7 @@ libstrongswan_kernel_pfkey_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -108,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -138,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -171,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -196,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -204,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -223,9 +251,10 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la libstrongswan_kernel_pfkey_la_SOURCES = kernel_pfkey_plugin.h kernel_pfkey_plugin.c \ @@ -245,9 +274,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfkey/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfkey/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfkey/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfkey/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -265,23 +294,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 1f83e8f39..9c50746ac 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -49,14 +49,15 @@ #endif /*HAVE_NATT*/ #include -#include +#include #include #include "kernel_pfkey_ipsec.h" #include #include -#include +#include +#include #include #include #include @@ -151,42 +152,42 @@ struct private_kernel_pfkey_ipsec_t * Public part of the kernel_pfkey_t object. */ kernel_pfkey_ipsec_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * List of installed policies (policy_entry_t) */ linked_list_t *policies; - + /** * whether to install routes along policies */ bool install_routes; - + /** * job receiving PF_KEY events */ callback_job_t *job; - + /** * mutex to lock access to the PF_KEY socket */ mutex_t *mutex_pfkey; - + /** * PF_KEY socket to communicate with the kernel */ int socket; - + /** * PF_KEY socket to receive acquire and expire events */ int socket_events; - + /** * sequence number for messages sent to the kernel */ @@ -201,10 +202,10 @@ typedef struct route_entry_t route_entry_t; struct route_entry_t { /** Name of the interface the route is bound to */ char *if_name; - + /** Source ip of the route */ host_t *src_ip; - + /** gateway for this route */ host_t *gateway; @@ -233,16 +234,16 @@ typedef struct policy_entry_t policy_entry_t; * installed kernel policy. */ struct policy_entry_t { - + /** reqid of this policy */ u_int32_t reqid; - + /** index assigned by the kernel */ u_int32_t index; - + /** direction of this policy: in, out, forward */ u_int8_t direction; - + /** parameters of installed policy */ struct { /** subnet and port */ @@ -252,10 +253,10 @@ struct policy_entry_t { /** protocol */ u_int8_t proto; } src, dst; - + /** associated route installed for this policy */ route_entry_t *route; - + /** by how many CHILD_SA's this policy is used */ u_int refcount; }; @@ -272,15 +273,15 @@ static policy_entry_t *create_policy_entry(traffic_selector_t *src_ts, policy->direction = dir; policy->route = NULL; policy->refcount = 0; - + src_ts->to_subnet(src_ts, &policy->src.net, &policy->src.mask); dst_ts->to_subnet(dst_ts, &policy->dst.net, &policy->dst.mask); - + /* src or dest proto may be "any" (0), use more restrictive one */ policy->src.proto = max(src_ts->get_protocol(src_ts), dst_ts->get_protocol(dst_ts)); policy->src.proto = policy->src.proto ? policy->src.proto : IPSEC_PROTO_ANY; policy->dst.proto = policy->src.proto; - + return policy; } @@ -328,7 +329,7 @@ struct pfkey_msg_t * PF_KEY message base */ struct sadb_msg *msg; - + /** * PF_KEY message extensions */ @@ -518,7 +519,7 @@ struct kernel_algorithm_t { * Identifier specified in IKEv2 */ int ikev2; - + /** * Identifier as defined in pfkeyv2.h */ @@ -652,19 +653,19 @@ static void add_encap_ext(struct sadb_msg *msg, host_t *src, host_t *dst) { struct sadb_x_nat_t_type* nat_type; struct sadb_x_nat_t_port* nat_port; - + nat_type = (struct sadb_x_nat_t_type*)PFKEY_EXT_ADD_NEXT(msg); nat_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; nat_type->sadb_x_nat_t_type_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_type)); nat_type->sadb_x_nat_t_type_type = UDP_ENCAP_ESPINUDP; PFKEY_EXT_ADD(msg, nat_type); - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); nat_port->sadb_x_nat_t_port_port = htons(src->get_port(src)); PFKEY_EXT_ADD(msg, nat_port); - + nat_port = (struct sadb_x_nat_t_port*)PFKEY_EXT_ADD_NEXT(msg); nat_port->sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; nat_port->sadb_x_nat_t_port_len = PFKEY_LEN(sizeof(struct sadb_x_nat_t_port)); @@ -682,8 +683,8 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address) host_t *host; /* The Linux 2.6 kernel does not set the protocol and port information - * in the src and dst sadb_address extensions of the SADB_ACQUIRE message. - */ + * in the src and dst sadb_address extensions of the SADB_ACQUIRE message. + */ host = host_create_from_sockaddr((sockaddr_t*)&address[1]) ; ts = traffic_selector_create_from_subnet(host, address->sadb_address_prefixlen, address->sadb_address_proto, host->get_port(host)); @@ -697,15 +698,15 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) { struct sadb_ext* ext; size_t len; - + memset(out, 0, sizeof(pfkey_msg_t)); out->msg = msg; - + len = msg->sadb_msg_len; len -= PFKEY_LEN(sizeof(struct sadb_msg)); - + ext = (struct sadb_ext*)(((char*)msg) + sizeof(struct sadb_msg)); - + while (len >= PFKEY_LEN(sizeof(struct sadb_ext))) { DBG3(DBG_KNL, " %N", sadb_ext_type_names, ext->sadb_ext_type); @@ -716,20 +717,20 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) sadb_ext_type_names, ext->sadb_ext_type); break; } - + if ((ext->sadb_ext_type > SADB_EXT_MAX) || (!ext->sadb_ext_type)) { DBG1(DBG_KNL, "type of PF_KEY extension (%d) is invalid", ext->sadb_ext_type); break; } - + if (out->ext[ext->sadb_ext_type]) { DBG1(DBG_KNL, "duplicate %N extension", sadb_ext_type_names, ext->sadb_ext_type); break; } - + out->ext[ext->sadb_ext_type] = ext; ext = PFKEY_EXT_NEXT_LEN(ext, len); } @@ -739,7 +740,7 @@ static status_t parse_pfkey_message(struct sadb_msg *msg, pfkey_msg_t *out) DBG1(DBG_KNL, "PF_KEY message length is invalid"); return FAILED; } - + return SUCCESS; } @@ -752,7 +753,7 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg; int in_len, len; - + this->mutex_pfkey->lock(this->mutex_pfkey); /* FIXME: our usage of sequence numbers is probably wrong. check RFC 2367, @@ -779,13 +780,13 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket } break; } - + while (TRUE) { msg = (struct sadb_msg*)buf; - + len = recv(socket, buf, sizeof(buf), 0); - + if (len < 0) { if (errno == EINTR) @@ -844,13 +845,13 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket } break; } - + *out_len = len; *out = (struct sadb_msg*)malloc(len); memcpy(*out, buf, len); - + this->mutex_pfkey->unlock(this->mutex_pfkey); - + return SUCCESS; } @@ -873,7 +874,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* traffic_selector_t *src_ts, *dst_ts; policy_entry_t *policy; job_t *job; - + switch (msg->sadb_msg_satype) { case SADB_SATYPE_UNSPEC: @@ -885,13 +886,13 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* return; } DBG2(DBG_KNL, "received an SADB_ACQUIRE"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_ACQUIRE from kernel failed"); return; } - + index = response.x_policy->sadb_x_policy_id; this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -907,7 +908,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* src_ts = sadb_address2ts(response.src); dst_ts = sadb_address2ts(response.dst); this->mutex->unlock(this->mutex); - + DBG1(DBG_KNL, "creating acquire job for policy %R === %R with reqid {%u}", src_ts, dst_ts, reqid); job = (job_t*)acquire_job_create(reqid, src_ts, dst_ts); @@ -924,27 +925,27 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* u_int32_t spi, reqid; bool hard; job_t *job; - + DBG2(DBG_KNL, "received an SADB_EXPIRE"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_EXPIRE from kernel failed"); return; } - + protocol = proto_satype2ike(msg->sadb_msg_satype); spi = response.sa->sadb_sa_spi; reqid = response.x_sa2->sadb_x_sa2_reqid; hard = response.lft_hard != NULL; - + if (protocol != PROTO_ESP && protocol != PROTO_AH) { DBG2(DBG_KNL, "ignoring SADB_EXPIRE for SA with SPI %.8x and reqid {%u} " "which is not a CHILD_SA", ntohl(spi), reqid); return; } - + DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%u}", hard ? "delete" : "rekey", protocol_id_names, protocol, ntohl(spi), reqid); @@ -984,7 +985,7 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* dir = kernel2dir(response.x_policy->sadb_x_policy_dir); DBG2(DBG_KNL, " policy %R === %R %N, id %u", src_ts, dst_ts, policy_dir_names, dir); - + /* SADB_X_EXT_KMADDRESS is not present in unpatched kernels < 2.6.28 */ if (response.x_kmaddress) { @@ -999,7 +1000,7 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* remote = host_create_from_sockaddr(remote_addr); DBG2(DBG_KNL, " kmaddress: %H...%H", local, remote); } - + if (src_ts && dst_ts && local && remote) { DBG1(DBG_KNL, "creating migrate job for policy %R === %R %N with reqid {%u}", @@ -1028,24 +1029,24 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* u_int32_t spi, reqid; host_t *host; job_t *job; - + DBG2(DBG_KNL, "received an SADB_X_NAT_T_NEW_MAPPING"); - + if (parse_pfkey_message(msg, &response) != SUCCESS) { DBG1(DBG_KNL, "parsing SADB_X_NAT_T_NEW_MAPPING from kernel failed"); return; } - + if (!response.x_sa2) { DBG1(DBG_KNL, "received SADB_X_NAT_T_NEW_MAPPING is missing required information"); return; } - + spi = response.sa->sadb_sa_spi; reqid = response.x_sa2->sadb_x_sa2_reqid; - + if (proto_satype2ike(msg->sadb_msg_satype) == PROTO_ESP) { sockaddr_t *sa = (sockaddr_t*)(response.dst + 1); @@ -1083,12 +1084,13 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) { unsigned char buf[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)buf; - int len, oldstate; - - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + int len; + bool oldstate; + + oldstate = thread_cancelability(TRUE); len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0); - pthread_setcancelstate(oldstate, NULL); - + thread_cancelability(oldstate); + if (len < 0) { switch (errno) @@ -1105,7 +1107,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) return JOB_REQUEUE_FAIR; } } - + if (len < sizeof(struct sadb_msg) || msg->sadb_msg_len < PFKEY_LEN(sizeof(struct sadb_msg))) { @@ -1121,7 +1123,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) DBG1(DBG_KNL, "buffer was too small to receive the complete PF_KEY message"); return JOB_REQUEUE_DIRECT; } - + switch (msg->sadb_msg_type) { case SADB_ACQUIRE: @@ -1143,7 +1145,7 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) default: break; } - + return JOB_REQUEUE_DIRECT; } @@ -1162,31 +1164,31 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this, pfkey_msg_t response; u_int32_t received_spi = 0; size_t len; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GETSPI; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg); sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange)); sa2->sadb_x_sa2_reqid = reqid; PFKEY_EXT_ADD(msg, sa2); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + range = (struct sadb_spirange*)PFKEY_EXT_ADD_NEXT(msg); range->sadb_spirange_exttype = SADB_EXT_SPIRANGE; range->sadb_spirange_len = PFKEY_LEN(sizeof(struct sadb_spirange)); range->sadb_spirange_min = 0xc0000000; range->sadb_spirange_max = 0xcFFFFFFF; PFKEY_EXT_ADD(msg, range); - + if (pfkey_send(this, msg, &out, &len) == SUCCESS) { if (out->sadb_msg_errno) @@ -1200,12 +1202,12 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this, } free(out); } - + if (received_spi == 0) { return FAILED; } - + *spi = received_spi; return SUCCESS; } @@ -1226,11 +1228,12 @@ static status_t get_cpi(private_kernel_pfkey_ipsec_t *this, static status_t add_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - u_int64_t expire_soft, u_int64_t expire_hard, + lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound) + bool encap, bool inbound, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1239,11 +1242,11 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, struct sadb_lifetime *lft; struct sadb_key *key; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}", ntohl(spi), reqid); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = inbound ? SADB_UPDATE : SADB_ADD; @@ -1273,29 +1276,35 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, sa->sadb_sa_auth = lookup_algorithm(integrity_algs, int_alg); sa->sadb_sa_encrypt = lookup_algorithm(encryption_algs, enc_alg); PFKEY_EXT_ADD(msg, sa); - + sa2 = (struct sadb_x_sa2*)PFKEY_EXT_ADD_NEXT(msg); sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange)); sa2->sadb_x_sa2_mode = mode2kernel(mode); sa2->sadb_x_sa2_reqid = reqid; PFKEY_EXT_ADD(msg, sa2); - + add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); - lft->sadb_lifetime_addtime = expire_soft; + lft->sadb_lifetime_allocations = lifetime->packets.rekey; + lft->sadb_lifetime_bytes = lifetime->bytes.rekey; + lft->sadb_lifetime_addtime = lifetime->time.rekey; + lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); - + lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); - lft->sadb_lifetime_addtime = expire_hard; + lft->sadb_lifetime_allocations = lifetime->packets.life; + lft->sadb_lifetime_bytes = lifetime->bytes.life; + lft->sadb_lifetime_addtime = lifetime->time.life; + lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); - + if (enc_alg != ENCR_UNDEFINED) { if (!sa->sadb_sa_encrypt) @@ -1306,16 +1315,16 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, enc_alg, enc_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; key->sadb_key_bits = enc_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + enc_key.len); memcpy(key + 1, enc_key.ptr, enc_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (int_alg != AUTH_UNDEFINED) { if (!sa->sadb_sa_auth) @@ -1326,16 +1335,16 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, int_alg, int_key.len * 8); - + key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_AUTH; key->sadb_key_bits = int_key.len * 8; key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + int_key.len); memcpy(key + 1, int_key.ptr, int_key.len); - + PFKEY_EXT_ADD(msg, key); } - + if (ipcomp != IPCOMP_NONE) { /*TODO*/ @@ -1347,7 +1356,7 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, add_encap_ext(msg, src, dst); } #endif /*HAVE_NATT*/ - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); @@ -1360,7 +1369,7 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - + free(out); return SUCCESS; } @@ -1379,7 +1388,7 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, struct sadb_sa *sa; pfkey_msg_t response; size_t len; - + /* we can't update the SA if any of the ip addresses have changed. * that's because we can't use SADB_UPDATE and by deleting and readding the * SA the sequence numbers would get lost */ @@ -1390,28 +1399,28 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, " are not supported", ntohl(spi)); return NOT_SUPPORTED; } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GET; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though * it is not used for anything. */ add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", @@ -1432,18 +1441,18 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", ntohl(spi), src, dst, new_src, new_dst); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_UPDATE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + #ifdef __APPLE__ { struct sadb_sa_2 *sa_2; @@ -1460,32 +1469,32 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, PFKEY_EXT_COPY(msg, response.sa); #endif PFKEY_EXT_COPY(msg, response.x_sa2); - + PFKEY_EXT_COPY(msg, response.src); PFKEY_EXT_COPY(msg, response.dst); - + PFKEY_EXT_COPY(msg, response.lft_soft); PFKEY_EXT_COPY(msg, response.lft_hard); - + if (response.key_encr) { PFKEY_EXT_COPY(msg, response.key_encr); } - + if (response.key_auth) { PFKEY_EXT_COPY(msg, response.key_auth); } - + #ifdef HAVE_NATT if (new_encap) { add_encap_ext(msg, new_src, new_dst); } #endif /*HAVE_NATT*/ - + free(out); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); @@ -1499,7 +1508,7 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, return FAILED; } free(out); - + return SUCCESS; } @@ -1515,29 +1524,29 @@ static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, struct sadb_sa *sa; pfkey_msg_t response; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GET; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the Linux Kernel doesn't care for the src address, but other systems do * (e.g. FreeBSD) */ add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); @@ -1573,29 +1582,29 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, struct sadb_msg *msg, *out; struct sadb_sa *sa; size_t len; - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_DELETE; msg->sadb_msg_satype = proto_ike2satype(protocol); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); sa->sadb_sa_spi = spi; PFKEY_EXT_ADD(msg, sa); - + /* the Linux Kernel doesn't care for the src address, but other systems do * (e.g. FreeBSD) */ add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0); add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); @@ -1608,7 +1617,7 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, free(out); return FAILED; } - + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi)); free(out); return SUCCESS; @@ -1633,16 +1642,16 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, policy_entry_t *policy, *found = NULL; pfkey_msg_t response; size_t len; - + if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return SUCCESS; } - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction, reqid); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1662,18 +1671,18 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, this->policies->insert_last(this->policies, policy); policy->refcount = 1; } - + memset(&request, 0, sizeof(request)); - + DBG2(DBG_KNL, "adding policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = found ? SADB_X_SPDUPDATE : SADB_X_SPDADD; msg->sadb_msg_satype = 0; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); @@ -1687,7 +1696,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_priority -= policy->src.proto != IPSEC_PROTO_ANY ? 2 : 0; pol->sadb_x_policy_priority -= policy->src.net->get_port(policy->src.net) ? 1 : 0; #endif - + /* one or more sadb_x_ipsecrequest extensions are added to the sadb_x_policy extension */ req = (struct sadb_x_ipsecrequest*)(pol + 1); req->sadb_x_ipsecrequest_proto = proto_ike2ip(protocol); @@ -1707,15 +1716,15 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, memcpy((u_int8_t*)(req + 1) + sl, sa, sl); req->sadb_x_ipsecrequest_len += sl * 2; } - + pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); PFKEY_EXT_ADD(msg, pol); - + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, policy->src.mask); add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, policy->dst.mask); - + #ifdef __FreeBSD__ { /* on FreeBSD a lifetime has to be defined to be able to later query * the current use time. */ @@ -1727,9 +1736,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, PFKEY_EXT_ADD(msg, lft); } #endif - + this->mutex->unlock(this->mutex); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to add policy %R === %R %N", src_ts, dst_ts, @@ -1751,9 +1760,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - + this->mutex->lock(this->mutex); - + /* we try to find the policy again and update the kernel index */ if (this->policies->find_last(this->policies, NULL, (void**)&policy) != SUCCESS) { @@ -1765,7 +1774,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, } policy->index = response.x_policy->sadb_x_policy_id; free(out); - + /* install a route, if: * - we are NOT updating a policy * - this is a forward policy (to just get one for each child) @@ -1778,7 +1787,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, this->install_routes) { route_entry_t *route = malloc_thing(route_entry_t); - + if (charon->kernel_interface->get_address_by_ts(charon->kernel_interface, dst_ts, &route->src_ip) == SUCCESS) { @@ -1789,7 +1798,7 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, charon->kernel_interface, dst); route->dst_net = chunk_clone(policy->src.net->get_address(policy->src.net)); route->prefixlen = policy->src.mask; - + switch (charon->kernel_interface->add_route(charon->kernel_interface, route->dst_net, route->prefixlen, route->gateway, route->src_ip, route->if_name)) @@ -1813,9 +1822,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, free(route); } } - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -1833,19 +1842,19 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, policy_entry_t *policy, *found = NULL; pfkey_msg_t response; size_t len; - + if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return NOT_FOUND; } - + DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction, 0); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1859,15 +1868,15 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, } policy_entry_destroy(policy); policy = found; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_SPDGET; msg->sadb_msg_satype = 0; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_id = policy->index; @@ -1875,14 +1884,14 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_dir = dir2kernel(direction); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; PFKEY_EXT_ADD(msg, pol); - + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, policy->src.mask); add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, policy->dst.mask); - + this->mutex->unlock(this->mutex); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts, @@ -1911,11 +1920,18 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - - *use_time = response.lft_current->sadb_lifetime_usetime; - + /* we need the monotonic time, but the kernel returns system time. */ + if (response.lft_current->sadb_lifetime_usetime) + { + *use_time = time_monotonic(NULL) - + (time(NULL) - response.lft_current->sadb_lifetime_usetime); + } + else + { + *use_time = 0; + } free(out); - + return SUCCESS; } @@ -1933,19 +1949,19 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, policy_entry_t *policy, *found = NULL; route_entry_t *route; size_t len; - + if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return SUCCESS; } - + DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, policy_dir_names, direction); - + /* create a policy */ policy = create_policy_entry(src_ts, dst_ts, direction, 0); - + /* find a matching policy */ this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -1973,31 +1989,31 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, return NOT_FOUND; } this->mutex->unlock(this->mutex); - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_X_SPDDELETE; msg->sadb_msg_satype = 0; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); pol->sadb_x_policy_dir = dir2kernel(direction); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; PFKEY_EXT_ADD(msg, pol); - + add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, policy->src.mask); add_addr_ext(msg, policy->dst.net, SADB_EXT_ADDRESS_DST, policy->dst.proto, policy->dst.mask); - + route = policy->route; policy->route = NULL; policy_entry_destroy(policy); - + if (pfkey_send(this, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, @@ -2013,7 +2029,7 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, return FAILED; } free(out); - + if (route) { if (charon->kernel_interface->del_route(charon->kernel_interface, @@ -2026,7 +2042,7 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, } route_entry_destroy(route); } - + return SUCCESS; } @@ -2038,15 +2054,15 @@ static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8 unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; size_t len; - + memset(&request, 0, sizeof(request)); - + msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_REGISTER; msg->sadb_msg_satype = satype; msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); - + if (pfkey_send_socket(this, this->socket_events, msg, &out, &len) != SUCCESS) { DBG1(DBG_KNL, "unable to register PF_KEY socket"); @@ -2085,13 +2101,13 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) int fd, family, port; enumerator_t *sockets; bool status = TRUE; - + sockets = charon->socket->create_enumerator(charon->socket); while (sockets->enumerate(sockets, &fd, &family, &port)) { struct sadb_x_policy policy; u_int sol, ipsec_policy; - + switch (family) { case AF_INET: @@ -2109,12 +2125,12 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) default: continue; } - + memset(&policy, 0, sizeof(policy)); policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t); policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY; policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS; - + policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { @@ -2142,18 +2158,18 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() { private_kernel_pfkey_ipsec_t *this = malloc_thing(private_kernel_pfkey_ipsec_t); - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; - this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa; + this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa; this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa; this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa; this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa; this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - + this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; /* private members */ @@ -2163,37 +2179,37 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE); this->seq = 0; - + /* create a PF_KEY socket to communicate with the kernel */ this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket <= 0) { charon->kill(charon, "unable to create PF_KEY socket"); } - + /* create a PF_KEY socket for ACQUIRE & EXPIRE */ this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket_events <= 0) { charon->kill(charon, "unable to create PF_KEY event socket"); } - + /* add bypass policies on the sockets used by charon */ if (!add_bypass_policies(this)) { charon->kill(charon, "unable to add bypass policies on sockets"); } - + /* register the event socket */ if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS || register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS) { charon->kill(charon, "unable to register PF_KEY event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c index 09dc4780d..3380c328c 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c @@ -47,10 +47,10 @@ static void destroy(private_kernel_pfkey_plugin_t *this) plugin_t *plugin_create() { private_kernel_pfkey_plugin_t *this = malloc_thing(private_kernel_pfkey_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)kernel_pfkey_ipsec_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/kernel_pfroute/Makefile.am b/src/charon/plugins/kernel_pfroute/Makefile.am index b6e6587a7..0065d9b0a 100644 --- a/src/charon/plugins/kernel_pfroute/Makefile.am +++ b/src/charon/plugins/kernel_pfroute/Makefile.am @@ -1,5 +1,5 @@ -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic diff --git a/src/charon/plugins/kernel_pfroute/Makefile.in b/src/charon/plugins/kernel_pfroute/Makefile.in index 05da8e271..da8c7585f 100644 --- a/src/charon/plugins/kernel_pfroute/Makefile.in +++ b/src/charon/plugins/kernel_pfroute/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/kernel_pfroute DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_kernel_pfroute_la_LIBADD = am_libstrongswan_kernel_pfroute_la_OBJECTS = kernel_pfroute_plugin.lo \ @@ -61,6 +85,7 @@ libstrongswan_kernel_pfroute_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -108,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -138,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -171,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -196,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -204,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -223,9 +251,10 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la libstrongswan_kernel_pfroute_la_SOURCES = kernel_pfroute_plugin.h kernel_pfroute_plugin.c \ @@ -245,9 +274,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfroute/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfroute/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfroute/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfroute/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -265,23 +294,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c index d5a864b1c..9f1baf5b5 100644 --- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -19,14 +19,14 @@ #include #include #include -#include #include #include "kernel_pfroute_net.h" #include #include -#include +#include +#include #include #include #include @@ -47,13 +47,13 @@ typedef struct addr_entry_t addr_entry_t; * IP address in an inface_entry_t */ struct addr_entry_t { - + /** The ip address */ host_t *ip; - + /** virtual IP managed by us */ bool virtual; - + /** Number of times this IP is used, if virtual */ u_int refcount; }; @@ -73,16 +73,16 @@ typedef struct iface_entry_t iface_entry_t; * A network interface on this system, containing addr_entry_t's */ struct iface_entry_t { - + /** interface index */ int ifindex; - + /** name of the interface */ char ifname[IFNAMSIZ]; - + /** interface flags, as in netdevice(7) SIOCGIFFLAGS */ u_int flags; - + /** list of addresses as host_t */ linked_list_t *addrs; }; @@ -108,46 +108,46 @@ struct private_kernel_pfroute_net_t * Public part of the kernel_pfroute_t object. */ kernel_pfroute_net_t public; - + /** * mutex to lock access to various lists */ mutex_t *mutex; - + /** * Cached list of interfaces and their addresses (iface_entry_t) */ linked_list_t *ifaces; - + /** * job receiving PF_ROUTE events */ callback_job_t *job; - + /** * mutex to lock access to the PF_ROUTE socket */ mutex_t *mutex_pfroute; - + /** * PF_ROUTE socket to communicate with the kernel */ int socket; - + /** * PF_ROUTE socket to receive events */ int socket_events; - + /** * sequence number for messages sent to the kernel */ int seq; - + /** * time of last roam job */ - struct timeval last_roam; + timeval_t last_roam; }; /** @@ -156,22 +156,20 @@ struct private_kernel_pfroute_net_t */ static void fire_roam_job(private_kernel_pfroute_net_t *this, bool address) { - struct timeval now; - - if (gettimeofday(&now, NULL) == 0) + timeval_t now; + + time_monotonic(&now); + if (timercmp(&now, &this->last_roam, >)) { - if (timercmp(&now, &this->last_roam, >)) + now.tv_usec += ROAM_DELAY * 1000; + while (now.tv_usec > 1000000) { - now.tv_usec += ROAM_DELAY * 1000; - while (now.tv_usec > 1000000) - { - now.tv_sec++; - now.tv_usec -= 1000000; - } - this->last_roam = now; - charon->scheduler->schedule_job_ms(charon->scheduler, - (job_t*)roam_job_create(address), ROAM_DELAY); + now.tv_sec++; + now.tv_usec -= 1000000; } + this->last_roam = now; + charon->scheduler->schedule_job_ms(charon->scheduler, + (job_t*)roam_job_create(address), ROAM_DELAY); } } @@ -189,7 +187,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, addr_entry_t *addr; bool found = FALSE, changed = FALSE, roam = FALSE; int i; - + for (i = 1; i < (1 << RTAX_MAX); i <<= 1) { if (ifa->ifam_addrs & i) @@ -202,12 +200,12 @@ static void process_addr(private_kernel_pfroute_net_t *this, sockaddr = (sockaddr_t*)((char*)sockaddr + sockaddr->sa_len); } } - + if (!host) { return; } - + this->mutex->lock(this->mutex); ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) @@ -238,7 +236,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, } } addrs->destroy(addrs); - + if (!found && ifa->ifam_type == RTM_NEWADDR) { changed = TRUE; @@ -249,7 +247,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, iface->addrs->insert_last(iface->addrs, addr); DBG1(DBG_KNL, "%H appeared on %s", host, iface->ifname); } - + if (changed && (iface->flags & IFF_UP)) { roam = TRUE; @@ -260,7 +258,7 @@ static void process_addr(private_kernel_pfroute_net_t *this, ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); host->destroy(host); - + if (roam) { fire_roam_job(this, TRUE); @@ -277,12 +275,12 @@ static void process_link(private_kernel_pfroute_net_t *this, enumerator_t *enumerator; iface_entry_t *iface; bool roam = FALSE; - + if (msg->ifm_flags & IFF_LOOPBACK) { /* ignore loopback interfaces */ return; } - + this->mutex->lock(this->mutex); enumerator = this->ifaces->create_enumerator(this->ifaces); while (enumerator->enumerate(enumerator, &iface)) @@ -305,7 +303,7 @@ static void process_link(private_kernel_pfroute_net_t *this, } enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); - + if (roam) { fire_roam_job(this, TRUE); @@ -328,12 +326,13 @@ static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) { unsigned char buf[PFROUTE_BUFFER_SIZE]; struct rt_msghdr *msg = (struct rt_msghdr*)buf; - int len, oldstate; - - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + int len; + bool oldstate; + + oldstate = thread_cancelability(TRUE); len = recvfrom(this->socket_events, buf, sizeof(buf), 0, NULL, 0); - pthread_setcancelstate(oldstate, NULL); - + thread_cancelability(oldstate); + if (len < 0) { switch (errno) @@ -350,14 +349,14 @@ static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) return JOB_REQUEUE_FAIR; } } - + if (len < sizeof(msg->rtm_msglen) || len < msg->rtm_msglen || msg->rtm_version != RTM_VERSION) { DBG2(DBG_KNL, "received corrupted PF_ROUTE message"); return JOB_REQUEUE_DIRECT; } - + switch (msg->rtm_type) { case RTM_NEWADDR: @@ -374,7 +373,7 @@ static job_requeue_t receive_events(private_kernel_pfroute_net_t *this) default: break; } - + return JOB_REQUEUE_DIRECT; } @@ -493,7 +492,7 @@ static char *get_interface_name(private_kernel_pfroute_net_t *this, host_t* ip) } ifaces->destroy(ifaces); this->mutex->unlock(this->mutex); - + if (name) { DBG2(DBG_KNL, "%H is on interface %s", ip, name); @@ -566,15 +565,15 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) iface_entry_t *iface, *current; addr_entry_t *addr; enumerator_t *ifaces, *addrs; - + DBG1(DBG_KNL, "listening on interfaces:"); - + if (getifaddrs(&ifap) < 0) { DBG1(DBG_KNL, " failed to get interfaces!"); return FAILED; } - + for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) { if (ifa->ifa_addr == NULL) @@ -591,7 +590,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) { /* ignore loopback interfaces */ continue; } - + iface = NULL; ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, ¤t)) @@ -603,7 +602,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) } } ifaces->destroy(ifaces); - + if (!iface) { iface = malloc_thing(iface_entry_t); @@ -613,7 +612,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) iface->addrs = linked_list_create(); this->ifaces->insert_last(this->ifaces, iface); } - + if (ifa->ifa_addr->sa_family != AF_LINK) { addr = malloc_thing(addr_entry_t); @@ -626,7 +625,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) } } freeifaddrs(ifap); - + ifaces = this->ifaces->create_enumerator(this->ifaces); while (ifaces->enumerate(ifaces, &iface)) { @@ -642,7 +641,7 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) } } ifaces->destroy(ifaces); - + return SUCCESS; } @@ -666,7 +665,7 @@ static void destroy(private_kernel_pfroute_net_t *this) kernel_pfroute_net_t *kernel_pfroute_net_create() { private_kernel_pfroute_net_t *this = malloc_thing(private_kernel_pfroute_net_t); - + /* public functions */ this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name; this->public.interface.create_address_enumerator = (enumerator_t*(*)(kernel_net_t*,bool,bool))create_address_enumerator; @@ -676,38 +675,38 @@ kernel_pfroute_net_t *kernel_pfroute_net_create() this->public.interface.del_ip = (status_t(*)(kernel_net_t*,host_t*)) del_ip; this->public.interface.add_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route; this->public.interface.del_route = (status_t(*)(kernel_net_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route; - + this->public.interface.destroy = (void(*)(kernel_net_t*)) destroy; - + /* private members */ this->ifaces = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT); - + this->seq = 0; - + /* create a PF_ROUTE socket to communicate with the kernel */ this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); if (this->socket <= 0) { charon->kill(charon, "unable to create PF_ROUTE socket"); } - + /* create a PF_ROUTE socket to receive events */ this->socket_events = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); if (this->socket_events <= 0) { charon->kill(charon, "unable to create PF_ROUTE event socket"); } - + this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + if (init_address_list(this) != SUCCESS) { charon->kill(charon, "unable to get interface list"); } - + return &this->public; } diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c index 767049bb0..e73cbeafb 100644 --- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c +++ b/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c @@ -48,11 +48,11 @@ static void destroy(private_kernel_pfroute_plugin_t *this) plugin_t *plugin_create() { private_kernel_pfroute_plugin_t *this = malloc_thing(private_kernel_pfroute_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->kernel_interface->add_net_interface(charon->kernel_interface, (kernel_net_constructor_t)kernel_pfroute_net_create); - + return &this->public.plugin; } diff --git a/src/charon/plugins/load_tester/Makefile.in b/src/charon/plugins/load_tester/Makefile.in index 3b494cea2..70c7d3c99 100644 --- a/src/charon/plugins/load_tester/Makefile.in +++ b/src/charon/plugins/load_tester/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/load_tester DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_load_tester_la_LIBADD = am_libstrongswan_load_tester_la_OBJECTS = load_tester_plugin.lo \ @@ -63,6 +87,7 @@ libstrongswan_load_tester_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -110,25 +135,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -140,11 +162,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -173,9 +198,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -198,7 +223,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -206,6 +231,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -214,10 +240,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -225,6 +253,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon @@ -252,9 +281,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/load_tester/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/load_tester/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/load_tester/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/load_tester/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -272,23 +301,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -317,21 +351,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -354,7 +388,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -362,29 +396,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -405,13 +444,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -442,6 +485,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -463,6 +507,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -471,18 +517,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -521,6 +577,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/charon/plugins/load_tester/load_tester_config.c index 963f7cc01..82f408d45 100644 --- a/src/charon/plugins/load_tester/load_tester_config.c +++ b/src/charon/plugins/load_tester/load_tester_config.c @@ -28,52 +28,52 @@ struct private_load_tester_config_t { * Public part */ load_tester_config_t public; - + /** * peer config */ peer_cfg_t *peer_cfg; - + /** * virtual IP, if any */ host_t *vip; - + /** * Remote address */ char *remote; - + /** * IP address pool */ char *pool; - + /** - * IKE proposal - */ + * IKE proposal + */ proposal_t *proposal; - + /** * Authentication method(s) to use/expect from initiator */ char *initiator_auth; - + /** * Authentication method(s) use/expected from responder */ char *responder_auth; - + /** * IKE_SA rekeying delay */ u_int ike_rekey; - + /** * CHILD_SA rekeying delay */ u_int child_rekey; - + /** * incremental numbering of generated configs */ @@ -93,13 +93,13 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str, eap_type_t type; char buf[128]; int rnd = 0; - + enumerator = enumerator_create_token(str, "|", " "); while (enumerator->enumerate(enumerator, &str)) { auth = auth_cfg_create(); rnd++; - + if (streq(str, "psk")) { /* PSK authentication, use FQDNs */ class = AUTH_CLASS_PSK; @@ -181,7 +181,14 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) peer_cfg_t *peer_cfg; traffic_selector_t *ts; proposal_t *proposal; - + lifetime_cfg_t lifetime = { + .time = { + .life = this->child_rekey * 2, + .rekey = this->child_rekey, + .jitter = 0 + } + }; + ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote); ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); peer_cfg = peer_cfg_create("load-test", 2, ike_cfg, @@ -201,9 +208,9 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) generate_auth_cfg(this, this->responder_auth, peer_cfg, TRUE, num); generate_auth_cfg(this, this->initiator_auth, peer_cfg, FALSE, num); } - child_cfg = child_cfg_create("load-test", this->child_rekey * 2, - this->child_rekey, 0, NULL, TRUE, - MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); + + child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, + MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE, 0); proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); child_cfg->add_proposal(child_cfg, proposal); ts = traffic_selector_create_dynamic(0, 0, 65535); @@ -218,7 +225,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) * Implementation of backend_t.create_peer_cfg_enumerator. */ static enumerator_t* create_peer_cfg_enumerator(private_load_tester_config_t *this, - identification_t *me, + identification_t *me, identification_t *other) { return enumerator_create_single(this->peer_cfg, NULL); @@ -266,44 +273,44 @@ static void destroy(private_load_tester_config_t *this) load_tester_config_t *load_tester_config_create() { private_load_tester_config_t *this = malloc_thing(private_load_tester_config_t); - + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(load_tester_config_t*))destroy; - + this->vip = NULL; if (lib->settings->get_bool(lib->settings, - "charon.plugins.load_tester.request_virtual_ip", FALSE)) + "charon.plugins.load-tester.request_virtual_ip", FALSE)) { this->vip = host_create_from_string("0.0.0.0", 0); } this->pool = lib->settings->get_str(lib->settings, - "charon.plugins.load_tester.pool", NULL); - this->remote = lib->settings->get_str(lib->settings, - "charon.plugins.load_tester.remote", "127.0.0.1"); - + "charon.plugins.load-tester.pool", NULL); + this->remote = lib->settings->get_str(lib->settings, + "charon.plugins.load-tester.remote", "127.0.0.1"); + this->proposal = proposal_create_from_string(PROTO_IKE, lib->settings->get_str(lib->settings, - "charon.plugins.load_tester.proposal", "aes128-sha1-modp768")); + "charon.plugins.load-tester.proposal", "aes128-sha1-modp768")); if (!this->proposal) { /* fallback */ this->proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha1-modp768"); } this->ike_rekey = lib->settings->get_int(lib->settings, - "charon.plugins.load_tester.ike_rekey", 0); + "charon.plugins.load-tester.ike_rekey", 0); this->child_rekey = lib->settings->get_int(lib->settings, - "charon.plugins.load_tester.child_rekey", 600); - + "charon.plugins.load-tester.child_rekey", 600); + this->initiator_auth = lib->settings->get_str(lib->settings, - "charon.plugins.load_tester.initiator_auth", "pubkey"); + "charon.plugins.load-tester.initiator_auth", "pubkey"); this->responder_auth = lib->settings->get_str(lib->settings, - "charon.plugins.load_tester.responder_auth", "pubkey"); - + "charon.plugins.load-tester.responder_auth", "pubkey"); + this->num = 1; this->peer_cfg = generate_config(this, 0); - + return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_config.h b/src/charon/plugins/load_tester/load_tester_config.h index f09a3f832..c22387743 100644 --- a/src/charon/plugins/load_tester/load_tester_config.h +++ b/src/charon/plugins/load_tester/load_tester_config.h @@ -34,11 +34,11 @@ struct load_tester_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(load_tester_config_t *this); + void (*destroy)(load_tester_config_t *this); }; /** diff --git a/src/charon/plugins/load_tester/load_tester_creds.c b/src/charon/plugins/load_tester/load_tester_creds.c index fdb5fa370..890703c1a 100644 --- a/src/charon/plugins/load_tester/load_tester_creds.c +++ b/src/charon/plugins/load_tester/load_tester_creds.c @@ -32,31 +32,26 @@ struct private_load_tester_creds_t { * Public part */ load_tester_creds_t public; - + /** * Private key to create signatures */ private_key_t *private; - + /** * CA certificate, to issue/verify peer certificates */ certificate_t *ca; - + /** * serial number to issue certificates */ u_int32_t serial; - + /** * Preshared key */ shared_key_t *shared; - - /** - * Identification for shared key - */ - identification_t *id; }; /** @@ -195,10 +190,7 @@ static enumerator_t* create_private_enumerator(private_load_tester_creds_t *this } if (id) { - identification_t *keyid; - - keyid = this->private->get_id(this->private, id->get_type(id)); - if (!keyid || !keyid->equals(keyid, id)) + if (!this->private->has_fingerprint(this->private, id->get_encoding(id))) { return NULL; } @@ -217,8 +209,7 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, public_key_t *peer_key, *ca_key; u_int32_t serial; time_t now; - identification_t *keyid = NULL; - + if (this->ca == NULL) { return NULL; @@ -231,18 +222,24 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, { return NULL; } + if (!id) + { + return enumerator_create_single(this->ca, NULL); + } ca_key = this->ca->get_public_key(this->ca); - if (ca_key && id) + if (ca_key) { - keyid = ca_key->get_id(ca_key, id->get_type(id)); + if (ca_key->has_fingerprint(ca_key, id->get_encoding(id))) + { + ca_key->destroy(ca_key); + return enumerator_create_single(this->ca, NULL); + } + ca_key->destroy(ca_key); } - if (!id || this->ca->has_subject(this->ca, id) || - (keyid && id->equals(id, keyid))) - { /* ca certificate */ - DESTROY_IF(ca_key); + if (this->ca->has_subject(this->ca, id)) + { return enumerator_create_single(this->ca, NULL); } - DESTROY_IF(ca_key); if (!trusted) { /* peer certificate, generate on demand */ @@ -270,22 +267,10 @@ static enumerator_t* create_cert_enumerator(private_load_tester_creds_t *this, /** * Implements credential_set_t.create_shared_enumerator */ -static enumerator_t* create_shared_enumerator(private_load_tester_creds_t *this, +static enumerator_t* create_shared_enumerator(private_load_tester_creds_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { - if (type != SHARED_ANY && type != SHARED_IKE) - { - return NULL; - } - if (me && !me->matches(me, this->id)) - { - return NULL; - } - if (other && !other->matches(other, this->id)) - { - return NULL; - } return enumerator_create_single(this->shared, NULL); } @@ -297,7 +282,6 @@ static void destroy(private_load_tester_creds_t *this) DESTROY_IF(this->private); DESTROY_IF(this->ca); this->shared->destroy(this->shared); - this->id->destroy(this->id); free(this); } @@ -311,19 +295,18 @@ load_tester_creds_t *load_tester_creds_create() this->public.credential_set.create_cdp_enumerator = (enumerator_t*(*) (credential_set_t *,certificate_type_t, identification_t *))return_null; this->public.credential_set.cache_cert = (void (*)(credential_set_t *, certificate_t *))nop; this->public.destroy = (void(*) (load_tester_creds_t*))destroy; - + this->private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER, chunk_create(private, sizeof(private)), BUILD_END); - + this->ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, chunk_create(cert, sizeof(cert)), BUILD_X509_FLAG, X509_CA, BUILD_END); - - this->shared = shared_key_create(SHARED_IKE, + + this->shared = shared_key_create(SHARED_IKE, chunk_clone(chunk_create(psk, sizeof(psk)))); - this->id = identification_create_from_string("CN=*, OU=load-test, O=strongSwan"); this->serial = 0; return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_creds.h b/src/charon/plugins/load_tester/load_tester_creds.h index 60cf67795..fb3541164 100644 --- a/src/charon/plugins/load_tester/load_tester_creds.h +++ b/src/charon/plugins/load_tester/load_tester_creds.h @@ -34,11 +34,11 @@ struct load_tester_creds_t { * Implements credential set interface. */ credential_set_t credential_set; - + /** * Destroy the backend. */ - void (*destroy)(load_tester_creds_t *this); + void (*destroy)(load_tester_creds_t *this); }; /** diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c b/src/charon/plugins/load_tester/load_tester_diffie_hellman.c index 87d9ef42b..d5ec3599b 100644 --- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c +++ b/src/charon/plugins/load_tester/load_tester_diffie_hellman.c @@ -49,19 +49,19 @@ load_tester_diffie_hellman_t *load_tester_diffie_hellman_create( diffie_hellman_group_t group) { load_tester_diffie_hellman_t *this; - + if (group != MODP_NULL) { return NULL; } - + this = malloc_thing(load_tester_diffie_hellman_t); - + this->dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *))get_shared_secret; this->dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t ))nop; this->dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *))get_my_public_value; this->dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *))get_dh_group; this->dh.destroy = (void (*)(diffie_hellman_t *))free; - + return this; } diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h index 045c4bb4a..672157fb8 100644 --- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h +++ b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h @@ -29,7 +29,7 @@ typedef struct load_tester_diffie_hellman_t load_tester_diffie_hellman_t; * A NULL Diffie Hellman implementation to avoid calculation overhead in tests. */ struct load_tester_diffie_hellman_t { - + /** * Implements diffie_hellman_t interface. */ @@ -38,11 +38,11 @@ struct load_tester_diffie_hellman_t { /** * Creates a new gmp_diffie_hellman_t object. - * + * * @param group Diffie Hellman group, supports MODP_NULL only * @return gmp_diffie_hellman_t object */ load_tester_diffie_hellman_t *load_tester_diffie_hellman_create( diffie_hellman_group_t group); -#endif /** LOAD_TESTER_DIFFIE_HELLMAN_ @}*/ +#endif /** LOAD_TESTER_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.c b/src/charon/plugins/load_tester/load_tester_ipsec.c index e463d2adc..1218443cc 100644 --- a/src/charon/plugins/load_tester/load_tester_ipsec.c +++ b/src/charon/plugins/load_tester/load_tester_ipsec.c @@ -27,7 +27,7 @@ struct private_load_tester_ipsec_t { * Public interface. */ load_tester_ipsec_t public; - + /** * faked SPI counter */ @@ -37,8 +37,8 @@ struct private_load_tester_ipsec_t { /** * Implementation of kernel_interface_t.get_spi. */ -static status_t get_spi(private_load_tester_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_spi(private_load_tester_ipsec_t *this, + host_t *src, host_t *dst, protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { @@ -49,8 +49,8 @@ static status_t get_spi(private_load_tester_ipsec_t *this, /** * Implementation of kernel_interface_t.get_cpi. */ -static status_t get_cpi(private_load_tester_ipsec_t *this, - host_t *src, host_t *dst, +static status_t get_cpi(private_load_tester_ipsec_t *this, + host_t *src, host_t *dst, u_int32_t reqid, u_int16_t *cpi) { return FAILED; @@ -62,11 +62,12 @@ static status_t get_cpi(private_load_tester_ipsec_t *this, static status_t add_sa(private_load_tester_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - u_int64_t expire_soft, u_int64_t expire_hard, + lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound) + bool encap, bool inbound, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts) { return SUCCESS; } @@ -122,11 +123,11 @@ static status_t add_policy(private_load_tester_ipsec_t *this, * Implementation of kernel_interface_t.query_policy. */ static status_t query_policy(private_load_tester_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { - *use_time = time(NULL); + *use_time = time_monotonic(NULL); return SUCCESS; } @@ -134,7 +135,7 @@ static status_t query_policy(private_load_tester_ipsec_t *this, * Implementation of kernel_interface_t.del_policy. */ static status_t del_policy(private_load_tester_ipsec_t *this, - traffic_selector_t *src_ts, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { @@ -155,11 +156,11 @@ static void destroy(private_load_tester_ipsec_t *this) load_tester_ipsec_t *load_tester_ipsec_create() { private_load_tester_ipsec_t *this = malloc_thing(private_load_tester_ipsec_t); - + /* public functions */ this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; - this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa; + this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa; this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa; this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa; this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa; @@ -167,9 +168,9 @@ load_tester_ipsec_t *load_tester_ipsec_create() this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; - + this->spi = 0; - + return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_listener.c b/src/charon/plugins/load_tester/load_tester_listener.c index fe9a90aed..96b0cf1ec 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.c +++ b/src/charon/plugins/load_tester/load_tester_listener.c @@ -30,7 +30,7 @@ struct private_load_tester_listener_t { * Public part */ load_tester_listener_t public; - + /** * Delete IKE_SA after it has been established */ @@ -40,7 +40,7 @@ struct private_load_tester_listener_t { * Number of established SAs */ u_int established; - + /** * Shutdown the daemon if we have established this SA count */ @@ -56,19 +56,19 @@ static bool ike_state_change(private_load_tester_listener_t *this, if (state == IKE_ESTABLISHED) { ike_sa_id_t *id = ike_sa->get_id(ike_sa); - + if (this->delete_after_established) { charon->processor->queue_job(charon->processor, (job_t*)delete_ike_sa_job_create(id, TRUE)); } - + if (id->is_initiator(id)) { if (this->shutdown_on == ++this->established) { DBG1(DBG_CFG, "load-test complete, raising SIGTERM"); - pthread_kill(charon->main_thread_id, SIGTERM); + kill(0, SIGTERM); } } } @@ -86,17 +86,17 @@ static void destroy(private_load_tester_listener_t *this) load_tester_listener_t *load_tester_listener_create(u_int shutdown_on) { private_load_tester_listener_t *this = malloc_thing(private_load_tester_listener_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.ike_state_change = (void*)ike_state_change; this->public.destroy = (void(*) (load_tester_listener_t*))destroy; - + this->delete_after_established = lib->settings->get_bool(lib->settings, - "charon.plugins.load_tester.delete_after_established", FALSE); - + "charon.plugins.load-tester.delete_after_established", FALSE); + this->shutdown_on = shutdown_on; this->established = 0; - + return &this->public; } diff --git a/src/charon/plugins/load_tester/load_tester_listener.h b/src/charon/plugins/load_tester/load_tester_listener.h index 6842b3532..b9599294c 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.h +++ b/src/charon/plugins/load_tester/load_tester_listener.h @@ -34,11 +34,11 @@ struct load_tester_listener_t { * Implements listener set interface. */ listener_t listener; - + /** * Destroy the backend. */ - void (*destroy)(load_tester_listener_t *this); + void (*destroy)(load_tester_listener_t *this); }; /** diff --git a/src/charon/plugins/load_tester/load_tester_plugin.c b/src/charon/plugins/load_tester/load_tester_plugin.c index 93ed2e3c5..e25f97423 100644 --- a/src/charon/plugins/load_tester/load_tester_plugin.c +++ b/src/charon/plugins/load_tester/load_tester_plugin.c @@ -24,7 +24,8 @@ #include #include -#include +#include +#include typedef struct private_load_tester_plugin_t private_load_tester_plugin_t; @@ -37,47 +38,47 @@ struct private_load_tester_plugin_t { * implements plugin interface */ load_tester_plugin_t public; - + /** * load_tester configuration backend */ load_tester_config_t *config; - + /** * load_tester credential set implementation */ load_tester_creds_t *creds; - + /** * event handler, listens on bus */ load_tester_listener_t *listener; - + /** * number of iterations per thread */ int iterations; - + /** * number desired initiator threads */ int initiators; - + /** * currenly running initiators */ int running; - + /** * delay between initiations, in ms */ int delay; - + /** * mutex to lock running field */ mutex_t *mutex; - + /** * condvar to wait for initiators */ @@ -90,7 +91,7 @@ struct private_load_tester_plugin_t { static job_requeue_t do_load_test(private_load_tester_plugin_t *this) { int i, s = 0, ms = 0; - + this->mutex->lock(this->mutex); if (!this->running) { @@ -102,13 +103,13 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) s = this->delay / 1000; ms = this->delay % 1000; } - + for (i = 0; this->iterations == 0 || i < this->iterations; i++) { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg = NULL; enumerator_t *enumerator; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, "load-test"); if (!peer_cfg) @@ -122,7 +123,7 @@ static job_requeue_t do_load_test(private_load_tester_plugin_t *this) break; } enumerator->destroy(enumerator); - + charon->controller->initiate(charon->controller, peer_cfg, child_cfg->get_ref(child_cfg), NULL, NULL); @@ -176,32 +177,32 @@ plugin_t *plugin_create() { private_load_tester_plugin_t *this; u_int i, shutdown_on = 0; - + if (!lib->settings->get_bool(lib->settings, - "charon.plugins.load_tester.enable", FALSE)) + "charon.plugins.load-tester.enable", FALSE)) { DBG1(DBG_CFG, "disabling load-tester plugin, not configured"); return NULL; } - + this = malloc_thing(private_load_tester_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_dh(lib->crypto, MODP_NULL, + + lib->crypto->add_dh(lib->crypto, MODP_NULL, (dh_constructor_t)load_tester_diffie_hellman_create); - + this->delay = lib->settings->get_int(lib->settings, - "charon.plugins.load_tester.delay", 0); + "charon.plugins.load-tester.delay", 0); this->iterations = lib->settings->get_int(lib->settings, - "charon.plugins.load_tester.iterations", 1); + "charon.plugins.load-tester.iterations", 1); this->initiators = lib->settings->get_int(lib->settings, - "charon.plugins.load_tester.initiators", 0); + "charon.plugins.load-tester.initiators", 0); if (lib->settings->get_bool(lib->settings, - "charon.plugins.load_tester.shutdown_when_complete", 0)) + "charon.plugins.load-tester.shutdown_when_complete", 0)) { shutdown_on = this->iterations * this->initiators; } - + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); this->config = load_tester_config_create(); @@ -210,17 +211,17 @@ plugin_t *plugin_create() charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->creds->credential_set); charon->bus->add_listener(charon->bus, &this->listener->listener); - + if (lib->settings->get_bool(lib->settings, - "charon.plugins.load_tester.fake_kernel", FALSE)) + "charon.plugins.load-tester.fake_kernel", FALSE)) { - charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, + charon->kernel_interface->add_ipsec_interface(charon->kernel_interface, (kernel_ipsec_constructor_t)load_tester_ipsec_create); } this->running = 0; for (i = 0; i < this->initiators; i++) { - charon->processor->queue_job(charon->processor, + charon->processor->queue_job(charon->processor, (job_t*)callback_job_create((callback_job_cb_t)do_load_test, this, NULL, NULL)); } diff --git a/src/charon/plugins/load_tester/load_tester_plugin.h b/src/charon/plugins/load_tester/load_tester_plugin.h index 87e8914e0..e33f06ac7 100644 --- a/src/charon/plugins/load_tester/load_tester_plugin.h +++ b/src/charon/plugins/load_tester/load_tester_plugin.h @@ -31,7 +31,7 @@ typedef struct load_tester_plugin_t load_tester_plugin_t; /** * Load tester plugin to inspect system core under high load. * - * This plugin + * This plugin */ struct load_tester_plugin_t { diff --git a/src/charon/plugins/medcli/Makefile.in b/src/charon/plugins/medcli/Makefile.in index 9a2b3f889..47eeecd5b 100644 --- a/src/charon/plugins/medcli/Makefile.in +++ b/src/charon/plugins/medcli/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/medcli DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_medcli_la_LIBADD = am_libstrongswan_medcli_la_OBJECTS = medcli_plugin.lo medcli_creds.lo \ @@ -60,6 +84,7 @@ libstrongswan_medcli_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon @@ -246,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/medcli/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/medcli/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/medcli/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/medcli/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -266,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -309,21 +343,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -346,7 +380,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -354,29 +388,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -397,13 +436,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -434,6 +477,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -455,6 +499,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -463,18 +509,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -513,6 +569,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/medcli/medcli_config.c b/src/charon/plugins/medcli/medcli_config.c index 3b3332549..2e49ebbf7 100644 --- a/src/charon/plugins/medcli/medcli_config.c +++ b/src/charon/plugins/medcli/medcli_config.c @@ -32,22 +32,22 @@ struct private_medcli_config_t { * Public part */ medcli_config_t public; - + /** * database connection */ database_t *db; - + /** * rekey time */ int rekey; - + /** * dpd delay */ int dpd; - + /** * default ike config */ @@ -64,7 +64,7 @@ static traffic_selector_t *ts_from_string(char *str) int netbits = 32; host_t *net; char *pos; - + str = strdupa(str); pos = strchr(str, '/'); if (pos) @@ -100,9 +100,16 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam child_cfg_t *child_cfg; chunk_t me, other; char *address, *local_net, *remote_net; - + lifetime_cfg_t lifetime = { + .time = { + .life = this->rekey * 60 + this->rekey, + .rekey = this->rekey, + .jitter = this->rekey + } + }; + /* query mediation server config: - * - build ike_cfg/peer_cfg for mediation connection on-the-fly + * - build ike_cfg/peer_cfg for mediation connection on-the-fly */ e = this->db->query(this->db, "SELECT Address, ClientConfig.KeyId, MediationServerConfig.KeyId " @@ -117,14 +124,14 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); med_cfg = peer_cfg_create( "mediation", 2, ike_cfg, - CERT_NEVER_SEND, UNIQUE_REPLACE, + CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, this->dpd, /* mobike, dpddelay */ NULL, NULL, /* vip, pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, @@ -135,7 +142,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_encoding(ID_KEY_ID, other)); med_cfg->add_auth_cfg(med_cfg, auth, FALSE); - + /* query mediated config: * - use any-any ike_cfg * - build peer_cfg on-the-fly using med_cfg @@ -154,14 +161,14 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam } peer_cfg = peer_cfg_create( name, 2, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, + CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, this->dpd, /* mobike, dpddelay */ NULL, NULL, /* vip, pool */ - FALSE, med_cfg, /* mediation, med by */ + FALSE, med_cfg, /* mediation, med by */ identification_create_from_encoding(ID_KEY_ID, other)); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, @@ -172,10 +179,9 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_encoding(ID_KEY_ID, other)); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - - child_cfg = child_cfg_create(name, this->rekey*60 + this->rekey, - this->rekey*60, this->rekey, NULL, TRUE, - MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); + + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, + MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); @@ -217,7 +223,14 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) chunk_t me, other; child_cfg_t *child_cfg; auth_cfg_t *auth; - + lifetime_cfg_t lifetime = { + .time = { + .life = this->rekey * 60 + this->rekey, + .rekey = this->rekey, + .jitter = this->rekey + } + }; + DESTROY_IF(this->current); if (!this->inner->enumerate(this->inner, &name, &me, &other, &local_net, &remote_net)) @@ -227,13 +240,13 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) } this->current = peer_cfg_create( name, 2, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, + CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ TRUE, this->dpd, /* mobike, dpddelay */ NULL, NULL, /* vip, pool */ FALSE, NULL, NULL); /* mediation, med by, peer id */ - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, @@ -244,11 +257,9 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_encoding(ID_KEY_ID, other)); this->current->add_auth_cfg(this->current, auth, FALSE); - - child_cfg = child_cfg_create( - name, this->rekey*60 + this->rekey, - this->rekey*60, this->rekey, NULL, TRUE, - MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); + + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, + ACTION_NONE, ACTION_NONE, FALSE, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); @@ -275,7 +286,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medcli_config_t *this, identification_t *other) { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); - + e->current = NULL; e->ike = this->ike; e->rekey = this->rekey; @@ -289,12 +300,12 @@ static enumerator_t* create_peer_cfg_enumerator(private_medcli_config_t *this, "Connection.LocalSubnet, Connection.RemoteSubnet " "FROM ClientConfig JOIN Connection " "WHERE Active AND " - "(? OR ClientConfig.KeyId = ?) AND (? OR Connection.KeyId = ?)", - DB_INT, me == NULL || me->get_type(me) == ID_ANY, - DB_BLOB, me && me->get_type(me) == ID_KEY_ID ? + "(? OR ClientConfig.KeyId = ?) AND (? OR Connection.KeyId = ?)", + DB_INT, me == NULL || me->get_type(me) == ID_ANY, + DB_BLOB, me && me->get_type(me) == ID_KEY_ID ? me->get_encoding(me) : chunk_empty, - DB_INT, other == NULL || other->get_type(other) == ID_ANY, - DB_BLOB, other && other->get_type(other) == ID_KEY_ID ? + DB_INT, other == NULL || other->get_type(other) == ID_ANY, + DB_BLOB, other && other->get_type(other) == ID_KEY_ID ? other->get_encoding(other) : chunk_empty, DB_TEXT, DB_BLOB, DB_BLOB, DB_TEXT, DB_TEXT); if (!e->inner) @@ -312,7 +323,7 @@ static job_requeue_t initiate_config(peer_cfg_t *peer_cfg) { enumerator_t *enumerator; child_cfg_t *child_cfg = NULL;; - + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); enumerator->enumerate(enumerator, &child_cfg); if (child_cfg) @@ -337,7 +348,7 @@ static void schedule_autoinit(private_medcli_config_t *this) { enumerator_t *e; char *name; - + e = this->db->query(this->db, "SELECT Alias FROM Connection WHERE Active", DB_TEXT); if (e) @@ -345,7 +356,7 @@ static void schedule_autoinit(private_medcli_config_t *this) while (e->enumerate(e, &name)) { peer_cfg_t *peer_cfg; - + peer_cfg = get_peer_cfg_by_name(this, name); if (peer_cfg) { @@ -380,15 +391,15 @@ medcli_config_t *medcli_config_create(database_t *db) this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(medcli_config_t*))destroy; - + this->db = db; this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200); this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300); this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0"); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); - + schedule_autoinit(this); - + return &this->public; } diff --git a/src/charon/plugins/medcli/medcli_config.h b/src/charon/plugins/medcli/medcli_config.h index a37280bd0..36c20adf7 100644 --- a/src/charon/plugins/medcli/medcli_config.h +++ b/src/charon/plugins/medcli/medcli_config.h @@ -35,11 +35,11 @@ struct medcli_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(medcli_config_t *this); + void (*destroy)(medcli_config_t *this); }; /** diff --git a/src/charon/plugins/medcli/medcli_creds.c b/src/charon/plugins/medcli/medcli_creds.c index d3c66ae35..9729df3f5 100644 --- a/src/charon/plugins/medcli/medcli_creds.c +++ b/src/charon/plugins/medcli/medcli_creds.c @@ -30,7 +30,7 @@ struct private_medcli_creds_t { * Public part */ medcli_creds_t public; - + /** * underlying database handle */ @@ -90,21 +90,21 @@ static enumerator_t* create_private_enumerator(private_medcli_creds_t *this, key_type_t type, identification_t *id) { private_enumerator_t *e; - + if ((type != KEY_RSA && type != KEY_ANY) || id == NULL || id->get_type(id) != ID_KEY_ID) { DBG1(DBG_CFG, "%N - %Y", key_type_names, type, id); return NULL; } - + e = malloc_thing(private_enumerator_t); e->current = NULL; e->public.enumerate = (void*)private_enumerator_enumerate; e->public.destroy = (void*)private_enumerator_destroy; e->inner = this->db->query(this->db, "SELECT PrivateKey FROM ClientConfig WHERE KeyId = ?", - DB_BLOB, id->get_encoding(id), + DB_BLOB, id->get_encoding(id), DB_BLOB); if (!e->inner) { @@ -185,13 +185,13 @@ static enumerator_t* create_cert_enumerator(private_medcli_creds_t *this, identification_t *id, bool trusted) { cert_enumerator_t *e; - + if ((cert != CERT_TRUSTED_PUBKEY && cert != CERT_ANY) || id == NULL || id->get_type(id) != ID_KEY_ID) { return NULL; } - + e = malloc_thing(cert_enumerator_t); e->current = NULL; e->type = key; @@ -218,7 +218,7 @@ static enumerator_t* create_cert_enumerator(private_medcli_creds_t *this, */ static void destroy(private_medcli_creds_t *this) { - free(this); + free(this); } /** @@ -235,9 +235,9 @@ medcli_creds_t *medcli_creds_create(database_t *db) this->public.set.cache_cert = (void*)nop; this->public.destroy = (void (*)(medcli_creds_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/medcli/medcli_creds.h b/src/charon/plugins/medcli/medcli_creds.h index 97bf1c226..4b5402653 100644 --- a/src/charon/plugins/medcli/medcli_creds.h +++ b/src/charon/plugins/medcli/medcli_creds.h @@ -35,11 +35,11 @@ struct medcli_creds_t { * Implements credential_set_t interface */ credential_set_t set; - + /** * Destroy the credentials databse. */ - void (*destroy)(medcli_creds_t *this); + void (*destroy)(medcli_creds_t *this); }; /** diff --git a/src/charon/plugins/medcli/medcli_listener.c b/src/charon/plugins/medcli/medcli_listener.c index 4d058c0cd..142f02e6c 100644 --- a/src/charon/plugins/medcli/medcli_listener.c +++ b/src/charon/plugins/medcli/medcli_listener.c @@ -39,7 +39,7 @@ struct private_medcli_listener_t { * Public part */ medcli_listener_t public; - + /** * underlying database handle */ @@ -117,17 +117,17 @@ static void destroy(private_medcli_listener_t *this) medcli_listener_t *medcli_listener_create(database_t *db) { private_medcli_listener_t *this = malloc_thing(private_medcli_listener_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); - + this->public.listener.ike_state_change = (void*)ike_state_change; this->public.listener.child_state_change = (void*)child_state_change; this->public.destroy = (void (*)(medcli_listener_t*))destroy; - + this->db = db; db->execute(db, NULL, "UPDATE Connection SET Status = ?", DB_UINT, STATE_DOWN); - + return &this->public; } diff --git a/src/charon/plugins/medcli/medcli_listener.h b/src/charon/plugins/medcli/medcli_listener.h index c6881f88a..4768beccd 100644 --- a/src/charon/plugins/medcli/medcli_listener.h +++ b/src/charon/plugins/medcli/medcli_listener.h @@ -35,11 +35,11 @@ struct medcli_listener_t { * Implements bus_listener_t interface */ listener_t listener; - + /** * Destroy the credentials databse. */ - void (*destroy)(medcli_listener_t *this); + void (*destroy)(medcli_listener_t *this); }; /** diff --git a/src/charon/plugins/medcli/medcli_plugin.c b/src/charon/plugins/medcli/medcli_plugin.c index 908b144f0..148eded61 100644 --- a/src/charon/plugins/medcli/medcli_plugin.c +++ b/src/charon/plugins/medcli/medcli_plugin.c @@ -32,22 +32,22 @@ struct private_medcli_plugin_t { * implements plugin interface */ medcli_plugin_t public; - + /** * database connection instance */ database_t *db; - + /** * medcli credential set instance */ medcli_creds_t *creds; - + /** * medcli config database */ medcli_config_t *config; - + /** * Listener to update database connection state */ @@ -76,9 +76,9 @@ plugin_t *plugin_create() { char *uri; private_medcli_plugin_t *this = malloc_thing(private_medcli_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + uri = lib->settings->get_str(lib->settings, "medcli.database", NULL); if (!uri) @@ -87,7 +87,7 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->db = lib->db->create(lib->db, uri); if (this->db == NULL) { @@ -95,15 +95,15 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->creds = medcli_creds_create(this->db); this->config = medcli_config_create(this->db); this->listener = medcli_listener_create(this->db); - + charon->credentials->add_set(charon->credentials, &this->creds->set); charon->backends->add_backend(charon->backends, &this->config->backend); charon->bus->add_listener(charon->bus, &this->listener->listener); - + return &this->public.plugin; } diff --git a/src/charon/plugins/medsrv/Makefile.in b/src/charon/plugins/medsrv/Makefile.in index ba599499b..c72887889 100644 --- a/src/charon/plugins/medsrv/Makefile.in +++ b/src/charon/plugins/medsrv/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/medsrv DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_medsrv_la_LIBADD = am_libstrongswan_medsrv_la_OBJECTS = medsrv_plugin.lo medsrv_creds.lo \ @@ -60,6 +84,7 @@ libstrongswan_medsrv_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon @@ -245,9 +274,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/medsrv/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/medsrv/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/medsrv/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/medsrv/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -265,23 +294,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -307,21 +341,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -344,7 +378,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -352,29 +386,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -395,13 +434,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -432,6 +475,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -453,6 +497,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -461,18 +507,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -511,6 +567,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/medsrv/medsrv_config.c b/src/charon/plugins/medsrv/medsrv_config.c index 1ab7f3864..3df720967 100644 --- a/src/charon/plugins/medsrv/medsrv_config.c +++ b/src/charon/plugins/medsrv/medsrv_config.c @@ -30,22 +30,22 @@ struct private_medsrv_config_t { * Public part */ medsrv_config_t public; - + /** * database connection */ database_t *db; - + /** * rekey time */ int rekey; - + /** * dpd delay */ int dpd; - + /** * default ike config */ @@ -77,7 +77,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, identification_t *other) { enumerator_t *e; - + if (!me || !other || other->get_type(other) != ID_KEY_ID) { return NULL; @@ -92,7 +92,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, peer_cfg_t *peer_cfg; auth_cfg_t *auth; char *name; - + if (e->enumerate(e, &name)) { peer_cfg = peer_cfg_create( @@ -104,7 +104,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, NULL, NULL, /* vip, pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me)); @@ -113,7 +113,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other)); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - + return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy); } e->destroy(e); @@ -141,13 +141,13 @@ medsrv_config_t *medsrv_config_create(database_t *db) this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(medsrv_config_t*))destroy; - + this->db = db; this->rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200); this->dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300); this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0"); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); - + return &this->public; } diff --git a/src/charon/plugins/medsrv/medsrv_config.h b/src/charon/plugins/medsrv/medsrv_config.h index 2ed63bca7..fc8b0e972 100644 --- a/src/charon/plugins/medsrv/medsrv_config.h +++ b/src/charon/plugins/medsrv/medsrv_config.h @@ -35,11 +35,11 @@ struct medsrv_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(medsrv_config_t *this); + void (*destroy)(medsrv_config_t *this); }; /** diff --git a/src/charon/plugins/medsrv/medsrv_creds.c b/src/charon/plugins/medsrv/medsrv_creds.c index 7dac37f1f..8d1643908 100644 --- a/src/charon/plugins/medsrv/medsrv_creds.c +++ b/src/charon/plugins/medsrv/medsrv_creds.c @@ -30,7 +30,7 @@ struct private_medsrv_creds_t { * Public part */ medsrv_creds_t public; - + /** * underlying database handle */ @@ -109,13 +109,13 @@ static enumerator_t* create_cert_enumerator(private_medsrv_creds_t *this, identification_t *id, bool trusted) { cert_enumerator_t *e; - + if ((cert != CERT_TRUSTED_PUBKEY && cert != CERT_ANY) || id == NULL || id->get_type(id) != ID_KEY_ID) { return NULL; } - + e = malloc_thing(cert_enumerator_t); e->current = NULL; e->type = key; @@ -138,7 +138,7 @@ static enumerator_t* create_cert_enumerator(private_medsrv_creds_t *this, */ static void destroy(private_medsrv_creds_t *this) { - free(this); + free(this); } /** @@ -155,9 +155,9 @@ medsrv_creds_t *medsrv_creds_create(database_t *db) this->public.set.cache_cert = (void*)nop; this->public.destroy = (void (*)(medsrv_creds_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/medsrv/medsrv_creds.h b/src/charon/plugins/medsrv/medsrv_creds.h index da23220c2..d08adf3bf 100644 --- a/src/charon/plugins/medsrv/medsrv_creds.h +++ b/src/charon/plugins/medsrv/medsrv_creds.h @@ -35,11 +35,11 @@ struct medsrv_creds_t { * Implements credential_set_t interface */ credential_set_t set; - + /** * Destroy the credentials databse. */ - void (*destroy)(medsrv_creds_t *this); + void (*destroy)(medsrv_creds_t *this); }; /** diff --git a/src/charon/plugins/medsrv/medsrv_plugin.c b/src/charon/plugins/medsrv/medsrv_plugin.c index 4340d7991..7c533f10e 100644 --- a/src/charon/plugins/medsrv/medsrv_plugin.c +++ b/src/charon/plugins/medsrv/medsrv_plugin.c @@ -31,17 +31,17 @@ struct private_medsrv_plugin_t { * implements plugin interface */ medsrv_plugin_t public; - + /** * database connection instance */ database_t *db; - + /** * medsrv credential set instance */ medsrv_creds_t *creds; - + /** * medsrv config database */ @@ -68,9 +68,9 @@ plugin_t *plugin_create() { char *uri; private_medsrv_plugin_t *this = malloc_thing(private_medsrv_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + uri = lib->settings->get_str(lib->settings, "medsrv.database", NULL); if (!uri) @@ -79,7 +79,7 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->db = lib->db->create(lib->db, uri); if (this->db == NULL) { @@ -87,13 +87,13 @@ plugin_t *plugin_create() free(this); return NULL; } - + this->creds = medsrv_creds_create(this->db); this->config = medsrv_config_create(this->db); - + charon->credentials->add_set(charon->credentials, &this->creds->set); charon->backends->add_backend(charon->backends, &this->config->backend); - + return &this->public.plugin; } diff --git a/src/charon/plugins/nm/Makefile.am b/src/charon/plugins/nm/Makefile.am index b74a4e46f..56eae6e00 100644 --- a/src/charon/plugins/nm/Makefile.am +++ b/src/charon/plugins/nm/Makefile.am @@ -1,7 +1,8 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${nm_CFLAGS} -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic \ + -DNM_CA_DIR=\"${nm_ca_dir}\" plugin_LTLIBRARIES = libstrongswan-nm.la libstrongswan_nm_la_SOURCES = \ diff --git a/src/charon/plugins/nm/Makefile.in b/src/charon/plugins/nm/Makefile.in index c7c428c2a..90a50cfae 100644 --- a/src/charon/plugins/nm/Makefile.in +++ b/src/charon/plugins/nm/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/nm DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = libstrongswan_nm_la_DEPENDENCIES = $(am__DEPENDENCIES_1) @@ -60,6 +84,7 @@ libstrongswan_nm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,10 +250,13 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${nm_CFLAGS} -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic \ + -DNM_CA_DIR=\"${nm_ca_dir}\" + plugin_LTLIBRARIES = libstrongswan-nm.la libstrongswan_nm_la_SOURCES = \ nm_plugin.h nm_plugin.c \ @@ -248,9 +279,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/nm/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/nm/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/nm/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/nm/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -268,23 +299,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -311,21 +347,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -348,7 +384,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -356,29 +392,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -399,13 +440,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -436,6 +481,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -457,6 +503,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -465,18 +513,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -515,6 +573,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/nm/nm_creds.c b/src/charon/plugins/nm/nm_creds.c index 4ea2c36dd..193838e6b 100644 --- a/src/charon/plugins/nm/nm_creds.c +++ b/src/charon/plugins/nm/nm_creds.c @@ -15,8 +15,13 @@ #include "nm_creds.h" +#include +#include +#include + #include -#include +#include +#include typedef struct private_nm_creds_t private_nm_creds_t; @@ -29,32 +34,32 @@ struct private_nm_creds_t { * public functions */ nm_creds_t public; - + /** - * gateway certificate + * List of trusted certificates, certificate_t* */ - certificate_t *cert; - + linked_list_t *certs; + /** - * User name - */ - identification_t *user; - + * User name + */ + identification_t *user; + /** * User password */ char *pass; - + /** * users certificate */ certificate_t *usercert; - + /** * users private key */ private_key_t *key; - + /** * read/write lock */ @@ -68,13 +73,13 @@ static enumerator_t *create_usercert_enumerator(private_nm_creds_t *this, certificate_type_t cert, key_type_t key) { public_key_t *public; - + if (cert != CERT_ANY && cert != this->usercert->get_type(this->usercert)) { return NULL; } if (key != KEY_ANY) - { + { public = this->usercert->get_public_key(this->usercert); if (!public) { @@ -93,6 +98,80 @@ static enumerator_t *create_usercert_enumerator(private_nm_creds_t *this, (void*)this->lock->unlock, this->lock); } +/** + * CA certificate enumerator data + */ +typedef struct { + /** ref to credential credential store */ + private_nm_creds_t *this; + /** type of key we are looking for */ + key_type_t key; + /** CA certificate ID */ + identification_t *id; +} cert_data_t; + +/** + * Destroy CA certificate enumerator data + */ +static void cert_data_destroy(cert_data_t *data) +{ + data->this->lock->unlock(data->this->lock); + free(data); +} + +/** + * Filter function for certificates enumerator + */ +static bool cert_filter(cert_data_t *data, certificate_t **in, + certificate_t **out) +{ + certificate_t *cert = *in; + public_key_t *public; + + public = cert->get_public_key(cert); + if (!public) + { + return FALSE; + } + if (data->key != KEY_ANY && public->get_type(public) != data->key) + { + public->destroy(public); + return FALSE; + } + if (data->id && data->id->get_type(data->id) == ID_KEY_ID && + public->has_fingerprint(public, data->id->get_encoding(data->id))) + { + public->destroy(public); + *out = cert; + return TRUE; + } + public->destroy(public); + if (data->id && !cert->has_subject(cert, data->id)) + { + return FALSE; + } + *out = cert; + return TRUE; +} + +/** + * Create enumerator for trusted certificates + */ +static enumerator_t *create_trusted_cert_enumerator(private_nm_creds_t *this, + key_type_t key, identification_t *id) +{ + cert_data_t *data = malloc_thing(cert_data_t); + + data->this = this; + data->id = id; + data->key = key; + + this->lock->read_lock(this->lock); + return enumerator_create_filter( + this->certs->create_enumerator(this->certs), + (void*)cert_filter, data, (void*)cert_data_destroy); +} + /** * Implements credential_set_t.create_cert_enumerator */ @@ -105,38 +184,11 @@ static enumerator_t* create_cert_enumerator(private_nm_creds_t *this, { return create_usercert_enumerator(this, cert, key); } - - if (!this->cert) - { - return NULL; - } - if (cert != CERT_ANY && cert != this->cert->get_type(this->cert)) + if (cert == CERT_X509 || cert == CERT_ANY) { - return NULL; + return create_trusted_cert_enumerator(this, key, id); } - if (id && !this->cert->has_subject(this->cert, id)) - { - return NULL; - } - if (key != KEY_ANY) - { - public_key_t *public; - - public = this->cert->get_public_key(this->cert); - if (!public) - { - return NULL; - } - if (public->get_type(public) != key) - { - public->destroy(public); - return NULL; - } - public->destroy(public); - } - this->lock->read_lock(this->lock); - return enumerator_create_cleaner(enumerator_create_single(this->cert, NULL), - (void*)this->lock->unlock, this->lock); + return NULL; } /** @@ -155,10 +207,8 @@ static enumerator_t* create_private_enumerator(private_nm_creds_t *this, } if (id && id->get_type(id) != ID_ANY) { - identification_t *keyid; - - keyid = this->key->get_id(this->key, id->get_type(id)); - if (!keyid || !keyid->equals(keyid, id)) + if (id->get_type(id) != ID_KEY_ID || + !this->key->has_fingerprint(this->key, id->get_encoding(id))) { return NULL; } @@ -207,7 +257,7 @@ static void shared_destroy(shared_enumerator_t *this) /** * Implements credential_set_t.create_cert_enumerator */ -static enumerator_t* create_shared_enumerator(private_nm_creds_t *this, +static enumerator_t* create_shared_enumerator(private_nm_creds_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { @@ -225,7 +275,7 @@ static enumerator_t* create_shared_enumerator(private_nm_creds_t *this, { return NULL; } - + enumerator = malloc_thing(shared_enumerator_t); enumerator->public.enumerate = (void*)shared_enumerate; enumerator->public.destroy = (void*)shared_destroy; @@ -239,16 +289,72 @@ static enumerator_t* create_shared_enumerator(private_nm_creds_t *this, } /** - * Implementation of nm_creds_t.set_certificate + * Implementation of nm_creds_t.add_certificate */ -static void set_certificate(private_nm_creds_t *this, certificate_t *cert) +static void add_certificate(private_nm_creds_t *this, certificate_t *cert) { this->lock->write_lock(this->lock); - DESTROY_IF(this->cert); - this->cert = cert; + this->certs->insert_last(this->certs, cert); this->lock->unlock(this->lock); } +/** + * Load a certificate file + */ +static void load_ca_file(private_nm_creds_t *this, char *file) +{ + certificate_t *cert; + + /* We add the CA constraint, as many CAs miss it */ + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, file, BUILD_END); + if (!cert) + { + DBG1(DBG_CFG, "loading CA certificate '%s' failed", file); + } + else + { + DBG2(DBG_CFG, "loaded CA certificate '%Y'", cert->get_subject(cert)); + x509_t *x509 = (x509_t*)cert; + if (!(x509->get_flags(x509) & X509_SELF_SIGNED)) + { + DBG1(DBG_CFG, "%Y is not self signed", cert->get_subject(cert)); + } + this->certs->insert_last(this->certs, cert); + } +} + +/** + * Implementation of nm_creds_t.load_ca_dir + */ +static void load_ca_dir(private_nm_creds_t *this, char *dir) +{ + enumerator_t *enumerator; + char *rel, *abs; + struct stat st; + + enumerator = enumerator_create_directory(dir); + if (enumerator) + { + while (enumerator->enumerate(enumerator, &rel, &abs, &st)) + { + /* skip '.', '..' and hidden files */ + if (rel[0] != '.') + { + if (S_ISDIR(st.st_mode)) + { + load_ca_dir(this, abs); + } + else if (S_ISREG(st.st_mode)) + { + load_ca_file(this, abs); + } + } + } + enumerator->destroy(enumerator); + } +} + /** * Implementation of nm_creds_t.set_password */ @@ -266,7 +372,7 @@ static void set_username_password(private_nm_creds_t *this, identification_t *id /** * Implementation of nm_creds_t.set_cert_and_key */ -static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert, +static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert, private_key_t *key) { this->lock->write_lock(this->lock); @@ -275,14 +381,19 @@ static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert, this->key = key; this->usercert = cert; this->lock->unlock(this->lock); -} +} /** * Implementation of nm_creds_t.clear */ static void clear(private_nm_creds_t *this) { - DESTROY_IF(this->cert); + certificate_t *cert; + + while (this->certs->remove_last(this->certs, (void**)&cert) == SUCCESS) + { + cert->destroy(cert); + } DESTROY_IF(this->user); free(this->pass); DESTROY_IF(this->usercert); @@ -290,7 +401,6 @@ static void clear(private_nm_creds_t *this) this->key = NULL; this->usercert = NULL; this->pass = NULL; - this->cert = NULL; this->user = NULL; } @@ -300,6 +410,7 @@ static void clear(private_nm_creds_t *this) static void destroy(private_nm_creds_t *this) { clear(this); + this->certs->destroy(this->certs); this->lock->destroy(this->lock); free(this); } @@ -310,26 +421,27 @@ static void destroy(private_nm_creds_t *this) nm_creds_t *nm_creds_create() { private_nm_creds_t *this = malloc_thing(private_nm_creds_t); - + this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)nop; - this->public.set_certificate = (void(*)(nm_creds_t*, certificate_t *cert))set_certificate; + this->public.add_certificate = (void(*)(nm_creds_t*, certificate_t *cert))add_certificate; + this->public.load_ca_dir = (void(*)(nm_creds_t*, char *dir))load_ca_dir; this->public.set_username_password = (void(*)(nm_creds_t*, identification_t *id, char *password))set_username_password; this->public.set_cert_and_key = (void(*)(nm_creds_t*, certificate_t *cert, private_key_t *key))set_cert_and_key; this->public.clear = (void(*)(nm_creds_t*))clear; this->public.destroy = (void(*)(nm_creds_t*))destroy; - + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - - this->cert = NULL; + + this->certs = linked_list_create(); this->user = NULL; this->pass = NULL; this->usercert = NULL; this->key = NULL; - + return &this->public; } diff --git a/src/charon/plugins/nm/nm_creds.h b/src/charon/plugins/nm/nm_creds.h index 421442c81..b55cff31e 100644 --- a/src/charon/plugins/nm/nm_creds.h +++ b/src/charon/plugins/nm/nm_creds.h @@ -35,14 +35,21 @@ struct nm_creds_t { * Implements credential_set_t */ credential_set_t set; - + /** - * Set the trusted gateway certificate to serve by this set. + * Add a trusted gateway certificate to serve by this set. * * @param cert certificate to serve */ - void (*set_certificate)(nm_creds_t *this, certificate_t *cert); - + void (*add_certificate)(nm_creds_t *this, certificate_t *cert); + + /** + * Load CA certificates recursively from a directory. + * + * @param dir directory to PEM encoded CA certificates + */ + void (*load_ca_dir)(nm_creds_t *this, char *dir); + /** * Set the username/password for authentication. * diff --git a/src/charon/plugins/nm/nm_handler.c b/src/charon/plugins/nm/nm_handler.c index 026c47af2..eacb54dda 100644 --- a/src/charon/plugins/nm/nm_handler.c +++ b/src/charon/plugins/nm/nm_handler.c @@ -23,17 +23,17 @@ typedef struct private_nm_handler_t private_nm_handler_t; * Private data of an nm_handler_t object. */ struct private_nm_handler_t { - + /** * Public nm_handler_t interface. */ nm_handler_t public; - + /** * list of received DNS server attributes, pointer to 4 byte data */ linked_list_t *dns; - + /** * list of received NBNS server attributes, pointer to 4 byte data */ @@ -43,11 +43,11 @@ struct private_nm_handler_t { /** * Implementation of attribute_handler_t.handle */ -static bool handle(private_nm_handler_t *this, ike_sa_t *ike_sa, +static bool handle(private_nm_handler_t *this, identification_t *server, configuration_attribute_type_t type, chunk_t data) { linked_list_t *list; - + switch (type) { case INTERNAL_IP4_DNS: @@ -67,6 +67,50 @@ static bool handle(private_nm_handler_t *this, ike_sa_t *ike_sa, return TRUE; } +/** + * Implementation of create_attribute_enumerator().enumerate() for WINS + */ +static bool enumerate_nbns(enumerator_t *this, + configuration_attribute_type_t *type, chunk_t *data) +{ + *type = INTERNAL_IP4_NBNS; + *data = chunk_empty; + /* done */ + this->enumerate = (void*)return_false; + return TRUE; +} + +/** + * Implementation of create_attribute_enumerator().enumerate() for DNS + */ +static bool enumerate_dns(enumerator_t *this, + configuration_attribute_type_t *type, chunk_t *data) +{ + *type = INTERNAL_IP4_DNS; + *data = chunk_empty; + /* enumerate WINS server as next attribute ... */ + this->enumerate = (void*)enumerate_nbns; + return TRUE; +} + +/** + * Implementation of attribute_handler_t.create_attribute_enumerator + */ +static enumerator_t* create_attribute_enumerator(private_nm_handler_t *this, + identification_t *server, host_t *vip) +{ + if (vip && vip->get_family(vip) == AF_INET) + { /* no IPv6 attributes yet */ + enumerator_t *enumerator = malloc_thing(enumerator_t); + /* enumerate DNS attribute first ... */ + enumerator->enumerate = (void*)enumerate_dns; + enumerator->destroy = (void*)free; + + return enumerator; + } + return enumerator_create_empty(); +} + /** * convert plain byte ptrs to handy chunk during enumeration */ @@ -83,7 +127,7 @@ static enumerator_t* create_enumerator(private_nm_handler_t *this, configuration_attribute_type_t type) { linked_list_t *list; - + switch (type) { case INTERNAL_IP4_DNS: @@ -105,7 +149,7 @@ static enumerator_t* create_enumerator(private_nm_handler_t *this, static void reset(private_nm_handler_t *this) { void *data; - + while (this->dns->remove_last(this->dns, (void**)&data) == SUCCESS) { free(data); @@ -133,16 +177,17 @@ static void destroy(private_nm_handler_t *this) nm_handler_t *nm_handler_create() { private_nm_handler_t *this = malloc_thing(private_nm_handler_t); - - this->public.handler.handle = (bool(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))handle; - this->public.handler.release = (void(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))nop; + + this->public.handler.handle = (bool(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))handle; + this->public.handler.release = (void(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))nop; + this->public.handler.create_attribute_enumerator = (enumerator_t*(*)(attribute_handler_t*, identification_t *server, host_t *vip))create_attribute_enumerator; this->public.create_enumerator = (enumerator_t*(*)(nm_handler_t*, configuration_attribute_type_t type))create_enumerator; this->public.reset = (void(*)(nm_handler_t*))reset; this->public.destroy = (void(*)(nm_handler_t*))destroy; - + this->dns = linked_list_create(); this->nbns = linked_list_create(); - + return &this->public; } diff --git a/src/charon/plugins/nm/nm_handler.h b/src/charon/plugins/nm/nm_handler.h index d537bb8de..bb35ce767 100644 --- a/src/charon/plugins/nm/nm_handler.h +++ b/src/charon/plugins/nm/nm_handler.h @@ -21,7 +21,7 @@ #ifndef NM_HANDLER_H_ #define NM_HANDLER_H_ -#include +#include typedef struct nm_handler_t nm_handler_t; @@ -29,12 +29,12 @@ typedef struct nm_handler_t nm_handler_t; * Handles DNS/NBNS attributes to pass to NM. */ struct nm_handler_t { - + /** * Implements attribute handler interface */ attribute_handler_t handler; - + /** * Create an enumerator over received attributes of a given kind. * @@ -47,7 +47,7 @@ struct nm_handler_t { * Reset state, flush all received attributes. */ void (*reset)(nm_handler_t *this); - + /** * Destroy a nm_handler_t. */ @@ -59,4 +59,4 @@ struct nm_handler_t { */ nm_handler_t *nm_handler_create(); -#endif /* NM_HANDLER_ @}*/ +#endif /** NM_HANDLER_H_ @}*/ diff --git a/src/charon/plugins/nm/nm_plugin.c b/src/charon/plugins/nm/nm_plugin.c index 1fb46f814..daf2cc660 100644 --- a/src/charon/plugins/nm/nm_plugin.c +++ b/src/charon/plugins/nm/nm_plugin.c @@ -34,22 +34,22 @@ struct private_nm_plugin_t { * implements plugin interface */ nm_plugin_t public; - + /** * NetworkManager service (VPNPlugin) */ NMStrongswanPlugin *plugin; - + /** * Glib main loop for a thread, handles DBUS calls */ GMainLoop *loop; - + /** * credential set registered at the daemon */ nm_creds_t *creds; - + /** * attribute handler regeisterd at the daemon */ @@ -84,8 +84,8 @@ static void destroy(private_nm_plugin_t *this) g_object_unref(this->plugin); } charon->credentials->remove_set(charon->credentials, &this->creds->set); + lib->attributes->remove_handler(lib->attributes, &this->handler->handler); this->creds->destroy(this->creds); - charon->attributes->remove_handler(charon->attributes, &this->handler->handler); this->handler->destroy(this->handler); free(this); } @@ -96,20 +96,20 @@ static void destroy(private_nm_plugin_t *this) plugin_t *plugin_create() { private_nm_plugin_t *this = malloc_thing(private_nm_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->loop = NULL; g_type_init (); if (!g_thread_supported()) { g_thread_init(NULL); } - + this->creds = nm_creds_create(); this->handler = nm_handler_create(); + lib->attributes->add_handler(lib->attributes, &this->handler->handler); charon->credentials->add_set(charon->credentials, &this->creds->set); - charon->attributes->add_handler(charon->attributes, &this->handler->handler); this->plugin = nm_strongswan_plugin_new(this->creds, this->handler); if (!this->plugin) { @@ -117,13 +117,13 @@ plugin_t *plugin_create() destroy(this); return NULL; } - + /* bypass file permissions to read from users ssh-agent */ charon->keep_cap(charon, CAP_DAC_OVERRIDE); - - charon->processor->queue_job(charon->processor, + + charon->processor->queue_job(charon->processor, (job_t*)callback_job_create((callback_job_cb_t)run, this, NULL, NULL)); - + return &this->public.plugin; } diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index 88a3cc95e..b05383c2b 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -18,7 +18,6 @@ #include "nm_service.h" #include -#include #include #include #include @@ -60,7 +59,7 @@ static GValue* handler_to_val(nm_handler_t *handler, GArray *array; enumerator_t *enumerator; chunk_t chunk; - + enumerator = handler->create_enumerator(handler, type); array = g_array_new (FALSE, TRUE, sizeof (guint32)); while (enumerator->enumerate(enumerator, &chunk)) @@ -71,7 +70,7 @@ static GValue* handler_to_val(nm_handler_t *handler, val = g_slice_new0 (GValue); g_value_init (val, DBUS_TYPE_G_UINT_ARRAY); g_value_set_boxed (val, array); - + return val; } @@ -85,37 +84,37 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, GHashTable *config; host_t *me, *other; nm_handler_t *handler; - + config = g_hash_table_new(g_str_hash, g_str_equal); me = ike_sa->get_my_host(ike_sa); other = ike_sa->get_other_host(ike_sa); handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler; - + /* NM requires a tundev, but netkey does not use one. Passing an invalid * iface makes NM complain, but it accepts it without fiddling on eth0. */ val = g_slice_new0 (GValue); g_value_init (val, G_TYPE_STRING); g_value_set_string (val, "none"); g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); - + val = g_slice_new0(GValue); g_value_init(val, G_TYPE_UINT); g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val); - + val = g_slice_new0(GValue); g_value_init(val, G_TYPE_UINT); g_value_set_uint(val, me->get_address(me).len * 8); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); - + val = handler_to_val(handler, INTERNAL_IP4_DNS); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); - + val = handler_to_val(handler, INTERNAL_IP4_NBNS); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val); - + handler->reset(handler); - + nm_vpn_plugin_set_ip4_config(plugin, config); } @@ -125,11 +124,11 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, static void signal_failure(NMVPNPlugin *plugin, NMVPNPluginFailure failure) { nm_handler_t *handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler; - + handler->reset(handler); - + /* TODO: NM does not handle this failure!? */ - nm_vpn_plugin_failure(plugin, failure); + nm_vpn_plugin_failure(plugin, failure); nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED); } @@ -140,7 +139,7 @@ static bool ike_state_change(listener_t *listener, ike_sa_t *ike_sa, ike_sa_state_t state) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == ike_sa && state == IKE_DESTROYING) { signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); @@ -156,7 +155,7 @@ static bool child_state_change(listener_t *listener, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == ike_sa && state == CHILD_DESTROYING) { signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED); @@ -172,7 +171,7 @@ static bool child_updown(listener_t *listener, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == ike_sa) { if (up) @@ -196,7 +195,7 @@ static bool child_updown(listener_t *listener, ike_sa_t *ike_sa, static bool ike_rekey(listener_t *listener, ike_sa_t *old, ike_sa_t *new) { NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener; - + if (private->ike_sa == old) { /* follow a rekeyed IKE_SA */ private->ike_sa = new; @@ -213,7 +212,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, NMStrongswanPluginPrivate *priv; NMSettingConnection *conn; NMSettingVPN *vpn; - identification_t *user = NULL, *gateway; + identification_t *user = NULL, *gateway = NULL; const char *address, *str; bool virtual, encap, ipcomp; ike_cfg_t *ike_cfg; @@ -226,7 +225,14 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, certificate_t *cert = NULL; x509_t *x509; bool agent = FALSE; - + lifetime_cfg_t lifetime = { + .time = { + .life = 10800 /* 3h */, + .rekey = 10200 /* 2h50min */, + .jitter = 300 /* 5min */ + } + }; + /** * Read parameters */ @@ -248,7 +254,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, if (!address || !*address) { g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - "Gateway address missing."); + "Gateway address missing."); return FALSE; } str = nm_setting_vpn_get_data_item(vpn, "virtual"); @@ -274,42 +280,50 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth_class = AUTH_CLASS_PUBKEY; } } - + /** * Register credentials */ priv->creds->clear(priv->creds); - + /* gateway/CA cert */ str = nm_setting_vpn_get_data_item(vpn, "certificate"); if (str) { cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, str, BUILD_END); - priv->creds->set_certificate(priv->creds, cert); + if (!cert) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "Loading gateway certificate failed."); + return FALSE; + } + priv->creds->add_certificate(priv->creds, cert); + + x509 = (x509_t*)cert; + if (!(x509->get_flags(x509) & X509_CA)) + { /* For a gateway certificate, we use the cert subject as identity. */ + gateway = cert->get_subject(cert); + gateway = gateway->clone(gateway); + DBG1(DBG_CFG, "using gateway certificate, identity '%Y'", gateway); + } } - if (!cert) + else { - g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, - "Loading gateway certificate failed."); - return FALSE; + /* no certificate defined, fall back to system-wide CA certificates */ + priv->creds->load_ca_dir(priv->creds, NM_CA_DIR); } - x509 = (x509_t*)cert; - if (x509->get_flags(x509) & X509_CA) - { /* If the user configured a CA certificate, we use the IP/DNS + if (!gateway) + { + /* If the user configured a CA certificate, we use the IP/DNS * of the gateway as its identity. This identity will be used for * certificate lookup and requires the configured IP/DNS to be * included in the gateway certificate. */ gateway = identification_create_from_string((char*)address); DBG1(DBG_CFG, "using CA certificate, gateway identity '%Y'", gateway); } - else - { /* For a gateway certificate, we use the cert subject as identity. */ - gateway = cert->get_subject(cert); - gateway = gateway->clone(gateway); - DBG1(DBG_CFG, "using gateway certificate, identity '%Y'", gateway); - } - + if (auth_class == AUTH_CLASS_EAP) { /* username/password authentication ... */ @@ -321,7 +335,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, priv->creds->set_username_password(priv->creds, user, (char*)str); } } - + if (auth_class == AUTH_CLASS_PUBKEY) { /* ... or certificate/private key authenitcation */ @@ -330,7 +344,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { public_key_t *public; private_key_t *private = NULL; - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, str, BUILD_END); if (!cert) @@ -341,7 +355,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, gateway->destroy(gateway); return FALSE; } - /* try agent */ + /* try agent */ str = nm_setting_vpn_get_secret(vpn, "agent"); if (agent && str) { @@ -362,24 +376,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, "Connecting to SSH agent failed."); } } - /* ... or key file */ + /* ... or key file */ str = nm_setting_vpn_get_data_item(vpn, "userkey"); if (!agent && str) { - chunk_t secret, chunk; - bool pgp = FALSE; - + chunk_t secret; + secret.ptr = (char*)nm_setting_vpn_get_secret(vpn, "password"); if (secret.ptr) { secret.len = strlen(secret.ptr); } - if (pem_asn1_load_file((char*)str, &secret, &chunk, &pgp)) - { - private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, - KEY_RSA, BUILD_BLOB_ASN1_DER, chunk, BUILD_END); - free(chunk.ptr); - } + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, + KEY_RSA, BUILD_FROM_FILE, str, + BUILD_PASSPHRASE, secret, BUILD_END); if (!private) { g_set_error(err, NM_VPN_PLUGIN_ERROR, @@ -401,7 +411,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, } } } - + if (!user) { g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, @@ -409,7 +419,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, gateway->destroy(gateway); return FALSE; } - + /** * Set up configurations */ @@ -430,12 +440,10 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); auth->add(auth, AUTH_RULE_IDENTITY, gateway); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - - child_cfg = child_cfg_create(priv->name, - 10800, 10200, /* lifetime 3h, rekey 2h50min */ - 300, /* jitter 5min */ + + child_cfg = child_cfg_create(priv->name, &lifetime, NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ - ACTION_NONE, ACTION_NONE, ipcomp); + ACTION_NONE, ACTION_NONE, ipcomp, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); @@ -444,7 +452,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, "255.255.255.255", 65535); child_cfg->add_traffic_selector(child_cfg, FALSE, ts); peer_cfg->add_child_cfg(peer_cfg, child_cfg); - + /** * Prepare IKE_SA */ @@ -454,11 +462,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { ike_sa->set_peer_cfg(ike_sa, peer_cfg); } - else - { - peer_cfg->destroy(peer_cfg); - } - + peer_cfg->destroy(peer_cfg); + /** * Register listener, enable initiate-failure-detection hooks */ @@ -466,7 +471,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, priv->listener.ike_state_change = ike_state_change; priv->listener.child_state_change = child_state_change; charon->bus->add_listener(charon->bus, &priv->listener); - + /** * Initiate */ @@ -474,9 +479,9 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { charon->bus->remove_listener(charon->bus, &priv->listener); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); - + g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, - "Initiating failed."); + "Initiating failed."); return FALSE; } charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); @@ -484,16 +489,14 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, } /** - * NeedSecrets called from NM via DBUS + * NeedSecrets called from NM via DBUS */ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, char **setting_name, GError **error) { NMSettingVPN *settings; const char *method, *path; - chunk_t secret = chunk_empty, key; - bool pgp = FALSE; - + settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN)); method = nm_setting_vpn_get_data_item(settings, "method"); @@ -518,14 +521,21 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, path = nm_setting_vpn_get_data_item(settings, "userkey"); if (path) { + private_key_t *key; + chunk_t secret; + secret.ptr = (char*)nm_setting_vpn_get_secret(settings, "password"); if (secret.ptr) { secret.len = strlen(secret.ptr); } - if (pem_asn1_load_file((char*)path, &secret, &key, &pgp)) + /* try to load/decrypt the private key */ + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, + KEY_RSA, BUILD_FROM_FILE, path, + BUILD_PASSPHRASE, secret, BUILD_END); + if (key) { - free(key.ptr); + key->destroy(key); return FALSE; } } @@ -536,7 +546,7 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, } /** - * Disconnect called from NM via DBUS + * Disconnect called from NM via DBUS */ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) { @@ -544,7 +554,7 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) enumerator_t *enumerator; ike_sa_t *ike_sa; u_int id; - + /* our ike_sa pointer might be invalid, lookup sa */ enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) @@ -559,7 +569,7 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) } } enumerator->destroy(enumerator); - + g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL, "Connection not found."); return FALSE; @@ -571,7 +581,7 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err) static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin) { NMStrongswanPluginPrivate *priv; - + priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); priv->plugin = NM_VPN_PLUGIN(plugin); memset(&priv->listener.log, 0, sizeof(listener_t)); @@ -586,7 +596,7 @@ static void nm_strongswan_plugin_class_init( NMStrongswanPluginClass *strongswan_class) { NMVPNPluginClass *parent_class = NM_VPN_PLUGIN_CLASS(strongswan_class); - + g_type_class_add_private(G_OBJECT_CLASS(strongswan_class), sizeof(NMStrongswanPluginPrivate)); parent_class->connect = connect_; @@ -607,7 +617,7 @@ NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds, if (plugin) { NMStrongswanPluginPrivate *priv; - + priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); priv->creds = creds; priv->handler = handler; diff --git a/src/charon/plugins/resolv_conf/Makefile.am b/src/charon/plugins/resolv_conf/Makefile.am deleted file mode 100644 index be7f862f2..000000000 --- a/src/charon/plugins/resolv_conf/Makefile.am +++ /dev/null @@ -1,13 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic \ - -DRESOLV_CONF=\"${resolv_conf}\" - -plugin_LTLIBRARIES = libstrongswan-resolv-conf.la -libstrongswan_resolv_conf_la_SOURCES = \ - resolv_conf_plugin.h resolv_conf_plugin.c \ - resolv_conf_handler.h resolv_conf_handler.c -libstrongswan_resolv_conf_la_LDFLAGS = -module -avoid-version - - diff --git a/src/charon/plugins/resolv_conf/Makefile.in b/src/charon/plugins/resolv_conf/Makefile.in deleted file mode 100644 index 19c20467a..000000000 --- a/src/charon/plugins/resolv_conf/Makefile.in +++ /dev/null @@ -1,518 +0,0 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/charon/plugins/resolv_conf -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_CLEAN_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) -LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_resolv_conf_la_LIBADD = -am_libstrongswan_resolv_conf_la_OBJECTS = resolv_conf_plugin.lo \ - resolv_conf_handler.lo -libstrongswan_resolv_conf_la_OBJECTS = \ - $(am_libstrongswan_resolv_conf_la_OBJECTS) -libstrongswan_resolv_conf_la_LINK = $(LIBTOOL) --tag=CC \ - $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_resolv_conf_la_LDFLAGS) \ - $(LDFLAGS) -o $@ -DEFAULT_INCLUDES = -I.@am__isrc@ -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_resolv_conf_la_SOURCES) -DIST_SOURCES = $(libstrongswan_resolv_conf_la_SOURCES) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -ALLOCA = @ALLOCA@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BTLIB = @BTLIB@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLIB = @DLLIB@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -GPERF = @GPERF@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PERL = @PERL@ -PKG_CONFIG = @PKG_CONFIG@ -RANLIB = @RANLIB@ -RUBY = @RUBY@ -RUBYINCLUDE = @RUBYINCLUDE@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -SOCKLIB = @SOCKLIB@ -STRIP = @STRIP@ -VERSION = @VERSION@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -confdir = @confdir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -ipsecdir = @ipsecdir@ -ipsecgid = @ipsecgid@ -ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -ipsecuser = @ipsecuser@ -libdir = @libdir@ -libexecdir = @libexecdir@ -libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -nm_CFLAGS = @nm_CFLAGS@ -nm_LIBS = @nm_LIBS@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -piddir = @piddir@ -plugindir = @plugindir@ -pluto_plugins = @pluto_plugins@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -resolv_conf = @resolv_conf@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -simreader = @simreader@ -srcdir = @srcdir@ -strongswan_conf = @strongswan_conf@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -xml_CFLAGS = @xml_CFLAGS@ -xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -AM_CFLAGS = -rdynamic \ - -DRESOLV_CONF=\"${resolv_conf}\" - -plugin_LTLIBRARIES = libstrongswan-resolv-conf.la -libstrongswan_resolv_conf_la_SOURCES = \ - resolv_conf_plugin.h resolv_conf_plugin.c \ - resolv_conf_handler.h resolv_conf_handler.c - -libstrongswan_resolv_conf_la_LDFLAGS = -module -avoid-version -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/resolv_conf/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/resolv_conf/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) - @$(NORMAL_INSTALL) - test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ - else :; fi; \ - done - -uninstall-pluginLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ - done - -clean-pluginLTLIBRARIES: - -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -libstrongswan-resolv-conf.la: $(libstrongswan_resolv_conf_la_OBJECTS) $(libstrongswan_resolv_conf_la_DEPENDENCIES) - $(libstrongswan_resolv_conf_la_LINK) -rpath $(plugindir) $(libstrongswan_resolv_conf_la_OBJECTS) $(libstrongswan_resolv_conf_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolv_conf_handler.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolv_conf_plugin.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< - -.c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: - for dir in "$(DESTDIR)$(plugindir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -info: info-am - -info-am: - -install-data-am: install-pluginLTLIBRARIES - -install-dvi: install-dvi-am - -install-exec-am: - -install-html: install-html-am - -install-info: install-info-am - -install-man: - -install-pdf: install-pdf-am - -install-ps: install-ps-am - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-pluginLTLIBRARIES - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.c b/src/charon/plugins/resolv_conf/resolv_conf_handler.c deleted file mode 100644 index 749cfbc5b..000000000 --- a/src/charon/plugins/resolv_conf/resolv_conf_handler.c +++ /dev/null @@ -1,192 +0,0 @@ -/* - * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "resolv_conf_handler.h" - -#include - -#include -#include - -typedef struct private_resolv_conf_handler_t private_resolv_conf_handler_t; - -/** - * Private data of an resolv_conf_handler_t object. - */ -struct private_resolv_conf_handler_t { - - /** - * Public resolv_conf_handler_t interface. - */ - resolv_conf_handler_t public; - - /** - * resolv.conf file to use - */ - char *file; - - /** - * Mutex to access file exclusively - */ - mutex_t *mutex; -}; - -/** - * Implementation of attribute_handler_t.handle - */ -static bool handle(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, - configuration_attribute_type_t type, chunk_t data) -{ - FILE *in, *out; - char buf[1024]; - host_t *addr; - int family; - size_t len; - bool handled = FALSE; - - switch (type) - { - case INTERNAL_IP4_DNS: - family = AF_INET; - break; - case INTERNAL_IP6_DNS: - family = AF_INET6; - break; - default: - return FALSE; - } - - this->mutex->lock(this->mutex); - - in = fopen(this->file, "r"); - /* allows us to stream from in to out */ - unlink(this->file); - out = fopen(this->file, "w"); - if (out) - { - addr = host_create_from_chunk(family, data, 0); - fprintf(out, "nameserver %H # by strongSwan, from %Y\n", - addr, ike_sa->get_other_id(ike_sa)); - DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file); - addr->destroy(addr); - handled = TRUE; - - /* copy rest of the file */ - if (in) - { - while ((len = fread(buf, 1, sizeof(buf), in))) - { - ignore_result(fwrite(buf, 1, len, out)); - } - fclose(in); - } - fclose(out); - } - - if (!handled) - { - DBG1(DBG_IKE, "adding DNS server failed", this->file); - } - this->mutex->unlock(this->mutex); - return handled; -} - -/** - * Implementation of attribute_handler_t.release - */ -static void release(private_resolv_conf_handler_t *this, ike_sa_t *ike_sa, - configuration_attribute_type_t type, chunk_t data) -{ - FILE *in, *out; - char line[1024], matcher[512], *pos; - host_t *addr; - int family; - - switch (type) - { - case INTERNAL_IP4_DNS: - family = AF_INET; - break; - case INTERNAL_IP6_DNS: - family = AF_INET6; - break; - default: - return; - } - - this->mutex->lock(this->mutex); - - in = fopen(this->file, "r"); - if (in) - { - /* allows us to stream from in to out */ - unlink(this->file); - out = fopen(this->file, "w"); - if (out) - { - addr = host_create_from_chunk(family, data, 0); - snprintf(matcher, sizeof(matcher), - "nameserver %H # by strongSwan, from %Y\n", - addr, ike_sa->get_other_id(ike_sa)); - - /* copy all, but matching line */ - while ((pos = fgets(line, sizeof(line), in))) - { - if (strneq(line, matcher, strlen(matcher))) - { - DBG1(DBG_IKE, "removing DNS server %H from %s", - addr, this->file); - } - else - { - fputs(line, out); - } - } - addr->destroy(addr); - fclose(out); - } - fclose(in); - } - - this->mutex->unlock(this->mutex); -} - -/** - * Implementation of resolv_conf_handler_t.destroy. - */ -static void destroy(private_resolv_conf_handler_t *this) -{ - this->mutex->destroy(this->mutex); - free(this); -} - -/** - * See header - */ -resolv_conf_handler_t *resolv_conf_handler_create() -{ - private_resolv_conf_handler_t *this = malloc_thing(private_resolv_conf_handler_t); - - this->public.handler.handle = (bool(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))handle; - this->public.handler.release = (void(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))release; - this->public.destroy = (void(*)(resolv_conf_handler_t*))destroy; - - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->file = lib->settings->get_str(lib->settings, - "charon.plugins.resolv-conf.file", RESOLV_CONF); - - return &this->public; -} - diff --git a/src/charon/plugins/resolv_conf/resolv_conf_handler.h b/src/charon/plugins/resolv_conf/resolv_conf_handler.h deleted file mode 100644 index 2635bb802..000000000 --- a/src/charon/plugins/resolv_conf/resolv_conf_handler.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup resolv_conf_handler resolv_conf_handler - * @{ @ingroup resolv_conf - */ - -#ifndef RESOLV_CONF_HANDLER_H_ -#define RESOLV_CONF_HANDLER_H_ - -#include - -typedef struct resolv_conf_handler_t resolv_conf_handler_t; - -/** - * Handle DNS configuration attributes by mangling a resolv.conf file. - */ -struct resolv_conf_handler_t { - - /** - * Implements the attribute_handler_t interface - */ - attribute_handler_t handler; - - /** - * Destroy a resolv_conf_handler_t. - */ - void (*destroy)(resolv_conf_handler_t *this); -}; - -/** - * Create a resolv_conf_handler instance. - */ -resolv_conf_handler_t *resolv_conf_handler_create(); - -#endif /* RESOLV_CONF_HANDLER_ @}*/ diff --git a/src/charon/plugins/resolv_conf/resolv_conf_plugin.c b/src/charon/plugins/resolv_conf/resolv_conf_plugin.c deleted file mode 100644 index ff9d96eb3..000000000 --- a/src/charon/plugins/resolv_conf/resolv_conf_plugin.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "resolv_conf_plugin.h" -#include "resolv_conf_handler.h" - -#include - -typedef struct private_resolv_conf_plugin_t private_resolv_conf_plugin_t; - -/** - * private data of resolv_conf plugin - */ -struct private_resolv_conf_plugin_t { - - /** - * implements plugin interface - */ - resolv_conf_plugin_t public; - - /** - * The registerd DNS attribute handler - */ - resolv_conf_handler_t *handler; -}; - -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_resolv_conf_plugin_t *this) -{ - charon->attributes->remove_handler(charon->attributes, - &this->handler->handler); - this->handler->destroy(this->handler); - free(this); -} - -/* - * see header file - */ -plugin_t *plugin_create() -{ - private_resolv_conf_plugin_t *this = malloc_thing(private_resolv_conf_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - this->handler = resolv_conf_handler_create(); - charon->attributes->add_handler(charon->attributes, &this->handler->handler); - - return &this->public.plugin; -} - diff --git a/src/charon/plugins/resolv_conf/resolv_conf_plugin.h b/src/charon/plugins/resolv_conf/resolv_conf_plugin.h deleted file mode 100644 index f5943d9a3..000000000 --- a/src/charon/plugins/resolv_conf/resolv_conf_plugin.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup resolv_conf resolv_conf - * @ingroup cplugins - * - * @defgroup resolv_conf_plugin resolv_conf_plugin - * @{ @ingroup resolv_conf - */ - -#ifndef RESOLV_CONF_PLUGIN_H_ -#define RESOLV_CONF_PLUGIN_H_ - -#include - -typedef struct resolv_conf_plugin_t resolv_conf_plugin_t; - -/** - * Plugin that writes received DNS servers in a resolv.conf file. - */ -struct resolv_conf_plugin_t { - - /** - * implements plugin interface - */ - plugin_t plugin; -}; - -/** - * Create a resolv_conf_plugin instance. - */ -plugin_t *plugin_create(); - -#endif /** RESOLV_CONF_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/resolve/Makefile.am b/src/charon/plugins/resolve/Makefile.am new file mode 100644 index 000000000..9d18b00b4 --- /dev/null +++ b/src/charon/plugins/resolve/Makefile.am @@ -0,0 +1,13 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon + +AM_CFLAGS = -rdynamic \ + -DRESOLV_CONF=\"${resolv_conf}\" + +plugin_LTLIBRARIES = libstrongswan-resolve.la +libstrongswan_resolve_la_SOURCES = \ + resolve_plugin.h resolve_plugin.c \ + resolve_handler.h resolve_handler.c +libstrongswan_resolve_la_LDFLAGS = -module -avoid-version + + diff --git a/src/charon/plugins/resolve/Makefile.in b/src/charon/plugins/resolve/Makefile.in new file mode 100644 index 000000000..478935752 --- /dev/null +++ b/src/charon/plugins/resolve/Makefile.in @@ -0,0 +1,574 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/charon/plugins/resolve +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_resolve_la_LIBADD = +am_libstrongswan_resolve_la_OBJECTS = resolve_plugin.lo \ + resolve_handler.lo +libstrongswan_resolve_la_OBJECTS = \ + $(am_libstrongswan_resolve_la_OBJECTS) +libstrongswan_resolve_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_resolve_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_resolve_la_SOURCES) +DIST_SOURCES = $(libstrongswan_resolve_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +AM_CFLAGS = -rdynamic \ + -DRESOLV_CONF=\"${resolv_conf}\" + +plugin_LTLIBRARIES = libstrongswan-resolve.la +libstrongswan_resolve_la_SOURCES = \ + resolve_plugin.h resolve_plugin.c \ + resolve_handler.h resolve_handler.c + +libstrongswan_resolve_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/resolve/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/resolve/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-resolve.la: $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_DEPENDENCIES) + $(libstrongswan_resolve_la_LINK) -rpath $(plugindir) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve_handler.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/charon/plugins/resolve/resolve_handler.c b/src/charon/plugins/resolve/resolve_handler.c new file mode 100644 index 000000000..714c751a6 --- /dev/null +++ b/src/charon/plugins/resolve/resolve_handler.c @@ -0,0 +1,251 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "resolve_handler.h" + +#include + +#include +#include + +typedef struct private_resolve_handler_t private_resolve_handler_t; + +/** + * Private data of an resolve_handler_t object. + */ +struct private_resolve_handler_t { + + /** + * Public resolve_handler_t interface. + */ + resolve_handler_t public; + + /** + * resolv.conf file to use + */ + char *file; + + /** + * Mutex to access file exclusively + */ + mutex_t *mutex; +}; + +/** + * Implementation of attribute_handler_t.handle + */ +static bool handle(private_resolve_handler_t *this, identification_t *server, + configuration_attribute_type_t type, chunk_t data) +{ + FILE *in, *out; + char buf[1024]; + host_t *addr; + size_t len; + bool handled = FALSE; + + switch (type) + { + case INTERNAL_IP4_DNS: + addr = host_create_from_chunk(AF_INET, data, 0); + break; + case INTERNAL_IP6_DNS: + addr = host_create_from_chunk(AF_INET6, data, 0); + break; + default: + return FALSE; + } + + if (!addr || addr->is_anyaddr(addr)) + { + DESTROY_IF(addr); + return FALSE; + } + this->mutex->lock(this->mutex); + + in = fopen(this->file, "r"); + /* allows us to stream from in to out */ + unlink(this->file); + out = fopen(this->file, "w"); + if (out) + { + fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, server); + DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file); + handled = TRUE; + + /* copy rest of the file */ + if (in) + { + while ((len = fread(buf, 1, sizeof(buf), in))) + { + ignore_result(fwrite(buf, 1, len, out)); + } + } + fclose(out); + } + if (in) + { + fclose(in); + } + this->mutex->unlock(this->mutex); + addr->destroy(addr); + + if (!handled) + { + DBG1(DBG_IKE, "adding DNS server failed", this->file); + } + return handled; +} + +/** + * Implementation of attribute_handler_t.release + */ +static void release(private_resolve_handler_t *this, identification_t *server, + configuration_attribute_type_t type, chunk_t data) +{ + FILE *in, *out; + char line[1024], matcher[512], *pos; + host_t *addr; + int family; + + switch (type) + { + case INTERNAL_IP4_DNS: + family = AF_INET; + break; + case INTERNAL_IP6_DNS: + family = AF_INET6; + break; + default: + return; + } + + this->mutex->lock(this->mutex); + + in = fopen(this->file, "r"); + if (in) + { + /* allows us to stream from in to out */ + unlink(this->file); + out = fopen(this->file, "w"); + if (out) + { + addr = host_create_from_chunk(family, data, 0); + snprintf(matcher, sizeof(matcher), + "nameserver %H # by strongSwan, from %Y\n", + addr, server); + + /* copy all, but matching line */ + while ((pos = fgets(line, sizeof(line), in))) + { + if (strneq(line, matcher, strlen(matcher))) + { + DBG1(DBG_IKE, "removing DNS server %H from %s", + addr, this->file); + } + else + { + fputs(line, out); + } + } + addr->destroy(addr); + fclose(out); + } + fclose(in); + } + + this->mutex->unlock(this->mutex); +} + +/** + * Attribute enumerator implementation + */ +typedef struct { + /** implements enumerator_t interface */ + enumerator_t public; + /** virtual IP we are requesting */ + host_t *vip; +} attribute_enumerator_t; + +/** + * Implementation of create_attribute_enumerator().enumerate() + */ +static bool attribute_enumerate(attribute_enumerator_t *this, + configuration_attribute_type_t *type, chunk_t *data) +{ + switch (this->vip->get_family(this->vip)) + { + case AF_INET: + *type = INTERNAL_IP4_DNS; + break; + case AF_INET6: + *type = INTERNAL_IP6_DNS; + break; + default: + return FALSE; + } + *data = chunk_empty; + /* enumerate only once */ + this->public.enumerate = (void*)return_false; + return TRUE; +} + +/** + * Implementation of attribute_handler_t.create_attribute_enumerator + */ +static enumerator_t* create_attribute_enumerator(private_resolve_handler_t *this, + identification_t *server, host_t *vip) +{ + if (vip) + { + attribute_enumerator_t *enumerator; + + enumerator = malloc_thing(attribute_enumerator_t); + enumerator->public.enumerate = (void*)attribute_enumerate; + enumerator->public.destroy = (void*)free; + enumerator->vip = vip; + + return &enumerator->public; + } + return enumerator_create_empty(); +} + +/** + * Implementation of resolve_handler_t.destroy. + */ +static void destroy(private_resolve_handler_t *this) +{ + this->mutex->destroy(this->mutex); + free(this); +} + +/** + * See header + */ +resolve_handler_t *resolve_handler_create() +{ + private_resolve_handler_t *this = malloc_thing(private_resolve_handler_t); + + this->public.handler.handle = (bool(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))handle; + this->public.handler.release = (void(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))release; + this->public.handler.create_attribute_enumerator = (enumerator_t*(*)(attribute_handler_t*, identification_t *server, host_t *vip))create_attribute_enumerator; + this->public.destroy = (void(*)(resolve_handler_t*))destroy; + + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + this->file = lib->settings->get_str(lib->settings, + "charon.plugins.resolve.file", RESOLV_CONF); + + return &this->public; +} + diff --git a/src/charon/plugins/resolve/resolve_handler.h b/src/charon/plugins/resolve/resolve_handler.h new file mode 100644 index 000000000..77bf9781c --- /dev/null +++ b/src/charon/plugins/resolve/resolve_handler.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup resolve_handler resolve_handler + * @{ @ingroup resolve + */ + +#ifndef RESOLVE_HANDLER_H_ +#define RESOLVE_HANDLER_H_ + +#include + +typedef struct resolve_handler_t resolve_handler_t; + +/** + * Handle DNS configuration attributes by mangling a resolv.conf file. + */ +struct resolve_handler_t { + + /** + * Implements the attribute_handler_t interface + */ + attribute_handler_t handler; + + /** + * Destroy a resolve_handler_t. + */ + void (*destroy)(resolve_handler_t *this); +}; + +/** + * Create a resolve_handler instance. + */ +resolve_handler_t *resolve_handler_create(); + +#endif /** RESOLVE_HANDLER_H_ @}*/ diff --git a/src/charon/plugins/resolve/resolve_plugin.c b/src/charon/plugins/resolve/resolve_plugin.c new file mode 100644 index 000000000..c564981ef --- /dev/null +++ b/src/charon/plugins/resolve/resolve_plugin.c @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "resolve_plugin.h" +#include "resolve_handler.h" + +#include + +typedef struct private_resolve_plugin_t private_resolve_plugin_t; + +/** + * private data of resolve plugin + */ +struct private_resolve_plugin_t { + + /** + * implements plugin interface + */ + resolve_plugin_t public; + + /** + * The registerd DNS attribute handler + */ + resolve_handler_t *handler; +}; + +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_resolve_plugin_t *this) +{ + lib->attributes->remove_handler(lib->attributes, &this->handler->handler); + this->handler->destroy(this->handler); + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + private_resolve_plugin_t *this = malloc_thing(private_resolve_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + this->handler = resolve_handler_create(); + lib->attributes->add_handler(lib->attributes, &this->handler->handler); + + return &this->public.plugin; +} + diff --git a/src/charon/plugins/resolve/resolve_plugin.h b/src/charon/plugins/resolve/resolve_plugin.h new file mode 100644 index 000000000..d7e09f284 --- /dev/null +++ b/src/charon/plugins/resolve/resolve_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup resolve resolve + * @ingroup cplugins + * + * @defgroup resolve_plugin resolve_plugin + * @{ @ingroup resolve + */ + +#ifndef RESOLVE_PLUGIN_H_ +#define RESOLVE_PLUGIN_H_ + +#include + +typedef struct resolve_plugin_t resolve_plugin_t; + +/** + * Plugin that writes received DNS servers in a resolv.conf file. + */ +struct resolve_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a resolve_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** RESOLVE_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/smp/Makefile.in b/src/charon/plugins/smp/Makefile.in index d23d2d001..7512cd2f7 100644 --- a/src/charon/plugins/smp/Makefile.in +++ b/src/charon/plugins/smp/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/smp DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = libstrongswan_smp_la_DEPENDENCIES = $(am__DEPENDENCIES_1) @@ -59,6 +83,7 @@ libstrongswan_smp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS} @@ -242,9 +271,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/smp/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/smp/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/smp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/smp/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -262,23 +291,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -302,21 +336,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -339,7 +373,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -347,29 +381,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -390,13 +429,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -427,6 +470,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -448,6 +492,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -456,18 +502,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -506,6 +562,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/smp/smp.c b/src/charon/plugins/smp/smp.c index 562add06d..21e682a0a 100644 --- a/src/charon/plugins/smp/smp.c +++ b/src/charon/plugins/smp/smp.c @@ -23,13 +23,13 @@ #include #include #include -#include #include #include #include #include #include +#include #include @@ -44,12 +44,12 @@ struct private_smp_t { * Public part of smp_t object. */ smp_t public; - + /** * XML unix socket fd */ int socket; - + /** * job accepting stroke messages */ @@ -146,7 +146,7 @@ static void write_networks(xmlTextWriterPtr writer, char *element, { enumerator_t *enumerator; traffic_selector_t *ts; - + xmlTextWriterStartElement(writer, element); enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, (void**)&ts)) @@ -167,26 +167,26 @@ static void write_networks(xmlTextWriterPtr writer, char *element, static void write_childend(xmlTextWriterPtr writer, child_sa_t *child, bool local) { linked_list_t *list; - - xmlTextWriterWriteFormatElement(writer, "spi", "%lx", + + xmlTextWriterWriteFormatElement(writer, "spi", "%lx", htonl(child->get_spi(child, local))); list = child->get_traffic_selectors(child, local); write_networks(writer, "networks", list); } /** - * write a child_sa_t + * write a child_sa_t */ static void write_child(xmlTextWriterPtr writer, child_sa_t *child) { child_cfg_t *config; - + config = child->get_config(child); xmlTextWriterStartElement(writer, "childsa"); xmlTextWriterWriteFormatElement(writer, "reqid", "%d", child->get_reqid(child)); - xmlTextWriterWriteFormatElement(writer, "childconfig", "%s", + xmlTextWriterWriteFormatElement(writer, "childconfig", "%s", config->get_name(config)); xmlTextWriterStartElement(writer, "local"); write_childend(writer, child, TRUE); @@ -207,7 +207,7 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer /* */ xmlTextWriterStartElement(writer, "ikesalist"); - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -215,18 +215,18 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer host_t *local, *remote; iterator_t *children; child_sa_t *child_sa; - + id = ike_sa->get_id(ike_sa); - + xmlTextWriterStartElement(writer, "ikesa"); xmlTextWriterWriteFormatElement(writer, "id", "%d", ike_sa->get_unique_id(ike_sa)); - xmlTextWriterWriteFormatElement(writer, "status", "%N", + xmlTextWriterWriteFormatElement(writer, "status", "%N", ike_sa_state_lower_names, ike_sa->get_state(ike_sa)); xmlTextWriterWriteElement(writer, "role", id->is_initiator(id) ? "initiator" : "responder"); xmlTextWriterWriteElement(writer, "peerconfig", ike_sa->get_name(ike_sa)); - + /* */ local = ike_sa->get_my_host(ike_sa); xmlTextWriterStartElement(writer, "local"); @@ -243,7 +243,7 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer } xmlTextWriterEndElement(writer); /* */ - + /* */ remote = ike_sa->get_other_host(ike_sa); xmlTextWriterStartElement(writer, "remote"); @@ -259,8 +259,8 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer write_bool(writer, "nat", ike_sa->has_condition(ike_sa, COND_NAT_THERE)); } xmlTextWriterEndElement(writer); - /* */ - + /* */ + /* */ xmlTextWriterStartElement(writer, "childsalist"); children = ike_sa->create_child_sa_iterator(ike_sa); @@ -270,13 +270,13 @@ static void request_query_ikesa(xmlTextReaderPtr reader, xmlTextWriterPtr writer } children->destroy(children); /* */ - xmlTextWriterEndElement(writer); - + xmlTextWriterEndElement(writer); + /* */ xmlTextWriterEndElement(writer); } enumerator->destroy(enumerator); - + /* */ xmlTextWriterEndElement(writer); } @@ -291,7 +291,7 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write /* */ xmlTextWriterStartElement(writer, "configlist"); - + enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends, NULL, NULL, NULL, NULL); while (enumerator->enumerate(enumerator, &peer_cfg)) @@ -300,18 +300,18 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write child_cfg_t *child_cfg; ike_cfg_t *ike_cfg; linked_list_t *list; - + if (peer_cfg->get_ike_version(peer_cfg) != 2) { /* only IKEv2 connections yet */ continue; } - + /* */ xmlTextWriterStartElement(writer, "peerconfig"); xmlTextWriterWriteElement(writer, "name", peer_cfg->get_name(peer_cfg)); - + /* TODO: write auth_cfgs */ - + /* */ ike_cfg = peer_cfg->get_ike_cfg(peer_cfg); xmlTextWriterStartElement(writer, "ikeconfig"); @@ -319,14 +319,14 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write xmlTextWriterWriteElement(writer, "remote", ike_cfg->get_other_addr(ike_cfg)); xmlTextWriterEndElement(writer); /* */ - + /* */ xmlTextWriterStartElement(writer, "childconfiglist"); children = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (children->enumerate(children, &child_cfg)) { /* */ - xmlTextWriterStartElement(writer, "childconfig"); + xmlTextWriterStartElement(writer, "childconfig"); xmlTextWriterWriteElement(writer, "name", child_cfg->get_name(child_cfg)); list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); @@ -334,7 +334,7 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); write_networks(writer, "remote", list); - list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); + list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); xmlTextWriterEndElement(writer); /* */ } @@ -342,7 +342,7 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write /* */ xmlTextWriterEndElement(writer); /* */ - xmlTextWriterEndElement(writer); + xmlTextWriterEndElement(writer); } enumerator->destroy(enumerator); /* */ @@ -361,7 +361,7 @@ static bool xml_callback(xmlTextWriterPtr writer, debug_t group, level_t level, xmlTextWriterStartElement(writer, "item"); xmlTextWriterWriteFormatAttribute(writer, "level", "%d", level); xmlTextWriterWriteFormatAttribute(writer, "source", "%N", debug_names, group); - xmlTextWriterWriteFormatAttribute(writer, "thread", "%u", pthread_self()); + xmlTextWriterWriteFormatAttribute(writer, "thread", "%u", thread_current_id()); xmlTextWriterWriteVFormatString(writer, format, args); xmlTextWriterEndElement(writer); /* */ @@ -381,7 +381,7 @@ static void request_control_terminate(xmlTextReaderPtr reader, const char *str; u_int32_t id; status_t status; - + str = xmlTextReaderConstValue(reader); if (str == NULL) { @@ -393,7 +393,7 @@ static void request_control_terminate(xmlTextReaderPtr reader, { enumerator_t *enumerator; ike_sa_t *ike_sa; - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -411,21 +411,21 @@ static void request_control_terminate(xmlTextReaderPtr reader, DBG1(DBG_CFG, "error parsing XML id string"); return; } - + DBG1(DBG_CFG, "terminating %s_SA %d", ike ? "IKE" : "CHILD", id); - + /* */ xmlTextWriterStartElement(writer, "log"); if (ike) { status = charon->controller->terminate_ike( - charon->controller, id, + charon->controller, id, (controller_cb_t)xml_callback, writer); } else { status = charon->controller->terminate_child( - charon->controller, id, + charon->controller, id, (controller_cb_t)xml_callback, writer); } /* */ @@ -448,7 +448,7 @@ static void request_control_initiate(xmlTextReaderPtr reader, peer_cfg_t *peer; child_cfg_t *child = NULL; enumerator_t *enumerator; - + str = xmlTextReaderConstValue(reader); if (str == NULL) { @@ -456,7 +456,7 @@ static void request_control_initiate(xmlTextReaderPtr reader, return; } DBG1(DBG_CFG, "initiating %s_SA %s", ike ? "IKE" : "CHILD", str); - + /* */ xmlTextWriterStartElement(writer, "log"); peer = charon->backends->get_peer_cfg_by_name(charon->backends, (char*)str); @@ -508,8 +508,8 @@ static void request_query(xmlTextReaderPtr reader, xmlTextWriterPtr writer) { /* */ xmlTextWriterStartElement(writer, "query"); - while (xmlTextReaderRead(reader)) - { + while (xmlTextReaderRead(reader)) + { if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { if (streq(xmlTextReaderConstName(reader), "ikesalist")) @@ -535,8 +535,8 @@ static void request_control(xmlTextReaderPtr reader, xmlTextWriterPtr writer) { /* */ xmlTextWriterStartElement(writer, "control"); - while (xmlTextReaderRead(reader)) - { + while (xmlTextReaderRead(reader)) + { if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { if (streq(xmlTextReaderConstName(reader), "ikesaterminate")) @@ -571,7 +571,7 @@ static void request_control(xmlTextReaderPtr reader, xmlTextWriterPtr writer) static void request(xmlTextReaderPtr reader, char *id, int fd) { xmlTextWriterPtr writer; - + writer = xmlNewTextWriter(xmlOutputBufferCreateFd(fd, NULL)); if (writer == NULL) { @@ -622,17 +622,18 @@ static void closefdp(int *fd) */ static job_requeue_t process(int *fdp) { - int oldstate, fd = *fdp; + int fd = *fdp; + bool oldstate; char buffer[4096]; size_t len; xmlTextReaderPtr reader; char *id = NULL, *type = NULL; - - pthread_cleanup_push((void*)closefdp, (void*)&fd); - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + + thread_cleanup_push((thread_cleanup_t)closefdp, (void*)&fd); + oldstate = thread_cancelability(TRUE); len = read(fd, buffer, sizeof(buffer)); - pthread_setcancelstate(oldstate, NULL); - pthread_cleanup_pop(0); + thread_cancelability(oldstate); + thread_cleanup_pop(FALSE); if (len <= 0) { close(fd); @@ -640,17 +641,17 @@ static job_requeue_t process(int *fdp) return JOB_REQUEUE_NONE; } DBG3(DBG_CFG, "got XML request: %b", buffer, len); - + reader = xmlReaderForMemory(buffer, len, NULL, NULL, 0); if (reader == NULL) { DBG1(DBG_CFG, "opening SMP XML reader failed"); return JOB_REQUEUE_FAIR;; } - + /* read message type and id */ - while (xmlTextReaderRead(reader)) - { + while (xmlTextReaderRead(reader)) + { if (xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT && streq(xmlTextReaderConstName(reader), "message")) { @@ -658,20 +659,20 @@ static job_requeue_t process(int *fdp) type = xmlTextReaderGetAttribute(reader, "type"); break; } - } - - /* process message */ - if (id && type) + } + + /* process message */ + if (id && type) { - if (streq(type, "request")) - { - request(reader, id, fd); - } - else - { - /* response(reader, id) */ - } - } + if (streq(type, "request")) + { + request(reader, id, fd); + } + else + { + /* response(reader, id) */ + } + } xmlFreeTextReader(reader); return JOB_REQUEUE_FAIR;; } @@ -682,26 +683,27 @@ static job_requeue_t process(int *fdp) static job_requeue_t dispatch(private_smp_t *this) { struct sockaddr_un strokeaddr; - int oldstate, fd, *fdp, strokeaddrlen = sizeof(strokeaddr); + int fd, *fdp, strokeaddrlen = sizeof(strokeaddr); callback_job_t *job; - + bool oldstate; + /* wait for connections, but allow thread to terminate */ - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + oldstate = thread_cancelability(TRUE); fd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen); - pthread_setcancelstate(oldstate, NULL); - + thread_cancelability(oldstate); + if (fd < 0) { DBG1(DBG_CFG, "accepting SMP XML socket failed: %s", strerror(errno)); sleep(1); return JOB_REQUEUE_FAIR;; } - + fdp = malloc_thing(int); *fdp = fd; job = callback_job_create((callback_job_cb_t)process, fdp, free, this->job); charon->processor->queue_job(charon->processor, (job_t*)job); - + return JOB_REQUEUE_DIRECT; } @@ -725,7 +727,7 @@ plugin_t *plugin_create() mode_t old; this->public.plugin.destroy = (void (*)(plugin_t*))destroy; - + /* set up unix socket */ this->socket = socket(AF_UNIX, SOCK_STREAM, 0); if (this->socket == -1) @@ -734,7 +736,7 @@ plugin_t *plugin_create() free(this); return NULL; } - + unlink(unix_addr.sun_path); old = umask(~(S_IRWXU | S_IRWXG)); if (bind(this->socket, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) < 0) @@ -749,7 +751,7 @@ plugin_t *plugin_create() { DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno)); } - + if (listen(this->socket, 5) < 0) { DBG1(DBG_CFG, "could not listen on XML socket: %s", strerror(errno)); @@ -760,7 +762,7 @@ plugin_t *plugin_create() this->job = callback_job_create((callback_job_cb_t)dispatch, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public.plugin; } diff --git a/src/charon/plugins/sql/Makefile.am b/src/charon/plugins/sql/Makefile.am index bf4963f29..60135bf08 100644 --- a/src/charon/plugins/sql/Makefile.am +++ b/src/charon/plugins/sql/Makefile.am @@ -2,16 +2,11 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\" \ -DPLUGINS=\""${libstrongswan_plugins}\"" plugin_LTLIBRARIES = libstrongswan-sql.la -libstrongswan_sql_la_SOURCES = sql_plugin.h sql_plugin.c \ - sql_config.h sql_config.c sql_cred.h sql_cred.c \ - sql_attribute.h sql_attribute.c sql_logger.h sql_logger.c +libstrongswan_sql_la_SOURCES = \ + sql_plugin.h sql_plugin.c sql_config.h sql_config.c \ + sql_cred.h sql_cred.c sql_logger.h sql_logger.c libstrongswan_sql_la_LDFLAGS = -module -avoid-version -ipsec_PROGRAMS = pool -pool_SOURCES = pool.c -pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la diff --git a/src/charon/plugins/sql/Makefile.in b/src/charon/plugins/sql/Makefile.in index f6fd8e4f7..ef9c33a1c 100644 --- a/src/charon/plugins/sql/Makefile.in +++ b/src/charon/plugins/sql/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -14,11 +15,11 @@ @SET_MAKE@ - VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -33,40 +34,56 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -ipsec_PROGRAMS = pool$(EXEEXT) subdir = src/charon/plugins/sql DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_sql_la_LIBADD = am_libstrongswan_sql_la_OBJECTS = sql_plugin.lo sql_config.lo \ - sql_cred.lo sql_attribute.lo sql_logger.lo + sql_cred.lo sql_logger.lo libstrongswan_sql_la_OBJECTS = $(am_libstrongswan_sql_la_OBJECTS) libstrongswan_sql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_sql_la_LDFLAGS) $(LDFLAGS) -o $@ -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) -PROGRAMS = $(ipsec_PROGRAMS) -am_pool_OBJECTS = pool.$(OBJEXT) -pool_OBJECTS = $(am_pool_OBJECTS) -pool_DEPENDENCIES = \ - $(top_builddir)/src/libstrongswan/libstrongswan.la DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -76,8 +93,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_sql_la_SOURCES) $(pool_SOURCES) -DIST_SOURCES = $(libstrongswan_sql_la_SOURCES) $(pool_SOURCES) +SOURCES = $(libstrongswan_sql_la_SOURCES) +DIST_SOURCES = $(libstrongswan_sql_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -114,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -144,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -177,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -202,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -210,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -218,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -229,22 +249,19 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\" \ -DPLUGINS=\""${libstrongswan_plugins}\"" plugin_LTLIBRARIES = libstrongswan-sql.la -libstrongswan_sql_la_SOURCES = sql_plugin.h sql_plugin.c \ - sql_config.h sql_config.c sql_cred.h sql_cred.c \ - sql_attribute.h sql_attribute.c sql_logger.h sql_logger.c +libstrongswan_sql_la_SOURCES = \ + sql_plugin.h sql_plugin.c sql_config.h sql_config.c \ + sql_cred.h sql_cred.c sql_logger.h sql_logger.c libstrongswan_sql_la_LDFLAGS = -module -avoid-version -pool_SOURCES = pool.c -pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la all: all-am .SUFFIXES: @@ -258,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -278,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -307,37 +329,6 @@ clean-pluginLTLIBRARIES: done libstrongswan-sql.la: $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_DEPENDENCIES) $(libstrongswan_sql_la_LINK) -rpath $(plugindir) $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_LIBADD) $(LIBS) -install-ipsecPROGRAMS: $(ipsec_PROGRAMS) - @$(NORMAL_INSTALL) - test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done - -uninstall-ipsecPROGRAMS: - @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done - -clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done -pool$(EXEEXT): $(pool_OBJECTS) $(pool_DEPENDENCIES) - @rm -f pool$(EXEEXT) - $(LINK) $(pool_OBJECTS) $(pool_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -345,8 +336,6 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pool.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_attribute.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_config.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_logger.Plo@am__quote@ @@ -354,21 +343,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -391,7 +380,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -399,29 +388,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -442,21 +436,25 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am -all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) +all-am: Makefile $(LTLIBRARIES) installdirs: - for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)"; do \ + for dir in "$(DESTDIR)$(plugindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -479,14 +477,15 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ - clean-pluginLTLIBRARIES mostlyclean-am +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -500,26 +499,38 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: -install-data-am: install-ipsecPROGRAMS install-pluginLTLIBRARIES +install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -540,25 +551,24 @@ ps: ps-am ps-am: -uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-ipsecPROGRAMS clean-libtool clean-pluginLTLIBRARIES \ - ctags distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-ipsecPROGRAMS install-man install-pdf \ - install-pdf-am install-pluginLTLIBRARIES install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ - uninstall-am uninstall-ipsecPROGRAMS \ - uninstall-pluginLTLIBRARIES + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/charon/plugins/sql/pool.c b/src/charon/plugins/sql/pool.c deleted file mode 100644 index ebcc9adc7..000000000 --- a/src/charon/plugins/sql/pool.c +++ /dev/null @@ -1,797 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#define _GNU_SOURCE -#include -#include -#include -#include - -#include -#include -#include -#include - -/** - * global database handle - */ -database_t *db; - -/** - * --start/--end addresses of various subcommands - */ -host_t *start = NULL, *end = NULL; - -/** - * calculate the size of a pool using start and end address chunk - */ -static u_int get_pool_size(chunk_t start, chunk_t end) -{ - u_int *start_ptr, *end_ptr; - - if (start.len < sizeof(u_int) || end.len < sizeof(u_int)) - { - return 0; - } - start_ptr = (u_int*)(start.ptr + start.len - sizeof(u_int)); - end_ptr = (u_int*)(end.ptr + end.len - sizeof(u_int)); - return ntohl(*end_ptr) - ntohl(*start_ptr) + 1; -} - -/** - * print usage info - */ -static void usage(void) -{ - printf("\ -Usage:\n\ - ipsec pool --status|--add|--del|--resize|--purge [options]\n\ - \n\ - ipsec pool --status\n\ - Show a list of installed pools with statistics.\n\ - \n\ - ipsec pool --add --start --end [--timeout ]\n\ - Add a new pool to the database.\n\ - name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\ - start: Start address of the pool\n\ - end: End address of the pool\n\ - timeout: Lease time in hours, 0 for static leases\n\ - \n\ - ipsec pool --del \n\ - Delete a pool from the database.\n\ - name: Name of the pool to delete\n\ - \n\ - ipsec pool --resize --end \n\ - Grow or shrink an existing pool.\n\ - name: Name of the pool to resize\n\ - end: New end address for the pool\n\ - \n\ - ipsec pool --leases [--filter ] [--utc]\n\ - Show lease information using filters:\n\ - filter: Filter string containing comma separated key=value filters,\n\ - e.g. id=alice@strongswan.org,addr=1.1.1.1\n\ - pool: name of the pool\n\ - id: assigned identity of the lease\n\ - addr: lease IP address\n\ - tstamp: UNIX timestamp when lease was valid, as integer\n\ - status: status of the lease: online|valid|expired\n\ - utc: Show times in UTC instead of local time\n\ - \n\ - ipsec pool --purge \n\ - Delete lease history of a pool:\n\ - name: Name of the pool to purge\n\ - \n"); - exit(0); -} - -/** - * ipsec pool --status - show pool overview - */ -static void status(void) -{ - enumerator_t *pool, *lease; - bool found = FALSE; - - pool = db->query(db, "SELECT id, name, start, end, timeout FROM pools", - DB_INT, DB_TEXT, DB_BLOB, DB_BLOB, DB_UINT); - if (pool) - { - char *name; - chunk_t start_chunk, end_chunk; - host_t *start, *end; - u_int id, timeout, online = 0, used = 0, size = 0; - - while (pool->enumerate(pool, &id, &name, - &start_chunk, &end_chunk, &timeout)) - { - if (!found) - { - printf("%8s %15s %15s %8s %6s %11s %11s\n", "name", "start", - "end", "timeout", "size", "online", "usage"); - found = TRUE; - } - - start = host_create_from_chunk(AF_UNSPEC, start_chunk, 0); - end = host_create_from_chunk(AF_UNSPEC, end_chunk, 0); - size = get_pool_size(start_chunk, end_chunk); - printf("%8s %15H %15H ", name, start, end); - if (timeout) - { - printf("%7dh ", timeout/3600); - } - else - { - printf("%8s ", "static"); - } - printf("%6d ", size); - /* get number of online hosts */ - lease = db->query(db, "SELECT COUNT(*) FROM addresses " - "WHERE pool = ? AND released = 0", - DB_UINT, id, DB_INT); - if (lease) - { - lease->enumerate(lease, &online); - lease->destroy(lease); - } - printf("%5d (%2d%%) ", online, online*100/size); - /* get number of online or valid lieases */ - lease = db->query(db, "SELECT COUNT(*) FROM addresses " - "WHERE addresses.pool = ? " - "AND ((? AND acquired != 0) " - " OR released = 0 OR released > ?) ", - DB_UINT, id, DB_UINT, !timeout, - DB_UINT, time(NULL) - timeout, DB_UINT); - if (lease) - { - lease->enumerate(lease, &used); - lease->destroy(lease); - } - printf("%5d (%2d%%) ", used, used*100/size); - - printf("\n"); - DESTROY_IF(start); - DESTROY_IF(end); - } - pool->destroy(pool); - } - if (!found) - { - printf("no pools found.\n"); - } - exit(0); -} - -/** - * increment a chunk, as it would reprensent a network order integer - */ -static void increment_chunk(chunk_t chunk) -{ - int i; - - for (i = chunk.len - 1; i >= 0; i--) - { - if (++chunk.ptr[i] != 0) - { - return; - } - } -} - -/** - * ipsec pool --add - add a new pool - */ -static void add(char *name, host_t *start, host_t *end, int timeout) -{ - chunk_t start_addr, end_addr, cur_addr; - u_int id, count; - - start_addr = start->get_address(start); - end_addr = end->get_address(end); - cur_addr = chunk_clonea(start_addr); - count = get_pool_size(start_addr, end_addr); - - if (start_addr.len != end_addr.len || - memcmp(start_addr.ptr, end_addr.ptr, start_addr.len) > 0) - { - fprintf(stderr, "invalid start/end pair specified.\n"); - exit(-1); - } - if (db->execute(db, &id, - "INSERT INTO pools (name, start, end, timeout) " - "VALUES (?, ?, ?, ?)", - DB_TEXT, name, DB_BLOB, start_addr, - DB_BLOB, end_addr, DB_INT, timeout*3600) != 1) - { - fprintf(stderr, "creating pool failed.\n"); - exit(-1); - } - printf("allocating %d addresses... ", count); - fflush(stdout); - if (db->get_driver(db) == DB_SQLITE) - { /* run population in a transaction for sqlite */ - db->execute(db, NULL, "BEGIN TRANSACTION"); - } - while (TRUE) - { - db->execute(db, NULL, - "INSERT INTO addresses (pool, address, identity, acquired, released) " - "VALUES (?, ?, ?, ?, ?)", - DB_UINT, id, DB_BLOB, cur_addr, DB_UINT, 0, DB_UINT, 0, DB_UINT, 1); - if (chunk_equals(cur_addr, end_addr)) - { - break; - } - increment_chunk(cur_addr); - } - if (db->get_driver(db) == DB_SQLITE) - { - db->execute(db, NULL, "END TRANSACTION"); - } - printf("done.\n", count); - - exit(0); -} - -/** - * ipsec pool --del - delete a pool - */ -static void del(char *name) -{ - enumerator_t *query; - u_int id; - bool found = FALSE; - - query = db->query(db, "SELECT id FROM pools WHERE name = ?", - DB_TEXT, name, DB_UINT); - if (!query) - { - fprintf(stderr, "deleting pool failed.\n"); - exit(-1); - } - while (query->enumerate(query, &id)) - { - found = TRUE; - if (db->execute(db, NULL, - "DELETE FROM leases WHERE address IN (" - " SELECT id FROM addresses WHERE pool = ?)", DB_UINT, id) < 0 || - db->execute(db, NULL, - "DELETE FROM addresses WHERE pool = ?", DB_UINT, id) < 0 || - db->execute(db, NULL, - "DELETE FROM pools WHERE id = ?", DB_UINT, id) < 0) - { - fprintf(stderr, "deleting pool failed.\n"); - query->destroy(query); - exit(-1); - } - } - query->destroy(query); - if (!found) - { - fprintf(stderr, "pool '%s' not found.\n", name); - exit(-1); - } - exit(0); -} - -/** - * ipsec pool --resize - resize a pool - */ -static void resize(char *name, host_t *end) -{ - enumerator_t *query; - chunk_t old_addr, new_addr, cur_addr; - u_int id, count; - - new_addr = end->get_address(end); - - query = db->query(db, "SELECT id, end FROM pools WHERE name = ?", - DB_TEXT, name, DB_UINT, DB_BLOB); - if (!query || !query->enumerate(query, &id, &old_addr)) - { - DESTROY_IF(query); - fprintf(stderr, "resizing pool failed.\n"); - exit(-1); - } - if (old_addr.len != new_addr.len || - memcmp(new_addr.ptr, old_addr.ptr, old_addr.len) < 0) - { - fprintf(stderr, "shrinking of pools not supported.\n"); - query->destroy(query); - exit(-1); - } - cur_addr = chunk_clonea(old_addr); - count = get_pool_size(old_addr, new_addr) - 1; - query->destroy(query); - - if (db->execute(db, NULL, - "UPDATE pools SET end = ? WHERE name = ?", - DB_BLOB, new_addr, DB_TEXT, name) <= 0) - { - fprintf(stderr, "pool '%s' not found.\n", name); - exit(-1); - } - - printf("allocating %d new addresses... ", count); - fflush(stdout); - if (db->get_driver(db) == DB_SQLITE) - { /* run population in a transaction for sqlite */ - db->execute(db, NULL, "BEGIN TRANSACTION"); - } - while (count-- > 0) - { - increment_chunk(cur_addr); - db->execute(db, NULL, - "INSERT INTO addresses (pool, address, identity, acquired, released) " - "VALUES (?, ?, ?, ?, ?)", - DB_UINT, id, DB_BLOB, cur_addr, DB_UINT, 0, DB_UINT, 0, DB_UINT, 1); - } - if (db->get_driver(db) == DB_SQLITE) - { - db->execute(db, NULL, "END TRANSACTION"); - } - printf("done.\n", count); - - exit(0); -} - -/** - * create the lease query using the filter string - */ -static enumerator_t *create_lease_query(char *filter) -{ - enumerator_t *query; - identification_t *id = NULL; - host_t *addr = NULL; - u_int tstamp = 0; - bool online = FALSE, valid = FALSE, expired = FALSE; - char *value, *pos, *pool = NULL; - enum { - FIL_POOL = 0, - FIL_ID, - FIL_ADDR, - FIL_TSTAMP, - FIL_STATE, - }; - char *const token[] = { - [FIL_POOL] = "pool", - [FIL_ID] = "id", - [FIL_ADDR] = "addr", - [FIL_TSTAMP] = "tstamp", - [FIL_STATE] = "status", - NULL - }; - - /* if the filter string contains a distinguished name as a ID, we replace - * ", " by "/ " in order to not confuse the getsubopt parser */ - pos = filter; - while ((pos = strchr(pos, ','))) - { - if (pos[1] == ' ') - { - pos[0] = '/'; - } - pos++; - } - - while (filter && *filter != '\0') - { - switch (getsubopt(&filter, token, &value)) - { - case FIL_POOL: - if (value) - { - pool = value; - } - break; - case FIL_ID: - if (value) - { - id = identification_create_from_string(value); - } - break; - case FIL_ADDR: - if (value) - { - addr = host_create_from_string(value, 0); - } - if (!addr) - { - fprintf(stderr, "invalid 'addr' in filter string.\n"); - exit(-1); - } - break; - case FIL_TSTAMP: - if (value) - { - tstamp = atoi(value); - } - if (tstamp == 0) - { - online = TRUE; - } - break; - case FIL_STATE: - if (value) - { - if (streq(value, "online")) - { - online = TRUE; - } - else if (streq(value, "valid")) - { - valid = TRUE; - } - else if (streq(value, "expired")) - { - expired = TRUE; - } - else - { - fprintf(stderr, "invalid 'state' in filter string.\n"); - exit(-1); - } - } - break; - default: - fprintf(stderr, "invalid filter string.\n"); - exit(-1); - break; - } - } - query = db->query(db, - "SELECT name, addresses.address, identities.type, " - "identities.data, leases.acquired, leases.released, timeout " - "FROM leases JOIN addresses ON leases.address = addresses.id " - "JOIN pools ON addresses.pool = pools.id " - "JOIN identities ON leases.identity = identities.id " - "WHERE (? OR name = ?) " - "AND (? OR (identities.type = ? AND identities.data = ?)) " - "AND (? OR addresses.address = ?) " - "AND (? OR (? >= leases.acquired AND (? <= leases.released))) " - "AND (? OR leases.released > ? - timeout) " - "AND (? OR leases.released < ? - timeout) " - "AND ? " - "UNION " - "SELECT name, address, identities.type, identities.data, " - "acquired, released, timeout FROM addresses " - "JOIN pools ON addresses.pool = pools.id " - "JOIN identities ON addresses.identity = identities.id " - "WHERE ? AND released = 0 " - "AND (? OR name = ?) " - "AND (? OR (identities.type = ? AND identities.data = ?)) " - "AND (? OR address = ?)", - DB_INT, pool == NULL, DB_TEXT, pool, - DB_INT, id == NULL, - DB_INT, id ? id->get_type(id) : 0, - DB_BLOB, id ? id->get_encoding(id) : chunk_empty, - DB_INT, addr == NULL, - DB_BLOB, addr ? addr->get_address(addr) : chunk_empty, - DB_INT, tstamp == 0, DB_UINT, tstamp, DB_UINT, tstamp, - DB_INT, !valid, DB_INT, time(NULL), - DB_INT, !expired, DB_INT, time(NULL), - DB_INT, !online, - /* union */ - DB_INT, !(valid || expired), - DB_INT, pool == NULL, DB_TEXT, pool, - DB_INT, id == NULL, - DB_INT, id ? id->get_type(id) : 0, - DB_BLOB, id ? id->get_encoding(id) : chunk_empty, - DB_INT, addr == NULL, - DB_BLOB, addr ? addr->get_address(addr) : chunk_empty, - /* res */ - DB_TEXT, DB_BLOB, DB_INT, DB_BLOB, DB_UINT, DB_UINT, DB_UINT); - /* id and addr leak but we can't destroy them until query is destroyed. */ - return query; -} - -/** - * ipsec pool --leases - show lease information of a pool - */ -static void leases(char *filter, bool utc) -{ - enumerator_t *query; - chunk_t address_chunk, identity_chunk; - int identity_type; - char *name; - u_int acquired, released, timeout; - host_t *address; - identification_t *identity; - bool found = FALSE; - - query = create_lease_query(filter); - if (!query) - { - fprintf(stderr, "querying leases failed.\n"); - exit(-1); - } - while (query->enumerate(query, &name, &address_chunk, &identity_type, - &identity_chunk, &acquired, &released, &timeout)) - { - if (!found) - { - int len = utc ? 25 : 21; - - found = TRUE; - printf("%-8s %-15s %-7s %-*s %-*s %s\n", - "name", "address", "status", len, "start", len, "end", "identity"); - } - address = host_create_from_chunk(AF_UNSPEC, address_chunk, 0); - identity = identification_create_from_encoding(identity_type, identity_chunk); - - printf("%-8s %-15H ", name, address); - if (released == 0) - { - printf("%-7s ", "online"); - } - else if (timeout == 0) - { - printf("%-7s ", "static"); - } - else if (released >= time(NULL) - timeout) - { - printf("%-7s ", "valid"); - } - else - { - printf("%-7s ", "expired"); - } - - printf(" %T ", &acquired, utc); - if (released) - { - printf("%T ", &released, utc); - } - else - { - printf(" "); - if (utc) - { - printf(" "); - } - } - printf("%Y\n", identity); - DESTROY_IF(address); - identity->destroy(identity); - } - query->destroy(query); - if (!found) - { - fprintf(stderr, "no matching leases found.\n"); - exit(-1); - } - exit(0); -} - -/** - * ipsec pool --purge - delete expired leases - */ -static void purge(char *name) -{ - int purged = 0; - - purged = db->execute(db, NULL, - "DELETE FROM leases WHERE address IN (" - " SELECT id FROM addresses WHERE pool IN (" - " SELECT id FROM pools WHERE name = ?))", - DB_TEXT, name); - if (purged < 0) - { - fprintf(stderr, "purging pool '%s' failed.\n", name); - exit(-1); - } - fprintf(stderr, "purged %d leases in pool '%s'.\n", purged, name); - exit(0); -} - -/** - * atexit handler to close db on shutdown - */ -static void cleanup(void) -{ - db->destroy(db); - DESTROY_IF(start); - DESTROY_IF(end); -} - -/** - * Logging hook for library logs, using stderr output - */ -static void dbg_stderr(int level, char *fmt, ...) -{ - va_list args; - - if (level <= 1) - { - va_start(args, fmt); - vfprintf(stderr, fmt, args); - fprintf(stderr, "\n"); - va_end(args); - } -} - -int main(int argc, char *argv[]) -{ - char *uri, *name = "", *filter = ""; - int timeout = 0; - bool utc = FALSE; - enum { - OP_USAGE, - OP_STATUS, - OP_ADD, - OP_DEL, - OP_RESIZE, - OP_LEASES, - OP_PURGE, - } operation = OP_USAGE; - - dbg = dbg_stderr; - atexit(library_deinit); - - /* initialize library */ - if (!library_init(STRONGSWAN_CONF)) - { - exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); - } - if (lib->integrity && - !lib->integrity->check_file(lib->integrity, "pool", argv[0])) - { - fprintf(stderr, "integrity check of pool failed\n"); - exit(SS_RC_DAEMON_INTEGRITY); - } - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, - lib->settings->get_str(lib->settings, "pool.load", PLUGINS)); - - uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL); - if (!uri) - { - fprintf(stderr, "database URI charon.plugins.sql.database not set.\n"); - exit(-1); - } - db = lib->db->create(lib->db, uri); - if (!db) - { - fprintf(stderr, "opening database failed.\n"); - exit(-1); - } - atexit(cleanup); - - while (TRUE) - { - int c; - - struct option long_opts[] = { - { "help", no_argument, NULL, 'h' }, - - { "utc", no_argument, NULL, 'u' }, - { "status", no_argument, NULL, 'w' }, - { "add", required_argument, NULL, 'a' }, - { "del", required_argument, NULL, 'd' }, - { "resize", required_argument, NULL, 'r' }, - { "leases", no_argument, NULL, 'l' }, - { "purge", required_argument, NULL, 'p' }, - - { "start", required_argument, NULL, 's' }, - { "end", required_argument, NULL, 'e' }, - { "timeout", required_argument, NULL, 't' }, - { "filter", required_argument, NULL, 'f' }, - { 0,0,0,0 } - }; - - c = getopt_long(argc, argv, "", long_opts, NULL); - switch (c) - { - case EOF: - break; - case 'h': - break; - case 'w': - operation = OP_STATUS; - break; - case 'u': - utc = TRUE; - continue; - case 'a': - operation = OP_ADD; - name = optarg; - continue; - case 'd': - operation = OP_DEL; - name = optarg; - continue; - case 'r': - operation = OP_RESIZE; - name = optarg; - continue; - case 'l': - operation = OP_LEASES; - continue; - case 'p': - operation = OP_PURGE; - name = optarg; - continue; - case 's': - start = host_create_from_string(optarg, 0); - if (start == NULL) - { - fprintf(stderr, "invalid start address: '%s'.\n", optarg); - operation = OP_USAGE; - break; - } - continue; - case 'e': - end = host_create_from_string(optarg, 0); - if (end == NULL) - { - fprintf(stderr, "invalid end address: '%s'.\n", optarg); - operation = OP_USAGE; - break; - } - continue; - case 't': - timeout = atoi(optarg); - if (timeout == 0 && strcmp(optarg, "0") != 0) - { - fprintf(stderr, "invalid timeout '%s'.\n", optarg); - operation = OP_USAGE; - break; - } - continue; - case 'f': - filter = optarg; - continue; - default: - operation = OP_USAGE; - break; - } - break; - } - - switch (operation) - { - case OP_USAGE: - usage(); - break; - case OP_STATUS: - status(); - break; - case OP_ADD: - if (start == NULL || end == NULL) - { - fprintf(stderr, "missing arguments.\n"); - usage(); - } - add(name, start, end, timeout); - break; - case OP_DEL: - del(name); - break; - case OP_RESIZE: - if (end == NULL) - { - fprintf(stderr, "missing arguments.\n"); - usage(); - } - resize(name, end); - break; - case OP_LEASES: - leases(filter, utc); - break; - case OP_PURGE: - purge(name); - break; - } - exit(0); -} - diff --git a/src/charon/plugins/sql/sql_attribute.c b/src/charon/plugins/sql/sql_attribute.c deleted file mode 100644 index 77601e612..000000000 --- a/src/charon/plugins/sql/sql_attribute.c +++ /dev/null @@ -1,363 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "sql_attribute.h" - -#include - -#include - -typedef struct private_sql_attribute_t private_sql_attribute_t; - -/** - * private data of sql_attribute - */ -struct private_sql_attribute_t { - - /** - * public functions - */ - sql_attribute_t public; - - /** - * database connection - */ - database_t *db; - - /** - * wheter to record lease history in lease table - */ - bool history; -}; - -/** - * lookup/insert an identity - */ -static u_int get_identity(private_sql_attribute_t *this, identification_t *id) -{ - enumerator_t *e; - u_int row; - - /* look for peer identity in the identities table */ - e = this->db->query(this->db, - "SELECT id FROM identities WHERE type = ? AND data = ?", - DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id), - DB_UINT); - - if (e && e->enumerate(e, &row)) - { - e->destroy(e); - return row; - } - DESTROY_IF(e); - /* not found, insert new one */ - if (this->db->execute(this->db, &row, - "INSERT INTO identities (type, data) VALUES (?, ?)", - DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id)) == 1) - { - return row; - } - return 0; -} - -/** - * Lookup pool by name - */ -static u_int get_pool(private_sql_attribute_t *this, char *name, u_int *timeout) -{ - enumerator_t *e; - u_int pool; - - e = this->db->query(this->db, "SELECT id, timeout FROM pools WHERE name = ?", - DB_TEXT, name, DB_UINT, DB_UINT); - if (e && e->enumerate(e, &pool, timeout)) - { - e->destroy(e); - return pool; - } - DESTROY_IF(e); - return 0; -} - -/** - * Look up an existing lease - */ -static host_t* check_lease(private_sql_attribute_t *this, char *name, - u_int pool, u_int identity) -{ - while (TRUE) - { - u_int id; - chunk_t address; - enumerator_t *e; - time_t now = time(NULL); - - e = this->db->query(this->db, - "SELECT id, address FROM addresses " - "WHERE pool = ? AND identity = ? AND released != 0 LIMIT 1", - DB_UINT, pool, DB_UINT, identity, DB_UINT, DB_BLOB); - if (!e || !e->enumerate(e, &id, &address)) - { - DESTROY_IF(e); - break; - } - address = chunk_clonea(address); - e->destroy(e); - - if (this->db->execute(this->db, NULL, - "UPDATE addresses SET acquired = ?, released = 0 " - "WHERE id = ? AND identity = ? AND released != 0", - DB_UINT, now, DB_UINT, id, DB_UINT, identity) > 0) - { - host_t *host; - - host = host_create_from_chunk(AF_UNSPEC, address, 0); - if (host) - { - DBG1(DBG_CFG, "acquired existing lease " - "for address %H in pool '%s'", host, name); - return host; - } - } - } - return NULL; -} - -/** - * We check for unallocated addresses or expired leases. First we select an - * address as a candidate, but double check later on if it is still available - * during the update operation. This allows us to work without locking. - */ -static host_t* get_lease(private_sql_attribute_t *this, char *name, - u_int pool, u_int timeout, u_int identity) -{ - while (TRUE) - { - u_int id; - chunk_t address; - enumerator_t *e; - time_t now = time(NULL); - int hits; - - if (timeout) - { - /* check for an expired lease */ - e = this->db->query(this->db, - "SELECT id, address FROM addresses " - "WHERE pool = ? AND released != 0 AND released < ? LIMIT 1", - DB_UINT, pool, DB_UINT, now - timeout, DB_UINT, DB_BLOB); - } - else - { - /* with static leases, check for an unallocated address */ - e = this->db->query(this->db, - "SELECT id, address FROM addresses " - "WHERE pool = ? AND identity = 0 LIMIT 1", - DB_UINT, pool, DB_UINT, DB_BLOB); - - } - - if (!e || !e->enumerate(e, &id, &address)) - { - DESTROY_IF(e); - break; - } - address = chunk_clonea(address); - e->destroy(e); - - if (timeout) - { - hits = this->db->execute(this->db, NULL, - "UPDATE addresses SET " - "acquired = ?, released = 0, identity = ? " - "WHERE id = ? AND released != 0 AND released < ?", - DB_UINT, now, DB_UINT, identity, - DB_UINT, id, DB_UINT, now - timeout); - } - else - { - hits = this->db->execute(this->db, NULL, - "UPDATE addresses SET " - "acquired = ?, released = 0, identity = ? " - "WHERE id = ? AND identity = 0", - DB_UINT, now, DB_UINT, identity, DB_UINT, id); - } - if (hits > 0) - { - host_t *host; - - host = host_create_from_chunk(AF_UNSPEC, address, 0); - if (host) - { - DBG1(DBG_CFG, "acquired new lease " - "for address %H in pool '%s'", host, name); - return host; - } - } - } - DBG1(DBG_CFG, "no available address found in pool '%s'", name); - return NULL; -} - -/** - * Implementation of attribute_provider_t.acquire_address - */ -static host_t* acquire_address(private_sql_attribute_t *this, - char *names, identification_t *id, - host_t *requested) -{ - host_t *address = NULL; - u_int identity, pool, timeout; - - identity = get_identity(this, id); - if (identity) - { - /* check for a single pool first (no concatenation and enumeration) */ - if (strchr(names, ',') == NULL) - { - pool = get_pool(this, names, &timeout); - if (pool) - { - /* check for an existing lease */ - address = check_lease(this, names, pool, identity); - if (address == NULL) - { - /* get an unallocated address or expired lease */ - address = get_lease(this, names, pool, timeout, identity); - } - } - } - else - { - enumerator_t *enumerator; - char *name; - - /* in a first step check for an existing lease over all pools */ - enumerator = enumerator_create_token(names, ",", " "); - while (enumerator->enumerate(enumerator, &name)) - { - pool = get_pool(this, name, &timeout); - if (pool) - { - address = check_lease(this, name, pool, identity); - if (address) - { - enumerator->destroy(enumerator); - return address; - } - } - } - enumerator->destroy(enumerator); - - /* in a second step get an unallocated address or expired lease */ - enumerator = enumerator_create_token(names, ",", " "); - while (enumerator->enumerate(enumerator, &name)) - { - pool = get_pool(this, name, &timeout); - if (pool) - { - address = get_lease(this, name, pool, timeout, identity); - if (address) - { - break; - } - } - } - enumerator->destroy(enumerator); - } - } - return address; -} - -/** - * Implementation of attribute_provider_t.release_address - */ -static bool release_address(private_sql_attribute_t *this, - char *name, host_t *address, identification_t *id) -{ - enumerator_t *enumerator; - bool found = FALSE; - time_t now = time(NULL); - - enumerator = enumerator_create_token(name, ",", " "); - while (enumerator->enumerate(enumerator, &name)) - { - u_int pool, timeout; - - pool = get_pool(this, name, &timeout); - if (pool) - { - if (this->history) - { - this->db->execute(this->db, NULL, - "INSERT INTO leases (address, identity, acquired, released)" - " SELECT id, identity, acquired, ? FROM addresses " - " WHERE pool = ? AND address = ?", - DB_UINT, now, DB_UINT, pool, - DB_BLOB, address->get_address(address)); - } - if (this->db->execute(this->db, NULL, - "UPDATE addresses SET released = ? WHERE " - "pool = ? AND address = ?", DB_UINT, time(NULL), - DB_UINT, pool, DB_BLOB, address->get_address(address)) > 0) - { - found = TRUE; - break; - } - } - } - enumerator->destroy(enumerator); - return found; -} - -/** - * Implementation of sql_attribute_t.destroy - */ -static void destroy(private_sql_attribute_t *this) -{ - free(this); -} - -/* - * see header file - */ -sql_attribute_t *sql_attribute_create(database_t *db) -{ - private_sql_attribute_t *this = malloc_thing(private_sql_attribute_t); - time_t now = time(NULL); - - this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))acquire_address; - this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address; - this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))enumerator_create_empty; - this->public.destroy = (void(*)(sql_attribute_t*))destroy; - - this->db = db; - this->history = lib->settings->get_bool(lib->settings, - "charon.plugins.sql.lease_history", TRUE); - - /* close any "online" leases in the case we crashed */ - if (this->history) - { - this->db->execute(this->db, NULL, - "INSERT INTO leases (address, identity, acquired, released)" - " SELECT id, identity, acquired, ? FROM addresses " - " WHERE released = 0", DB_UINT, now); - } - this->db->execute(this->db, NULL, - "UPDATE addresses SET released = ? WHERE released = 0", - DB_UINT, now); - return &this->public; -} - diff --git a/src/charon/plugins/sql/sql_attribute.h b/src/charon/plugins/sql/sql_attribute.h deleted file mode 100644 index 23700dea9..000000000 --- a/src/charon/plugins/sql/sql_attribute.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup sql_attribute sql_attribute - * @{ @ingroup sql - */ - -#ifndef SQL_ATTRIBUTE_H_ -#define SQL_ATTRIBUTE_H_ - -#include - -typedef struct sql_attribute_t sql_attribute_t; - -/** - * SQL database based IKEv2 cfg attribute provider. - */ -struct sql_attribute_t { - - /** - * Implements attribute provider interface - */ - attribute_provider_t provider; - - /** - * Destroy a sql_attribute instance. - */ - void (*destroy)(sql_attribute_t *this); -}; - -/** - * Create a sql_attribute instance. - */ -sql_attribute_t *sql_attribute_create(database_t *db); - -#endif /** SQL_ATTRIBUTE_H_ @}*/ diff --git a/src/charon/plugins/sql/sql_config.c b/src/charon/plugins/sql/sql_config.c index e7dfe573b..afee0896c 100644 --- a/src/charon/plugins/sql/sql_config.c +++ b/src/charon/plugins/sql/sql_config.c @@ -30,7 +30,7 @@ struct private_sql_config_t { * Public part */ sql_config_t public; - + /** * database connection */ @@ -58,7 +58,7 @@ static traffic_selector_t *build_traffic_selector(private_sql_config_t *this, TS_LOCAL_DYNAMIC = 2, TS_REMOTE_DYNAMIC = 3, } kind; - + while (e->enumerate(e, &kind, &type, &protocol, &start_addr, &end_addr, &start_port, &end_port)) { @@ -99,7 +99,7 @@ static void add_traffic_selectors(private_sql_config_t *this, enumerator_t *e; traffic_selector_t *ts; bool local; - + e = this->db->query(this->db, "SELECT kind, type, protocol, " "start_addr, end_addr, start_port, end_port " @@ -126,12 +126,15 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) int id, lifetime, rekeytime, jitter, hostaccess, mode, dpd, close, ipcomp; char *name, *updown; child_cfg_t *child_cfg; - - if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, + + if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown, &hostaccess, &mode, &dpd, &close, &ipcomp)) { - child_cfg = child_cfg_create(name, lifetime, rekeytime, jitter, - updown, hostaccess, mode, dpd, close, ipcomp); + lifetime_cfg_t lft = { + .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter } + }; + child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode, + dpd, close, ipcomp, 0); /* TODO: read proposal from db */ child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); add_traffic_selectors(this, child_cfg, id); @@ -147,7 +150,7 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) { enumerator_t *e; child_cfg_t *child_cfg; - + e = this->db->query(this->db, "SELECT id, name, lifetime, rekeytime, jitter, " "updown, hostaccess, mode, dpd_action, close_action, ipcomp " @@ -174,11 +177,11 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, { int certreq, force_encap; char *local, *remote; - + while (e->enumerate(e, &certreq, &force_encap, &local, &remote)) { ike_cfg_t *ike_cfg; - + ike_cfg = ike_cfg_create(certreq, force_encap, local, remote); /* TODO: read proposal from db */ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); @@ -194,7 +197,7 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) { enumerator_t *e; ike_cfg_t *ike_cfg = NULL; - + e = this->db->query(this->db, "SELECT certreq, force_encap, local, remote " "FROM ike_configs WHERE id = ?", @@ -215,7 +218,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) { enumerator_t *e; peer_cfg_t *peer_cfg = NULL; - + e = this->db->query(this->db, "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " @@ -229,8 +232,8 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) "WHERE id = ?", DB_INT, id, DB_INT, DB_TEXT, DB_INT, DB_INT, DB_BLOB, DB_INT, DB_BLOB, - DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, - DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, + DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, + DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT, DB_INT, DB_INT, DB_INT, DB_BLOB); if (e) @@ -253,11 +256,11 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, mediation, mediated_by, p_type; chunk_t l_data, r_data, p_data; char *name, *virtual, *pool; - + while (e->enumerate(e, &id, &name, &ike_cfg, &l_type, &l_data, &r_type, &r_data, &cert_policy, &uniqueid, &auth_method, &eap_type, &eap_vendor, - &keyingtries, &rekeytime, &reauthtime, &jitter, &overtime, &mobike, + &keyingtries, &rekeytime, &reauthtime, &jitter, &overtime, &mobike, &dpd_delay, &virtual, &pool, &mediation, &mediated_by, &p_type, &p_data)) { @@ -266,7 +269,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, ike_cfg_t *ike; host_t *vip = NULL; auth_cfg_t *auth; - + local_id = identification_create_from_encoding(l_type, l_data); remote_id = identification_create_from_encoding(r_type, r_data); if ((me && !me->matches(me, local_id)) || @@ -328,7 +331,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_sql_config_t *this, char *name) { enumerator_t *e; peer_cfg_t *peer_cfg = NULL; - + e = this->db->query(this->db, "SELECT c.id, name, ike_cfg, l.type, l.data, r.type, r.data, " "cert_policy, uniqueid, auth_method, eap_type, eap_vendor, " @@ -401,14 +404,14 @@ static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this, host_t *me, host_t *other) { ike_enumerator_t *e = malloc_thing(ike_enumerator_t); - + e->this = this; e->me = me; e->other = other; e->current = NULL; e->public.enumerate = (void*)ike_enumerator_enumerate; e->public.destroy = (void*)ike_enumerator_destroy; - + e->inner = this->db->query(this->db, "SELECT certreq, force_encap, local, remote " "FROM ike_configs", @@ -470,7 +473,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_sql_config_t *this, identification_t *other) { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); - + e->this = this; e->me = me; e->other = other; @@ -523,9 +526,9 @@ sql_config_t *sql_config_create(database_t *db) this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.destroy = (void(*)(sql_config_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/sql/sql_config.h b/src/charon/plugins/sql/sql_config.h index abc6ef382..700d00a97 100644 --- a/src/charon/plugins/sql/sql_config.h +++ b/src/charon/plugins/sql/sql_config.h @@ -35,11 +35,11 @@ struct sql_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destry the backend. */ - void (*destroy)(sql_config_t *this); + void (*destroy)(sql_config_t *this); }; /** diff --git a/src/charon/plugins/sql/sql_cred.c b/src/charon/plugins/sql/sql_cred.c index f8b7a35c1..12f4ab045 100644 --- a/src/charon/plugins/sql/sql_cred.c +++ b/src/charon/plugins/sql/sql_cred.c @@ -30,7 +30,7 @@ struct private_sql_cred_t { * Public part */ sql_cred_t public; - + /** * database connection */ @@ -92,7 +92,7 @@ static enumerator_t* create_private_enumerator(private_sql_cred_t *this, identification_t *id) { private_enumerator_t *e; - + e = malloc_thing(private_enumerator_t); e->current = NULL; e->public.enumerate = (void*)private_enumerator_enumerate; @@ -178,7 +178,7 @@ static enumerator_t* create_cert_enumerator(private_sql_cred_t *this, identification_t *id, bool trusted) { cert_enumerator_t *e; - + e = malloc_thing(cert_enumerator_t); e->current = NULL; e->public.enumerate = (void*)cert_enumerator_enumerate; @@ -275,11 +275,11 @@ static void shared_enumerator_destroy(shared_enumerator_t *this) * Implementation of credential_set_t.create_shared_enumerator. */ static enumerator_t* create_shared_enumerator(private_sql_cred_t *this, - shared_key_type_t type, + shared_key_type_t type, identification_t *me, identification_t *other) { shared_enumerator_t *e; - + e = malloc_thing(shared_enumerator_t); e->me = me; e->other = other; @@ -306,12 +306,12 @@ static enumerator_t* create_shared_enumerator(private_sql_cred_t *this, DB_INT, me->get_type(me), DB_BLOB, me->get_encoding(me), DB_INT, other->get_type(other), DB_BLOB, other->get_encoding(other), DB_INT, type == SHARED_ANY, DB_INT, type, - DB_INT, DB_BLOB); + DB_INT, DB_BLOB); } else { identification_t *id = me ? me : other; - + e->inner = this->db->query(this->db, "SELECT s.type, s.data FROM shared_secrets AS s " "JOIN shared_secret_identity AS si ON s.id = si.shared_secret " @@ -350,16 +350,16 @@ static void destroy(private_sql_cred_t *this) sql_cred_t *sql_cred_create(database_t *db) { private_sql_cred_t *this = malloc_thing(private_sql_cred_t); - + this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)cache_cert; this->public.destroy = (void(*)(sql_cred_t*))destroy; - + this->db = db; - + return &this->public; } diff --git a/src/charon/plugins/sql/sql_cred.h b/src/charon/plugins/sql/sql_cred.h index 2a9a96df1..7f387398e 100644 --- a/src/charon/plugins/sql/sql_cred.h +++ b/src/charon/plugins/sql/sql_cred.h @@ -35,11 +35,11 @@ struct sql_cred_t { * Implements credential_set_t interface */ credential_set_t set; - + /** * Destry the backend. */ - void (*destroy)(sql_cred_t *this); + void (*destroy)(sql_cred_t *this); }; /** diff --git a/src/charon/plugins/sql/sql_logger.c b/src/charon/plugins/sql/sql_logger.c index 20d42662b..d350c4c3d 100644 --- a/src/charon/plugins/sql/sql_logger.c +++ b/src/charon/plugins/sql/sql_logger.c @@ -30,17 +30,17 @@ struct private_sql_logger_t { * Public part */ sql_logger_t public; - + /** * database connection */ database_t *db; - + /** * logging level */ int level; - + /** * avoid recursive logging */ @@ -67,7 +67,7 @@ static bool log_(private_sql_logger_t *this, debug_t group, level_t level, identification_t *local_id, *remote_id; u_int64_t ispi, rspi; ike_sa_id_t *id; - + id = ike_sa->get_id(ike_sa); ispi = id->get_initiator_spi(id); rspi = id->get_responder_spi(id); @@ -86,9 +86,9 @@ static bool log_(private_sql_logger_t *this, debug_t group, level_t level, remote_id = ike_sa->get_other_id(ike_sa); local_host = ike_sa->get_my_host(ike_sa); remote_host = ike_sa->get_other_host(ike_sa); - + vsnprintf(buffer, sizeof(buffer), format, args); - + this->db->execute(this->db, NULL, "REPLACE INTO ike_sas (" "local_spi, remote_spi, id, initiator, " "local_id_type, local_id_data, " @@ -129,17 +129,17 @@ static void destroy(private_sql_logger_t *this) sql_logger_t *sql_logger_create(database_t *db) { private_sql_logger_t *this = malloc_thing(private_sql_logger_t); - + memset(&this->public.listener, 0, sizeof(listener_t)); this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; this->public.destroy = (void(*)(sql_logger_t*))destroy; - + this->db = db; this->recursive = FALSE; - + this->level = lib->settings->get_int(lib->settings, "charon.plugins.sql.loglevel", -1); - + return &this->public; } diff --git a/src/charon/plugins/sql/sql_logger.h b/src/charon/plugins/sql/sql_logger.h index 3636c2293..a933705da 100644 --- a/src/charon/plugins/sql/sql_logger.h +++ b/src/charon/plugins/sql/sql_logger.h @@ -35,11 +35,11 @@ struct sql_logger_t { * Implements bus_listener_t interface */ listener_t listener; - + /** * Destry the backend. */ - void (*destroy)(sql_logger_t *this); + void (*destroy)(sql_logger_t *this); }; /** diff --git a/src/charon/plugins/sql/sql_plugin.c b/src/charon/plugins/sql/sql_plugin.c index e5a4afd1d..e2e410a8a 100644 --- a/src/charon/plugins/sql/sql_plugin.c +++ b/src/charon/plugins/sql/sql_plugin.c @@ -18,7 +18,6 @@ #include #include "sql_config.h" #include "sql_cred.h" -#include "sql_attribute.h" #include "sql_logger.h" typedef struct private_sql_plugin_t private_sql_plugin_t; @@ -32,27 +31,22 @@ struct private_sql_plugin_t { * implements plugin interface */ sql_plugin_t public; - + /** * database connection instance */ database_t *db; - + /** * configuration backend */ sql_config_t *config; - + /** * credential set */ sql_cred_t *cred; - - /** - * CFG attributes - */ - sql_attribute_t *attribute; - + /** * bus listener/logger */ @@ -66,11 +60,9 @@ static void destroy(private_sql_plugin_t *this) { charon->backends->remove_backend(charon->backends, &this->config->backend); charon->credentials->remove_set(charon->credentials, &this->cred->set); - charon->attributes->remove_provider(charon->attributes, &this->attribute->provider); charon->bus->remove_listener(charon->bus, &this->logger->listener); this->config->destroy(this->config); this->cred->destroy(this->cred); - this->attribute->destroy(this->attribute); this->logger->destroy(this->logger); this->db->destroy(this->db); free(this); @@ -83,18 +75,18 @@ plugin_t *plugin_create() { char *uri; private_sql_plugin_t *this; - + uri = lib->settings->get_str(lib->settings, "charon.plugins.sql.database", NULL); if (!uri) { DBG1(DBG_CFG, "sql plugin: database URI not set"); return NULL; } - + this = malloc_thing(private_sql_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->db = lib->db->create(lib->db, uri); if (!this->db) { @@ -104,14 +96,12 @@ plugin_t *plugin_create() } this->config = sql_config_create(this->db); this->cred = sql_cred_create(this->db); - this->attribute = sql_attribute_create(this->db); this->logger = sql_logger_create(this->db); - + charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->cred->set); - charon->attributes->add_provider(charon->attributes, &this->attribute->provider); charon->bus->add_listener(charon->bus, &this->logger->listener); - + return &this->public.plugin; } diff --git a/src/charon/plugins/stroke/Makefile.am b/src/charon/plugins/stroke/Makefile.am index 79a63f2c2..94d311609 100644 --- a/src/charon/plugins/stroke/Makefile.am +++ b/src/charon/plugins/stroke/Makefile.am @@ -3,7 +3,7 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_ AM_CFLAGS = \ -rdynamic \ --DIPSEC_CONFDIR=\"${confdir}\" \ +-DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" plugin_LTLIBRARIES = libstrongswan-stroke.la diff --git a/src/charon/plugins/stroke/Makefile.in b/src/charon/plugins/stroke/Makefile.in index 19822ebc8..6e6b3b813 100644 --- a/src/charon/plugins/stroke/Makefile.in +++ b/src/charon/plugins/stroke/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/stroke DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_stroke_la_LIBADD = am_libstrongswan_stroke_la_OBJECTS = stroke_plugin.lo stroke_socket.lo \ @@ -61,6 +85,7 @@ libstrongswan_stroke_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -108,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -138,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -171,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -196,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -204,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -223,12 +251,13 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke AM_CFLAGS = \ -rdynamic \ --DIPSEC_CONFDIR=\"${confdir}\" \ +-DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" plugin_LTLIBRARIES = libstrongswan-stroke.la @@ -256,9 +285,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -276,23 +305,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -324,21 +358,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -361,7 +395,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -369,29 +403,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -412,13 +451,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -449,6 +492,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -470,6 +514,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -478,18 +524,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -528,6 +584,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c index d3211fd67..7a5ce683e 100644 --- a/src/charon/plugins/stroke/stroke_attribute.c +++ b/src/charon/plugins/stroke/stroke_attribute.c @@ -18,7 +18,7 @@ #include #include #include -#include +#include #define POOL_LIMIT (sizeof(uintptr_t)*8) @@ -33,12 +33,12 @@ struct private_stroke_attribute_t { * public functions */ stroke_attribute_t public; - + /** * list of pools, contains pool_t */ linked_list_t *pools; - + /** * mutex to lock access to pools */ @@ -85,7 +85,7 @@ static void pool_destroy(pool_t *this) { enumerator_t *enumerator; identification_t *id; - + enumerator = this->ids->create_enumerator(this->ids); while (enumerator->enumerate(enumerator, &id, NULL)) { @@ -107,7 +107,7 @@ static pool_t *find_pool(private_stroke_attribute_t *this, char *name) { enumerator_t *enumerator; pool_t *current, *found = NULL; - + enumerator = this->pools->create_enumerator(this->pools); while (enumerator->enumerate(enumerator, ¤t)) { @@ -129,13 +129,13 @@ host_t* offset2host(pool_t *pool, int offset) chunk_t addr; host_t *host; u_int32_t *pos; - + offset--; if (offset > pool->size) { return NULL; } - + addr = chunk_clone(pool->base->get_address(pool->base)); if (pool->base->get_family(pool->base) == AF_INET6) { @@ -158,7 +158,7 @@ int host2offset(pool_t *pool, host_t *addr) { chunk_t host, base; u_int32_t hosti, basei; - + if (addr->get_family(addr) != pool->base->get_family(pool->base)) { return -1; @@ -195,7 +195,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, uintptr_t offset = 0; enumerator_t *enumerator; identification_t *old_id; - + this->mutex->lock(this->mutex); pool = find_pool(this, name); while (pool) @@ -206,7 +206,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, this->mutex->unlock(this->mutex); return requested->clone(requested); } - + if (!requested->is_anyaddr(requested) && requested->get_family(requested) != pool->base->get_family(pool->base)) @@ -214,7 +214,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, DBG1(DBG_CFG, "IP pool address family mismatch"); break; } - + /* check for a valid offline lease, refresh */ offset = (uintptr_t)pool->offline->remove(pool->offline, id); if (offset) @@ -227,7 +227,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, break; } } - + /* check for a valid online lease, reassign */ offset = (uintptr_t)pool->online->get(pool->online, id); if (offset && offset == host2offset(pool, requested)) @@ -235,7 +235,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, DBG1(DBG_CFG, "reassigning online lease to '%Y'", id); break; } - + if (pool->unused < pool->size) { /* assigning offset, starting by 1. Handling 0 in hashtable @@ -270,7 +270,7 @@ static host_t* acquire_address(private_stroke_attribute_t *this, } } enumerator->destroy(enumerator); - + DBG1(DBG_CFG, "pool '%s' is full, unable to assign address", name); break; } @@ -291,7 +291,7 @@ static bool release_address(private_stroke_attribute_t *this, pool_t *pool; bool found = FALSE; uintptr_t offset; - + this->mutex->lock(this->mutex); pool = find_pool(this, name); if (pool) @@ -320,10 +320,10 @@ static bool release_address(private_stroke_attribute_t *this, */ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) { - if (msg->add_conn.other.sourceip_size) + if (msg->add_conn.other.sourceip_mask) { pool_t *pool; - + pool = malloc_thing(pool_t); pool->base = NULL; pool->size = 0; @@ -335,17 +335,17 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) (hashtable_equals_t)id_equals, 16); pool->ids = hashtable_create((hashtable_hash_t)id_hash, (hashtable_equals_t)id_equals, 16); - + /* if %config, add an empty pool, otherwise */ if (msg->add_conn.other.sourceip) { u_int32_t bits; int family; - - DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", - msg->add_conn.name, msg->add_conn.other.sourceip, - msg->add_conn.other.sourceip_size); - + + DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", + msg->add_conn.name, msg->add_conn.other.sourceip, + msg->add_conn.other.sourceip_mask); + pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0); if (!pool->base) { @@ -354,7 +354,7 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) return; } family = pool->base->get_family(pool->base); - bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_size; + bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_mask; if (bits > POOL_LIMIT) { bits = POOL_LIMIT; @@ -363,7 +363,7 @@ static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) (family == AF_INET ? 32 : 128) - bits); } pool->size = 1 << (bits); - + if (pool->size > 2) { /* do not use first and last addresses of a block */ pool->unused++; @@ -383,7 +383,7 @@ static void del_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) { enumerator_t *enumerator; pool_t *pool; - + this->mutex->lock(this->mutex); enumerator = this->pools->create_enumerator(this->pools); while (enumerator->enumerate(enumerator, &pool)) @@ -407,7 +407,7 @@ static bool pool_filter(void *mutex, pool_t **poolp, char **name, void *d3, u_int *offline) { pool_t *pool = *poolp; - + *name = pool->name; *size = pool->size; *online = pool->online->get_count(pool->online); @@ -450,10 +450,10 @@ static bool lease_enumerate(lease_enumerator_t *this, identification_t **id_out, { identification_t *id; uintptr_t offset; - + DESTROY_IF(this->current); this->current = NULL; - + if (this->inner->enumerate(this->inner, &id, NULL)) { offset = (uintptr_t)this->pool->online->get(this->pool->online, id); @@ -494,7 +494,7 @@ static enumerator_t* create_lease_enumerator(private_stroke_attribute_t *this, char *pool) { lease_enumerator_t *enumerator; - + this->mutex->lock(this->mutex); enumerator = malloc_thing(lease_enumerator_t); enumerator->pool = find_pool(this, pool); @@ -528,19 +528,19 @@ static void destroy(private_stroke_attribute_t *this) stroke_attribute_t *stroke_attribute_create() { private_stroke_attribute_t *this = malloc_thing(private_stroke_attribute_t); - + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,host_t *))acquire_address; this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address; - this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id))enumerator_create_empty; + this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id, host_t *vip))enumerator_create_empty; this->public.add_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))add_pool; this->public.del_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))del_pool; this->public.create_pool_enumerator = (enumerator_t*(*)(stroke_attribute_t*))create_pool_enumerator; this->public.create_lease_enumerator = (enumerator_t*(*)(stroke_attribute_t*, char *pool))create_lease_enumerator; this->public.destroy = (void(*)(stroke_attribute_t*))destroy; - + this->pools = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_attribute.h b/src/charon/plugins/stroke/stroke_attribute.h index fc273d1cb..cf6c950a6 100644 --- a/src/charon/plugins/stroke/stroke_attribute.h +++ b/src/charon/plugins/stroke/stroke_attribute.h @@ -22,7 +22,7 @@ #define STROKE_ATTRIBUTE_H_ #include -#include +#include typedef struct stroke_attribute_t stroke_attribute_t; @@ -30,12 +30,12 @@ typedef struct stroke_attribute_t stroke_attribute_t; * Stroke IKEv2 cfg attribute provider */ struct stroke_attribute_t { - + /** * Implements attribute provider interface */ attribute_provider_t provider; - + /** * Add a virtual IP address. * @@ -43,24 +43,24 @@ struct stroke_attribute_t { * @param end end of stroke message that contains virtual IP. */ void (*add_pool)(stroke_attribute_t *this, stroke_msg_t *msg); - + /** * Remove a virtual IP address. * * @param msg stroke message */ void (*del_pool)(stroke_attribute_t *this, stroke_msg_t *msg); - + /** * Create an enumerator over installed pools. * - * Enumerator enumerates over + * Enumerator enumerates over * char *pool, u_int size, u_int offline, u_int online. * * @return enumerator */ enumerator_t* (*create_pool_enumerator)(stroke_attribute_t *this); - + /** * Create an enumerator over the leases of a pool. * diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/charon/plugins/stroke/stroke_ca.c index c354d8cb8..49146f18b 100644 --- a/src/charon/plugins/stroke/stroke_ca.c +++ b/src/charon/plugins/stroke/stroke_ca.c @@ -17,7 +17,7 @@ #include "stroke_ca.h" #include "stroke_cred.h" -#include +#include #include #include @@ -34,17 +34,17 @@ struct private_stroke_ca_t { * public functions */ stroke_ca_t public; - + /** * read-write lock to lists */ rwlock_t *lock; - + /** * list of starters CA sections and its certificates (ca_section_t) */ linked_list_t *sections; - + /** * stroke credentials, stores our CA certificates */ @@ -62,27 +62,27 @@ struct ca_section_t { * name of the CA section */ char *name; - + /** * reference to cert in trusted_credential_t */ certificate_t *cert; - + /** * CRL URIs */ linked_list_t *crl; - + /** * OCSP URIs */ linked_list_t *ocsp; - + /** * Hashes of certificates issued by this CA */ linked_list_t *hashes; - + /** * Base URI used for certificates from this CA */ @@ -90,12 +90,12 @@ struct ca_section_t { }; /** - * create a new CA section + * create a new CA section */ static ca_section_t *ca_section_create(char *name, certificate_t *cert) { ca_section_t *ca = malloc_thing(ca_section_t); - + ca->name = strdup(name); ca->crl = linked_list_create(); ca->ocsp = linked_list_create(); @@ -142,10 +142,9 @@ static void cdp_data_destroy(cdp_data_t *data) static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data) { public_key_t *public; - identification_t *keyid; enumerator_t *enumerator = NULL; linked_list_t *list; - + if (data->type == CERT_X509_OCSP_RESPONSE) { list = section->ocsp; @@ -164,10 +163,9 @@ static enumerator_t *create_inner_cdp(ca_section_t *section, cdp_data_t *data) } else { - keyid = public->get_id(public, data->id->get_type(data->id)); - if (keyid && keyid->matches(keyid, data->id)) + if (public->has_fingerprint(public, data->id->get_encoding(data->id))) { - enumerator = list->create_enumerator(list); + enumerator = list->create_enumerator(list); } } public->destroy(public); @@ -182,25 +180,25 @@ static enumerator_t *create_inner_cdp_hashandurl(ca_section_t *section, cdp_data { enumerator_t *enumerator = NULL, *hash_enum; identification_t *current; - + if (!data->id || !section->certuribase) { return NULL; } - + hash_enum = section->hashes->create_enumerator(section->hashes); while (hash_enum->enumerate(hash_enum, ¤t)) - { + { if (current->matches(current, data->id)) { char *url, *hash; - + url = malloc(strlen(section->certuribase) + 40 + 1); strcpy(url, section->certuribase); hash = chunk_to_hex(current->get_encoding(current), NULL, FALSE).ptr; strncat(url, hash, 40); free(hash); - + enumerator = enumerator_create_single(url, free); break; } @@ -231,7 +229,7 @@ static enumerator_t *create_cdp_enumerator(private_stroke_ca_t *this, data->this = this; data->type = type; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_nested(this->sections->create_enumerator(this->sections), (type == CERT_X509) ? (void*)create_inner_cdp_hashandurl : (void*)create_inner_cdp, @@ -244,12 +242,12 @@ static void add(private_stroke_ca_t *this, stroke_msg_t *msg) { certificate_t *cert; ca_section_t *ca; - + if (msg->add_ca.cacert == NULL) { DBG1(DBG_CFG, "missing cacert parameter"); return; - } + } cert = this->cred->load_ca(this->cred, msg->add_ca.cacert); if (cert) { @@ -288,7 +286,7 @@ static void del(private_stroke_ca_t *this, stroke_msg_t *msg) { enumerator_t *enumerator; ca_section_t *ca = NULL; - + this->lock->write_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, &ca)) @@ -344,14 +342,14 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer { ca_section_t *section; enumerator_t *enumerator; - + hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported"); return; } - + this->lock->write_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, (void**)§ion)) @@ -361,7 +359,7 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer chunk_t hash, encoded = cert->get_encoding(cert); hasher->allocate_hash(hasher, encoded, &hash); section->hashes->insert_last(section->hashes, - identification_create_from_encoding(ID_CERT_DER_SHA1, hash)); + identification_create_from_encoding(ID_KEY_ID, hash)); chunk_free(&hash); chunk_free(&encoded); break; @@ -369,7 +367,7 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - + hasher->destroy(hasher); } @@ -381,13 +379,14 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) bool first = TRUE; ca_section_t *section; enumerator_t *enumerator; - + this->lock->read_lock(this->lock); enumerator = this->sections->create_enumerator(this->sections); while (enumerator->enumerate(enumerator, (void**)§ion)) { certificate_t *cert = section->cert; public_key_t *public = cert->get_public_key(cert); + chunk_t chunk; if (first) { @@ -401,10 +400,14 @@ static void list(private_stroke_ca_t *this, stroke_msg_t *msg, FILE *out) /* list authkey and keyid */ if (public) { - fprintf(out, " authkey: %Y\n", - public->get_id(public, ID_PUBKEY_SHA1)); - fprintf(out, " keyid: %Y\n", - public->get_id(public, ID_PUBKEY_INFO_SHA1)); + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk)) + { + fprintf(out, " authkey: %#B\n", &chunk); + } + if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &chunk)) + { + fprintf(out, " keyid: %#B\n", &chunk); + } public->destroy(public); } list_uris(section->crl, " crluris: ", out); @@ -434,7 +437,7 @@ static void destroy(private_stroke_ca_t *this) stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) { private_stroke_ca_t *this = malloc_thing(private_stroke_ca_t); - + this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_cert_enumerator = (void*)return_null; this->public.set.create_shared_enumerator = (void*)return_null; @@ -445,11 +448,11 @@ stroke_ca_t *stroke_ca_create(stroke_cred_t *cred) this->public.list = (void(*)(stroke_ca_t*, stroke_msg_t *msg, FILE *out))list; this->public.check_for_hash_and_url = (void(*)(stroke_ca_t*, certificate_t*))check_for_hash_and_url; this->public.destroy = (void(*)(stroke_ca_t*))destroy; - + this->sections = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->cred = cred; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_ca.h b/src/charon/plugins/stroke/stroke_ca.h index c882d7b4e..21af912ea 100644 --- a/src/charon/plugins/stroke/stroke_ca.h +++ b/src/charon/plugins/stroke/stroke_ca.h @@ -37,39 +37,39 @@ struct stroke_ca_t { * Implements credential_set_t */ credential_set_t set; - + /** * Add a CA to the set using a stroke_msg_t. * * @param msg stroke message containing CA info */ void (*add)(stroke_ca_t *this, stroke_msg_t *msg); - + /** * Remove a CA from the set using a stroke_msg_t. * * @param msg stroke message containing CA info */ void (*del)(stroke_ca_t *this, stroke_msg_t *msg); - + /** * List CA sections to stroke console. * * @param msg stroke message */ void (*list)(stroke_ca_t *this, stroke_msg_t *msg, FILE *out); - + /** * Check if a certificate can be made available through hash and URL. - * + * * @param cert peer certificate */ void (*check_for_hash_and_url)(stroke_ca_t *this, certificate_t* cert); - + /** - * Destroy a stroke_ca instance. - */ - void (*destroy)(stroke_ca_t *this); + * Destroy a stroke_ca instance. + */ + void (*destroy)(stroke_ca_t *this); }; /** diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c index 0b6a4ac31..0752f3c93 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/charon/plugins/stroke/stroke_config.c @@ -16,7 +16,7 @@ #include "stroke_config.h" #include -#include +#include #include typedef struct private_stroke_config_t private_stroke_config_t; @@ -30,22 +30,22 @@ struct private_stroke_config_t { * public functions */ stroke_config_t public; - + /** * list of peer_cfg_t */ linked_list_t *list; - + /** * mutex to lock config list */ mutex_t *mutex; - + /** * ca sections */ stroke_ca_t *ca; - + /** * credentials */ @@ -93,7 +93,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_stroke_config_t *this, char *nam enumerator_t *e1, *e2; peer_cfg_t *current, *found = NULL; child_cfg_t *child; - + this->mutex->lock(this->mutex); e1 = this->list->create_enumerator(this->list); while (e1->enumerate(e1, ¤t)) @@ -139,7 +139,7 @@ static void add_proposals(private_stroke_config_t *this, char *string, char *strict; proposal_t *proposal; protocol_id_t proto = PROTO_ESP; - + if (ike_cfg) { proto = PROTO_IKE; @@ -195,7 +195,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg ike_cfg_t *ike_cfg; char *interface; host_t *host; - + host = host_create_from_dns(msg->add_conn.other.address, 0, 0); if (host) { @@ -227,7 +227,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg { free(interface); } - + } } } @@ -236,7 +236,7 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg msg->add_conn.me.address, msg->add_conn.other.address); add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL); - return ike_cfg; + return ike_cfg; } /** @@ -275,7 +275,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, stroke_end_t *end, *other_end; auth_cfg_t *cfg; char eap_buf[32]; - + /* select strings */ if (local) { @@ -317,7 +317,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, ca = other_end->ca2; } } - + if (!auth) { if (primary) @@ -366,9 +366,9 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, return NULL; } } - + cfg = auth_cfg_create(); - + /* add identity and peer certifcate */ identity = identification_create_from_string(id); if (cert) @@ -380,12 +380,12 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, { this->ca->check_for_hash_and_url(this->ca, certificate); } - cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate); + cfg->add(cfg, AUTH_RULE_SUBJECT_CERT, certificate); if (identity->get_type(identity) == ID_ANY || !certificate->has_subject(certificate, identity)) { - DBG1(DBG_CFG, " peerid %Y not confirmed by certificate, " - "defaulting to subject DN: %Y", identity, + DBG1(DBG_CFG, " id '%Y' not confirmed by certificate, " + "defaulting to '%Y'", identity, certificate->get_subject(certificate)); identity->destroy(identity); identity = certificate->get_subject(certificate); @@ -394,7 +394,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, } } cfg->add(cfg, AUTH_RULE_IDENTITY, identity); - + /* CA constraint */ if (ca) { @@ -412,13 +412,13 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, "constraint", ca); } } - + /* AC groups */ if (end->groups) { enumerator_t *enumerator; char *group; - + enumerator = enumerator_create_token(end->groups, ",", " "); while (enumerator->enumerate(enumerator, &group)) { @@ -428,7 +428,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, } enumerator->destroy(enumerator); } - + /* authentication metod (class, actually) */ if (streq(auth, "pubkey") || streq(auth, "rsasig") || streq(auth, "rsa") || @@ -446,9 +446,9 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, enumerator_t *enumerator; char *str; int i = 0, type = 0, vendor; - + cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP); - + /* parse EAP string, format: eap[-type[-vendor]] */ enumerator = enumerator_create_token(auth, "-", " "); while (enumerator->enumerate(enumerator, &str)) @@ -488,7 +488,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, i++; } enumerator->destroy(enumerator); - + if (msg->add_conn.eap_identity) { if (streq(msg->add_conn.eap_identity, "%identity")) @@ -529,37 +529,36 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, u_int32_t rekey = 0, reauth = 0, over, jitter; peer_cfg_t *peer_cfg; auth_cfg_t *auth_cfg; - + #ifdef ME if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by) { - DBG1(DBG_CFG, "a mediation connection cannot be a" - " mediated connection at the same time, aborting"); + DBG1(DBG_CFG, "a mediation connection cannot be a mediated connection " + "at the same time, aborting"); return NULL; } - + if (msg->add_conn.ikeme.mediation) { /* force unique connections for mediation connections */ msg->add_conn.unique = 1; } - + if (msg->add_conn.ikeme.mediated_by) { mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends, - msg->add_conn.ikeme.mediated_by); + msg->add_conn.ikeme.mediated_by); if (!mediated_by) { DBG1(DBG_CFG, "mediation connection '%s' not found, aborting", msg->add_conn.ikeme.mediated_by); return NULL; } - if (!mediated_by->is_mediation(mediated_by)) { - DBG1(DBG_CFG, "connection '%s' as referred to by '%s' is" - "no mediation connection, aborting", - msg->add_conn.ikeme.mediated_by, msg->add_conn.name); + DBG1(DBG_CFG, "connection '%s' as referred to by '%s' is " + "no mediation connection, aborting", + msg->add_conn.ikeme.mediated_by, msg->add_conn.name); mediated_by->destroy(mediated_by); return NULL; } @@ -573,7 +572,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, } } #endif /* ME */ - + jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100; over = msg->add_conn.rekey.margin; if (msg->add_conn.rekey.reauth) @@ -583,8 +582,8 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, else { rekey = msg->add_conn.rekey.ike_lifetime - over; - } - if (msg->add_conn.me.sourceip_size) + } + if (msg->add_conn.me.sourceip_mask) { if (msg->add_conn.me.sourceip) { @@ -633,19 +632,19 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, { /* dpdaction=none disables DPD */ msg->add_conn.dpd.delay = 0; } - + /* other.sourceip is managed in stroke_attributes. If it is set, we define * the pool name as the connection name, which the attribute provider * uses to serve pool addresses. */ peer_cfg = peer_cfg_create(msg->add_conn.name, msg->add_conn.ikev2 ? 2 : 1, ike_cfg, - msg->add_conn.me.sendcert, unique, + msg->add_conn.me.sendcert, unique, msg->add_conn.rekey.tries, rekey, reauth, jitter, over, msg->add_conn.mobike, msg->add_conn.dpd.delay, - vip, msg->add_conn.other.sourceip_size ? + vip, msg->add_conn.other.sourceip_mask ? msg->add_conn.name : msg->add_conn.other.sourceip, msg->add_conn.ikeme.mediation, mediated_by, peer_id); - + /* build leftauth= */ auth_cfg = build_auth_cfg(this, msg, TRUE, TRUE); if (auth_cfg) @@ -685,7 +684,7 @@ static void add_ts(private_stroke_config_t *this, stroke_end_t *end, child_cfg_t *child_cfg, bool local) { traffic_selector_t *ts; - + if (end->tohost) { ts = traffic_selector_create_dynamic(end->protocol, @@ -695,7 +694,7 @@ static void add_ts(private_stroke_config_t *this, else { host_t *net; - + if (!end->subnets) { net = host_create_from_string(end->address, IKEV2_UDP_PORT); @@ -709,12 +708,12 @@ static void add_ts(private_stroke_config_t *this, else { char *del, *start, *bits; - + start = end->subnets; do { int intbits = 0; - + del = strchr(start, ','); if (del) { @@ -726,7 +725,7 @@ static void add_ts(private_stroke_config_t *this, *bits = '\0'; intbits = atoi(bits + 1); } - + net = host_create_from_string(start, IKEV2_UDP_PORT); if (net) { @@ -753,7 +752,24 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, { child_cfg_t *child_cfg; action_t dpd; - + lifetime_cfg_t lifetime = { + .time = { + .life = msg->add_conn.rekey.ipsec_lifetime, + .rekey = msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin, + .jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100 + }, + .bytes = { + .life = msg->add_conn.rekey.life_bytes, + .rekey = msg->add_conn.rekey.life_bytes - msg->add_conn.rekey.margin_bytes, + .jitter = msg->add_conn.rekey.margin_bytes * msg->add_conn.rekey.fuzz / 100 + }, + .packets = { + .life = msg->add_conn.rekey.life_packets, + .rekey = msg->add_conn.rekey.life_packets - msg->add_conn.rekey.margin_packets, + .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100 + } + }; + switch (msg->add_conn.dpd.action) { /* map startes magic values to our action type */ case 2: /* =hold */ @@ -766,19 +782,19 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, dpd = ACTION_NONE; break; } + child_cfg = child_cfg_create( - msg->add_conn.name, msg->add_conn.rekey.ipsec_lifetime, - msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin, - msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100, + msg->add_conn.name, &lifetime, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, - msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp); + msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp, + msg->add_conn.inactivity); child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); add_ts(this, &msg->add_conn.other, child_cfg, FALSE); - + add_proposals(this, msg->add_conn.algorithms.esp, NULL, child_cfg); - + return child_cfg; } @@ -804,7 +820,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) ike_cfg->destroy(ike_cfg); return; } - + enumerator = create_peer_cfg_enumerator(this, NULL, NULL); while (enumerator->enumerate(enumerator, &existing)) { @@ -822,7 +838,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) } } enumerator->destroy(enumerator); - + child_cfg = build_child_cfg(this, msg); if (!child_cfg) { @@ -830,7 +846,7 @@ static void add(private_stroke_config_t *this, stroke_msg_t *msg) return; } peer_cfg->add_child_cfg(peer_cfg, child_cfg); - + if (use_existing) { peer_cfg->destroy(peer_cfg); @@ -854,13 +870,13 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) peer_cfg_t *peer; child_cfg_t *child; bool deleted = FALSE; - + this->mutex->lock(this->mutex); enumerator = this->list->create_enumerator(this->list); while (enumerator->enumerate(enumerator, (void**)&peer)) { bool keep = FALSE; - + /* remove any child with such a name */ children = peer->create_child_cfg_enumerator(peer); while (children->enumerate(children, &child)) @@ -877,7 +893,7 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) } } children->destroy(children); - + /* if peer config matches, or has no children anymore, remove it */ if (!keep || streq(peer->get_name(peer), msg->del_conn.name)) { @@ -888,7 +904,7 @@ static void del(private_stroke_config_t *this, stroke_msg_t *msg) } enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); - + if (deleted) { DBG1(DBG_CFG, "deleted connection '%s'", msg->del_conn.name); @@ -915,19 +931,19 @@ static void destroy(private_stroke_config_t *this) stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred) { private_stroke_config_t *this = malloc_thing(private_stroke_config_t); - + this->public.backend.create_peer_cfg_enumerator = (enumerator_t*(*)(backend_t*, identification_t *me, identification_t *other))create_peer_cfg_enumerator; this->public.backend.create_ike_cfg_enumerator = (enumerator_t*(*)(backend_t*, host_t *me, host_t *other))create_ike_cfg_enumerator; this->public.backend.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_t*,char*))get_peer_cfg_by_name; this->public.add = (void(*)(stroke_config_t*, stroke_msg_t *msg))add; this->public.del = (void(*)(stroke_config_t*, stroke_msg_t *msg))del; this->public.destroy = (void(*)(stroke_config_t*))destroy; - + this->list = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->ca = ca; this->cred = cred; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_config.h b/src/charon/plugins/stroke/stroke_config.h index 270795e4a..05e4665ca 100644 --- a/src/charon/plugins/stroke/stroke_config.h +++ b/src/charon/plugins/stroke/stroke_config.h @@ -37,25 +37,25 @@ struct stroke_config_t { * Implements the backend_t interface */ backend_t backend; - + /** * Add a configuration to the backend. * * @param msg received stroke message containing config */ void (*add)(stroke_config_t *this, stroke_msg_t *msg); - + /** * Remove a configuration from the backend. * * @param msg received stroke message containing config name */ void (*del)(stroke_config_t *this, stroke_msg_t *msg); - + /** - * Destroy a stroke_config instance. - */ - void (*destroy)(stroke_config_t *this); + * Destroy a stroke_config instance. + */ + void (*destroy)(stroke_config_t *this); }; /** diff --git a/src/charon/plugins/stroke/stroke_control.c b/src/charon/plugins/stroke/stroke_control.c index c572117a2..a03aef697 100644 --- a/src/charon/plugins/stroke/stroke_control.c +++ b/src/charon/plugins/stroke/stroke_control.c @@ -43,7 +43,7 @@ struct stroke_log_info_t { * level to log up to */ level_t level; - + /** * where to write log */ @@ -75,7 +75,7 @@ static child_cfg_t* get_child_from_peer(peer_cfg_t *peer_cfg, char *name) { child_cfg_t *current, *found = NULL; enumerator_t *enumerator; - + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (enumerator->enumerate(enumerator, ¤t)) { @@ -98,7 +98,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; stroke_log_info_t info; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, msg->initiate.name); if (peer_cfg == NULL) @@ -113,7 +113,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg->destroy(peer_cfg); return; } - + child_cfg = get_child_from_peer(peer_cfg, msg->initiate.name); if (child_cfg == NULL) { @@ -121,7 +121,7 @@ static void initiate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *ou peer_cfg->destroy(peer_cfg); return; } - + if (msg->output_verbosity < 0) { charon->controller->initiate(charon->controller, peer_cfg, child_cfg, @@ -150,9 +150,9 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o linked_list_t *ike_list, *child_list; stroke_log_info_t info; uintptr_t del; - + string = msg->terminate.name; - + len = strlen(string); if (len < 1) { @@ -174,7 +174,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o child = FALSE; break; } - + if (name) { /* is a single name */ @@ -202,10 +202,10 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } } } - + info.out = out; info.level = msg->output_verbosity; - + if (id) { if (child) @@ -220,7 +220,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } return; } - + ike_list = linked_list_create(); child_list = linked_list_create(); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); @@ -228,7 +228,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o { child_sa_t *child_sa; iterator_t *children; - + if (child) { children = ike_sa->create_child_sa_iterator(ike_sa); @@ -261,7 +261,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o } } enumerator->destroy(enumerator); - + enumerator = child_list->create_enumerator(child_list); while (enumerator->enumerate(enumerator, &del)) { @@ -269,7 +269,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o (controller_cb_t)stroke_log, &info); } enumerator->destroy(enumerator); - + enumerator = ike_list->create_enumerator(ike_list); while (enumerator->enumerate(enumerator, &del)) { @@ -277,7 +277,7 @@ static void terminate(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o (controller_cb_t)stroke_log, &info); } enumerator->destroy(enumerator); - + if (child_list->get_count(child_list) == 0 && ike_list->get_count(ike_list) == 0) { @@ -298,7 +298,7 @@ static void terminate_srcip(private_stroke_control_t *this, ike_sa_t *ike_sa; host_t *start = NULL, *end = NULL, *vip; chunk_t chunk_start, chunk_end = chunk_empty, chunk_vip; - + if (msg->terminate_srcip.start) { start = host_create_from_string(msg->terminate_srcip.start, 0); @@ -320,7 +320,7 @@ static void terminate_srcip(private_stroke_control_t *this, } chunk_end = end->get_address(end); } - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -369,10 +369,10 @@ static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o linked_list_t *list; uintptr_t del; stroke_log_info_t info; - + info.out = out; info.level = msg->output_verbosity; - + list = linked_list_create(); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) @@ -386,7 +386,7 @@ static void purge_ike(private_stroke_control_t *this, stroke_msg_t *msg, FILE *o iterator->destroy(iterator); } enumerator->destroy(enumerator); - + enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &del)) { @@ -404,7 +404,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, msg->route.name); if (peer_cfg == NULL) @@ -417,7 +417,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) peer_cfg->destroy(peer_cfg); return; } - + child_cfg = get_child_from_peer(peer_cfg, msg->route.name); if (child_cfg == NULL) { @@ -425,7 +425,7 @@ static void route(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) peer_cfg->destroy(peer_cfg); return; } - + if (charon->traps->install(charon->traps, peer_cfg, child_cfg)) { fprintf(out, "configuration '%s' routed\n", msg->route.name); @@ -446,7 +446,7 @@ static void unroute(private_stroke_control_t *this, stroke_msg_t *msg, FILE *out child_sa_t *child_sa; enumerator_t *enumerator; u_int32_t id; - + enumerator = charon->traps->create_enumerator(charon->traps); while (enumerator->enumerate(enumerator, NULL, &child_sa)) { @@ -477,7 +477,7 @@ static void destroy(private_stroke_control_t *this) stroke_control_t *stroke_control_create() { private_stroke_control_t *this = malloc_thing(private_stroke_control_t); - + this->public.initiate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))initiate; this->public.terminate = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate; this->public.terminate_srcip = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))terminate_srcip; @@ -485,7 +485,7 @@ stroke_control_t *stroke_control_create() this->public.route = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))route; this->public.unroute = (void(*)(stroke_control_t*, stroke_msg_t *msg, FILE *out))unroute; this->public.destroy = (void(*)(stroke_control_t*))destroy; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_control.h b/src/charon/plugins/stroke/stroke_control.h index 5a61a90a4..9b49bdc31 100644 --- a/src/charon/plugins/stroke/stroke_control.h +++ b/src/charon/plugins/stroke/stroke_control.h @@ -38,42 +38,42 @@ struct stroke_control_t { * @param msg stroke message */ void (*initiate)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Terminate a connection. * * @param msg stroke message */ void (*terminate)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Terminate a connection by peers virtual IP. * * @param msg stroke message */ void (*terminate_srcip)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Delete IKE_SAs without a CHILD_SA. * * @param msg stroke message */ void (*purge_ike)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Route a connection. * * @param msg stroke message */ void (*route)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Unroute a connection. * * @param msg stroke message */ void (*unroute)(stroke_control_t *this, stroke_msg_t *msg, FILE *out); - + /** * Destroy a stroke_control instance. */ diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index 31bcfe9f4..bc0b2f6fc 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -27,8 +27,7 @@ #include #include #include -#include -#include +#include #include /* configuration directories and files */ @@ -56,7 +55,7 @@ struct private_stroke_cred_t { * public functions */ stroke_cred_t public; - + /** * list of trusted peer/signer/CA certificates (certificate_t) */ @@ -71,12 +70,12 @@ struct private_stroke_cred_t { * list of private keys (private_key_t) */ linked_list_t *private; - + /** * read-write lock to lists */ rwlock_t *lock; - + /** * cache CRLs to disk? */ @@ -89,6 +88,7 @@ struct private_stroke_cred_t { typedef struct { private_stroke_cred_t *this; identification_t *id; + certificate_type_t type; } id_data_t; /** @@ -106,25 +106,17 @@ static void id_data_destroy(id_data_t *data) static bool private_filter(id_data_t *data, private_key_t **in, private_key_t **out) { - identification_t *candidate; - id_type_t type; - + private_key_t *key; + + key = *in; if (data->id == NULL) { - *out = *in; + *out = key; return TRUE; } - type = data->id->get_type(data->id); - if (type == ID_KEY_ID) - { /* handle ID_KEY_ID as a ID_PUBKEY_SHA1 */ - type = ID_PUBKEY_SHA1; - } - candidate = (*in)->get_id(*in, type); - if (candidate && - chunk_equals(candidate->get_encoding(candidate), - data->id->get_encoding(data->id))) + if (key->has_fingerprint(key, data->id->get_encoding(data->id))) { - *out = *in; + *out = key; return TRUE; } return FALSE; @@ -141,7 +133,7 @@ static enumerator_t* create_private_enumerator(private_stroke_cred_t *this, data = malloc_thing(id_data_t); data->this = this; data->id = id; - + this->lock->read_lock(this->lock); return enumerator_create_filter(this->private->create_enumerator(this->private), (void*)private_filter, data, @@ -154,26 +146,22 @@ static enumerator_t* create_private_enumerator(private_stroke_cred_t *this, static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **out) { public_key_t *public; - identification_t *candidate; certificate_t *cert = *in; - certificate_type_t type = cert->get_type(cert); - if (type == CERT_X509_CRL || type == CERT_X509_AC) + if (data->type != CERT_ANY && data->type != cert->get_type(cert)) { return FALSE; } - if (data->id == NULL || cert->has_subject(cert, data->id)) { *out = *in; return TRUE; } - - public = (cert)->get_public_key(cert); + + public = cert->get_public_key(cert); if (public) { - candidate = public->get_id(public, data->id->get_type(data->id)); - if (candidate && data->id->equals(data->id, candidate)) + if (public->has_fingerprint(public, data->id->get_encoding(data->id))) { public->destroy(public); *out = *in; @@ -184,46 +172,6 @@ static bool certs_filter(id_data_t *data, certificate_t **in, certificate_t **ou return FALSE; } -/** - * filter function for crl enumerator - */ -static bool crl_filter(id_data_t *data, certificate_t **in, certificate_t **out) -{ - certificate_t *cert = *in; - - if (cert->get_type(cert) != CERT_X509_CRL) - { - return FALSE; - } - - if (data->id == NULL || cert->has_issuer(cert, data->id)) - { - *out = *in; - return TRUE; - } - return FALSE; -} - -/** - * filter function for attribute certificate enumerator - */ -static bool ac_filter(id_data_t *data, certificate_t **in, certificate_t **out) -{ - certificate_t *cert = *in; - - if (cert->get_type(cert) != CERT_X509_AC) - { - return FALSE; - } - - if (data->id == NULL || cert->has_subject(cert, data->id)) - { - *out = *in; - return TRUE; - } - return FALSE; -} - /** * Implements credential_set_t.create_cert_enumerator */ @@ -232,30 +180,16 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, identification_t *id, bool trusted) { id_data_t *data; - - if (cert == CERT_X509_CRL || cert == CERT_X509_AC) + + if (trusted && (cert == CERT_X509_CRL || cert == CERT_X509_AC)) { - if (trusted) - { - return NULL; - } - data = malloc_thing(id_data_t); - data->this = this; - data->id = id; - - this->lock->read_lock(this->lock); - return enumerator_create_filter(this->certs->create_enumerator(this->certs), - (cert == CERT_X509_CRL)? (void*)crl_filter : (void*)ac_filter, - data, (void*)id_data_destroy); - } - if (cert != CERT_X509 && cert != CERT_ANY) - { /* we only have X509 certificates. TODO: ACs? */ return NULL; } data = malloc_thing(id_data_t); data->this = this; data->id = id; - + data->type = cert; + this->lock->read_lock(this->lock); return enumerator_create_filter(this->certs->create_enumerator(this->certs), (void*)certs_filter, data, @@ -286,7 +220,7 @@ static bool shared_filter(shared_data_t *data, void **unused1, id_match_t *me, void **unused2, id_match_t *other) { - id_match_t my_match, other_match; + id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE; stroke_shared_key_t *stroke = *in; shared_key_t *shared = &stroke->shared; @@ -294,10 +228,16 @@ static bool shared_filter(shared_data_t *data, { return FALSE; } - - my_match = stroke->has_owner(stroke, data->me); - other_match = stroke->has_owner(stroke, data->other); - if (!my_match && !other_match) + + if (data->me) + { + my_match = stroke->has_owner(stroke, data->me); + } + if (data->other) + { + other_match = stroke->has_owner(stroke, data->other); + } + if ((data->me || data->other) && (!my_match && !other_match)) { return FALSE; } @@ -316,12 +256,12 @@ static bool shared_filter(shared_data_t *data, /** * Implements credential_set_t.create_shared_enumerator */ -static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, +static enumerator_t* create_shared_enumerator(private_stroke_cred_t *this, shared_key_type_t type, identification_t *me, identification_t *other) { shared_data_t *data = malloc_thing(shared_data_t); - + data->this = this; data->me = me; data->other = other; @@ -339,7 +279,7 @@ static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) { certificate_t *current; enumerator_t *enumerator; - bool new = TRUE; + bool new = TRUE; this->lock->read_lock(this->lock); enumerator = this->certs->create_enumerator(this->certs); @@ -363,7 +303,7 @@ static certificate_t* add_cert(private_stroke_cred_t *this, certificate_t *cert) this->lock->unlock(this->lock); return cert; } - + /** * Implementation of stroke_cred_t.load_ca. */ @@ -371,7 +311,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) { certificate_t *cert; char path[PATH_MAX]; - + if (*filename == '/') { snprintf(path, sizeof(path), "%s", filename); @@ -380,7 +320,7 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) { snprintf(path, sizeof(path), "%s/%s", CA_CERTIFICATE_DIR, filename); } - + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, path, @@ -388,12 +328,12 @@ static certificate_t* load_ca(private_stroke_cred_t *this, char *filename) if (cert) { x509_t *x509 = (x509_t*)cert; - + if (!(x509->get_flags(x509) & X509_CA)) { + DBG1(DBG_CFG, " ca certificate \"%Y\" misses ca basic constraint, " + "discarded", cert->get_subject(cert)); cert->destroy(cert); - DBG1(DBG_CFG, " ca certificate must have ca basic constraint set, " - "discarded"); return NULL; } return (certificate_t*)add_cert(this, cert); @@ -408,7 +348,7 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) { certificate_t *current, *cert = &crl->certificate; enumerator_t *enumerator; - bool new = TRUE, found = FALSE; + bool new = TRUE, found = FALSE; this->lock->write_lock(this->lock); enumerator = this->certs->create_enumerator(this->certs); @@ -417,12 +357,11 @@ static bool add_crl(private_stroke_cred_t *this, crl_t* crl) if (current->get_type(current) == CERT_X509_CRL) { crl_t *crl_c = (crl_t*)current; - identification_t *authkey = crl->get_authKeyIdentifier(crl); - identification_t *authkey_c = crl_c->get_authKeyIdentifier(crl_c); + chunk_t authkey = crl->get_authKeyIdentifier(crl); + chunk_t authkey_c = crl_c->get_authKeyIdentifier(crl_c); /* if compare authorityKeyIdentifiers if available */ - if (authkey != NULL && authkey_c != NULL && - authkey->equals(authkey, authkey_c)) + if (authkey.ptr && authkey_c.ptr && chunk_equals(authkey, authkey_c)) { found = TRUE; } @@ -491,17 +430,19 @@ static certificate_t* load_peer(private_stroke_cred_t *this, char *filename) { snprintf(path, sizeof(path), "%s/%s", CERTIFICATE_DIR, filename); } - + cert = lib->creds->create(lib->creds, - CRED_CERTIFICATE, CERT_X509, + CRED_CERTIFICATE, CERT_ANY, BUILD_FROM_FILE, path, - BUILD_X509_FLAG, 0, BUILD_END); if (cert) { cert = add_cert(this, cert); + DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'", + cert->get_subject(cert), filename); return cert->get_ref(cert); } + DBG1(DBG_CFG, " loading certificate from '%s' failed", filename); return NULL; } @@ -513,7 +454,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path, { struct stat st; char *file; - + enumerator_t *enumerator = enumerator_create_directory(path); if (!enumerator) @@ -535,22 +476,33 @@ static void load_certdir(private_stroke_cred_t *this, char *path, { case CERT_X509: if (flag & X509_CA) - { /* for CA certificates, we strictly require CA - * basicconstraints to be set */ + { /* for CA certificates, we strictly require + * the CA basic constraint to be set */ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, file, BUILD_END); if (cert) { x509_t *x509 = (x509_t*)cert; - + if (!(x509->get_flags(x509) & X509_CA)) { - DBG1(DBG_CFG, " ca certificate must have ca " - "basic constraint set, discarded"); + DBG1(DBG_CFG, " ca certificate \"%Y\" lacks " + "ca basic constraint, discarded", + cert->get_subject(cert)); cert->destroy(cert); cert = NULL; } + else + { + DBG1(DBG_CFG, " loaded ca certificate \"%Y\" from '%s'", + cert->get_subject(cert), file); + } + } + else + { + DBG1(DBG_CFG, " loading ca certificate from '%s' " + "failed", file); } } else @@ -559,6 +511,16 @@ static void load_certdir(private_stroke_cred_t *this, char *path, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, file, BUILD_X509_FLAG, flag, BUILD_END); + if (cert) + { + DBG1(DBG_CFG, " loaded certificate \"%Y\" from '%s'", + cert->get_subject(cert), file); + } + else + { + DBG1(DBG_CFG, " loading certificate from '%s' " + "failed", file); + } } if (cert) { @@ -573,6 +535,11 @@ static void load_certdir(private_stroke_cred_t *this, char *path, if (cert) { add_crl(this, (crl_t*)cert); + DBG1(DBG_CFG, " loaded crl from '%s'", file); + } + else + { + DBG1(DBG_CFG, " loading crl from '%s' failed", file); } break; case CERT_X509_AC: @@ -583,10 +550,17 @@ static void load_certdir(private_stroke_cred_t *this, char *path, if (cert) { add_ac(this, (ac_t*)cert); + DBG1(DBG_CFG, " loaded attribute certificate from '%s'", + file); + } + else + { + DBG1(DBG_CFG, " loading attribute certificate from '%s' " + "failed", file); } break; default: - break; + break; } } enumerator->destroy(enumerator); @@ -601,20 +575,18 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert) { /* CRLs get written to /etc/ipsec.d/crls/.crl */ crl_t *crl = (crl_t*)cert; - + cert->get_ref(cert); if (add_crl(this, crl)) { char buf[BUF_LEN]; chunk_t chunk, hex; - identification_t *id; - - id = crl->get_authKeyIdentifier(crl); - chunk = id->get_encoding(id); + + chunk = crl->get_authKeyIdentifier(crl); hex = chunk_to_hex(chunk, NULL, FALSE); snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex); free(hex.ptr); - + chunk = cert->get_encoding(cert); chunk_write(chunk, buf, "crl", 022, TRUE); free(chunk.ptr); @@ -669,7 +641,7 @@ static err_t extract_secret(chunk_t *secret, chunk_t *line) } if (quotes) - { + { /* treat as an ASCII string */ *secret = chunk_clone(raw_secret); return NULL; @@ -692,10 +664,55 @@ static err_t extract_secret(chunk_t *secret, chunk_t *line) return NULL; } +/** + * Data to pass to passphrase_cb + */ +typedef struct { + /** socket we use for prompting */ + FILE *prompt; + /** private key file */ + char *file; + /** buffer for passphrase */ + char buf[256]; +} passphrase_cb_data_t; + +/** + * Passphrase callback to read from whack fd + */ +chunk_t passphrase_cb(passphrase_cb_data_t *data, int try) +{ + chunk_t secret = chunk_empty;; + + if (try > 5) + { + fprintf(data->prompt, "invalid passphrase, too many trials\n"); + return chunk_empty; + } + if (try == 1) + { + fprintf(data->prompt, "Private key '%s' is encrypted\n", data->file); + } + else + { + fprintf(data->prompt, "invalid passphrase\n"); + } + fprintf(data->prompt, "Passphrase:\n"); + if (fgets(data->buf, sizeof(data->buf), data->prompt)) + { + secret = chunk_create(data->buf, strlen(data->buf)); + if (secret.len) + { /* trim appended \n */ + secret.len--; + } + } + return secret; +} + /** * reload ipsec.secrets */ -static void load_secrets(private_stroke_cred_t *this, char *file, int level) +static void load_secrets(private_stroke_cred_t *this, char *file, int level, + FILE *prompt) { size_t bytes; int line_nr = 0; @@ -709,7 +726,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) fd = fopen(file, "r"); if (fd == NULL) { - DBG1(DBG_CFG, "opening secrets file '%s' failed"); + DBG1(DBG_CFG, "opening secrets file '%s' failed", file); return; } @@ -722,9 +739,10 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) fclose(fd); src = chunk; - this->lock->write_lock(this->lock); if (level == 0) { + this->lock->write_lock(this->lock); + /* flush secrets on non-recursive invocation */ while (this->shared->remove_last(this->shared, (void**)&shared) == SUCCESS) @@ -737,7 +755,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) private->destroy(private); } } - + while (fetchline(&src, &line)) { chunk_t ids, token; @@ -755,7 +773,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) glob_t buf; char **expanded, *dir, pattern[PATH_MAX]; u_char *pos; - + if (level > MAX_SECRETS_RECURSION) { DBG1(DBG_CFG, "maximum level of %d includes reached, ignored", @@ -782,7 +800,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) { /* use directory of current file if relative */ dir = strdup(file); dir = dirname(dir); - + if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern)) { DBG1(DBG_CFG, "include pattern too long, ignored"); @@ -802,13 +820,13 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) { for (expanded = buf.gl_pathv; *expanded != NULL; expanded++) { - load_secrets(this, *expanded, level + 1); + load_secrets(this, *expanded, level + 1, prompt); } } globfree(&buf); continue; } - + if (line.len > 2 && strneq(": ", line.ptr, 2)) { /* no ids, skip the ':' */ @@ -837,9 +855,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) char path[PATH_MAX]; chunk_t filename; chunk_t secret = chunk_empty; - private_key_t *key; - bool pgp = FALSE; - chunk_t chunk = chunk_empty; + private_key_t *key = NULL; key_type_t key_type = match("RSA", &token) ? KEY_RSA : KEY_ECDSA; err_t ugh = extract_value(&filename, &line); @@ -862,7 +878,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) else { /* relative path name */ - snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR, + snprintf(path, sizeof(path), "%s/%.*s", PRIVATE_KEY_DIR, filename.len, filename.ptr); } @@ -876,18 +892,36 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) goto error; } } - - if (pem_asn1_load_file(path, &secret, &chunk, &pgp)) + if (secret.len == 7 && strneq(secret.ptr, "%prompt", 7)) { - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, - BUILD_BLOB_ASN1_DER, chunk, BUILD_END); - free(chunk.ptr); - if (key) + if (prompt) { - DBG1(DBG_CFG, " loaded private key file '%s'", path); - this->private->insert_last(this->private, key); + passphrase_cb_data_t data; + + data.prompt = prompt; + data.file = path; + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, + key_type, BUILD_FROM_FILE, path, + BUILD_PASSPHRASE_CALLBACK, + passphrase_cb, &data, BUILD_END); } } + else + { + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, + BUILD_FROM_FILE, path, + BUILD_PASSPHRASE, secret, BUILD_END); + } + if (key) + { + DBG1(DBG_CFG, " loaded %N private key from '%s'", + key_type_names, key->get_type(key), path); + this->private->insert_last(this->private, key); + } + else + { + DBG1(DBG_CFG, " loading private key from '%s' failed", path); + } chunk_clear(&secret); } else if (match("PIN", &token)) @@ -896,9 +930,9 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) char smartcard[32], keyid[22], pin[32]; private_key_t *key; u_int slot; - + err_t ugh = extract_value(&sc, &line); - + if (ugh != NULL) { DBG1(DBG_CFG, "line %d: %s", line_nr, ugh); @@ -911,7 +945,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) } snprintf(smartcard, sizeof(smartcard), "%.*s", sc.len, sc.ptr); smartcard[sizeof(smartcard) - 1] = '\0'; - + /* parse slot and key id. only two formats are supported. * first try %smartcard: */ if (sscanf(smartcard, "%%smartcard%u:%s", &slot, keyid) == 2) @@ -929,7 +963,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) " supported or invalid", line_nr); goto error; } - + if (!eat_whitespace(&line)) { DBG1(DBG_CFG, "line %d: expected PIN", line_nr); @@ -943,12 +977,12 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) } snprintf(pin, sizeof(pin), "%.*s", secret.len, secret.ptr); pin[sizeof(pin) - 1] = '\0'; - + /* we assume an RSA key */ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_SMARTCARD_KEYID, smartcard, BUILD_SMARTCARD_PIN, pin, BUILD_END); - + if (key) { DBG1(DBG_CFG, " loaded private key from %.*s", sc.len, sc.ptr); @@ -975,7 +1009,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) DBG1(DBG_CFG, " loaded %N secret for %s", shared_key_type_names, type, ids.len > 0 ? (char*)ids.ptr : "%any"); DBG4(DBG_CFG, " secret: %#B", &secret); - + this->shared->insert_last(this->shared, shared_key); while (ids.len > 0) { @@ -992,7 +1026,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) { continue; } - + /* NULL terminate the ID string */ *(id.ptr + id.len) = '\0'; peer_id = identification_create_from_string(id.ptr); @@ -1001,7 +1035,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) peer_id->destroy(peer_id); continue; } - + shared_key->add_owner(shared_key, peer_id); any = FALSE; } @@ -1019,7 +1053,10 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level) } } error: - this->lock->unlock(this->lock); + if (level == 0) + { + this->lock->unlock(this->lock); + } chunk_clear(&chunk); } @@ -1052,12 +1089,12 @@ static void load_certs(private_stroke_cred_t *this) /** * Implementation of stroke_cred_t.reread. */ -static void reread(private_stroke_cred_t *this, stroke_msg_t *msg) +static void reread(private_stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt) { if (msg->reread.flags & REREAD_SECRETS) { DBG1(DBG_CFG, "rereading secrets"); - load_secrets(this, SECRETS_FILE, 0); + load_secrets(this, SECRETS_FILE, 0, prompt); } if (msg->reread.flags & REREAD_CACERTS) { @@ -1110,28 +1147,28 @@ static void destroy(private_stroke_cred_t *this) stroke_cred_t *stroke_cred_create() { private_stroke_cred_t *this = malloc_thing(private_stroke_cred_t); - + this->public.set.create_private_enumerator = (void*)create_private_enumerator; this->public.set.create_cert_enumerator = (void*)create_cert_enumerator; this->public.set.create_shared_enumerator = (void*)create_shared_enumerator; this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.cache_cert = (void*)cache_cert; - this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg))reread; + this->public.reread = (void(*)(stroke_cred_t*, stroke_msg_t *msg, FILE*))reread; this->public.load_ca = (certificate_t*(*)(stroke_cred_t*, char *filename))load_ca; this->public.load_peer = (certificate_t*(*)(stroke_cred_t*, char *filename))load_peer; this->public.cachecrl = (void(*)(stroke_cred_t*, bool enabled))cachecrl; this->public.destroy = (void(*)(stroke_cred_t*))destroy; - + this->certs = linked_list_create(); this->shared = linked_list_create(); this->private = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); load_certs(this); - load_secrets(this, SECRETS_FILE, 0); - + load_secrets(this, SECRETS_FILE, 0, NULL); + this->cachecrl = FALSE; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/charon/plugins/stroke/stroke_cred.h index 8bc042f13..ccee7d87c 100644 --- a/src/charon/plugins/stroke/stroke_cred.h +++ b/src/charon/plugins/stroke/stroke_cred.h @@ -21,6 +21,8 @@ #ifndef STROKE_CRED_H_ #define STROKE_CRED_H_ +#include + #include #include #include @@ -36,14 +38,15 @@ struct stroke_cred_t { * Implements credential_set_t */ credential_set_t set; - + /** * Reread secrets from config files. * * @param msg stroke message + * @param prompt I/O channel to prompt for private key passhprase */ - void (*reread)(stroke_cred_t *this, stroke_msg_t *msg); - + void (*reread)(stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt); + /** * Load a CA certificate, and serve it through the credential_set. * @@ -51,7 +54,7 @@ struct stroke_cred_t { * @return reference to loaded certificate, or NULL */ certificate_t* (*load_ca)(stroke_cred_t *this, char *filename); - + /** * Load a peer certificate and serve it rhrough the credential_set. * @@ -59,18 +62,18 @@ struct stroke_cred_t { * @return reference to loaded certificate, or NULL */ certificate_t* (*load_peer)(stroke_cred_t *this, char *filename); - + /** * Enable/Disable CRL caching to disk. * * @param enabled TRUE to enable, FALSE to disable */ void (*cachecrl)(stroke_cred_t *this, bool enabled); - + /** - * Destroy a stroke_cred instance. - */ - void (*destroy)(stroke_cred_t *this); + * Destroy a stroke_cred instance. + */ + void (*destroy)(stroke_cred_t *this); }; /** diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index 6f421bd30..c2a98da33 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -22,6 +22,8 @@ #include #include #include +#include +#include #include /* warning intervals for list functions */ @@ -40,12 +42,12 @@ struct private_stroke_list_t { * public functions */ stroke_list_t public; - + /** * timestamp of daemon start */ time_t uptime; - + /** * strokes attribute provider */ @@ -58,45 +60,45 @@ struct private_stroke_list_t { static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) { ike_sa_id_t *id = ike_sa->get_id(ike_sa); - time_t now = time(NULL); - + time_t now = time_monotonic(NULL); + fprintf(out, "%12s[%d]: %N", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), ike_sa_state_names, ike_sa->get_state(ike_sa)); - + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) { time_t established; - + established = ike_sa->get_statistic(ike_sa, STAT_ESTABLISHED); fprintf(out, " %V ago", &now, &established); } - + fprintf(out, ", %H[%Y]...%H[%Y]\n", ike_sa->get_my_host(ike_sa), ike_sa->get_my_id(ike_sa), ike_sa->get_other_host(ike_sa), ike_sa->get_other_id(ike_sa)); - + if (all) { proposal_t *ike_proposal; - + ike_proposal = ike_sa->get_proposal(ike_sa); - + fprintf(out, "%12s[%d]: IKE SPIs: %.16llx_i%s %.16llx_r%s", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), id->get_initiator_spi(id), id->is_initiator(id) ? "*" : "", id->get_responder_spi(id), id->is_initiator(id) ? "" : "*"); - - + + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED) { time_t rekey, reauth; peer_cfg_t *peer_cfg; - + rekey = ike_sa->get_statistic(ike_sa, STAT_REKEY); reauth = ike_sa->get_statistic(ike_sa, STAT_REAUTH); peer_cfg = ike_sa->get_peer_cfg(ike_sa); - + if (rekey) { fprintf(out, ", rekeying in %V", &rekey, &now); @@ -106,7 +108,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) bool first = TRUE; enumerator_t *enumerator; auth_cfg_t *auth; - + fprintf(out, ", "); enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, TRUE); while (enumerator->enumerate(enumerator, &auth)) @@ -128,11 +130,11 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) } } fprintf(out, "\n"); - + if (ike_proposal) { char buf[BUF_LEN]; - + snprintf(buf, BUF_LEN, "%P", ike_proposal); fprintf(out, "%12s[%d]: IKE proposal: %s\n", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), @@ -146,17 +148,18 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) */ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { - time_t use_in, use_out, rekey, now = time(NULL); + time_t use_in, use_out, rekey, now; u_int64_t bytes_in, bytes_out; proposal_t *proposal; child_cfg_t *config = child_sa->get_config(child_sa); - - fprintf(out, "%12s{%d}: %N, %N%s", + + + fprintf(out, "%12s{%d}: %N, %N%s", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), child_sa_state_names, child_sa->get_state(child_sa), ipsec_mode_names, child_sa->get_mode(child_sa), config->use_proxy_mode(config) ? "_PROXY" : ""); - + if (child_sa->get_state(child_sa) == CHILD_INSTALLED) { fprintf(out, ", %N%s SPIs: %.8x_i %.8x_o", @@ -164,30 +167,30 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) child_sa->has_encap(child_sa) ? " in UDP" : "", ntohl(child_sa->get_spi(child_sa, TRUE)), ntohl(child_sa->get_spi(child_sa, FALSE))); - + if (child_sa->get_ipcomp(child_sa) != IPCOMP_NONE) { fprintf(out, ", IPCOMP CPIs: %.4x_i %.4x_o", ntohs(child_sa->get_cpi(child_sa, TRUE)), ntohs(child_sa->get_cpi(child_sa, FALSE))); } - + if (all) { - fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa), + fprintf(out, "\n%12s{%d}: ", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa)); - + proposal = child_sa->get_proposal(child_sa); if (proposal) { u_int16_t encr_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED; u_int16_t encr_size = 0, int_size = 0; - + proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &encr_alg, &encr_size); proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, &int_size); - + if (encr_alg != ENCR_UNDEFINED) { fprintf(out, "%N", encryption_algorithm_names, encr_alg); @@ -206,6 +209,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) } } + now = time_monotonic(NULL); child_sa->get_usestats(child_sa, TRUE, &use_in, &bytes_in); fprintf(out, ", %llu bytes_i", bytes_in); if (use_in) @@ -220,7 +224,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) fprintf(out, " (%ds ago)", now - use_out); } fprintf(out, ", rekeying "); - + rekey = child_sa->get_lifetime(child_sa, FALSE); if (rekey) { @@ -237,10 +241,10 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { fprintf(out, "disabled"); } - + } } - + fprintf(out, "\n%12s{%d}: %#R=== %#R\n", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), child_sa->get_traffic_selectors(child_sa, TRUE), @@ -260,9 +264,9 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) certificate_t *cert; cert_validation_t valid; char *name; - + name = peer_cfg->get_name(peer_cfg); - + enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, local); while (enumerator->enumerate(enumerator, &auth)) { @@ -327,7 +331,7 @@ static void log_auth_cfgs(FILE *out, peer_cfg_t *peer_cfg, bool local) fprintf(out, "%12s: ocsp: status must be GOOD%s\n", name, (valid == VALIDATION_SKIPPED) ? " or SKIPPED" : ""); } - + valid = (uintptr_t)auth->get(auth, AUTH_RULE_CRL_VALIDATION); if (valid != VALIDATION_FAILED) { @@ -360,18 +364,21 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo ike_sa_t *ike_sa; bool first, found = FALSE; char *name = msg->status.name; - + if (all) { peer_cfg_t *peer_cfg; char *plugin, *pool; host_t *host; u_int32_t dpd; - time_t now = time(NULL); + time_t since, now; u_int size, online, offline; - + + now = time_monotonic(NULL); + since = time(NULL) - (now - this->uptime); + fprintf(out, "Status of IKEv2 charon daemon (strongSwan "VERSION"):\n"); - fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &this->uptime, FALSE); + fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &since, FALSE); fprintf(out, " worker threads: %d idle of %d,", charon->processor->get_idle_threads(charon->processor), charon->processor->get_total_threads(charon->processor)); @@ -387,7 +394,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo } enumerator->destroy(enumerator); fprintf(out, "\n"); - + first = TRUE; enumerator = this->attribute->create_pool_enumerator(this->attribute); while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) @@ -404,7 +411,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo fprintf(out, " %s: %u/%u/%u\n", pool, size, online, offline); } enumerator->destroy(enumerator); - + enumerator = charon->kernel_interface->create_address_enumerator( charon->kernel_interface, FALSE, FALSE); fprintf(out, "Listening IP addresses:\n"); @@ -413,7 +420,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo fprintf(out, " %H\n", host); } enumerator->destroy(enumerator); - + fprintf(out, "Connections:\n"); enumerator = charon->backends->create_peer_cfg_enumerator( charon->backends, NULL, NULL, NULL, NULL); @@ -424,33 +431,33 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo { continue; } - + ike_cfg = peer_cfg->get_ike_cfg(peer_cfg); fprintf(out, "%12s: %s...%s", peer_cfg->get_name(peer_cfg), ike_cfg->get_my_addr(ike_cfg), ike_cfg->get_other_addr(ike_cfg)); - + dpd = peer_cfg->get_dpd(peer_cfg); if (dpd) { fprintf(out, ", dpddelay=%us", dpd); } fprintf(out, "\n"); - + log_auth_cfgs(out, peer_cfg, TRUE); log_auth_cfgs(out, peer_cfg, FALSE); - + children = peer_cfg->create_child_cfg_enumerator(peer_cfg); while (children->enumerate(children, &child_cfg)) { linked_list_t *my_ts, *other_ts; - + my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); fprintf(out, "%12s: child: %#R=== %#R", child_cfg->get_name(child_cfg), my_ts, other_ts); my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy)); - + if (dpd) { fprintf(out, ", dpdaction=%N", action_names, @@ -463,7 +470,7 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo enumerator->destroy(enumerator); } - first = TRUE; + first = TRUE; enumerator = charon->traps->create_enumerator(charon->traps); while (enumerator->enumerate(enumerator, NULL, &child_sa)) { @@ -475,14 +482,14 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo log_child_sa(out, child_sa, all); } enumerator->destroy(enumerator); - + fprintf(out, "Security Associations:\n"); enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { bool ike_printed = FALSE; iterator_t *children = ike_sa->create_child_sa_iterator(ike_sa); - + if (name == NULL || streq(name, ike_sa->get_name(ike_sa))) { log_ike_sa(out, ike_sa, all); @@ -501,12 +508,12 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo ike_printed = TRUE; } log_child_sa(out, child_sa, all); - } + } } children->destroy(children); } enumerator->destroy(enumerator); - + if (!found) { if (name) @@ -531,14 +538,14 @@ static linked_list_t* create_unique_cert_list(certificate_type_t type) charon->credentials, type, KEY_ANY, NULL, FALSE); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { iterator_t *iterator = list->create_iterator(list, TRUE); identification_t *issuer = cert->get_issuer(cert); bool previous_same, same = FALSE, last = TRUE; certificate_t *list_cert; - + while (iterator->iterate(iterator, (void**)&list_cert)) { /* exit if we have a duplicate? */ @@ -568,6 +575,41 @@ static linked_list_t* create_unique_cert_list(certificate_type_t type) return list; } +/** + * Print a single public key. + */ +static void list_public_key(public_key_t *public, FILE *out) +{ + private_key_t *private = NULL; + chunk_t keyid; + identification_t *id; + auth_cfg_t *auth; + + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyid)) + { + id = identification_create_from_encoding(ID_KEY_ID, keyid); + auth = auth_cfg_create(); + private = charon->credentials->get_private(charon->credentials, + public->get_type(public), id, auth); + auth->destroy(auth); + id->destroy(id); + } + + fprintf(out, " pubkey: %N %d bits%s\n", + key_type_names, public->get_type(public), + public->get_keysize(public) * 8, + private ? ", has private key" : ""); + if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &keyid)) + { + fprintf(out, " keyid: %#B\n", &keyid); + } + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyid)) + { + fprintf(out, " subjkey: %#B\n", &keyid); + } + DESTROY_IF(private); +} + /** * list all raw public keys */ @@ -584,9 +626,6 @@ static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) if (public) { - private_key_t *private = NULL; - identification_t *id, *keyid; - if (first) { fprintf(out, "\n"); @@ -595,20 +634,52 @@ static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) } fprintf(out, "\n"); - /* list public key information */ - id = public->get_id(public, ID_PUBKEY_SHA1); - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - - private = charon->credentials->get_private( - charon->credentials, - public->get_type(public), keyid, NULL); - fprintf(out, " pubkey: %N %d bits%s\n", - key_type_names, public->get_type(public), - public->get_keysize(public) * 8, - private ? ", has private key" : ""); - fprintf(out, " keyid: %Y\n", keyid); - fprintf(out, " subjkey: %Y\n", id); - DESTROY_IF(private); + list_public_key(public, out); + public->destroy(public); + } + } + enumerator->destroy(enumerator); +} + +/** + * list OpenPGP certificates + */ +static void stroke_list_pgp(linked_list_t *list,bool utc, FILE *out) +{ + bool first = TRUE; + time_t now = time(NULL); + enumerator_t *enumerator = list->create_enumerator(list); + certificate_t *cert; + + while (enumerator->enumerate(enumerator, (void**)&cert)) + { + time_t created, until; + public_key_t *public; + pgp_certificate_t *pgp_cert = (pgp_certificate_t*)cert; + chunk_t fingerprint = pgp_cert->get_fingerprint(pgp_cert); + + if (first) + { + + fprintf(out, "\n"); + fprintf(out, "List of PGP End Entity Certificates:\n"); + first = FALSE; + } + fprintf(out, "\n"); + fprintf(out, " userid: '%Y'\n", cert->get_subject(cert)); + + fprintf(out, " digest: %#B\n", &fingerprint); + + /* list validity */ + cert->get_validity(cert, &now, &created, &until); + fprintf(out, " created: %T\n", &created, utc); + fprintf(out, " until: %T%s\n", &until, utc, + (until == TIME_32_BIT_SIGNED_MAX) ? " (expires never)":""); + + public = cert->get_public_key(cert); + if (public) + { + list_public_key(public, out); public->destroy(public); } } @@ -618,29 +689,35 @@ static void stroke_list_pubkeys(linked_list_t *list, bool utc, FILE *out) /** * list all X.509 certificates matching the flags */ -static void stroke_list_certs(linked_list_t *list, char *label, +static void stroke_list_certs(linked_list_t *list, char *label, x509_flag_t flags, bool utc, FILE *out) { bool first = TRUE; time_t now = time(NULL); - enumerator_t *enumerator = list->create_enumerator(list); + enumerator_t *enumerator; certificate_t *cert; + x509_flag_t flag_mask; + + /* mask all auxiliary flags */ + flag_mask = ~(X509_SERVER_AUTH | X509_CLIENT_AUTH | + X509_SELF_SIGNED | X509_IP_ADDR_BLOCKS ); + enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, (void**)&cert)) { x509_t *x509 = (x509_t*)cert; - x509_flag_t x509_flags = x509->get_flags(x509); + x509_flag_t x509_flags = x509->get_flags(x509) & flag_mask; - /* list only if flag is set, or flags == 0 (ignoring self-signed) */ - if ((x509_flags & flags) || (flags == (x509_flags & ~X509_SELF_SIGNED))) + /* list only if flag is set or flag == 0 */ + if ((x509_flags & flags) || (x509_flags == flags)) { enumerator_t *enumerator; identification_t *altName; bool first_altName = TRUE; - chunk_t serial = x509->get_serial(x509); - identification_t *authkey = x509->get_authKeyIdentifier(x509); + int pathlen; + chunk_t serial, authkey; time_t notBefore, notAfter; - public_key_t *public = cert->get_public_key(cert); + public_key_t *public; if (first) { @@ -673,6 +750,7 @@ static void stroke_list_certs(linked_list_t *list, char *label, fprintf(out, " subject: \"%Y\"\n", cert->get_subject(cert)); fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert)); + serial = x509->get_serial(x509); fprintf(out, " serial: %#B\n", &serial); /* list validity */ @@ -700,33 +778,50 @@ static void stroke_list_certs(linked_list_t *list, char *label, } fprintf(out, " \n"); } - - /* list public key information */ + + public = cert->get_public_key(cert); if (public) { - private_key_t *private = NULL; - identification_t *id, *keyid; - - id = public->get_id(public, ID_PUBKEY_SHA1); - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - - private = charon->credentials->get_private( - charon->credentials, - public->get_type(public), keyid, NULL); - fprintf(out, " pubkey: %N %d bits%s\n", - key_type_names, public->get_type(public), - public->get_keysize(public) * 8, - private ? ", has private key" : ""); - fprintf(out, " keyid: %Y\n", keyid); - fprintf(out, " subjkey: %Y\n", id); - DESTROY_IF(private); + list_public_key(public, out); public->destroy(public); } - + /* list optional authorityKeyIdentifier */ - if (authkey) + authkey = x509->get_authKeyIdentifier(x509); + if (authkey.ptr) { - fprintf(out, " authkey: %Y\n", authkey); + fprintf(out, " authkey: %#B\n", &authkey); + } + + /* list optional pathLenConstraint */ + pathlen = x509->get_pathLenConstraint(x509); + if (pathlen != X509_NO_PATH_LEN_CONSTRAINT) + { + fprintf(out, " pathlen: %d\n", pathlen); + } + + /* list optional ipAddrBlocks */ + if (x509->get_flags(x509) & X509_IP_ADDR_BLOCKS) + { + traffic_selector_t *ipAddrBlock; + bool first_ipAddrBlock = TRUE; + + fprintf(out, " addresses: "); + enumerator = x509->create_ipAddrBlock_enumerator(x509); + while (enumerator->enumerate(enumerator, &ipAddrBlock)) + { + if (first_ipAddrBlock) + { + first_ipAddrBlock = FALSE; + } + else + { + fprintf(out, ", "); + } + fprintf(out, "%R", ipAddrBlock); + } + enumerator->destroy(enumerator); + fprintf(out, "\n"); } } } @@ -746,11 +841,9 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) while (enumerator->enumerate(enumerator, (void**)&cert)) { ac_t *ac = (ac_t*)cert; - chunk_t serial = ac->get_serial(ac); - chunk_t holderSerial = ac->get_holderSerial(ac); - identification_t *holderIssuer = ac->get_holderIssuer(ac); - identification_t *authkey = ac->get_authKeyIdentifier(ac); - identification_t *entityName = cert->get_subject(cert); + identification_t *id; + ietf_attributes_t *groups; + chunk_t chunk; if (first) { @@ -760,20 +853,30 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) } fprintf(out, "\n"); - if (entityName) + id = cert->get_subject(cert); + if (id) { - fprintf(out, " holder: \"%Y\"\n", entityName); + fprintf(out, " holder: \"%Y\"\n", id); } - if (holderIssuer) + id = ac->get_holderIssuer(ac); + if (id) { - fprintf(out, " hissuer: \"%Y\"\n", holderIssuer); + fprintf(out, " hissuer: \"%Y\"\n", id); } - if (holderSerial.ptr) + chunk = ac->get_holderSerial(ac); + if (chunk.ptr) { - fprintf(out, " hserial: %#B\n", &holderSerial); + fprintf(out, " hserial: %#B\n", &chunk); + } + groups = ac->get_groups(ac); + if (groups) + { + fprintf(out, " groups: %s\n", groups->get_string(groups)); + groups->destroy(groups); } fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert)); - fprintf(out, " serial: %#B\n", &serial); + chunk = ac->get_serial(ac); + fprintf(out, " serial: %#B\n", &chunk); /* list validity */ cert->get_validity(cert, &now, &thisUpdate, &nextUpdate); @@ -794,9 +897,10 @@ static void stroke_list_acerts(linked_list_t *list, bool utc, FILE *out) } /* list optional authorityKeyIdentifier */ - if (authkey) + chunk = ac->get_authKeyIdentifier(ac); + if (chunk.ptr) { - fprintf(out, " authkey: %Y\n", authkey); + fprintf(out, " authkey: %#B\n", &chunk); } } enumerator->destroy(enumerator); @@ -811,12 +915,11 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) time_t thisUpdate, nextUpdate, now = time(NULL); enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { crl_t *crl = (crl_t*)cert; - chunk_t serial = crl->get_serial(crl); - identification_t *authkey = crl->get_authKeyIdentifier(crl); + chunk_t chunk; if (first) { @@ -829,9 +932,10 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) fprintf(out, " issuer: \"%Y\"\n", cert->get_issuer(cert)); /* list optional crlNumber */ - if (serial.ptr) + chunk = crl->get_serial(crl); + if (chunk.ptr) { - fprintf(out, " serial: %#B\n", &serial); + fprintf(out, " serial: %#B\n", &chunk); } /* count the number of revoked certificates */ @@ -867,9 +971,10 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out) } /* list optional authorityKeyIdentifier */ - if (authkey) + chunk = crl->get_authKeyIdentifier(crl); + if (chunk.ptr) { - fprintf(out, " authkey: %Y\n", authkey); + fprintf(out, " authkey: %#B\n", &chunk); } } enumerator->destroy(enumerator); @@ -883,7 +988,7 @@ static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out) bool first = TRUE; enumerator_t *enumerator = list->create_enumerator(list); certificate_t *cert; - + while (enumerator->enumerate(enumerator, (void**)&cert)) { if (first) @@ -910,7 +1015,7 @@ static void list_algs(FILE *out) hash_algorithm_t hash; pseudo_random_function_t prf; diffie_hellman_group_t group; - + fprintf(out, "\n"); fprintf(out, "List of registered IKEv2 Algorithms:\n"); fprintf(out, "\n encryption: "); @@ -963,7 +1068,14 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) linked_list_t *pubkey_list = create_unique_cert_list(CERT_TRUSTED_PUBKEY); stroke_list_pubkeys(pubkey_list, msg->list.utc, out); - pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy)); + pubkey_list->destroy_offset(pubkey_list, offsetof(certificate_t, destroy)); + } + if (msg->list.flags & LIST_CERTS) + { + linked_list_t *pgp_list = create_unique_cert_list(CERT_GPG); + + stroke_list_pgp(pgp_list, msg->list.utc, out); + pgp_list->destroy_offset(pgp_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & (LIST_CERTS | LIST_CACERTS | LIST_OCSPCERTS | LIST_AACERTS)) { @@ -972,7 +1084,7 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) if (msg->list.flags & LIST_CERTS) { stroke_list_certs(cert_list, "X.509 End Entity Certificates", - 0, msg->list.utc, out); + X509_NONE, msg->list.utc, out); } if (msg->list.flags & LIST_CACERTS) { @@ -989,33 +1101,34 @@ static void list(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) stroke_list_certs(cert_list, "X.509 AA Certificates", X509_AA, msg->list.utc, out); } + DESTROY_OFFSET_IF(cert_list, offsetof(certificate_t, destroy)); + if (msg->list.flags & LIST_ACERTS) { linked_list_t *ac_list = create_unique_cert_list(CERT_X509_AC); stroke_list_acerts(ac_list, msg->list.utc, out); - ac_list->destroy_offset(ac_list, offsetof(certificate_t, destroy)); + ac_list->destroy_offset(ac_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_CRLS) { linked_list_t *crl_list = create_unique_cert_list(CERT_X509_CRL); stroke_list_crls(crl_list, msg->list.utc, out); - crl_list->destroy_offset(crl_list, offsetof(certificate_t, destroy)); + crl_list->destroy_offset(crl_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_OCSP) { linked_list_t *ocsp_list = create_unique_cert_list(CERT_X509_OCSP_RESPONSE); stroke_list_ocsp(ocsp_list, msg->list.utc, out); - - ocsp_list->destroy_offset(ocsp_list, offsetof(certificate_t, destroy)); + + ocsp_list->destroy_offset(ocsp_list, offsetof(certificate_t, destroy)); } if (msg->list.flags & LIST_ALGS) { list_algs(out); } - DESTROY_OFFSET_IF(cert_list, offsetof(certificate_t, destroy)); } /** @@ -1029,7 +1142,7 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool, host_t *lease; bool on; int found = 0; - + fprintf(out, "Leases in pool '%s', usage: %lu/%lu, %lu online\n", pool, online + offline, size, online); enumerator = this->attribute->create_lease_enumerator(this->attribute, pool); @@ -1059,12 +1172,12 @@ static void leases(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out) host_t *address = NULL; char *pool; int found = 0; - + if (msg->leases.address) { address = host_create_from_string(msg->leases.address, 0); } - + enumerator = this->attribute->create_pool_enumerator(this->attribute); while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) { @@ -1103,15 +1216,15 @@ static void destroy(private_stroke_list_t *this) stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) { private_stroke_list_t *this = malloc_thing(private_stroke_list_t); - + this->public.list = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))list; this->public.status = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out,bool))status; this->public.leases = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))leases; this->public.destroy = (void(*)(stroke_list_t*))destroy; - - this->uptime = time(NULL); + + this->uptime = time_monotonic(NULL); this->attribute = attribute; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_list.h b/src/charon/plugins/stroke/stroke_list.h index 2430abfbb..b5bedc6c2 100644 --- a/src/charon/plugins/stroke/stroke_list.h +++ b/src/charon/plugins/stroke/stroke_list.h @@ -40,7 +40,7 @@ struct stroke_list_t { * @param out stroke console stream */ void (*list)(stroke_list_t *this, stroke_msg_t *msg, FILE *out); - + /** * Log status information to stroke console. * @@ -49,7 +49,7 @@ struct stroke_list_t { * @param all TRUE for "statusall" */ void (*status)(stroke_list_t *this, stroke_msg_t *msg, FILE *out, bool all); - + /** * Log pool leases to stroke console. * @@ -57,7 +57,7 @@ struct stroke_list_t { * @param out stroke console stream */ void (*leases)(stroke_list_t *this, stroke_msg_t *msg, FILE *out); - + /** * Destroy a stroke_list instance. */ diff --git a/src/charon/plugins/stroke/stroke_plugin.c b/src/charon/plugins/stroke/stroke_plugin.c index 22c1125a1..61ae10953 100644 --- a/src/charon/plugins/stroke/stroke_plugin.c +++ b/src/charon/plugins/stroke/stroke_plugin.c @@ -29,7 +29,7 @@ struct private_stroke_plugin_t { * public functions */ stroke_plugin_t public; - + /** * stroke socket, receives strokes */ @@ -51,9 +51,9 @@ static void destroy(private_stroke_plugin_t *this) plugin_t *plugin_create() { private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->socket = stroke_socket_create(); if (this->socket == NULL) { diff --git a/src/charon/plugins/stroke/stroke_plugin.h b/src/charon/plugins/stroke/stroke_plugin.h index 6e9d556ad..3a1e81df6 100644 --- a/src/charon/plugins/stroke/stroke_plugin.h +++ b/src/charon/plugins/stroke/stroke_plugin.h @@ -20,7 +20,7 @@ * @defgroup stroke_plugin stroke_plugin * @{ @ingroup stroke */ - + #ifndef STROKE_PLUGIN_H_ #define STROKE_PLUGIN_H_ diff --git a/src/charon/plugins/stroke/stroke_shared_key.c b/src/charon/plugins/stroke/stroke_shared_key.c index 8f53f509d..4f716e83a 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.c +++ b/src/charon/plugins/stroke/stroke_shared_key.c @@ -28,7 +28,7 @@ struct private_stroke_shared_key_t { * implements shared_key_t */ stroke_shared_key_t public; - + /** * type of this key */ @@ -43,7 +43,7 @@ struct private_stroke_shared_key_t { * list of key owners, as identification_t */ linked_list_t *owners; - + /** * reference counter */ @@ -73,8 +73,8 @@ static private_stroke_shared_key_t* get_ref(private_stroke_shared_key_t *this) static chunk_t get_key(private_stroke_shared_key_t *this) { return this->key; -} - +} + /** * Implementation of stroke_shared_key_t.has_owner. */ @@ -83,7 +83,7 @@ static id_match_t has_owner(private_stroke_shared_key_t *this, identification_t enumerator_t *enumerator; id_match_t match, best = ID_MATCH_NONE; identification_t *current; - + enumerator = this->owners->create_enumerator(this->owners); while (enumerator->enumerate(enumerator, ¤t)) { @@ -135,6 +135,6 @@ stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t ke this->type = type; this->key = key; this->ref = 1; - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_shared_key.h b/src/charon/plugins/stroke/stroke_shared_key.h index 224062100..05ad55083 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.h +++ b/src/charon/plugins/stroke/stroke_shared_key.h @@ -35,21 +35,21 @@ struct stroke_shared_key_t { * Implements the shared_key_t interface. */ shared_key_t shared; - + /** * Add an owner to the key. * * @param owner owner to add */ void (*add_owner)(stroke_shared_key_t *this, identification_t *owner); - + /** * Check if a key has a specific owner. * * @param owner owner to check * @return best match found */ - id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); + id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); }; /** diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/charon/plugins/stroke/stroke_socket.c index 9b6a8a3a7..820e097f1 100644 --- a/src/charon/plugins/stroke/stroke_socket.c +++ b/src/charon/plugins/stroke/stroke_socket.c @@ -23,11 +23,10 @@ #include #include #include -#include #include #include -#include /* for Mac OS X compatible accept */ +#include #include "stroke_config.h" #include "stroke_control.h" @@ -48,42 +47,42 @@ struct private_stroke_socket_t { * public functions */ stroke_socket_t public; - + /** * Unix socket to listen for strokes */ int socket; - + /** * job accepting stroke messages */ callback_job_t *job; - + /** * configuration backend */ stroke_config_t *config; - + /** * attribute provider */ stroke_attribute_t *attribute; - + /** * controller to control daemon */ stroke_control_t *control; - + /** * credential set */ stroke_cred_t *cred; - + /** * CA sections */ stroke_ca_t *ca; - + /** * Status information logging */ @@ -99,7 +98,7 @@ struct stroke_job_context_t { * file descriptor to read from */ int fd; - + /** * global stroke interface */ @@ -152,7 +151,7 @@ static void pop_end(stroke_msg_t *msg, const char* label, stroke_end_t *end) pop_string(msg, &end->ca2); pop_string(msg, &end->groups); pop_string(msg, &end->updown); - + DBG2(DBG_CFG, " %s=%s", label, end->address); DBG2(DBG_CFG, " %ssubnet=%s", label, end->subnets); DBG2(DBG_CFG, " %ssourceip=%s", label, end->sourceip); @@ -202,7 +201,7 @@ static void stroke_del_conn(private_stroke_socket_t *this, stroke_msg_t *msg) { pop_string(msg, &msg->del_conn.name); DBG1(DBG_CFG, "received stroke: delete connection '%s'", msg->del_conn.name); - + this->config->del(this->config, msg); this->attribute->del_pool(this->attribute, msg); } @@ -214,7 +213,7 @@ static void stroke_initiate(private_stroke_socket_t *this, stroke_msg_t *msg, FI { pop_string(msg, &msg->initiate.name); DBG1(DBG_CFG, "received stroke: initiate '%s'", msg->initiate.name); - + this->control->initiate(this->control, msg, out); } @@ -227,7 +226,7 @@ static void stroke_terminate(private_stroke_socket_t *this, stroke_msg_t *msg, F DBG1(DBG_CFG, "received stroke: terminate '%s'", msg->terminate.name); this->control->terminate(this->control, msg, out); -} +} /** * terminate a connection by peers virtual IP @@ -250,7 +249,7 @@ static void stroke_route(private_stroke_socket_t *this, stroke_msg_t *msg, FILE { pop_string(msg, &msg->route.name); DBG1(DBG_CFG, "received stroke: route '%s'", msg->route.name); - + this->control->route(this->control, msg, out); } @@ -261,7 +260,7 @@ static void stroke_unroute(private_stroke_socket_t *this, stroke_msg_t *msg, FIL { pop_string(msg, &msg->terminate.name); DBG1(DBG_CFG, "received stroke: unroute '%s'", msg->route.name); - + this->control->unroute(this->control, msg, out); } @@ -287,7 +286,7 @@ static void stroke_add_ca(private_stroke_socket_t *this, DBG2(DBG_CFG, " ocspuri=%s", msg->add_ca.ocspuri); DBG2(DBG_CFG, " ocspuri2=%s", msg->add_ca.ocspuri2); DBG2(DBG_CFG, " certuribase=%s", msg->add_ca.certuribase); - + this->ca->add(this->ca, msg); } @@ -299,7 +298,7 @@ static void stroke_del_ca(private_stroke_socket_t *this, { pop_string(msg, &msg->del_ca.name); DBG1(DBG_CFG, "received stroke: delete ca '%s'", msg->del_ca.name); - + this->ca->del(this->ca, msg); } @@ -311,7 +310,7 @@ static void stroke_status(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out, bool all) { pop_string(msg, &(msg->status.name)); - + this->list->status(this->list, msg, out, all); } @@ -333,7 +332,7 @@ static void stroke_list(private_stroke_socket_t *this, stroke_msg_t *msg, FILE * static void stroke_reread(private_stroke_socket_t *this, stroke_msg_t *msg, FILE *out) { - this->cred->reread(this->cred, msg); + this->cred->reread(this->cred, msg, out); } /** @@ -361,7 +360,7 @@ static void stroke_leases(private_stroke_socket_t *this, { pop_string(msg, &msg->leases.pool); pop_string(msg, &msg->leases.address); - + this->list->leases(this->list, msg, out); } @@ -390,11 +389,11 @@ static void stroke_loglevel(private_stroke_socket_t *this, sys_logger_t *sys_logger; file_logger_t *file_logger; debug_t group; - + pop_string(msg, &(msg->loglevel.type)); DBG1(DBG_CFG, "received stroke: loglevel %d for %s", msg->loglevel.level, msg->loglevel.type); - + group = get_group_from_name(msg->loglevel.type); if (group < 0) { @@ -448,7 +447,7 @@ static job_requeue_t process(stroke_job_context_t *ctx) FILE *out; private_stroke_socket_t *this = ctx->this; int strokefd = ctx->fd; - + /* peek the length */ bytes_read = recv(strokefd, &msg_length, sizeof(msg_length), MSG_PEEK); if (bytes_read != sizeof(msg_length)) @@ -457,7 +456,7 @@ static job_requeue_t process(stroke_job_context_t *ctx) strerror(errno)); return JOB_REQUEUE_NONE; } - + /* read message */ msg = alloca(msg_length); bytes_read = recv(strokefd, msg, msg_length, 0); @@ -466,16 +465,16 @@ static job_requeue_t process(stroke_job_context_t *ctx) DBG1(DBG_CFG, "reading stroke message failed: %s", strerror(errno)); return JOB_REQUEUE_NONE; } - - out = fdopen(strokefd, "w"); + + out = fdopen(strokefd, "w+"); if (out == NULL) { DBG1(DBG_CFG, "opening stroke output channel failed: %s", strerror(errno)); return JOB_REQUEUE_NONE; } - + DBG3(DBG_CFG, "stroke message %b", (void*)msg, msg_length); - + switch (msg->type) { case STR_INITIATE: @@ -547,27 +546,27 @@ static job_requeue_t receive(private_stroke_socket_t *this) struct sockaddr_un strokeaddr; int strokeaddrlen = sizeof(strokeaddr); int strokefd; - int oldstate; + bool oldstate; callback_job_t *job; stroke_job_context_t *ctx; - - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + + oldstate = thread_cancelability(TRUE); strokefd = accept(this->socket, (struct sockaddr *)&strokeaddr, &strokeaddrlen); - pthread_setcancelstate(oldstate, NULL); - + thread_cancelability(oldstate); + if (strokefd < 0) { DBG1(DBG_CFG, "accepting stroke connection failed: %s", strerror(errno)); return JOB_REQUEUE_FAIR; } - + ctx = malloc_thing(stroke_job_context_t); ctx->fd = strokefd; ctx->this = this; job = callback_job_create((callback_job_cb_t)process, ctx, (void*)stroke_job_context_destroy, this->job); charon->processor->queue_job(charon->processor, (job_t*)job); - + return JOB_REQUEUE_FAIR; } @@ -582,7 +581,7 @@ static bool open_socket(private_stroke_socket_t *this) socket_addr.sun_family = AF_UNIX; strcpy(socket_addr.sun_path, STROKE_SOCKET); - + /* set up unix socket */ this->socket = socket(AF_UNIX, SOCK_STREAM, 0); if (this->socket == -1) @@ -590,7 +589,7 @@ static bool open_socket(private_stroke_socket_t *this) DBG1(DBG_CFG, "could not create stroke socket"); return FALSE; } - + unlink(socket_addr.sun_path); old = umask(~(S_IRWXU | S_IRWXG)); if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0) @@ -605,7 +604,7 @@ static bool open_socket(private_stroke_socket_t *this) DBG1(DBG_CFG, "changing stroke socket permissions failed: %s", strerror(errno)); } - + if (listen(this->socket, 10) < 0) { DBG1(DBG_CFG, "could not listen on stroke socket: %s", strerror(errno)); @@ -625,7 +624,7 @@ static void destroy(private_stroke_socket_t *this) charon->credentials->remove_set(charon->credentials, &this->ca->set); charon->credentials->remove_set(charon->credentials, &this->cred->set); charon->backends->remove_backend(charon->backends, &this->config->backend); - charon->attributes->remove_provider(charon->attributes, &this->attribute->provider); + lib->attributes->remove_provider(lib->attributes, &this->attribute->provider); this->cred->destroy(this->cred); this->ca->destroy(this->ca); this->config->destroy(this->config); @@ -641,31 +640,31 @@ static void destroy(private_stroke_socket_t *this) stroke_socket_t *stroke_socket_create() { private_stroke_socket_t *this = malloc_thing(private_stroke_socket_t); - + this->public.destroy = (void(*)(stroke_socket_t*))destroy; - + if (!open_socket(this)) { free(this); return NULL; } - + this->cred = stroke_cred_create(); this->attribute = stroke_attribute_create(); this->ca = stroke_ca_create(this->cred); this->config = stroke_config_create(this->ca, this->cred); this->control = stroke_control_create(); this->list = stroke_list_create(this->attribute); - + charon->credentials->add_set(charon->credentials, &this->ca->set); charon->credentials->add_set(charon->credentials, &this->cred->set); charon->backends->add_backend(charon->backends, &this->config->backend); - charon->attributes->add_provider(charon->attributes, &this->attribute->provider); - + lib->attributes->add_provider(lib->attributes, &this->attribute->provider); + this->job = callback_job_create((callback_job_cb_t)receive, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/plugins/stroke/stroke_socket.h b/src/charon/plugins/stroke/stroke_socket.h index 6073f5133..2aac8be9b 100644 --- a/src/charon/plugins/stroke/stroke_socket.h +++ b/src/charon/plugins/stroke/stroke_socket.h @@ -27,11 +27,11 @@ typedef struct stroke_socket_t stroke_socket_t; * Stroke socket, opens UNIX communication socket, reads and dispatches. */ struct stroke_socket_t { - + /** - * Destroy a stroke_socket instance. - */ - void (*destroy)(stroke_socket_t *this); + * Destroy a stroke_socket instance. + */ + void (*destroy)(stroke_socket_t *this); }; /** diff --git a/src/charon/plugins/uci/Makefile.in b/src/charon/plugins/uci/Makefile.in index c4fb335d7..00436f509 100644 --- a/src/charon/plugins/uci/Makefile.in +++ b/src/charon/plugins/uci/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/uci DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_uci_la_DEPENDENCIES = am_libstrongswan_uci_la_OBJECTS = uci_plugin.lo uci_parser.lo \ @@ -59,6 +83,7 @@ libstrongswan_uci_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon @@ -246,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/uci/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/uci/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/uci/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/uci/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -266,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -310,21 +344,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -347,7 +381,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -355,29 +389,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -398,13 +437,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -435,6 +478,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -456,6 +500,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -464,18 +510,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -514,6 +570,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/uci/uci_config.c b/src/charon/plugins/uci/uci_config.c index e697e8be6..a6ee970ad 100644 --- a/src/charon/plugins/uci/uci_config.c +++ b/src/charon/plugins/uci/uci_config.c @@ -34,7 +34,7 @@ struct private_uci_config_t { * Public part */ uci_config_t public; - + /** * UCI parser context */ @@ -59,7 +59,7 @@ typedef struct { static proposal_t *create_proposal(char *string, protocol_id_t proto) { proposal_t *proposal = NULL; - + if (string) { proposal = proposal_create_from_string(proto, string); @@ -68,12 +68,12 @@ static proposal_t *create_proposal(char *string, protocol_id_t proto) { /* UCI default is aes/sha1 only */ if (proto == PROTO_IKE) { - proposal = proposal_create_from_string(proto, + proposal = proposal_create_from_string(proto, "aes128-aes192-aes256-sha1-modp1536-modp2048"); } else { - proposal = proposal_create_from_string(proto, + proposal = proposal_create_from_string(proto, "aes128-aes192-aes256-sha1"); } } @@ -90,7 +90,7 @@ static traffic_selector_t *create_ts(char *string) int netbits = 32; host_t *net; char *pos; - + string = strdupa(string); pos = strchr(string, '/'); if (pos) @@ -120,7 +120,7 @@ static traffic_selector_t *create_ts(char *string) static u_int create_rekey(char *string) { u_int rekey = 0; - + if (string) { rekey = atoi(string); @@ -144,7 +144,14 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) child_cfg_t *child_cfg; ike_cfg_t *ike_cfg; auth_cfg_t *auth; - + lifetime_cfg_t lifetime = { + .time = { + .life = create_rekey(esp_rekey) + 300, + .rekey = create_rekey(esp_rekey), + .jitter = 300 + } + }; + /* defaults */ name = "unnamed"; local_id = NULL; @@ -157,7 +164,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) esp_proposal = NULL; ike_rekey = NULL; esp_rekey = NULL; - + if (this->inner->enumerate(this->inner, &name, &local_id, &remote_id, &local_addr, &remote_addr, &local_net, &remote_net, &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey)) @@ -177,7 +184,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(local_id)); this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, TRUE); - + auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); if (remote_id) @@ -186,9 +193,9 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) identification_create_from_string(remote_id)); } this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE); - child_cfg = child_cfg_create(name, - create_rekey(esp_rekey) + 300, create_rekey(ike_rekey), 300, - NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); + + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, + ACTION_NONE, ACTION_NONE, FALSE, 0); child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net)); @@ -213,15 +220,15 @@ static void peer_enumerator_destroy(peer_enumerator_t *this) * Implementation of backend_t.create_peer_cfg_enumerator. */ static enumerator_t* create_peer_cfg_enumerator(private_uci_config_t *this, - identification_t *me, + identification_t *me, identification_t *other) { peer_enumerator_t *e = malloc_thing(peer_enumerator_t); - + e->public.enumerate = (void*)peer_enumerator_enumerate; e->public.destroy = (void*)peer_enumerator_destroy; e->peer_cfg = NULL; - e->inner = this->parser->create_section_enumerator(this->parser, + e->inner = this->parser->create_section_enumerator(this->parser, "local_id", "remote_id", "local_addr", "remote_addr", "local_net", "remote_net", "ike_proposal", "esp_proposal", "ike_rekey", "esp_rekey", NULL); @@ -251,12 +258,12 @@ typedef struct { static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg) { char *local_addr, *remote_addr, *ike_proposal; - + /* defaults */ local_addr = "0.0.0.0"; remote_addr = "0.0.0.0"; ike_proposal = NULL; - + if (this->inner->enumerate(this->inner, NULL, &local_addr, &remote_addr, &ike_proposal)) { @@ -288,11 +295,11 @@ static enumerator_t* create_ike_cfg_enumerator(private_uci_config_t *this, host_t *me, host_t *other) { ike_enumerator_t *e = malloc_thing(ike_enumerator_t); - + e->public.enumerate = (void*)ike_enumerator_enumerate; e->public.destroy = (void*)ike_enumerator_destroy; e->ike_cfg = NULL; - e->inner = this->parser->create_section_enumerator(this->parser, + e->inner = this->parser->create_section_enumerator(this->parser, "local_addr", "remote_addr", "ike_proposal", NULL); if (!e->inner) { @@ -309,7 +316,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_uci_config_t *this, char *name) { enumerator_t *enumerator; peer_cfg_t *current, *found = NULL; - + enumerator = create_peer_cfg_enumerator(this, NULL, NULL); if (enumerator) { diff --git a/src/charon/plugins/uci/uci_config.h b/src/charon/plugins/uci/uci_config.h index eac05b1df..130f15d85 100644 --- a/src/charon/plugins/uci/uci_config.h +++ b/src/charon/plugins/uci/uci_config.h @@ -37,11 +37,11 @@ struct uci_config_t { * Implements backend_t interface */ backend_t backend; - + /** * Destroy the backend. */ - void (*destroy)(uci_config_t *this); + void (*destroy)(uci_config_t *this); }; /** diff --git a/src/charon/plugins/uci/uci_control.c b/src/charon/plugins/uci/uci_control.c index f74224fa7..3c4928be4 100644 --- a/src/charon/plugins/uci/uci_control.c +++ b/src/charon/plugins/uci/uci_control.c @@ -21,11 +21,11 @@ #include #include #include -#include #include "uci_control.h" #include +#include #include #define FIFO_FILE "/var/run/charon.fifo" @@ -37,14 +37,14 @@ typedef struct private_uci_control_t private_uci_control_t; * private data of uci_control_t */ struct private_uci_control_t { - + /** * Public part */ uci_control_t public; - + /** - * Job + * Job */ callback_job_t *job; }; @@ -56,7 +56,7 @@ static void write_fifo(private_uci_control_t *this, char *format, ...) { va_list args; FILE *out; - + out = fopen(FIFO_FILE, "w"); if (out) { @@ -83,7 +83,7 @@ static void status(private_uci_control_t *this, char *name) peer_cfg_t *peer_cfg; char buf[2048]; FILE *out = NULL; - + configs = charon->backends->create_peer_cfg_enumerator(charon->backends, NULL, NULL, NULL, NULL); while (configs->enumerate(configs, &peer_cfg)) @@ -109,7 +109,7 @@ static void status(private_uci_control_t *this, char *name) } fprintf(out, "%-8s %-20D %-16H ", ike_sa->get_name(ike_sa), ike_sa->get_other_id(ike_sa), ike_sa->get_other_host(ike_sa)); - + children = ike_sa->create_child_sa_iterator(ike_sa); while (children->iterate(children, (void**)&child_sa)) { @@ -141,7 +141,7 @@ static void initiate(private_uci_control_t *this, char *name) peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; enumerator_t *enumerator; - + peer_cfg = charon->backends->get_peer_cfg_by_name(charon->backends, name); if (peer_cfg) { @@ -173,7 +173,7 @@ static void terminate(private_uci_control_t *this, char *name) enumerator_t *enumerator; ike_sa_t *ike_sa; u_int id; - + enumerator = charon->controller->create_ike_sa_enumerator(charon->controller); while (enumerator->enumerate(enumerator, &ike_sa)) { @@ -197,7 +197,7 @@ static void terminate(private_uci_control_t *this, char *name) static void process(private_uci_control_t *this, char *message) { enumerator_t* enumerator; - + enumerator = enumerator_create_token(message, " \n", ""); if (enumerator->enumerate(enumerator, &message)) { @@ -217,7 +217,7 @@ static void process(private_uci_control_t *this, char *message) { initiate(this, message); } - else if (streq(message, "down") && + else if (streq(message, "down") && enumerator->enumerate(enumerator, &message)) { terminate(this, message); @@ -237,13 +237,14 @@ static void process(private_uci_control_t *this, char *message) static job_requeue_t receive(private_uci_control_t *this) { char message[128]; - int oldstate, len; + int len; + bool oldstate; FILE *in; - + memset(message, 0, sizeof(message)); - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + oldstate = thread_cancelability(TRUE); in = fopen(FIFO_FILE, "r"); - pthread_setcancelstate(oldstate, NULL); + thread_cancelability(oldstate); if (in) { len = fread(message, 1, sizeof(message) - 1, in); @@ -280,9 +281,9 @@ static void destroy(private_uci_control_t *this) uci_control_t *uci_control_create() { private_uci_control_t *this = malloc_thing(private_uci_control_t); - + this->public.destroy = (void(*)(uci_control_t*))destroy; - + unlink(FIFO_FILE); if (mkfifo(FIFO_FILE, S_IRUSR|S_IWUSR) != 0) { diff --git a/src/charon/plugins/uci/uci_control.h b/src/charon/plugins/uci/uci_control.h index 527ed82e7..794220aa1 100644 --- a/src/charon/plugins/uci/uci_control.h +++ b/src/charon/plugins/uci/uci_control.h @@ -27,7 +27,7 @@ typedef struct uci_control_t uci_control_t; * UCI control interface, uses a simple FIFO file */ struct uci_control_t { - + /** * Destroy the controller */ diff --git a/src/charon/plugins/uci/uci_creds.c b/src/charon/plugins/uci/uci_creds.c index 05bc6e109..4d664feb2 100644 --- a/src/charon/plugins/uci/uci_creds.c +++ b/src/charon/plugins/uci/uci_creds.c @@ -31,7 +31,7 @@ struct private_uci_creds_t { * Public part */ uci_creds_t public; - + /** * UCI parser context */ @@ -66,7 +66,7 @@ static bool shared_enumerator_enumerate(shared_enumerator_t *this, local_id = "%any"; remote_id = "%any"; psk = NULL; - + if (!this->inner->enumerate(this->inner, NULL, &local_id, &remote_id, &psk)) { @@ -122,23 +122,23 @@ static void shared_enumerator_destroy(shared_enumerator_t *this) */ static enumerator_t* create_shared_enumerator(private_uci_creds_t *this, shared_key_type_t type, - identification_t *me, + identification_t *me, identification_t *other) { shared_enumerator_t *e; - + if (type != SHARED_IKE) { return NULL; } - + e = malloc_thing(shared_enumerator_t); e->current = NULL; e->public.enumerate = (void*)shared_enumerator_enumerate; e->public.destroy = (void*)shared_enumerator_destroy; e->me = me; e->other = other; - e->inner = this->parser->create_section_enumerator(this->parser, + e->inner = this->parser->create_section_enumerator(this->parser, "local_id", "remote_id", "psk", NULL); if (!e->inner) { @@ -166,7 +166,7 @@ uci_creds_t *uci_creds_create(uci_parser_t *parser) this->public.credential_set.create_cdp_enumerator = (enumerator_t*(*) (credential_set_t *,certificate_type_t, identification_t *))return_null; this->public.credential_set.cache_cert = (void (*)(credential_set_t *, certificate_t *))nop; this->public.destroy = (void(*) (uci_creds_t*))destroy; - + this->parser = parser; return &this->public; diff --git a/src/charon/plugins/uci/uci_creds.h b/src/charon/plugins/uci/uci_creds.h index de50984a9..a283ed9f5 100644 --- a/src/charon/plugins/uci/uci_creds.h +++ b/src/charon/plugins/uci/uci_creds.h @@ -37,11 +37,11 @@ struct uci_creds_t { * Implements credential set interface. */ credential_set_t credential_set; - + /** * Destroy the backend. */ - void (*destroy)(uci_creds_t *this); + void (*destroy)(uci_creds_t *this); }; /** diff --git a/src/charon/plugins/uci/uci_parser.c b/src/charon/plugins/uci/uci_parser.c index f994e36f7..6de55d218 100644 --- a/src/charon/plugins/uci/uci_parser.c +++ b/src/charon/plugins/uci/uci_parser.c @@ -32,7 +32,7 @@ struct private_uci_parser_t { * Public part */ uci_parser_t public; - + /** * UCI package name this parser reads */ @@ -66,12 +66,12 @@ static bool section_enumerator_enumerate(section_enumerator_t *this, ...) char **value; va_list args; int i; - + if (&this->current->list == this->list) { return FALSE; } - + va_start(args, this); value = va_arg(args, char**); @@ -87,19 +87,19 @@ static bool section_enumerator_enumerate(section_enumerator_t *this, ...) *value = uci_to_section(this->current)->type; } } - + /* followed by keyword parameters */ for (i = 0; this->keywords[i]; i++) { value = va_arg(args, char**); if (value && uci_lookup(this->ctx, &element, this->package, - this->current->name, this->keywords[i]) == UCI_OK) + this->current->name, this->keywords[i]) == UCI_OK) { *value = uci_to_option(element)->value; } } va_end(args); - + this->current = list_to_element(this->current->list.next); return TRUE; } @@ -121,7 +121,7 @@ static enumerator_t* create_section_enumerator(private_uci_parser_t *this, ...) section_enumerator_t *e; va_list args; int i; - + /* allocate enumerator large enought to hold keyword pointers */ i = 1; va_start(args, this); @@ -133,16 +133,16 @@ static enumerator_t* create_section_enumerator(private_uci_parser_t *this, ...) e = malloc(sizeof(section_enumerator_t) + sizeof(char*) * i); i = 0; va_start(args, this); - do + do { e->keywords[i] = va_arg(args, char*); } while (e->keywords[i++]); va_end(args); - + e->public.enumerate = (void*)section_enumerator_enumerate; e->public.destroy = (void*)section_enumerator_destroy; - + /* load uci context */ e->ctx = uci_alloc_context(); if (uci_load(e->ctx, this->package, &e->package) != UCI_OK) @@ -178,9 +178,9 @@ uci_parser_t *uci_parser_create(char *package) this->public.create_section_enumerator = (enumerator_t*(*)(uci_parser_t*, ...))create_section_enumerator; this->public.destroy = (void(*)(uci_parser_t*))destroy; - + this->package = strdup(package); - + return &this->public; } diff --git a/src/charon/plugins/uci/uci_parser.h b/src/charon/plugins/uci/uci_parser.h index ef3d7b0f5..7217e507a 100644 --- a/src/charon/plugins/uci/uci_parser.h +++ b/src/charon/plugins/uci/uci_parser.h @@ -41,11 +41,11 @@ struct uci_parser_t { * @return enumerator over sections */ enumerator_t* (*create_section_enumerator)(uci_parser_t *this, ...); - + /** * Destroy the parser. */ - void (*destroy)(uci_parser_t *this); + void (*destroy)(uci_parser_t *this); }; /** diff --git a/src/charon/plugins/uci/uci_plugin.c b/src/charon/plugins/uci/uci_plugin.c index 3ab4c92f8..2a79b9109 100644 --- a/src/charon/plugins/uci/uci_plugin.c +++ b/src/charon/plugins/uci/uci_plugin.c @@ -36,17 +36,17 @@ struct private_uci_plugin_t { * implements plugin interface */ uci_plugin_t public; - + /** * UCI configuration backend */ uci_config_t *config; - + /** * UCI credential set implementation */ uci_creds_t *creds; - + /** * UCI parser wrapper */ @@ -78,16 +78,16 @@ static void destroy(private_uci_plugin_t *this) plugin_t *plugin_create() { private_uci_plugin_t *this = malloc_thing(private_uci_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->parser = uci_parser_create(UCI_PACKAGE); this->config = uci_config_create(this->parser); this->creds = uci_creds_create(this->parser); this->control = uci_control_create(); charon->backends->add_backend(charon->backends, &this->config->backend); charon->credentials->add_set(charon->credentials, &this->creds->credential_set); - + return &this->public.plugin; } diff --git a/src/charon/plugins/unit_tester/Makefile.in b/src/charon/plugins/unit_tester/Makefile.in index 0bf0cf301..9926c43e8 100644 --- a/src/charon/plugins/unit_tester/Makefile.in +++ b/src/charon/plugins/unit_tester/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/unit_tester DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_unit_tester_la_LIBADD = am_libstrongswan_unit_tester_la_OBJECTS = unit_tester.lo \ @@ -64,6 +88,7 @@ libstrongswan_unit_tester_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -111,25 +136,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -141,11 +163,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -174,9 +199,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -199,7 +224,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -207,6 +232,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -215,10 +241,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -226,6 +254,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon @@ -260,9 +289,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/unit_tester/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/unit_tester/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/unit_tester/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/unit_tester/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -280,23 +309,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -333,115 +367,115 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< test_enumerator.lo: tests/test_enumerator.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_enumerator.lo -MD -MP -MF $(DEPDIR)/test_enumerator.Tpo -c -o test_enumerator.lo `test -f 'tests/test_enumerator.c' || echo '$(srcdir)/'`tests/test_enumerator.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_enumerator.Tpo $(DEPDIR)/test_enumerator.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_enumerator.lo -MD -MP -MF $(DEPDIR)/test_enumerator.Tpo -c -o test_enumerator.lo `test -f 'tests/test_enumerator.c' || echo '$(srcdir)/'`tests/test_enumerator.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_enumerator.Tpo $(DEPDIR)/test_enumerator.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_enumerator.c' object='test_enumerator.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_enumerator.lo `test -f 'tests/test_enumerator.c' || echo '$(srcdir)/'`tests/test_enumerator.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_enumerator.lo `test -f 'tests/test_enumerator.c' || echo '$(srcdir)/'`tests/test_enumerator.c test_auth_info.lo: tests/test_auth_info.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_auth_info.lo -MD -MP -MF $(DEPDIR)/test_auth_info.Tpo -c -o test_auth_info.lo `test -f 'tests/test_auth_info.c' || echo '$(srcdir)/'`tests/test_auth_info.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_auth_info.Tpo $(DEPDIR)/test_auth_info.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_auth_info.lo -MD -MP -MF $(DEPDIR)/test_auth_info.Tpo -c -o test_auth_info.lo `test -f 'tests/test_auth_info.c' || echo '$(srcdir)/'`tests/test_auth_info.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_auth_info.Tpo $(DEPDIR)/test_auth_info.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_auth_info.c' object='test_auth_info.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_auth_info.lo `test -f 'tests/test_auth_info.c' || echo '$(srcdir)/'`tests/test_auth_info.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_auth_info.lo `test -f 'tests/test_auth_info.c' || echo '$(srcdir)/'`tests/test_auth_info.c test_curl.lo: tests/test_curl.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_curl.lo -MD -MP -MF $(DEPDIR)/test_curl.Tpo -c -o test_curl.lo `test -f 'tests/test_curl.c' || echo '$(srcdir)/'`tests/test_curl.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_curl.Tpo $(DEPDIR)/test_curl.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_curl.lo -MD -MP -MF $(DEPDIR)/test_curl.Tpo -c -o test_curl.lo `test -f 'tests/test_curl.c' || echo '$(srcdir)/'`tests/test_curl.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_curl.Tpo $(DEPDIR)/test_curl.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_curl.c' object='test_curl.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_curl.lo `test -f 'tests/test_curl.c' || echo '$(srcdir)/'`tests/test_curl.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_curl.lo `test -f 'tests/test_curl.c' || echo '$(srcdir)/'`tests/test_curl.c test_mysql.lo: tests/test_mysql.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_mysql.lo -MD -MP -MF $(DEPDIR)/test_mysql.Tpo -c -o test_mysql.lo `test -f 'tests/test_mysql.c' || echo '$(srcdir)/'`tests/test_mysql.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_mysql.Tpo $(DEPDIR)/test_mysql.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_mysql.lo -MD -MP -MF $(DEPDIR)/test_mysql.Tpo -c -o test_mysql.lo `test -f 'tests/test_mysql.c' || echo '$(srcdir)/'`tests/test_mysql.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_mysql.Tpo $(DEPDIR)/test_mysql.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_mysql.c' object='test_mysql.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_mysql.lo `test -f 'tests/test_mysql.c' || echo '$(srcdir)/'`tests/test_mysql.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_mysql.lo `test -f 'tests/test_mysql.c' || echo '$(srcdir)/'`tests/test_mysql.c test_sqlite.lo: tests/test_sqlite.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_sqlite.lo -MD -MP -MF $(DEPDIR)/test_sqlite.Tpo -c -o test_sqlite.lo `test -f 'tests/test_sqlite.c' || echo '$(srcdir)/'`tests/test_sqlite.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_sqlite.Tpo $(DEPDIR)/test_sqlite.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_sqlite.lo -MD -MP -MF $(DEPDIR)/test_sqlite.Tpo -c -o test_sqlite.lo `test -f 'tests/test_sqlite.c' || echo '$(srcdir)/'`tests/test_sqlite.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_sqlite.Tpo $(DEPDIR)/test_sqlite.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_sqlite.c' object='test_sqlite.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_sqlite.lo `test -f 'tests/test_sqlite.c' || echo '$(srcdir)/'`tests/test_sqlite.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_sqlite.lo `test -f 'tests/test_sqlite.c' || echo '$(srcdir)/'`tests/test_sqlite.c test_mutex.lo: tests/test_mutex.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_mutex.lo -MD -MP -MF $(DEPDIR)/test_mutex.Tpo -c -o test_mutex.lo `test -f 'tests/test_mutex.c' || echo '$(srcdir)/'`tests/test_mutex.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_mutex.Tpo $(DEPDIR)/test_mutex.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_mutex.lo -MD -MP -MF $(DEPDIR)/test_mutex.Tpo -c -o test_mutex.lo `test -f 'tests/test_mutex.c' || echo '$(srcdir)/'`tests/test_mutex.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_mutex.Tpo $(DEPDIR)/test_mutex.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_mutex.c' object='test_mutex.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_mutex.lo `test -f 'tests/test_mutex.c' || echo '$(srcdir)/'`tests/test_mutex.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_mutex.lo `test -f 'tests/test_mutex.c' || echo '$(srcdir)/'`tests/test_mutex.c test_rsa_gen.lo: tests/test_rsa_gen.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_rsa_gen.lo -MD -MP -MF $(DEPDIR)/test_rsa_gen.Tpo -c -o test_rsa_gen.lo `test -f 'tests/test_rsa_gen.c' || echo '$(srcdir)/'`tests/test_rsa_gen.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_rsa_gen.Tpo $(DEPDIR)/test_rsa_gen.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_rsa_gen.lo -MD -MP -MF $(DEPDIR)/test_rsa_gen.Tpo -c -o test_rsa_gen.lo `test -f 'tests/test_rsa_gen.c' || echo '$(srcdir)/'`tests/test_rsa_gen.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_rsa_gen.Tpo $(DEPDIR)/test_rsa_gen.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_rsa_gen.c' object='test_rsa_gen.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_rsa_gen.lo `test -f 'tests/test_rsa_gen.c' || echo '$(srcdir)/'`tests/test_rsa_gen.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_rsa_gen.lo `test -f 'tests/test_rsa_gen.c' || echo '$(srcdir)/'`tests/test_rsa_gen.c test_cert.lo: tests/test_cert.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_cert.lo -MD -MP -MF $(DEPDIR)/test_cert.Tpo -c -o test_cert.lo `test -f 'tests/test_cert.c' || echo '$(srcdir)/'`tests/test_cert.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_cert.Tpo $(DEPDIR)/test_cert.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_cert.lo -MD -MP -MF $(DEPDIR)/test_cert.Tpo -c -o test_cert.lo `test -f 'tests/test_cert.c' || echo '$(srcdir)/'`tests/test_cert.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_cert.Tpo $(DEPDIR)/test_cert.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_cert.c' object='test_cert.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_cert.lo `test -f 'tests/test_cert.c' || echo '$(srcdir)/'`tests/test_cert.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_cert.lo `test -f 'tests/test_cert.c' || echo '$(srcdir)/'`tests/test_cert.c test_med_db.lo: tests/test_med_db.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_med_db.lo -MD -MP -MF $(DEPDIR)/test_med_db.Tpo -c -o test_med_db.lo `test -f 'tests/test_med_db.c' || echo '$(srcdir)/'`tests/test_med_db.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_med_db.Tpo $(DEPDIR)/test_med_db.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_med_db.lo -MD -MP -MF $(DEPDIR)/test_med_db.Tpo -c -o test_med_db.lo `test -f 'tests/test_med_db.c' || echo '$(srcdir)/'`tests/test_med_db.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_med_db.Tpo $(DEPDIR)/test_med_db.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_med_db.c' object='test_med_db.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_med_db.lo `test -f 'tests/test_med_db.c' || echo '$(srcdir)/'`tests/test_med_db.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_med_db.lo `test -f 'tests/test_med_db.c' || echo '$(srcdir)/'`tests/test_med_db.c test_chunk.lo: tests/test_chunk.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_chunk.lo -MD -MP -MF $(DEPDIR)/test_chunk.Tpo -c -o test_chunk.lo `test -f 'tests/test_chunk.c' || echo '$(srcdir)/'`tests/test_chunk.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_chunk.Tpo $(DEPDIR)/test_chunk.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_chunk.lo -MD -MP -MF $(DEPDIR)/test_chunk.Tpo -c -o test_chunk.lo `test -f 'tests/test_chunk.c' || echo '$(srcdir)/'`tests/test_chunk.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_chunk.Tpo $(DEPDIR)/test_chunk.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_chunk.c' object='test_chunk.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_chunk.lo `test -f 'tests/test_chunk.c' || echo '$(srcdir)/'`tests/test_chunk.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_chunk.lo `test -f 'tests/test_chunk.c' || echo '$(srcdir)/'`tests/test_chunk.c test_pool.lo: tests/test_pool.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_pool.lo -MD -MP -MF $(DEPDIR)/test_pool.Tpo -c -o test_pool.lo `test -f 'tests/test_pool.c' || echo '$(srcdir)/'`tests/test_pool.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_pool.Tpo $(DEPDIR)/test_pool.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_pool.lo -MD -MP -MF $(DEPDIR)/test_pool.Tpo -c -o test_pool.lo `test -f 'tests/test_pool.c' || echo '$(srcdir)/'`tests/test_pool.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_pool.Tpo $(DEPDIR)/test_pool.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_pool.c' object='test_pool.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_pool.lo `test -f 'tests/test_pool.c' || echo '$(srcdir)/'`tests/test_pool.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_pool.lo `test -f 'tests/test_pool.c' || echo '$(srcdir)/'`tests/test_pool.c test_agent.lo: tests/test_agent.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_agent.lo -MD -MP -MF $(DEPDIR)/test_agent.Tpo -c -o test_agent.lo `test -f 'tests/test_agent.c' || echo '$(srcdir)/'`tests/test_agent.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_agent.Tpo $(DEPDIR)/test_agent.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_agent.lo -MD -MP -MF $(DEPDIR)/test_agent.Tpo -c -o test_agent.lo `test -f 'tests/test_agent.c' || echo '$(srcdir)/'`tests/test_agent.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_agent.Tpo $(DEPDIR)/test_agent.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_agent.c' object='test_agent.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_agent.lo `test -f 'tests/test_agent.c' || echo '$(srcdir)/'`tests/test_agent.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_agent.lo `test -f 'tests/test_agent.c' || echo '$(srcdir)/'`tests/test_agent.c test_id.lo: tests/test_id.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_id.lo -MD -MP -MF $(DEPDIR)/test_id.Tpo -c -o test_id.lo `test -f 'tests/test_id.c' || echo '$(srcdir)/'`tests/test_id.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/test_id.Tpo $(DEPDIR)/test_id.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT test_id.lo -MD -MP -MF $(DEPDIR)/test_id.Tpo -c -o test_id.lo `test -f 'tests/test_id.c' || echo '$(srcdir)/'`tests/test_id.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/test_id.Tpo $(DEPDIR)/test_id.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tests/test_id.c' object='test_id.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_id.lo `test -f 'tests/test_id.c' || echo '$(srcdir)/'`tests/test_id.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o test_id.lo `test -f 'tests/test_id.c' || echo '$(srcdir)/'`tests/test_id.c mostlyclean-libtool: -rm -f *.lo @@ -461,7 +495,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -469,29 +503,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -512,13 +551,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -549,6 +592,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -570,6 +614,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -578,18 +624,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -628,6 +684,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/unit_tester/tests.h b/src/charon/plugins/unit_tester/tests.h index b99940c1a..96313d390 100644 --- a/src/charon/plugins/unit_tester/tests.h +++ b/src/charon/plugins/unit_tester/tests.h @@ -14,7 +14,7 @@ */ /** - * @defgroup tests tests + * @defgroup tests tests * @{ @ingroup unit_tester */ diff --git a/src/charon/plugins/unit_tester/tests/test_agent.c b/src/charon/plugins/unit_tester/tests/test_agent.c index fd76b9cf5..baab629be 100644 --- a/src/charon/plugins/unit_tester/tests/test_agent.c +++ b/src/charon/plugins/unit_tester/tests/test_agent.c @@ -21,18 +21,18 @@ ******************************************************************************/ bool test_agent() { - char *path, buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08}; - chunk_t sig, data = chunk_from_buf(buf); + char *path; + chunk_t sig, data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08); private_key_t *private; public_key_t *public; - + path = getenv("SSH_AUTH_SOCK"); if (!path) { DBG1(DBG_CFG, "ssh-agent not found."); return FALSE; } - + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_AGENT_SOCKET, path, BUILD_END); if (!private) @@ -53,15 +53,15 @@ bool test_agent() return FALSE; } free(sig.ptr); - buf[1] = 0x01; /* fake it */ + data.ptr[1] = 0x01; /* fake it */ if (public->verify(public, SIGN_RSA_EMSA_PKCS1_SHA1, data, sig)) { return FALSE; } - + private->destroy(private); public->destroy(public); - + return TRUE; } diff --git a/src/charon/plugins/unit_tester/tests/test_auth_info.c b/src/charon/plugins/unit_tester/tests/test_auth_info.c index 37bdd1087..d6abe7a05 100644 --- a/src/charon/plugins/unit_tester/tests/test_auth_info.c +++ b/src/charon/plugins/unit_tester/tests/test_auth_info.c @@ -18,9 +18,7 @@ #include -char buf[] = {0x01,0x02,0x03,0x04}; -chunk_t chunk = chunk_from_buf(buf); -char certbuf[] = { +static chunk_t certchunk = chunk_from_chars( 0x30,0x82,0x02,0xfa,0x30,0x82,0x01,0xe2,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,0x5a, 0xf2,0x65,0xae,0x78,0xff,0x23,0xde,0xf7,0xa6,0xa3,0x94,0x8c,0x3f,0xa0,0xc1,0x30, 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x39, @@ -69,8 +67,7 @@ char certbuf[] = { 0xec,0xd2,0x31,0xc6,0x1e,0xb6,0xc0,0x57,0xd9,0xe1,0x14,0x06,0x9b,0xf8,0x51,0x69, 0x47,0xf0,0x9c,0xcd,0x69,0xef,0x8e,0x5f,0x62,0xda,0x10,0xf7,0x3c,0x6d,0x0f,0x33, 0xec,0x6f,0xfd,0x94,0x07,0x16,0x41,0x32,0x06,0xa4,0xe1,0x08,0x31,0x87, -}; -chunk_t certchunk = chunk_from_buf(certbuf); +); /******************************************************************************* * auth info test @@ -83,7 +80,7 @@ bool test_auth_cfg() int round = 0; void *value; auth_rule_t type; - + c1 = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, certchunk, BUILD_END); @@ -91,7 +88,7 @@ bool test_auth_cfg() { return FALSE; } - + auth->add(auth, AUTH_RULE_SUBJECT_CERT, c1->get_ref(c1)); c2 = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (!c2) @@ -102,7 +99,7 @@ bool test_auth_cfg() { return FALSE; } - + enumerator = auth->create_enumerator(auth); while (enumerator->enumerate(enumerator, &type, &value)) { @@ -114,11 +111,11 @@ bool test_auth_cfg() return FALSE; } enumerator->destroy(enumerator); - + auth2 = auth_cfg_create(); auth2->add(auth2, AUTH_RULE_CA_CERT, c1->get_ref(c1)); auth2->merge(auth2, auth, FALSE); - + round = 0; enumerator = auth2->create_enumerator(auth2); while (enumerator->enumerate(enumerator, &type, &value)) diff --git a/src/charon/plugins/unit_tester/tests/test_cert.c b/src/charon/plugins/unit_tester/tests/test_cert.c index 95ab289df..3b00421f8 100644 --- a/src/charon/plugins/unit_tester/tests/test_cert.c +++ b/src/charon/plugins/unit_tester/tests/test_cert.c @@ -28,10 +28,10 @@ bool test_cert_x509() identification_t *issuer, *subject; u_int32_t serial = htonl(0); chunk_t encoding; - + issuer = identification_create_from_string("CN=CA, OU=Test, O=strongSwan"); subject = identification_create_from_string("CN=Peer, OU=Test, O=strongSwan"); - + ca_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_KEY_SIZE, 1024, BUILD_END); peer_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, @@ -50,7 +50,7 @@ bool test_cert_x509() { return FALSE; } - + encoding = ca_cert->get_encoding(ca_cert); parsed = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, encoding, @@ -65,7 +65,7 @@ bool test_cert_x509() return FALSE; } parsed->destroy(parsed); - + serial = htonl(ntohl(serial) + 1); public = peer_key->get_public_key(peer_key); peer_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, @@ -80,7 +80,7 @@ bool test_cert_x509() { return FALSE; } - + encoding = peer_cert->get_encoding(peer_cert); parsed = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, encoding, @@ -95,7 +95,7 @@ bool test_cert_x509() return FALSE; } parsed->destroy(parsed); - + ca_cert->destroy(ca_cert); ca_key->destroy(ca_key); peer_cert->destroy(peer_cert); diff --git a/src/charon/plugins/unit_tester/tests/test_chunk.c b/src/charon/plugins/unit_tester/tests/test_chunk.c index 5356c1d96..2e0905b2c 100644 --- a/src/charon/plugins/unit_tester/tests/test_chunk.c +++ b/src/charon/plugins/unit_tester/tests/test_chunk.c @@ -31,12 +31,12 @@ bool test_chunk_base64() * BASE64("fooba") = "Zm9vYmE=" * BASE64("foobar") = "Zm9vYmFy" */ - + typedef struct { char *in; char *out; } testdata_t; - + testdata_t test[] = { {"", ""}, {"f", "Zg=="}, @@ -47,31 +47,31 @@ bool test_chunk_base64() {"foobar", "Zm9vYmFy"}, }; int i; - + for (i = 0; i < countof(test); i++) { chunk_t out; - + out = chunk_to_base64(chunk_create(test[i].in, strlen(test[i].in)), NULL); - + if (!streq(out.ptr, test[i].out)) { - DBG1(DBG_CFG, "base64 conversion error - should %s, is %s", + DBG1(DBG_CFG, "base64 conversion error - should %s, is %s", test[i].out, out.ptr); return FALSE; } free(out.ptr); } - + for (i = 0; i < countof(test); i++) { chunk_t out; - + out = chunk_from_base64(chunk_create(test[i].out, strlen(test[i].out)), NULL); - + if (!strneq(out.ptr, test[i].in, out.len)) { - DBG1(DBG_CFG, "base64 conversion error - should %s, is %#B", + DBG1(DBG_CFG, "base64 conversion error - should %s, is %#B", test[i].in, &out); return FALSE; } diff --git a/src/charon/plugins/unit_tester/tests/test_curl.c b/src/charon/plugins/unit_tester/tests/test_curl.c index c011617a7..21656a94e 100644 --- a/src/charon/plugins/unit_tester/tests/test_curl.c +++ b/src/charon/plugins/unit_tester/tests/test_curl.c @@ -25,14 +25,14 @@ bool test_curl_get() { chunk_t chunk; - + if (lib->fetcher->fetch(lib->fetcher, "http://www.strongswan.org", &chunk, FETCH_END) != SUCCESS) { return FALSE; } free(chunk.ptr); - + if (lib->fetcher->fetch(lib->fetcher, "http://www.google.com", &chunk, FETCH_END) != SUCCESS) { diff --git a/src/charon/plugins/unit_tester/tests/test_enumerator.c b/src/charon/plugins/unit_tester/tests/test_enumerator.c index 6898084fc..edbf0f5bb 100644 --- a/src/charon/plugins/unit_tester/tests/test_enumerator.c +++ b/src/charon/plugins/unit_tester/tests/test_enumerator.c @@ -23,7 +23,7 @@ bool test_list_remove() { void *a = (void*)1, *b = (void*)2; linked_list_t *list; - + list = linked_list_create(); list->insert_last(list, a); if (list->remove(list, a, NULL) != 1) @@ -67,15 +67,15 @@ bool test_enumerate() void *a = (void*)4, *b = (void*)3, *c = (void*)2, *d = (void*)5, *e = (void*)1; linked_list_t *list; enumerator_t *enumerator; - + list = linked_list_create(); - + list->insert_last(list, a); list->insert_first(list, b); list->insert_first(list, c); list->insert_last(list, d); list->insert_first(list, e); - + round = 1; enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &x)) @@ -87,7 +87,7 @@ bool test_enumerate() round++; } enumerator->destroy(enumerator); - + list->destroy(list); return TRUE; } @@ -122,7 +122,7 @@ bool test_enumerate_nested() void *a = (void*)1, *b = (void*)2, *c = (void*)3, *d = (void*)4, *e = (void*)5; linked_list_t *list, *l1, *l2, *l3; enumerator_t *enumerator; - + bad_data = FALSE; list = linked_list_create(); l1 = linked_list_create(); @@ -131,13 +131,13 @@ bool test_enumerate_nested() list->insert_last(list, l1); list->insert_last(list, l2); list->insert_last(list, l3); - + l1->insert_last(l1, a); l1->insert_last(l1, b); l3->insert_last(l3, c); l3->insert_last(l3, d); l3->insert_last(l3, e); - + round = 1; enumerator = enumerator_create_nested(list->create_enumerator(list), (void*)create_inner, (void*)101, destroy_data); @@ -150,7 +150,7 @@ bool test_enumerate_nested() round++; } enumerator->destroy(enumerator); - + list->destroy(list); l1->destroy(l1); l2->destroy(l2); @@ -185,16 +185,16 @@ bool test_enumerate_filtered() void *a = (void*)1, *b = (void*)2, *c = (void*)3, *d = (void*)4, *e = (void*)5; linked_list_t *list; enumerator_t *enumerator; - + bad_data = FALSE; list = linked_list_create(); - + list->insert_last(list, a); list->insert_last(list, b); list->insert_last(list, c); list->insert_last(list, d); list->insert_last(list, e); - + round = 1; enumerator = enumerator_create_filter(list->create_enumerator(list), (void*)filter, (void*)101, destroy_data); @@ -208,7 +208,7 @@ bool test_enumerate_filtered() round++; } enumerator->destroy(enumerator); - + list->destroy(list); return !bad_data; } @@ -216,7 +216,7 @@ bool test_enumerate_filtered() /******************************************************************************* * token parser test ******************************************************************************/ - + bool test_enumerate_token() { enumerator_t *enumerator; @@ -240,7 +240,7 @@ bool test_enumerate_token() {"a.b,c", ",.", ""}, {" a b c ", " ", " "}, }; - + for (num = 0; num < countof(tests1); num++) { i = 0; @@ -270,7 +270,7 @@ bool test_enumerate_token() } enumerator->destroy(enumerator); } - + for (num = 0; num < countof(tests2); num++) { i = 0; @@ -300,7 +300,7 @@ bool test_enumerate_token() } enumerator->destroy(enumerator); } - + return TRUE; } diff --git a/src/charon/plugins/unit_tester/tests/test_id.c b/src/charon/plugins/unit_tester/tests/test_id.c index a1ef76be8..868a2ca8b 100644 --- a/src/charon/plugins/unit_tester/tests/test_id.c +++ b/src/charon/plugins/unit_tester/tests/test_id.c @@ -25,9 +25,9 @@ bool test_id_parts() id_part_t part; chunk_t data; int i = 0; - + id = identification_create_from_string("C=CH, O=strongSwan, CN=tester"); - + enumerator = id->create_part_enumerator(id); while (enumerator->enumerate(enumerator, &part, &data)) { @@ -75,7 +75,7 @@ static bool test_id_wildcards_has(char *string) { identification_t *id; bool contains; - + id = identification_create_from_string(string); contains = id->contains_wildcards(id); id->destroy(id); @@ -115,7 +115,7 @@ static bool test_id_equals_one(identification_t *a, char *b_str) { identification_t *b; bool equals; - + b = identification_create_from_string(b_str); equals = a->equals(a, b); b->destroy(b); @@ -127,10 +127,10 @@ bool test_id_equals() identification_t *a; chunk_t encoding, fuzzed; int i; - + a = identification_create_from_string( "C=CH, E=martin@strongswan.org, CN=martin"); - + if (!test_id_equals_one(a, "C=CH, E=martin@strongswan.org, CN=martin")) { return FALSE; @@ -153,7 +153,7 @@ bool test_id_equals() } encoding = chunk_clone(a->get_encoding(a)); a->destroy(a); - + /* simple fuzzing, increment each byte of encoding */ for (i = 0; i < encoding.len; i++) { @@ -171,7 +171,7 @@ bool test_id_equals() a->destroy(a); free(fuzzed.ptr); } - + /* and decrement each byte of encoding */ for (i = 0; i < encoding.len; i++) { @@ -201,7 +201,7 @@ static id_match_t test_id_matches_one(identification_t *a, char *b_str) { identification_t *b; id_match_t match; - + b = identification_create_from_string(b_str); match = a->matches(a, b); b->destroy(b); @@ -211,10 +211,10 @@ static id_match_t test_id_matches_one(identification_t *a, char *b_str) bool test_id_matches() { identification_t *a; - + a = identification_create_from_string( "C=CH, E=martin@strongswan.org, CN=martin"); - + if (test_id_matches_one(a, "C=CH, E=martin@strongswan.org, CN=martin") != ID_MATCH_PERFECT) { diff --git a/src/charon/plugins/unit_tester/tests/test_med_db.c b/src/charon/plugins/unit_tester/tests/test_med_db.c index 7b4603bd7..7fd78b0bc 100644 --- a/src/charon/plugins/unit_tester/tests/test_med_db.c +++ b/src/charon/plugins/unit_tester/tests/test_med_db.c @@ -25,25 +25,27 @@ bool test_med_db() { - char keyid_buf[] = { + chunk_t found, keyid = chunk_from_chars( 0xed,0x90,0xe6,0x4f,0xec,0xa2,0x1f,0x4b, 0x68,0x97,0x99,0x24,0x22,0xe0,0xde,0x21, 0xb9,0xd6,0x26,0x29 - }; - chunk_t keyid = chunk_from_buf(keyid_buf); - identification_t *id, *found; + ); + identification_t *id; enumerator_t *enumerator; public_key_t *public; auth_cfg_t *auth; bool good = FALSE; - + id = identification_create_from_encoding(ID_KEY_ID, keyid); enumerator = charon->credentials->create_public_enumerator( charon->credentials, KEY_ANY, id, NULL); while (enumerator->enumerate(enumerator, &public, &auth)) { - found = public->get_id(public, ID_PUBKEY_SHA1); - good = chunk_equals(id->get_encoding(id), found->get_encoding(found)); + good = public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &found); + if (good) + { + good = chunk_equals(id->get_encoding(id), found); + } } enumerator->destroy(enumerator); id->destroy(id); diff --git a/src/charon/plugins/unit_tester/tests/test_mutex.c b/src/charon/plugins/unit_tester/tests/test_mutex.c index cb315276b..77085cb2f 100644 --- a/src/charon/plugins/unit_tester/tests/test_mutex.c +++ b/src/charon/plugins/unit_tester/tests/test_mutex.c @@ -14,7 +14,7 @@ */ #include -#include +#include #include #include @@ -46,7 +46,7 @@ static void* run(void* null) if (locked > 1) { failed = TRUE; - } + } locked--; mutex->unlock(mutex); mutex->unlock(mutex); @@ -64,9 +64,9 @@ bool test_mutex() { int i; pthread_t threads[THREADS]; - + mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - + for (i = 0; i < 10; i++) { mutex->lock(mutex); @@ -80,9 +80,9 @@ bool test_mutex() { mutex->unlock(mutex); } - + pthread_barrier_init(&barrier, NULL, THREADS); - + for (i = 0; i < THREADS; i++) { pthread_create(&threads[i], NULL, run, NULL); @@ -92,9 +92,9 @@ bool test_mutex() pthread_join(threads[i], NULL); } pthread_barrier_destroy(&barrier); - + mutex->destroy(mutex); - + return !failed; } diff --git a/src/charon/plugins/unit_tester/tests/test_mysql.c b/src/charon/plugins/unit_tester/tests/test_mysql.c index ff3d38ad8..252441ef8 100644 --- a/src/charon/plugins/unit_tester/tests/test_mysql.c +++ b/src/charon/plugins/unit_tester/tests/test_mysql.c @@ -24,14 +24,13 @@ bool test_mysql() { database_t *db; char *txt = "I'm a superduper test"; - char buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08}; - chunk_t data = chunk_from_buf(buf); + chunk_t data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08); int row; chunk_t qdata; char *qtxt; bool good = FALSE; enumerator_t *enumerator; - + db = lib->db->create(lib->db, "mysql://testuser:testpass@localhost/test"); if (!db) { diff --git a/src/charon/plugins/unit_tester/tests/test_pool.c b/src/charon/plugins/unit_tester/tests/test_pool.c index ba5330fd9..109c06fda 100644 --- a/src/charon/plugins/unit_tester/tests/test_pool.c +++ b/src/charon/plugins/unit_tester/tests/test_pool.c @@ -13,12 +13,10 @@ * for more details. */ -#include #include #include #include -#include #define ALLOCS 1000 #define THREADS 20 @@ -28,33 +26,34 @@ static void* testing(void *thread) int i; host_t *addr[ALLOCS]; identification_t *id[ALLOCS]; - + /* prepare identities */ for (i = 0; i < ALLOCS; i++) { char buf[256]; - + snprintf(buf, sizeof(buf), "%d-%d@strongswan.org", (uintptr_t)thread, i); id[i] = identification_create_from_string(buf); } - + /* allocate addresses */ for (i = 0; i < ALLOCS; i++) { - addr[i] = charon->attributes->acquire_address(charon->attributes, - "test", id[i], NULL); + addr[i] = lib->attributes->acquire_address(lib->attributes, + "test", id[i], NULL); if (!addr[i]) { return (void*)FALSE; } } - + /* release addresses */ for (i = 0; i < ALLOCS; i++) { - charon->attributes->release_address(charon->attributes, "test", addr[i], id[i]); + lib->attributes->release_address(lib->attributes, + "test", addr[i], id[i]); } - + /* cleanup */ for (i = 0; i < ALLOCS; i++) { @@ -73,7 +72,7 @@ bool test_pool() uintptr_t i; void *res; pthread_t thread[THREADS]; - + for (i = 0; i < THREADS; i++) { if (pthread_create(&thread[i], NULL, (void*)testing, (void*)i) < 0) diff --git a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c b/src/charon/plugins/unit_tester/tests/test_rsa_gen.c index 1b7af63ee..59da15644 100644 --- a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c +++ b/src/charon/plugins/unit_tester/tests/test_rsa_gen.c @@ -21,12 +21,12 @@ ******************************************************************************/ bool test_rsa_gen() { - char buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08}; - chunk_t data = chunk_from_buf(buf), sig, crypt, plain; + chunk_t data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08); + chunk_t sig, crypt, plain; private_key_t *private; public_key_t *public; u_int key_size; - + for (key_size = 512; key_size <= 2048; key_size *= 2) { private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, @@ -83,37 +83,30 @@ bool test_rsa_gen() return TRUE; } - -/******************************************************************************* - * Load a subjectPubkeyInfo wrapped key (RSA in this case) - ******************************************************************************/ -static char public_any[] = { - 0x30,0x82,0x01,0x20,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, - 0x01,0x05,0x00,0x03,0x82,0x01,0x0d,0x00,0x30,0x82,0x01,0x08,0x02,0x82,0x01,0x01, - 0x00,0xc6,0x68,0x99,0x1d,0xc8,0x06,0xdb,0xcf,0x1c,0x66,0xbb,0x91,0xc3,0xd4,0x10, - 0xb2,0x08,0xa9,0xc5,0x71,0x39,0x1c,0xbe,0x5b,0x1d,0xce,0xfd,0x1b,0xfa,0xec,0x04, - 0x89,0x9f,0x79,0xc8,0x46,0x00,0xd2,0x71,0xfb,0x22,0x16,0x52,0x2f,0xda,0xbf,0x0f, - 0xe7,0x16,0xb1,0xd7,0x6a,0xa5,0xa5,0xfc,0xee,0xff,0x84,0x4c,0x81,0x3f,0xab,0x84, - 0x0e,0xed,0x4a,0x26,0x59,0xd0,0x9b,0xb5,0xe1,0xec,0x61,0xc4,0xd3,0x15,0x4c,0x29, - 0x51,0xa0,0xde,0x33,0x07,0x58,0x6c,0x36,0x1b,0x18,0x61,0xd9,0x56,0x18,0x39,0x54, - 0x8b,0xd2,0xea,0x4e,0x87,0x28,0x58,0xb9,0x88,0x3d,0x30,0xbc,0xfc,0x6d,0xad,0xab, - 0x43,0x26,0x09,0x48,0x4e,0x6e,0x8a,0x8b,0x88,0xb3,0xf0,0x29,0x25,0x79,0xb6,0xb6, - 0x71,0x3c,0x93,0x59,0xd2,0x36,0x94,0xd5,0xfc,0xf3,0x62,0x2b,0x69,0xa3,0x7a,0x47, - 0x4e,0x53,0xa2,0x35,0x1b,0x26,0x89,0xaa,0x09,0xfd,0x56,0xd7,0x75,0x2a,0xd4,0x91, - 0xc0,0xf2,0x78,0xd7,0x05,0xca,0x12,0x1d,0xd9,0xd4,0x81,0x23,0xb2,0x3c,0x38,0xd9, - 0xb4,0xdc,0x21,0xe0,0xe5,0x2d,0xd4,0xbe,0x61,0x39,0x8a,0x46,0x90,0x46,0x73,0x31, - 0xba,0x48,0xbb,0x51,0xbb,0x91,0xd5,0x62,0xad,0xd1,0x53,0x5b,0x85,0xc9,0x1d,0xa7, - 0xf6,0xa0,0xe1,0x0e,0x6c,0x22,0x5d,0x29,0x9a,0xe7,0x0f,0xe8,0x0a,0x50,0xa7,0x19, - 0x11,0xc2,0x8b,0xe0,0x8a,0xfd,0x2b,0x94,0x31,0x7a,0x78,0x9c,0x9b,0x75,0x63,0x49, - 0xa9,0xe5,0x58,0xe6,0x3a,0x99,0xcb,0x2b,0xdd,0x0e,0xdc,0x7d,0x1b,0x98,0x80,0xc3, - 0x9f,0x02,0x01,0x23, -}; - bool test_rsa_load_any() { - chunk_t chunk = chunk_from_buf(public_any); + chunk_t chunk = chunk_from_chars( + 0x30,0x82,0x01,0x20,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, + 0x01,0x05,0x00,0x03,0x82,0x01,0x0d,0x00,0x30,0x82,0x01,0x08,0x02,0x82,0x01,0x01, + 0x00,0xc6,0x68,0x99,0x1d,0xc8,0x06,0xdb,0xcf,0x1c,0x66,0xbb,0x91,0xc3,0xd4,0x10, + 0xb2,0x08,0xa9,0xc5,0x71,0x39,0x1c,0xbe,0x5b,0x1d,0xce,0xfd,0x1b,0xfa,0xec,0x04, + 0x89,0x9f,0x79,0xc8,0x46,0x00,0xd2,0x71,0xfb,0x22,0x16,0x52,0x2f,0xda,0xbf,0x0f, + 0xe7,0x16,0xb1,0xd7,0x6a,0xa5,0xa5,0xfc,0xee,0xff,0x84,0x4c,0x81,0x3f,0xab,0x84, + 0x0e,0xed,0x4a,0x26,0x59,0xd0,0x9b,0xb5,0xe1,0xec,0x61,0xc4,0xd3,0x15,0x4c,0x29, + 0x51,0xa0,0xde,0x33,0x07,0x58,0x6c,0x36,0x1b,0x18,0x61,0xd9,0x56,0x18,0x39,0x54, + 0x8b,0xd2,0xea,0x4e,0x87,0x28,0x58,0xb9,0x88,0x3d,0x30,0xbc,0xfc,0x6d,0xad,0xab, + 0x43,0x26,0x09,0x48,0x4e,0x6e,0x8a,0x8b,0x88,0xb3,0xf0,0x29,0x25,0x79,0xb6,0xb6, + 0x71,0x3c,0x93,0x59,0xd2,0x36,0x94,0xd5,0xfc,0xf3,0x62,0x2b,0x69,0xa3,0x7a,0x47, + 0x4e,0x53,0xa2,0x35,0x1b,0x26,0x89,0xaa,0x09,0xfd,0x56,0xd7,0x75,0x2a,0xd4,0x91, + 0xc0,0xf2,0x78,0xd7,0x05,0xca,0x12,0x1d,0xd9,0xd4,0x81,0x23,0xb2,0x3c,0x38,0xd9, + 0xb4,0xdc,0x21,0xe0,0xe5,0x2d,0xd4,0xbe,0x61,0x39,0x8a,0x46,0x90,0x46,0x73,0x31, + 0xba,0x48,0xbb,0x51,0xbb,0x91,0xd5,0x62,0xad,0xd1,0x53,0x5b,0x85,0xc9,0x1d,0xa7, + 0xf6,0xa0,0xe1,0x0e,0x6c,0x22,0x5d,0x29,0x9a,0xe7,0x0f,0xe8,0x0a,0x50,0xa7,0x19, + 0x11,0xc2,0x8b,0xe0,0x8a,0xfd,0x2b,0x94,0x31,0x7a,0x78,0x9c,0x9b,0x75,0x63,0x49, + 0xa9,0xe5,0x58,0xe6,0x3a,0x99,0xcb,0x2b,0xdd,0x0e,0xdc,0x7d,0x1b,0x98,0x80,0xc3, + 0x9f,0x02,0x01,0x23); public_key_t *public; - + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB_ASN1_DER, chunk, BUILD_END); diff --git a/src/charon/plugins/unit_tester/tests/test_sqlite.c b/src/charon/plugins/unit_tester/tests/test_sqlite.c index d152fc594..dd8d1955e 100644 --- a/src/charon/plugins/unit_tester/tests/test_sqlite.c +++ b/src/charon/plugins/unit_tester/tests/test_sqlite.c @@ -29,14 +29,13 @@ bool test_sqlite() { database_t *db; char *txt = "I'm a superduper test"; - char buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08}; - chunk_t data = chunk_from_buf(buf); + chunk_t data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08); int row; chunk_t qdata; char *qtxt; bool good = FALSE; enumerator_t *enumerator; - + db = lib->db->create(lib->db, "sqlite://" DBFILE); if (!db) { diff --git a/src/charon/plugins/unit_tester/unit_tester.c b/src/charon/plugins/unit_tester/unit_tester.c index c9651e601..3c39688c6 100644 --- a/src/charon/plugins/unit_tester/unit_tester.c +++ b/src/charon/plugins/unit_tester/unit_tester.c @@ -33,17 +33,17 @@ struct private_unit_tester_t { }; struct unit_test_t { - + /** * name of the test */ char *name; - + /** * test function */ bool (*test)(void); - + /** * run the test? */ @@ -62,10 +62,10 @@ static unit_test_t tests[] = { static void run_tests(private_unit_tester_t *this) { int i, run = 0, failed = 0, success = 0, skipped = 0; - + DBG1(DBG_CFG, "running unit tests, %d tests registered", sizeof(tests)/sizeof(unit_test_t)); - + for (i = 0; i < sizeof(tests)/sizeof(unit_test_t); i++) { if (tests[i].enabled) @@ -106,11 +106,11 @@ static void destroy(private_unit_tester_t *this) plugin_t *plugin_create() { private_unit_tester_t *this = malloc_thing(private_unit_tester_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + run_tests(this); - + return &this->public.plugin; } diff --git a/src/charon/plugins/unit_tester/unit_tester.h b/src/charon/plugins/unit_tester/unit_tester.h index 33b13313d..79d5bc021 100644 --- a/src/charon/plugins/unit_tester/unit_tester.h +++ b/src/charon/plugins/unit_tester/unit_tester.h @@ -28,7 +28,7 @@ typedef struct unit_tester_t unit_tester_t; /** * Unit testing plugin. * - * The unit testing plugin runs tests on plugin initialization. Tests are + * The unit testing plugin runs tests on plugin initialization. Tests are * defined in tests.h using the DEFINE_TEST macro. Implementation of the * tests is done in the tests folder. Each test has uses a function which * returns TRUE for success or FALSE for failure. diff --git a/src/charon/plugins/updown/Makefile.am b/src/charon/plugins/updown/Makefile.am index fe6e0bb52..6cad02a96 100644 --- a/src/charon/plugins/updown/Makefile.am +++ b/src/charon/plugins/updown/Makefile.am @@ -6,7 +6,7 @@ AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-updown.la libstrongswan_updown_la_SOURCES = \ updown_plugin.h updown_plugin.c \ - updown_listener.h updown_listener.c + updown_listener.h updown_listener.c libstrongswan_updown_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/updown/Makefile.in b/src/charon/plugins/updown/Makefile.in index b1b6fb497..78ba19d65 100644 --- a/src/charon/plugins/updown/Makefile.in +++ b/src/charon/plugins/updown/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/charon/plugins/updown DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_updown_la_LIBADD = am_libstrongswan_updown_la_OBJECTS = updown_plugin.lo \ @@ -60,6 +84,7 @@ libstrongswan_updown_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon @@ -229,7 +258,7 @@ AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-updown.la libstrongswan_updown_la_SOURCES = \ updown_plugin.h updown_plugin.c \ - updown_listener.h updown_listener.c + updown_listener.h updown_listener.c libstrongswan_updown_la_LDFLAGS = -module -avoid-version all: all-am @@ -245,9 +274,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/updown/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/updown/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/updown/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/updown/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -265,23 +294,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/updown/updown_listener.c b/src/charon/plugins/updown/updown_listener.c index a6be35690..5a6746f92 100644 --- a/src/charon/plugins/updown/updown_listener.c +++ b/src/charon/plugins/updown/updown_listener.c @@ -27,12 +27,12 @@ typedef struct private_updown_listener_t private_updown_listener_t; * Private data of an updown_listener_t object. */ struct private_updown_listener_t { - + /** * Public updown_listener_t interface. */ updown_listener_t public; - + /** * List of cached interface names */ @@ -58,10 +58,10 @@ static void cache_iface(private_updown_listener_t *this, u_int32_t reqid, char *iface) { cache_entry_t *entry = malloc_thing(cache_entry_t); - + entry->reqid = reqid; entry->iface = strdup(iface); - + this->iface_cache->insert_first(this->iface_cache, entry); } @@ -73,7 +73,7 @@ static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid) enumerator_t *enumerator; cache_entry_t *entry; char *iface = NULL; - + enumerator = this->iface_cache->create_enumerator(this->iface_cache); while (enumerator->enumerate(enumerator, &entry)) { @@ -89,35 +89,34 @@ static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid) return iface; } -/** - * Run the up/down script - */ -static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, - child_sa_t *child_sa, bool up) +METHOD(listener_t, child_updown, bool, + private_updown_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, + bool up) { traffic_selector_t *my_ts, *other_ts; enumerator_t *enumerator; child_cfg_t *config; host_t *vip, *me, *other; char *script; - + config = child_sa->get_config(child_sa); vip = ike_sa->get_virtual_ip(ike_sa, TRUE); script = config->get_updown(config); me = ike_sa->get_my_host(ike_sa); other = ike_sa->get_other_host(ike_sa); - + if (script == NULL) { - return; + return TRUE; } - + enumerator = child_sa->create_policy_enumerator(child_sa); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { char command[1024]; char *my_client, *other_client, *my_client_mask, *other_client_mask; char *pos, *virtual_ip, *iface; + bool is_host, is_ipv6; FILE *shell; /* get subnet/bits from string */ @@ -160,7 +159,7 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, virtual_ip = NULL; } } - + if (up) { iface = charon->kernel_interface->get_interface( @@ -174,7 +173,12 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, { iface = uncache_iface(this, child_sa->get_reqid(child_sa)); } - + + /* determine IPv4/IPv6 and client/host situation */ + is_host = my_ts->is_host(my_ts, me); + is_ipv6 = is_host ? (me->get_family(me) == AF_INET6) : + (my_ts->get_type(my_ts) == TS_IPV6_ADDR_RANGE); + /* build the command with all env variables. * TODO: PLUTO_PEER_CA and PLUTO_NEXT_HOP are currently missing */ @@ -203,8 +207,8 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, "%s" "%s", up ? "up" : "down", - my_ts->is_host(my_ts, me) ? "-host" : "-client", - me->get_family(me) == AF_INET ? "" : "-v6", + is_host ? "-host" : "-client", + is_ipv6 ? "-v6" : "", config->get_name(config), iface ? iface : "unknown", child_sa->get_reqid(child_sa), @@ -225,31 +229,27 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, free(other_client); free(virtual_ip); free(iface); - + DBG3(DBG_CHD, "running updown script: %s", command); shell = popen(command, "r"); if (shell == NULL) { DBG1(DBG_CHD, "could not execute updown script '%s'", script); - return; + return TRUE; } - + while (TRUE) { char resp[128]; - + if (fgets(resp, sizeof(resp), shell) == NULL) { if (ferror(shell)) { DBG1(DBG_CHD, "error reading output from updown script"); - return; - } - else - { - break; } + break; } else { @@ -264,37 +264,11 @@ static void updown(private_updown_listener_t *this, ike_sa_t *ike_sa, pclose(shell); } enumerator->destroy(enumerator); -} - -/** - * Listener implementation - */ -static bool child_state_change(private_updown_listener_t *this, ike_sa_t *ike_sa, - child_sa_t *child_sa, child_sa_state_t state) -{ - child_sa_state_t old; - - if (ike_sa) - { - old = child_sa->get_state(child_sa); - - if ((old == CHILD_INSTALLED && state != CHILD_REKEYING ) || - (old == CHILD_DELETING && state == CHILD_DESTROYING)) - { - updown(this, ike_sa, child_sa, FALSE); - } - else if (state == CHILD_INSTALLED) - { - updown(this, ike_sa, child_sa, TRUE); - } - } return TRUE; } -/** - * Implementation of updown_listener_t.destroy. - */ -static void destroy(private_updown_listener_t *this) +METHOD(updown_listener_t, destroy, void, + private_updown_listener_t *this) { this->iface_cache->destroy(this->iface_cache); free(this); @@ -305,14 +279,16 @@ static void destroy(private_updown_listener_t *this) */ updown_listener_t *updown_listener_create() { - private_updown_listener_t *this = malloc_thing(private_updown_listener_t); - - memset(&this->public.listener, 0, sizeof(listener_t)); - this->public.listener.child_state_change = (void*)child_state_change; - this->public.destroy = (void(*)(updown_listener_t*))destroy; - - this->iface_cache = linked_list_create(); - + private_updown_listener_t *this; + + INIT(this, + .public = { + .listener.child_updown = _child_updown, + .destroy = _destroy, + }, + .iface_cache = linked_list_create(), + ); + return &this->public; } diff --git a/src/charon/plugins/updown/updown_listener.h b/src/charon/plugins/updown/updown_listener.h index cc59f61c6..5b866c4e5 100644 --- a/src/charon/plugins/updown/updown_listener.h +++ b/src/charon/plugins/updown/updown_listener.h @@ -29,12 +29,12 @@ typedef struct updown_listener_t updown_listener_t; * Listener which invokes the scripts on CHILD_SA up/down. */ struct updown_listener_t { - + /** * Implements listener_t. */ listener_t listener; - + /** * Destroy a updown_listener_t. */ @@ -46,4 +46,4 @@ struct updown_listener_t { */ updown_listener_t *updown_listener_create(); -#endif /** UPDOWN_LISTENER_ @}*/ +#endif /** UPDOWN_LISTENER_H_ @}*/ diff --git a/src/charon/plugins/updown/updown_plugin.c b/src/charon/plugins/updown/updown_plugin.c index 4f0483fac..6cb0efdcd 100644 --- a/src/charon/plugins/updown/updown_plugin.c +++ b/src/charon/plugins/updown/updown_plugin.c @@ -29,7 +29,7 @@ struct private_updown_plugin_t { * implements plugin interface */ updown_plugin_t public; - + /** * Listener interface, listens to CHILD_SA state changes */ @@ -52,12 +52,12 @@ static void destroy(private_updown_plugin_t *this) plugin_t *plugin_create() { private_updown_plugin_t *this = malloc_thing(private_updown_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->listener = updown_listener_create(); charon->bus->add_listener(charon->bus, &this->listener->listener); - + return &this->public.plugin; } diff --git a/src/charon/processing/jobs/acquire_job.c b/src/charon/processing/jobs/acquire_job.c index 90b221b84..45ace9312 100644 --- a/src/charon/processing/jobs/acquire_job.c +++ b/src/charon/processing/jobs/acquire_job.c @@ -28,17 +28,17 @@ struct private_acquire_job_t { * Public acquire_job_t interface. */ acquire_job_t public; - + /** * reqid of the child to rekey */ u_int32_t reqid; - + /** * acquired source traffic selector */ traffic_selector_t *src_ts; - + /** * acquired destination traffic selector */ @@ -73,14 +73,14 @@ acquire_job_t *acquire_job_create(u_int32_t reqid, traffic_selector_t *dst_ts) { private_acquire_job_t *this = malloc_thing(private_acquire_job_t); - + this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - + this->reqid = reqid; this->src_ts = src_ts; this->dst_ts = dst_ts; - + return &this->public; } diff --git a/src/charon/processing/jobs/acquire_job.h b/src/charon/processing/jobs/acquire_job.h index a78e5274d..eff79a9b0 100644 --- a/src/charon/processing/jobs/acquire_job.h +++ b/src/charon/processing/jobs/acquire_job.h @@ -24,12 +24,12 @@ typedef struct acquire_job_t acquire_job_t; #include -#include +#include #include /** * Class representing an ACQUIRE Job. - * + * * This job initiates a CHILD SA on kernel request. */ struct acquire_job_t { diff --git a/src/charon/processing/jobs/callback_job.c b/src/charon/processing/jobs/callback_job.c index f4beb5abd..7e35dcdcb 100644 --- a/src/charon/processing/jobs/callback_job.c +++ b/src/charon/processing/jobs/callback_job.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Tobias Brunner * Copyright (C) 2007 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -12,13 +13,15 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "callback_job.h" -#include +#include #include -#include +#include +#include +#include typedef struct private_callback_job_t private_callback_job_t; @@ -30,7 +33,7 @@ struct private_callback_job_t { * Public callback_job_t interface. */ callback_job_t public; - + /** * Callback to call on execution */ @@ -40,70 +43,94 @@ struct private_callback_job_t { * parameter to supply to callback */ void *data; - + /** * cleanup function for data */ callback_job_cleanup_t cleanup; - + /** - * thread ID of the job, if running + * thread of the job, if running */ - pthread_t thread; - + thread_t *thread; + /** * mutex to access jobs interna */ mutex_t *mutex; - + /** * list of asociated child jobs */ linked_list_t *children; - + /** * parent of this job, or NULL */ private_callback_job_t *parent; -}; -/** - * Implements job_t.destroy. - */ -static void destroy(private_callback_job_t *this) -{ - if (this->cleanup) - { - this->cleanup(this->data); - } - this->children->destroy(this->children); - this->mutex->destroy(this->mutex); - free(this); -} + /** + * TRUE if the job got cancelled + */ + bool cancelled; + + /** + * condvar to synchronize the cancellation/destruction of the job + */ + condvar_t *destroyable; + + /** + * semaphore to synchronize the termination of the assigned thread. + * + * separately allocated during cancellation, so that we can wait on it + * without risking that it gets freed too early during destruction. + */ + sem_t *terminated; +}; /** * unregister a child from its parent, if any. + * note: this->mutex has to be locked */ static void unregister(private_callback_job_t *this) { if (this->parent) { - iterator_t *iterator; - private_callback_job_t *child; - this->parent->mutex->lock(this->parent->mutex); - iterator = this->parent->children->create_iterator(this->parent->children, TRUE); - while (iterator->iterate(iterator, (void**)&child)) + if (this->parent->cancelled && !this->cancelled) { - if (child == this) - { - iterator->remove(iterator); - break; - } + /* if the parent has been cancelled but we have not yet, we do not + * unregister until we got cancelled by the parent. */ + this->parent->mutex->unlock(this->parent->mutex); + this->destroyable->wait(this->destroyable, this->mutex); + this->parent->mutex->lock(this->parent->mutex); } - iterator->destroy(iterator); + this->parent->children->remove(this->parent->children, this, NULL); this->parent->mutex->unlock(this->parent->mutex); + this->parent = NULL; + } +} + +/** + * Implements job_t.destroy. + */ +static void destroy(private_callback_job_t *this) +{ + this->mutex->lock(this->mutex); + unregister(this); + if (this->cleanup) + { + this->cleanup(this->data); } + if (this->terminated) + { + sem_post(this->terminated); + } + this->children->destroy(this->children); + this->destroyable->destroy(this->destroyable); + this->mutex->unlock(this->mutex); + this->mutex->destroy(this->mutex); + free(this); } /** @@ -111,20 +138,42 @@ static void unregister(private_callback_job_t *this) */ static void cancel(private_callback_job_t *this) { - pthread_t thread; - + callback_job_t *child; + sem_t *terminated = NULL; + this->mutex->lock(this->mutex); - thread = this->thread; - - /* terminate its children */ - this->children->invoke_offset(this->children, offsetof(callback_job_t, cancel)); + this->cancelled = TRUE; + /* terminate children */ + while (this->children->get_first(this->children, (void**)&child) == SUCCESS) + { + this->mutex->unlock(this->mutex); + child->cancel(child); + this->mutex->lock(this->mutex); + } + if (this->thread) + { + /* terminate the thread, if there is currently one executing the job. + * we wait for its termination using a semaphore */ + this->thread->cancel(this->thread); + terminated = this->terminated = malloc_thing(sem_t); + sem_init(terminated, 0, 0); + } + else + { + /* if the job is currently queued, it gets terminated later. + * we can't wait, because it might not get executed at all. + * we also unregister the queued job manually from its parent (the + * others get unregistered during destruction) */ + unregister(this); + } + this->destroyable->signal(this->destroyable); this->mutex->unlock(this->mutex); - - /* terminate thread */ - if (thread) + + if (terminated) { - pthread_cancel(thread); - pthread_join(thread, NULL); + sem_wait(terminated); + sem_destroy(terminated); + free(terminated); } } @@ -135,20 +184,28 @@ static void execute(private_callback_job_t *this) { bool cleanup = FALSE; + thread_cleanup_push((thread_cleanup_t)destroy, this); + this->mutex->lock(this->mutex); - this->thread = pthread_self(); + this->thread = thread_current(); this->mutex->unlock(this->mutex); - - pthread_cleanup_push((void*)destroy, this); + while (TRUE) { + this->mutex->lock(this->mutex); + if (this->cancelled) + { + this->mutex->unlock(this->mutex); + cleanup = TRUE; + break; + } + this->mutex->unlock(this->mutex); switch (this->callback(this->data)) { case JOB_REQUEUE_DIRECT: continue; case JOB_REQUEUE_FAIR: { - this->thread = 0; charon->processor->queue_job(charon->processor, &this->public.job_interface); break; @@ -156,15 +213,19 @@ static void execute(private_callback_job_t *this) case JOB_REQUEUE_NONE: default: { - this->thread = 0; cleanup = TRUE; break; } } break; } - unregister(this); - pthread_cleanup_pop(cleanup); + this->mutex->lock(this->mutex); + this->thread = NULL; + this->mutex->unlock(this->mutex); + /* manually create a cancellation point to avoid that a cancelled thread + * goes back into the thread pool */ + thread_cancellation_point(); + thread_cleanup_pop(cleanup); } /* @@ -175,7 +236,7 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, callback_job_t *parent) { private_callback_job_t *this = malloc_thing(private_callback_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; @@ -189,7 +250,10 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, this->thread = 0; this->children = linked_list_create(); this->parent = (private_callback_job_t*)parent; - + this->cancelled = FALSE; + this->destroyable = condvar_create(CONDVAR_TYPE_DEFAULT); + this->terminated = NULL; + /* register us at parent */ if (parent) { @@ -197,7 +261,7 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, this->parent->children->insert_last(this->parent->children, this); this->parent->mutex->unlock(this->parent->mutex); } - + return &this->public; } diff --git a/src/charon/processing/jobs/callback_job.h b/src/charon/processing/jobs/callback_job.h index 2bb209cb7..62da1edd1 100644 --- a/src/charon/processing/jobs/callback_job.h +++ b/src/charon/processing/jobs/callback_job.h @@ -41,12 +41,12 @@ enum job_requeue_t { * Do not requeue job, destroy it */ JOB_REQUEUE_NONE, - + /** * Reque the job fairly, meaning it has to requeue as any other job */ JOB_REQUEUE_FAIR, - + /** * Reexecute the job directly, without the need of requeueing it */ @@ -88,10 +88,11 @@ struct callback_job_t { * The job_t interface. */ job_t job_interface; - + /** - * Cancel the jobs thread and wait for its termination. - */ + * Cancel the job's thread and wait for its termination. This only works + * reliably for jobs that always use JOB_REQUEUE_FAIR or JOB_REQUEUE_DIRECT, + * otherwise the job may already be destroyed when cancel is called. */ void (*cancel)(callback_job_t *this); }; @@ -103,7 +104,7 @@ struct callback_job_t { * If parent is not NULL, the specified job gets an association. Whenever * the parent gets cancelled (or runs out), all of its children are cancelled, * too. - * + * * @param cb callback to call from the processor * @param data user data to supply to callback * @param cleanup destructor for data on destruction, or NULL diff --git a/src/charon/processing/jobs/delete_child_sa_job.c b/src/charon/processing/jobs/delete_child_sa_job.c index 206f07617..ca55721f2 100644 --- a/src/charon/processing/jobs/delete_child_sa_job.c +++ b/src/charon/processing/jobs/delete_child_sa_job.c @@ -29,17 +29,17 @@ struct private_delete_child_sa_job_t { * Public delete_child_sa_job_t interface. */ delete_child_sa_job_t public; - + /** * reqid of the CHILD_SA */ u_int32_t reqid; - + /** * protocol of the CHILD_SA (ESP/AH) */ protocol_id_t protocol; - + /** * inbound SPI of the CHILD_SA */ @@ -60,7 +60,7 @@ static void destroy(private_delete_child_sa_job_t *this) static void execute(private_delete_child_sa_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, this->reqid, TRUE); if (ike_sa == NULL) @@ -71,7 +71,7 @@ static void execute(private_delete_child_sa_job_t *this) else { ike_sa->delete_child_sa(ike_sa, this->protocol, this->spi); - + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } destroy(this); @@ -80,21 +80,21 @@ static void execute(private_delete_child_sa_job_t *this) /* * Described in header */ -delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, - protocol_id_t protocol, +delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, + protocol_id_t protocol, u_int32_t spi) { private_delete_child_sa_job_t *this = malloc_thing(private_delete_child_sa_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - + /* private variables */ this->reqid = reqid; this->protocol = protocol; this->spi = spi; - + return &this->public; } diff --git a/src/charon/processing/jobs/delete_child_sa_job.h b/src/charon/processing/jobs/delete_child_sa_job.h index 9bf6ee423..662a7b7c7 100644 --- a/src/charon/processing/jobs/delete_child_sa_job.h +++ b/src/charon/processing/jobs/delete_child_sa_job.h @@ -31,7 +31,7 @@ typedef struct delete_child_sa_job_t delete_child_sa_job_t; /** * Class representing an DELETE_CHILD_SA Job. - * + * * This job initiates the delete of a CHILD SA. */ struct delete_child_sa_job_t { @@ -52,8 +52,8 @@ struct delete_child_sa_job_t { * @param spi security parameter index of the CHILD_SA * @return delete_child_sa_job_t object */ -delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, - protocol_id_t protocol, +delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid, + protocol_id_t protocol, u_int32_t spi); #endif /** DELETE_CHILD_SA_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/delete_ike_sa_job.c b/src/charon/processing/jobs/delete_ike_sa_job.c index 6d4639fad..dffd08ba3 100644 --- a/src/charon/processing/jobs/delete_ike_sa_job.c +++ b/src/charon/processing/jobs/delete_ike_sa_job.c @@ -28,12 +28,12 @@ struct private_delete_ike_sa_job_t { * public delete_ike_sa_job_t interface */ delete_ike_sa_job_t public; - + /** * ID of the ike_sa to delete */ ike_sa_id_t *ike_sa_id; - + /** * Should the IKE_SA be deleted if it is in ESTABLISHED state? */ @@ -56,7 +56,7 @@ static void destroy(private_delete_ike_sa_job_t *this) static void execute(private_delete_ike_sa_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); if (ike_sa) @@ -99,18 +99,18 @@ static void execute(private_delete_ike_sa_job_t *this) /* * Described in header */ -delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, +delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool delete_if_established) { private_delete_ike_sa_job_t *this = malloc_thing(private_delete_ike_sa_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t *)) destroy;; - + /* private variables */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); this->delete_if_established = delete_if_established; - + return &(this->public); } diff --git a/src/charon/processing/jobs/delete_ike_sa_job.h b/src/charon/processing/jobs/delete_ike_sa_job.h index 8209977f9..f641deea3 100644 --- a/src/charon/processing/jobs/delete_ike_sa_job.h +++ b/src/charon/processing/jobs/delete_ike_sa_job.h @@ -18,7 +18,7 @@ * @defgroup delete_child_sa_job delete_child_sa_job * @{ @ingroup jobs */ - + #ifndef DELETE_IKE_SA_JOB_H_ #define DELETE_IKE_SA_JOB_H_ @@ -32,12 +32,12 @@ typedef struct delete_ike_sa_job_t delete_ike_sa_job_t; /** * Class representing an DELETE_IKE_SA Job. * - * This job is responsible for deleting established or half open IKE_SAs. + * This job is responsible for deleting established or half open IKE_SAs. * A half open IKE_SA is every IKE_SA which hasn't reache the SA_ESTABLISHED * state. */ struct delete_ike_sa_job_t { - + /** * The job_t interface. */ @@ -46,7 +46,7 @@ struct delete_ike_sa_job_t { /** * Creates a job of type DELETE_IKE_SA. - * + * * @param ike_sa_id id of the IKE_SA to delete * @param delete_if_established should the IKE_SA be deleted if it is established? * @return created delete_ike_sa_job_t object diff --git a/src/charon/processing/jobs/inactivity_job.c b/src/charon/processing/jobs/inactivity_job.c new file mode 100644 index 000000000..13fc5e3d0 --- /dev/null +++ b/src/charon/processing/jobs/inactivity_job.c @@ -0,0 +1,150 @@ +/* + * Copyright (C) 2010 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "inactivity_job.h" + +#include + +typedef struct private_inactivity_job_t private_inactivity_job_t; + +/** + * Private data of an inactivity_job_t object. + */ +struct private_inactivity_job_t { + + /** + * Public inactivity_job_t interface. + */ + inactivity_job_t public; + + /** + * Reqid of CHILD_SA to check + */ + u_int32_t reqid; + + /** + * Inactivity timeout + */ + u_int32_t timeout; + + /** + * Close IKE_SA if last remaining CHILD inactive? + */ + bool close_ike; +}; + +METHOD(job_t, destroy, void, + private_inactivity_job_t *this) +{ + free(this); +} + +METHOD(job_t, execute, void, + private_inactivity_job_t *this) +{ + ike_sa_t *ike_sa; + bool rescheduled = FALSE; + + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, + this->reqid, TRUE); + if (ike_sa) + { + iterator_t *iterator; + child_sa_t *child_sa; + u_int32_t delete = 0; + protocol_id_t proto = 0; + int children = 0; + status_t status = SUCCESS; + + iterator = ike_sa->create_child_sa_iterator(ike_sa); + while (iterator->iterate(iterator, (void**)&child_sa)) + { + if (child_sa->get_reqid(child_sa) == this->reqid) + { + time_t in, out, diff; + + child_sa->get_usestats(child_sa, TRUE, &in, NULL); + child_sa->get_usestats(child_sa, FALSE, &out, NULL); + + diff = time_monotonic(NULL) - max(in, out); + + if (diff >= this->timeout) + { + delete = child_sa->get_spi(child_sa, TRUE); + proto = child_sa->get_protocol(child_sa); + } + else + { + charon->scheduler->schedule_job(charon->scheduler, + &this->public.job_interface, this->timeout - diff); + rescheduled = TRUE; + } + } + children++; + } + iterator->destroy(iterator); + + if (delete) + { + if (children == 1 && this->close_ike) + { + DBG1(DBG_JOB, "deleting IKE_SA after %d seconds " + "of CHILD_SA inactivity", this->timeout); + status = ike_sa->delete(ike_sa); + } + else + { + DBG1(DBG_JOB, "deleting CHILD_SA after %d seconds " + "of inactivity", this->timeout); + status = ike_sa->delete_child_sa(ike_sa, proto, delete); + } + } + if (status == DESTROY_ME) + { + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, + ike_sa); + } + else + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + } + if (!rescheduled) + { + destroy(this); + } +} + +/** + * See header + */ +inactivity_job_t *inactivity_job_create(u_int32_t reqid, u_int32_t timeout, + bool close_ike) +{ + private_inactivity_job_t *this; + + INIT(this, + .public.job_interface = { + .execute = _execute, + .destroy = _destroy, + }, + .reqid = reqid, + .timeout = timeout, + .close_ike = close_ike, + ); + + return &this->public; +} + diff --git a/src/charon/processing/jobs/inactivity_job.h b/src/charon/processing/jobs/inactivity_job.h new file mode 100644 index 000000000..9c9daced8 --- /dev/null +++ b/src/charon/processing/jobs/inactivity_job.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2010 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup inactivity_job inactivity_job + * @{ @ingroup jobs + */ + +#ifndef INACTIVITY_JOB_H_ +#define INACTIVITY_JOB_H_ + +#include +#include + +typedef struct inactivity_job_t inactivity_job_t; + +/** + * Job checking for inactivity of CHILD_SA to close them. + * + * The inactivity job reschedules itself to check CHILD_SAs prediodically. + */ +struct inactivity_job_t { + + /** + * Implements job_t. + */ + job_t job_interface; +}; + +/** + * Create a inactivity_job instance. + * + * @param reqid reqid of CHILD_SA to check for inactivity + * @param timeout inactivity timeout in s + * @param close_ike close IKE_SA if the last remaining CHILD_SA is inactive? + * @return inactivity checking job + */ +inactivity_job_t *inactivity_job_create(u_int32_t reqid, u_int32_t timeout, + bool close_ike); + +#endif /** INACTIVITY_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/initiate_mediation_job.c b/src/charon/processing/jobs/initiate_mediation_job.c index 157d84341..ffe8755e2 100644 --- a/src/charon/processing/jobs/initiate_mediation_job.c +++ b/src/charon/processing/jobs/initiate_mediation_job.c @@ -29,12 +29,12 @@ struct private_initiate_mediation_job_t { * public initiate_mediation_job_t interface */ initiate_mediation_job_t public; - + /** * ID of the IKE_SA of the mediated connection. */ ike_sa_id_t *mediated_sa_id; - + /** * ID of the IKE_SA of the mediation connection. */ @@ -68,26 +68,27 @@ static bool initiate_callback(private_initiate_mediation_job_t *this, /** * Implementation of job_t.execute. - */ + */ static void initiate(private_initiate_mediation_job_t *this) { ike_sa_t *mediated_sa, *mediation_sa; peer_cfg_t *mediated_cfg, *mediation_cfg; enumerator_t *enumerator; auth_cfg_t *auth_cfg; - + mediated_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->mediated_sa_id); if (mediated_sa) { + DBG1(DBG_IKE, "initiating mediation connection"); mediated_cfg = mediated_sa->get_peer_cfg(mediated_sa); - mediated_cfg->get_ref(mediated_cfg); - + mediated_cfg->get_ref(mediated_cfg); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediated_sa); - + mediation_cfg = mediated_cfg->get_mediated_by(mediated_cfg); mediation_cfg->get_ref(mediation_cfg); - + enumerator = mediation_cfg->create_auth_cfg_enumerator(mediation_cfg, TRUE); if (!enumerator->enumerate(enumerator, &auth_cfg) || @@ -99,7 +100,8 @@ static void initiate(private_initiate_mediation_job_t *this) destroy(this); return; } - + enumerator->destroy(enumerator); + if (charon->connect_manager->check_and_register(charon->connect_manager, auth_cfg->get(auth_cfg, AUTH_RULE_IDENTITY), mediated_cfg->get_peer_id(mediated_cfg), @@ -107,7 +109,7 @@ static void initiate(private_initiate_mediation_job_t *this) { mediated_cfg->destroy(mediated_cfg); mediation_cfg->destroy(mediation_cfg); - + mediated_sa = charon->ike_sa_manager->checkout( charon->ike_sa_manager, this->mediated_sa_id); if (mediated_sa) @@ -121,7 +123,7 @@ static void initiate(private_initiate_mediation_job_t *this) return; } /* we need an additional reference because initiate consumes one */ - mediation_cfg->get_ref(mediation_cfg); + mediation_cfg->get_ref(mediation_cfg); if (charon->controller->initiate(charon->controller, mediation_cfg, NULL, (controller_cb_t)initiate_callback, this) != SUCCESS) @@ -142,8 +144,7 @@ static void initiate(private_initiate_mediation_job_t *this) mediation_cfg->destroy(mediation_cfg); mediation_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, - this->mediation_sa_id); - + this->mediation_sa_id); if (mediation_sa) { if (mediation_sa->initiate_mediation(mediation_sa, @@ -163,10 +164,9 @@ static void initiate(private_initiate_mediation_job_t *this) destroy(this); return; } - - charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediation_sa); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, + mediation_sa); } - mediated_cfg->destroy(mediated_cfg); } destroy(this); @@ -174,44 +174,50 @@ static void initiate(private_initiate_mediation_job_t *this) /** * Implementation of job_t.execute. - */ + */ static void reinitiate(private_initiate_mediation_job_t *this) { ike_sa_t *mediated_sa, *mediation_sa; peer_cfg_t *mediated_cfg; - + mediated_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, - this->mediated_sa_id); + this->mediated_sa_id); if (mediated_sa) { mediated_cfg = mediated_sa->get_peer_cfg(mediated_sa); mediated_cfg->get_ref(mediated_cfg); charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediated_sa); - + mediation_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, - this->mediation_sa_id); + this->mediation_sa_id); if (mediation_sa) { - if (mediation_sa->initiate_mediation(mediation_sa, mediated_cfg) != SUCCESS) + if (mediation_sa->initiate_mediation(mediation_sa, + mediated_cfg) != SUCCESS) { DBG1(DBG_JOB, "initiating mediated connection '%s' failed", - mediated_cfg->get_name(mediated_cfg)); + mediated_cfg->get_name(mediated_cfg)); mediated_cfg->destroy(mediated_cfg); - charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, mediation_sa); + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, + mediation_sa); mediated_sa = charon->ike_sa_manager->checkout( - charon->ike_sa_manager, this->mediated_sa_id); + charon->ike_sa_manager, + this->mediated_sa_id); if (mediated_sa) { DBG1(DBG_IKE, "establishing mediation connection failed"); charon->ike_sa_manager->checkin_and_destroy( - charon->ike_sa_manager, mediated_sa); + charon->ike_sa_manager, + mediated_sa); } destroy(this); return; } - charon->ike_sa_manager->checkin(charon->ike_sa_manager, mediation_sa); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, + mediation_sa); } - + mediated_cfg->destroy(mediated_cfg); } destroy(this); @@ -223,10 +229,10 @@ static void reinitiate(private_initiate_mediation_job_t *this) static private_initiate_mediation_job_t *initiate_mediation_job_create_empty() { private_initiate_mediation_job_t *this = malloc_thing(private_initiate_mediation_job_t); - + /* interface functions */ this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + /* private variables */ this->mediation_sa_id = NULL; this->mediated_sa_id = NULL; @@ -240,9 +246,9 @@ static private_initiate_mediation_job_t *initiate_mediation_job_create_empty() initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id) { private_initiate_mediation_job_t *this = initiate_mediation_job_create_empty(); - + this->public.job_interface.execute = (void (*) (job_t *)) initiate; - + this->mediated_sa_id = ike_sa_id->clone(ike_sa_id); return &this->public; @@ -255,11 +261,11 @@ initiate_mediation_job_t *reinitiate_mediation_job_create(ike_sa_id_t *mediation ike_sa_id_t *mediated_sa_id) { private_initiate_mediation_job_t *this = initiate_mediation_job_create_empty(); - + this->public.job_interface.execute = (void (*) (job_t *)) reinitiate; - + this->mediation_sa_id = mediation_sa_id->clone(mediation_sa_id); this->mediated_sa_id = mediated_sa_id->clone(mediated_sa_id); - - return &this->public; + + return &this->public; } diff --git a/src/charon/processing/jobs/initiate_mediation_job.h b/src/charon/processing/jobs/initiate_mediation_job.h index 084e1b9fd..fddb1dd7b 100644 --- a/src/charon/processing/jobs/initiate_mediation_job.h +++ b/src/charon/processing/jobs/initiate_mediation_job.h @@ -28,7 +28,7 @@ typedef struct initiate_mediation_job_t initiate_mediation_job_t; /** * Class representing a INITIATE_MEDIATION Job. - * + * * This job will initiate a mediation on behalf of a mediated connection. * If required the mediation connection is established. */ @@ -41,7 +41,7 @@ struct initiate_mediation_job_t { /** * Creates a job of type INITIATE_MEDIATION. - * + * * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) * @return job object */ @@ -50,12 +50,13 @@ initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id); /** * Creates a special job of type INITIATE_MEDIATION that reinitiates a * specific connection. - * + * * @param mediation_sa_id identification of the mediation sa (gets cloned) * @param mediated_sa_id identification of the mediated sa (gets cloned) * @return job object */ -initiate_mediation_job_t *reinitiate_mediation_job_create(ike_sa_id_t *mediation_sa_id, - ike_sa_id_t *mediated_sa_id); +initiate_mediation_job_t *reinitiate_mediation_job_create( + ike_sa_id_t *mediation_sa_id, + ike_sa_id_t *mediated_sa_id); #endif /** INITIATE_MEDIATION_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/job.h b/src/charon/processing/jobs/job.h index acc88b124..0f1c16ebe 100644 --- a/src/charon/processing/jobs/job.h +++ b/src/charon/processing/jobs/job.h @@ -33,7 +33,7 @@ struct job_t { /** * Execute a job. - * + * * The processing facility executes a job using this method. Jobs are * one-shot, they destroy themself after execution, so don't use a job * once it has been executed. diff --git a/src/charon/processing/jobs/mediation_job.c b/src/charon/processing/jobs/mediation_job.c index cf522faff..b5b8af3b3 100644 --- a/src/charon/processing/jobs/mediation_job.c +++ b/src/charon/processing/jobs/mediation_job.c @@ -29,37 +29,37 @@ struct private_mediation_job_t { * public mediation_job_t interface */ mediation_job_t public; - + /** * ID of target peer. */ identification_t *target; - + /** * ID of the source peer. */ identification_t *source; - + /** * ME_CONNECTID */ chunk_t connect_id; - + /** * ME_CONNECTKEY */ chunk_t connect_key; - + /** * Submitted endpoints */ linked_list_t *endpoints; - + /** * Is this a callback job? */ bool callback; - + /** * Is this a response? */ @@ -81,13 +81,13 @@ static void destroy(private_mediation_job_t *this) /** * Implementation of job_t.execute. - */ + */ static void execute(private_mediation_job_t *this) { ike_sa_id_t *target_sa_id; - + target_sa_id = charon->mediation_manager->check(charon->mediation_manager, this->target); - + if (target_sa_id) { ike_sa_t *target_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, @@ -120,7 +120,7 @@ static void execute(private_mediation_job_t *this) return; } } - + charon->ike_sa_manager->checkin(charon->ike_sa_manager, target_sa); } else @@ -143,11 +143,11 @@ static void execute(private_mediation_job_t *this) static private_mediation_job_t *mediation_job_create_empty() { private_mediation_job_t *this = malloc_thing(private_mediation_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + /* private variables */ this->target = NULL; this->source = NULL; @@ -156,7 +156,7 @@ static private_mediation_job_t *mediation_job_create_empty() this->connect_key = chunk_empty; this->endpoints = NULL; this->response = FALSE; - + return this; } @@ -175,7 +175,7 @@ mediation_job_t *mediation_job_create(identification_t *peer_id, this->connect_key = chunk_clone(connect_key); this->endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); this->response = response; - + return &this->public; } @@ -186,10 +186,10 @@ mediation_job_t *mediation_callback_job_create(identification_t *requester, identification_t *peer_id) { private_mediation_job_t *this = mediation_job_create_empty(); - + this->target = requester->clone(requester); this->source = peer_id->clone(peer_id); this->callback = TRUE; - + return &this->public; } diff --git a/src/charon/processing/jobs/mediation_job.h b/src/charon/processing/jobs/mediation_job.h index 583ea8230..0574c65eb 100644 --- a/src/charon/processing/jobs/mediation_job.h +++ b/src/charon/processing/jobs/mediation_job.h @@ -30,7 +30,7 @@ typedef struct mediation_job_t mediation_job_t; /** * Class representing a MEDIATION Job. - * + * * This job handles the mediation on the mediation server. */ struct mediation_job_t { @@ -42,9 +42,9 @@ struct mediation_job_t { /** * Creates a job of type MEDIATION. - * + * * Parameters get cloned. - * + * * @param peer_id ID of the requested peer * @param requester ID of the requesting peer * @param connect_id content of ME_CONNECTID (could be NULL) @@ -61,9 +61,9 @@ mediation_job_t *mediation_job_create(identification_t *peer_id, /** * Creates a special job of type MEDIATION that is used to send a callback * notification to a peer. - * + * * Parameters get cloned. - * + * * @param requester ID of the waiting peer * @param peer_id ID of the requested peer * @return job object diff --git a/src/charon/processing/jobs/migrate_job.c b/src/charon/processing/jobs/migrate_job.c index a57d0478b..05f47340c 100644 --- a/src/charon/processing/jobs/migrate_job.c +++ b/src/charon/processing/jobs/migrate_job.c @@ -30,7 +30,7 @@ struct private_migrate_job_t { * Public migrate_job_t interface. */ migrate_job_t public; - + /** * reqid of the CHILD_SA if it already exists */ @@ -75,7 +75,7 @@ static void destroy(private_migrate_job_t *this) static void execute(private_migrate_job_t *this) { ike_sa_t *ike_sa = NULL; - + if (this->reqid) { ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, @@ -110,7 +110,7 @@ static void execute(private_migrate_job_t *this) if (child_sa->update(child_sa, this->local, this->remote, ike_sa->get_virtual_ip(ike_sa, TRUE), - ike_sa->has_condition(ike_sa, COND_NAT_ANY)) == NOT_SUPPORTED) + ike_sa->has_condition(ike_sa, COND_NAT_ANY)) == NOT_SUPPORTED) { ike_sa->rekey_child_sa(ike_sa, child_sa->get_protocol(child_sa), child_sa->get_spi(child_sa, TRUE)); @@ -134,17 +134,17 @@ migrate_job_t *migrate_job_create(u_int32_t reqid, host_t *local, host_t *remote) { private_migrate_job_t *this = malloc_thing(private_migrate_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - + /* private variables */ this->reqid = reqid; this->src_ts = (dir == POLICY_OUT) ? src_ts : dst_ts; this->dst_ts = (dir == POLICY_OUT) ? dst_ts : src_ts; this->local = local; this->remote = remote; - + return &this->public; } diff --git a/src/charon/processing/jobs/migrate_job.h b/src/charon/processing/jobs/migrate_job.h index 672a09b0a..de313d517 100644 --- a/src/charon/processing/jobs/migrate_job.h +++ b/src/charon/processing/jobs/migrate_job.h @@ -25,14 +25,14 @@ typedef struct migrate_job_t migrate_job_t; #include #include -#include +#include #include #include /** * Class representing a MIGRATE Job. - * - * This job sets a routed CHILD_SA for an existing IPsec policy. + * + * This job sets a routed CHILD_SA for an existing IPsec policy. */ struct migrate_job_t { /** @@ -49,15 +49,13 @@ struct migrate_job_t { * @param reqid reqid of the CHILD_SA to acquire * @param src_ts source traffic selector to be used in the policy * @param dst_ts destination traffic selector to be used in the policy - * @param dir direction of the policy (in|out) - * @param local local host address to be used in the IKE_SA - * @param remote remote host address to be used in the IKE_SA + * @param dir direction of the policy (in|out) + * @param local local host address to be used in the IKE_SA + * @param remote remote host address to be used in the IKE_SA * @return migrate_job_t object */ migrate_job_t *migrate_job_create(u_int32_t reqid, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t dir, - host_t *local, host_t *remote); + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t dir, host_t *local, host_t *remote); #endif /** MIGRATE_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/process_message_job.c b/src/charon/processing/jobs/process_message_job.c index 1f0b3e287..a47d48e38 100644 --- a/src/charon/processing/jobs/process_message_job.c +++ b/src/charon/processing/jobs/process_message_job.c @@ -28,7 +28,7 @@ struct private_process_message_job_t { * public process_message_job_t interface */ process_message_job_t public; - + /** * Message associated with this job */ @@ -50,9 +50,9 @@ static void destroy(private_process_message_job_t *this) static void execute(private_process_message_job_t *this) { ike_sa_t *ike_sa; - + #ifdef ME - /* if this is an unencrypted INFORMATIONAL exchange it is likely a + /* if this is an unencrypted INFORMATIONAL exchange it is likely a * connectivity check. */ if (this->message->get_exchange_type(this->message) == INFORMATIONAL && this->message->get_first_payload_type(this->message) != ENCRYPTED) @@ -67,7 +67,7 @@ static void execute(private_process_message_job_t *this) return; } #endif /* ME */ - + ike_sa = charon->ike_sa_manager->checkout_by_message(charon->ike_sa_manager, this->message); if (ike_sa) @@ -98,9 +98,9 @@ process_message_job_t *process_message_job_create(message_t *message) /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void(*)(job_t*))destroy; - + /* private variables */ this->message = message; - + return &(this->public); } diff --git a/src/charon/processing/jobs/process_message_job.h b/src/charon/processing/jobs/process_message_job.h index b01d388f9..5e3f44d1f 100644 --- a/src/charon/processing/jobs/process_message_job.h +++ b/src/charon/processing/jobs/process_message_job.h @@ -40,7 +40,7 @@ struct process_message_job_t { /** * Creates a job of type PROCESS_MESSAGE. - * + * * @param message message to process * @return created process_message_job_t object */ diff --git a/src/charon/processing/jobs/rekey_child_sa_job.c b/src/charon/processing/jobs/rekey_child_sa_job.c index 17fcf641b..b797d181e 100644 --- a/src/charon/processing/jobs/rekey_child_sa_job.c +++ b/src/charon/processing/jobs/rekey_child_sa_job.c @@ -28,17 +28,17 @@ struct private_rekey_child_sa_job_t { * Public rekey_child_sa_job_t interface. */ rekey_child_sa_job_t public; - + /** * reqid of the child to rekey */ u_int32_t reqid; - + /** * protocol of the CHILD_SA (ESP/AH) */ protocol_id_t protocol; - + /** * inbound SPI of the CHILD_SA */ @@ -59,7 +59,7 @@ static void destroy(private_rekey_child_sa_job_t *this) static void execute(private_rekey_child_sa_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, this->reqid, TRUE); if (ike_sa == NULL) @@ -69,7 +69,7 @@ static void execute(private_rekey_child_sa_job_t *this) } else { - ike_sa->rekey_child_sa(ike_sa, this->protocol, this->spi); + ike_sa->rekey_child_sa(ike_sa, this->protocol, this->spi); charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); } destroy(this); @@ -78,20 +78,20 @@ static void execute(private_rekey_child_sa_job_t *this) /* * Described in header */ -rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, - protocol_id_t protocol, +rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, + protocol_id_t protocol, u_int32_t spi) { private_rekey_child_sa_job_t *this = malloc_thing(private_rekey_child_sa_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - + /* private variables */ this->reqid = reqid; this->protocol = protocol; this->spi = spi; - + return &this->public; } diff --git a/src/charon/processing/jobs/rekey_child_sa_job.h b/src/charon/processing/jobs/rekey_child_sa_job.h index 2e2eef361..62887d6b9 100644 --- a/src/charon/processing/jobs/rekey_child_sa_job.h +++ b/src/charon/processing/jobs/rekey_child_sa_job.h @@ -51,7 +51,7 @@ struct rekey_child_sa_job_t { * @param spi security parameter index of the CHILD_SA * @return rekey_child_sa_job_t object */ -rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, +rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid, protocol_id_t protocol, u_int32_t spi); #endif /** REKEY_CHILD_SA_JOB_H_ @}*/ diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.c b/src/charon/processing/jobs/rekey_ike_sa_job.c index 1ceb1e144..5ec0b1b88 100644 --- a/src/charon/processing/jobs/rekey_ike_sa_job.c +++ b/src/charon/processing/jobs/rekey_ike_sa_job.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "rekey_ike_sa_job.h" #include @@ -27,12 +27,12 @@ struct private_rekey_ike_sa_job_t { * Public rekey_ike_sa_job_t interface. */ rekey_ike_sa_job_t public; - + /** * ID of the IKE_SA to rekey */ ike_sa_id_t *ike_sa_id; - + /** * force reauthentication of the peer (full IKE_SA setup) */ @@ -55,7 +55,7 @@ static void execute(private_rekey_ike_sa_job_t *this) { ike_sa_t *ike_sa; status_t status = SUCCESS; - + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); if (ike_sa == NULL) @@ -72,7 +72,7 @@ static void execute(private_rekey_ike_sa_job_t *this) { status = ike_sa->rekey(ike_sa); } - + if (status == DESTROY_ME) { charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); @@ -91,14 +91,14 @@ static void execute(private_rekey_ike_sa_job_t *this) rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth) { private_rekey_ike_sa_job_t *this = malloc_thing(private_rekey_ike_sa_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*)(job_t*)) destroy; - + /* private variables */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); this->reauth = reauth; - + return &(this->public); } diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.h b/src/charon/processing/jobs/rekey_ike_sa_job.h index 0d830e134..a5c1028aa 100644 --- a/src/charon/processing/jobs/rekey_ike_sa_job.h +++ b/src/charon/processing/jobs/rekey_ike_sa_job.h @@ -29,7 +29,7 @@ typedef struct rekey_ike_sa_job_t rekey_ike_sa_job_t; /** * Class representing an REKEY_IKE_SA Job. - * + * * This job initiates the rekeying of an IKE_SA. */ struct rekey_ike_sa_job_t { diff --git a/src/charon/processing/jobs/retransmit_job.c b/src/charon/processing/jobs/retransmit_job.c index 122cad853..fc787f208 100644 --- a/src/charon/processing/jobs/retransmit_job.c +++ b/src/charon/processing/jobs/retransmit_job.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "retransmit_job.h" #include @@ -28,7 +28,7 @@ struct private_retransmit_job_t { * Public retransmit_job_t interface. */ retransmit_job_t public; - + /** * Message ID of the request to resend. */ @@ -55,7 +55,7 @@ static void destroy(private_retransmit_job_t *this) static void execute(private_retransmit_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); if (ike_sa) @@ -80,7 +80,7 @@ static void execute(private_retransmit_job_t *this) retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id) { private_retransmit_job_t *this = malloc_thing(private_retransmit_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; @@ -88,6 +88,6 @@ retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa /* private variables */ this->message_id = message_id; this->ike_sa_id = ike_sa_id->clone(ike_sa_id); - + return &this->public; } diff --git a/src/charon/processing/jobs/retransmit_job.h b/src/charon/processing/jobs/retransmit_job.h index 4c9bea1c8..c8c13479b 100644 --- a/src/charon/processing/jobs/retransmit_job.h +++ b/src/charon/processing/jobs/retransmit_job.h @@ -44,7 +44,7 @@ struct retransmit_job_t { /** * Creates a job of type retransmit. - * + * * @param message_id message_id of the request to resend * @param ike_sa_id identification of the ike_sa as ike_sa_id_t * @return retransmit_job_t object diff --git a/src/charon/processing/jobs/roam_job.c b/src/charon/processing/jobs/roam_job.c index c01f83248..adc884a8a 100644 --- a/src/charon/processing/jobs/roam_job.c +++ b/src/charon/processing/jobs/roam_job.c @@ -31,7 +31,7 @@ struct private_roam_job_t { * public roam_job_t interface */ roam_job_t public; - + /** * has the address list changed, or the routing only? */ @@ -47,16 +47,16 @@ static void destroy(private_roam_job_t *this) } /** - * Implementation of job_t.execute. - */ + * Implementation of job_t.execute. + */ static void execute(private_roam_job_t *this) { ike_sa_t *ike_sa; linked_list_t *list; ike_sa_id_t *id; enumerator_t *enumerator; - - /* enumerator over all IKE_SAs gives us no way to checkin_and_destroy + + /* enumerator over all IKE_SAs gives us no way to checkin_and_destroy * after a DESTROY_ME, so we check out each available IKE_SA by hand. */ list = linked_list_create(); enumerator = charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager); @@ -66,7 +66,7 @@ static void execute(private_roam_job_t *this) list->insert_last(list, id->clone(id)); } enumerator->destroy(enumerator); - + while (list->remove_last(list, (void**)&id) == SUCCESS) { ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, id); @@ -95,10 +95,10 @@ static void execute(private_roam_job_t *this) roam_job_t *roam_job_create(bool address) { private_roam_job_t *this = malloc_thing(private_roam_job_t); - + this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + this->address = address; return &this->public; diff --git a/src/charon/processing/jobs/roam_job.h b/src/charon/processing/jobs/roam_job.h index 7bb1227f5..55bdf2b28 100644 --- a/src/charon/processing/jobs/roam_job.h +++ b/src/charon/processing/jobs/roam_job.h @@ -29,7 +29,7 @@ typedef struct roam_job_t roam_job_t; /** * A job to inform IKE_SAs about changed local address setup. - * + * * If a local address appears or disappears, the kernel fires this job to * update all IKE_SAs. */ @@ -43,7 +43,7 @@ struct roam_job_t { /** * Creates a job to inform IKE_SAs about an updated address list. - * + * * @param address TRUE if address list changed, FALSE if routing changed * @return initiate_ike_sa_job_t object */ diff --git a/src/charon/processing/jobs/send_dpd_job.c b/src/charon/processing/jobs/send_dpd_job.c index c6e81a56f..1c2da52b8 100644 --- a/src/charon/processing/jobs/send_dpd_job.c +++ b/src/charon/processing/jobs/send_dpd_job.c @@ -31,7 +31,7 @@ struct private_send_dpd_job_t { * public send_dpd_job_t interface */ send_dpd_job_t public; - + /** * ID of the IKE_SA which the message belongs to. */ @@ -48,12 +48,12 @@ static void destroy(private_send_dpd_job_t *this) } /** - * Implementation of job_t.execute. - */ + * Implementation of job_t.execute. + */ static void execute(private_send_dpd_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); if (ike_sa) @@ -76,11 +76,11 @@ static void execute(private_send_dpd_job_t *this) send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id) { private_send_dpd_job_t *this = malloc_thing(private_send_dpd_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + /* private variables */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); diff --git a/src/charon/processing/jobs/send_dpd_job.h b/src/charon/processing/jobs/send_dpd_job.h index 91556a9d1..8078a38bc 100644 --- a/src/charon/processing/jobs/send_dpd_job.h +++ b/src/charon/processing/jobs/send_dpd_job.h @@ -29,7 +29,7 @@ typedef struct send_dpd_job_t send_dpd_job_t; /** * Class representing a SEND_DPD Job. - * + * * Job to periodically send a Dead Peer Detection (DPD) request, * ie. an IKE request with no payloads other than the encrypted payload * required by the syntax. @@ -43,7 +43,7 @@ struct send_dpd_job_t { /** * Creates a job of type SEND_DPD. - * + * * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) * @return initiate_ike_sa_job_t object */ diff --git a/src/charon/processing/jobs/send_keepalive_job.c b/src/charon/processing/jobs/send_keepalive_job.c index 5d3cfb530..3d02cea2e 100644 --- a/src/charon/processing/jobs/send_keepalive_job.c +++ b/src/charon/processing/jobs/send_keepalive_job.c @@ -31,7 +31,7 @@ struct private_send_keepalive_job_t { * public send_keepalive_job_t interface */ send_keepalive_job_t public; - + /** * ID of the IKE_SA which the message belongs to. */ @@ -49,11 +49,11 @@ static void destroy(private_send_keepalive_job_t *this) /** * Implementation of job_t.execute. - */ + */ static void execute(private_send_keepalive_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); if (ike_sa) @@ -70,11 +70,11 @@ static void execute(private_send_keepalive_job_t *this) send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id) { private_send_keepalive_job_t *this = malloc_thing(private_send_keepalive_job_t); - + /* interface functions */ this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + /* private variables */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); diff --git a/src/charon/processing/jobs/send_keepalive_job.h b/src/charon/processing/jobs/send_keepalive_job.h index f92e6217a..cda83cd7e 100644 --- a/src/charon/processing/jobs/send_keepalive_job.h +++ b/src/charon/processing/jobs/send_keepalive_job.h @@ -29,7 +29,7 @@ typedef struct send_keepalive_job_t send_keepalive_job_t; /** * Class representing a SEND_KEEPALIVE Job. - * + * * This job will send a NAT keepalive packet if the IKE SA is still alive, * and reinsert itself into the event queue. */ @@ -42,7 +42,7 @@ struct send_keepalive_job_t { /** * Creates a job of type SEND_KEEPALIVE. - * + * * @param ike_sa_id identification of the ike_sa as ike_sa_id_t object (gets cloned) * @return initiate_ike_sa_job_t object */ diff --git a/src/charon/processing/jobs/update_sa_job.c b/src/charon/processing/jobs/update_sa_job.c index 5e6c83942..17dce2548 100644 --- a/src/charon/processing/jobs/update_sa_job.c +++ b/src/charon/processing/jobs/update_sa_job.c @@ -31,12 +31,12 @@ struct private_update_sa_job_t { * public update_sa_job_t interface */ update_sa_job_t public; - + /** * reqid of the CHILD_SA */ u_int32_t reqid; - + /** * New SA address and port */ @@ -53,12 +53,12 @@ static void destroy(private_update_sa_job_t *this) } /** - * Implementation of job_t.execute. - */ + * Implementation of job_t.execute. + */ static void execute(private_update_sa_job_t *this) { ike_sa_t *ike_sa; - + ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, this->reqid, TRUE); if (ike_sa == NULL) @@ -84,10 +84,10 @@ static void execute(private_update_sa_job_t *this) update_sa_job_t *update_sa_job_create(u_int32_t reqid, host_t *new) { private_update_sa_job_t *this = malloc_thing(private_update_sa_job_t); - + this->public.job_interface.execute = (void (*) (job_t *)) execute; this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - + this->reqid = reqid; this->new = new; diff --git a/src/charon/processing/jobs/update_sa_job.h b/src/charon/processing/jobs/update_sa_job.h index 93262d46f..11d1ac9b6 100644 --- a/src/charon/processing/jobs/update_sa_job.h +++ b/src/charon/processing/jobs/update_sa_job.h @@ -40,7 +40,7 @@ struct update_sa_job_t { /** * Creates a job to update IKE and CHILD_SA addresses. - * + * * @param reqid reqid of the CHILD_SA * @param new new address and port * @return update_sa_job_t object diff --git a/src/charon/processing/processor.c b/src/charon/processing/processor.c index 4a3943323..d5774af26 100644 --- a/src/charon/processing/processor.c +++ b/src/charon/processing/processor.c @@ -13,16 +13,17 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include -#include #include #include #include "processor.h" #include -#include +#include +#include +#include #include @@ -41,22 +42,28 @@ struct private_processor_t { * Number of running threads */ u_int total_threads; - + /** * Desired number of threads */ u_int desired_threads; - + /** * Number of threads waiting for work */ u_int idle_threads; + /** + * All threads managed in the pool (including threads that have been + * cancelled, this allows to join them during destruction) + */ + linked_list_t *threads; + /** * The jobs are stored in a linked list */ linked_list_t *list; - + /** * access to linked_list is locked through this mutex */ @@ -66,7 +73,7 @@ struct private_processor_t { * Condvar to wait for new jobs */ condvar_t *job_added; - + /** * Condvar to wait for terminated threads */ @@ -80,17 +87,23 @@ static void process_jobs(private_processor_t *this); */ static void restart(private_processor_t *this) { - pthread_t thread; - + thread_t *thread; + + DBG2(DBG_JOB, "terminated worker thread, ID: %u", thread_current_id()); + /* respawn thread if required */ - if (this->desired_threads == 0 || - pthread_create(&thread, NULL, (void*)process_jobs, this) != 0) + this->mutex->lock(this->mutex); + if (this->desired_threads < this->total_threads || + (thread = thread_create((thread_main_t)process_jobs, this)) == NULL) { - this->mutex->lock(this->mutex); this->total_threads--; - this->thread_terminated->broadcast(this->thread_terminated); - this->mutex->unlock(this->mutex); + this->thread_terminated->signal(this->thread_terminated); } + else + { + this->threads->insert_last(this->threads, thread); + } + this->mutex->unlock(this->mutex); } /** @@ -98,17 +111,16 @@ static void restart(private_processor_t *this) */ static void process_jobs(private_processor_t *this) { - int oldstate; - - pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &oldstate); - - DBG2(DBG_JOB, "started worker thread, thread_ID: %06u", (int)pthread_self()); - + /* worker threads are not cancellable by default */ + thread_cancelability(FALSE); + + DBG2(DBG_JOB, "started worker thread, ID: %u", thread_current_id()); + this->mutex->lock(this->mutex); while (this->desired_threads >= this->total_threads) { job_t *job; - + if (this->list->get_count(this->list) == 0) { this->idle_threads++; @@ -119,14 +131,13 @@ static void process_jobs(private_processor_t *this) this->list->remove_first(this->list, (void**)&job); this->mutex->unlock(this->mutex); /* terminated threads are restarted, so we have a constant pool */ - pthread_cleanup_push((void*)restart, this); + thread_cleanup_push((thread_cleanup_t)restart, this); job->execute(job); - pthread_cleanup_pop(0); + thread_cleanup_pop(FALSE); this->mutex->lock(this->mutex); } - this->total_threads--; - this->thread_terminated->signal(this->thread_terminated); this->mutex->unlock(this->mutex); + restart(this); } /** @@ -136,7 +147,7 @@ static u_int get_total_threads(private_processor_t *this) { u_int count; this->mutex->lock(this->mutex); - count = this->total_threads; + count = this->total_threads; this->mutex->unlock(this->mutex); return count; } @@ -175,7 +186,7 @@ static void queue_job(private_processor_t *this, job_t *job) this->job_added->signal(this->job_added); this->mutex->unlock(this->mutex); } - + /** * Implementation of processor_t.set_threads. */ @@ -185,14 +196,16 @@ static void set_threads(private_processor_t *this, u_int count) if (count > this->total_threads) { /* increase thread count */ int i; - pthread_t current; - + thread_t *current; + this->desired_threads = count; DBG1(DBG_JOB, "spawning %d worker threads", count - this->total_threads); for (i = this->total_threads; i < count; i++) { - if (pthread_create(¤t, NULL, (void*)process_jobs, this) == 0) + current = thread_create((thread_main_t)process_jobs, this); + if (current) { + this->threads->insert_last(this->threads, current); this->total_threads++; } } @@ -210,6 +223,7 @@ static void set_threads(private_processor_t *this, u_int count) */ static void destroy(private_processor_t *this) { + thread_t *current; set_threads(this, 0); this->mutex->lock(this->mutex); while (this->total_threads > 0) @@ -217,11 +231,17 @@ static void destroy(private_processor_t *this) this->job_added->broadcast(this->job_added); this->thread_terminated->wait(this->thread_terminated, this->mutex); } + while (this->threads->remove_first(this->threads, + (void**)¤t) == SUCCESS) + { + current->join(current); + } this->mutex->unlock(this->mutex); this->thread_terminated->destroy(this->thread_terminated); this->job_added->destroy(this->job_added); this->mutex->destroy(this->mutex); this->list->destroy_offset(this->list, offsetof(job_t, destroy)); + this->threads->destroy(this->threads); free(this); } @@ -231,22 +251,23 @@ static void destroy(private_processor_t *this) processor_t *processor_create(size_t pool_size) { private_processor_t *this = malloc_thing(private_processor_t); - + this->public.get_total_threads = (u_int(*)(processor_t*))get_total_threads; this->public.get_idle_threads = (u_int(*)(processor_t*))get_idle_threads; this->public.get_job_load = (u_int(*)(processor_t*))get_job_load; this->public.queue_job = (void(*)(processor_t*, job_t*))queue_job; this->public.set_threads = (void(*)(processor_t*, u_int))set_threads; this->public.destroy = (void(*)(processor_t*))destroy; - + this->list = linked_list_create(); + this->threads = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->job_added = condvar_create(CONDVAR_TYPE_DEFAULT); this->thread_terminated = condvar_create(CONDVAR_TYPE_DEFAULT); this->total_threads = 0; this->desired_threads = 0; this->idle_threads = 0; - + return &this->public; } diff --git a/src/charon/processing/processor.h b/src/charon/processing/processor.h index e56e69382..5bf8cf573 100644 --- a/src/charon/processing/processor.h +++ b/src/charon/processing/processor.h @@ -33,21 +33,21 @@ typedef struct processor_t processor_t; * The processor uses threads to process queued jobs. */ struct processor_t { - + /** * Get the total number of threads used by the processor. - * + * * @return size of thread pool */ u_int (*get_total_threads) (processor_t *this); - + /** * Get the number of threads currently waiting. - * + * * @return number of idle threads */ u_int (*get_idle_threads) (processor_t *this); - + /** * Get the number of queued jobs. * @@ -60,10 +60,10 @@ struct processor_t { * * This function is non blocking and adds a job_t to the queue. * - * @param job job to add to the queue + * @param job job to add to the queue */ void (*queue_job) (processor_t *this, job_t *job); - + /** * Set the number of threads to use in the processor. * @@ -75,7 +75,7 @@ struct processor_t { * @param count number of threads to allocate */ void (*set_threads)(processor_t *this, u_int count); - + /** * Destroy a processor object. */ diff --git a/src/charon/processing/scheduler.c b/src/charon/processing/scheduler.c index 1f59205af..345af502a 100644 --- a/src/charon/processing/scheduler.c +++ b/src/charon/processing/scheduler.c @@ -16,14 +16,15 @@ */ #include -#include #include "scheduler.h" #include #include #include -#include +#include +#include +#include /* the initial size of the heap */ #define HEAP_SIZE_DEFAULT 64 @@ -38,7 +39,7 @@ struct event_t { * Time to fire the event. */ timeval_t time; - + /** * Every event has its assigned job. */ @@ -60,37 +61,37 @@ typedef struct private_scheduler_t private_scheduler_t; * Private data of a scheduler_t object. */ struct private_scheduler_t { - + /** * Public part of a scheduler_t object. */ scheduler_t public; - + /** * Job which queues scheduled jobs to the processor. */ callback_job_t *job; - + /** * The heap in which the events are stored. */ event_t **heap; - + /** * The size of the heap. */ u_int heap_size; - + /** * The number of scheduled events. */ u_int event_count; - + /** * Exclusive access to list */ mutex_t *mutex; - + /** * Condvar to wait for next job. */ @@ -140,12 +141,12 @@ static event_t *remove_event(private_scheduler_t *this) { return NULL; } - + /* store the value to return */ event = this->heap[1]; /* move the bottom event to the top */ top = this->heap[1] = this->heap[this->event_count]; - + if (--this->event_count > 1) { /* seep down the top event */ @@ -153,7 +154,7 @@ static event_t *remove_event(private_scheduler_t *this) while ((position << 1) <= this->event_count) { u_int child = position << 1; - + if ((child + 1) <= this->event_count && timeval_cmp(&this->heap[child + 1]->time, &this->heap[child]->time) < 0) @@ -161,14 +162,14 @@ static event_t *remove_event(private_scheduler_t *this) /* the "right" child is smaller */ child++; } - + if (timeval_cmp(&top->time, &this->heap[child]->time) <= 0) { /* the top event fires before the smaller of the two children, * stop */ break; } - + /* swap with the smaller child */ this->heap[position] = this->heap[child]; position = child; @@ -185,13 +186,12 @@ static job_requeue_t schedule(private_scheduler_t * this) { timeval_t now; event_t *event; - int oldstate; - bool timed = FALSE; - + bool timed = FALSE, oldstate; + this->mutex->lock(this->mutex); - - gettimeofday(&now, NULL); - + + time_monotonic(&now); + if ((event = peek_event(this)) != NULL) { if (timeval_cmp(&now, &event->time) >= 0) @@ -215,9 +215,9 @@ static job_requeue_t schedule(private_scheduler_t * this) } timed = TRUE; } - pthread_cleanup_push((void*)this->mutex->unlock, this->mutex); - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); - + thread_cleanup_push((thread_cleanup_t)this->mutex->unlock, this->mutex); + oldstate = thread_cancelability(TRUE); + if (timed) { this->condvar->timed_wait_abs(this->condvar, this->mutex, event->time); @@ -227,8 +227,8 @@ static job_requeue_t schedule(private_scheduler_t * this) DBG2(DBG_JOB, "no events, waiting"); this->condvar->wait(this->condvar, this->mutex); } - pthread_setcancelstate(oldstate, NULL); - pthread_cleanup_pop(TRUE); + thread_cancelability(oldstate); + thread_cleanup_pop(TRUE); return JOB_REQUEUE_DIRECT; } @@ -251,13 +251,13 @@ static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) { event_t *event; u_int position; - + event = malloc_thing(event_t); event->job = job; event->time = tv; - + this->mutex->lock(this->mutex); - + this->event_count++; if (this->event_count > this->heap_size) { @@ -268,7 +268,7 @@ static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) } /* "put" the event to the bottom */ position = this->event_count; - + /* then bubble it up */ while (position > 1 && timeval_cmp(&this->heap[position >> 1]->time, &event->time) > 0) @@ -278,7 +278,7 @@ static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) position >>= 1; } this->heap[position] = event; - + this->condvar->signal(this->condvar); this->mutex->unlock(this->mutex); } @@ -289,10 +289,10 @@ static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) static void schedule_job(private_scheduler_t *this, job_t *job, u_int32_t s) { timeval_t tv; - - gettimeofday(&tv, NULL); + + time_monotonic(&tv); tv.tv_sec += s; - + schedule_job_tv(this, job, tv); } @@ -302,13 +302,13 @@ static void schedule_job(private_scheduler_t *this, job_t *job, u_int32_t s) static void schedule_job_ms(private_scheduler_t *this, job_t *job, u_int32_t ms) { timeval_t tv, add; - - gettimeofday(&tv, NULL); + + time_monotonic(&tv); add.tv_sec = ms / 1000; add.tv_usec = (ms % 1000) * 1000; - + timeradd(&tv, &add, &tv); - + schedule_job_tv(this, job, tv); } @@ -335,24 +335,24 @@ static void destroy(private_scheduler_t *this) scheduler_t * scheduler_create() { private_scheduler_t *this = malloc_thing(private_scheduler_t); - + this->public.get_job_load = (u_int (*) (scheduler_t *this)) get_job_load; this->public.schedule_job = (void (*) (scheduler_t *this, job_t *job, u_int32_t s)) schedule_job; this->public.schedule_job_ms = (void (*) (scheduler_t *this, job_t *job, u_int32_t ms)) schedule_job_ms; this->public.schedule_job_tv = (void (*) (scheduler_t *this, job_t *job, timeval_t tv)) schedule_job_tv; this->public.destroy = (void(*)(scheduler_t*)) destroy; - + /* Note: the root of the heap is at index 1 */ this->event_count = 0; this->heap_size = HEAP_SIZE_DEFAULT; this->heap = (event_t**)calloc(this->heap_size + 1, sizeof(event_t*)); - + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); - + this->job = callback_job_create((callback_job_cb_t)schedule, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); - + return &this->public; } diff --git a/src/charon/processing/scheduler.h b/src/charon/processing/scheduler.h index 502f70b33..5f5d2a563 100644 --- a/src/charon/processing/scheduler.h +++ b/src/charon/processing/scheduler.h @@ -25,8 +25,6 @@ typedef struct scheduler_t scheduler_t; -#include - #include #include @@ -81,7 +79,7 @@ typedef struct scheduler_t scheduler_t; * children has a smaller key or it is again a leaf node. */ struct scheduler_t { - + /** * Adds a event to the queue, using a relative time offset in s. * @@ -89,7 +87,7 @@ struct scheduler_t { * @param time relative time to schedule job, in s */ void (*schedule_job) (scheduler_t *this, job_t *job, u_int32_t s); - + /** * Adds a event to the queue, using a relative time offset in ms. * @@ -97,22 +95,25 @@ struct scheduler_t { * @param time relative time to schedule job, in ms */ void (*schedule_job_ms) (scheduler_t *this, job_t *job, u_int32_t ms); - + /** * Adds a event to the queue, using an absolut time. * + * The passed timeval should be calculated based on the time_monotonic() + * function. + * * @param job job to schedule * @param time absolut time to schedule job */ void (*schedule_job_tv) (scheduler_t *this, job_t *job, timeval_t tv); - + /** * Returns number of jobs scheduled. * * @return number of scheduled jobs */ u_int (*get_job_load) (scheduler_t *this); - + /** * Destroys a scheduler object. */ diff --git a/src/charon/sa/authenticators/authenticator.c b/src/charon/sa/authenticators/authenticator.c index ea8a16279..13586a23e 100644 --- a/src/charon/sa/authenticators/authenticator.c +++ b/src/charon/sa/authenticators/authenticator.c @@ -75,7 +75,7 @@ authenticator_t *authenticator_create_verifier( chunk_t received_init, chunk_t sent_init) { auth_payload_t *auth_payload; - + auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); if (auth_payload == NULL) { diff --git a/src/charon/sa/authenticators/authenticator.h b/src/charon/sa/authenticators/authenticator.h index c60881629..fff91ed34 100644 --- a/src/charon/sa/authenticators/authenticator.h +++ b/src/charon/sa/authenticators/authenticator.h @@ -36,34 +36,34 @@ typedef struct authenticator_t authenticator_t; */ enum auth_method_t { /** - * Computed as specified in section 2.15 of RFC using + * Computed as specified in section 2.15 of RFC using * an RSA private key over a PKCS#1 padded hash. */ AUTH_RSA = 1, - + /** - * Computed as specified in section 2.15 of RFC using the - * shared key associated with the identity in the ID payload + * Computed as specified in section 2.15 of RFC using the + * shared key associated with the identity in the ID payload * and the negotiated prf function */ AUTH_PSK = 2, - + /** - * Computed as specified in section 2.15 of RFC using a + * Computed as specified in section 2.15 of RFC using a * DSS private key over a SHA-1 hash. */ AUTH_DSS = 3, - + /** * ECDSA with SHA-256 on the P-256 curve as specified in RFC 4754 */ AUTH_ECDSA_256 = 9, - + /** * ECDSA with SHA-384 on the P-384 curve as specified in RFC 4754 */ AUTH_ECDSA_384 = 10, - + /** * ECDSA with SHA-512 on the P-521 curve as specified in RFC 4754 */ @@ -115,7 +115,7 @@ struct authenticator_t { * - NEED_MORE if another exchange required */ status_t (*process)(authenticator_t *this, message_t *message); - + /** * Attach authentication data to an outgoing message. * @@ -126,7 +126,17 @@ struct authenticator_t { * - NEED_MORE if another exchange required */ status_t (*build)(authenticator_t *this, message_t *message); - + + /** + * Check if the authenticator is capable of mutual authentication. + * + * Some authenticator authenticate both peers, e.g. EAP. To support + * mutual authentication with only a single authenticator (EAP-only + * authentication), it must be mutual. This method is invoked in ike_auth + * to check if the given authenticator is capable of doing so. + */ + bool (*is_mutual)(authenticator_t *this); + /** * Destroy authenticator instance. */ @@ -151,7 +161,7 @@ authenticator_t *authenticator_create_builder( /** * Create an authenticator to verify signatures. - * + * * @param ike_sa associated ike_sa * @param message message containing authentication data * @param received_nonce nonce received in IKE_SA_INIT diff --git a/src/charon/sa/authenticators/eap/eap_manager.c b/src/charon/sa/authenticators/eap/eap_manager.c index 24a4fd6ed..f795183f0 100644 --- a/src/charon/sa/authenticators/eap/eap_manager.c +++ b/src/charon/sa/authenticators/eap/eap_manager.c @@ -16,7 +16,7 @@ #include "eap_manager.h" #include -#include +#include typedef struct private_eap_manager_t private_eap_manager_t; typedef struct eap_entry_t eap_entry_t; @@ -25,22 +25,22 @@ typedef struct eap_entry_t eap_entry_t; * EAP constructor entry */ struct eap_entry_t { - + /** * EAP method type, vendor specific if vendor is set */ eap_type_t type; - + /** * vendor ID, 0 for default EAP methods */ u_int32_t vendor; - + /** * Role of the method returned by the constructor, EAP_SERVER or EAP_PEER */ eap_role_t role; - + /** * constructor function to create instance */ @@ -56,12 +56,12 @@ struct private_eap_manager_t { * public functions */ eap_manager_t public; - + /** * list of eap_entry_t's */ linked_list_t *methods; - + /** * rwlock to lock methods */ @@ -76,7 +76,7 @@ static void add_method(private_eap_manager_t *this, eap_type_t type, eap_constructor_t constructor) { eap_entry_t *entry = malloc_thing(eap_entry_t); - + entry->type = type; entry->vendor = vendor; entry->role = role; @@ -94,7 +94,7 @@ static void remove_method(private_eap_manager_t *this, eap_constructor_t constru { enumerator_t *enumerator; eap_entry_t *entry; - + this->lock->write_lock(this->lock); enumerator = this->methods->create_enumerator(this->methods); while (enumerator->enumerate(enumerator, &entry)) @@ -120,7 +120,7 @@ static eap_method_t* create_instance(private_eap_manager_t *this, enumerator_t *enumerator; eap_entry_t *entry; eap_method_t *method = NULL; - + this->lock->read_lock(this->lock); enumerator = this->methods->create_enumerator(this->methods); while (enumerator->enumerate(enumerator, &entry)) @@ -156,15 +156,15 @@ static void destroy(private_eap_manager_t *this) eap_manager_t *eap_manager_create() { private_eap_manager_t *this = malloc_thing(private_eap_manager_t); - + this->public.add_method = (void(*)(eap_manager_t*, eap_type_t type, u_int32_t vendor, eap_role_t role, eap_constructor_t constructor))add_method; this->public.remove_method = (void(*)(eap_manager_t*, eap_constructor_t constructor))remove_method; this->public.create_instance = (eap_method_t*(*)(eap_manager_t*, eap_type_t type, u_int32_t vendor, eap_role_t role, identification_t*,identification_t*))create_instance; this->public.destroy = (void(*)(eap_manager_t*))destroy; - + this->methods = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + return &this->public; } diff --git a/src/charon/sa/authenticators/eap/eap_manager.h b/src/charon/sa/authenticators/eap/eap_manager.h index 667c54a8e..0333fb6da 100644 --- a/src/charon/sa/authenticators/eap/eap_manager.h +++ b/src/charon/sa/authenticators/eap/eap_manager.h @@ -45,14 +45,14 @@ struct eap_manager_t { */ void (*add_method)(eap_manager_t *this, eap_type_t type, u_int32_t vendor, eap_role_t role, eap_constructor_t constructor); - + /** * Unregister a EAP method implementation using it's constructor. * * @param constructor constructor function to remove, as added in add_method */ void (*remove_method)(eap_manager_t *this, eap_constructor_t constructor); - + /** * Create a new EAP method instance. * @@ -67,11 +67,11 @@ struct eap_manager_t { u_int32_t vendor, eap_role_t role, identification_t *server, identification_t *peer); - + /** - * Destroy a eap_manager instance. - */ - void (*destroy)(eap_manager_t *this); + * Destroy a eap_manager instance. + */ + void (*destroy)(eap_manager_t *this); }; /** diff --git a/src/charon/sa/authenticators/eap/eap_method.c b/src/charon/sa/authenticators/eap/eap_method.c index 1d1900301..91fa5305f 100644 --- a/src/charon/sa/authenticators/eap/eap_method.c +++ b/src/charon/sa/authenticators/eap/eap_method.c @@ -34,6 +34,25 @@ ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2, "EAP_EXPERIMENTAL"); ENUM_END(eap_type_names, EAP_EXPERIMENTAL); +ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC, + "ID", + "NTF", + "NAK", + "MD5", + "OTP", + "GTC"); +ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_GTC, + "SIM"); +ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_SIM, + "AKA"); +ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA, + "MSCHAPV2"); +ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2, + "RAD", + "EXP", + "XP"); +ENUM_END(eap_type_short_names, EAP_EXPERIMENTAL); + /* * See header */ @@ -53,7 +72,7 @@ eap_type_t eap_type_from_string(char *name) {"mschapv2", EAP_MSCHAPV2}, {"radius", EAP_RADIUS}, }; - + for (i = 0; i < countof(types); i++) { if (strcaseeq(name, types[i].name)) @@ -71,6 +90,13 @@ ENUM(eap_code_names, EAP_REQUEST, EAP_FAILURE, "EAP_FAILURE", ); +ENUM(eap_code_short_names, EAP_REQUEST, EAP_FAILURE, + "REQ", + "RES", + "SUCC", + "FAIL", +); + ENUM(eap_role_names, EAP_SERVER, EAP_PEER, "EAP_SERVER", "EAP_PEER", diff --git a/src/charon/sa/authenticators/eap/eap_method.h b/src/charon/sa/authenticators/eap/eap_method.h index 578b89e96..4cab84535 100644 --- a/src/charon/sa/authenticators/eap/eap_method.h +++ b/src/charon/sa/authenticators/eap/eap_method.h @@ -66,6 +66,11 @@ enum eap_type_t { */ extern enum_name_t *eap_type_names; +/** + * short string enum names for eap_type_t. + */ +extern enum_name_t *eap_type_short_names; + /** * Lookup the EAP method type from a string. * @@ -89,6 +94,11 @@ enum eap_code_t { */ extern enum_name_t *eap_code_names; +/** + * short string enum names for eap_code_t. + */ +extern enum_name_t *eap_code_short_names; + /** * Interface of an EAP method for server and client side. * @@ -107,7 +117,7 @@ extern enum_name_t *eap_code_names; * EAP-Identity exchange always uses identifier 0. */ struct eap_method_t { - + /** * Initiate the EAP exchange. * @@ -121,7 +131,7 @@ struct eap_method_t { * - FAILED, if unable to create eap request payload */ status_t (*initiate) (eap_method_t *this, eap_payload_t **out); - + /** * Process a received EAP message. * @@ -136,7 +146,7 @@ struct eap_method_t { */ status_t (*process) (eap_method_t *this, eap_payload_t *in, eap_payload_t **out); - + /** * Get the EAP type implemented in this method. * @@ -144,17 +154,17 @@ struct eap_method_t { * @return type of the EAP method */ eap_type_t (*get_type) (eap_method_t *this, u_int32_t *vendor); - + /** * Check if this EAP method authenticates the server. * - * Some EAP methods provide mutual authentication and + * Some EAP methods provide mutual authentication and * allow authentication using only EAP, if the peer supports it. * * @return TRUE if methods provides mutual authentication */ bool (*is_mutual) (eap_method_t *this); - + /** * Get the MSK established by this EAP method. * @@ -167,7 +177,7 @@ struct eap_method_t { * - FAILED, if MSK not established (yet) */ status_t (*get_msk) (eap_method_t *this, chunk_t *msk); - + /** * Destroys a eap_method_t object. */ diff --git a/src/charon/sa/authenticators/eap/sim_manager.c b/src/charon/sa/authenticators/eap/sim_manager.c index 51cd4fb3f..5060a3147 100644 --- a/src/charon/sa/authenticators/eap/sim_manager.c +++ b/src/charon/sa/authenticators/eap/sim_manager.c @@ -15,6 +15,7 @@ #include "sim_manager.h" +#include #include typedef struct private_sim_manager_t private_sim_manager_t; @@ -23,21 +24,26 @@ typedef struct private_sim_manager_t private_sim_manager_t; * Private data of an sim_manager_t object. */ struct private_sim_manager_t { - + /** * Public sim_manager_t interface. */ sim_manager_t public; - + /** * list of added cards */ linked_list_t *cards; - + /** * list of added provider */ - linked_list_t *provider; + linked_list_t *providers; + + /** + * list of added hooks + */ + linked_list_t *hooks; }; /** @@ -57,37 +63,431 @@ static void remove_card(private_sim_manager_t *this, sim_card_t *card) } /** - * Implementation of sim_manager_t.create_card_enumerator + * Implementation of sim_manager_t.card_get_triplet + */ +static bool card_get_triplet(private_sim_manager_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], + char kc[SIM_KC_LEN]) +{ + enumerator_t *enumerator; + sim_card_t *card; + int tried = 0; + + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + if (card->get_triplet(card, id, rand, sres, kc)) + { + enumerator->destroy(enumerator); + return TRUE; + } + tried++; + } + enumerator->destroy(enumerator); + DBG1(DBG_IKE, "tried %d SIM cards, but none has triplets for '%Y'", + tried, id); + return FALSE; +} + +/** + * Implementation of sim_manager_t.card_get_quintuplet + */ +static status_t card_get_quintuplet(private_sim_manager_t *this, + identification_t *id, char rand[AKA_RAND_LEN], + char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], + char ik[AKA_IK_LEN], char res[AKA_RES_MAX], + int *res_len) +{ + enumerator_t *enumerator; + sim_card_t *card; + status_t status = NOT_FOUND; + int tried = 0; + + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + status = card->get_quintuplet(card, id, rand, autn, ck, ik, res, res_len); + switch (status) + { /* try next on error, but not on INVALID_STATE */ + case SUCCESS: + case INVALID_STATE: + enumerator->destroy(enumerator); + return status; + case NOT_SUPPORTED: + case FAILED: + default: + tried++; + continue; + } + } + enumerator->destroy(enumerator); + DBG1(DBG_IKE, "tried %d SIM cards, but none has quintuplets for '%Y'", + tried, id); + return status; +} + +/** + * Implementation of sim_manager_t.card_resync + */ +static bool card_resync(private_sim_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +{ + enumerator_t *enumerator; + sim_card_t *card; + + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + if (card->resync(card, id, rand, auts)) + { + enumerator->destroy(enumerator); + return TRUE; + } + } + enumerator->destroy(enumerator); + return FALSE; +} + +/** + * Implementation of sim_manager_t.card_set_pseudonym + */ +static void card_set_pseudonym(private_sim_manager_t *this, + identification_t *id, identification_t *pseudonym) +{ + enumerator_t *enumerator; + sim_card_t *card; + + DBG1(DBG_IKE, "storing pseudonym '%Y' for '%Y'", pseudonym, id); + + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + card->set_pseudonym(card, id, pseudonym); + } + enumerator->destroy(enumerator); +} + +/** + * Implementation of sim_manager_t.card_get_pseudonym + */ +static identification_t* card_get_pseudonym(private_sim_manager_t *this, + identification_t *id) +{ + enumerator_t *enumerator; + sim_card_t *card; + identification_t *pseudonym = NULL; + + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + pseudonym = card->get_pseudonym(card, id); + if (pseudonym) + { + DBG1(DBG_IKE, "using stored pseudonym identity '%Y' " + "instead of '%Y'", pseudonym, id); + break; + } + } + enumerator->destroy(enumerator); + return pseudonym; +} + +/** + * Implementation of sim_manager_t.card_set_reauth */ -static enumerator_t* create_card_enumerator(private_sim_manager_t *this) +static void card_set_reauth(private_sim_manager_t *this, identification_t *id, + identification_t *next, char mk[HASH_SIZE_SHA1], + u_int16_t counter) { - return this->cards->create_enumerator(this->cards); + enumerator_t *enumerator; + sim_card_t *card; + + DBG1(DBG_IKE, "storing next reauthentication identity '%Y' for '%Y'", + next, id); + + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + card->set_reauth(card, id, next, mk, counter); + } + enumerator->destroy(enumerator); +} + +/** + * Implementation of sim_manager_t.card_get_reauth + */ +static identification_t* card_get_reauth(private_sim_manager_t *this, + identification_t *id, char mk[HASH_SIZE_SHA1], + u_int16_t *counter) +{ + enumerator_t *enumerator; + sim_card_t *card; + identification_t *reauth = NULL; + + enumerator = this->cards->create_enumerator(this->cards); + while (enumerator->enumerate(enumerator, &card)) + { + reauth = card->get_reauth(card, id, mk, counter); + if (reauth) + { + DBG1(DBG_IKE, "using stored reauthentication identity '%Y' " + "instead of '%Y'", reauth, id); + break; + } + } + enumerator->destroy(enumerator); + return reauth; } /** * Implementation of sim_manager_t.add_provider */ -static void add_provider(private_sim_manager_t *this, - sim_provider_t *provider) +static void add_provider(private_sim_manager_t *this, sim_provider_t *provider) { - this->provider->insert_last(this->provider, provider); + this->providers->insert_last(this->providers, provider); } /** * Implementation of sim_manager_t.remove_provider */ static void remove_provider(private_sim_manager_t *this, - sim_provider_t *provider) + sim_provider_t *provider) { - this->provider->remove(this->provider, provider, NULL); + this->providers->remove(this->providers, provider, NULL); } /** - * Implementation of sim_manager_t.create_provider_enumerator + * Implementation of sim_manager_t.provider_get_triplet */ -static enumerator_t* create_provider_enumerator(private_sim_manager_t *this) +static bool provider_get_triplet(private_sim_manager_t *this, + identification_t *id, char rand[SIM_RAND_LEN], + char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]) { - return this->provider->create_enumerator(this->provider); + enumerator_t *enumerator; + sim_provider_t *provider; + int tried = 0; + + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + if (provider->get_triplet(provider, id, rand, sres, kc)) + { + enumerator->destroy(enumerator); + return TRUE; + } + tried++; + } + enumerator->destroy(enumerator); + DBG1(DBG_IKE, "tried %d SIM providers, but none had a triplet for '%Y'", + tried, id); + return FALSE; +} + +/** + * Implementation of sim_manager_t.provider_get_quintuplet + */ +static bool provider_get_quintuplet(private_sim_manager_t *this, + identification_t *id, char rand[AKA_RAND_LEN], + char xres[AKA_RES_MAX], int *xres_len, + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], + char autn[AKA_AUTN_LEN]) +{ + enumerator_t *enumerator; + sim_provider_t *provider; + int tried = 0; + + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + if (provider->get_quintuplet(provider, id, rand, xres, xres_len, + ck, ik, autn)) + { + enumerator->destroy(enumerator); + return TRUE; + } + } + enumerator->destroy(enumerator); + DBG1(DBG_IKE, "tried %d SIM providers, but none had a quintuplet for '%Y'", + tried, id); + return FALSE; +} + +/** + * Implementation of sim_manager_t.provider_resync + */ +static bool provider_resync(private_sim_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]) +{ + enumerator_t *enumerator; + sim_provider_t *provider; + + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + if (provider->resync(provider, id, rand, auts)) + { + enumerator->destroy(enumerator); + return TRUE; + } + } + enumerator->destroy(enumerator); + return FALSE; +} + +/** + * Implementation of sim_manager_t.provider_is_pseudonym + */ +static identification_t* provider_is_pseudonym(private_sim_manager_t *this, + identification_t *id) +{ + enumerator_t *enumerator; + sim_provider_t *provider; + identification_t *permanent = NULL; + + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + permanent = provider->is_pseudonym(provider, id); + if (permanent) + { + DBG1(DBG_IKE, "received pseudonym identity '%Y' " + "mapping to '%Y'", id, permanent); + break; + } + } + enumerator->destroy(enumerator); + return permanent; +} + +/** + * Implementation of sim_manager_t.provider_gen_pseudonym + */ +static identification_t* provider_gen_pseudonym(private_sim_manager_t *this, + identification_t *id) +{ + enumerator_t *enumerator; + sim_provider_t *provider; + identification_t *pseudonym = NULL; + + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + pseudonym = provider->gen_pseudonym(provider, id); + if (pseudonym) + { + DBG1(DBG_IKE, "proposing new pseudonym '%Y'", pseudonym); + break; + } + } + enumerator->destroy(enumerator); + return pseudonym; +} + +/** + * Implementation of sim_manager_t.provider_is_reauth + */ +static identification_t* provider_is_reauth(private_sim_manager_t *this, + identification_t *id, char mk[HASH_SIZE_SHA1], + u_int16_t *counter) +{ + enumerator_t *enumerator; + sim_provider_t *provider; + identification_t *permanent = NULL; + + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + permanent = provider->is_reauth(provider, id, mk, counter); + if (permanent) + { + DBG1(DBG_IKE, "received reauthentication identity '%Y' " + "mapping to '%Y'", id, permanent); + break; + } + } + enumerator->destroy(enumerator); + return permanent; +} + +/** + * Implementation of sim_manager_t.provider_gen_reauth + */ +static identification_t* provider_gen_reauth(private_sim_manager_t *this, + identification_t *id, char mk[HASH_SIZE_SHA1]) +{ + enumerator_t *enumerator; + sim_provider_t *provider; + identification_t *reauth = NULL; + + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, &provider)) + { + reauth = provider->gen_reauth(provider, id, mk); + if (reauth) + { + DBG1(DBG_IKE, "proposing new reauthentication identity '%Y'", reauth); + break; + } + } + enumerator->destroy(enumerator); + return reauth; +} + +/** + * Implementation of sim_manager_t.add_hooks + */ +static void add_hooks(private_sim_manager_t *this, sim_hooks_t *hooks) +{ + this->hooks->insert_last(this->hooks, hooks); +} + +/** + * Implementation of sim_manager_t.remove_hooks + */ +static void remove_hooks(private_sim_manager_t *this, sim_hooks_t *hooks) +{ + this->hooks->remove(this->hooks, hooks, NULL); +} + +/** + * Implementation of sim_manager_t.attribute_hook + */ +static bool attribute_hook(private_sim_manager_t *this, eap_code_t code, + eap_type_t type, u_int8_t subtype, + u_int8_t attribute, chunk_t data) +{ + enumerator_t *enumerator; + sim_hooks_t *hooks; + bool filter = FALSE; + + enumerator = this->hooks->create_enumerator(this->hooks); + while (enumerator->enumerate(enumerator, &hooks)) + { + if (hooks->attribute(hooks, code, type, subtype, attribute, data)) + { + filter = TRUE; + break; + } + } + enumerator->destroy(enumerator); + return filter; +} + +/** + * Implementation of sim_manager_t.key_hook + */ +static void key_hook(private_sim_manager_t *this, + chunk_t k_encr, chunk_t k_auth) +{ + enumerator_t *enumerator; + sim_hooks_t *hooks; + + enumerator = this->hooks->create_enumerator(this->hooks); + while (enumerator->enumerate(enumerator, &hooks)) + { + hooks->keys(hooks, k_encr, k_auth); + } + enumerator->destroy(enumerator); } /** @@ -96,7 +496,8 @@ static enumerator_t* create_provider_enumerator(private_sim_manager_t *this) static void destroy(private_sim_manager_t *this) { this->cards->destroy(this->cards); - this->provider->destroy(this->provider); + this->providers->destroy(this->providers); + this->hooks->destroy(this->hooks); free(this); } @@ -106,18 +507,35 @@ static void destroy(private_sim_manager_t *this) sim_manager_t *sim_manager_create() { private_sim_manager_t *this = malloc_thing(private_sim_manager_t); - + this->public.add_card = (void(*)(sim_manager_t*, sim_card_t *card))add_card; this->public.remove_card = (void(*)(sim_manager_t*, sim_card_t *card))remove_card; - this->public.create_card_enumerator = (enumerator_t*(*)(sim_manager_t*))create_card_enumerator; + this->public.card_get_triplet = (bool(*)(sim_manager_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))card_get_triplet; + this->public.card_get_quintuplet = (status_t(*)(sim_manager_t*, identification_t *id, char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char res[AKA_RES_MAX], int *res_len))card_get_quintuplet; + this->public.card_resync = (bool(*)(sim_manager_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))card_resync; + this->public.card_set_pseudonym = (void(*)(sim_manager_t*, identification_t *id, identification_t *pseudonym))card_set_pseudonym; + this->public.card_get_pseudonym = (identification_t*(*)(sim_manager_t*, identification_t *id))card_get_pseudonym; + this->public.card_set_reauth = (void(*)(sim_manager_t*, identification_t *id, identification_t *next, char mk[HASH_SIZE_SHA1], u_int16_t counter))card_set_reauth; + this->public.card_get_reauth = (identification_t*(*)(sim_manager_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))card_get_reauth; this->public.add_provider = (void(*)(sim_manager_t*, sim_provider_t *provider))add_provider; this->public.remove_provider = (void(*)(sim_manager_t*, sim_provider_t *provider))remove_provider; - this->public.create_provider_enumerator = (enumerator_t*(*)(sim_manager_t*))create_provider_enumerator; + this->public.provider_get_triplet = (bool(*)(sim_manager_t*, identification_t *id, char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], char kc[SIM_KC_LEN]))provider_get_triplet; + this->public.provider_get_quintuplet = (bool(*)(sim_manager_t*, identification_t *id, char rand[AKA_RAND_LEN], char xres[AKA_RES_MAX], int *xres_len, char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], char autn[AKA_AUTN_LEN]))provider_get_quintuplet; + this->public.provider_resync = (bool(*)(sim_manager_t*, identification_t *id, char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]))provider_resync; + this->public.provider_is_pseudonym = (identification_t*(*)(sim_manager_t*, identification_t *id))provider_is_pseudonym; + this->public.provider_gen_pseudonym = (identification_t*(*)(sim_manager_t*, identification_t *id))provider_gen_pseudonym; + this->public.provider_is_reauth = (identification_t*(*)(sim_manager_t*, identification_t *id, char mk[HASH_SIZE_SHA1], u_int16_t *counter))provider_is_reauth; + this->public.provider_gen_reauth = (identification_t*(*)(sim_manager_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))provider_gen_reauth; + this->public.add_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))add_hooks; + this->public.remove_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))remove_hooks; + this->public.attribute_hook = (bool(*)(sim_manager_t*, eap_code_t code, eap_type_t type, u_int8_t subtype, u_int8_t attribute, chunk_t data))attribute_hook; + this->public.key_hook = (void(*)(sim_manager_t*, chunk_t k_encr, chunk_t k_auth))key_hook; this->public.destroy = (void(*)(sim_manager_t*))destroy; - + this->cards = linked_list_create(); - this->provider = linked_list_create(); - + this->providers = linked_list_create(); + this->hooks = linked_list_create(); + return &this->public; } diff --git a/src/charon/sa/authenticators/eap/sim_manager.h b/src/charon/sa/authenticators/eap/sim_manager.h index 3c6d66dfe..49d27cbaa 100644 --- a/src/charon/sa/authenticators/eap/sim_manager.h +++ b/src/charon/sa/authenticators/eap/sim_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,105 +21,484 @@ #ifndef SIM_MANAGER_H_ #define SIM_MANAGER_H_ +#include #include #include +#include typedef struct sim_manager_t sim_manager_t; typedef struct sim_card_t sim_card_t; typedef struct sim_provider_t sim_provider_t; +typedef struct sim_hooks_t sim_hooks_t; + +#define SIM_RAND_LEN 16 +#define SIM_SRES_LEN 4 +#define SIM_KC_LEN 8 + +#define AKA_RAND_LEN 16 +#define AKA_RES_MAX 16 +#define AKA_CK_LEN 16 +#define AKA_IK_LEN 16 +#define AKA_AUTN_LEN 16 +#define AKA_AUTS_LEN 14 /** - * Interface for a SIM card (used as EAP client). + * Interface for a (U)SIM card (used as EAP client). + * + * The SIM card completes triplets/quintuplets requested in a challenge + * received from the server. + * An implementation supporting only one of SIM/AKA authentication may + * implement the other methods with return_false()/return NOT_SUPPORTED/NULL. */ struct sim_card_t { /** - * Get the identity of a SIM card. + * Calculate SRES/KC from a RAND for SIM authentication. + * + * @param id permanent identity to get a triplet for + * @param rand RAND input buffer, fixed size 16 bytes + * @param sres SRES output buffer, fixed size 4 byte + * @param kc KC output buffer, fixed size 8 bytes + * @return TRUE if SRES/KC calculated, FALSE on error/wrong identity + */ + bool (*get_triplet)(sim_card_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], + char kc[SIM_KC_LEN]); + + /** + * Calculate CK/IK/RES from RAND/AUTN for AKA authentication. + * + * If the received sequence number (in autn) is out of sync, INVALID_STATE + * is returned. + * The RES value is the only one with variable length. Pass a buffer + * of at least AKA_RES_MAX, the actual number of bytes is written to the + * res_len value. While the standard would allow any bit length between + * 32 and 128 bits, we support only full bytes for now. + * + * @param id permanent identity to request quintuplet for + * @param rand random value rand + * @param autn authentication token autn + * @param ck buffer receiving encryption key ck + * @param ik buffer receiving integrity key ik + * @param res buffer receiving authentication result res + * @param res_len nubmer of bytes written to res buffer + * @return SUCCESS, FAILED, or INVALID_STATE if out of sync + */ + status_t (*get_quintuplet)(sim_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], + char res[AKA_RES_MAX], int *res_len); + + /** + * Calculate AUTS from RAND for AKA resynchronization. + * + * @param id permanent identity to request quintuplet for + * @param rand random value rand + * @param auts resynchronization parameter auts + * @return TRUE if parameter generated successfully + */ + bool (*resync)(sim_card_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); + + /** + * Set the pseudonym to use for next authentication. + * + * @param id permanent identity of the peer + * @param pseudonym pseudonym identity received from the server + */ + void (*set_pseudonym)(sim_card_t *this, identification_t *id, + identification_t *pseudonym); + + /** + * Get the pseudonym previously stored via set_pseudonym(). * - * The returned identity owned by the sim_card and not destroyed outside. - * The SIM card may return ID_ANY if it does not support/use an IMSI. + * @param id permanent identity of the peer + * @return associated pseudonym identity, NULL if none stored + */ + identification_t* (*get_pseudonym)(sim_card_t *this, identification_t *id); + + /** + * Store parameters to use for the next fast reauthentication. * - * @return identity + * @param id permanent identity of the peer + * @param next next fast reauthentication identity to use + * @param mk master key MK to store for reauthentication + * @param counter counter value to store, host order */ - identification_t* (*get_imsi)(sim_card_t *this); - + void (*set_reauth)(sim_card_t *this, identification_t *id, + identification_t *next, char mk[HASH_SIZE_SHA1], + u_int16_t counter); + /** - * Calculate SRES/KC from a RAND. + * Retrieve parameters for fast reauthentication stored via set_reauth(). * - * @param rand RAND input buffer, fixed size 16 bytes - * @param sres SRES output buffer, fixed size 4 byte - * @param kc KC output buffer, fixed size 8 bytes - * @return TRUE if SRES/KC calculated, FALSE on error + * @param id permanent identity of the peer + * @param mk buffer receiving master key MK + * @param counter pointer receiving counter value, in host order + * @return fast reauthentication identity, NULL if not found */ - bool (*get_triplet)(sim_card_t *this, - char rand[16], char sres[4], char kc[8]); + identification_t* (*get_reauth)(sim_card_t *this, identification_t *id, + char mk[HASH_SIZE_SHA1], u_int16_t *counter); }; /** - * Interface for a triplet provider (used as EAP server). + * Interface for a triplet/quintuplet provider (used as EAP server). + * + * A SIM provider hands out triplets for SIM authentication and quintuplets + * for AKA authentication. Multiple SIM provider instances can serve as + * authentication backend to authenticate clients using SIM/AKA. + * An implementation supporting only one of SIM/AKA authentication may + * implement the other methods with return_false(). */ struct sim_provider_t { - + /** - * Get a single triplet to authenticate a EAP client. + * Create a challenge for SIM authentication. * - * @param imsi client identity - * @param rand RAND output buffer, fixed size 16 bytes - * @param sres SRES output buffer, fixed size 4 byte - * @param kc KC output buffer, fixed size 8 bytes - * @return TRUE if triplet received, FALSE otherwise + * @param id permanent identity of peer to gen triplet for + * @param rand RAND output buffer, fixed size 16 bytes + * @param sres SRES output buffer, fixed size 4 byte + * @param kc KC output buffer, fixed size 8 bytes + * @return TRUE if triplet received, FALSE otherwise */ - bool (*get_triplet)(sim_provider_t *this, identification_t *imsi, - char rand[16], char sres[4], char kc[8]); + bool (*get_triplet)(sim_provider_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], + char kc[SIM_KC_LEN]); + + /** + * Create a challenge for AKA authentication. + * + * The XRES value is the only one with variable length. Pass a buffer + * of at least AKA_RES_MAX, the actual number of bytes is written to the + * xres_len value. While the standard would allow any bit length between + * 32 and 128 bits, we support only full bytes for now. + * + * @param id permanent identity of peer to create challenge for + * @param rand buffer receiving random value rand + * @param xres buffer receiving expected authentication result xres + * @param xres_len nubmer of bytes written to xres buffer + * @param ck buffer receiving encryption key ck + * @param ik buffer receiving integrity key ik + * @param autn authentication token autn + * @return TRUE if quintuplet generated successfully + */ + bool (*get_quintuplet)(sim_provider_t *this, identification_t *id, + char rand[AKA_RAND_LEN], + char xres[AKA_RES_MAX], int *xres_len, + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], + char autn[AKA_AUTN_LEN]); + + /** + * Process AKA resynchroniusation request of a peer. + * + * @param id permanent identity of peer requesting resynchronisation + * @param rand random value rand + * @param auts synchronization parameter auts + * @return TRUE if resynchronized successfully + */ + bool (*resync)(sim_provider_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); + + /** + * Check if peer uses a pseudonym, get permanent identity. + * + * @param id pseudonym identity candidate + * @return permanent identity, NULL if id not a pseudonym + */ + identification_t* (*is_pseudonym)(sim_provider_t *this, + identification_t *id); + + /** + * Generate a pseudonym identitiy for a given peer identity. + * + * @param id permanent identity to generate a pseudonym for + * @return generated pseudonym, NULL to not use a pseudonym identity + */ + identification_t* (*gen_pseudonym)(sim_provider_t *this, + identification_t *id); + + /** + * Check if peer uses reauthentication, retrieve reauth parameters. + * + * @param id reauthentication identity (candidate) + * @param mk buffer receiving master key MK + * @param counter pointer receiving current counter value, host order + * @return permanent identity, NULL if id not a reauth identity + */ + identification_t* (*is_reauth)(sim_provider_t *this, identification_t *id, + char mk[HASH_SIZE_SHA1], u_int16_t *counter); + + /** + * Generate a fast reauthentication identity, associated to a master key. + * + * @param id permanent peer identity + * @param mk master key to store along with generated identity + * @return fast reauthentication identity, NULL to not use reauth + */ + identification_t* (*gen_reauth)(sim_provider_t *this, identification_t *id, + char mk[HASH_SIZE_SHA1]); }; /** - * The EAP-SIM manager handles multiple SIM cards and providers. + * Additional hooks invoked during EAP-SIM/AKA message processing. + */ +struct sim_hooks_t { + + /** + * SIM/AKA attribute parsing hook. + * + * @param code code of EAP message the attribute was parsed from + * @param type EAP method, SIM or AKA + * @param subtye method specific subtype + * @param attribute parsed SIM/AKA attribute type + * @param data attribute data + * @return TRUE to filter out attribute from further processing + */ + bool (*attribute)(sim_hooks_t *this, eap_code_t code, eap_type_t type, + u_int8_t subtype, u_int8_t attribute, chunk_t data); + + /** + * SIM/AKA encryption/authentication key hooks. + * + * @param k_encr derived SIM/AKA encryption key k_encr + * @param k_auth derived SIM/AKA authentication key k_auth + */ + void (*keys)(sim_hooks_t *this, chunk_t k_encr, chunk_t k_auth); +}; + +/** + * The SIM manager handles multiple (U)SIM cards/providers and hooks. */ struct sim_manager_t { - + /** * Register a SIM card (client) at the manager. * * @param card sim card to register */ void (*add_card)(sim_manager_t *this, sim_card_t *card); - + /** * Unregister a previously registered card from the manager. * * @param card sim card to unregister */ void (*remove_card)(sim_manager_t *this, sim_card_t *card); - + + /** + * Calculate SIM triplets on one of the registered SIM cards. + * + * @param id permanent identity to get a triplet for + * @param rand RAND input buffer, fixed size 16 bytes + * @param sres SRES output buffer, fixed size 4 byte + * @param kc KC output buffer, fixed size 8 bytes + * @return TRUE if calculated, FALSE if no matching card found + */ + bool (*card_get_triplet)(sim_manager_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], + char kc[SIM_KC_LEN]); + + /** + * Calculate AKA quitpulets on one of the registered SIM cards. + * + * @param id permanent identity to request quintuplet for + * @param rand random value rand + * @param autn authentication token autn + * @param ck buffer receiving encryption key ck + * @param ik buffer receiving integrity key ik + * @param res buffer receiving authentication result res + * @param res_len nubmer of bytes written to res buffer + * @return SUCCESS, FAILED, or INVALID_STATE if out of sync + */ + status_t (*card_get_quintuplet)(sim_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char autn[AKA_AUTN_LEN], + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], + char res[AKA_RES_MAX], int *res_len); + + /** + * Calculate resynchronization data on one of the registered SIM cards. + * + * @param id permanent identity to request quintuplet for + * @param rand random value rand + * @param auts resynchronization parameter auts + * @return TRUE if calculated, FALSE if no matcing card found + */ + bool (*card_resync)(sim_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); + + /** + * Store a received pseudonym on one of the registered SIM cards. + * + * @param id permanent identity of the peer + * @param pseudonym pseudonym identity received from the server + */ + void (*card_set_pseudonym)(sim_manager_t *this, identification_t *id, + identification_t *pseudonym); + + /** + * Get a stored pseudonym from one of the registerd SIM cards. + * + * @param id permanent identity of the peer + * @return associated pseudonym identity, NULL if none found + */ + identification_t* (*card_get_pseudonym)(sim_manager_t *this, + identification_t *id); + /** - * Create an enumerator over all registered cards. + * Store fast reauthentication parameters on one of the registered cards. * - * @return enumerator over sim_card_t's + * @param id permanent identity of the peer + * @param next next fast reauthentication identity to use + * @param mk master key MK to store for reauthentication + * @param counter counter value to store, host order */ - enumerator_t* (*create_card_enumerator)(sim_manager_t *this); - + void (*card_set_reauth)(sim_manager_t *this, identification_t *id, + identification_t *next, char mk[HASH_SIZE_SHA1], + u_int16_t counter); + + /** + * Retrieve fast reauthentication parameters from one of the registerd cards. + * + * @param id permanent identity of the peer + * @param mk buffer receiving master key MK + * @param counter pointer receiving counter value, in host order + * @return fast reauthentication identity, NULL if none found + */ + identification_t* (*card_get_reauth)(sim_manager_t *this, + identification_t *id, char mk[HASH_SIZE_SHA1], + u_int16_t *counter); + /** * Register a triplet provider (server) at the manager. * * @param card sim card to register */ void (*add_provider)(sim_manager_t *this, sim_provider_t *provider); - + /** * Unregister a previously registered provider from the manager. * * @param card sim card to unregister */ void (*remove_provider)(sim_manager_t *this, sim_provider_t *provider); - + + /** + * Get a SIM triplet from one of the registered providers. + * + * @param id permanent identity of peer to gen triplet for + * @param rand RAND output buffer, fixed size 16 bytes + * @param sres SRES output buffer, fixed size 4 byte + * @param kc KC output buffer, fixed size 8 bytes + * @return TRUE if triplet received, FALSE if no match found + */ + bool (*provider_get_triplet)(sim_manager_t *this, identification_t *id, + char rand[SIM_RAND_LEN], char sres[SIM_SRES_LEN], + char kc[SIM_KC_LEN]); + + /** + * Get a AKA quintuplet from one of the registered providers. + * + * @param id permanent identity of peer to create challenge for + * @param rand buffer receiving random value rand + * @param xres buffer receiving expected authentication result xres + * @param ck buffer receiving encryption key ck + * @param ik buffer receiving integrity key ik + * @param autn authentication token autn + * @return TRUE if quintuplet received, FALSE if no match found + */ + bool (*provider_get_quintuplet)(sim_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], + char xres[AKA_RES_MAX], int *xres_len, + char ck[AKA_CK_LEN], char ik[AKA_IK_LEN], + char autn[AKA_AUTN_LEN]); + /** - * Create an enumerator over all registered provider. + * Pass AKA resynchronization data to one of the registered providers. * - * @return enumerator over sim_provider_t's + * @param id permanent identity of peer requesting resynchronisation + * @param rand random value rand + * @param auts synchronization parameter auts + * @return TRUE if resynchronized, FALSE if not handled */ - enumerator_t* (*create_provider_enumerator)(sim_manager_t *this); - + bool (*provider_resync)(sim_manager_t *this, identification_t *id, + char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]); + + /** + * Check if a peer uses a pseudonym using one of the registered providers. + * + * @param id pseudonym identity candidate + * @return permanent identity, NULL if id not a pseudonym + */ + identification_t* (*provider_is_pseudonym)(sim_manager_t *this, + identification_t *id); + + /** + * Generate a new pseudonym using one of the registered providers. + * + * @param id permanent identity to generate a pseudonym for + * @return generated pseudonym, NULL to not use a pseudonym identity + */ + identification_t* (*provider_gen_pseudonym)(sim_manager_t *this, + identification_t *id); + + /** + * Check if a peer uses a reauth id using one of the registered providers. + * + * @param id reauthentication identity (candidate) + * @param mk buffer receiving master key MK + * @param counter pointer receiving current counter value, host order + * @return permanent identity, NULL if not a known reauth identity + */ + identification_t* (*provider_is_reauth)(sim_manager_t *this, + identification_t *id, char mk[HASH_SIZE_SHA1], + u_int16_t *counter); + + /** + * Generate a fast reauth id using one of the registered providers. + * + * @param id permanent peer identity + * @param mk master key to store along with generated identity + * @return fast reauthentication identity, NULL to not use reauth + */ + identification_t* (*provider_gen_reauth)(sim_manager_t *this, + identification_t *id, char mk[HASH_SIZE_SHA1]); + + /** + * Register a set of hooks to the manager. + * + * @param hooks hook interface implementation to register + */ + void (*add_hooks)(sim_manager_t *this, sim_hooks_t *hooks); + + /** + * Unregister a set of hooks from the manager. + * + * @param hooks hook interface implementation to unregister + */ + void (*remove_hooks)(sim_manager_t *this, sim_hooks_t *hooks); + + /** + * Invoke SIM/AKA attribute hook. + * + * @param code EAP message code (Request/response/success/failed) + * @param type EAP method type, EAP-SIM or AKA + * @param subtype method specific message subtype + * @param attribute SIM/AKA attribute type + * @param data attribute data + * @return TRUE to filter out attribute from further processing + */ + bool (*attribute_hook)(sim_manager_t *this, eap_code_t code, + eap_type_t type, u_int8_t subtype, + u_int8_t attribute, chunk_t data); + + /** + * Invoke SIM/AKA key hook. + * + * @param k_encr SIM/AKA encryption key k_encr + * @param k_auth SIM/AKA authentication key k_auth + */ + void (*key_hook)(sim_manager_t *this, chunk_t k_encr, chunk_t k_auth); + /** * Destroy a manager instance. */ @@ -127,7 +506,7 @@ struct sim_manager_t { }; /** - * Create an SIM manager to handle multiple SIM cards/providers. + * Create an SIM manager to handle multiple (U)SIM cards/providers. * * @return sim_t object */ diff --git a/src/charon/sa/authenticators/eap_authenticator.c b/src/charon/sa/authenticators/eap_authenticator.c index 2abdf7a02..16911050a 100644 --- a/src/charon/sa/authenticators/eap_authenticator.c +++ b/src/charon/sa/authenticators/eap_authenticator.c @@ -26,62 +26,67 @@ typedef struct private_eap_authenticator_t private_eap_authenticator_t; * Private data of an eap_authenticator_t object. */ struct private_eap_authenticator_t { - + /** * Public authenticator_t interface. */ eap_authenticator_t public; - + /** * Assigned IKE_SA */ ike_sa_t *ike_sa; - + /** * others nonce to include in AUTH calculation */ chunk_t received_nonce; - + /** * our nonce to include in AUTH calculation */ chunk_t sent_nonce; - + /** * others IKE_SA_INIT message data to include in AUTH calculation */ chunk_t received_init; - + /** * our IKE_SA_INIT message data to include in AUTH calculation */ chunk_t sent_init; - + /** * Current EAP method processing */ eap_method_t *method; - + /** * MSK used to build and verify auth payload */ chunk_t msk; - + /** * EAP authentication method completed successfully */ bool eap_complete; - + + /** + * Set if we require mutual EAP due EAP-only authentication + */ + bool require_mutual; + /** * authentication payload verified successfully */ bool auth_complete; - + /** * generated EAP payload */ eap_payload_t *eap_payload; - + /** * EAP identity of peer */ @@ -95,7 +100,7 @@ static eap_method_t *load_method(private_eap_authenticator_t *this, eap_type_t type, u_int32_t vendor, eap_role_t role) { identification_t *server, *peer; - + if (role == EAP_SERVER) { server = this->ike_sa->get_my_id(this->ike_sa); @@ -125,9 +130,10 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this, identification_t *id; u_int32_t vendor; eap_payload_t *out; - + char *action; + auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); - + /* initiate EAP-Identity exchange if required */ if (!this->eap_identity && do_identity) { @@ -150,32 +156,61 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this, /* invoke real EAP method */ type = (uintptr_t)auth->get(auth, AUTH_RULE_EAP_TYPE); vendor = (uintptr_t)auth->get(auth, AUTH_RULE_EAP_VENDOR); + action = "loading"; this->method = load_method(this, type, vendor, EAP_SERVER); - if (this->method && - this->method->initiate(this->method, &out) == NEED_MORE) + if (this->method) { - if (vendor) + action = "initiating"; + if (this->method->initiate(this->method, &out) == NEED_MORE) { - DBG1(DBG_IKE, "initiating EAP vendor type %d-%d", type, vendor); - - } - else - { - DBG1(DBG_IKE, "initiating %N", eap_type_names, type); + if (vendor) + { + DBG1(DBG_IKE, "initiating EAP vendor type %d-%d method", + type, vendor); + } + else + { + DBG1(DBG_IKE, "initiating %N method", eap_type_names, type); + } + return out; } - return out; } if (vendor) { - DBG1(DBG_IKE, "initiating EAP vendor type %d-%d failed", type, vendor); + DBG1(DBG_IKE, "%s EAP vendor type %d-%d method failed", + action, type, vendor); } else { - DBG1(DBG_IKE, "initiating %N failed", eap_type_names, type); + DBG1(DBG_IKE, "%s %N method failed", action, eap_type_names, type); } return eap_payload_create_code(EAP_FAILURE, 0); } +/** + * Replace the existing EAP-Identity in other auth config + */ +static void replace_eap_identity(private_eap_authenticator_t *this) +{ + enumerator_t *enumerator; + auth_rule_t rule; + auth_cfg_t *cfg; + void *ptr; + + cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); + enumerator = cfg->create_enumerator(cfg); + while (enumerator->enumerate(enumerator, &rule, &ptr)) + { + if (rule == AUTH_RULE_EAP_IDENTITY) + { + cfg->replace(cfg, enumerator, AUTH_RULE_EAP_IDENTITY, + this->eap_identity->clone(this->eap_identity)); + break; + } + } + enumerator->destroy(enumerator); +} + /** * Handle EAP exchange as server */ @@ -186,14 +221,14 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, u_int32_t vendor, received_vendor; eap_payload_t *out; auth_cfg_t *cfg; - + if (in->get_code(in) != EAP_RESPONSE) { DBG1(DBG_IKE, "received %N, sending %N", eap_code_names, in->get_code(in), eap_code_names, EAP_FAILURE); return eap_payload_create_code(EAP_FAILURE, in->get_identifier(in)); } - + type = this->method->get_type(this->method, &vendor); received_type = in->get_type(in, &received_vendor); if (type != received_type || vendor != received_vendor) @@ -210,7 +245,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, } return eap_payload_create_code(EAP_FAILURE, in->get_identifier(in)); } - + switch (this->method->process(this->method, in, &out)) { case NEED_MORE: @@ -219,14 +254,13 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, if (type == EAP_IDENTITY) { chunk_t data; - char buf[256]; - + if (this->method->get_msk(this->method, &data) == SUCCESS) { - snprintf(buf, sizeof(buf), "%.*s", data.len, data.ptr); - this->eap_identity = identification_create_from_string(buf); + this->eap_identity = identification_create_from_data(data); DBG1(DBG_IKE, "received EAP identity '%Y'", this->eap_identity); + replace_eap_identity(this); } /* restart EAP exchange, but with real method */ this->method->destroy(this->method); @@ -262,7 +296,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, if (vendor) { DBG1(DBG_IKE, "EAP vendor specific method %d-%d failed for " - "peer %Y", type, vendor, + "peer %Y", type, vendor, this->ike_sa->get_other_id(this->ike_sa)); } else @@ -286,9 +320,9 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, auth_cfg_t *auth; eap_payload_t *out; identification_t *id; - + type = in->get_type(in, &vendor); - + if (!vendor && type == EAP_IDENTITY) { DESTROY_IF(this->eap_identity); @@ -301,7 +335,7 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, DBG1(DBG_IKE, "server requested %N, sending '%Y'", eap_type_names, type, id); this->eap_identity = id->clone(id); - + this->method = load_method(this, type, vendor, EAP_PEER); if (this->method) { @@ -337,14 +371,14 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, return eap_payload_create_nak(in->get_identifier(in)); } } - + type = this->method->get_type(this->method, &vendor); - + if (this->method->process(this->method, in, &out) == NEED_MORE) { /* client methods should never return SUCCESS */ return out; } - + if (vendor) { DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", type, vendor); @@ -367,7 +401,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, identification_t *other_id; auth_cfg_t *auth; keymat_t *keymat; - + auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); if (!auth_payload) @@ -388,7 +422,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, return FALSE; } chunk_free(&auth_data); - + DBG1(DBG_IKE, "authentication of '%Y' with %N successful", other_id, auth_class_names, AUTH_CLASS_EAP); this->auth_complete = TRUE; @@ -407,13 +441,13 @@ static void build_auth(private_eap_authenticator_t *this, message_t *message, identification_t *my_id; chunk_t auth_data; keymat_t *keymat; - + my_id = this->ike_sa->get_my_id(this->ike_sa); keymat = this->ike_sa->get_keymat(this->ike_sa); - + DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N", my_id, auth_class_names, AUTH_CLASS_EAP); - + auth_data = keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, my_id); auth_payload = auth_payload_create(); auth_payload->set_auth_method(auth_payload, AUTH_PSK); @@ -429,7 +463,7 @@ static status_t process_server(private_eap_authenticator_t *this, message_t *message) { eap_payload_t *eap_payload; - + if (this->eap_complete) { if (!verify_auth(this, message, this->sent_nonce, this->received_init)) @@ -438,7 +472,7 @@ static status_t process_server(private_eap_authenticator_t *this, } return NEED_MORE; } - + if (!this->method) { this->eap_payload = server_initiate_eap(this, TRUE); @@ -465,7 +499,7 @@ static status_t build_server(private_eap_authenticator_t *this, if (this->eap_payload) { eap_code_t code; - + code = this->eap_payload->get_code(this->eap_payload); message->add_payload(message, (payload_t*)this->eap_payload); this->eap_payload = NULL; @@ -490,16 +524,25 @@ static status_t process_client(private_eap_authenticator_t *this, message_t *message) { eap_payload_t *eap_payload; - + if (this->eap_complete) { if (!verify_auth(this, message, this->sent_nonce, this->received_init)) { return FAILED; } + if (this->require_mutual && !this->method->is_mutual(this->method)) + { /* we require mutual authentication due to EAP-only */ + u_int32_t vendor; + + DBG1(DBG_IKE, "EAP-only authentication requires a mutual and " + "MSK deriving EAP method, but %N is not", + eap_type_names, this->method->get_type(this->method, &vendor)); + return FAILED; + } return SUCCESS; } - + eap_payload = (eap_payload_t*)message->get_payload(message, EXTENSIBLE_AUTHENTICATION); if (eap_payload) @@ -520,7 +563,7 @@ static status_t process_client(private_eap_authenticator_t *this, eap_type_t type; u_int32_t vendor; auth_cfg_t *cfg; - + if (this->method->get_msk(this->method, &this->msk) == SUCCESS) { this->msk = chunk_clone(this->msk); @@ -561,7 +604,7 @@ static status_t process_client(private_eap_authenticator_t *this, /** * Implementation of authenticator_t.build for a client */ -static status_t build_client(private_eap_authenticator_t *this, +static status_t build_client(private_eap_authenticator_t *this, message_t *message) { if (this->eap_payload) @@ -578,6 +621,16 @@ static status_t build_client(private_eap_authenticator_t *this, return NEED_MORE; } +/** + * Implementation of authenticator_t.is_mutual. + */ +static bool is_mutual(private_eap_authenticator_t *this) +{ + /* we don't know yet, but insist on it after EAP is complete */ + this->require_mutual = TRUE; + return TRUE; +} + /** * Implementation of authenticator_t.destroy. */ @@ -598,11 +651,12 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_init, chunk_t sent_init) { private_eap_authenticator_t *this = malloc_thing(private_eap_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build_client; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process_client; + this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))is_mutual; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->received_init = received_init; this->received_nonce = received_nonce; @@ -614,7 +668,8 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, this->eap_complete = FALSE; this->auth_complete = FALSE; this->eap_identity = NULL; - + this->require_mutual = FALSE; + return &this->public; } @@ -626,11 +681,12 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t received_init, chunk_t sent_init) { private_eap_authenticator_t *this = malloc_thing(private_eap_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *messageh))build_server; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process_server; + this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))is_mutual; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->received_init = received_init; this->received_nonce = received_nonce; @@ -642,7 +698,8 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa, this->eap_complete = FALSE; this->auth_complete = FALSE; this->eap_identity = NULL; - + this->require_mutual = FALSE; + return &this->public; } diff --git a/src/charon/sa/authenticators/eap_authenticator.h b/src/charon/sa/authenticators/eap_authenticator.h index b90a6f4df..41eb6a8c9 100644 --- a/src/charon/sa/authenticators/eap_authenticator.h +++ b/src/charon/sa/authenticators/eap_authenticator.h @@ -83,7 +83,7 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa, /** * Create an authenticator to authenticate EAP clients. - * + * * @param ike_sa associated ike_sa * @param received_nonce nonce received in IKE_SA_INIT * @param sent_nonce nonce sent in IKE_SA_INIT diff --git a/src/charon/sa/authenticators/psk_authenticator.c b/src/charon/sa/authenticators/psk_authenticator.c index 742b67789..67197d690 100644 --- a/src/charon/sa/authenticators/psk_authenticator.c +++ b/src/charon/sa/authenticators/psk_authenticator.c @@ -35,12 +35,12 @@ struct private_psk_authenticator_t { * Assigned IKE_SA */ ike_sa_t *ike_sa; - + /** * nonce to include in AUTH calculation */ chunk_t nonce; - + /** * IKE_SA_INIT message data to include in AUTH calculation */ @@ -57,7 +57,7 @@ static status_t build(private_psk_authenticator_t *this, message_t *message) shared_key_t *key; chunk_t auth_data; keymat_t *keymat; - + keymat = this->ike_sa->get_keymat(this->ike_sa); my_id = this->ike_sa->get_my_id(this->ike_sa); other_id = this->ike_sa->get_other_id(this->ike_sa); @@ -79,7 +79,7 @@ static status_t build(private_psk_authenticator_t *this, message_t *message) auth_payload->set_data(auth_payload, auth_data); chunk_free(&auth_data); message->add_payload(message, (payload_t*)auth_payload); - + return SUCCESS; } @@ -97,7 +97,7 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) bool authenticated = FALSE; int keys_found = 0; keymat_t *keymat; - + auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); if (!auth_payload) { @@ -112,7 +112,7 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) while (!authenticated && enumerator->enumerate(enumerator, &key, NULL, NULL)) { keys_found++; - + auth_data = keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce, key->get_key(key), other_id); if (auth_data.len && chunk_equals(auth_data, recv_auth_data)) @@ -124,7 +124,7 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) chunk_free(&auth_data); } enumerator->destroy(enumerator); - + if (!authenticated) { if (keys_found == 0) @@ -136,7 +136,7 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) keys_found, keys_found == 1 ? "" : "s", my_id, other_id); return FAILED; } - + auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); return SUCCESS; @@ -166,15 +166,16 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_init) { private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))return_failed; + this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->ike_sa_init = sent_init; this->nonce = received_nonce; - + return &this->public; } @@ -185,15 +186,16 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_init) { private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *messageh))return_failed; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process; + this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->ike_sa_init = received_init; this->nonce = sent_nonce; - + return &this->public; } diff --git a/src/charon/sa/authenticators/psk_authenticator.h b/src/charon/sa/authenticators/psk_authenticator.h index 5bb743d93..0fab11095 100644 --- a/src/charon/sa/authenticators/psk_authenticator.h +++ b/src/charon/sa/authenticators/psk_authenticator.h @@ -49,7 +49,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, /** * Create an authenticator to verify PSK signatures. - * + * * @param ike_sa associated ike_sa * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data diff --git a/src/charon/sa/authenticators/pubkey_authenticator.c b/src/charon/sa/authenticators/pubkey_authenticator.c index 44cabfb94..f1dca2702 100644 --- a/src/charon/sa/authenticators/pubkey_authenticator.c +++ b/src/charon/sa/authenticators/pubkey_authenticator.c @@ -26,22 +26,22 @@ typedef struct private_pubkey_authenticator_t private_pubkey_authenticator_t; * Private data of an pubkey_authenticator_t object. */ struct private_pubkey_authenticator_t { - + /** * Public authenticator_t interface. */ pubkey_authenticator_t public; - + /** * Assigned IKE_SA */ ike_sa_t *ike_sa; - + /** * nonce to include in AUTH calculation */ chunk_t nonce; - + /** * IKE_SA_INIT message data to include in AUTH calculation */ @@ -72,11 +72,11 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message) DBG1(DBG_IKE, "no private key found for '%Y'", id); return NOT_FOUND; } - + switch (private->get_type(private)) { case KEY_RSA: - /* we currently use always SHA1 for signatures, + /* we currently use always SHA1 for signatures, * TODO: support other hashes depending on configuration/auth */ scheme = SIGN_RSA_EMSA_PKCS1_SHA1; auth_method = AUTH_RSA; @@ -86,7 +86,7 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message) switch (private->get_keysize(private)) { case 32: - scheme = SIGN_ECDSA_256; + scheme = SIGN_ECDSA_256; auth_method = AUTH_ECDSA_256; break; case 48: @@ -121,11 +121,11 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message) status = SUCCESS; } DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N %s", id, - auth_method_names, auth_method, + auth_method_names, auth_method, (status == SUCCESS)? "successful":"failed"); chunk_free(&octets); private->destroy(private); - + return status; } @@ -145,7 +145,7 @@ static status_t process(private_pubkey_authenticator_t *this, message_t *message signature_scheme_t scheme; status_t status = NOT_FOUND; keymat_t *keymat; - + auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); if (!auth_payload) { @@ -231,15 +231,16 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, chunk_t received_nonce, chunk_t sent_init) { private_pubkey_authenticator_t *this = malloc_thing(private_pubkey_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))return_failed; + this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->ike_sa_init = sent_init; this->nonce = received_nonce; - + return &this->public; } @@ -250,14 +251,15 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa, chunk_t sent_nonce, chunk_t received_init) { private_pubkey_authenticator_t *this = malloc_thing(private_pubkey_authenticator_t); - + this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))return_failed; this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process; + this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - + this->ike_sa = ike_sa; this->ike_sa_init = received_init; this->nonce = sent_nonce; - + return &this->public; } diff --git a/src/charon/sa/authenticators/pubkey_authenticator.h b/src/charon/sa/authenticators/pubkey_authenticator.h index e67f020ff..be369cb89 100644 --- a/src/charon/sa/authenticators/pubkey_authenticator.h +++ b/src/charon/sa/authenticators/pubkey_authenticator.h @@ -50,7 +50,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa, /** * Create an authenticator to verify public key signatures. - * + * * @param ike_sa associated ike_sa * @param sent_nonce nonce sent in IKE_SA_INIT * @param received_init received IKE_SA_INIT message data diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c index 14d174ab5..3fdfb51ad 100644 --- a/src/charon/sa/child_sa.c +++ b/src/charon/sa/child_sa.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2008 Tobias Brunner + * Copyright (C) 2006-2009 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter @@ -46,67 +46,67 @@ struct private_child_sa_t { * Public interface of child_sa_t. */ child_sa_t public; - + /** * address of us */ host_t *my_addr; - + /** * address of remote */ host_t *other_addr; - + /** * our actually used SPI, 0 if unused */ u_int32_t my_spi; - + /** * others used SPI, 0 if unused */ u_int32_t other_spi; - + /** * our Compression Parameter Index (CPI) used, 0 if unused */ u_int16_t my_cpi; - + /** * others Compression Parameter Index (CPI) used, 0 if unused */ u_int16_t other_cpi; - + /** * List for local traffic selectors */ linked_list_t *my_ts; - + /** * List for remote traffic selectors */ linked_list_t *other_ts; - + /** * Protocol used to protect this SA, ESP|AH */ protocol_id_t protocol; - + /** * reqid used for this child_sa */ u_int32_t reqid; - + /** * absolute time when rekeying is scheduled */ time_t rekey_time; - + /** * absolute time when the SA expires */ time_t expire_time; - + /** * state of the CHILD_SA */ @@ -116,22 +116,22 @@ struct private_child_sa_t { * Specifies if UDP encapsulation is enabled (NAT traversal) */ bool encap; - + /** * Specifies the IPComp transform used (IPCOMP_NONE if disabled) */ ipcomp_transform_t ipcomp; - + /** * mode this SA uses, tunnel/transport */ ipsec_mode_t mode; - + /** - * selected proposal - */ - proposal_t *proposal; - + * selected proposal + */ + proposal_t *proposal; + /** * config used to create this child */ @@ -320,7 +320,7 @@ static bool policy_enumerate(policy_enumerator_t *this, traffic_selector_t **my_out, traffic_selector_t **other_out) { traffic_selector_t *other_ts; - + while (this->ts || this->mine->enumerate(this->mine, &this->ts)) { if (!this->other->enumerate(this->other, &other_ts)) @@ -363,14 +363,14 @@ static void policy_destroy(policy_enumerator_t *this) static enumerator_t* create_policy_enumerator(private_child_sa_t *this) { policy_enumerator_t *e = malloc_thing(policy_enumerator_t); - + e->public.enumerate = (void*)policy_enumerate; e->public.destroy = (void*)policy_destroy; e->mine = this->my_ts->create_enumerator(this->my_ts); e->other = this->other_ts->create_enumerator(this->other_ts); e->list = this->other_ts; e->ts = NULL; - + return &e->public; } @@ -384,7 +384,7 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) { status_t status = FAILED; u_int64_t bytes; - + if (inbound) { if (this->my_spi) @@ -434,12 +434,12 @@ static void update_usetime(private_child_sa_t *this, bool inbound) enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; u_int32_t last_use = 0; - + enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { u_int32_t in, out, fwd; - + if (inbound) { if (charon->kernel_interface->query_policy(charon->kernel_interface, @@ -507,7 +507,7 @@ static void get_usestats(private_child_sa_t *this, bool inbound, /** * Implementation of child_sa_t.get_lifetime */ -static u_int32_t get_lifetime(private_child_sa_t *this, bool hard) +static time_t get_lifetime(private_child_sa_t *this, bool hard) { return hard ? this->expire_time : this->rekey_time; } @@ -544,14 +544,17 @@ static u_int16_t alloc_cpi(private_child_sa_t *this) * Implementation of child_sa_t.install */ static status_t install(private_child_sa_t *this, chunk_t encr, chunk_t integ, - u_int32_t spi, u_int16_t cpi, bool inbound) + u_int32_t spi, u_int16_t cpi, bool inbound, + linked_list_t *my_ts, linked_list_t *other_ts) { u_int16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size; - u_int32_t soft, hard, now; + traffic_selector_t *src_ts = NULL, *dst_ts = NULL; + time_t now; + lifetime_cfg_t *lifetime; host_t *src, *dst; status_t status; bool update = FALSE; - + /* now we have to decide which spi to use. Use self allocated, if "in", * or the one in the proposal, if not "in" (others). Additionally, * source and dest host switch depending on the role */ @@ -573,35 +576,59 @@ static status_t install(private_child_sa_t *this, chunk_t encr, chunk_t integ, this->other_spi = spi; this->other_cpi = cpi; } - + DBG2(DBG_CHD, "adding %s %N SA", inbound ? "inbound" : "outbound", protocol_id_names, this->protocol); - + /* send SA down to the kernel */ DBG2(DBG_CHD, " SPI 0x%.8x, src %H dst %H", ntohl(spi), src, dst); - + this->proposal->get_algorithm(this->proposal, ENCRYPTION_ALGORITHM, &enc_alg, &size); this->proposal->get_algorithm(this->proposal, INTEGRITY_ALGORITHM, &int_alg, &size); - - soft = this->config->get_lifetime(this->config, TRUE); - hard = this->config->get_lifetime(this->config, FALSE); - - status = charon->kernel_interface->add_sa(charon->kernel_interface, - src, dst, spi, this->protocol, this->reqid, - inbound ? soft : 0, hard, enc_alg, encr, int_alg, integ, - this->mode, this->ipcomp, cpi, this->encap, update); - - now = time(NULL); - if (soft) + + lifetime = this->config->get_lifetime(this->config); + + now = time_monotonic(NULL); + if (lifetime->time.rekey) { - this->rekey_time = now + soft; + this->rekey_time = now + lifetime->time.rekey; } - if (hard) + if (lifetime->time.life) + { + this->expire_time = now + lifetime->time.life; + } + + if (!lifetime->time.jitter && !inbound) + { /* avoid triggering multiple rekey events */ + lifetime->time.rekey = 0; + } + + if (this->mode == MODE_BEET) { - this->expire_time = now + hard; + /* BEET requires the bound address from the traffic selectors. + * TODO: We add just the first traffic selector for now, as the + * kernel accepts a single TS per SA only */ + if (inbound) + { + my_ts->get_first(my_ts, (void**)&dst_ts); + other_ts->get_first(other_ts, (void**)&src_ts); + } + else + { + my_ts->get_first(my_ts, (void**)&src_ts); + other_ts->get_first(other_ts, (void**)&dst_ts); + } } + + status = charon->kernel_interface->add_sa(charon->kernel_interface, + src, dst, spi, this->protocol, this->reqid, lifetime, + enc_alg, encr, int_alg, integ, this->mode, this->ipcomp, cpi, + this->encap, update, src_ts, dst_ts); + + free(lifetime); + return status; } @@ -615,7 +642,7 @@ static status_t add_policies(private_child_sa_t *this, traffic_selector_t *my_ts, *other_ts; status_t status = SUCCESS; bool routed = (this->state == CHILD_CREATED); - + /* apply traffic selectors */ enumerator = my_ts_list->create_enumerator(my_ts_list); while (enumerator->enumerate(enumerator, &my_ts)) @@ -629,7 +656,7 @@ static status_t add_policies(private_child_sa_t *this, this->other_ts->insert_last(this->other_ts, other_ts->clone(other_ts)); } enumerator->destroy(enumerator); - + if (this->config->install_policy(this->config)) { /* enumerate pairs of traffic selectors */ @@ -641,7 +668,7 @@ static status_t add_policies(private_child_sa_t *this, this->my_addr, this->other_addr, my_ts, other_ts, POLICY_OUT, this->other_spi, this->protocol, this->reqid, this->mode, this->ipcomp, this->other_cpi, routed); - + status |= charon->kernel_interface->add_policy(charon->kernel_interface, this->other_addr, this->my_addr, other_ts, my_ts, POLICY_IN, this->my_spi, this->protocol, this->reqid, this->mode, @@ -653,7 +680,7 @@ static status_t add_policies(private_child_sa_t *this, this->my_spi, this->protocol, this->reqid, this->mode, this->ipcomp, this->my_cpi, routed); } - + if (status != SUCCESS) { break; @@ -661,7 +688,7 @@ static status_t add_policies(private_child_sa_t *this, } enumerator->destroy(enumerator); } - + if (status == SUCCESS && this->state == CHILD_CREATED) { /* switch to routed state if no SAD entry set up */ set_state(this, CHILD_ROUTED); @@ -677,19 +704,19 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, { child_sa_state_t old; bool transport_proxy_mode; - + /* anything changed at all? */ if (me->equals(me, this->my_addr) && other->equals(other, this->other_addr) && this->encap == encap) { return SUCCESS; } - + old = this->state; set_state(this, CHILD_UPDATING); transport_proxy_mode = this->config->use_proxy_mode(this->config) && this->mode == MODE_TRANSPORT; - + if (!transport_proxy_mode) { /* update our (initator) SA */ @@ -704,13 +731,13 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, return NOT_SUPPORTED; } } - + /* update his (responder) SA */ if (this->other_spi) { if (charon->kernel_interface->update_sa(charon->kernel_interface, this->other_spi, this->protocol, - this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0, + this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0, this->my_addr, this->other_addr, me, other, this->encap, encap) == NOT_SUPPORTED) { @@ -718,7 +745,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, } } } - + if (this->config->install_policy(this->config)) { /* update policies */ @@ -727,7 +754,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, { enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; - + /* always use high priorities, as hosts getting updated are INSTALLED */ enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) @@ -742,7 +769,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, charon->kernel_interface->del_policy(charon->kernel_interface, other_ts, my_ts, POLICY_FWD, FALSE); } - + /* check whether we have to update a "dynamic" traffic selector */ if (!me->ip_equals(me, this->my_addr) && my_ts->is_host(my_ts, this->my_addr)) @@ -754,7 +781,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, { other_ts->set_address(other_ts, other); } - + /* we reinstall the virtual IP to handle interface roaming * correctly */ if (vip) @@ -762,7 +789,7 @@ static status_t update(private_child_sa_t *this, host_t *me, host_t *other, charon->kernel_interface->del_ip(charon->kernel_interface, vip); charon->kernel_interface->add_ip(charon->kernel_interface, vip, me); } - + /* reinstall updated policies */ charon->kernel_interface->add_policy(charon->kernel_interface, me, other, my_ts, other_ts, POLICY_OUT, this->other_spi, @@ -813,12 +840,18 @@ static void destroy(private_child_sa_t *this) enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; bool unrouted = (this->state == CHILD_ROUTED); - + set_state(this, CHILD_DESTROYING); - + /* delete SAs in the kernel, if they are set up */ if (this->my_spi) { + /* if CHILD was not established, use PROTO_ESP used during alloc_spi(). + * TODO: For AH support, we have to store protocol specific SPI.s */ + if (this->protocol == PROTO_NONE) + { + this->protocol = PROTO_ESP; + } charon->kernel_interface->del_sa(charon->kernel_interface, this->other_addr, this->my_addr, this->my_spi, this->protocol, this->my_cpi); @@ -829,7 +862,7 @@ static void destroy(private_child_sa_t *this) this->my_addr, this->other_addr, this->other_spi, this->protocol, this->other_cpi); } - + if (this->config->install_policy(this->config)) { /* delete all policies in the kernel */ @@ -848,7 +881,7 @@ static void destroy(private_child_sa_t *this) } enumerator->destroy(enumerator); } - + this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy)); this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy)); this->my_addr->destroy(this->my_addr); @@ -881,20 +914,20 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, this->public.set_mode = (void(*)(child_sa_t*, ipsec_mode_t mode))set_mode; this->public.get_proposal = (proposal_t*(*)(child_sa_t*))get_proposal; this->public.set_proposal = (void(*)(child_sa_t*, proposal_t *proposal))set_proposal; - this->public.get_lifetime = (u_int32_t(*)(child_sa_t*, bool))get_lifetime; + this->public.get_lifetime = (time_t(*)(child_sa_t*, bool))get_lifetime; this->public.get_usestats = (void(*)(child_sa_t*,bool,time_t*,u_int64_t*))get_usestats; this->public.has_encap = (bool(*)(child_sa_t*))has_encap; this->public.get_ipcomp = (ipcomp_transform_t(*)(child_sa_t*))get_ipcomp; this->public.set_ipcomp = (void(*)(child_sa_t*,ipcomp_transform_t))set_ipcomp; this->public.alloc_spi = (u_int32_t(*)(child_sa_t*, protocol_id_t protocol))alloc_spi; this->public.alloc_cpi = (u_int16_t(*)(child_sa_t*))alloc_cpi; - this->public.install = (status_t(*)(child_sa_t*, chunk_t encr, chunk_t integ, u_int32_t spi, u_int16_t cpi, bool inbound))install; + this->public.install = (status_t(*)(child_sa_t*, chunk_t encr, chunk_t integ, u_int32_t spi, u_int16_t cpi, bool inbound, linked_list_t *my_ts_list, linked_list_t *other_ts_list))install; this->public.update = (status_t (*)(child_sa_t*,host_t*,host_t*,host_t*,bool))update; this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*))add_policies; this->public.get_traffic_selectors = (linked_list_t*(*)(child_sa_t*,bool))get_traffic_selectors; this->public.create_policy_enumerator = (enumerator_t*(*)(child_sa_t*))create_policy_enumerator; this->public.destroy = (void(*)(child_sa_t*))destroy; - + /* private data */ this->my_addr = me->clone(me); this->other_addr = other->clone(other); @@ -920,10 +953,10 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, this->expire_time = 0; this->config = config; config->get_ref(config); - + /* MIPv6 proxy transport mode sets SA endpoints to TS hosts */ if (config->get_mode(config) == MODE_TRANSPORT && - config->use_proxy_mode(config)) + config->use_proxy_mode(config)) { ts_type_t type; int family; @@ -932,9 +965,9 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, enumerator_t *enumerator; linked_list_t *my_ts_list, *other_ts_list; traffic_selector_t *my_ts, *other_ts; - + this->mode = MODE_TRANSPORT; - + my_ts_list = config->get_traffic_selectors(config, TRUE, NULL, me); enumerator = my_ts_list->create_enumerator(my_ts_list); if (enumerator->enumerate(enumerator, &my_ts)) @@ -955,7 +988,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, } enumerator->destroy(enumerator); my_ts_list->destroy_offset(my_ts_list, offsetof(traffic_selector_t, destroy)); - + other_ts_list = config->get_traffic_selectors(config, FALSE, NULL, other); enumerator = other_ts_list->create_enumerator(other_ts_list); if (enumerator->enumerate(enumerator, &other_ts)) @@ -977,6 +1010,6 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, enumerator->destroy(enumerator); other_ts_list->destroy_offset(other_ts_list, offsetof(traffic_selector_t, destroy)); } - + return &this->public; } diff --git a/src/charon/sa/child_sa.h b/src/charon/sa/child_sa.h index 698da8bc7..d70bed664 100644 --- a/src/charon/sa/child_sa.h +++ b/src/charon/sa/child_sa.h @@ -36,42 +36,42 @@ typedef struct child_sa_t child_sa_t; * States of a CHILD_SA */ enum child_sa_state_t { - + /** * Just created, uninstalled CHILD_SA */ CHILD_CREATED, - + /** * Installed SPD, but no SAD entries */ CHILD_ROUTED, - + /** * Installing an in-use CHILD_SA */ CHILD_INSTALLING, - + /** * Installed an in-use CHILD_SA */ CHILD_INSTALLED, - + /** * While updating hosts, in update_hosts() */ CHILD_UPDATING, - + /** * CHILD_SA which is rekeying */ CHILD_REKEYING, - + /** * CHILD_SA in progress of delete */ CHILD_DELETING, - + /** * CHILD_SA object gets destroyed */ @@ -102,14 +102,14 @@ extern enum_name_t *child_sa_state_names; * Once SAs are set up, policies can be added using add_policies. */ struct child_sa_t { - + /** * Get the name of the config this CHILD_SA uses. * * @return name */ char* (*get_name) (child_sa_t *this); - + /** * Get the reqid of the CHILD SA. * @@ -119,28 +119,28 @@ struct child_sa_t { * @return reqid of the CHILD SA */ u_int32_t (*get_reqid)(child_sa_t *this); - + /** * Get the config used to set up this child sa. * * @return child_cfg */ child_cfg_t* (*get_config) (child_sa_t *this); - + /** * Get the state of the CHILD_SA. * * @return CHILD_SA state */ child_sa_state_t (*get_state) (child_sa_t *this); - + /** * Set the state of the CHILD_SA. * * @param state state to set on CHILD_SA */ void (*set_state) (child_sa_t *this, child_sa_state_t state); - + /** * Get the SPI of this CHILD_SA. * @@ -152,7 +152,7 @@ struct child_sa_t { * @return SPI of the CHILD SA */ u_int32_t (*get_spi) (child_sa_t *this, bool inbound); - + /** * Get the CPI of this CHILD_SA. * @@ -171,71 +171,71 @@ struct child_sa_t { * @return AH | ESP */ protocol_id_t (*get_protocol) (child_sa_t *this); - + /** * Set the negotiated protocol to use for this CHILD_SA. * * @param protocol AH | ESP */ void (*set_protocol)(child_sa_t *this, protocol_id_t protocol); - + /** * Get the IPsec mode of this CHILD_SA. * * @return TUNNEL | TRANSPORT | BEET */ ipsec_mode_t (*get_mode)(child_sa_t *this); - + /** * Set the negotiated IPsec mode to use. * * @param mode TUNNEL | TRANPORT | BEET */ void (*set_mode)(child_sa_t *this, ipsec_mode_t mode); - + /** * Get the used IPComp algorithm. * * @return IPComp compression algorithm. */ ipcomp_transform_t (*get_ipcomp)(child_sa_t *this); - + /** * Set the IPComp algorithm to use. * * @param ipcomp the IPComp transform to use */ void (*set_ipcomp)(child_sa_t *this, ipcomp_transform_t ipcomp); - + /** * Get the selected proposal. * * @return selected proposal */ proposal_t* (*get_proposal)(child_sa_t *this); - + /** * Set the negotiated proposal. * * @param proposal selected proposal */ void (*set_proposal)(child_sa_t *this, proposal_t *proposal); - + /** * Check if this CHILD_SA uses UDP encapsulation. * * @return TRUE if SA encapsulates ESP packets */ bool (*has_encap)(child_sa_t *this); - + /** - * Get the lifetime of the CHILD_SA. + * Get the absolute time when the CHILD_SA expires or gets rekeyed. * * @param hard TRUE for hard lifetime, FALSE for soft (rekey) lifetime - * @return lifetime in seconds + * @return absolute time */ - u_int32_t (*get_lifetime)(child_sa_t *this, bool hard); - + time_t (*get_lifetime)(child_sa_t *this, bool hard); + /** * Get last use time and the number of bytes processed. * @@ -245,7 +245,7 @@ struct child_sa_t { */ void (*get_usestats)(child_sa_t *this, bool inbound, time_t *time, u_int64_t *bytes); - + /** * Get the traffic selectors list added for one side. * @@ -253,14 +253,14 @@ struct child_sa_t { * @return list of traffic selectors */ linked_list_t* (*get_traffic_selectors) (child_sa_t *this, bool local); - + /** * Create an enumerator over installed policies. * * @return enumerator over pairs of traffic selectors. */ enumerator_t* (*create_policy_enumerator)(child_sa_t *this); - + /** * Allocate an SPI to include in a proposal. * @@ -269,14 +269,14 @@ struct child_sa_t { * @return SPI, 0 on failure */ u_int32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol); - + /** * Allocate a CPI to use for IPComp. * * @return CPI, 0 on failure */ u_int16_t (*alloc_cpi)(child_sa_t *this); - + /** * Install an IPsec SA for one direction. * @@ -285,10 +285,13 @@ struct child_sa_t { * @param spi SPI to use, allocated for inbound * @param cpi CPI to use, allocated for outbound * @param inbound TRUE to install an inbound SA, FALSE for outbound + * @param my_ts negotiated local traffic selector list + * @param other_ts negotiated remote traffic selector list * @return SUCCESS or FAILED */ status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ, - u_int32_t spi, u_int16_t cpi, bool inbound); + u_int32_t spi, u_int16_t cpi, bool inbound, + linked_list_t *my_ts, linked_list_t *other_ts); /** * Install the policies using some traffic selectors. * diff --git a/src/charon/sa/connect_manager.c b/src/charon/sa/connect_manager.c index f26cf9405..b78ba070d 100644 --- a/src/charon/sa/connect_manager.c +++ b/src/charon/sa/connect_manager.c @@ -18,7 +18,7 @@ #include #include -#include +#include #include #include @@ -42,7 +42,6 @@ * the first check has succeeded */ #define ME_WAIT_TO_FINISH 1000 /* ms */ - typedef struct private_connect_manager_t private_connect_manager_t; /** @@ -53,24 +52,25 @@ struct private_connect_manager_t { * Public interface of connect_manager_t. */ connect_manager_t public; - + /** * Lock for exclusivly accessing the manager. */ mutex_t *mutex; - + /** * Hasher to generate signatures */ hasher_t *hasher; - + /** * Linked list with initiated mediated connections */ linked_list_t *initiated; - + /** - * Linked list with checklists (hash table with connect ID as key would be better). + * Linked list with checklists (hash table with connect ID as key would + * be better). */ linked_list_t *checklists; }; @@ -93,24 +93,24 @@ typedef struct endpoint_pair_t endpoint_pair_t; struct endpoint_pair_t { /** pair id */ u_int32_t id; - + /** priority */ u_int64_t priority; - + /** local endpoint */ - host_t *local; - - /** remote endpoint */ - host_t *remote; - - /** state */ - check_state_t state; - - /** number of retransmissions */ - u_int32_t retransmitted; - - /** the generated packet */ - packet_t *packet; + host_t *local; + + /** remote endpoint */ + host_t *remote; + + /** state */ + check_state_t state; + + /** number of retransmissions */ + u_int32_t retransmitted; + + /** the generated packet */ + packet_t *packet; }; /** @@ -119,8 +119,8 @@ struct endpoint_pair_t { static void endpoint_pair_destroy(endpoint_pair_t *this) { DESTROY_IF(this->local); - DESTROY_IF(this->remote); - DESTROY_IF(this->packet); + DESTROY_IF(this->remote); + DESTROY_IF(this->packet); free(this); } @@ -131,22 +131,24 @@ static endpoint_pair_t *endpoint_pair_create(endpoint_notify_t *initiator, endpoint_notify_t *responder, bool initiator_is_local) { endpoint_pair_t *this = malloc_thing(endpoint_pair_t); - + this->id = 0; - + u_int32_t pi = initiator->get_priority(initiator); u_int32_t pr = responder->get_priority(responder); this->priority = pow(2, 32) * min(pi, pr) + 2 * max(pi, pr) + (pi > pr ? 1 : 0); - - this->local = initiator_is_local ? initiator->get_base(initiator) : responder->get_base(responder); + + this->local = initiator_is_local ? initiator->get_base(initiator) + : responder->get_base(responder); this->local = this->local->clone(this->local); - this->remote = initiator_is_local ? responder->get_host(responder) : initiator->get_host(initiator); + this->remote = initiator_is_local ? responder->get_host(responder) + : initiator->get_host(initiator); this->remote = this->remote->clone(this->remote); - + this->state = CHECK_WAITING; this->retransmitted = 0; this->packet = NULL; - + return this; } @@ -157,50 +159,50 @@ typedef struct check_list_t check_list_t; * An entry in the linked list. */ struct check_list_t { - + struct { /** initiator's id */ identification_t *id; - + /** initiator's key */ chunk_t key; - + /** initiator's endpoints */ linked_list_t *endpoints; } initiator; - + struct { /** responder's id */ identification_t *id; - + /** responder's key */ chunk_t key; - + /** responder's endpoints */ linked_list_t *endpoints; } responder; - + /** connect id */ chunk_t connect_id; - - /** list of endpoint pairs */ - linked_list_t *pairs; - - /** pairs queued for triggered checks */ - linked_list_t *triggered; - - /** state */ - check_state_t state; - - /** TRUE if this is the initiator */ + + /** list of endpoint pairs */ + linked_list_t *pairs; + + /** pairs queued for triggered checks */ + linked_list_t *triggered; + + /** state */ + check_state_t state; + + /** TRUE if this is the initiator */ bool is_initiator; - + /** TRUE if the initiator is finishing the checks */ bool is_finishing; - + /** the current sender job */ job_t *sender; - + }; /** @@ -210,46 +212,51 @@ static void check_list_destroy(check_list_t *this) { DESTROY_IF(this->initiator.id); DESTROY_IF(this->responder.id); - + chunk_free(&this->connect_id); chunk_free(&this->initiator.key); chunk_free(&this->responder.key); - - DESTROY_OFFSET_IF(this->initiator.endpoints, offsetof(endpoint_notify_t, destroy)); - DESTROY_OFFSET_IF(this->responder.endpoints, offsetof(endpoint_notify_t, destroy)); - + + DESTROY_OFFSET_IF(this->initiator.endpoints, + offsetof(endpoint_notify_t, destroy)); + DESTROY_OFFSET_IF(this->responder.endpoints, + offsetof(endpoint_notify_t, destroy)); + DESTROY_FUNCTION_IF(this->pairs, (void*)endpoint_pair_destroy); - /* this list contains some of the same elements as contained in this->pairs */ - DESTROY_IF(this->triggered); - + /* this list contains some of the elements contained in this->pairs */ + DESTROY_IF(this->triggered); + free(this); } /** * Creates a new checklist */ -static check_list_t *check_list_create(identification_t *initiator, identification_t *responder, - chunk_t connect_id, chunk_t initiator_key, linked_list_t *initiator_endpoints, - bool is_initiator) +static check_list_t *check_list_create(identification_t *initiator, + identification_t *responder, + chunk_t connect_id, + chunk_t initiator_key, + linked_list_t *initiator_endpoints, + bool is_initiator) { check_list_t *this = malloc_thing(check_list_t); - + this->connect_id = chunk_clone(connect_id); - + this->initiator.id = initiator->clone(initiator); this->initiator.key = chunk_clone(initiator_key); this->initiator.endpoints = initiator_endpoints->clone_offset(initiator_endpoints, offsetof(endpoint_notify_t, clone)); - + this->responder.id = responder->clone(responder); this->responder.key = chunk_empty; - this->responder.endpoints = NULL; - - this->pairs = linked_list_create(); - this->triggered = linked_list_create(); - this->state = CHECK_NONE; - this->is_initiator = is_initiator; - this->is_finishing = FALSE; - + this->responder.endpoints = NULL; + + this->pairs = linked_list_create(); + this->triggered = linked_list_create(); + this->state = CHECK_NONE; + this->is_initiator = is_initiator; + this->is_finishing = FALSE; + return this; } @@ -261,10 +268,10 @@ typedef struct initiated_t initiated_t; struct initiated_t { /** my id */ identification_t *id; - + /** peer id */ identification_t *peer_id; - + /** list of mediated sas */ linked_list_t *mediated; }; @@ -276,21 +283,23 @@ static void initiated_destroy(initiated_t *this) { DESTROY_IF(this->id); DESTROY_IF(this->peer_id); - this->mediated->destroy_offset(this->mediated, offsetof(ike_sa_id_t, destroy)); + this->mediated->destroy_offset(this->mediated, + offsetof(ike_sa_id_t, destroy)); free(this); } /** * Creates a queued initiation */ -static initiated_t *initiated_create(identification_t *id, identification_t *peer_id) +static initiated_t *initiated_create(identification_t *id, + identification_t *peer_id) { initiated_t *this = malloc_thing(initiated_t); - + this->id = id->clone(id); this->peer_id = peer_id->clone(peer_id); this->mediated = linked_list_create(); - + return this; } @@ -303,24 +312,24 @@ typedef struct check_t check_t; struct check_t { /** message id */ u_int32_t mid; - + /** source of the connectivity check */ host_t *src; - + /** destination of the connectivity check */ host_t *dst; - + /** connect id */ chunk_t connect_id; - + /** endpoint */ endpoint_notify_t *endpoint; - + /** raw endpoint payload (to verify the signature) */ chunk_t endpoint_raw; - - /** connect auth */ - chunk_t auth; + + /** connect auth */ + chunk_t auth; }; /** @@ -343,16 +352,16 @@ static void check_destroy(check_t *this) static check_t *check_create() { check_t *this = malloc_thing(check_t); - + this->connect_id = chunk_empty; this->auth = chunk_empty; this->endpoint_raw = chunk_empty; this->src = NULL; this->dst = NULL; this->endpoint = NULL; - + this->mid = 0; - + return this; } @@ -364,10 +373,10 @@ typedef struct callback_data_t callback_data_t; struct callback_data_t { /** connect manager */ private_connect_manager_t *connect_manager; - + /** connect id */ chunk_t connect_id; - + /** message (pair) id */ u_int32_t mid; }; @@ -385,9 +394,9 @@ static void callback_data_destroy(callback_data_t *this) * Creates a new callback data object */ static callback_data_t *callback_data_create(private_connect_manager_t *connect_manager, - chunk_t connect_id) + chunk_t connect_id) { - callback_data_t *this = malloc_thing(callback_data_t); + callback_data_t *this = malloc_thing(callback_data_t); this->connect_manager = connect_manager; this->connect_id = chunk_clone(connect_id); this->mid = 0; @@ -398,7 +407,7 @@ static callback_data_t *callback_data_create(private_connect_manager_t *connect_ * Creates a new retransmission data object */ static callback_data_t *retransmit_data_create(private_connect_manager_t *connect_manager, - chunk_t connect_id, u_int32_t mid) + chunk_t connect_id, u_int32_t mid) { callback_data_t *this = callback_data_create(connect_manager, connect_id); this->mid = mid; @@ -413,7 +422,7 @@ typedef struct initiate_data_t initiate_data_t; struct initiate_data_t { /** checklist */ check_list_t *checklist; - + /** waiting mediated connections */ initiated_t *initiated; }; @@ -431,10 +440,11 @@ static void initiate_data_destroy(initiate_data_t *this) /** * Creates a new initiate data object */ -static initiate_data_t *initiate_data_create(check_list_t *checklist, initiated_t *initiated) +static initiate_data_t *initiate_data_create(check_list_t *checklist, + initiated_t *initiated) { initiate_data_t *this = malloc_thing(initiate_data_t); - + this->checklist = checklist; this->initiated = initiated; @@ -445,27 +455,30 @@ static initiate_data_t *initiate_data_create(check_list_t *checklist, initiated_ * Find an initiated connection by the peers' ids */ static bool match_initiated_by_ids(initiated_t *current, identification_t *id, - identification_t *peer_id) + identification_t *peer_id) { return id->equals(id, current->id) && peer_id->equals(peer_id, current->peer_id); } static status_t get_initiated_by_ids(private_connect_manager_t *this, - identification_t *id, identification_t *peer_id, initiated_t **initiated) + identification_t *id, + identification_t *peer_id, + initiated_t **initiated) { return this->initiated->find_first(this->initiated, - (linked_list_match_t)match_initiated_by_ids, - (void**)initiated, id, peer_id); + (linked_list_match_t)match_initiated_by_ids, + (void**)initiated, id, peer_id); } /** * Removes data about initiated connections */ -static void remove_initiated(private_connect_manager_t *this, initiated_t *initiated) +static void remove_initiated(private_connect_manager_t *this, + initiated_t *initiated) { iterator_t *iterator; initiated_t *current; - + iterator = this->initiated->create_iterator(this->initiated, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -487,21 +500,23 @@ static bool match_checklist_by_id(check_list_t *current, chunk_t *connect_id) } static status_t get_checklist_by_id(private_connect_manager_t *this, - chunk_t connect_id, check_list_t **check_list) + chunk_t connect_id, + check_list_t **check_list) { return this->checklists->find_first(this->checklists, - (linked_list_match_t)match_checklist_by_id, - (void**)check_list, &connect_id); + (linked_list_match_t)match_checklist_by_id, + (void**)check_list, &connect_id); } /** * Removes a checklist */ -static void remove_checklist(private_connect_manager_t *this, check_list_t *checklist) +static void remove_checklist(private_connect_manager_t *this, + check_list_t *checklist) { iterator_t *iterator; check_list_t *current; - + iterator = this->checklists->create_iterator(this->checklists, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -522,22 +537,23 @@ static bool match_endpoint_by_host(endpoint_notify_t *current, host_t *host) return host->equals(host, current->get_host(current)); } -static status_t endpoints_contain(linked_list_t *endpoints, host_t *host, endpoint_notify_t **endpoint) +static status_t endpoints_contain(linked_list_t *endpoints, host_t *host, + endpoint_notify_t **endpoint) { return endpoints->find_first(endpoints, - (linked_list_match_t)match_endpoint_by_host, - (void**)endpoint, host); + (linked_list_match_t)match_endpoint_by_host, + (void**)endpoint, host); } /** - * Inserts an endpoint pair into the list of pairs ordered by priority (high to low) + * Inserts an endpoint pair into a list of pairs ordered by priority (high to low) */ static void insert_pair_by_priority(linked_list_t *pairs, endpoint_pair_t *pair) { iterator_t *iterator; endpoint_pair_t *current; bool inserted = FALSE; - + iterator = pairs->create_iterator(pairs, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -549,7 +565,7 @@ static void insert_pair_by_priority(linked_list_t *pairs, endpoint_pair_t *pair) } } iterator->destroy(iterator); - + if (!inserted) { pairs->insert_last(pairs, pair); @@ -559,16 +575,17 @@ static void insert_pair_by_priority(linked_list_t *pairs, endpoint_pair_t *pair) /** * Searches a list of endpoint_pair_t for a pair with specific host_ts */ -static bool match_pair_by_hosts(endpoint_pair_t *current, host_t *local, host_t *remote) +static bool match_pair_by_hosts(endpoint_pair_t *current, host_t *local, + host_t *remote) { return local->equals(local, current->local) && remote->equals(remote, current->remote); } -static status_t get_pair_by_hosts(linked_list_t *pairs, host_t *local, host_t *remote, endpoint_pair_t **pair) +static status_t get_pair_by_hosts(linked_list_t *pairs, host_t *local, + host_t *remote, endpoint_pair_t **pair) { - return pairs->find_first(pairs, - (linked_list_match_t)match_pair_by_hosts, - (void**)pair, local, remote); + return pairs->find_first(pairs, (linked_list_match_t)match_pair_by_hosts, + (void**)pair, local, remote); } static bool match_pair_by_id(endpoint_pair_t *current, u_int32_t *id) @@ -579,11 +596,12 @@ static bool match_pair_by_id(endpoint_pair_t *current, u_int32_t *id) /** * Searches for a pair with a specific id */ -static status_t get_pair_by_id(check_list_t *checklist, u_int32_t id, endpoint_pair_t **pair) +static status_t get_pair_by_id(check_list_t *checklist, u_int32_t id, + endpoint_pair_t **pair) { return checklist->pairs->find_first(checklist->pairs, - (linked_list_match_t)match_pair_by_id, - (void**)pair, &id); + (linked_list_match_t)match_pair_by_id, + (void**)pair, &id); } static bool match_succeeded_pair(endpoint_pair_t *current) @@ -592,13 +610,14 @@ static bool match_succeeded_pair(endpoint_pair_t *current) } /** - * Returns the best pair of state CHECK_SUCCEEDED from a checklist. + * Returns the best pair of state CHECK_SUCCEEDED from a checklist. */ -static status_t get_best_valid_pair(check_list_t *checklist, endpoint_pair_t **pair) +static status_t get_best_valid_pair(check_list_t *checklist, + endpoint_pair_t **pair) { return checklist->pairs->find_first(checklist->pairs, - (linked_list_match_t)match_succeeded_pair, - (void**)pair); + (linked_list_match_t)match_succeeded_pair, + (void**)pair); } static bool match_waiting_pair(endpoint_pair_t *current) @@ -607,19 +626,20 @@ static bool match_waiting_pair(endpoint_pair_t *current) } /** - * Returns and *removes* the first triggered pair in state CHECK_WAITING. + * Returns and *removes* the first triggered pair in state CHECK_WAITING. */ -static status_t get_triggered_pair(check_list_t *checklist, endpoint_pair_t **pair) +static status_t get_triggered_pair(check_list_t *checklist, + endpoint_pair_t **pair) { iterator_t *iterator; endpoint_pair_t *current; status_t status = NOT_FOUND; - + iterator = checklist->triggered->create_iterator(checklist->triggered, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { iterator->remove(iterator); - + if (current->state == CHECK_WAITING) { if (pair) @@ -631,7 +651,7 @@ static status_t get_triggered_pair(check_list_t *checklist, endpoint_pair_t **pa } } iterator->destroy(iterator); - + return status; } @@ -642,13 +662,13 @@ static void print_checklist(check_list_t *checklist) { iterator_t *iterator; endpoint_pair_t *current; - + DBG1(DBG_IKE, "pairs on checklist %#B:", &checklist->connect_id); iterator = checklist->pairs->create_iterator(checklist->pairs, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { DBG1(DBG_IKE, " * %#H - %#H (%d)", current->local, current->remote, - current->priority); + current->priority); } iterator->destroy(iterator); } @@ -662,29 +682,29 @@ static void prune_pairs(linked_list_t *pairs) iterator_t *iterator, *search; endpoint_pair_t *current, *other; u_int32_t id = 0; - + iterator = pairs->create_iterator(pairs, TRUE); search = pairs->create_iterator(pairs, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { current->id = ++id; - + while (search->iterate(search, (void**)&other)) { if (current == other) { continue; } - + if (current->local->equals(current->local, other->local) && - current->remote->equals(current->remote, other->remote)) + current->remote->equals(current->remote, other->remote)) { /* since the list of pairs is sorted by priority in descending * order, and we iterate the list from the beginning, we are * sure that the priority of 'other' is lower than that of * 'current', remove it */ DBG1(DBG_IKE, "pruning endpoint pair %#H - %#H with priority %d", - other->local, other->remote, other->priority); + other->local, other->remote, other->priority); search->remove(search); endpoint_pair_destroy(other); } @@ -703,25 +723,27 @@ static void build_pairs(check_list_t *checklist) /* FIXME: limit endpoints and pairs */ iterator_t *iterator_i, *iterator_r; endpoint_notify_t *initiator, *responder; - - iterator_i = checklist->initiator.endpoints->create_iterator(checklist->initiator.endpoints, TRUE); + + iterator_i = checklist->initiator.endpoints->create_iterator( + checklist->initiator.endpoints, TRUE); while (iterator_i->iterate(iterator_i, (void**)&initiator)) { - iterator_r = checklist->responder.endpoints->create_iterator(checklist->responder.endpoints, TRUE); + iterator_r = checklist->responder.endpoints->create_iterator( + checklist->responder.endpoints, TRUE); while (iterator_r->iterate(iterator_r, (void**)&responder)) { if (initiator->get_family(initiator) != responder->get_family(responder)) { continue; } - - insert_pair_by_priority(checklist->pairs, - endpoint_pair_create(initiator, responder, checklist->is_initiator)); + + insert_pair_by_priority(checklist->pairs, endpoint_pair_create( + initiator, responder, checklist->is_initiator)); } iterator_r->destroy(iterator_r); } iterator_i->destroy(iterator_i); - + print_checklist(checklist); prune_pairs(checklist->pairs); @@ -741,22 +763,24 @@ static status_t process_payloads(message_t *message, check_t *check) if (payload->get_type(payload) != NOTIFY) { DBG1(DBG_IKE, "ignoring payload of type '%N' while processing " - "connectivity check", payload_type_names, payload->get_type(payload)); + "connectivity check", payload_type_names, + payload->get_type(payload)); continue; } - + notify_payload_t *notify = (notify_payload_t*)payload; - + switch (notify->get_notify_type(notify)) { case ME_ENDPOINT: { if (check->endpoint) { - DBG1(DBG_IKE, "connectivity check contains multiple ME_ENDPOINT notifies"); + DBG1(DBG_IKE, "connectivity check contains multiple " + "ME_ENDPOINT notifies"); break; } - + endpoint_notify_t *endpoint = endpoint_notify_create_from_payload(notify); if (!endpoint) { @@ -772,7 +796,8 @@ static status_t process_payloads(message_t *message, check_t *check) { if (check->connect_id.ptr) { - DBG1(DBG_IKE, "connectivity check contains multiple ME_CONNECTID notifies"); + DBG1(DBG_IKE, "connectivity check contains multiple " + "ME_CONNECTID notifies"); break; } check->connect_id = chunk_clone(notify->get_notification_data(notify)); @@ -783,7 +808,8 @@ static status_t process_payloads(message_t *message, check_t *check) { if (check->auth.ptr) { - DBG1(DBG_IKE, "connectivity check contains multiple ME_CONNECTAUTH notifies"); + DBG1(DBG_IKE, "connectivity check contains multiple " + "ME_CONNECTAUTH notifies"); break; } check->auth = chunk_clone(notify->get_notification_data(notify)); @@ -795,38 +821,40 @@ static status_t process_payloads(message_t *message, check_t *check) } } enumerator->destroy(enumerator); - + if (!check->connect_id.ptr || !check->endpoint || !check->auth.ptr) { - DBG1(DBG_IKE, "at least one payload was missing from the connectivity check"); + DBG1(DBG_IKE, "at least one required payload was missing from the " + "connectivity check"); return FAILED; } - + return SUCCESS; } /** * Builds the signature for a connectivity check */ -static chunk_t build_signature(private_connect_manager_t *this, +static chunk_t build_signature(private_connect_manager_t *this, check_list_t *checklist, check_t *check, bool outbound) { u_int32_t mid; chunk_t mid_chunk, key_chunk, sig_chunk; chunk_t sig_hash; - + mid = htonl(check->mid); mid_chunk = chunk_from_thing(mid); - + key_chunk = (checklist->is_initiator && outbound) || (!checklist->is_initiator && !outbound) ? checklist->initiator.key : checklist->responder.key; - + /* signature = SHA1( MID | ME_CONNECTID | ME_ENDPOINT | ME_CONNECTKEY ) */ - sig_chunk = chunk_cat("cccc", mid_chunk, check->connect_id, check->endpoint_raw, key_chunk); + sig_chunk = chunk_cat("cccc", mid_chunk, check->connect_id, + check->endpoint_raw, key_chunk); this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash); DBG3(DBG_IKE, "sig_chunk %#B", &sig_chunk); DBG3(DBG_IKE, "sig_hash %#B", &sig_hash); - + chunk_free(&sig_chunk); return sig_hash; } @@ -837,7 +865,7 @@ static void finish_checks(private_connect_manager_t *this, check_list_t *checkli /** * After one of the initiator's pairs has succeeded we finish the checks without - * waiting for all the timeouts + * waiting for all the timeouts */ static job_requeue_t initiator_finish(callback_data_t *data) { @@ -848,23 +876,24 @@ static job_requeue_t initiator_finish(callback_data_t *data) check_list_t *checklist; if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) { - DBG1(DBG_IKE, "checklist with id '%#B' not found, can't finish connectivity checks", - &data->connect_id); + DBG1(DBG_IKE, "checklist with id '%#B' not found, can't finish " + "connectivity checks", &data->connect_id); this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } - + finish_checks(this, checklist); - + this->mutex->unlock(this->mutex); - + return JOB_REQUEUE_NONE; } /** * Updates the state of the whole checklist */ -static void update_checklist_state(private_connect_manager_t *this, check_list_t *checklist) +static void update_checklist_state(private_connect_manager_t *this, + check_list_t *checklist) { iterator_t *iterator; endpoint_pair_t *current; @@ -891,21 +920,22 @@ static void update_checklist_state(private_connect_manager_t *this, check_list_t } } iterator->destroy(iterator); - + if (checklist->is_initiator && succeeded && !checklist->is_finishing) { /* instead of waiting until all checks have finished (i.e. all * retransmissions have failed) the initiator finishes the checks * right after the first check has succeeded. to allow a probably * better pair to succeed, we still wait a certain time */ - DBG2(DBG_IKE, "fast finishing checks for checklist '%#B'", &checklist->connect_id); - + DBG2(DBG_IKE, "fast finishing checks for checklist '%#B'", + &checklist->connect_id); + callback_data_t *data = callback_data_create(this, checklist->connect_id); job_t *job = (job_t*)callback_job_create((callback_job_cb_t)initiator_finish, data, (callback_job_cleanup_t)callback_data_destroy, NULL); charon->scheduler->schedule_job_ms(charon->scheduler, job, ME_WAIT_TO_FINISH); checklist->is_finishing = TRUE; } - + if (in_progress) { checklist->state = CHECK_IN_PROGRESS; @@ -926,48 +956,48 @@ static void update_checklist_state(private_connect_manager_t *this, check_list_t static job_requeue_t retransmit(callback_data_t *data) { private_connect_manager_t *this = data->connect_manager; - + this->mutex->lock(this->mutex); check_list_t *checklist; if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) { - DBG1(DBG_IKE, "checklist with id '%#B' not found, can't retransmit connectivity check", - &data->connect_id); + DBG1(DBG_IKE, "checklist with id '%#B' not found, can't retransmit " + "connectivity check", &data->connect_id); this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } - + endpoint_pair_t *pair; if (get_pair_by_id(checklist, data->mid, &pair) != SUCCESS) { - DBG1(DBG_IKE, "pair with id '%d' not found, can't retransmit connectivity check", - data->mid); + DBG1(DBG_IKE, "pair with id '%d' not found, can't retransmit " + "connectivity check", data->mid); goto retransmit_end; } - + if (pair->state != CHECK_IN_PROGRESS) { - DBG2(DBG_IKE, "pair with id '%d' is in wrong state [%d], don't retransmit the connectivity check", - data->mid, pair->state); + DBG2(DBG_IKE, "pair with id '%d' is in wrong state [%d], don't " + "retransmit the connectivity check", data->mid, pair->state); goto retransmit_end; } - + if (++pair->retransmitted > ME_MAX_RETRANS) { DBG2(DBG_IKE, "pair with id '%d' failed after %d retransmissions", - data->mid, ME_MAX_RETRANS); + data->mid, ME_MAX_RETRANS); pair->state = CHECK_FAILED; goto retransmit_end; } - + charon->sender->send(charon->sender, pair->packet->clone(pair->packet)); - + queue_retransmission(this, checklist, pair); retransmit_end: update_checklist_state(this, checklist); - + switch(checklist->state) { case CHECK_SUCCEEDED: @@ -977,9 +1007,9 @@ retransmit_end: default: break; } - + this->mutex->unlock(this->mutex); - + /* we reschedule it manually */ return JOB_REQUEUE_NONE; } @@ -991,15 +1021,16 @@ static void queue_retransmission(private_connect_manager_t *this, check_list_t * { callback_data_t *data = retransmit_data_create(this, checklist->connect_id, pair->id); job_t *job = (job_t*)callback_job_create((callback_job_cb_t)retransmit, data, (callback_job_cleanup_t)callback_data_destroy, NULL); - + u_int32_t retransmission = pair->retransmitted + 1; u_int32_t rto = ME_INTERVAL; if (retransmission > ME_BOOST) { rto = (u_int32_t)(ME_INTERVAL * pow(ME_RETRANS_BASE, retransmission - ME_BOOST)); } - DBG2(DBG_IKE, "scheduling retransmission %d of pair '%d' in %dms", retransmission, pair->id, rto); - + DBG2(DBG_IKE, "scheduling retransmission %d of pair '%d' in %dms", + retransmission, pair->id, rto); + charon->scheduler->schedule_job_ms(charon->scheduler, (job_t*)job, rto); } @@ -1015,28 +1046,28 @@ static void send_check(private_connect_manager_t *this, check_list_t *checklist, message->set_request(message, request); message->set_destination(message, check->dst->clone(check->dst)); message->set_source(message, check->src->clone(check->src)); - + ike_sa_id_t *ike_sa_id = ike_sa_id_create(0, 0, request); message->set_ike_sa_id(message, ike_sa_id); ike_sa_id->destroy(ike_sa_id); message->add_notify(message, FALSE, ME_CONNECTID, check->connect_id); DBG2(DBG_IKE, "send ME_CONNECTID %#B", &check->connect_id); - + notify_payload_t *endpoint = check->endpoint->build_notify(check->endpoint); check->endpoint_raw = chunk_clone(endpoint->get_notification_data(endpoint)); message->add_payload(message, (payload_t*)endpoint); DBG2(DBG_IKE, "send ME_ENDPOINT notify"); - + check->auth = build_signature(this, checklist, check, TRUE); message->add_notify(message, FALSE, ME_CONNECTAUTH, check->auth); DBG2(DBG_IKE, "send ME_CONNECTAUTH %#B", &check->auth); - + packet_t *packet; if (message->generate(message, NULL, NULL, &packet) == SUCCESS) { charon->sender->send(charon->sender, packet->clone(packet)); - + if (request) { DESTROY_IF(pair->packet); @@ -1055,18 +1086,18 @@ static void send_check(private_connect_manager_t *this, check_list_t *checklist, /** * Queues a triggered check */ -static void queue_triggered_check(private_connect_manager_t *this, +static void queue_triggered_check(private_connect_manager_t *this, check_list_t *checklist, endpoint_pair_t *pair) { DBG2(DBG_IKE, "queueing triggered check for pair '%d'", pair->id); - pair->state = CHECK_WAITING; - checklist->triggered->insert_last(checklist->triggered, pair); - - if (!checklist->sender) - { - /* if the sender is not running we restart it */ - schedule_checks(this, checklist, ME_INTERVAL); - } + pair->state = CHECK_WAITING; + checklist->triggered->insert_last(checklist->triggered, pair); + + if (!checklist->sender) + { + /* if the sender is not running we restart it */ + schedule_checks(this, checklist, ME_INTERVAL); + } } /** @@ -1077,26 +1108,27 @@ static job_requeue_t sender(callback_data_t *data) private_connect_manager_t *this = data->connect_manager; this->mutex->lock(this->mutex); - + check_list_t *checklist; if (get_checklist_by_id(this, data->connect_id, &checklist) != SUCCESS) { - DBG1(DBG_IKE, "checklist with id '%#B' not found, can't send connectivity check", - &data->connect_id); + DBG1(DBG_IKE, "checklist with id '%#B' not found, can't send " + "connectivity check", &data->connect_id); this->mutex->unlock(this->mutex); return JOB_REQUEUE_NONE; } - + /* reset the sender */ checklist->sender = NULL; - + endpoint_pair_t *pair; if (get_triggered_pair(checklist, &pair) != SUCCESS) { DBG1(DBG_IKE, "no triggered check queued, sending an ordinary check"); - + if (checklist->pairs->find_first(checklist->pairs, - (linked_list_match_t)match_waiting_pair, (void**)&pair) != SUCCESS) + (linked_list_match_t)match_waiting_pair, + (void**)&pair) != SUCCESS) { this->mutex->unlock(this->mutex); DBG1(DBG_IKE, "no pairs in waiting state, aborting"); @@ -1113,19 +1145,20 @@ static job_requeue_t sender(callback_data_t *data) check->src = pair->local->clone(pair->local); check->dst = pair->remote->clone(pair->remote); check->connect_id = chunk_clone(checklist->connect_id); - check->endpoint = endpoint_notify_create(); - + check->endpoint = endpoint_notify_create_from_host(PEER_REFLEXIVE, NULL, + NULL); + pair->state = CHECK_IN_PROGRESS; - + send_check(this, checklist, check, pair, TRUE); - + check_destroy(check); - + /* schedule this job again */ schedule_checks(this, checklist, ME_INTERVAL); - + this->mutex->unlock(this->mutex); - + /* we reschedule it manually */ return JOB_REQUEUE_NONE; } @@ -1147,7 +1180,7 @@ static job_requeue_t initiate_mediated(initiate_data_t *data) { check_list_t *checklist = data->checklist; initiated_t *initiated = data->initiated; - + endpoint_pair_t *pair; if (get_best_valid_pair(checklist, &pair) == SUCCESS) { @@ -1169,7 +1202,7 @@ static job_requeue_t initiate_mediated(initiate_data_t *data) { /* this should (can?) not happen */ } - + return JOB_REQUEUE_NONE; } @@ -1186,7 +1219,7 @@ static void finish_checks(private_connect_manager_t *this, check_list_t *checkli { remove_checklist(this, checklist); remove_initiated(this, initiated); - + initiate_data_t *data = initiate_data_create(checklist, initiated); job_t *job = (job_t*)callback_job_create((callback_job_cb_t)initiate_mediated, data, (callback_job_cleanup_t)initiate_data_destroy, NULL); charon->processor->queue_job(charon->processor, job); @@ -1194,8 +1227,8 @@ static void finish_checks(private_connect_manager_t *this, check_list_t *checkli } else { - DBG1(DBG_IKE, "there is no mediated connection waiting between '%Y' " - "and '%Y'", checklist->initiator.id, checklist->responder.id); + DBG1(DBG_IKE, "there is no mediated connection waiting between '%Y'" + " and '%Y'", checklist->initiator.id, checklist->responder.id); } } } @@ -1210,28 +1243,30 @@ static void process_response(private_connect_manager_t *this, check_t *check, if (get_pair_by_id(checklist, check->mid, &pair) == SUCCESS) { if (pair->local->equals(pair->local, check->dst) && - pair->remote->equals(pair->remote, check->src)) + pair->remote->equals(pair->remote, check->src)) { - DBG1(DBG_IKE, "endpoint pair '%d' is valid: '%#H' - '%#H'", pair->id, - pair->local, pair->remote); + DBG1(DBG_IKE, "endpoint pair '%d' is valid: '%#H' - '%#H'", + pair->id, pair->local, pair->remote); pair->state = CHECK_SUCCEEDED; } - + linked_list_t *local_endpoints = checklist->is_initiator ? checklist->initiator.endpoints : checklist->responder.endpoints; - + endpoint_notify_t *local_endpoint; if (endpoints_contain(local_endpoints, - check->endpoint->get_host(check->endpoint), &local_endpoint) != SUCCESS) + check->endpoint->get_host(check->endpoint), + &local_endpoint) != SUCCESS) { local_endpoint = endpoint_notify_create_from_host(PEER_REFLEXIVE, check->endpoint->get_host(check->endpoint), pair->local); - local_endpoint->set_priority(local_endpoint, check->endpoint->get_priority(check->endpoint)); + local_endpoint->set_priority(local_endpoint, + check->endpoint->get_priority(check->endpoint)); local_endpoints->insert_last(local_endpoints, local_endpoint); } - + update_checklist_state(this, checklist); - + switch(checklist->state) { case CHECK_SUCCEEDED: @@ -1249,31 +1284,35 @@ static void process_response(private_connect_manager_t *this, check_t *check, } static void process_request(private_connect_manager_t *this, check_t *check, - check_list_t *checklist) + check_list_t *checklist) { linked_list_t *remote_endpoints = checklist->is_initiator ? checklist->responder.endpoints : checklist->initiator.endpoints; - + endpoint_notify_t *peer_reflexive, *remote_endpoint; - peer_reflexive = endpoint_notify_create_from_host(PEER_REFLEXIVE, check->src, NULL); - peer_reflexive->set_priority(peer_reflexive, check->endpoint->get_priority(check->endpoint)); - + peer_reflexive = endpoint_notify_create_from_host(PEER_REFLEXIVE, + check->src, NULL); + peer_reflexive->set_priority(peer_reflexive, + check->endpoint->get_priority(check->endpoint)); + if (endpoints_contain(remote_endpoints, check->src, &remote_endpoint) != SUCCESS) { remote_endpoint = peer_reflexive->clone(peer_reflexive); remote_endpoints->insert_last(remote_endpoints, remote_endpoint); } - + endpoint_pair_t *pair; - if (get_pair_by_hosts(checklist->pairs, check->dst, check->src, &pair) == SUCCESS) + if (get_pair_by_hosts(checklist->pairs, check->dst, check->src, + &pair) == SUCCESS) { switch(pair->state) { case CHECK_IN_PROGRESS: /* prevent retransmissions */ pair->retransmitted = ME_MAX_RETRANS; - /* FIXME: we should wait to the next rto to send the triggered check - * fall-through */ + /* FIXME: we should wait to the next rto to send the triggered + * check */ + /* fall-through */ case CHECK_WAITING: case CHECK_FAILED: queue_triggered_check(this, checklist, pair); @@ -1286,31 +1325,30 @@ static void process_request(private_connect_manager_t *this, check_t *check, else { endpoint_notify_t *local_endpoint = endpoint_notify_create_from_host(HOST, check->dst, NULL); - + endpoint_notify_t *initiator = checklist->is_initiator ? local_endpoint : remote_endpoint; endpoint_notify_t *responder = checklist->is_initiator ? remote_endpoint : local_endpoint; - + pair = endpoint_pair_create(initiator, responder, checklist->is_initiator); pair->id = checklist->pairs->get_count(checklist->pairs) + 1; - + insert_pair_by_priority(checklist->pairs, pair); - + queue_triggered_check(this, checklist, pair); - + local_endpoint->destroy(local_endpoint); } - - + check_t *response = check_create(); - + response->mid = check->mid; response->src = check->dst->clone(check->dst); response->dst = check->src->clone(check->src); response->connect_id = chunk_clone(check->connect_id); response->endpoint = peer_reflexive; - + send_check(this, checklist, response, pair, FALSE); - + check_destroy(response); } @@ -1327,35 +1365,35 @@ static void process_check(private_connect_manager_t *this, message_t *message) message->get_message_id(message)); return; } - + check_t *check = check_create(); check->mid = message->get_message_id(message); check->src = message->get_source(message); check->src = check->src->clone(check->src); check->dst = message->get_destination(message); check->dst = check->dst->clone(check->dst); - + if (process_payloads(message, check) != SUCCESS) { DBG1(DBG_IKE, "invalid connectivity check %s received", - message->get_request(message) ? "request" : "response"); + message->get_request(message) ? "request" : "response"); check_destroy(check); return; } - + this->mutex->lock(this->mutex); - + check_list_t *checklist; if (get_checklist_by_id(this, check->connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' not found", - &check->connect_id); + &check->connect_id); check_destroy(check); this->mutex->unlock(this->mutex); return; } - - chunk_t sig = build_signature(this, checklist, check, FALSE); + + chunk_t sig = build_signature(this, checklist, check, FALSE); if (!chunk_equals(sig, check->auth)) { DBG1(DBG_IKE, "connectivity check verification failed"); @@ -1365,7 +1403,7 @@ static void process_check(private_connect_manager_t *this, message_t *message) return; } chunk_free(&sig); - + if (message->get_request(message)) { process_request(this, check, checklist); @@ -1374,9 +1412,9 @@ static void process_check(private_connect_manager_t *this, message_t *message) { process_response(this, check, checklist); } - + this->mutex->unlock(this->mutex); - + check_destroy(check); } @@ -1394,16 +1432,19 @@ static bool check_and_register(private_connect_manager_t *this, if (get_initiated_by_ids(this, id, peer_id, &initiated) != SUCCESS) { - DBG2(DBG_IKE, "registered waiting mediated connection with '%Y'", peer_id); + DBG2(DBG_IKE, "registered waiting mediated connection with '%Y'", + peer_id); initiated = initiated_create(id, peer_id); this->initiated->insert_last(this->initiated, initiated); already_there = FALSE; } - - if (initiated->mediated->find_first(initiated->mediated, - (linked_list_match_t)mediated_sa->equals, NULL, mediated_sa) != SUCCESS) + + if (initiated->mediated->find_first(initiated->mediated, + (linked_list_match_t)mediated_sa->equals, + NULL, mediated_sa) != SUCCESS) { - initiated->mediated->insert_last(initiated->mediated, mediated_sa->clone(mediated_sa)); + initiated->mediated->insert_last(initiated->mediated, + mediated_sa->clone(mediated_sa)); } this->mutex->unlock(this->mutex); @@ -1414,8 +1455,9 @@ static bool check_and_register(private_connect_manager_t *this, /** * Implementation of connect_manager_t.check_and_initiate. */ -static void check_and_initiate(private_connect_manager_t *this, ike_sa_id_t *mediation_sa, - identification_t *id, identification_t *peer_id) +static void check_and_initiate(private_connect_manager_t *this, + ike_sa_id_t *mediation_sa, identification_t *id, + identification_t *peer_id) { initiated_t *initiated; @@ -1427,12 +1469,14 @@ static void check_and_initiate(private_connect_manager_t *this, ike_sa_id_t *med this->mutex->unlock(this->mutex); return; } - + ike_sa_id_t *waiting_sa; - iterator_t *iterator = initiated->mediated->create_iterator(initiated->mediated, TRUE); + iterator_t *iterator = initiated->mediated->create_iterator( + initiated->mediated, TRUE); while (iterator->iterate(iterator, (void**)&waiting_sa)) { - job_t *job = (job_t*)reinitiate_mediation_job_create(mediation_sa, waiting_sa); + job_t *job = (job_t*)reinitiate_mediation_job_create(mediation_sa, + waiting_sa); charon->processor->queue_job(charon->processor, job); } iterator->destroy(iterator); @@ -1444,26 +1488,29 @@ static void check_and_initiate(private_connect_manager_t *this, ike_sa_id_t *med * Implementation of connect_manager_t.set_initiator_data. */ static status_t set_initiator_data(private_connect_manager_t *this, - identification_t *initiator, identification_t *responder, - chunk_t connect_id, chunk_t key, linked_list_t *endpoints, bool is_initiator) + identification_t *initiator, + identification_t *responder, + chunk_t connect_id, chunk_t key, + linked_list_t *endpoints, bool is_initiator) { check_list_t *checklist; - - this->mutex->lock(this->mutex); - + + this->mutex->lock(this->mutex); + if (get_checklist_by_id(this, connect_id, NULL) == SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' already exists, aborting", - &connect_id); + &connect_id); this->mutex->unlock(this->mutex); return FAILED; } - - checklist = check_list_create(initiator, responder, connect_id, key, endpoints, is_initiator); + + checklist = check_list_create(initiator, responder, connect_id, key, + endpoints, is_initiator); this->checklists->insert_last(this->checklists, checklist); - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -1471,31 +1518,33 @@ static status_t set_initiator_data(private_connect_manager_t *this, * Implementation of connect_manager_t.set_responder_data. */ static status_t set_responder_data(private_connect_manager_t *this, - chunk_t connect_id, chunk_t key, linked_list_t *endpoints) + chunk_t connect_id, chunk_t key, + linked_list_t *endpoints) { check_list_t *checklist; this->mutex->lock(this->mutex); - + if (get_checklist_by_id(this, connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' not found", - &connect_id); + &connect_id); this->mutex->unlock(this->mutex); return NOT_FOUND; } - + checklist->responder.key = chunk_clone(key); - checklist->responder.endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); + checklist->responder.endpoints = endpoints->clone_offset(endpoints, + offsetof(endpoint_notify_t, clone)); checklist->state = CHECK_WAITING; - + build_pairs(checklist); - + /* send the first check immediately */ schedule_checks(this, checklist, 0); - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -1507,22 +1556,22 @@ static status_t stop_checks(private_connect_manager_t *this, chunk_t connect_id) check_list_t *checklist; this->mutex->lock(this->mutex); - + if (get_checklist_by_id(this, connect_id, &checklist) != SUCCESS) { DBG1(DBG_IKE, "checklist with id '%#B' not found", - &connect_id); + &connect_id); this->mutex->unlock(this->mutex); return NOT_FOUND; } - + DBG1(DBG_IKE, "removing checklist with id '%#B'", &connect_id); - + remove_checklist(this, checklist); check_list_destroy(checklist); - + this->mutex->unlock(this->mutex); - + return SUCCESS; } @@ -1532,12 +1581,12 @@ static status_t stop_checks(private_connect_manager_t *this, chunk_t connect_id) static void destroy(private_connect_manager_t *this) { this->mutex->lock(this->mutex); - + this->hasher->destroy(this->hasher); this->checklists->destroy_function(this->checklists, (void*)check_list_destroy); this->initiated->destroy_function(this->initiated, (void*)initiated_destroy); - - this->mutex->unlock(this->mutex); + + this->mutex->unlock(this->mutex); this->mutex->destroy(this->mutex); free(this); } @@ -1556,7 +1605,7 @@ connect_manager_t *connect_manager_create() this->public.set_responder_data = (status_t(*)(connect_manager_t*,chunk_t,chunk_t,linked_list_t*))set_responder_data; this->public.process_check = (void(*)(connect_manager_t*,message_t*))process_check; this->public.stop_checks = (status_t(*)(connect_manager_t*,chunk_t))stop_checks; - + this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (this->hasher == NULL) { @@ -1564,11 +1613,11 @@ connect_manager_t *connect_manager_create() free(this); return NULL; } - + this->checklists = linked_list_create(); this->initiated = linked_list_create(); - + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + return (connect_manager_t*)this; } diff --git a/src/charon/sa/connect_manager.h b/src/charon/sa/connect_manager.h index b5abc853c..8fa8ff697 100644 --- a/src/charon/sa/connect_manager.h +++ b/src/charon/sa/connect_manager.h @@ -32,79 +32,84 @@ typedef struct connect_manager_t connect_manager_t; * connection with another peer. */ struct connect_manager_t { - + /** * Checks if a there is already a mediated connection registered * between two peers. - * - * @param id my id - * @param peer_id the other peer's id - * @param mediated_sa the IKE_SA ID of the mediated connection - * @returns - * - TRUE, if there was already a mediated connection registered - * - FALSE, otherwise + * + * @param id my id + * @param peer_id the other peer's id + * @param mediated_sa the IKE_SA ID of the mediated connection + * @returns + * - TRUE, if a mediated connection is registered + * - FALSE, otherwise */ - bool (*check_and_register) (connect_manager_t *this, - identification_t *id, identification_t *peer_id, ike_sa_id_t *mediated_sa); - + bool (*check_and_register) (connect_manager_t *this, identification_t *id, + identification_t *peer_id, + ike_sa_id_t *mediated_sa); + /** * Checks if there are waiting connections with a specific peer. * If so, reinitiate them. - * - * @param id my id - * @param peer_id the other peer's id + * + * @param id my id + * @param peer_id the other peer's id */ - void (*check_and_initiate) (connect_manager_t *this, ike_sa_id_t *mediation_sa, - identification_t *id, identification_t *peer_id); - + void (*check_and_initiate) (connect_manager_t *this, + ike_sa_id_t *mediation_sa, identification_t *id, + identification_t *peer_id); + /** * Creates a checklist and sets the initiator's data. - * - * @param initiator ID of the initiator - * @param responder ID of the responder - * @param connect_id the connect ID provided by the initiator - * @param key the initiator's key - * @param endpoints the initiator's endpoints - * @param is_initiator TRUE, if the caller of this method is the initiator - * FALSE, otherwise - * @returns SUCCESS + * + * @param initiator ID of the initiator + * @param responder ID of the responder + * @param connect_id the connect ID provided by the initiator + * @param key the initiator's key + * @param endpoints the initiator's endpoints + * @param is_initiator TRUE, if the caller of this method is the initiator + * @returns SUCCESS */ status_t (*set_initiator_data) (connect_manager_t *this, - identification_t *initiator, identification_t *responder, - chunk_t connect_id, chunk_t key, linked_list_t *endpoints, bool is_initiator); - + identification_t *initiator, + identification_t *responder, + chunk_t connect_id, chunk_t key, + linked_list_t *endpoints, + bool is_initiator); + /** * Updates a checklist and sets the responder's data. The checklist's * state is advanced to WAITING which means that checks will be sent. - * - * @param connect_id the connect ID - * @param chunk_t the responder's key - * @param endpoints the responder's endpoints - * @returns - * - NOT_FOUND, if the checklist has not been found - * - SUCCESS, otherwise + * + * @param connect_id the connect ID + * @param chunk_t the responder's key + * @param endpoints the responder's endpoints + * @returns + * - NOT_FOUND, if the checklist has not been found + * - SUCCESS, otherwise */ status_t (*set_responder_data) (connect_manager_t *this, - chunk_t connect_id, chunk_t key, linked_list_t *endpoints); - + chunk_t connect_id, chunk_t key, + linked_list_t *endpoints); + /** - * Stops checks for a checklist. Used after the responder received an IKE_SA_INIT - * request which contains a ME_CONNECTID payload. - * - * @param connect_id the connect ID + * Stops checks for a checklist. Called after the responder received an + * IKE_SA_INIT request which contains a ME_CONNECTID payload. + * + * @param connect_id the connect ID * @returns - * - NOT_FOUND, if the checklist has not been found - * - SUCCESS, otherwise + * - NOT_FOUND, if the checklist has not been found + * - SUCCESS, otherwise */ status_t (*stop_checks) (connect_manager_t *this, chunk_t connect_id); - + /** * Processes a connectivity check - * - * @param message the received message + * + * @param message the received message */ void (*process_check) (connect_manager_t *this, message_t *message); - + /** * Destroys the manager with all data. */ @@ -113,8 +118,8 @@ struct connect_manager_t { /** * Create a manager. - * - * @returns connect_manager_t object + * + * @returns connect_manager_t object */ connect_manager_t *connect_manager_create(void); diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index be973a2ce..975a0904a 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -16,7 +16,6 @@ * for more details. */ -#include #include #include #include @@ -41,6 +40,7 @@ #include #include #include +#include #include #include #include @@ -72,169 +72,174 @@ typedef struct attribute_entry_t attribute_entry_t; * Private data of an ike_sa_t object. */ struct private_ike_sa_t { - + /** * Public members */ ike_sa_t public; - + /** * Identifier for the current IKE_SA. */ ike_sa_id_t *ike_sa_id; - + /** * unique numerical ID for this IKE_SA. */ u_int32_t unique_id; - + /** * Current state of the IKE_SA */ ike_sa_state_t state; - + /** * IKE configuration used to set up this IKE_SA */ ike_cfg_t *ike_cfg; - + /** * Peer and authentication information to establish IKE_SA. */ peer_cfg_t *peer_cfg; - + /** * currently used authentication ruleset, local (as auth_cfg_t) */ auth_cfg_t *my_auth; - + + /** + * list of completed local authentication rounds + */ + linked_list_t *my_auths; + + /** + * list of completed remote authentication rounds + */ + linked_list_t *other_auths; + /** * currently used authentication constraints, remote (as auth_cfg_t) */ auth_cfg_t *other_auth; - + /** * Selected IKE proposal */ proposal_t *proposal; - + /** * Juggles tasks to process messages */ task_manager_t *task_manager; - + /** * Address of local host */ host_t *my_host; - + /** * Address of remote host */ host_t *other_host; - + #ifdef ME /** * Are we mediation server */ bool is_mediation_server; - + /** * Server reflexive host */ host_t *server_reflexive_host; - + /** * Connect ID */ chunk_t connect_id; #endif /* ME */ - + /** * Identification used for us */ identification_t *my_id; - + /** * Identification used for other */ identification_t *other_id; - - /** - * EAP Identity exchange in EAP-Identity method - */ - identification_t *eap_identity;; - + /** * set of extensions the peer supports */ ike_extension_t extensions; - + /** * set of condition flags currently enabled for this IKE_SA */ ike_condition_t conditions; - + /** * Linked List containing the child sa's of the current IKE_SA. */ linked_list_t *child_sas; - + /** * keymat of this IKE_SA */ keymat_t *keymat; - + /** * Virtual IP on local host, if any */ host_t *my_virtual_ip; - + /** * Virtual IP on remote host, if any */ host_t *other_virtual_ip; - + /** * List of configuration attributes (attribute_entry_t) */ linked_list_t *attributes; - + /** * list of peers additional addresses, transmitted via MOBIKE */ linked_list_t *additional_addresses; - + /** * previously value of received DESTINATION_IP hash */ chunk_t nat_detection_dest; - + /** * number pending UPDATE_SA_ADDRESS (MOBIKE) */ u_int32_t pending_updates; - + /** * NAT keep alive interval */ u_int32_t keepalive_interval; - + /** * Timestamps for this IKE_SA */ u_int32_t stats[STAT_MAX]; - + /** * how many times we have retried so far (keyingtries) */ u_int32_t keyingtry; - + /** * local host address to be used for IKE, set via MIGRATE kernel message */ host_t *local_host; - + /** * remote host address to be used for IKE, set via MIGRATE kernel message */ @@ -261,7 +266,7 @@ static time_t get_use_time(private_ike_sa_t* this, bool inbound) enumerator_t *enumerator; child_sa_t *child_sa; time_t use_time, current; - + if (inbound) { use_time = this->stats[STAT_INBOUND]; @@ -277,7 +282,7 @@ static time_t get_use_time(private_ike_sa_t* this, bool inbound) use_time = max(use_time, current); } enumerator->destroy(enumerator); - + return use_time; } @@ -363,7 +368,7 @@ static void set_peer_cfg(private_ike_sa_t *this, peer_cfg_t *peer_cfg) DESTROY_IF(this->peer_cfg); peer_cfg->get_ref(peer_cfg); this->peer_cfg = peer_cfg; - + if (this->ike_cfg == NULL) { this->ike_cfg = peer_cfg->get_ike_cfg(peer_cfg); @@ -383,6 +388,56 @@ static auth_cfg_t* get_auth_cfg(private_ike_sa_t *this, bool local) return this->other_auth; } +/** + * Implementation of ike_sa_t.add_auth_cfg + */ +static void add_auth_cfg(private_ike_sa_t *this, bool local, auth_cfg_t *cfg) +{ + if (local) + { + this->my_auths->insert_last(this->my_auths, cfg); + } + else + { + this->other_auths->insert_last(this->other_auths, cfg); + } +} + +/** + * Implementation of ike_sa_t.create_auth_cfg_enumerator + */ +static enumerator_t* create_auth_cfg_enumerator(private_ike_sa_t *this, + bool local) +{ + if (local) + { + return this->my_auths->create_enumerator(this->my_auths); + } + return this->other_auths->create_enumerator(this->other_auths); +} + +/** + * Flush the stored authentication round information + */ +static void flush_auth_cfgs(private_ike_sa_t *this) +{ + auth_cfg_t *cfg; + + if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", TRUE)) + { + while (this->my_auths->remove_last(this->my_auths, + (void**)&cfg) == SUCCESS) + { + cfg->destroy(cfg); + } + while (this->other_auths->remove_last(this->other_auths, + (void**)&cfg) == SUCCESS) + { + cfg->destroy(cfg); + } + } +} + /** * Implementation of ike_sa_t.get_proposal */ @@ -422,22 +477,22 @@ static void send_keepalive(private_ike_sa_t *this) { send_keepalive_job_t *job; time_t last_out, now, diff; - + if (!(this->conditions & COND_NAT_HERE) || this->keepalive_interval == 0) { /* disable keep alives if we are not NATed anymore */ return; } - + last_out = get_use_time(this, FALSE); - now = time(NULL); - + now = time_monotonic(NULL); + diff = now - last_out; - + if (diff >= this->keepalive_interval) { packet_t *packet; chunk_t data; - + packet = packet_create(); packet->set_source(packet, this->my_host->clone(this->my_host)); packet->set_destination(packet, this->other_host->clone(this->other_host)); @@ -552,15 +607,15 @@ static status_t send_dpd(private_ike_sa_t *this) { job_t *job; time_t diff, delay; - + delay = this->peer_cfg->get_dpd(this->peer_cfg); - + if (delay == 0) { /* DPD disabled */ return SUCCESS; } - + if (this->task_manager->busy(this->task_manager)) { /* an exchange is in the air, no need to start a DPD check */ @@ -571,14 +626,14 @@ static status_t send_dpd(private_ike_sa_t *this) /* check if there was any inbound traffic */ time_t last_in, now; last_in = get_use_time(this, TRUE); - now = time(NULL); + now = time_monotonic(NULL); diff = now - last_in; if (diff >= delay) { /* to long ago, initiate dead peer detection */ task_t *task; ike_mobike_t *mobike; - + if (supports_extension(this, EXT_MOBIKE) && has_condition(this, COND_NAT_HERE)) { @@ -593,7 +648,7 @@ static status_t send_dpd(private_ike_sa_t *this) } diff = 0; DBG1(DBG_IKE, "sending DPD request"); - + this->task_manager->queue_task(this->task_manager, task); this->task_manager->initiate(this->task_manager); } @@ -621,7 +676,7 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state) get_name(this), this->unique_id, ike_sa_state_names, this->state, ike_sa_state_names, state); - + switch (state) { case IKE_ESTABLISHED: @@ -631,14 +686,14 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state) { job_t *job; u_int32_t t; - + /* calculate rekey, reauth and lifetime */ - this->stats[STAT_ESTABLISHED] = time(NULL); - + this->stats[STAT_ESTABLISHED] = time_monotonic(NULL); + /* schedule rekeying if we have a time which is smaller than * an already scheduled rekeying */ t = this->peer_cfg->get_rekey_time(this->peer_cfg); - if (t && (this->stats[STAT_REKEY] == 0 || + if (t && (this->stats[STAT_REKEY] == 0 || (this->stats[STAT_REKEY] > t + this->stats[STAT_ESTABLISHED]))) { this->stats[STAT_REKEY] = t + this->stats[STAT_ESTABLISHED]; @@ -647,7 +702,7 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state) DBG1(DBG_IKE, "scheduling rekeying in %ds", t); } t = this->peer_cfg->get_reauth_time(this->peer_cfg); - if (t && (this->stats[STAT_REAUTH] == 0 || + if (t && (this->stats[STAT_REAUTH] == 0 || (this->stats[STAT_REAUTH] > t + this->stats[STAT_ESTABLISHED]))) { this->stats[STAT_REAUTH] = t + this->stats[STAT_ESTABLISHED]; @@ -677,7 +732,7 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state) charon->scheduler->schedule_job(charon->scheduler, job, t); DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t); } - + /* start DPD checks */ send_dpd(this); } @@ -687,7 +742,7 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state) { /* delete may fail if a packet gets lost, so set a timeout */ job_t *job = (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE); - charon->scheduler->schedule_job(charon->scheduler, job, + charon->scheduler->schedule_job(charon->scheduler, job, HALF_OPEN_IKE_SA_TIMEOUT); break; } @@ -708,9 +763,9 @@ static void reset(private_ike_sa_t *this) { this->ike_sa_id->set_responder_spi(this->ike_sa_id, 0); } - + set_state(this, IKE_CREATED); - + this->task_manager->reset(this->task_manager, 0, 0); } @@ -777,7 +832,7 @@ static void add_additional_address(private_ike_sa_t *this, host_t *host) { this->additional_addresses->insert_last(this->additional_addresses, host); } - + /** * Implementation of ike_sa_t.create_additional_address_iterator. */ @@ -828,7 +883,7 @@ static u_int32_t get_pending_updates(private_ike_sa_t *this) static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other) { bool update = FALSE; - + if (me == NULL) { me = this->my_host; @@ -837,7 +892,7 @@ static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other) { other = this->other_host; } - + /* apply hosts on first received message */ if (this->my_host->is_anyaddr(this->my_host) || this->other_host->is_anyaddr(this->other_host)) @@ -854,7 +909,7 @@ static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other) set_my_host(this, me->clone(me)); update = TRUE; } - + if (!other->equals(other, this->other_host)) { /* update others adress if we are NOT NATed, @@ -867,13 +922,13 @@ static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other) } } } - + /* update all associated CHILD_SAs, if required */ if (update) { iterator_t *iterator; child_sa_t *child_sa; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -896,7 +951,7 @@ static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other) static status_t generate_message(private_ike_sa_t *this, message_t *message, packet_t **packet) { - this->stats[STAT_OUTBOUND] = time(NULL); + this->stats[STAT_OUTBOUND] = time_monotonic(NULL); message->set_ike_sa_id(message, this->ike_sa_id); return message->generate(message, this->keymat->get_crypter(this->keymat, FALSE), @@ -911,7 +966,7 @@ static void send_notify_response(private_ike_sa_t *this, message_t *request, { message_t *response; packet_t *packet; - + response = message_create(); response->set_exchange_type(response, request->get_exchange_type(request)); response->set_request(response, FALSE); @@ -989,7 +1044,7 @@ static chunk_t get_connect_id(private_ike_sa_t *this) * Implementation of ike_sa_t.respond */ static status_t respond(private_ike_sa_t *this, identification_t *peer_id, - chunk_t connect_id) + chunk_t connect_id) { ike_me_t *task = ike_me_create(&this->public, TRUE); task->respond(task, peer_id, connect_id); @@ -1012,7 +1067,8 @@ static status_t callback(private_ike_sa_t *this, identification_t *peer_id) * Implementation of ike_sa_t.relay */ static status_t relay(private_ike_sa_t *this, identification_t *requester, - chunk_t connect_id, chunk_t connect_key, linked_list_t *endpoints, bool response) + chunk_t connect_id, chunk_t connect_key, + linked_list_t *endpoints, bool response) { ike_me_t *task = ike_me_create(&this->public, TRUE); task->relay(task, requester, connect_id, connect_key, endpoints, response); @@ -1023,7 +1079,8 @@ static status_t relay(private_ike_sa_t *this, identification_t *requester, /** * Implementation of ike_sa_t.initiate_mediation */ -static status_t initiate_mediation(private_ike_sa_t *this, peer_cfg_t *mediated_cfg) +static status_t initiate_mediation(private_ike_sa_t *this, + peer_cfg_t *mediated_cfg) { ike_me_t *task = ike_me_create(&this->public, TRUE); task->connect(task, mediated_cfg->get_peer_id(mediated_cfg)); @@ -1034,14 +1091,13 @@ static status_t initiate_mediation(private_ike_sa_t *this, peer_cfg_t *mediated_ /** * Implementation of ike_sa_t.initiate_mediated */ -static status_t initiate_mediated(private_ike_sa_t *this, host_t *me, host_t *other, - chunk_t connect_id) +static status_t initiate_mediated(private_ike_sa_t *this, host_t *me, + host_t *other, chunk_t connect_id) { set_my_host(this, me->clone(me)); set_other_host(this, other->clone(other)); chunk_free(&this->connect_id); this->connect_id = chunk_clone(connect_id); - return this->task_manager->initiate(this->task_manager); } #endif /* ME */ @@ -1052,7 +1108,7 @@ static status_t initiate_mediated(private_ike_sa_t *this, host_t *me, host_t *ot static void resolve_hosts(private_ike_sa_t *this) { host_t *host; - + if (this->remote_host) { host = this->remote_host->clone(this->remote_host); @@ -1067,7 +1123,7 @@ static void resolve_hosts(private_ike_sa_t *this) { set_other_host(this, host); } - + if (this->local_host) { host = this->local_host->clone(this->local_host); @@ -1075,10 +1131,16 @@ static void resolve_hosts(private_ike_sa_t *this) } else { + int family = 0; + + /* use same address family as for other */ + if (!this->other_host->is_anyaddr(this->other_host)) + { + family = this->other_host->get_family(this->other_host); + } host = host_create_from_dns(this->ike_cfg->get_my_addr(this->ike_cfg), - this->my_host->get_family(this->my_host), - IKEV2_UDP_PORT); - + family, IKEV2_UDP_PORT); + if (host && host->is_anyaddr(host) && !this->other_host->is_anyaddr(this->other_host)) { @@ -1111,11 +1173,11 @@ static status_t initiate(private_ike_sa_t *this, traffic_selector_t *tsi, traffic_selector_t *tsr) { task_t *task; - + if (this->state == IKE_CREATED) { resolve_hosts(this); - + if (this->other_host->is_anyaddr(this->other_host) #ifdef ME && !this->peer_cfg->get_mediated_by(this->peer_cfg) @@ -1126,11 +1188,13 @@ static status_t initiate(private_ike_sa_t *this, DBG1(DBG_IKE, "unable to initiate to %%any"); return DESTROY_ME; } - + set_condition(this, COND_ORIGINAL_INITIATOR, TRUE); - + task = (task_t*)ike_init_create(&this->public, TRUE, NULL); this->task_manager->queue_task(this->task_manager, task); + task = (task_t*)ike_vendor_create(&this->public, TRUE); + this->task_manager->queue_task(this->task_manager, task); task = (task_t*)ike_natd_create(&this->public, TRUE); this->task_manager->queue_task(this->task_manager, task); task = (task_t*)ike_cert_pre_create(&this->public, TRUE); @@ -1159,8 +1223,8 @@ static status_t initiate(private_ike_sa_t *this, { if (this->state == IKE_ESTABLISHED) { - /* mediation connection is already established, retrigger state change - * to notify bus listeners */ + /* mediation connection is already established, retrigger state + * change to notify bus listeners */ DBG1(DBG_IKE, "mediation connection is already up"); set_state(this, IKE_ESTABLISHED); } @@ -1190,7 +1254,7 @@ static status_t initiate(private_ike_sa_t *this, } #endif /* ME */ } - + return this->task_manager->initiate(this->task_manager); } @@ -1201,20 +1265,20 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) { status_t status; bool is_request; - + if (this->state == IKE_PASSIVE) { /* do not handle messages in passive state */ return FAILED; } - + is_request = message->get_request(message); - + status = message->parse_body(message, this->keymat->get_crypter(this->keymat, TRUE), this->keymat->get_signer(this->keymat, TRUE)); if (status != SUCCESS) { - + if (is_request) { switch (status) @@ -1258,20 +1322,19 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) exchange_type_names, message->get_exchange_type(message), message->get_request(message) ? "request" : "response", message->get_message_id(message)); - + if (this->state == IKE_CREATED) { /* invalid initiation attempt, close SA */ return DESTROY_ME; } - return status; } else { host_t *me, *other; - + me = message->get_destination(message); other = message->get_source(message); - + /* if this IKE_SA is virgin, we check for a config */ if (this->ike_cfg == NULL) { @@ -1291,7 +1354,7 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) charon->scheduler->schedule_job(charon->scheduler, job, HALF_OPEN_IKE_SA_TIMEOUT); } - this->stats[STAT_INBOUND] = time(NULL); + this->stats[STAT_INBOUND] = time_monotonic(NULL); /* check if message is trustworthy, and update host information */ if (this->state == IKE_CREATED || this->state == IKE_CONNECTING || message->get_exchange_type(message) != IKE_SA_INIT) @@ -1301,8 +1364,14 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) update_hosts(this, me, other); } } - return this->task_manager->process_message(this->task_manager, message); + status = this->task_manager->process_message(this->task_manager, message); + if (message->get_exchange_type(message) == IKE_AUTH && + this->state == IKE_ESTABLISHED) + { /* authentication completed */ + flush_auth_cfgs(this); + } } + return status; } /** @@ -1347,23 +1416,6 @@ static void set_other_id(private_ike_sa_t *this, identification_t *other) this->other_id = other; } -/** - * Implementation of ike_sa_t.get_eap_identity. - */ -static identification_t* get_eap_identity(private_ike_sa_t *this) -{ - return this->eap_identity; -} - -/** - * Implementation of ike_sa_t.set_eap_identity. - */ -static void set_eap_identity(private_ike_sa_t *this, identification_t *id) -{ - DESTROY_IF(this->eap_identity); - this->eap_identity = id; -} - /** * Implementation of ike_sa_t.add_child_sa. */ @@ -1380,7 +1432,7 @@ static child_sa_t* get_child_sa(private_ike_sa_t *this, protocol_id_t protocol, { iterator_t *iterator; child_sa_t *current, *found = NULL; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -1409,7 +1461,7 @@ static status_t rekey_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi) { child_rekey_t *child_rekey; - + child_rekey = child_rekey_create(&this->public, protocol, spi); this->task_manager->queue_task(this->task_manager, &child_rekey->task); return this->task_manager->initiate(this->task_manager); @@ -1422,7 +1474,7 @@ static status_t delete_child_sa(private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi) { child_delete_t *child_delete; - + child_delete = child_delete_create(&this->public, protocol, spi); this->task_manager->queue_task(this->task_manager, &child_delete->task); return this->task_manager->initiate(this->task_manager); @@ -1437,7 +1489,7 @@ static status_t destroy_child_sa(private_ike_sa_t *this, protocol_id_t protocol, iterator_t *iterator; child_sa_t *child_sa; status_t status = NOT_FOUND; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -1487,9 +1539,9 @@ static status_t delete_(private_ike_sa_t *this) static status_t rekey(private_ike_sa_t *this) { ike_rekey_t *ike_rekey; - + ike_rekey = ike_rekey_create(&this->public, TRUE); - + this->task_manager->queue_task(this->task_manager, &ike_rekey->task); return this->task_manager->initiate(this->task_manager); } @@ -1510,13 +1562,13 @@ static status_t reauth(private_ike_sa_t *this) if (this->other_virtual_ip != NULL || has_condition(this, COND_EAP_AUTHENTICATED) #ifdef ME - /* if we are mediation server we too cannot reauth the IKE_SA */ + /* as mediation server we too cannot reauth the IKE_SA */ || this->is_mediation_server #endif /* ME */ ) { - time_t now = time(NULL); - + time_t now = time_monotonic(NULL); + DBG1(DBG_IKE, "IKE_SA will timeout in %V", &now, &this->stats[STAT_DELETE]); return FAILED; @@ -1543,10 +1595,10 @@ static status_t reestablish(private_ike_sa_t *this) iterator_t *iterator; child_sa_t *child_sa; child_cfg_t *child_cfg; - bool required = FALSE; + bool restart = FALSE; status_t status = FAILED; - - /* check if we have children to keep up at all*/ + + /* check if we have children to keep up at all */ iterator = create_child_sa_iterator(this); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -1562,25 +1614,28 @@ static status_t reestablish(private_ike_sa_t *this) switch (action) { case ACTION_RESTART: + restart = TRUE; + break; case ACTION_ROUTE: - required = TRUE; + charon->traps->install(charon->traps, this->peer_cfg, child_cfg); + break; default: break; } } iterator->destroy(iterator); #ifdef ME - /* we initiate the new IKE_SA of the mediation connection without CHILD_SA */ + /* mediation connections have no children, keep them up anyway */ if (this->peer_cfg->is_mediation(this->peer_cfg)) { - required = TRUE; + restart = TRUE; } #endif /* ME */ - if (!required) + if (!restart) { return FAILED; } - + /* check if we are able to reestablish this IKE_SA */ if (!has_condition(this, COND_ORIGINAL_INITIATOR) && (this->other_virtual_ip != NULL || @@ -1593,7 +1648,7 @@ static status_t reestablish(private_ike_sa_t *this) DBG1(DBG_IKE, "unable to reestablish IKE_SA due asymetric setup"); return FAILED; } - + new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, TRUE); new->set_peer_cfg(new, this->peer_cfg); host = this->other_host; @@ -1606,7 +1661,7 @@ static status_t reestablish(private_ike_sa_t *this) { new->set_virtual_ip(new, TRUE, host); } - + #ifdef ME if (this->peer_cfg->is_mediation(this->peer_cfg)) { @@ -1635,10 +1690,6 @@ static status_t reestablish(private_ike_sa_t *this) child_cfg->get_ref(child_cfg); status = new->initiate(new, child_cfg, 0, NULL, NULL); break; - case ACTION_ROUTE: - charon->traps->install(charon->traps, - this->peer_cfg, child_cfg); - break; default: continue; } @@ -1649,7 +1700,7 @@ static status_t reestablish(private_ike_sa_t *this) } iterator->destroy(iterator); } - + if (status == DESTROY_ME) { charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, new); @@ -1669,7 +1720,7 @@ static status_t reestablish(private_ike_sa_t *this) */ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id) { - this->stats[STAT_OUTBOUND] = time(NULL); + this->stats[STAT_OUTBOUND] = time_monotonic(NULL); if (this->task_manager->retransmit(this->task_manager, message_id) != SUCCESS) { /* send a proper signal to brief interested bus listeners */ @@ -1711,17 +1762,17 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id) static void set_auth_lifetime(private_ike_sa_t *this, u_int32_t lifetime) { u_int32_t reduction = this->peer_cfg->get_over_time(this->peer_cfg); - u_int32_t reauth_time = time(NULL) + lifetime - reduction; + u_int32_t reauth_time = time_monotonic(NULL) + lifetime - reduction; if (lifetime < reduction) { DBG1(DBG_IKE, "received AUTH_LIFETIME of %ds, starting reauthentication", lifetime); charon->processor->queue_job(charon->processor, - (job_t*)rekey_ike_sa_job_create(this->ike_sa_id, TRUE)); + (job_t*)rekey_ike_sa_job_create(this->ike_sa_id, TRUE)); } else if (this->stats[STAT_REAUTH] == 0 || - this->stats[STAT_REAUTH] > reauth_time) + this->stats[STAT_REAUTH] > reauth_time) { this->stats[STAT_REAUTH] = reauth_time; DBG1(DBG_IKE, "received AUTH_LIFETIME of %ds, scheduling reauthentication" @@ -1732,8 +1783,9 @@ static void set_auth_lifetime(private_ike_sa_t *this, u_int32_t lifetime) } else { - DBG1(DBG_IKE, "received AUTH_LIFETIME of %ds, reauthentication already " - "scheduled in %ds", lifetime, this->stats[STAT_REAUTH] - time(NULL)); + DBG1(DBG_IKE, "received AUTH_LIFETIME of %ds, " + "reauthentication already scheduled in %ds", lifetime, + this->stats[STAT_REAUTH] - time_monotonic(NULL)); } } @@ -1744,7 +1796,7 @@ static status_t roam(private_ike_sa_t *this, bool address) { host_t *src; ike_mobike_t *mobike; - + switch (this->state) { case IKE_CREATED: @@ -1767,7 +1819,7 @@ static status_t roam(private_ike_sa_t *this, bool address) } return SUCCESS; } - + /* keep existing path if possible */ src = charon->kernel_interface->get_source_addr(charon->kernel_interface, this->other_host, this->my_host); @@ -1782,14 +1834,14 @@ static status_t roam(private_ike_sa_t *this, bool address) return SUCCESS; } src->destroy(src); - + } else { /* check if we find a route at all */ enumerator_t *enumerator; host_t *addr; - + src = charon->kernel_interface->get_source_addr(charon->kernel_interface, this->other_host, NULL); if (!src) @@ -1818,7 +1870,7 @@ static status_t roam(private_ike_sa_t *this, bool address) src->destroy(src); } set_condition(this, COND_STALE, FALSE); - + /* update addresses with mobike, if supported ... */ if (supports_extension(this, EXT_MOBIKE)) { @@ -1837,22 +1889,16 @@ static status_t roam(private_ike_sa_t *this, bool address) * Implementation of ike_sa_t.add_configuration_attribute */ static void add_configuration_attribute(private_ike_sa_t *this, + attribute_handler_t *handler, configuration_attribute_type_t type, chunk_t data) { - attribute_entry_t *entry; - attribute_handler_t *handler; - - handler = charon->attributes->handle(charon->attributes, - &this->public, type, data); - if (handler) - { - entry = malloc_thing(attribute_entry_t); - entry->handler = handler; - entry->type = type; - entry->data = chunk_clone(data); - - this->attributes->insert_last(this->attributes, entry); - } + attribute_entry_t *entry = malloc_thing(attribute_entry_t); + + entry->handler = handler; + entry->type = type; + entry->data = chunk_clone(data); + + this->attributes->insert_last(this->attributes, entry); } /** @@ -1862,7 +1908,7 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) { child_sa_t *child_sa; attribute_entry_t *entry; - + /* apply hosts and ids */ this->my_host->destroy(this->my_host); this->other_host->destroy(this->other_host); @@ -1872,7 +1918,7 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) this->other_host = other->other_host->clone(other->other_host); this->my_id = other->my_id->clone(other->my_id); this->other_id = other->other_id->clone(other->other_id); - + /* apply virtual assigned IPs... */ if (other->my_virtual_ip) { @@ -1884,9 +1930,9 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) this->other_virtual_ip = other->other_virtual_ip; other->other_virtual_ip = NULL; } - + /* ... and configuration attributes */ - while (other->attributes->remove_last(other->attributes, + while (other->attributes->remove_last(other->attributes, (void**)&entry) == SUCCESS) { this->attributes->insert_first(this->attributes, entry); @@ -1898,7 +1944,7 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) { send_keepalive(this); } - + #ifdef ME if (other->is_mediation_server) { @@ -1913,28 +1959,28 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) /* adopt all children */ while (other->child_sas->remove_last(other->child_sas, - (void**)&child_sa) == SUCCESS) + (void**)&child_sa) == SUCCESS) { this->child_sas->insert_first(this->child_sas, (void*)child_sa); } - + /* move pending tasks to the new IKE_SA */ this->task_manager->adopt_tasks(this->task_manager, other->task_manager); - + /* reauthentication timeout survives a rekeying */ if (other->stats[STAT_REAUTH]) { - time_t reauth, delete, now = time(NULL); - + time_t reauth, delete, now = time_monotonic(NULL); + this->stats[STAT_REAUTH] = other->stats[STAT_REAUTH]; reauth = this->stats[STAT_REAUTH] - now; delete = reauth + this->peer_cfg->get_over_time(this->peer_cfg); this->stats[STAT_DELETE] = this->stats[STAT_REAUTH] + delete; DBG1(DBG_IKE, "rescheduling reauthentication in %ds after rekeying, " "lifetime reduced to %ds", reauth, delete); - charon->scheduler->schedule_job(charon->scheduler, + charon->scheduler->schedule_job(charon->scheduler, (job_t*)rekey_ike_sa_job_create(this->ike_sa_id, TRUE), reauth); - charon->scheduler->schedule_job(charon->scheduler, + charon->scheduler->schedule_job(charon->scheduler, (job_t*)delete_ike_sa_job_create(this->ike_sa_id, TRUE), delete); } /* we have to initate here, there may be new tasks to handle */ @@ -1947,30 +1993,30 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) static void destroy(private_ike_sa_t *this) { attribute_entry_t *entry; - + charon->bus->set_sa(charon->bus, &this->public); - + set_state(this, IKE_DESTROYING); - + /* remove attributes first, as we pass the IKE_SA to the handler */ - while (this->attributes->remove_last(this->attributes, + while (this->attributes->remove_last(this->attributes, (void**)&entry) == SUCCESS) { - charon->attributes->release(charon->attributes, entry->handler, - &this->public, entry->type, entry->data); + lib->attributes->release(lib->attributes, entry->handler, + this->other_id, entry->type, entry->data); free(entry->data.ptr); free(entry); } this->attributes->destroy(this->attributes); - + this->child_sas->destroy_offset(this->child_sas, offsetof(child_sa_t, destroy)); - + /* unset SA after here to avoid usage by the listeners */ charon->bus->set_sa(charon->bus, NULL); - + this->task_manager->destroy(this->task_manager); this->keymat->destroy(this->keymat); - + if (this->my_virtual_ip) { charon->kernel_interface->del_ip(charon->kernel_interface, @@ -1981,7 +2027,7 @@ static void destroy(private_ike_sa_t *this) { if (this->peer_cfg && this->peer_cfg->get_pool(this->peer_cfg)) { - charon->attributes->release_address(charon->attributes, + lib->attributes->release_address(lib->attributes, this->peer_cfg->get_pool(this->peer_cfg), this->other_virtual_ip, this->other_id); } @@ -1992,27 +2038,31 @@ static void destroy(private_ike_sa_t *this) #ifdef ME if (this->is_mediation_server) { - charon->mediation_manager->remove(charon->mediation_manager, this->ike_sa_id); + charon->mediation_manager->remove(charon->mediation_manager, + this->ike_sa_id); } DESTROY_IF(this->server_reflexive_host); chunk_free(&this->connect_id); #endif /* ME */ free(this->nat_detection_dest.ptr); - + DESTROY_IF(this->my_host); DESTROY_IF(this->other_host); DESTROY_IF(this->my_id); DESTROY_IF(this->other_id); DESTROY_IF(this->local_host); DESTROY_IF(this->remote_host); - DESTROY_IF(this->eap_identity); - + DESTROY_IF(this->ike_cfg); DESTROY_IF(this->peer_cfg); DESTROY_IF(this->proposal); this->my_auth->destroy(this->my_auth); this->other_auth->destroy(this->other_auth); - + this->my_auths->destroy_offset(this->my_auths, + offsetof(auth_cfg_t, destroy)); + this->other_auths->destroy_offset(this->other_auths, + offsetof(auth_cfg_t, destroy)); + this->ike_sa_id->destroy(this->ike_sa_id); free(this); } @@ -2024,7 +2074,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) { private_ike_sa_t *this = malloc_thing(private_ike_sa_t); static u_int32_t unique_id = 0; - + /* Public functions */ this->public.get_state = (ike_sa_state_t (*)(ike_sa_t*)) get_state; this->public.set_state = (void (*)(ike_sa_t*,ike_sa_state_t)) set_state; @@ -2037,6 +2087,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->public.get_peer_cfg = (peer_cfg_t* (*)(ike_sa_t*))get_peer_cfg; this->public.set_peer_cfg = (void (*)(ike_sa_t*,peer_cfg_t*))set_peer_cfg; this->public.get_auth_cfg = (auth_cfg_t*(*)(ike_sa_t*, bool local))get_auth_cfg; + this->public.create_auth_cfg_enumerator = (enumerator_t*(*)(ike_sa_t*, bool local))create_auth_cfg_enumerator; + this->public.add_auth_cfg = (void(*)(ike_sa_t*, bool local, auth_cfg_t *cfg))add_auth_cfg; this->public.get_proposal = (proposal_t*(*)(ike_sa_t*))get_proposal; this->public.set_proposal = (void(*)(ike_sa_t*, proposal_t *proposal))set_proposal; this->public.get_id = (ike_sa_id_t* (*)(ike_sa_t*)) get_id; @@ -2050,8 +2102,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->public.set_my_id = (void (*)(ike_sa_t*,identification_t*)) set_my_id; this->public.get_other_id = (identification_t* (*)(ike_sa_t*)) get_other_id; this->public.set_other_id = (void (*)(ike_sa_t*,identification_t*)) set_other_id; - this->public.get_eap_identity = (identification_t* (*)(ike_sa_t*)) get_eap_identity; - this->public.set_eap_identity = (void (*)(ike_sa_t*,identification_t*)) set_eap_identity; this->public.enable_extension = (void(*)(ike_sa_t*, ike_extension_t extension))enable_extension; this->public.supports_extension = (bool(*)(ike_sa_t*, ike_extension_t extension))supports_extension; this->public.set_condition = (void (*)(ike_sa_t*, ike_condition_t,bool)) set_condition; @@ -2084,7 +2134,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->public.get_unique_id = (u_int32_t (*)(ike_sa_t*))get_unique_id; this->public.set_virtual_ip = (void (*)(ike_sa_t*,bool,host_t*))set_virtual_ip; this->public.get_virtual_ip = (host_t* (*)(ike_sa_t*,bool))get_virtual_ip; - this->public.add_configuration_attribute = (void(*)(ike_sa_t*, configuration_attribute_type_t type, chunk_t data))add_configuration_attribute; + this->public.add_configuration_attribute = (void(*)(ike_sa_t*, attribute_handler_t *handler,configuration_attribute_type_t type, chunk_t data))add_configuration_attribute; this->public.set_kmaddress = (void (*)(ike_sa_t*,host_t*,host_t*))set_kmaddress; #ifdef ME this->public.act_as_mediation_server = (void (*)(ike_sa_t*)) act_as_mediation_server; @@ -2097,7 +2147,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->public.callback = (status_t (*)(ike_sa_t*,identification_t*)) callback; this->public.respond = (status_t (*)(ike_sa_t*,identification_t*,chunk_t)) respond; #endif /* ME */ - + /* initialize private fields */ this->ike_sa_id = ike_sa_id->clone(ike_sa_id); this->child_sas = linked_list_create(); @@ -2106,7 +2156,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->other_host = host_create_any(AF_INET); this->my_id = identification_create_from_encoding(ID_ANY, chunk_empty); this->other_id = identification_create_from_encoding(ID_ANY, chunk_empty); - this->eap_identity = NULL; this->extensions = 0; this->conditions = 0; this->keymat = keymat_create(ike_sa_id->is_initiator(ike_sa_id)); @@ -2114,11 +2163,13 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->keepalive_interval = lib->settings->get_time(lib->settings, "charon.keep_alive", KEEPALIVE_INTERVAL); memset(this->stats, 0, sizeof(this->stats)); - this->stats[STAT_INBOUND] = this->stats[STAT_OUTBOUND] = time(NULL); + this->stats[STAT_INBOUND] = this->stats[STAT_OUTBOUND] = time_monotonic(NULL); this->ike_cfg = NULL; this->peer_cfg = NULL; this->my_auth = auth_cfg_create(); this->other_auth = auth_cfg_create(); + this->my_auths = linked_list_create(); + this->other_auths = linked_list_create(); this->proposal = NULL; this->task_manager = task_manager_create(&this->public); this->unique_id = ++unique_id; @@ -2136,6 +2187,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->server_reflexive_host = NULL; this->connect_id = chunk_empty; #endif /* ME */ - + return &this->public; } diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h index 41d7a7976..4dce1937c 100644 --- a/src/charon/sa/ike_sa.h +++ b/src/charon/sa/ike_sa.h @@ -66,7 +66,7 @@ typedef struct ike_sa_t ike_sa_t; * Extensions (or optional features) the peer supports */ enum ike_extension_t { - + /** * peer supports NAT traversal as specified in RFC4306 */ @@ -76,58 +76,68 @@ enum ike_extension_t { * peer supports MOBIKE (RFC4555) */ EXT_MOBIKE = (1<<1), - + /** * peer supports HTTP cert lookups as specified in RFC4306 */ EXT_HASH_AND_URL = (1<<2), - + /** * peer supports multiple authentication exchanges, RFC4739 */ EXT_MULTIPLE_AUTH = (1<<3), + + /** + * peer uses strongSwan, accept private use extensions + */ + EXT_STRONGSWAN = (1<<4), + + /** + * peer supports EAP-only authentication, draft-eronen-ipsec-ikev2-eap-auth + */ + EXT_EAP_ONLY_AUTHENTICATION = (1<<5), }; /** * Conditions of an IKE_SA, change during its lifetime */ enum ike_condition_t { - + /** * Connection is natted (or faked) somewhere */ COND_NAT_ANY = (1<<0), - + /** * we are behind NAT */ COND_NAT_HERE = (1<<1), - + /** * other is behind NAT */ COND_NAT_THERE = (1<<2), - + /** * Faking NAT to enforce UDP encapsulation */ COND_NAT_FAKE = (1<<3), - + /** * peer has been authenticated using EAP at least once */ COND_EAP_AUTHENTICATED = (1<<4), - + /** * received a certificate request from the peer */ COND_CERTREQ_SEEN = (1<<5), - + /** * Local peer is the "original" IKE initiator. Unaffected from rekeying. */ COND_ORIGINAL_INITIATOR = (1<<6), - + /** * IKE_SA is stale, the peer is currently unreachable (MOBIKE) */ @@ -150,7 +160,7 @@ enum statistic_t { STAT_INBOUND, /** Timestamp of last outbound IKE packet */ STAT_OUTBOUND, - + STAT_MAX }; @@ -164,7 +174,7 @@ enum statistic_t { ¦ SA_CREATED ¦ +----------------+ ¦ - on initiate()---> ¦ <----- on IKE_SA_INIT received + on initiate()---> ¦ <----- on IKE_SA_INIT received V +----------------+ ¦ SA_CONNECTING ¦ @@ -192,37 +202,37 @@ enum statistic_t { @endverbatim */ enum ike_sa_state_t { - + /** * IKE_SA just got created, but is not initiating nor responding yet. */ IKE_CREATED, - + /** * IKE_SA gets initiated actively or passively */ IKE_CONNECTING, - + /** * IKE_SA is fully established */ IKE_ESTABLISHED, - + /** * IKE_SA is managed externally and does not process messages */ IKE_PASSIVE, - + /** * IKE_SA rekeying in progress */ IKE_REKEYING, - + /** * IKE_SA is in progress of deletion */ IKE_DELETING, - + /** * IKE_SA object gets destroyed */ @@ -246,41 +256,41 @@ struct ike_sa_t { /** * Get the id of the SA. - * + * * Returned ike_sa_id_t object is not getting cloned! * * @return ike_sa's ike_sa_id_t */ ike_sa_id_t* (*get_id) (ike_sa_t *this); - + /** * Get the numerical ID uniquely defining this IKE_SA. * * @return unique ID */ u_int32_t (*get_unique_id) (ike_sa_t *this); - + /** * Get the state of the IKE_SA. * * @return state of the IKE_SA */ ike_sa_state_t (*get_state) (ike_sa_t *this); - + /** * Set the state of the IKE_SA. * * @param state state to set for the IKE_SA */ void (*set_state) (ike_sa_t *this, ike_sa_state_t ike_sa); - + /** * Get the name of the connection this IKE_SA uses. * * @return name */ char* (*get_name) (ike_sa_t *this); - + /** * Get statistic values from the IKE_SA. * @@ -288,35 +298,35 @@ struct ike_sa_t { * @return value as integer */ u_int32_t (*get_statistic)(ike_sa_t *this, statistic_t kind); - + /** * Get the own host address. - * + * * @return host address */ host_t* (*get_my_host) (ike_sa_t *this); - + /** * Set the own host address. - * + * * @param me host address */ void (*set_my_host) (ike_sa_t *this, host_t *me); - + /** * Get the other peers host address. - * + * * @return host address */ host_t* (*get_other_host) (ike_sa_t *this); - + /** * Set the others host address. - * + * * @param other host address */ void (*set_other_host) (ike_sa_t *this, host_t *other); - + /** * Update the IKE_SAs host. * @@ -326,79 +336,63 @@ struct ike_sa_t { * @param other new remote host address, or NULL */ void (*update_hosts)(ike_sa_t *this, host_t *me, host_t *other); - + /** * Get the own identification. - * + * * @return identification */ identification_t* (*get_my_id) (ike_sa_t *this); - + /** * Set the own identification. - * + * * @param me identification */ void (*set_my_id) (ike_sa_t *this, identification_t *me); - + /** * Get the other peer's identification. - * + * * @return identification */ identification_t* (*get_other_id) (ike_sa_t *this); - + /** * Set the other peer's identification. - * + * * @param other identification */ void (*set_other_id) (ike_sa_t *this, identification_t *other); - - /** - * Get the peers EAP identity. - * - * The EAP identity is exchanged in a EAP-Identity exchange. - * - * @return identification, NULL if none set - */ - identification_t* (*get_eap_identity) (ike_sa_t *this); - - /** - * Set the peer's EAP identity. - * - * @param id identification - */ - void (*set_eap_identity) (ike_sa_t *this, identification_t *id); - + /** * Get the config used to setup this IKE_SA. - * + * * @return ike_config */ ike_cfg_t* (*get_ike_cfg) (ike_sa_t *this); - + /** * Set the config to setup this IKE_SA. - * + * * @param config ike_config to use */ void (*set_ike_cfg) (ike_sa_t *this, ike_cfg_t* config); /** * Get the peer config used by this IKE_SA. - * + * * @return peer_config */ peer_cfg_t* (*get_peer_cfg) (ike_sa_t *this); - + /** * Set the peer config to use with this IKE_SA. - * + * * @param config peer_config to use */ void (*set_peer_cfg) (ike_sa_t *this, peer_cfg_t *config); - + /** * Get the authentication config with rules of the current auth round. * @@ -406,21 +400,37 @@ struct ike_sa_t { * @return current cfg */ auth_cfg_t* (*get_auth_cfg)(ike_sa_t *this, bool local); - + + /** + * Insert a completed authentication round. + * + * @param local TRUE for own rules, FALSE for others constraints + * @param cfg auth config to append + */ + void (*add_auth_cfg)(ike_sa_t *this, bool local, auth_cfg_t *cfg); + + /** + * Create an enumerator over added authentication rounds. + * + * @param local TRUE for own rules, FALSE for others constraints + * @return enumerator over auth_cfg_t + */ + enumerator_t* (*create_auth_cfg_enumerator)(ike_sa_t *this, bool local); + /** * Get the selected proposal of this IKE_SA. * * @return selected proposal */ proposal_t* (*get_proposal)(ike_sa_t *this); - + /** * Set the proposal selected for this IKE_SA. * * @param selected proposal */ void (*set_proposal)(ike_sa_t *this, proposal_t *proposal); - + /** * Set the message id of the IKE_SA. * @@ -431,7 +441,7 @@ struct ike_sa_t { * @param mid message id to set */ void (*set_message_id)(ike_sa_t *this, bool initiate, u_int32_t mid); - + /** * Add an additional address for the peer. * @@ -443,14 +453,14 @@ struct ike_sa_t { * @param host host to add to list */ void (*add_additional_address)(ike_sa_t *this, host_t *host); - + /** * Create an iterator over all additional addresses of the peer. * * @return iterator over addresses */ iterator_t* (*create_additional_address_iterator)(ike_sa_t *this); - + /** * Check if mappings have changed on a NAT for our source address. * @@ -458,7 +468,7 @@ struct ike_sa_t { * @return TRUE if mappings have changed */ bool (*has_mapping_changed)(ike_sa_t *this, chunk_t hash); - + /** * Enable an extension the peer supports. * @@ -468,7 +478,7 @@ struct ike_sa_t { * @param extension extension to enable */ void (*enable_extension)(ike_sa_t *this, ike_extension_t extension); - + /** * Check if the peer supports an extension. * @@ -476,7 +486,7 @@ struct ike_sa_t { * @return TRUE if peer supports it, FALSE otherwise */ bool (*supports_extension)(ike_sa_t *this, ike_extension_t extension); - + /** * Enable/disable a condition flag for this IKE_SA. * @@ -492,150 +502,152 @@ struct ike_sa_t { * @return TRUE if condition flag set, FALSE otherwise */ bool (*has_condition) (ike_sa_t *this, ike_condition_t condition); - + /** * Get the number of queued MOBIKE address updates. * * @return number of pending updates */ u_int32_t (*get_pending_updates)(ike_sa_t *this); - + /** * Set the number of queued MOBIKE address updates. * * @param updates number of pending updates */ void (*set_pending_updates)(ike_sa_t *this, u_int32_t updates); - + #ifdef ME /** * Activate mediation server functionality for this IKE_SA. */ void (*act_as_mediation_server) (ike_sa_t *this); - + /** * Get the server reflexive host. - * + * * @return server reflexive host */ host_t* (*get_server_reflexive_host) (ike_sa_t *this); - + /** * Set the server reflexive host. - * + * * @param host server reflexive host */ void (*set_server_reflexive_host) (ike_sa_t *this, host_t *host); - + /** * Get the connect ID. - * + * * @return connect ID */ chunk_t (*get_connect_id) (ike_sa_t *this); - + /** * Initiate the mediation of a mediated connection (i.e. initiate a - * ME_CONNECT exchange). - * - * @param mediated_cfg peer_cfg of the mediated connection - * @return - * - SUCCESS if initialization started - * - DESTROY_ME if initialization failed + * ME_CONNECT exchange to a mediation server). + * + * @param mediated_cfg peer_cfg of the mediated connection + * @return + * - SUCCESS if initialization started + * - DESTROY_ME if initialization failed */ status_t (*initiate_mediation) (ike_sa_t *this, peer_cfg_t *mediated_cfg); - + /** * Initiate the mediated connection - * - * @param me local endpoint (gets cloned) - * @param other remote endpoint (gets cloned) - * @param connect_id connect ID (gets cloned) - * @return - * - SUCCESS if initialization started - * - DESTROY_ME if initialization failed + * + * @param me local endpoint (gets cloned) + * @param other remote endpoint (gets cloned) + * @param connect_id connect ID (gets cloned) + * @return + * - SUCCESS if initialization started + * - DESTROY_ME if initialization failed */ status_t (*initiate_mediated) (ike_sa_t *this, host_t *me, host_t *other, - chunk_t connect_id); - + chunk_t connect_id); + /** - * Relay data from one peer to another (i.e. initiate a - * ME_CONNECT exchange). + * Relay data from one peer to another (i.e. initiate a ME_CONNECT exchange + * to a peer). * * Data is cloned. - * - * @param requester ID of the requesting peer - * @param connect_id data of the ME_CONNECTID payload - * @param connect_key data of the ME_CONNECTKEY payload - * @param endpoints endpoints - * @param response TRUE if this is a response - * @return - * - SUCCESS if relay started - * - DESTROY_ME if relay failed - */ - status_t (*relay) (ike_sa_t *this, identification_t *requester, chunk_t connect_id, - chunk_t connect_key, linked_list_t *endpoints, bool response); - + * + * @param requester ID of the requesting peer + * @param connect_id data of the ME_CONNECTID payload + * @param connect_key data of the ME_CONNECTKEY payload + * @param endpoints endpoints + * @param response TRUE if this is a response + * @return + * - SUCCESS if relay started + * - DESTROY_ME if relay failed + */ + status_t (*relay) (ike_sa_t *this, identification_t *requester, + chunk_t connect_id, chunk_t connect_key, + linked_list_t *endpoints, bool response); + /** * Send a callback to a peer. - * + * * Data is cloned. - * - * @param peer_id ID of the other peer + * + * @param peer_id ID of the other peer * @return - * - SUCCESS if response started - * - DESTROY_ME if response failed + * - SUCCESS if response started + * - DESTROY_ME if response failed */ status_t (*callback) (ike_sa_t *this, identification_t *peer_id); - + /** * Respond to a ME_CONNECT request. - * + * * Data is cloned. - * - * @param peer_id ID of the other peer - * @param connect_id the connect ID supplied by the initiator + * + * @param peer_id ID of the other peer + * @param connect_id the connect ID supplied by the initiator * @return - * - SUCCESS if response started - * - DESTROY_ME if response failed + * - SUCCESS if response started + * - DESTROY_ME if response failed */ - status_t (*respond) (ike_sa_t *this, identification_t *peer_id, chunk_t connect_id); + status_t (*respond) (ike_sa_t *this, identification_t *peer_id, + chunk_t connect_id); #endif /* ME */ - + /** * Initiate a new connection. * * The configs are owned by the IKE_SA after the call. If the initiate * is triggered by a packet, traffic selectors of the packet can be added * to the CHILD_SA. - * + * * @param child_cfg child config to create CHILD from * @param reqid reqid to use for CHILD_SA, 0 assigne uniquely * @param tsi source of triggering packet * @param tsr destination of triggering packet. - * @return + * @return * - SUCCESS if initialization started * - DESTROY_ME if initialization failed */ status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg, u_int32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr); - + /** * Initiates the deletion of an IKE_SA. - * + * * Sends a delete message to the remote peer and waits for * its response. If the response comes in, or a timeout occurs, * the IKE SA gets deleted. - * + * * @return * - SUCCESS if deletion is initialized - * - DESTROY_ME, if the IKE_SA is not in + * - DESTROY_ME, if the IKE_SA is not in * an established state and can not be * deleted (but destroyed). */ status_t (*delete) (ike_sa_t *this); - + /** * Update IKE_SAs after network interfaces have changed. * @@ -649,61 +661,61 @@ struct ike_sa_t { * @return SUCCESS, FAILED, DESTROY_ME */ status_t (*roam)(ike_sa_t *this, bool address); - + /** * Processes a incoming IKEv2-Message. * - * Message processing may fail. If a critical failure occurs, - * process_message() return DESTROY_ME. Then the caller must + * Message processing may fail. If a critical failure occurs, + * process_message() return DESTROY_ME. Then the caller must * destroy the IKE_SA immediatly, as it is unusable. - * + * * @param message message to process - * @return + * @return * - SUCCESS * - FAILED * - DESTROY_ME if this IKE_SA MUST be deleted */ status_t (*process_message) (ike_sa_t *this, message_t *message); - + /** * Generate a IKE message to send it to the peer. - * + * * This method generates all payloads in the message and encrypts/signs * the packet. - * + * * @param message message to generate * @param packet generated output packet - * @return + * @return * - SUCCESS * - FAILED * - DESTROY_ME if this IKE_SA MUST be deleted */ status_t (*generate_message) (ike_sa_t *this, message_t *message, packet_t **packet); - + /** * Retransmits a request. - * + * * @param message_id ID of the request to retransmit * @return * - SUCCESS * - NOT_FOUND if request doesn't have to be retransmited */ status_t (*retransmit) (ike_sa_t *this, u_int32_t message_id); - + /** * Sends a DPD request to the peer. * * To check if a peer is still alive, periodic * empty INFORMATIONAL messages are sent if no * other traffic was received. - * + * * @return * - SUCCESS * - DESTROY_ME, if peer did not respond */ status_t (*send_dpd) (ike_sa_t *this); - + /** * Sends a keep alive packet. * @@ -713,39 +725,39 @@ struct ike_sa_t { * was sent. */ void (*send_keepalive) (ike_sa_t *this); - + /** * Get the keying material of this IKE_SA. * * @return per IKE_SA keymat instance */ keymat_t* (*get_keymat)(ike_sa_t *this); - + /** * Associates a child SA to this IKE SA - * + * * @param child_sa child_sa to add */ void (*add_child_sa) (ike_sa_t *this, child_sa_t *child_sa); - + /** * Get a CHILD_SA identified by protocol and SPI. - * + * * @param protocol protocol of the SA * @param spi SPI of the CHILD_SA * @param inbound TRUE if SPI is inbound, FALSE if outbound * @return child_sa, or NULL if none found */ - child_sa_t* (*get_child_sa) (ike_sa_t *this, protocol_id_t protocol, + child_sa_t* (*get_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi, bool inbound); - + /** * Create an iterator over all CHILD_SAs. - * + * * @return iterator */ iterator_t* (*create_child_sa_iterator) (ike_sa_t *this); - + /** * Rekey the CHILD SA with the specified reqid. * @@ -814,14 +826,14 @@ struct ike_sa_t { * @return DESTROY_ME to destroy the IKE_SA */ status_t (*reestablish) (ike_sa_t *this); - + /** * Set the lifetime limit received from a AUTH_LIFETIME notify. * * @param lifetime lifetime in seconds */ void (*set_auth_lifetime)(ike_sa_t *this, u_int32_t lifetime); - + /** * Set the virtual IP to use for this IKE_SA and its children. * @@ -832,7 +844,7 @@ struct ike_sa_t { * @param ip IP to set as virtual IP */ void (*set_virtual_ip) (ike_sa_t *this, bool local, host_t *ip); - + /** * Get the virtual IP configured. * @@ -840,7 +852,7 @@ struct ike_sa_t { * @return host_t *virtual IP */ host_t* (*get_virtual_ip) (ike_sa_t *this, bool local); - + /** * Register a configuration attribute to the IKE_SA. * @@ -853,8 +865,9 @@ struct ike_sa_t { * @param data associated attribute data */ void (*add_configuration_attribute)(ike_sa_t *this, + attribute_handler_t *handler, configuration_attribute_type_t type, chunk_t data); - + /** * Set local and remote host addresses to be used for IKE. * @@ -865,7 +878,7 @@ struct ike_sa_t { * @param remote remote kmaddress */ void (*set_kmaddress) (ike_sa_t *this, host_t *local, host_t *remote); - + /** * Inherit all attributes of other to this after rekeying. * @@ -877,12 +890,12 @@ struct ike_sa_t { * @return DESTROY_ME if initiation of inherited task failed */ status_t (*inherit) (ike_sa_t *this, ike_sa_t *other); - + /** * Reset the IKE_SA, useable when initiating fails */ void (*reset) (ike_sa_t *this); - + /** * Destroys a ike_sa_t object. */ diff --git a/src/charon/sa/ike_sa_id.h b/src/charon/sa/ike_sa_id.h index 377e64e8a..a833aa9d6 100644 --- a/src/charon/sa/ike_sa_id.h +++ b/src/charon/sa/ike_sa_id.h @@ -67,21 +67,21 @@ struct ike_sa_id_t { /** * Check if two ike_sa_id_t objects are equal. - * + * * Two ike_sa_id_t objects are equal if both SPI values and the role matches. * - * @param other ike_sa_id_t object to check if equal - * @return TRUE if given ike_sa_id_t are equal, FALSE otherwise + * @param other ike_sa_id_t object to check if equal + * @return TRUE if given ike_sa_id_t are equal, FALSE otherwise */ bool (*equals) (ike_sa_id_t *this, ike_sa_id_t *other); /** * Replace all values of a given ike_sa_id_t object with values. * from another ike_sa_id_t object. - * + * * After calling this function, both objects are equal. * - * @param other ike_sa_id_t object from which values will be taken + * @param other ike_sa_id_t object from which values will be taken */ void (*replace_values) (ike_sa_id_t *this, ike_sa_id_t *other); @@ -94,7 +94,7 @@ struct ike_sa_id_t { /** * Switche the original initiator flag. - * + * * @return TRUE if we are the original initator after switch, FALSE otherwise */ bool (*switch_initiator) (ike_sa_id_t *this); diff --git a/src/charon/sa/ike_sa_manager.c b/src/charon/sa/ike_sa_manager.c index ec1a7f741..3ef0f3bb0 100644 --- a/src/charon/sa/ike_sa_manager.c +++ b/src/charon/sa/ike_sa_manager.c @@ -22,7 +22,9 @@ #include #include #include -#include +#include +#include +#include #include #include @@ -41,67 +43,67 @@ typedef struct entry_t entry_t; * An entry in the linked list, contains IKE_SA, locking and lookup data. */ struct entry_t { - + /** * Number of threads waiting for this ike_sa_t object. */ int waiting_threads; - + /** * Condvar where threads can wait until ike_sa_t object is free for use again. */ condvar_t *condvar; - + /** * Is this ike_sa currently checked out? */ bool checked_out; - + /** * Does this SA drives out new threads? */ bool driveout_new_threads; - + /** * Does this SA drives out waiting threads? */ bool driveout_waiting_threads; - + /** * Identification of an IKE_SA (SPIs). */ ike_sa_id_t *ike_sa_id; - + /** * The contained ike_sa_t object. */ ike_sa_t *ike_sa; - + /** * hash of the IKE_SA_INIT message, used to detect retransmissions */ chunk_t init_hash; - + /** * remote host address, required for DoS detection */ host_t *other; - + /** * As responder: Is this SA half-open? */ bool half_open; - + /** * own identity, required for duplicate checking */ identification_t *my_id; - + /** * remote identity, required for duplicate checking */ identification_t *other_id; - + /** * message ID currently processing, if any */ @@ -131,10 +133,10 @@ static status_t entry_destroy(entry_t *this) static entry_t *entry_create() { entry_t *this = malloc_thing(entry_t); - + this->waiting_threads = 0; this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); - + /* we set checkout flag when we really give it out */ this->checked_out = FALSE; this->driveout_new_threads = FALSE; @@ -147,7 +149,7 @@ static entry_t *entry_create() this->other_id = NULL; this->ike_sa_id = NULL; this->ike_sa = NULL; - + return this; } @@ -171,7 +173,7 @@ static bool entry_match_by_id(entry_t *entry, ike_sa_id_t *id) if (id->equals(id, entry->ike_sa_id)) { return TRUE; - } + } if ((id->get_responder_spi(id) == 0 || entry->ike_sa_id->get_responder_spi(entry->ike_sa_id) == 0) && id->is_initiator(id) == entry->ike_sa_id->is_initiator(entry->ike_sa_id) && @@ -208,7 +210,7 @@ typedef struct half_open_t half_open_t; struct half_open_t { /** chunk of remote host address */ chunk_t other; - + /** the number of half-open IKE_SAs with that host */ u_int count; }; @@ -235,10 +237,10 @@ typedef struct connected_peers_t connected_peers_t; struct connected_peers_t { /** own identity */ identification_t *my_id; - + /** remote identity */ identification_t *other_id; - + /** list of ike_sa_id_t objects of IKE_SAs between the two identities */ linked_list_t *sas; }; @@ -269,7 +271,7 @@ typedef struct segment_t segment_t; struct segment_t { /** mutex to access a segment exclusively */ mutex_t *mutex; - + /** the number of entries in this segment */ u_int count; }; @@ -282,7 +284,7 @@ typedef struct shareable_segment_t shareable_segment_t; struct shareable_segment_t { /** rwlock to access a segment non-/exclusively */ rwlock_t *lock; - + /** the number of entries in this segment - in case of the "half-open table" * it's the sum of all half_open_t.count in a segment. */ u_int count; @@ -298,67 +300,67 @@ struct private_ike_sa_manager_t { * Public interface of ike_sa_manager_t. */ ike_sa_manager_t public; - + /** * Hash table with entries for the ike_sa_t objects. */ linked_list_t **ike_sa_table; - + /** * The size of the hash table. */ u_int table_size; - + /** * Mask to map the hashes to table rows. */ u_int table_mask; - + /** * Segments of the hash table. */ segment_t *segments; - + /** * The number of segments. */ u_int segment_count; - + /** * Mask to map a table row to a segment. */ u_int segment_mask; - + /** * Hash table with half_open_t objects. */ linked_list_t **half_open_table; - + /** * Segments of the "half-open" hash table. */ shareable_segment_t *half_open_segments; - + /** * Hash table with connected_peers_t objects. */ linked_list_t **connected_peers_table; - + /** * Segments of the "connected peers" hash table. */ shareable_segment_t *connected_peers_segments; - + /** * RNG to get random SPIs for our side */ rng_t *rng; - + /** * SHA1 hasher for IKE_SA_INIT retransmit detection */ hasher_t *hasher; - + /** * reuse existing IKE_SAs in checkout_by_config */ @@ -372,7 +374,7 @@ struct private_ike_sa_manager_t { static void lock_single_segment(private_ike_sa_manager_t *this, u_int index) { mutex_t *lock = this->segments[index & this->segment_mask].mutex; - + lock->lock(lock); } @@ -383,7 +385,7 @@ static void lock_single_segment(private_ike_sa_manager_t *this, u_int index) static void unlock_single_segment(private_ike_sa_manager_t *this, u_int index) { mutex_t *lock = this->segments[index & this->segment_mask].mutex; - + lock->unlock(lock); } @@ -393,7 +395,7 @@ static void unlock_single_segment(private_ike_sa_manager_t *this, u_int index) static void lock_all_segments(private_ike_sa_manager_t *this) { u_int i; - + for (i = 0; i < this->segment_count; ++i) { this->segments[i].mutex->lock(this->segments[i].mutex); @@ -406,7 +408,7 @@ static void lock_all_segments(private_ike_sa_manager_t *this) static void unlock_all_segments(private_ike_sa_manager_t *this) { u_int i; - + for (i = 0; i < this->segment_count; ++i) { this->segments[i].mutex->unlock(this->segments[i].mutex); @@ -424,27 +426,27 @@ struct private_enumerator_t { * implements enumerator interface */ enumerator_t enumerator; - + /** * associated ike_sa_manager_t */ private_ike_sa_manager_t *manager; - + /** * current segment index */ u_int segment; - + /** * currently enumerating entry */ entry_t *entry; - + /** * current table row index */ u_int row; - + /** * enumerator for the current table row */ @@ -468,7 +470,7 @@ static bool enumerate(private_enumerator_t *this, entry_t **entry, u_int *segmen if (this->current) { entry_t *item; - + if (this->current->enumerate(this->current, &item)) { *entry = this->entry = item; @@ -482,7 +484,7 @@ static bool enumerate(private_enumerator_t *this, entry_t **entry, u_int *segmen else { linked_list_t *list; - + lock_single_segment(this->manager, this->segment); if ((list = this->manager->ike_sa_table[this->row]) != NULL && list->get_count(list)) @@ -523,7 +525,7 @@ static void enumerator_destroy(private_enumerator_t *this) static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) { private_enumerator_t *enumerator = malloc_thing(private_enumerator_t); - + enumerator->enumerator.enumerate = (void*)enumerate; enumerator->enumerator.destroy = (void*)enumerator_destroy; enumerator->manager = this; @@ -531,7 +533,7 @@ static enumerator_t* create_table_enumerator(private_ike_sa_manager_t *this) enumerator->entry = NULL; enumerator->row = 0; enumerator->current = NULL; - + return &enumerator->enumerator; } @@ -544,7 +546,7 @@ static u_int put_entry(private_ike_sa_manager_t *this, entry_t *entry) linked_list_t *list; u_int row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; u_int segment = row & this->segment_mask; - + lock_single_segment(this, segment); if ((list = this->ike_sa_table[row]) == NULL) { @@ -564,7 +566,7 @@ static void remove_entry(private_ike_sa_manager_t *this, entry_t *entry) linked_list_t *list; u_int row = ike_sa_id_hash(entry->ike_sa_id) & this->table_mask; u_int segment = row & this->segment_mask; - + if ((list = this->ike_sa_table[row]) != NULL) { entry_t *current; @@ -609,7 +611,7 @@ static status_t get_entry_by_match_function(private_ike_sa_manager_t *this, linked_list_t *list; u_int row = ike_sa_id_hash(ike_sa_id) & this->table_mask; u_int seg = row & this->segment_mask; - + lock_single_segment(this, seg); if ((list = this->ike_sa_table[row]) != NULL) { @@ -632,7 +634,7 @@ static status_t get_entry_by_match_function(private_ike_sa_manager_t *this, static status_t get_entry_by_id(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id, entry_t **entry, u_int *segment) { - return get_entry_by_match_function(this, ike_sa_id, entry, segment, + return get_entry_by_match_function(this, ike_sa_id, entry, segment, (linked_list_match_t)entry_match_by_id, ike_sa_id, NULL); } @@ -670,7 +672,7 @@ static bool wait_for_entry(private_ike_sa_manager_t *this, entry_t *entry, /* we are not allowed to get this */ return FALSE; } - while (entry->checked_out && !entry->driveout_waiting_threads) + while (entry->checked_out && !entry->driveout_waiting_threads) { /* so wait until we can get it for us. * we register us as waiting. */ @@ -698,7 +700,7 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) chunk_t addr = entry->other->get_address(entry->other); u_int row = chunk_hash(addr) & this->table_mask; u_int segment = row & this->segment_mask; - + rwlock_t *lock = this->half_open_segments[segment].lock; lock->write_lock(lock); if ((list = this->half_open_table[row]) == NULL) @@ -716,7 +718,7 @@ static void put_half_open(private_ike_sa_manager_t *this, entry_t *entry) this->half_open_segments[segment].count++; } } - + if (!half_open) { half_open = malloc_thing(half_open_t); @@ -737,7 +739,7 @@ static void remove_half_open(private_ike_sa_manager_t *this, entry_t *entry) chunk_t addr = entry->other->get_address(entry->other); u_int row = chunk_hash(addr) & this->table_mask; u_int segment = row & this->segment_mask; - + rwlock_t *lock = this->half_open_segments[segment].lock; lock->write_lock(lock); if ((list = this->half_open_table[row]) != NULL) @@ -773,7 +775,7 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) other_id = entry->other_id->get_encoding(entry->other_id); u_int row = chunk_hash_inc(other_id, chunk_hash(my_id)) & this->table_mask; u_int segment = row & this->segment_mask; - + rwlock_t *lock = this->connected_peers_segments[segment].lock; lock->write_lock(lock); if ((list = this->connected_peers_table[row]) == NULL) @@ -796,7 +798,7 @@ static void put_connected_peers(private_ike_sa_manager_t *this, entry_t *entry) } } } - + if (!connected_peers) { connected_peers = malloc_thing(connected_peers_t); @@ -821,7 +823,7 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr other_id = entry->other_id->get_encoding(entry->other_id); u_int row = chunk_hash_inc(other_id, chunk_hash(my_id)) & this->table_mask; u_int segment = row & this->segment_mask; - + rwlock_t *lock = this->connected_peers_segments[segment].lock; lock->write_lock(lock); if ((list = this->connected_peers_table[row]) != NULL) @@ -864,7 +866,7 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr static u_int64_t get_next_spi(private_ike_sa_manager_t *this) { u_int64_t spi; - + this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi); return spi; } @@ -877,9 +879,9 @@ static ike_sa_t* checkout(private_ike_sa_manager_t *this, ike_sa_id_t *ike_sa_id ike_sa_t *ike_sa = NULL; entry_t *entry; u_int segment; - + DBG2(DBG_MGR, "checkout IKE_SA"); - + if (get_entry_by_id(this, ike_sa_id, &entry, &segment) == SUCCESS) { if (wait_for_entry(this, entry, segment)) @@ -903,7 +905,7 @@ static ike_sa_t *checkout_new(private_ike_sa_manager_t* this, bool initiator) ike_sa_t *ike_sa; entry_t *entry; u_int segment; - + if (initiator) { ike_sa_id = ike_sa_id_create(get_next_spi(this), 0, TRUE); @@ -913,15 +915,15 @@ static ike_sa_t *checkout_new(private_ike_sa_manager_t* this, bool initiator) ike_sa_id = ike_sa_id_create(0, get_next_spi(this), FALSE); } ike_sa = ike_sa_create(ike_sa_id); - + DBG2(DBG_MGR, "created IKE_SA"); - + if (!initiator) { ike_sa_id->destroy(ike_sa_id); return ike_sa; } - + entry = entry_create(); entry->ike_sa_id = ike_sa_id; entry->ike_sa = ike_sa; @@ -944,19 +946,19 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, id = id->clone(id); id->switch_initiator(id); - + DBG2(DBG_MGR, "checkout IKE_SA by message"); - + if (message->get_request(message) && message->get_exchange_type(message) == IKE_SA_INIT) { /* IKE_SA_INIT request. Check for an IKE_SA with such a message hash. */ chunk_t data, hash; - + data = message->get_packet_data(message); this->hasher->allocate_hash(this->hasher, data, &hash); chunk_free(&data); - + if (get_entry_by_hash(this, id, hash, &entry, &segment) == SUCCESS) { if (entry->message_id == 0) @@ -976,7 +978,7 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, } unlock_single_segment(this, segment); } - + if (ike_sa == NULL) { if (id->get_responder_spi(id) == 0 && @@ -987,15 +989,15 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, entry = entry_create(); entry->ike_sa = ike_sa_create(id); entry->ike_sa_id = id->clone(id); - + segment = put_entry(this, entry); entry->checked_out = TRUE; unlock_single_segment(this, segment); - - entry->message_id = message->get_message_id(message); + + entry->message_id = message->get_message_id(message); entry->init_hash = hash; ike_sa = entry->ike_sa; - + DBG2(DBG_MGR, "created IKE_SA"); } else @@ -1012,7 +1014,7 @@ static ike_sa_t* checkout_by_message(private_ike_sa_manager_t* this, charon->bus->set_sa(charon->bus, ike_sa); return ike_sa; } - + if (get_entry_by_id(this, id, &entry, &segment) == SUCCESS) { /* only check out if we are not processing this request */ @@ -1053,14 +1055,14 @@ static ike_sa_t* checkout_by_config(private_ike_sa_manager_t *this, peer_cfg_t *current_peer; ike_cfg_t *current_ike; u_int segment; - + if (!this->reuse_ikesa) { /* IKE_SA reuse disable by config */ - ike_sa = checkout_new(this, TRUE); + ike_sa = checkout_new(this, TRUE); charon->bus->set_sa(charon->bus, ike_sa); return ike_sa; } - + enumerator = create_table_enumerator(this); while (enumerator->enumerate(enumerator, &entry, &segment)) { @@ -1072,7 +1074,7 @@ static ike_sa_t* checkout_by_config(private_ike_sa_manager_t *this, { /* skip IKE_SAs which are not usable */ continue; } - + current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa); if (current_peer && current_peer->equals(current_peer, peer_cfg)) { @@ -1088,10 +1090,10 @@ static ike_sa_t* checkout_by_config(private_ike_sa_manager_t *this, } } enumerator->destroy(enumerator); - + if (!ike_sa) { /* no IKE_SA using such a config, hand out a new */ - ike_sa = checkout_new(this, TRUE); + ike_sa = checkout_new(this, TRUE); } charon->bus->set_sa(charon->bus, ike_sa); return ike_sa; @@ -1109,7 +1111,7 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, u_int32_t id, ike_sa_t *ike_sa = NULL; child_sa_t *child_sa; u_int segment; - + enumerator = create_table_enumerator(this); while (enumerator->enumerate(enumerator, &entry, &segment)) { @@ -1125,7 +1127,7 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, u_int32_t id, { ike_sa = entry->ike_sa; break; - } + } } children->destroy(children); } @@ -1145,7 +1147,7 @@ static ike_sa_t* checkout_by_id(private_ike_sa_manager_t *this, u_int32_t id, } } enumerator->destroy(enumerator); - + charon->bus->set_sa(charon->bus, ike_sa); return ike_sa; } @@ -1162,7 +1164,7 @@ static ike_sa_t* checkout_by_name(private_ike_sa_manager_t *this, char *name, ike_sa_t *ike_sa = NULL; child_sa_t *child_sa; u_int segment; - + enumerator = create_table_enumerator(this); while (enumerator->enumerate(enumerator, &entry, &segment)) { @@ -1178,7 +1180,7 @@ static ike_sa_t* checkout_by_name(private_ike_sa_manager_t *this, char *name, { ike_sa = entry->ike_sa; break; - } + } } children->destroy(children); } @@ -1198,13 +1200,13 @@ static ike_sa_t* checkout_by_name(private_ike_sa_manager_t *this, char *name, } } enumerator->destroy(enumerator); - + charon->bus->set_sa(charon->bus, ike_sa); return ike_sa; } /** - * enumerator filter function + * enumerator filter function */ static bool enumerator_filter(private_ike_sa_manager_t *this, entry_t **in, ike_sa_t **out, u_int *segment) @@ -1243,14 +1245,14 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) host_t *other; identification_t *my_id, *other_id; u_int segment; - + ike_sa_id = ike_sa->get_id(ike_sa); my_id = ike_sa->get_my_id(ike_sa); other_id = ike_sa->get_other_id(ike_sa); other = ike_sa->get_other_host(ike_sa); - + DBG2(DBG_MGR, "checkin IKE_SA"); - + /* look for the entry */ if (get_entry_by_sa(this, ike_sa_id, ike_sa, &entry, &segment) == SUCCESS) { @@ -1293,7 +1295,7 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) entry->ike_sa = ike_sa; segment = put_entry(this, entry); } - + /* apply identities for duplicate test (only as responder) */ if (!entry->ike_sa_id->is_initiator(entry->ike_sa_id) && ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && @@ -1303,9 +1305,9 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) entry->other_id = other_id->clone(other_id); put_connected_peers(this, entry); } - + unlock_single_segment(this, segment); - + charon->bus->set_sa(charon->bus, NULL); } @@ -1322,11 +1324,11 @@ static void checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ike_sa entry_t *entry; ike_sa_id_t *ike_sa_id; u_int segment; - + ike_sa_id = ike_sa->get_id(ike_sa); - + DBG2(DBG_MGR, "checkin and destroy IKE_SA"); - + if (get_entry_by_sa(this, ike_sa_id, ike_sa, &entry, &segment) == SUCCESS) { /* drive out waiting threads, as we are in hurry */ @@ -1343,7 +1345,7 @@ static void checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ike_sa } remove_entry(this, entry); unlock_single_segment(this, segment); - + if (entry->half_open) { remove_half_open(this, entry); @@ -1353,9 +1355,9 @@ static void checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ike_sa { remove_connected_peers(this, entry); } - + entry_destroy(entry); - + DBG2(DBG_MGR, "check-in and destroy of IKE_SA successful"); } else @@ -1366,7 +1368,7 @@ static void checkin_and_destroy(private_ike_sa_manager_t *this, ike_sa_t *ike_sa charon->bus->set_sa(charon->bus, NULL); } - + /** * Implementation of ike_sa_manager_t.check_uniqueness. */ @@ -1381,27 +1383,27 @@ static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) identification_t *me, *other; u_int row, segment; rwlock_t *lock; - + peer_cfg = ike_sa->get_peer_cfg(ike_sa); policy = peer_cfg->get_unique_policy(peer_cfg); if (policy == UNIQUE_NO) { return FALSE; } - + me = ike_sa->get_my_id(ike_sa); other = ike_sa->get_other_id(ike_sa); - + row = chunk_hash_inc(other->get_encoding(other), chunk_hash(me->get_encoding(me))) & this->table_mask; segment = row & this->segment_mask; - + lock = this->connected_peers_segments[segment & this->segment_mask].lock; lock->read_lock(lock); if ((list = this->connected_peers_table[row]) != NULL) { connected_peers_t *current; - + if (list->find_first(list, (linked_list_match_t)connected_peers_match, (void**)¤t, me, other) == SUCCESS) { @@ -1411,18 +1413,18 @@ static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) } } lock->unlock(lock); - + if (!duplicate_ids) { return FALSE; } - + enumerator = duplicate_ids->create_enumerator(duplicate_ids); while (enumerator->enumerate(enumerator, &duplicate_id)) { status_t status = SUCCESS; ike_sa_t *duplicate; - + duplicate = checkout(this, duplicate_id); if (!duplicate) { @@ -1485,13 +1487,13 @@ static int get_half_open_count(private_ike_sa_manager_t *this, host_t *ip) chunk_t addr = ip->get_address(ip); u_int row = chunk_hash(addr) & this->table_mask; u_int segment = row & this->segment_mask; - + rwlock_t *lock = this->half_open_segments[segment & this->segment_mask].lock; lock->read_lock(lock); if ((list = this->half_open_table[row]) != NULL) { half_open_t *current; - + if (list->find_first(list, (linked_list_match_t)half_open_match, (void**)¤t, &addr) == SUCCESS) { @@ -1503,7 +1505,7 @@ static int get_half_open_count(private_ike_sa_manager_t *this, host_t *ip) else { u_int segment; - + for (segment = 0; segment < this->segment_count; ++segment) { rwlock_t *lock; @@ -1513,7 +1515,7 @@ static int get_half_open_count(private_ike_sa_manager_t *this, host_t *ip) lock->unlock(lock); } } - + return count; } @@ -1526,7 +1528,7 @@ static void flush(private_ike_sa_manager_t *this) enumerator_t *enumerator; entry_t *entry; u_int segment; - + lock_all_segments(this); DBG2(DBG_MGR, "going to destroy IKE_SA manager and all managed IKE_SA's"); /* Step 1: drive out all waiting threads */ @@ -1536,7 +1538,7 @@ static void flush(private_ike_sa_manager_t *this) { /* do not accept new threads, drive out waiting threads */ entry->driveout_new_threads = TRUE; - entry->driveout_waiting_threads = TRUE; + entry->driveout_waiting_threads = TRUE; } enumerator->destroy(enumerator); DBG2(DBG_MGR, "wait for all threads to leave IKE_SA's"); @@ -1573,7 +1575,7 @@ static void flush(private_ike_sa_manager_t *this) entry->ike_sa->delete(entry->ike_sa); } enumerator->destroy(enumerator); - + DBG2(DBG_MGR, "destroy all entries"); /* Step 4: destroy all entries */ enumerator = create_table_enumerator(this); @@ -1633,7 +1635,7 @@ static void destroy(private_ike_sa_manager_t *this) free(this->segments); free(this->half_open_segments); free(this->connected_peers_segments); - + this->rng->destroy(this->rng); this->hasher->destroy(this->hasher); free(this); @@ -1648,7 +1650,7 @@ static void destroy(private_ike_sa_manager_t *this) static u_int get_nearest_powerof2(u_int n) { u_int i; - + --n; for (i = 1; i < sizeof(u_int) * 8; i <<= 1) { @@ -1679,7 +1681,7 @@ ike_sa_manager_t *ike_sa_manager_create() this->public.checkin = (void(*)(ike_sa_manager_t*,ike_sa_t*))checkin; this->public.checkin_and_destroy = (void(*)(ike_sa_manager_t*,ike_sa_t*))checkin_and_destroy; this->public.get_half_open_count = (int(*)(ike_sa_manager_t*,host_t*))get_half_open_count; - + /* initialize private variables */ this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED); if (this->hasher == NULL) @@ -1700,21 +1702,21 @@ ike_sa_manager_t *ike_sa_manager_create() "charon.ikesa_table_size", DEFAULT_HASHTABLE_SIZE)); this->table_size = max(1, min(this->table_size, MAX_HASHTABLE_SIZE)); this->table_mask = this->table_size - 1; - + this->segment_count = get_nearest_powerof2(lib->settings->get_int(lib->settings, "charon.ikesa_table_segments", DEFAULT_SEGMENT_COUNT)); this->segment_count = max(1, min(this->segment_count, this->table_size)); this->segment_mask = this->segment_count - 1; - + this->ike_sa_table = calloc(this->table_size, sizeof(linked_list_t*)); - + this->segments = (segment_t*)calloc(this->segment_count, sizeof(segment_t)); for (i = 0; i < this->segment_count; ++i) { this->segments[i].mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->segments[i].count = 0; } - + /* we use the same table parameters for the table to track half-open SAs */ this->half_open_table = calloc(this->table_size, sizeof(linked_list_t*)); this->half_open_segments = calloc(this->segment_count, sizeof(shareable_segment_t)); @@ -1723,7 +1725,7 @@ ike_sa_manager_t *ike_sa_manager_create() this->half_open_segments[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->half_open_segments[i].count = 0; } - + /* also for the hash table used for duplicate tests */ this->connected_peers_table = calloc(this->table_size, sizeof(linked_list_t*)); this->connected_peers_segments = calloc(this->segment_count, sizeof(shareable_segment_t)); @@ -1732,7 +1734,7 @@ ike_sa_manager_t *ike_sa_manager_create() this->connected_peers_segments[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->connected_peers_segments[i].count = 0; } - + this->reuse_ikesa = lib->settings->get_bool(lib->settings, "charon.reuse_ikesa", TRUE); return &this->public; diff --git a/src/charon/sa/ike_sa_manager.h b/src/charon/sa/ike_sa_manager.h index 6da768080..38f5454e1 100644 --- a/src/charon/sa/ike_sa_manager.h +++ b/src/charon/sa/ike_sa_manager.h @@ -38,20 +38,20 @@ typedef struct ike_sa_manager_t ike_sa_manager_t; * by the owning thread. */ struct ike_sa_manager_t { - + /** * Checkout an existing IKE_SA. - * + * * @param ike_sa_id the SA identifier, will be updated - * @returns + * @returns * - checked out IKE_SA if found * - NULL, if specified IKE_SA is not found. */ ike_sa_t* (*checkout) (ike_sa_manager_t* this, ike_sa_id_t *sa_id); - + /** * Create and check out a new IKE_SA. - * + * * @note If initiator equals FALSE, the returned IKE_SA is not registered * in the manager. * @@ -59,30 +59,30 @@ struct ike_sa_manager_t { * @returns created and checked out IKE_SA */ ike_sa_t* (*checkout_new) (ike_sa_manager_t* this, bool initiator); - + /** * Checkout an IKE_SA by a message. - * + * * In some situations, it is necessary that the manager knows the * message to use for the checkout. This has the following reasons: - * + * * 1. If the targeted IKE_SA is already processing a message, we do not * check it out if the message ID is the same. - * 2. If it is an IKE_SA_INIT request, we have to check if it is a + * 2. If it is an IKE_SA_INIT request, we have to check if it is a * retransmission. If so, we have to drop the message, we would * create another unneeded IKE_SA for each retransmitted packet. * * A call to checkout_by_message() returns a (maybe new created) IKE_SA. * If processing the message does not make sense (for the reasons above), * NULL is returned. - * + * * @param ike_sa_id the SA identifier, will be updated - * @returns + * @returns * - checked out/created IKE_SA * - NULL to not process message further */ ike_sa_t* (*checkout_by_message) (ike_sa_manager_t* this, message_t *message); - + /** * Checkout an IKE_SA for initiation by a peer_config. * @@ -97,27 +97,27 @@ struct ike_sa_manager_t { * @return checked out/created IKE_SA */ ike_sa_t* (*checkout_by_config) (ike_sa_manager_t* this, - peer_cfg_t *peer_cfg); - + peer_cfg_t *peer_cfg); + /** * Check for duplicates of the given IKE_SA. - * + * * Measures are taken according to the uniqueness policy of the IKE_SA. * The return value indicates whether duplicates have been found and if * further measures should be taken (e.g. cancelling an IKE_AUTH exchange). * check_uniqueness() must be called before the IKE_SA is complete, * deadlocks occur otherwise. - * + * * @param ike_sa ike_sa to check * @return TRUE, if the given IKE_SA has duplicates and * should be deleted */ bool (*check_uniqueness)(ike_sa_manager_t *this, ike_sa_t *ike_sa); - + /** * Check out an IKE_SA a unique ID. * - * Every IKE_SA and every CHILD_SA is uniquely identified by an ID. + * Every IKE_SA and every CHILD_SA is uniquely identified by an ID. * These checkout function uses, depending * on the child parameter, the unique ID of the IKE_SA or the reqid * of one of a IKE_SAs CHILD_SA. @@ -130,7 +130,7 @@ struct ike_sa_manager_t { */ ike_sa_t* (*checkout_by_id) (ike_sa_manager_t* this, u_int32_t id, bool child); - + /** * Check out an IKE_SA by the policy/connection name. * @@ -145,7 +145,7 @@ struct ike_sa_manager_t { */ ike_sa_t* (*checkout_by_name) (ike_sa_manager_t* this, char *name, bool child); - + /** * Create an enumerator over all stored IKE_SAs. * @@ -155,7 +155,7 @@ struct ike_sa_manager_t { * @return enumerator over all IKE_SAs. */ enumerator_t *(*create_enumerator) (ike_sa_manager_t* this); - + /** * Checkin the SA after usage. * @@ -165,7 +165,7 @@ struct ike_sa_manager_t { * @param ike_sa checked out SA */ void (*checkin) (ike_sa_manager_t* this, ike_sa_t *ike_sa); - + /** * Destroy a checked out SA. * @@ -179,7 +179,7 @@ struct ike_sa_manager_t { * @param ike_sa SA to delete */ void (*checkin_and_destroy) (ike_sa_manager_t* this, ike_sa_t *ike_sa); - + /** * Get the number of IKE_SAs which are in the connecting state. * @@ -189,19 +189,19 @@ struct ike_sa_manager_t { * If a host is supplied, only the number of half open IKE_SAs initiated * from this IP are counted. * Only SAs for which we are the responder are counted. - * + * * @param ip NULL for all, IP for half open IKE_SAs with IP * @return number of half open IKE_SAs */ int (*get_half_open_count) (ike_sa_manager_t *this, host_t *ip); - + /** * Delete all existing IKE_SAs and destroy them immediately. - * + * * Threads will be driven out, so all SAs can be deleted cleanly. */ void (*flush)(ike_sa_manager_t *this); - + /** * Destroys the manager with all associated SAs. * @@ -212,7 +212,7 @@ struct ike_sa_manager_t { /** * Create the IKE_SA manager. - * + * * @returns ike_sa_manager_t object, NULL if initialization fails */ ike_sa_manager_t *ike_sa_manager_create(void); diff --git a/src/charon/sa/keymat.c b/src/charon/sa/keymat.c index 46fb79587..e49626354 100644 --- a/src/charon/sa/keymat.c +++ b/src/charon/sa/keymat.c @@ -24,52 +24,52 @@ typedef struct private_keymat_t private_keymat_t; * Private data of an keymat_t object. */ struct private_keymat_t { - + /** * Public keymat_t interface. */ keymat_t public; - + /** - * IKE_SA Role, initiator or responder - */ - bool initiator; - + * IKE_SA Role, initiator or responder + */ + bool initiator; + /** * inbound signer (verify) */ signer_t *signer_in; - + /** * outbound signer (sign) */ signer_t *signer_out; - + /** * inbound crypter (decrypt) */ crypter_t *crypter_in; - + /** * outbound crypter (encrypt) */ crypter_t *crypter_out; - + /** * General purpose PRF */ prf_t *prf; - + /** * Negotiated PRF algorithm */ pseudo_random_function_t prf_alg; - + /** * Key to derive key material from for CHILD_SAs, rekeying */ chunk_t skd; - + /** * Key to build outging authentication data (SKp) */ @@ -110,6 +110,7 @@ keylen_entry_t keylen_enc[] = { keylen_entry_t keylen_int[] = { {AUTH_HMAC_MD5_96, 128}, {AUTH_HMAC_SHA1_96, 160}, + {AUTH_HMAC_SHA2_256_96, 256}, {AUTH_HMAC_SHA2_256_128, 256}, {AUTH_HMAC_SHA2_384_192, 384}, {AUTH_HMAC_SHA2_512_256, 512}, @@ -158,15 +159,15 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, prf_plus_t *prf_plus; u_int16_t alg, key_size; prf_t *rekey_prf = NULL; - + spi_i = chunk_alloca(sizeof(u_int64_t)); spi_r = chunk_alloca(sizeof(u_int64_t)); - + if (dh->get_shared_secret(dh, &secret) != SUCCESS) { return FALSE; } - + /* Create SAs general purpose PRF first, we may use it here */ if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL)) { @@ -206,8 +207,8 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, *((u_int64_t*)spi_i.ptr) = id->get_initiator_spi(id); *((u_int64_t*)spi_r.ptr) = id->get_responder_spi(id); prf_plus_seed = chunk_cat("ccc", full_nonce, spi_i, spi_r); - - /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr) + + /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr) * * if we are rekeying, SKEYSEED is built on another way */ @@ -221,7 +222,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, } else { - /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr) + /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr) * use OLD SAs PRF functions for both prf_plus and prf */ rekey_prf = lib->crypto->create_prf(lib->crypto, rekey_function); if (!rekey_prf) @@ -240,20 +241,20 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, prf_plus = prf_plus_create(rekey_prf, prf_plus_seed); } DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed); - + chunk_clear(&skeyseed); chunk_clear(&secret); chunk_free(&full_nonce); chunk_free(&fixed_nonce); chunk_clear(&prf_plus_seed); - + /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */ - + /* SK_d is used for generating CHILD_SA key mat => store for later use */ key_size = this->prf->get_key_size(this->prf); prf_plus->allocate_bytes(prf_plus, key_size, &this->skd); DBG4(DBG_IKE, "Sk_d secret %B", &this->skd); - + /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */ if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL)) { @@ -275,17 +276,17 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, return FALSE; } key_size = signer_i->get_key_size(signer_i); - + prf_plus->allocate_bytes(prf_plus, key_size, &key); DBG4(DBG_IKE, "Sk_ai secret %B", &key); signer_i->set_key(signer_i, key); chunk_clear(&key); - + prf_plus->allocate_bytes(prf_plus, key_size, &key); DBG4(DBG_IKE, "Sk_ar secret %B", &key); signer_r->set_key(signer_r, key); chunk_clear(&key); - + if (this->initiator) { this->signer_in = signer_r; @@ -296,7 +297,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, this->signer_in = signer_i; this->signer_out = signer_r; } - + /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */ if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size)) { @@ -318,17 +319,17 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, return FALSE; } key_size = crypter_i->get_key_size(crypter_i); - + prf_plus->allocate_bytes(prf_plus, key_size, &key); DBG4(DBG_IKE, "Sk_ei secret %B", &key); crypter_i->set_key(crypter_i, key); chunk_clear(&key); - + prf_plus->allocate_bytes(prf_plus, key_size, &key); DBG4(DBG_IKE, "Sk_er secret %B", &key); crypter_r->set_key(crypter_r, key); chunk_clear(&key); - + if (this->initiator) { this->crypter_in = crypter_r; @@ -339,8 +340,8 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, this->crypter_in = crypter_i; this->crypter_out = crypter_r; } - - /* SK_pi/SK_pr used for authentication => stored for later */ + + /* SK_pi/SK_pr used for authentication => stored for later */ key_size = this->prf->get_key_size(this->prf); prf_plus->allocate_bytes(prf_plus, key_size, &key); DBG4(DBG_IKE, "Sk_pi secret %B", &key); @@ -362,11 +363,11 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, { this->skp_build = key; } - + /* all done, prf_plus not needed anymore */ prf_plus->destroy(prf_plus); DESTROY_IF(rekey_prf); - + return TRUE; } @@ -382,7 +383,7 @@ static bool derive_child_keys(private_keymat_t *this, u_int16_t enc_alg, int_alg, enc_size = 0, int_size = 0; chunk_t seed, secret = chunk_empty; prf_plus_t *prf_plus; - + if (dh) { if (dh->get_shared_secret(dh, &secret) != SUCCESS) @@ -393,13 +394,13 @@ static bool derive_child_keys(private_keymat_t *this, } seed = chunk_cata("mcc", secret, nonce_i, nonce_r); DBG4(DBG_CHD, "seed %B", &seed); - + if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &enc_alg, &enc_size)) { - DBG2(DBG_CHD, " using %N for encryption", + DBG2(DBG_CHD, " using %N for encryption", encryption_algorithm_names, enc_alg); - + if (!enc_size) { enc_size = lookup_keylen(keylen_enc, enc_alg); @@ -412,7 +413,7 @@ static bool derive_child_keys(private_keymat_t *this, } /* to bytes */ enc_size /= 8; - + /* CCM/GCM/CTR needs additional bytes */ switch (enc_alg) { @@ -434,13 +435,13 @@ static bool derive_child_keys(private_keymat_t *this, break; } } - + if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, &int_size)) { DBG2(DBG_CHD, " using %N for integrity", integrity_algorithm_names, int_alg); - + if (!int_size) { int_size = lookup_keylen(keylen_int, int_alg); @@ -454,17 +455,17 @@ static bool derive_child_keys(private_keymat_t *this, /* to bytes */ int_size /= 8; } - + this->prf->set_key(this->prf, this->skd); prf_plus = prf_plus_create(this->prf, seed); - + prf_plus->allocate_bytes(prf_plus, enc_size, encr_i); prf_plus->allocate_bytes(prf_plus, int_size, integ_i); prf_plus->allocate_bytes(prf_plus, enc_size, encr_r); prf_plus->allocate_bytes(prf_plus, int_size, integ_r); - + prf_plus->destroy(prf_plus); - + if (enc_size) { DBG4(DBG_CHD, "encryption initiator key %B", encr_i); @@ -512,19 +513,19 @@ static chunk_t get_auth_octets(private_keymat_t *this, bool verify, { chunk_t chunk, idx, octets; chunk_t skp; - + skp = verify ? this->skp_verify : this->skp_build; - + chunk = chunk_alloca(4); memset(chunk.ptr, 0, chunk.len); chunk.ptr[0] = id->get_type(id); idx = chunk_cata("cc", chunk, id->get_encoding(id)); - + DBG3(DBG_IKE, "IDx' %B", &idx); DBG3(DBG_IKE, "SK_p %B", &skp); this->prf->set_key(this->prf, skp); this->prf->allocate_bytes(this->prf, idx, &chunk); - + octets = chunk_cat("ccm", ike_sa_init, nonce, chunk); DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", &octets); return octets; @@ -539,12 +540,12 @@ static chunk_t get_auth_octets(private_keymat_t *this, bool verify, /** * Implementation of keymat_t.get_psk_sig */ -static chunk_t get_psk_sig(private_keymat_t *this, bool verify, +static chunk_t get_psk_sig(private_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, chunk_t secret, identification_t *id) { chunk_t key_pad, key, sig, octets; - + if (!secret.len) { /* EAP uses SK_p if no MSK has been established */ secret = verify ? this->skp_verify : this->skp_build; @@ -561,7 +562,7 @@ static chunk_t get_psk_sig(private_keymat_t *this, bool verify, DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", &sig); chunk_free(&octets); chunk_free(&key); - + return sig; } @@ -587,7 +588,7 @@ static void destroy(private_keymat_t *this) keymat_t *keymat_create(bool initiator) { private_keymat_t *this = malloc_thing(private_keymat_t); - + this->public.create_dh = (diffie_hellman_t*(*)(keymat_t*, diffie_hellman_group_t group))create_dh; this->public.derive_ike_keys = (bool(*)(keymat_t*, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t,chunk_t))derive_ike_keys; this->public.derive_child_keys = (bool(*)(keymat_t*, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r))derive_child_keys; @@ -597,9 +598,9 @@ keymat_t *keymat_create(bool initiator) this->public.get_auth_octets = (chunk_t(*)(keymat_t *, bool verify, chunk_t ike_sa_init, chunk_t nonce, identification_t *id))get_auth_octets; this->public.get_psk_sig = (chunk_t(*)(keymat_t*, bool verify, chunk_t ike_sa_init, chunk_t nonce, chunk_t secret, identification_t *id))get_psk_sig; this->public.destroy = (void(*)(keymat_t*))destroy; - + this->initiator = initiator; - + this->signer_in = NULL; this->signer_out = NULL; this->crypter_in = NULL; @@ -609,7 +610,7 @@ keymat_t *keymat_create(bool initiator) this->skd = chunk_empty; this->skp_verify = chunk_empty; this->skp_build = chunk_empty; - + return &this->public; } diff --git a/src/charon/sa/keymat.h b/src/charon/sa/keymat.h index 43b9dd113..e51709e8d 100644 --- a/src/charon/sa/keymat.h +++ b/src/charon/sa/keymat.h @@ -35,7 +35,7 @@ typedef struct keymat_t keymat_t; * Derivation an management of sensitive keying material. */ struct keymat_t { - + /** * Create a diffie hellman object for key agreement. * @@ -47,7 +47,7 @@ struct keymat_t { * @return DH object, NULL if group not supported */ diffie_hellman_t* (*create_dh)(keymat_t *this, diffie_hellman_group_t group); - + /** * Derive keys for the IKE_SA. * @@ -86,7 +86,7 @@ struct keymat_t { * @param integ_r chunk to write responders integrity key to * @return TRUE on success */ - bool (*derive_child_keys)(keymat_t *this, + bool (*derive_child_keys)(keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, @@ -98,7 +98,7 @@ struct keymat_t { * @return PRF function to derive keymat */ pseudo_random_function_t (*get_skd)(keymat_t *this, chunk_t *skd); - + /** * Get a signer to sign/verify IKE messages. * @@ -106,7 +106,7 @@ struct keymat_t { * @return signer */ signer_t* (*get_signer)(keymat_t *this, bool in); - + /* * Get a crypter to en-/decrypt IKE messages. * @@ -114,7 +114,7 @@ struct keymat_t { * @return crypter */ crypter_t* (*get_crypter)(keymat_t *this, bool in); - + /** * Generate octets to use for authentication procedure (RFC4306 2.15). * @@ -160,4 +160,4 @@ struct keymat_t { */ keymat_t *keymat_create(bool initiator); -#endif /** KEYMAT_ @}*/ +#endif /** KEYMAT_H_ @}*/ diff --git a/src/charon/sa/mediation_manager.c b/src/charon/sa/mediation_manager.c index a69c00173..035f49053 100644 --- a/src/charon/sa/mediation_manager.c +++ b/src/charon/sa/mediation_manager.c @@ -16,11 +16,10 @@ #include "mediation_manager.h" #include -#include +#include #include #include - typedef struct peer_t peer_t; /** @@ -28,13 +27,13 @@ typedef struct peer_t peer_t; */ struct peer_t { /** id of the peer */ - identification_t *id; + identification_t *id; /** sa id of the peer, NULL if offline */ - ike_sa_id_t *ike_sa_id; - - /** list of peer ids that reuested this peer */ - linked_list_t *requested_by; + ike_sa_id_t *ike_sa_id; + + /** list of peer ids that reuested this peer */ + linked_list_t *requested_by; }; /** @@ -43,8 +42,9 @@ struct peer_t { static void peer_destroy(peer_t *this) { DESTROY_IF(this->id); - DESTROY_IF(this->ike_sa_id); - this->requested_by->destroy_offset(this->requested_by, offsetof(identification_t, destroy)); + DESTROY_IF(this->ike_sa_id); + this->requested_by->destroy_offset(this->requested_by, + offsetof(identification_t, destroy)); free(this); } @@ -54,16 +54,15 @@ static void peer_destroy(peer_t *this) static peer_t *peer_create(identification_t *id, ike_sa_id_t* ike_sa_id) { peer_t *this = malloc_thing(peer_t); - + /* clone everything */ this->id = id->clone(id); - this->ike_sa_id = ike_sa_id ? ike_sa_id->clone(ike_sa_id) : NULL; - this->requested_by = linked_list_create(); - + this->ike_sa_id = ike_sa_id ? ike_sa_id->clone(ike_sa_id) : NULL; + this->requested_by = linked_list_create(); + return this; } - typedef struct private_mediation_manager_t private_mediation_manager_t; /** @@ -74,7 +73,7 @@ struct private_mediation_manager_t { * Public interface of mediation_manager_t. */ mediation_manager_t public; - + /** * Lock for exclusivly accessing the manager. */ @@ -93,7 +92,7 @@ static void register_peer(peer_t *peer, identification_t *peer_id) { iterator_t *iterator; identification_t *current; - + iterator = peer->requested_by->create_iterator(peer->requested_by, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -104,20 +103,21 @@ static void register_peer(peer_t *peer, identification_t *peer_id) } } iterator->destroy(iterator); - - peer->requested_by->insert_last(peer->requested_by, peer_id->clone(peer_id)); + + peer->requested_by->insert_last(peer->requested_by, + peer_id->clone(peer_id)); } /** * Get a peer_t object by a peer's id */ static status_t get_peer_by_id(private_mediation_manager_t *this, - identification_t *id, peer_t **peer) + identification_t *id, peer_t **peer) { iterator_t *iterator; peer_t *current; status_t status = NOT_FOUND; - + iterator = this->peers->create_iterator(this->peers, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -141,7 +141,8 @@ static status_t get_peer_by_id(private_mediation_manager_t *this, * and then remove peers completely that are not online and have no registered * peers. */ -static void unregister_peer(private_mediation_manager_t *this, identification_t *peer_id) +static void unregister_peer(private_mediation_manager_t *this, + identification_t *peer_id) { iterator_t *iterator, *iterator_r; peer_t *peer; @@ -150,7 +151,8 @@ static void unregister_peer(private_mediation_manager_t *this, identification_t iterator = this->peers->create_iterator(this->peers, TRUE); while (iterator->iterate(iterator, (void**)&peer)) { - iterator_r = peer->requested_by->create_iterator(peer->requested_by, TRUE); + iterator_r = peer->requested_by->create_iterator(peer->requested_by, + TRUE); while (iterator_r->iterate(iterator_r, (void**)®istered)) { if (peer_id->equals(peer_id, registered)) @@ -161,7 +163,7 @@ static void unregister_peer(private_mediation_manager_t *this, identification_t } } iterator_r->destroy(iterator_r); - + if (!peer->ike_sa_id && !peer->requested_by->get_count(peer->requested_by)) { iterator->remove(iterator); @@ -181,16 +183,16 @@ static void remove_sa(private_mediation_manager_t *this, ike_sa_id_t *ike_sa_id) peer_t *peer; this->mutex->lock(this->mutex); - + iterator = this->peers->create_iterator(this->peers, TRUE); while (iterator->iterate(iterator, (void**)&peer)) { if (ike_sa_id->equals(ike_sa_id, peer->ike_sa_id)) { iterator->remove(iterator); - + unregister_peer(this, peer->id); - + peer_destroy(peer); break; } @@ -222,7 +224,7 @@ static void update_sa_id(private_mediation_manager_t *this, identification_t *pe } } iterator->destroy(iterator); - + if (!found) { DBG2(DBG_IKE, "adding peer '%Y'", peer_id); @@ -230,18 +232,19 @@ static void update_sa_id(private_mediation_manager_t *this, identification_t *pe this->peers->insert_last(this->peers, peer); } - DBG2(DBG_IKE, "changing registered IKE_SA ID of peer '%Y'", peer_id); + DBG2(DBG_IKE, "changing registered IKE_SA ID of peer '%Y'", peer_id); peer->ike_sa_id = ike_sa_id ? ike_sa_id->clone(ike_sa_id) : NULL; - + /* send callbacks to registered peers */ identification_t *requester; - while(peer->requested_by->remove_last(peer->requested_by, (void**)&requester) == SUCCESS) + while(peer->requested_by->remove_last(peer->requested_by, + (void**)&requester) == SUCCESS) { job_t *job = (job_t*)mediation_callback_job_create(requester, peer_id); charon->processor->queue_job(charon->processor, job); requester->destroy(requester); } - + this->mutex->unlock(this->mutex); } @@ -286,11 +289,12 @@ static ike_sa_id_t *check_and_register(private_mediation_manager_t *this, peer = peer_create(peer_id, NULL); this->peers->insert_last(this->peers, peer); } - + if (!peer->ike_sa_id) { /* the peer is not online */ - DBG2(DBG_IKE, "requested peer '%Y' is offline, registering peer '%Y'", peer_id, requester); + DBG2(DBG_IKE, "requested peer '%Y' is offline, registering peer '%Y'", + peer_id, requester); register_peer(peer, requester); this->mutex->unlock(this->mutex); return NULL; @@ -309,9 +313,9 @@ static ike_sa_id_t *check_and_register(private_mediation_manager_t *this, static void destroy(private_mediation_manager_t *this) { this->mutex->lock(this->mutex); - + this->peers->destroy_function(this->peers, (void*)peer_destroy); - + this->mutex->unlock(this->mutex); this->mutex->destroy(this->mutex); free(this); @@ -329,9 +333,9 @@ mediation_manager_t *mediation_manager_create() this->public.update_sa_id = (void(*)(mediation_manager_t*,identification_t*,ike_sa_id_t*))update_sa_id; this->public.check = (ike_sa_id_t*(*)(mediation_manager_t*,identification_t*))check; this->public.check_and_register = (ike_sa_id_t*(*)(mediation_manager_t*,identification_t*,identification_t*))check_and_register; - + this->peers = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + return (mediation_manager_t*)this; } diff --git a/src/charon/sa/mediation_manager.h b/src/charon/sa/mediation_manager.h index 29e16d84f..31a16f69c 100644 --- a/src/charon/sa/mediation_manager.h +++ b/src/charon/sa/mediation_manager.h @@ -31,48 +31,49 @@ typedef struct mediation_manager_t mediation_manager_t; * peers and registered requests for offline peers on the mediation server. */ struct mediation_manager_t { - + /** * Remove the IKE_SA of a peer. - * + * * @param ike_sa_id the IKE_SA ID of the peer's SA */ void (*remove) (mediation_manager_t* this, ike_sa_id_t *ike_sa_id); - + /** * Update the ike_sa_id that is assigned to a peer's ID. If the peer - * is new, it gets a new record assigned. - * + * is new, it gets a new record assigned. + * * @param peer_id the peer's ID * @param ike_sa_id the IKE_SA ID of the peer's SA */ void (*update_sa_id) (mediation_manager_t* this, identification_t *peer_id, - ike_sa_id_t *ike_sa_id); - + ike_sa_id_t *ike_sa_id); + /** * Checks if a specific peer is online. - * + * * @param peer_id the peer's ID - * @returns - * - IKE_SA ID of the peer's SA. - * - NULL, if the peer is not online. + * @returns + * - IKE_SA ID of the peer's SA. + * - NULL, if the peer is not online. */ ike_sa_id_t* (*check) (mediation_manager_t* this, - identification_t *peer_id); - + identification_t *peer_id); + /** * Checks if a specific peer is online and registers the requesting * peer if it is not. - * + * * @param peer_id the peer's ID * @param requester the requesters ID - * @returns - * - IKE_SA ID of the peer's SA. - * - NULL, if the peer is not online. + * @returns + * - IKE_SA ID of the peer's SA. + * - NULL, if the peer is not online. */ ike_sa_id_t* (*check_and_register) (mediation_manager_t* this, - identification_t *peer_id, identification_t *requester); - + identification_t *peer_id, + identification_t *requester); + /** * Destroys the manager with all data. */ @@ -81,8 +82,8 @@ struct mediation_manager_t { /** * Create a manager. - * - * @returns mediation_manager_t object + * + * @returns mediation_manager_t object */ mediation_manager_t *mediation_manager_create(void); diff --git a/src/charon/sa/task_manager.c b/src/charon/sa/task_manager.c index f33fcd6d4..1de0c06f0 100644 --- a/src/charon/sa/task_manager.c +++ b/src/charon/sa/task_manager.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -46,12 +47,12 @@ typedef struct exchange_t exchange_t; * An exchange in the air, used do detect and handle retransmission */ struct exchange_t { - + /** * Message ID used for this transaction */ u_int32_t mid; - + /** * generated packet for retransmission */ @@ -64,17 +65,17 @@ typedef struct private_task_manager_t private_task_manager_t; * private data of the task manager */ struct private_task_manager_t { - + /** * public functions */ task_manager_t public; - + /** * associated IKE_SA we are serving */ ike_sa_t *ike_sa; - + /** * Exchange we are currently handling as responder */ @@ -83,14 +84,14 @@ struct private_task_manager_t { * Message ID of the exchange */ u_int32_t mid; - + /** * packet for retransmission */ packet_t *packet; - + } responding; - + /** * Exchange we are currently handling as initiator */ @@ -99,7 +100,7 @@ struct private_task_manager_t { * Message ID of the exchange */ u_int32_t mid; - + /** * how many times we have retransmitted so far */ @@ -109,33 +110,48 @@ struct private_task_manager_t { * packet for retransmission */ packet_t *packet; - + /** * type of the initated exchange */ exchange_type_t type; - + } initiating; - + /** * List of queued tasks not yet in action */ linked_list_t *queued_tasks; - + /** * List of active tasks, initiated by ourselve */ linked_list_t *active_tasks; - + /** * List of tasks initiated by peer */ linked_list_t *passive_tasks; - + /** - * the task manager has been reset + * the task manager has been reset */ bool reset; + + /** + * Number of times we retransmit messages before giving up + */ + u_int retransmit_tries; + + /** + * Retransmission timeout + */ + double retransmit_timeout; + + /** + * Base to calculate retransmission timeout + */ + double retransmit_base; }; /** @@ -143,7 +159,7 @@ struct private_task_manager_t { */ static void flush(private_task_manager_t *this) { - this->queued_tasks->destroy_offset(this->queued_tasks, + this->queued_tasks->destroy_offset(this->queued_tasks, offsetof(task_t, destroy)); this->passive_tasks->destroy_offset(this->passive_tasks, offsetof(task_t, destroy)); @@ -162,7 +178,7 @@ static bool activate_task(private_task_manager_t *this, task_type_t type) iterator_t *iterator; task_t *task; bool found = FALSE; - + iterator = this->queued_tasks->create_iterator(this->queued_tasks, TRUE); while (iterator->iterate(iterator, (void**)&task)) { @@ -192,7 +208,7 @@ static status_t retransmit(private_task_manager_t *this, u_int32_t message_id) packet_t *packet; task_t *task; ike_mobike_t *mobike = NULL; - + /* check if we are retransmitting a MOBIKE routability check */ iterator = this->active_tasks->create_iterator(this->active_tasks, TRUE); while (iterator->iterate(iterator, (void*)&task)) @@ -211,10 +227,10 @@ static status_t retransmit(private_task_manager_t *this, u_int32_t message_id) if (mobike == NULL) { - if (this->initiating.retransmitted <= RETRANSMIT_TRIES) + if (this->initiating.retransmitted <= this->retransmit_tries) { - timeout = (u_int32_t)(RETRANSMIT_TIMEOUT * - pow(RETRANSMIT_BASE, this->initiating.retransmitted)); + timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 * + pow(this->retransmit_base, this->initiating.retransmitted)); } else { @@ -226,13 +242,14 @@ static status_t retransmit(private_task_manager_t *this, u_int32_t message_id) } return DESTROY_ME; } - + if (this->initiating.retransmitted) { DBG1(DBG_IKE, "retransmit %d of request with message ID %d", this->initiating.retransmitted, message_id); } packet = this->initiating.packet->clone(this->initiating.packet); + charon->sender->send(charon->sender, packet); } else { /* for routeability checks, we use a more aggressive behavior */ @@ -247,18 +264,15 @@ static status_t retransmit(private_task_manager_t *this, u_int32_t message_id) charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return DESTROY_ME; } - + if (this->initiating.retransmitted) { DBG1(DBG_IKE, "path probing attempt %d", this->initiating.retransmitted); } - packet = this->initiating.packet->clone(this->initiating.packet); - mobike->transmit(mobike, packet); + mobike->transmit(mobike, this->initiating.packet); } - - charon->sender->send(charon->sender, packet); - + this->initiating.retransmitted++; job = (job_t*)retransmit_job_create(this->initiating.mid, this->ike_sa->get_id(this->ike_sa)); @@ -279,14 +293,14 @@ static status_t build_request(private_task_manager_t *this) host_t *me, *other; status_t status; exchange_type_t exchange = 0; - + if (this->initiating.type != EXCHANGE_TYPE_UNDEFINED) { DBG2(DBG_IKE, "delaying task initiation, exchange in progress"); /* do not initiate if we already have a message in the air */ return SUCCESS; } - + if (this->active_tasks->get_count(this->active_tasks) == 0) { DBG2(DBG_IKE, "activating new tasks"); @@ -297,6 +311,7 @@ static status_t build_request(private_task_manager_t *this) { this->initiating.mid = 0; exchange = IKE_SA_INIT; + activate_task(this, IKE_VENDOR); activate_task(this, IKE_NATD); activate_task(this, IKE_CERT_PRE); #ifdef ME @@ -402,17 +417,17 @@ static status_t build_request(private_task_manager_t *this) } iterator->destroy(iterator); } - + if (exchange == 0) { DBG2(DBG_IKE, "nothing to initiate"); /* nothing to do yet... */ return SUCCESS; } - + me = this->ike_sa->get_my_host(this->ike_sa); other = this->ike_sa->get_other_host(this->ike_sa); - + message = message_create(); message->set_message_id(message, this->initiating.mid); message->set_source(message, me->clone(me)); @@ -420,7 +435,7 @@ static status_t build_request(private_task_manager_t *this) message->set_exchange_type(message, exchange); this->initiating.type = exchange; this->initiating.retransmitted = 0; - + iterator = this->active_tasks->create_iterator(this->active_tasks, TRUE); while (iterator->iterate(iterator, (void*)&task)) { @@ -450,10 +465,11 @@ static status_t build_request(private_task_manager_t *this) } } iterator->destroy(iterator); - + /* update exchange type if a task changed it */ this->initiating.type = message->get_exchange_type(message); - + + charon->bus->message(charon->bus, message, FALSE); status = this->ike_sa->generate_message(this->ike_sa, message, &this->initiating.packet); if (status != SUCCESS) @@ -465,10 +481,8 @@ static status_t build_request(private_task_manager_t *this) charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return DESTROY_ME; } - - charon->bus->message(charon->bus, message, FALSE); message->destroy(message); - + return retransmit(this, this->initiating.mid); } @@ -480,7 +494,7 @@ static status_t process_response(private_task_manager_t *this, { iterator_t *iterator; task_t *task; - + if (message->get_exchange_type(message) != this->initiating.type) { DBG1(DBG_IKE, "received %N response, but expected %N", @@ -489,7 +503,7 @@ static status_t process_response(private_task_manager_t *this, charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return DESTROY_ME; } - + /* catch if we get resetted while processing */ this->reset = FALSE; iterator = this->active_tasks->create_iterator(this->active_tasks, TRUE); @@ -521,15 +535,15 @@ static status_t process_response(private_task_manager_t *this, this->reset = FALSE; iterator->destroy(iterator); return build_request(this); - } + } } iterator->destroy(iterator); - + this->initiating.mid++; this->initiating.type = EXCHANGE_TYPE_UNDEFINED; this->initiating.packet->destroy(this->initiating.packet); this->initiating.packet = NULL; - + return build_request(this); } @@ -541,9 +555,9 @@ static void handle_collisions(private_task_manager_t *this, task_t *task) iterator_t *iterator; task_t *active; task_type_t type; - + type = task->get_type(task); - + /* do we have to check */ if (type == IKE_REKEY || type == CHILD_REKEY || type == CHILD_DELETE || type == IKE_DELETE || type == IKE_REAUTH) @@ -594,10 +608,10 @@ static status_t build_response(private_task_manager_t *this, message_t *request) host_t *me, *other; bool delete = FALSE; status_t status; - + me = request->get_destination(request); other = request->get_source(request); - + message = message_create(); message->set_exchange_type(message, request->get_exchange_type(request)); /* send response along the path the request came in */ @@ -605,7 +619,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request) message->set_destination(message, other->clone(other)); message->set_message_id(message, this->responding.mid); message->set_request(message, FALSE); - + iterator = this->passive_tasks->create_iterator(this->passive_tasks, TRUE); while (iterator->iterate(iterator, (void*)&task)) { @@ -633,27 +647,27 @@ static status_t build_response(private_task_manager_t *this, message_t *request) } } iterator->destroy(iterator); - + /* remove resonder SPI if IKE_SA_INIT failed */ if (delete && request->get_exchange_type(request) == IKE_SA_INIT) { ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa); id->set_responder_spi(id, 0); } - + /* message complete, send it */ DESTROY_IF(this->responding.packet); this->responding.packet = NULL; + charon->bus->message(charon->bus, message, FALSE); status = this->ike_sa->generate_message(this->ike_sa, message, &this->responding.packet); - charon->bus->message(charon->bus, message, FALSE); message->destroy(message); if (status != SUCCESS) { charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); return DESTROY_ME; } - + charon->sender->send(charon->sender, this->responding.packet->clone(this->responding.packet)); if (delete) @@ -675,7 +689,7 @@ static status_t process_request(private_task_manager_t *this, payload_t *payload; notify_payload_t *notify; delete_payload_t *delete; - + if (this->passive_tasks->get_count(this->passive_tasks) == 0) { /* create tasks depending on request type, if not already some queued */ switch (message->get_exchange_type(message)) @@ -684,11 +698,13 @@ static status_t process_request(private_task_manager_t *this, { task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL); this->passive_tasks->insert_last(this->passive_tasks, task); + task = (task_t*)ike_vendor_create(this->ike_sa, FALSE); + this->passive_tasks->insert_last(this->passive_tasks, task); task = (task_t*)ike_natd_create(this->ike_sa, FALSE); this->passive_tasks->insert_last(this->passive_tasks, task); task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE); this->passive_tasks->insert_last(this->passive_tasks, task); -#ifdef ME +#ifdef ME task = (task_t*)ike_me_create(this->ike_sa, FALSE); this->passive_tasks->insert_last(this->passive_tasks, task); #endif /* ME */ @@ -737,7 +753,7 @@ static status_t process_request(private_task_manager_t *this, } } enumerator->destroy(enumerator); - + if (ts_found) { if (notify_found) @@ -816,7 +832,7 @@ static status_t process_request(private_task_manager_t *this, } } enumerator->destroy(enumerator); - + if (task == NULL) { task = (task_t*)ike_dpd_create(FALSE); @@ -835,7 +851,7 @@ static status_t process_request(private_task_manager_t *this, break; } } - + /* let the tasks process the message */ iterator = this->passive_tasks->create_iterator(this->passive_tasks, TRUE); while (iterator->iterate(iterator, (void*)&task)) @@ -863,7 +879,7 @@ static status_t process_request(private_task_manager_t *this, } } iterator->destroy(iterator); - + return build_response(this, message); } @@ -873,7 +889,7 @@ static status_t process_request(private_task_manager_t *this, static status_t process_message(private_task_manager_t *this, message_t *msg) { u_int32_t mid = msg->get_message_id(msg); - + if (msg->get_request(msg)) { if (mid == this->responding.mid) @@ -890,9 +906,9 @@ static status_t process_message(private_task_manager_t *this, message_t *msg) { packet_t *clone; host_t *me, *other; - + DBG1(DBG_IKE, "received retransmit of request with ID %d, " - "retransmitting response", mid); + "retransmitting response", mid); clone = this->responding.packet->clone(this->responding.packet); me = msg->get_destination(msg); other = msg->get_source(msg); @@ -935,7 +951,7 @@ static void queue_task(private_task_manager_t *this, task_t *task) { /* there is no need to queue more than one mobike task */ iterator_t *iterator; task_t *current; - + iterator = this->queued_tasks->create_iterator(this->queued_tasks, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { @@ -958,7 +974,7 @@ static void queue_task(private_task_manager_t *this, task_t *task) static void adopt_tasks(private_task_manager_t *this, private_task_manager_t *other) { task_t *task; - + /* move queued tasks from other to this */ while (other->queued_tasks->remove_last(other->queued_tasks, (void**)&task) == SUCCESS) @@ -984,7 +1000,7 @@ static void reset(private_task_manager_t *this, u_int32_t initiate, u_int32_t respond) { task_t *task; - + /* reset message counters and retransmit packets */ DESTROY_IF(this->responding.packet); DESTROY_IF(this->initiating.packet); @@ -999,7 +1015,7 @@ static void reset(private_task_manager_t *this, this->responding.mid = respond; } this->initiating.type = EXCHANGE_TYPE_UNDEFINED; - + /* reset active tasks */ while (this->active_tasks->remove_last(this->active_tasks, (void**)&task) == SUCCESS) @@ -1007,7 +1023,7 @@ static void reset(private_task_manager_t *this, task->migrate(task, this->ike_sa); this->queued_tasks->insert_first(this->queued_tasks, task); } - + this->reset = TRUE; } @@ -1017,11 +1033,11 @@ static void reset(private_task_manager_t *this, static void destroy(private_task_manager_t *this) { flush(this); - + this->active_tasks->destroy(this->active_tasks); this->queued_tasks->destroy(this->queued_tasks); this->passive_tasks->destroy(this->passive_tasks); - + DESTROY_IF(this->responding.packet); DESTROY_IF(this->initiating.packet); free(this); @@ -1033,7 +1049,7 @@ static void destroy(private_task_manager_t *this) task_manager_t *task_manager_create(ike_sa_t *ike_sa) { private_task_manager_t *this = malloc_thing(private_task_manager_t); - + this->public.process_message = (status_t(*)(task_manager_t*,message_t*))process_message; this->public.queue_task = (void(*)(task_manager_t*,task_t*))queue_task; this->public.initiate = (status_t(*)(task_manager_t*))build_request; @@ -1042,7 +1058,7 @@ task_manager_t *task_manager_create(ike_sa_t *ike_sa) this->public.adopt_tasks = (void(*)(task_manager_t*,task_manager_t*))adopt_tasks; this->public.busy = (bool(*)(task_manager_t*))busy; this->public.destroy = (void(*)(task_manager_t*))destroy; - + this->ike_sa = ike_sa; this->responding.packet = NULL; this->initiating.packet = NULL; @@ -1053,6 +1069,14 @@ task_manager_t *task_manager_create(ike_sa_t *ike_sa) this->active_tasks = linked_list_create(); this->passive_tasks = linked_list_create(); this->reset = FALSE; - + + this->retransmit_tries = lib->settings->get_int(lib->settings, + "charon.retransmit_tries", RETRANSMIT_TRIES); + this->retransmit_timeout = lib->settings->get_double(lib->settings, + "charon.retransmit_timeout", RETRANSMIT_TIMEOUT); + this->retransmit_base = lib->settings->get_double(lib->settings, + "charon.retransmit_base", RETRANSMIT_BASE); + return &this->public; } + diff --git a/src/charon/sa/task_manager.h b/src/charon/sa/task_manager.h index 9c3b2cc87..731ed4898 100644 --- a/src/charon/sa/task_manager.h +++ b/src/charon/sa/task_manager.h @@ -31,9 +31,9 @@ typedef struct task_manager_t task_manager_t; #include /** - * First retransmit timeout in milliseconds. + * First retransmit timeout in seconds. */ -#define RETRANSMIT_TIMEOUT 4000 +#define RETRANSMIT_TIMEOUT 4.0 /** * Base which is raised to the power of the retransmission try. @@ -69,7 +69,7 @@ typedef struct task_manager_t task_manager_t; * For the initial IKE_SA setup, several tasks are queued: One for the * unauthenticated IKE_SA setup, one for authentication, one for CHILD_SA setup * and maybe one for virtual IP assignement. - * The task manager is also responsible for retransmission. It uses a backoff + * The task manager is also responsible for retransmission. It uses a backoff * algorithm. The timeout is calculated using * RETRANSMIT_TIMEOUT * (RETRANSMIT_BASE ** try). * When try reaches RETRANSMIT_TRIES, retransmission is given up. @@ -84,7 +84,7 @@ typedef struct task_manager_t task_manager_t; 4s * (1.8 ** 3) = 23s 47s 4s * (1.8 ** 4) = 42s 89s 4s * (1.8 ** 5) = 76s 165s - + @endverbatim * The peer is considered dead after 2min 45s when no reply comes in. */ @@ -92,10 +92,10 @@ struct task_manager_t { /** * Process an incoming message. - * + * * @param message message to add payloads to * @return - * - DESTROY_ME if IKE_SA must be closed + * - DESTROY_ME if IKE_SA must be closed * - SUCCESS otherwise */ status_t (*process_message) (task_manager_t *this, message_t *message); @@ -118,24 +118,24 @@ struct task_manager_t { * A return value of INVALID_STATE means that the message was already * acknowledged and has not to be retransmitted. A return value of SUCCESS * means retransmission was required and the message has been resent. - * + * * @param message_id ID of the message to retransmit * @return - * - INVALID_STATE if retransmission not required + * - INVALID_STATE if retransmission not required * - SUCCESS if retransmission sent */ status_t (*retransmit) (task_manager_t *this, u_int32_t message_id); - + /** * Migrate all tasks from other to this. * * To rekey or reestablish an IKE_SA completely, all queued or active * tasks should get migrated to the new IKE_SA. - * + * * @param other manager which gives away its tasks */ void (*adopt_tasks) (task_manager_t *this, task_manager_t *other); - + /** * Reset message ID counters of the task manager. * @@ -149,14 +149,14 @@ struct task_manager_t { * @param respond message ID to respond to exchanges (expect) */ void (*reset) (task_manager_t *this, u_int32_t initiate, u_int32_t respond); - + /** * Check if we are currently waiting for a reply. * * @return TRUE if we are waiting, FALSE otherwise */ bool (*busy) (task_manager_t *this); - + /** * Destroy the task_manager_t. */ diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c index 558938f2e..3f002f263 100644 --- a/src/charon/sa/tasks/child_create.c +++ b/src/charon/sa/tasks/child_create.c @@ -19,12 +19,14 @@ #include #include +#include #include #include #include #include #include #include +#include typedef struct private_child_create_t private_child_create_t; @@ -33,132 +35,132 @@ typedef struct private_child_create_t private_child_create_t; * Private members of a child_create_t task. */ struct private_child_create_t { - + /** * Public methods and task_t interface. */ child_create_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * nonce chosen by us */ chunk_t my_nonce; - + /** * nonce chosen by peer */ chunk_t other_nonce; - + /** * config to create the CHILD_SA from */ child_cfg_t *config; - + /** * list of proposal candidates */ linked_list_t *proposals; - + /** * selected proposal to use for CHILD_SA */ proposal_t *proposal; - + /** * traffic selectors for initiators side */ linked_list_t *tsi; - + /** * traffic selectors for responders side */ linked_list_t *tsr; - + /** * source of triggering packet */ traffic_selector_t *packet_tsi; - + /** * destination of triggering packet */ traffic_selector_t *packet_tsr; - + /** * optional diffie hellman exchange */ diffie_hellman_t *dh; - + /** * group used for DH exchange */ diffie_hellman_group_t dh_group; - + /** * IKE_SAs keymat */ keymat_t *keymat; - + /** * mode the new CHILD_SA uses (transport/tunnel/beet) */ ipsec_mode_t mode; - + /** * IPComp transform to use */ ipcomp_transform_t ipcomp; - + /** * IPComp transform proposed or accepted by the other peer */ ipcomp_transform_t ipcomp_received; - + /** * Own allocated SPI */ u_int32_t my_spi; - + /** * SPI received in proposal */ u_int32_t other_spi; - + /** * Own allocated Compression Parameter Index (CPI) */ u_int16_t my_cpi; - + /** * Other Compression Parameter Index (CPI), received via IPCOMP_SUPPORTED */ u_int16_t other_cpi; - + /** * reqid to use if we are rekeying */ u_int32_t reqid; - + /** * CHILD_SA which gets established */ child_sa_t *child_sa; - + /** * successfully established the CHILD? */ bool established; - + /** * whether the CHILD_SA rekeys an existing one */ @@ -171,7 +173,7 @@ struct private_child_create_t { static status_t get_nonce(message_t *message, chunk_t *nonce) { nonce_payload_t *payload; - + payload = (nonce_payload_t*)message->get_payload(message, NONCE); if (payload == NULL) { @@ -187,7 +189,7 @@ static status_t get_nonce(message_t *message, chunk_t *nonce) static status_t generate_nonce(chunk_t *nonce) { rng_t *rng; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -207,7 +209,7 @@ static bool ts_list_is_host(linked_list_t *list, host_t *host) traffic_selector_t *ts; bool is_host = TRUE; iterator_t *iterator = list->create_iterator(list, TRUE); - + while (is_host && iterator->iterate(iterator, (void**)&ts)) { is_host = is_host && ts->is_host(ts, host); @@ -223,8 +225,8 @@ static bool allocate_spi(private_child_create_t *this) { enumerator_t *enumerator; proposal_t *proposal; - - /* TODO: allocate additional SPI for AH if we have such proposals */ + + /* TODO: allocate additional SPI for AH if we have such proposals */ this->my_spi = this->child_sa->alloc_spi(this->child_sa, PROTO_ESP); if (this->my_spi) { @@ -246,6 +248,25 @@ static bool allocate_spi(private_child_create_t *this) return FALSE; } +/** + * Schedule inactivity timeout for CHILD_SA with reqid, if enabled + */ +static void schedule_inactivity_timeout(private_child_create_t *this) +{ + u_int32_t timeout; + bool close_ike; + + timeout = this->config->get_inactivity(this->config); + if (timeout) + { + close_ike = lib->settings->get_bool(lib->settings, + "charon.inactivity_close_ike", FALSE); + charon->scheduler->schedule_job(charon->scheduler, (job_t*) + inactivity_job_create(this->child_sa->get_reqid(this->child_sa), + timeout, close_ike), timeout); + } +} + /** * Install a CHILD_SA for usage, return value: * - FAILED: no acceptable proposal @@ -260,7 +281,8 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) chunk_t integ_i = chunk_empty, integ_r = chunk_empty; linked_list_t *my_ts, *other_ts; host_t *me, *other, *other_vip, *my_vip; - + bool private; + if (this->proposals == NULL) { DBG1(DBG_IKE, "SA payload missing in message"); @@ -271,32 +293,33 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) DBG1(DBG_IKE, "TS payloads missing in message"); return NOT_FOUND; } - + me = this->ike_sa->get_my_host(this->ike_sa); other = this->ike_sa->get_other_host(this->ike_sa); my_vip = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); other_vip = this->ike_sa->get_virtual_ip(this->ike_sa, FALSE); - - this->proposal = this->config->select_proposal(this->config, this->proposals, - no_dh); + + private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); + this->proposal = this->config->select_proposal(this->config, + this->proposals, no_dh, private); if (this->proposal == NULL) { DBG1(DBG_IKE, "no acceptable proposal found"); return FAILED; } this->other_spi = this->proposal->get_spi(this->proposal); - + if (!this->initiator && !allocate_spi(this)) { /* responder has no SPI allocated yet */ DBG1(DBG_IKE, "allocating SPI failed"); return FAILED; } this->child_sa->set_proposal(this->child_sa, this->proposal); - + if (!this->proposal->has_dh_group(this->proposal, this->dh_group)) { u_int16_t group; - + if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) { @@ -312,7 +335,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) return FAILED; } } - + if (my_vip == NULL) { my_vip = me; @@ -321,7 +344,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) { other_vip = other; } - + if (this->initiator) { nonce_i = this->my_nonce; @@ -338,9 +361,9 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) } my_ts = this->config->get_traffic_selectors(this->config, TRUE, my_ts, my_vip); - other_ts = this->config->get_traffic_selectors(this->config, FALSE, other_ts, + other_ts = this->config->get_traffic_selectors(this->config, FALSE, other_ts, other_vip); - + if (my_ts->get_count(my_ts) == 0 || other_ts->get_count(other_ts) == 0) { my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); @@ -348,7 +371,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) DBG1(DBG_IKE, "no acceptable traffic selectors found"); return NOT_FOUND; } - + this->tsr->destroy_offset(this->tsr, offsetof(traffic_selector_t, destroy)); this->tsi->destroy_offset(this->tsi, offsetof(traffic_selector_t, destroy)); if (this->initiator) @@ -361,7 +384,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) this->tsr = my_ts; this->tsi = other_ts; } - + if (!this->initiator) { /* check if requested mode is acceptable, downgrade if required */ @@ -394,13 +417,73 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) break; } } - + + /* check for any certificate-based IP address block constraints */ + if (this->mode == MODE_BEET || this->mode == MODE_TUNNEL) + { + auth_cfg_t *auth; + enumerator_t *auth_enum; + certificate_t *cert = NULL; + + auth_enum = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE); + while (auth_enum->enumerate(auth_enum, &auth)) + { + cert = auth->get(auth, AUTH_HELPER_SUBJECT_CERT); + if (cert) + { + break; + } + } + auth_enum->destroy(auth_enum); + + if (cert && cert->get_type(cert) == CERT_X509) + { + x509_t *x509 = (x509_t*)cert; + + if (x509->get_flags(x509) & X509_IP_ADDR_BLOCKS) + { + enumerator_t *enumerator, *block_enum; + traffic_selector_t *ts, *block_ts; + + DBG1(DBG_IKE, "checking certificate-based traffic selector " + "constraints [RFC 3779]"); + enumerator = other_ts->create_enumerator(other_ts); + while (enumerator->enumerate(enumerator, &ts)) + { + bool contained = FALSE; + + block_enum = x509->create_ipAddrBlock_enumerator(x509); + while (block_enum->enumerate(block_enum, &block_ts)) + { + if (ts->is_contained_in(ts, block_ts)) + { + DBG1(DBG_IKE, " TS %R is contained in address block" + " constraint %R", ts, block_ts); + contained = TRUE; + break; + } + } + block_enum->destroy(block_enum); + + if (!contained) + { + DBG1(DBG_IKE, " TS %R is not contained in any" + " address block constraint", ts); + enumerator->destroy(enumerator); + return FAILED; + } + } + enumerator->destroy(enumerator); + } + } + } + this->child_sa->set_state(this->child_sa, CHILD_INSTALLING); this->child_sa->set_ipcomp(this->child_sa, this->ipcomp); this->child_sa->set_mode(this->child_sa, this->mode); this->child_sa->set_protocol(this->child_sa, this->proposal->get_protocol(this->proposal)); - + if (this->my_cpi == 0 || this->other_cpi == 0 || this->ipcomp == IPCOMP_NONE) { this->my_cpi = this->other_cpi = 0; @@ -408,28 +491,28 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) } status_i = status_o = FAILED; if (this->keymat->derive_child_keys(this->keymat, this->proposal, - this->dh, nonce_i, nonce_r, &encr_i, &integ_i, &encr_r, &integ_r)) + this->dh, nonce_i, nonce_r, &encr_i, &integ_i, &encr_r, &integ_r)) { if (this->initiator) { status_i = this->child_sa->install(this->child_sa, encr_r, integ_r, - this->my_spi, this->my_cpi, TRUE); + this->my_spi, this->my_cpi, TRUE, my_ts, other_ts); status_o = this->child_sa->install(this->child_sa, encr_i, integ_i, - this->other_spi, this->other_cpi, FALSE); + this->other_spi, this->other_cpi, FALSE, my_ts, other_ts); } else { status_i = this->child_sa->install(this->child_sa, encr_i, integ_i, - this->my_spi, this->my_cpi, TRUE); + this->my_spi, this->my_cpi, TRUE, my_ts, other_ts); status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, - this->other_spi, this->other_cpi, FALSE); + this->other_spi, this->other_cpi, FALSE, my_ts, other_ts); } } chunk_clear(&integ_i); chunk_clear(&integ_r); chunk_clear(&encr_i); chunk_clear(&encr_r); - + if (status_i != SUCCESS || status_o != SUCCESS) { DBG1(DBG_IKE, "unable to install %s%s%sIPsec SA (SAD) in kernel", @@ -438,21 +521,26 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) (status_o != SUCCESS) ? "outbound " : ""); return FAILED; } - + status = this->child_sa->add_policies(this->child_sa, my_ts, other_ts); if (status != SUCCESS) - { + { DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel"); return NOT_FOUND; } - + charon->bus->child_keys(charon->bus, this->child_sa, this->dh, nonce_i, nonce_r); - + /* add to IKE_SA, and remove from task */ this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); this->ike_sa->add_child_sa(this->ike_sa, this->child_sa); this->established = TRUE; + + if (!this->rekey) + { /* a rekeyed SA uses the same reqid, no need for a new job */ + schedule_inactivity_timeout(this); + } return SUCCESS; } @@ -476,7 +564,7 @@ static void build_payloads(private_child_create_t *this, message_t *message) sa_payload = sa_payload_create_from_proposal(this->proposal); } message->add_payload(message, (payload_t*)sa_payload); - + /* add nonce payload if not in IKE_AUTH */ if (message->get_exchange_type(message) == CREATE_CHILD_SA) { @@ -484,14 +572,14 @@ static void build_payloads(private_child_create_t *this, message_t *message) nonce_payload->set_nonce(nonce_payload, this->my_nonce); message->add_payload(message, (payload_t*)nonce_payload); } - + /* diffie hellman exchange, if PFS enabled */ if (this->dh) { ke_payload = ke_payload_create_from_diffie_hellman(this->dh); message->add_payload(message, (payload_t*)ke_payload); } - + /* add TSi/TSr payloads */ ts_payload = ts_payload_create_from_traffic_selectors(TRUE, this->tsi); message->add_payload(message, (payload_t*)ts_payload); @@ -524,12 +612,12 @@ static void add_ipcomp_notify(private_child_create_t *this, "IPComp disabled"); return; } - + this->my_cpi = this->child_sa->alloc_cpi(this->child_sa); if (this->my_cpi) { this->ipcomp = ipcomp; - message->add_notify(message, FALSE, IPCOMP_SUPPORTED, + message->add_notify(message, FALSE, IPCOMP_SUPPORTED, chunk_cata("cc", chunk_from_thing(this->my_cpi), chunk_from_thing(ipcomp))); } @@ -550,14 +638,22 @@ static void handle_notify(private_child_create_t *this, notify_payload_t *notify this->mode = MODE_TRANSPORT; break; case USE_BEET_MODE: - this->mode = MODE_BEET; + if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)) + { /* handle private use notify only if we know its meaning */ + this->mode = MODE_BEET; + } + else + { + DBG1(DBG_IKE, "received a notify strongSwan uses for BEET " + "mode, but peer implementation unknown, skipped"); + } break; case IPCOMP_SUPPORTED: { ipcomp_transform_t ipcomp; u_int16_t cpi; chunk_t data; - + data = notify->get_notification_data(notify); cpi = *(u_int16_t*)data.ptr; ipcomp = (ipcomp_transform_t)(*(data.ptr + 2)); @@ -591,7 +687,7 @@ static void process_payloads(private_child_create_t *this, message_t *message) sa_payload_t *sa_payload; ke_payload_t *ke_payload; ts_payload_t *ts_payload; - + /* defaults to TUNNEL mode */ this->mode = MODE_TUNNEL; @@ -620,7 +716,7 @@ static void process_payloads(private_child_create_t *this, message_t *message) case TRAFFIC_SELECTOR_INITIATOR: ts_payload = (ts_payload_t*)payload; this->tsi = ts_payload->get_traffic_selectors(ts_payload); - break; + break; case TRAFFIC_SELECTOR_RESPONDER: ts_payload = (ts_payload_t*)payload; this->tsr = ts_payload->get_traffic_selectors(ts_payload); @@ -642,7 +738,7 @@ static status_t build_i(private_child_create_t *this, message_t *message) { host_t *me, *other, *vip; peer_cfg_t *peer_cfg; - + switch (message->get_exchange_type(message)) { case IKE_SA_INIT: @@ -668,7 +764,7 @@ static status_t build_i(private_child_create_t *this, message_t *message) default: break; } - + if (this->reqid) { DBG0(DBG_IKE, "establishing CHILD_SA %s{%d}", @@ -679,7 +775,7 @@ static status_t build_i(private_child_create_t *this, message_t *message) DBG0(DBG_IKE, "establishing CHILD_SA %s", this->config->get_name(this->config)); } - + /* reuse virtual IP if we already have one */ me = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); if (me == NULL) @@ -691,7 +787,7 @@ static status_t build_i(private_child_create_t *this, message_t *message) { other = this->ike_sa->get_other_host(this->ike_sa); } - + /* check if we want a virtual IP, but don't have one */ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); vip = peer_cfg->get_virtual_ip(peer_cfg); @@ -708,9 +804,9 @@ static status_t build_i(private_child_create_t *this, message_t *message) this->tsi = this->config->get_traffic_selectors(this->config, TRUE, NULL, me); } - this->tsr = this->config->get_traffic_selectors(this->config, FALSE, + this->tsr = this->config->get_traffic_selectors(this->config, FALSE, NULL, other); - + if (this->packet_tsi) { this->tsi->insert_first(this->tsi, @@ -724,37 +820,43 @@ static status_t build_i(private_child_create_t *this, message_t *message) this->proposals = this->config->get_proposals(this->config, this->dh_group == MODP_NONE); this->mode = this->config->get_mode(this->config); - + if (this->mode == MODE_TRANSPORT && + this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)) + { + this->mode = MODE_TUNNEL; + DBG1(DBG_IKE, "not using transport mode, connection NATed"); + } + this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid, this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)); - + if (!allocate_spi(this)) { DBG1(DBG_IKE, "unable to allocate SPIs from kernel"); return FAILED; } - + if (this->dh_group != MODP_NONE) { this->dh = this->keymat->create_dh(this->keymat, this->dh_group); } - + if (this->config->use_ipcomp(this->config)) { /* IPCOMP_DEFLATE is the only transform we support at the moment */ add_ipcomp_notify(this, message, IPCOMP_DEFLATE); } - + build_payloads(this, message); - + this->tsi->destroy_offset(this->tsi, offsetof(traffic_selector_t, destroy)); this->tsr->destroy_offset(this->tsr, offsetof(traffic_selector_t, destroy)); this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy)); this->tsi = NULL; this->tsr = NULL; this->proposals = NULL; - + return NEED_MORE; } @@ -779,9 +881,9 @@ static status_t process_r(private_child_create_t *this, message_t *message) default: break; } - + process_payloads(this, message); - + return NEED_MORE; } @@ -813,7 +915,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) payload_t *payload; enumerator_t *enumerator; bool no_dh = TRUE; - + switch (message->get_exchange_type(message)) { case IKE_SA_INIT: @@ -835,19 +937,19 @@ static status_t build_r(private_child_create_t *this, message_t *message) default: break; } - + if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) { DBG1(DBG_IKE, "unable to create CHILD_SA while rekeying IKE_SA"); message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty); return SUCCESS; } - + peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); if (peer_cfg && this->tsi && this->tsr) { host_t *me, *other; - + me = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); if (me == NULL) { @@ -861,7 +963,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) this->config = peer_cfg->select_child_cfg(peer_cfg, this->tsr, this->tsi, me, other); } - + if (this->config == NULL) { DBG1(DBG_IKE, "traffic selectors %#R=== %#R inacceptable", @@ -870,7 +972,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) handle_child_sa_failure(this, message); return SUCCESS; } - + /* check if ike_config_t included non-critical error notifies */ enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) @@ -878,7 +980,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) if (payload->get_type(payload) == NOTIFY) { notify_payload_t *notify = (notify_payload_t*)payload; - + switch (notify->get_notify_type(notify)) { case INTERNAL_ADDRESS_FAILURE: @@ -896,11 +998,11 @@ static status_t build_r(private_child_create_t *this, message_t *message) } } enumerator->destroy(enumerator); - + this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->config, this->reqid, this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)); - + if (this->ipcomp_received != IPCOMP_NONE) { if (this->config->use_ipcomp(this->config)) @@ -913,7 +1015,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) notify_type_names, IPCOMP_SUPPORTED); } } - + switch (select_and_install(this, no_dh)) { case SUCCESS: @@ -936,9 +1038,9 @@ static status_t build_r(private_child_create_t *this, message_t *message) handle_child_sa_failure(this, message); return SUCCESS; } - + build_payloads(this, message); - + DBG0(DBG_IKE, "CHILD_SA %s{%d} established " "with SPIs %.8x_i %.8x_o and TS %#R=== %#R", this->child_sa->get_name(this->child_sa), @@ -947,7 +1049,7 @@ static status_t build_r(private_child_create_t *this, message_t *message) ntohl(this->child_sa->get_spi(this->child_sa, FALSE)), this->child_sa->get_traffic_selectors(this->child_sa, TRUE), this->child_sa->get_traffic_selectors(this->child_sa, FALSE)); - + if (!this->rekey) { /* invoke the child_up() hook if we are not rekeying */ charon->bus->child_updown(charon->bus, this->child_sa, TRUE); @@ -989,7 +1091,7 @@ static status_t process_i(private_child_create_t *this, message_t *message) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); - + switch (type) { /* handle notify errors related to CHILD_SA only */ @@ -1011,15 +1113,18 @@ static status_t process_i(private_child_create_t *this, message_t *message) case INVALID_KE_PAYLOAD: { chunk_t data; - diffie_hellman_group_t bad_group; - - bad_group = this->dh_group; + u_int16_t group = MODP_NONE; + data = notify->get_notification_data(notify); - this->dh_group = ntohs(*((u_int16_t*)data.ptr)); + if (data.len == sizeof(group)) + { + memcpy(&group, data.ptr, data.len); + group = ntohs(group); + } DBG1(DBG_IKE, "peer didn't accept DH group %N, " "it requested %N", diffie_hellman_group_names, - bad_group, diffie_hellman_group_names, this->dh_group); - + this->dh_group, diffie_hellman_group_names, group); + this->dh_group = group; this->public.task.migrate(&this->public.task, this->ike_sa); enumerator->destroy(enumerator); return NEED_MORE; @@ -1030,9 +1135,9 @@ static status_t process_i(private_child_create_t *this, message_t *message) } } enumerator->destroy(enumerator); - + process_payloads(this, message); - + if (this->ipcomp == IPCOMP_NONE && this->ipcomp_received != IPCOMP_NONE) { DBG1(DBG_IKE, "received an IPCOMP_SUPPORTED notify without requesting" @@ -1053,7 +1158,7 @@ static status_t process_i(private_child_create_t *this, message_t *message) handle_child_sa_failure(this, message); return SUCCESS; } - + if (select_and_install(this, no_dh) == SUCCESS) { DBG0(DBG_IKE, "CHILD_SA %s{%d} established " @@ -1064,7 +1169,7 @@ static status_t process_i(private_child_create_t *this, message_t *message) ntohl(this->child_sa->get_spi(this->child_sa, FALSE)), this->child_sa->get_traffic_selectors(this->child_sa, TRUE), this->child_sa->get_traffic_selectors(this->child_sa, FALSE)); - + if (!this->rekey) { /* invoke the child_up() hook if we are not rekeying */ charon->bus->child_updown(charon->bus, this->child_sa, TRUE); @@ -1105,7 +1210,7 @@ static child_sa_t* get_child(private_child_create_t *this) * Implementation of child_create_t.get_lower_nonce */ static chunk_t get_lower_nonce(private_child_create_t *this) -{ +{ if (memcmp(this->my_nonce.ptr, this->other_nonce.ptr, min(this->my_nonce.len, this->other_nonce.len)) < 0) { @@ -1139,7 +1244,7 @@ static void migrate(private_child_create_t *this, ike_sa_t *ike_sa) { this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy)); } - + this->ike_sa = ike_sa; this->keymat = ike_sa->get_keymat(ike_sa); this->proposal = NULL; @@ -1183,7 +1288,7 @@ static void destroy(private_child_create_t *this) { this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy)); } - + DESTROY_IF(this->config); free(this); } @@ -1216,7 +1321,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; this->initiator = FALSE; } - + this->ike_sa = ike_sa; this->config = config; this->my_nonce = chunk_empty; @@ -1241,6 +1346,6 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, this->reqid = 0; this->established = FALSE; this->rekey = rekey; - + return &this->public; } diff --git a/src/charon/sa/tasks/child_create.h b/src/charon/sa/tasks/child_create.h index 41f4fe2c8..5dedeb8b1 100644 --- a/src/charon/sa/tasks/child_create.h +++ b/src/charon/sa/tasks/child_create.h @@ -31,7 +31,7 @@ typedef struct child_create_t child_create_t; /** * Task of type CHILD_CREATE, established a new CHILD_SA. * - * This task may be included in the IKE_AUTH message or in a separate + * This task may be included in the IKE_AUTH message or in a separate * CREATE_CHILD_SA exchange. */ struct child_create_t { @@ -40,24 +40,24 @@ struct child_create_t { * Implements the task_t interface */ task_t task; - + /** * Use a specific reqid for the CHILD_SA. * * When this task is used for rekeying, the same reqid is used - * for the new CHILD_SA. + * for the new CHILD_SA. * * @param reqid reqid to use */ void (*use_reqid) (child_create_t *this, u_int32_t reqid); - + /** * Get the lower of the two nonces, used for rekey collisions. * * @return lower nonce */ chunk_t (*get_lower_nonce) (child_create_t *this); - + /** * Get the CHILD_SA established/establishing by this task. * diff --git a/src/charon/sa/tasks/child_delete.c b/src/charon/sa/tasks/child_delete.c index 7abb07a84..d7c6b0541 100644 --- a/src/charon/sa/tasks/child_delete.c +++ b/src/charon/sa/tasks/child_delete.c @@ -25,42 +25,42 @@ typedef struct private_child_delete_t private_child_delete_t; * Private members of a child_delete_t task. */ struct private_child_delete_t { - + /** * Public methods and task_t interface. */ child_delete_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Protocol of CHILD_SA to delete */ protocol_id_t protocol; - + /** * Inbound SPI of CHILD_SA to delete */ u_int32_t spi; - + /** * whether to enforce delete action policy */ bool check_delete_action; - + /** * is this delete exchange following a rekey? */ bool rekeyed; - + /** * CHILD_SAs which get deleted */ @@ -75,10 +75,10 @@ static void build_payloads(private_child_delete_t *this, message_t *message) delete_payload_t *ah = NULL, *esp = NULL; iterator_t *iterator; child_sa_t *child_sa; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) - { + { protocol_id_t protocol = child_sa->get_protocol(child_sa); u_int32_t spi = child_sa->get_spi(child_sa, TRUE); @@ -91,7 +91,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) message->add_payload(message, (payload_t*)esp); } esp->add_spi(esp, spi); - DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", + DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", protocol_id_names, protocol, ntohl(spi)); break; case PROTO_AH: @@ -101,7 +101,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) message->add_payload(message, (payload_t*)ah); } ah->add_spi(ah, spi); - DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", + DBG1(DBG_IKE, "sending DELETE for %N CHILD_SA with SPI %.8x", protocol_id_names, protocol, ntohl(spi)); break; default: @@ -124,7 +124,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) u_int32_t *spi; protocol_id_t protocol; child_sa_t *child_sa; - + payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) { @@ -147,9 +147,9 @@ static void process_payloads(private_child_delete_t *this, message_t *message) "but no such SA", protocol_id_names, protocol, ntohl(*spi)); continue; } - DBG1(DBG_IKE, "received DELETE for %N CHILD_SA with SPI %.8x", + DBG1(DBG_IKE, "received DELETE for %N CHILD_SA with SPI %.8x", protocol_id_names, protocol, ntohl(*spi)); - + switch (child_sa->get_state(child_sa)) { case CHILD_REKEYING: @@ -172,7 +172,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) default: break; } - + this->child_sas->insert_last(this->child_sas, child_sa); } spis->destroy(spis); @@ -192,7 +192,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) protocol_id_t protocol; u_int32_t spi; status_t status = SUCCESS; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) { @@ -215,7 +215,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) status = this->ike_sa->initiate(this->ike_sa, child_cfg, 0, NULL, NULL); break; - case ACTION_ROUTE: + case ACTION_ROUTE: charon->traps->install(charon->traps, this->ike_sa->get_peer_cfg(this->ike_sa), child_cfg); break; @@ -241,13 +241,13 @@ static void log_children(private_child_delete_t *this) iterator_t *iterator; child_sa_t *child_sa; u_int64_t bytes_in, bytes_out; - + iterator = this->child_sas->create_iterator(this->child_sas, TRUE); while (iterator->iterate(iterator, (void**)&child_sa)) { child_sa->get_usestats(child_sa, TRUE, NULL, &bytes_in); child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out); - + DBG0(DBG_IKE, "closing CHILD_SA %s{%d} " "with SPIs %.8x_i (%llu bytes) %.8x_o (%llu bytes) and TS %#R=== %#R", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), @@ -265,12 +265,19 @@ static void log_children(private_child_delete_t *this) static status_t build_i(private_child_delete_t *this, message_t *message) { child_sa_t *child_sa; - + child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, this->spi, TRUE); if (!child_sa) - { /* child does not exist anymore */ - return SUCCESS; + { /* check if it is an outbound sa */ + child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, + this->spi, FALSE); + if (!child_sa) + { /* child does not exist anymore */ + return SUCCESS; + } + /* we work only with the inbound SPI */ + this->spi = child_sa->get_spi(child_sa, TRUE); } this->child_sas->insert_last(this->child_sas, child_sa); if (child_sa->get_state(child_sa) == CHILD_REKEYING) @@ -290,7 +297,7 @@ static status_t process_i(private_child_delete_t *this, message_t *message) /* flush the list before adding new SAs */ this->child_sas->destroy(this->child_sas); this->child_sas = linked_list_create(); - + process_payloads(this, message); DBG1(DBG_IKE, "CHILD_SA closed"); return destroy_and_reestablish(this); @@ -314,7 +321,7 @@ static status_t build_r(private_child_delete_t *this, message_t *message) /* if we are rekeying, we send an empty informational */ if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING) { - build_payloads(this, message); + build_payloads(this, message); } DBG1(DBG_IKE, "CHILD_SA closed"); return destroy_and_reestablish(this); @@ -345,7 +352,7 @@ static void migrate(private_child_delete_t *this, ike_sa_t *ike_sa) { this->check_delete_action = FALSE; this->ike_sa = ike_sa; - + this->child_sas->destroy(this->child_sas); this->child_sas = linked_list_create(); } @@ -371,14 +378,14 @@ child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + this->ike_sa = ike_sa; this->check_delete_action = FALSE; this->child_sas = linked_list_create(); this->protocol = protocol; this->spi = spi; this->rekeyed = FALSE; - + if (protocol != PROTO_NONE) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; diff --git a/src/charon/sa/tasks/child_delete.h b/src/charon/sa/tasks/child_delete.h index 27d847035..365807c68 100644 --- a/src/charon/sa/tasks/child_delete.h +++ b/src/charon/sa/tasks/child_delete.h @@ -37,7 +37,7 @@ struct child_delete_t { * Implements the task_t interface */ task_t task; - + /** * Get the CHILD_SA to delete by this task. * diff --git a/src/charon/sa/tasks/child_rekey.c b/src/charon/sa/tasks/child_rekey.c index 601e054ea..b5e4e84b4 100644 --- a/src/charon/sa/tasks/child_rekey.c +++ b/src/charon/sa/tasks/child_rekey.c @@ -30,47 +30,47 @@ typedef struct private_child_rekey_t private_child_rekey_t; * Private members of a child_rekey_t task. */ struct private_child_rekey_t { - + /** * Public methods and task_t interface. */ child_rekey_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Protocol of CHILD_SA to rekey */ protocol_id_t protocol; - + /** * Inbound SPI of CHILD_SA to rekey */ u_int32_t spi; - + /** * the CHILD_CREATE task which is reused to simplify rekeying */ child_create_t *child_create; - + /** * the CHILD_DELETE task to delete rekeyed CHILD_SA */ child_delete_t *child_delete; - + /** * CHILD_SA which gets rekeyed */ child_sa_t *child_sa; - + /** * colliding task, may be delete or rekey */ @@ -84,7 +84,7 @@ static status_t build_i_delete(private_child_rekey_t *this, message_t *message) { /* update exchange type to INFORMATIONAL for the delete */ message->set_exchange_type(message, INFORMATIONAL); - + return this->child_delete->task.build(&this->child_delete->task, message); } @@ -101,35 +101,22 @@ static status_t process_i_delete(private_child_rekey_t *this, message_t *message */ static void find_child(private_child_rekey_t *this, message_t *message) { - enumerator_t *enumerator; - payload_t *payload; - - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + notify_payload_t *notify; + protocol_id_t protocol; + u_int32_t spi; + + notify = message->get_notify(message, REKEY_SA); + if (notify) { - notify_payload_t *notify; - u_int32_t spi; - protocol_id_t protocol; - - if (payload->get_type(payload) != NOTIFY) - { - continue; - } - - notify = (notify_payload_t*)payload; protocol = notify->get_protocol_id(notify); spi = notify->get_spi(notify); - - if (protocol != PROTO_ESP && protocol != PROTO_AH) + + if (protocol == PROTO_ESP || protocol == PROTO_AH) { - continue; + this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, + spi, FALSE); } - this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol, - spi, FALSE); - break; - } - enumerator->destroy(enumerator); } /** @@ -140,30 +127,42 @@ static status_t build_i(private_child_rekey_t *this, message_t *message) notify_payload_t *notify; u_int32_t reqid; child_cfg_t *config; - + this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, this->spi, TRUE); if (!this->child_sa) - { /* CHILD_SA is gone, unable to rekey */ - return SUCCESS; + { /* check if it is an outbound CHILD_SA */ + this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, + this->spi, FALSE); + if (!this->child_sa) + { /* CHILD_SA is gone, unable to rekey. As an empty CREATE_CHILD_SA + * exchange is invalid, we fall back to an INFORMATIONAL exchange.*/ + message->set_exchange_type(message, INFORMATIONAL); + return SUCCESS; + } + /* we work only with the inbound SPI */ + this->spi = this->child_sa->get_spi(this->child_sa, TRUE); } config = this->child_sa->get_config(this->child_sa); - + /* we just need the rekey notify ... */ notify = notify_payload_create_from_protocol_and_type(this->protocol, REKEY_SA); notify->set_spi(notify, this->spi); message->add_payload(message, (payload_t*)notify); - + /* ... our CHILD_CREATE task does the hard work for us. */ + if (!this->child_create) + { + this->child_create = child_create_create(this->ike_sa, config, TRUE, + NULL, NULL); + } reqid = this->child_sa->get_reqid(this->child_sa); - this->child_create = child_create_create(this->ike_sa, config, TRUE, - NULL, NULL); this->child_create->use_reqid(this->child_create, reqid); this->child_create->task.build(&this->child_create->task, message); - + this->child_sa->set_state(this->child_sa, CHILD_REKEYING); - + return NEED_MORE; } @@ -174,9 +173,9 @@ static status_t process_r(private_child_rekey_t *this, message_t *message) { /* let the CHILD_CREATE task process the message */ this->child_create->task.process(&this->child_create->task, message); - + find_child(this, message); - + return NEED_MORE; } @@ -194,21 +193,21 @@ static status_t build_r(private_child_rekey_t *this, message_t *message) message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return SUCCESS; } - + /* let the CHILD_CREATE task build the response */ reqid = this->child_sa->get_reqid(this->child_sa); this->child_create->use_reqid(this->child_create, reqid); this->child_create->task.build(&this->child_create->task, message); - + if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL) { /* rekeying failed, reuse old child */ this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); return SUCCESS; } - + this->child_sa->set_state(this->child_sa, CHILD_REKEYING); - + /* invoke rekey hook */ charon->bus->child_rekey(charon->bus, this->child_sa, this->child_create->get_child(this->child_create)); @@ -223,33 +222,20 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) protocol_id_t protocol; u_int32_t spi; child_sa_t *to_delete; - enumerator_t *enumerator; - payload_t *payload; - - /* handle NO_ADDITIONAL_SAS notify */ - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + + if (message->get_notify(message, NO_ADDITIONAL_SAS)) { - if (payload->get_type(payload) == NOTIFY) - { - notify_payload_t *notify = (notify_payload_t*)payload; - - if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS) - { - DBG1(DBG_IKE, "peer seems to not support CHILD_SA rekeying, " - "starting reauthentication"); - this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); - charon->processor->queue_job(charon->processor, - (job_t*)rekey_ike_sa_job_create( - this->ike_sa->get_id(this->ike_sa), TRUE)); - enumerator->destroy(enumerator); - return SUCCESS; - } - } + DBG1(DBG_IKE, "peer seems to not support CHILD_SA rekeying, " + "starting reauthentication"); + this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); + charon->processor->queue_job(charon->processor, + (job_t*)rekey_ike_sa_job_create( + this->ike_sa->get_id(this->ike_sa), TRUE)); + return SUCCESS; } - enumerator->destroy(enumerator); - - if (this->child_create->task.process(&this->child_create->task, message) == NEED_MORE) + + if (this->child_create->task.process(&this->child_create->task, + message) == NEED_MORE) { /* bad DH group while rekeying, try again */ this->child_create->task.migrate(&this->child_create->task, this->ike_sa); @@ -259,39 +245,39 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) { /* establishing new child failed, reuse old. but not when we * recieved a delete in the meantime */ - if (!(this->collision && + if (!(this->collision && this->collision->get_type(this->collision) == CHILD_DELETE)) { job_t *job; u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER); - + job = (job_t*)rekey_child_sa_job_create( this->child_sa->get_reqid(this->child_sa), this->child_sa->get_protocol(this->child_sa), this->child_sa->get_spi(this->child_sa, TRUE)); DBG1(DBG_IKE, "CHILD_SA rekeying failed, " - "trying again in %d seconds", retry); + "trying again in %d seconds", retry); this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); charon->scheduler->schedule_job(charon->scheduler, job, retry); } return SUCCESS; } - + to_delete = this->child_sa; - + /* check for rekey collisions */ if (this->collision && this->collision->get_type(this->collision) == CHILD_REKEY) { chunk_t this_nonce, other_nonce; private_child_rekey_t *other = (private_child_rekey_t*)this->collision; - + this_nonce = this->child_create->get_lower_nonce(this->child_create); other_nonce = other->child_create->get_lower_nonce(other->child_create); - + /* if we have the lower nonce, delete rekeyed SA. If not, delete * the redundant. */ - if (memcmp(this_nonce.ptr, other_nonce.ptr, + if (memcmp(this_nonce.ptr, other_nonce.ptr, min(this_nonce.len, other_nonce.len)) < 0) { DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting rekeyed child"); @@ -307,21 +293,21 @@ static status_t process_i(private_child_rekey_t *this, message_t *message) } } } - + if (to_delete != this->child_create->get_child(this->child_create)) { /* invoke rekey hook if rekeying successful */ charon->bus->child_rekey(charon->bus, this->child_sa, this->child_create->get_child(this->child_create)); } - + spi = to_delete->get_spi(to_delete, TRUE); protocol = to_delete->get_protocol(to_delete); - + /* rekeying done, delete the obsolete CHILD_SA using a subtask */ this->child_delete = child_delete_create(this->ike_sa, protocol, spi); this->public.task.build = (status_t(*)(task_t*,message_t*))build_i_delete; this->public.task.process = (status_t(*)(task_t*,message_t*))process_i_delete; - + return NEED_MORE; } @@ -338,7 +324,7 @@ static task_type_t get_type(private_child_rekey_t *this) */ static void collide(private_child_rekey_t *this, task_t *other) { - /* the task manager only detects exchange collision, but not if + /* the task manager only detects exchange collision, but not if * the collision is for the same child. we check it here. */ if (other->get_type(other) == CHILD_REKEY) { @@ -346,6 +332,7 @@ static void collide(private_child_rekey_t *this, task_t *other) if (rekey == NULL || rekey->child_sa != this->child_sa) { /* not the same child => no collision */ + other->destroy(other); return; } } @@ -354,13 +341,15 @@ static void collide(private_child_rekey_t *this, task_t *other) child_delete_t *del = (child_delete_t*)other; if (del == NULL || del->get_child(del) != this->child_sa) { - /* not the same child => no collision */ + /* not the same child => no collision */ + other->destroy(other); return; } } else { /* any other task is not critical for collisisions, ignore */ + other->destroy(other); return; } DESTROY_IF(this->collision); @@ -371,7 +360,7 @@ static void collide(private_child_rekey_t *this, task_t *other) * Implementation of task_t.migrate */ static void migrate(private_child_rekey_t *this, ike_sa_t *ike_sa) -{ +{ if (this->child_create) { this->child_create->task.migrate(&this->child_create->task, ike_sa); @@ -381,7 +370,7 @@ static void migrate(private_child_rekey_t *this, ike_sa_t *ike_sa) this->child_delete->task.migrate(&this->child_delete->task, ike_sa); } DESTROY_IF(this->collision); - + this->ike_sa = ike_sa; this->collision = NULL; } @@ -410,7 +399,7 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, u_int32_t spi) { private_child_rekey_t *this = malloc_thing(private_child_rekey_t); - + this->public.collide = (void (*)(child_rekey_t*,task_t*))collide; this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; @@ -429,13 +418,13 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, this->initiator = FALSE; this->child_create = child_create_create(ike_sa, NULL, TRUE, NULL, NULL); } - + this->ike_sa = ike_sa; this->child_sa = NULL; this->protocol = protocol; this->spi = spi; this->collision = NULL; this->child_delete = NULL; - + return &this->public; } diff --git a/src/charon/sa/tasks/child_rekey.h b/src/charon/sa/tasks/child_rekey.h index 5aae2fb39..9b1aea5fa 100644 --- a/src/charon/sa/tasks/child_rekey.h +++ b/src/charon/sa/tasks/child_rekey.h @@ -37,7 +37,7 @@ struct child_rekey_t { * Implements the task_t interface */ task_t task; - + /** * Register a rekeying task which collides with this one * @@ -56,7 +56,7 @@ struct child_rekey_t { * @param ike_sa IKE_SA this task works for * @param protocol protocol of CHILD_SA to rekey, PROTO_NONE as responder * @param spi inbound SPI of CHILD_SA to rekey - * @return child_rekey task to handle by the task_manager + * @return child_rekey task to handle by the task_manager */ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, u_int32_t spi); diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c index d0b2a7e91..a07f96767 100644 --- a/src/charon/sa/tasks/ike_auth.c +++ b/src/charon/sa/tasks/ike_auth.c @@ -31,82 +31,72 @@ typedef struct private_ike_auth_t private_ike_auth_t; * Private members of a ike_auth_t task. */ struct private_ike_auth_t { - + /** * Public methods and task_t interface. */ ike_auth_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Nonce chosen by us in ike_init */ chunk_t my_nonce; - + /** * Nonce chosen by peer in ike_init */ chunk_t other_nonce; - + /** * IKE_SA_INIT message sent by us */ packet_t *my_packet; - + /** * IKE_SA_INIT message sent by peer */ packet_t *other_packet; - - /** - * completed authentication configs initiated by us (auth_cfg_t) - */ - linked_list_t *my_cfgs; - - /** - * completed authentication configs initiated by other (auth_cfg_t) - */ - linked_list_t *other_cfgs;; - + /** * currently active authenticator, to authenticate us */ authenticator_t *my_auth; - + /** * currently active authenticator, to authenticate peer */ authenticator_t *other_auth; - + /** * peer_cfg candidates, ordered by priority */ linked_list_t *candidates; - + /** * selected peer config (might change when using multiple authentications) */ peer_cfg_t *peer_cfg; - + /** * have we planned an(other) authentication exchange? */ bool do_another_auth; - + /** * has the peer announced another authentication exchange? */ bool expect_another_auth; - + /** * should we send a AUTHENTICATION_FAILED notify? */ @@ -129,7 +119,7 @@ static status_t collect_my_init_data(private_ike_auth_t *this, message_t *message) { nonce_payload_t *nonce; - + /* get the nonce that was generated in ike_init */ nonce = (nonce_payload_t*)message->get_payload(message, NONCE); if (nonce == NULL) @@ -137,14 +127,14 @@ static status_t collect_my_init_data(private_ike_auth_t *this, return FAILED; } this->my_nonce = nonce->get_nonce(nonce); - + /* pre-generate the message, keep a copy */ if (this->ike_sa->generate_message(this->ike_sa, message, &this->my_packet) != SUCCESS) { return FAILED; } - return NEED_MORE; + return NEED_MORE; } /** @@ -155,7 +145,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this, { /* we collect the needed information in the IKE_SA_INIT exchange */ nonce_payload_t *nonce; - + /* get the nonce that was generated in ike_init */ nonce = (nonce_payload_t*)message->get_payload(message, NONCE); if (nonce == NULL) @@ -163,10 +153,10 @@ static status_t collect_other_init_data(private_ike_auth_t *this, return FAILED; } this->other_nonce = nonce->get_nonce(nonce); - + /* keep a copy of the received packet */ this->other_packet = message->get_packet(message); - return NEED_MORE; + return NEED_MORE; } /** @@ -176,21 +166,14 @@ static auth_cfg_t *get_auth_cfg(private_ike_auth_t *this, bool local) { enumerator_t *e1, *e2; auth_cfg_t *c1, *c2, *next = NULL; - + /* find an available config not already done */ e1 = this->peer_cfg->create_auth_cfg_enumerator(this->peer_cfg, local); while (e1->enumerate(e1, &c1)) { bool found = FALSE; - - if (local) - { - e2 = this->my_cfgs->create_enumerator(this->my_cfgs); - } - else - { - e2 = this->other_cfgs->create_enumerator(this->other_cfgs); - } + + e2 = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, local); while (e2->enumerate(e2, &c2)) { if (c2->complies(c2, c1, FALSE)) @@ -218,13 +201,13 @@ static bool do_another_auth(private_ike_auth_t *this) bool do_another = FALSE; enumerator_t *done, *todo; auth_cfg_t *done_cfg, *todo_cfg; - + if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MULTIPLE_AUTH)) { return FALSE; } - - done = this->my_cfgs->create_enumerator(this->my_cfgs); + + done = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, TRUE); todo = this->peer_cfg->create_auth_cfg_enumerator(this->peer_cfg, TRUE); while (todo->enumerate(todo, &todo_cfg)) { @@ -252,12 +235,12 @@ static bool load_cfg_candidates(private_ike_auth_t *this) peer_cfg_t *peer_cfg; host_t *me, *other; identification_t *my_id, *other_id; - + me = this->ike_sa->get_my_host(this->ike_sa); other = this->ike_sa->get_other_host(this->ike_sa); my_id = this->ike_sa->get_my_id(this->ike_sa); other_id = this->ike_sa->get_other_id(this->ike_sa); - + enumerator = charon->backends->create_peer_cfg_enumerator(charon->backends, me, other, my_id, other_id); while (enumerator->enumerate(enumerator, &peer_cfg)) @@ -296,10 +279,10 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) bool complies = TRUE; enumerator_t *e1, *e2, *tmp; auth_cfg_t *c1, *c2; - - e1 = this->other_cfgs->create_enumerator(this->other_cfgs); + + e1 = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE); e2 = this->peer_cfg->create_auth_cfg_enumerator(this->peer_cfg, FALSE); - + if (strict) { /* swap lists in strict mode: all configured rounds must be * fulfilled. If !strict, we check only the rounds done so far. */ @@ -342,7 +325,7 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) } } while (this->peer_cfg); - + return this->peer_cfg != NULL; } @@ -352,39 +335,45 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict) static status_t build_i(private_ike_auth_t *this, message_t *message) { auth_cfg_t *cfg; - + if (message->get_exchange_type(message) == IKE_SA_INIT) { return collect_my_init_data(this, message); } - + if (this->peer_cfg == NULL) { this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); this->peer_cfg->get_ref(this->peer_cfg); } - - if (message->get_message_id(message) == 1 && - this->ike_sa->supports_extension(this->ike_sa, EXT_MULTIPLE_AUTH)) - { /* in the first IKE_AUTH, indicate support for multiple authentication */ - message->add_notify(message, FALSE, MULTIPLE_AUTH_SUPPORTED, chunk_empty); + + if (message->get_message_id(message) == 1) + { /* in the first IKE_AUTH ... */ + if (this->ike_sa->supports_extension(this->ike_sa, EXT_MULTIPLE_AUTH)) + { /* indicate support for multiple authentication */ + message->add_notify(message, FALSE, MULTIPLE_AUTH_SUPPORTED, + chunk_empty); + } + /* indicate support for EAP-only authentication */ + message->add_notify(message, FALSE, EAP_ONLY_AUTHENTICATION, + chunk_empty); } - + if (!this->do_another_auth && !this->my_auth) { /* we have done our rounds */ return NEED_MORE; } - + /* check if an authenticator is in progress */ if (this->my_auth == NULL) { identification_t *id; id_payload_t *id_payload; - + /* clean up authentication config from a previous round */ cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); cfg->purge(cfg, TRUE); - + /* add (optional) IDr */ cfg = get_auth_cfg(this, FALSE); if (cfg) @@ -410,7 +399,7 @@ static status_t build_i(private_ike_auth_t *this, message_t *message) this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); id_payload = id_payload_create_from_identification(ID_INITIATOR, id); message->add_payload(message, (payload_t*)id_payload); - + /* build authentication data */ this->my_auth = authenticator_create_builder(this->ike_sa, cfg, this->other_nonce, this->my_nonce, @@ -427,7 +416,7 @@ static status_t build_i(private_ike_auth_t *this, message_t *message) /* authentication step complete, reset authenticator */ cfg = auth_cfg_create(); cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, TRUE), TRUE); - this->my_cfgs->insert_last(this->my_cfgs, cfg); + this->ike_sa->add_auth_cfg(this->ike_sa, TRUE, cfg); this->my_auth->destroy(this->my_auth); this->my_auth = NULL; break; @@ -436,7 +425,7 @@ static status_t build_i(private_ike_auth_t *this, message_t *message) default: return FAILED; } - + /* check for additional authentication rounds */ if (do_another_auth(this)) { @@ -460,12 +449,12 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) auth_cfg_t *cfg, *cand; id_payload_t *id_payload; identification_t *id; - + if (message->get_exchange_type(message) == IKE_SA_INIT) { return collect_other_init_data(this, message); } - + if (this->my_auth == NULL && this->do_another_auth) { /* handle (optional) IDr payload, apply proposed identity */ @@ -480,16 +469,26 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) } this->ike_sa->set_my_id(this->ike_sa, id); } - + if (!this->expect_another_auth) { return NEED_MORE; } - if (message->get_notify(message, MULTIPLE_AUTH_SUPPORTED)) - { - this->ike_sa->enable_extension(this->ike_sa, EXT_MULTIPLE_AUTH); + + if (message->get_message_id(message) == 1) + { /* check for extensions in the first IKE_AUTH */ + if (message->get_notify(message, MULTIPLE_AUTH_SUPPORTED)) + { + this->ike_sa->enable_extension(this->ike_sa, EXT_MULTIPLE_AUTH); + } + if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN) && + message->get_notify(message, EAP_ONLY_AUTHENTICATION)) + { /* EAP-only has no official notify, accept only from strongSwan */ + this->ike_sa->enable_extension(this->ike_sa, + EXT_EAP_ONLY_AUTHENTICATION); + } } - + if (this->other_auth == NULL) { /* handle IDi payload */ @@ -503,7 +502,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) this->ike_sa->set_other_id(this->ike_sa, id); cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); - + if (this->peer_cfg == NULL) { if (!load_cfg_candidates(this)) @@ -530,7 +529,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) } cfg->merge(cfg, cand, TRUE); } - + /* verify authentication data */ this->other_auth = authenticator_create_verifier(this->ike_sa, message, this->other_nonce, this->my_nonce, @@ -558,27 +557,26 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) this->authentication_failed = TRUE; return NEED_MORE; } - + /* store authentication information */ cfg = auth_cfg_create(); cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); - this->other_cfgs->insert_last(this->other_cfgs, cfg); - + this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); + /* another auth round done, invoke authorize hook */ - if (!charon->bus->authorize(charon->bus, this->other_cfgs, FALSE)) + if (!charon->bus->authorize(charon->bus, FALSE)) { - DBG1(DBG_IKE, "round %d authorization hook forbids IKE_SA, cancelling", - this->other_cfgs->get_count(this->other_cfgs)); + DBG1(DBG_IKE, "authorization hook forbids IKE_SA, cancelling"); this->authentication_failed = TRUE; return NEED_MORE; } - + if (!update_cfg_candidates(this, FALSE)) { this->authentication_failed = TRUE; return NEED_MORE; } - + if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS) == NULL) { this->expect_another_auth = FALSE; @@ -597,7 +595,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) static status_t build_r(private_ike_auth_t *this, message_t *message) { auth_cfg_t *cfg; - + if (message->get_exchange_type(message) == IKE_SA_INIT) { if (multiple_auth_enabled()) @@ -607,23 +605,23 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) } return collect_my_init_data(this, message); } - + if (this->authentication_failed || this->peer_cfg == NULL) { message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); return FAILED; } - + if (this->my_auth == NULL && this->do_another_auth) { identification_t *id, *id_cfg; id_payload_t *id_payload; - + /* add IDr */ cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); cfg->purge(cfg, TRUE); cfg->merge(cfg, get_auth_cfg(this, TRUE), TRUE); - + id_cfg = cfg->get(cfg, AUTH_RULE_IDENTITY); id = this->ike_sa->get_my_id(this->ike_sa); if (id->get_type(id) == ID_ANY) @@ -648,22 +646,38 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) return FAILED; } } - + id_payload = id_payload_create_from_identification(ID_RESPONDER, id); message->add_payload(message, (payload_t*)id_payload); - - /* build authentication data */ - this->my_auth = authenticator_create_builder(this->ike_sa, cfg, - this->other_nonce, this->my_nonce, - this->other_packet->get_data(this->other_packet), - this->my_packet->get_data(this->my_packet)); - if (!this->my_auth) + + if ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS) == AUTH_CLASS_EAP) + { /* EAP-only authentication */ + if (!this->ike_sa->supports_extension(this->ike_sa, + EXT_EAP_ONLY_AUTHENTICATION)) + { + DBG1(DBG_IKE, "configured EAP-only authentication, but peer " + "does not support it"); + message->add_notify(message, TRUE, AUTHENTICATION_FAILED, + chunk_empty); + return FAILED; + } + } + else { - message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); - return FAILED; + /* build authentication data */ + this->my_auth = authenticator_create_builder(this->ike_sa, cfg, + this->other_nonce, this->my_nonce, + this->other_packet->get_data(this->other_packet), + this->my_packet->get_data(this->my_packet)); + if (!this->my_auth) + { + message->add_notify(message, TRUE, AUTHENTICATION_FAILED, + chunk_empty); + return FAILED; + } } } - + if (this->other_auth) { switch (this->other_auth->build(this->other_auth, message)) @@ -691,7 +705,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) cfg = auth_cfg_create(); cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, TRUE), TRUE); - this->my_cfgs->insert_last(this->my_cfgs, cfg); + this->ike_sa->add_auth_cfg(this->ike_sa, TRUE, cfg); this->my_auth->destroy(this->my_auth); this->my_auth = NULL; break; @@ -703,7 +717,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) return FAILED; } } - + /* check for additional authentication rounds */ if (do_another_auth(this)) { @@ -723,21 +737,21 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) chunk_empty); return FAILED; } - if (!charon->bus->authorize(charon->bus, this->other_cfgs, TRUE)) + if (!charon->bus->authorize(charon->bus, TRUE)) { DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling"); message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); return FAILED; } - this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_unique_id(this->ike_sa), this->ike_sa->get_my_host(this->ike_sa), - this->ike_sa->get_my_id(this->ike_sa), + this->ike_sa->get_my_id(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); + this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE); return SUCCESS; } @@ -752,7 +766,8 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) enumerator_t *enumerator; payload_t *payload; auth_cfg_t *cfg; - + bool mutual_eap = FALSE; + if (message->get_exchange_type(message) == IKE_SA_INIT) { if (message->get_notify(message, MULTIPLE_AUTH_SUPPORTED) && @@ -762,7 +777,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) } return collect_other_init_data(this, message); } - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -770,7 +785,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); - + switch (type) { case NO_PROPOSAL_CHOSEN: @@ -801,7 +816,7 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) DBG1(DBG_IKE, "received %N notify error", notify_type_names, type); enumerator->destroy(enumerator); - return FAILED; + return FAILED; } DBG2(DBG_IKE, "received %N notify", notify_type_names, type); @@ -811,41 +826,14 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) } } enumerator->destroy(enumerator); - - if (this->my_auth) - { - switch (this->my_auth->process(this->my_auth, message)) - { - case SUCCESS: - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, TRUE), - TRUE); - this->my_cfgs->insert_last(this->my_cfgs, cfg); - this->my_auth->destroy(this->my_auth); - this->my_auth = NULL; - this->do_another_auth = do_another_auth(this); - break; - case NEED_MORE: - break; - default: - return FAILED; - } - } - + if (this->expect_another_auth) { if (this->other_auth == NULL) { id_payload_t *id_payload; identification_t *id; - - /* responder is not allowed to do EAP */ - if (!message->get_payload(message, AUTHENTICATION)) - { - DBG1(DBG_IKE, "AUTH payload missing"); - return FAILED; - } - + /* handle IDr payload */ id_payload = (id_payload_t*)message->get_payload(message, ID_RESPONDER); @@ -858,42 +846,81 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) this->ike_sa->set_other_id(this->ike_sa, id); cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id)); - - /* verify authentication data */ - this->other_auth = authenticator_create_verifier(this->ike_sa, - message, this->other_nonce, this->my_nonce, - this->other_packet->get_data(this->other_packet), - this->my_packet->get_data(this->my_packet)); - if (!this->other_auth) + + if (message->get_payload(message, AUTHENTICATION)) { - return FAILED; + /* verify authentication data */ + this->other_auth = authenticator_create_verifier(this->ike_sa, + message, this->other_nonce, this->my_nonce, + this->other_packet->get_data(this->other_packet), + this->my_packet->get_data(this->my_packet)); + if (!this->other_auth) + { + return FAILED; + } + } + else + { + /* responder omitted AUTH payload, indicating EAP-only */ + mutual_eap = TRUE; } } - switch (this->other_auth->process(this->other_auth, message)) + if (this->other_auth) + { + switch (this->other_auth->process(this->other_auth, message)) + { + case SUCCESS: + break; + case NEED_MORE: + return NEED_MORE; + default: + return FAILED; + } + this->other_auth->destroy(this->other_auth); + this->other_auth = NULL; + } + /* store authentication information, reset authenticator */ + cfg = auth_cfg_create(); + cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); + this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); + + /* another auth round done, invoke authorize hook */ + if (!charon->bus->authorize(charon->bus, FALSE)) + { + DBG1(DBG_IKE, "authorization forbids IKE_SA, cancelling"); + return FAILED; + } + } + + if (this->my_auth) + { + switch (this->my_auth->process(this->my_auth, message)) { case SUCCESS: + cfg = auth_cfg_create(); + cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, TRUE), + TRUE); + this->ike_sa->add_auth_cfg(this->ike_sa, TRUE, cfg); + this->my_auth->destroy(this->my_auth); + this->my_auth = NULL; + this->do_another_auth = do_another_auth(this); break; case NEED_MORE: - return NEED_MORE; + break; default: return FAILED; } - /* store authentication information, reset authenticator */ - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); - this->other_cfgs->insert_last(this->other_cfgs, cfg); - this->other_auth->destroy(this->other_auth); - this->other_auth = NULL; - - /* another auth round done, invoke authorize hook */ - if (!charon->bus->authorize(charon->bus, this->other_cfgs, FALSE)) + } + if (mutual_eap) + { + if (!this->my_auth || !this->my_auth->is_mutual(this->my_auth)) { - DBG1(DBG_IKE, "round %d authorization forbids IKE_SA, cancelling", - this->other_cfgs->get_count(this->other_cfgs)); + DBG1(DBG_IKE, "do not allow non-mutual EAP-only authentication"); return FAILED; } + DBG1(DBG_IKE, "allow mutual EAP-only authentication"); } - + if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS) == NULL) { this->expect_another_auth = FALSE; @@ -904,19 +931,19 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) { return FAILED; } - if (!charon->bus->authorize(charon->bus, this->other_cfgs, TRUE)) + if (!charon->bus->authorize(charon->bus, TRUE)) { DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling"); return FAILED; } - this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_unique_id(this->ike_sa), this->ike_sa->get_my_host(this->ike_sa), - this->ike_sa->get_my_id(this->ike_sa), + this->ike_sa->get_my_id(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); + this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); charon->bus->ike_updown(charon->bus, this->ike_sa, TRUE); return SUCCESS; } @@ -943,10 +970,8 @@ static void migrate(private_ike_auth_t *this, ike_sa_t *ike_sa) DESTROY_IF(this->peer_cfg); DESTROY_IF(this->my_auth); DESTROY_IF(this->other_auth); - this->my_cfgs->destroy_offset(this->my_cfgs, offsetof(auth_cfg_t, destroy)); - this->other_cfgs->destroy_offset(this->other_cfgs, offsetof(auth_cfg_t, destroy)); this->candidates->destroy_offset(this->candidates, offsetof(peer_cfg_t, destroy)); - + this->my_packet = NULL; this->other_packet = NULL; this->ike_sa = ike_sa; @@ -956,8 +981,6 @@ static void migrate(private_ike_auth_t *this, ike_sa_t *ike_sa) this->do_another_auth = TRUE; this->expect_another_auth = TRUE; this->authentication_failed = FALSE; - this->my_cfgs = linked_list_create(); - this->other_cfgs = linked_list_create(); this->candidates = linked_list_create(); } @@ -973,8 +996,6 @@ static void destroy(private_ike_auth_t *this) DESTROY_IF(this->my_auth); DESTROY_IF(this->other_auth); DESTROY_IF(this->peer_cfg); - this->my_cfgs->destroy_offset(this->my_cfgs, offsetof(auth_cfg_t, destroy)); - this->other_cfgs->destroy_offset(this->other_cfgs, offsetof(auth_cfg_t, destroy)); this->candidates->destroy_offset(this->candidates, offsetof(peer_cfg_t, destroy)); free(this); } @@ -985,11 +1006,11 @@ static void destroy(private_ike_auth_t *this) ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator) { private_ike_auth_t *this = malloc_thing(private_ike_auth_t); - + this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -1000,7 +1021,7 @@ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; this->my_nonce = chunk_empty; @@ -1008,15 +1029,13 @@ ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator) this->my_packet = NULL; this->other_packet = NULL; this->peer_cfg = NULL; - this->my_cfgs = linked_list_create(); - this->other_cfgs = linked_list_create(); this->candidates = linked_list_create(); this->my_auth = NULL; this->other_auth = NULL; this->do_another_auth = TRUE; this->expect_another_auth = TRUE; this->authentication_failed = FALSE; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_auth_lifetime.c b/src/charon/sa/tasks/ike_auth_lifetime.c index a047e6b81..75ff35168 100644 --- a/src/charon/sa/tasks/ike_auth_lifetime.c +++ b/src/charon/sa/tasks/ike_auth_lifetime.c @@ -27,12 +27,12 @@ typedef struct private_ike_auth_lifetime_t private_ike_auth_lifetime_t; * Private members of a ike_auth_lifetime_t task. */ struct private_ike_auth_lifetime_t { - + /** * Public methods and task_t interface. */ ike_auth_lifetime_t public; - + /** * Assigned IKE_SA. */ @@ -46,11 +46,11 @@ static void add_auth_lifetime(private_ike_auth_lifetime_t *this, message_t *mess { chunk_t chunk; u_int32_t lifetime; - + lifetime = this->ike_sa->get_statistic(this->ike_sa, STAT_REAUTH); if (lifetime) { - lifetime -= time(NULL); + lifetime -= time_monotonic(NULL); chunk = chunk_from_thing(lifetime); *(u_int32_t*)chunk.ptr = htonl(lifetime); message->add_notify(message, FALSE, AUTH_LIFETIME, chunk); @@ -62,31 +62,17 @@ static void add_auth_lifetime(private_ike_auth_lifetime_t *this, message_t *mess */ static void process_payloads(private_ike_auth_lifetime_t *this, message_t *message) { - enumerator_t *enumerator; - payload_t *payload; notify_payload_t *notify; - - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + chunk_t data; + u_int32_t lifetime; + + notify = message->get_notify(message, AUTH_LIFETIME); + if (notify) { - if (payload->get_type(payload) == NOTIFY) - { - notify = (notify_payload_t*)payload; - switch (notify->get_notify_type(notify)) - { - case AUTH_LIFETIME: - { - chunk_t data = notify->get_notification_data(notify); - u_int32_t lifetime = ntohl(*(u_int32_t*)data.ptr); - this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime); - break; - } - default: - break; - } - } + data = notify->get_notification_data(notify); + lifetime = ntohl(*(u_int32_t*)data.ptr); + this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime); } - enumerator->destroy(enumerator); } /** @@ -177,7 +163,7 @@ ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -188,9 +174,9 @@ ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_auth_lifetime.h b/src/charon/sa/tasks/ike_auth_lifetime.h index 812caaf43..3b129b9e3 100644 --- a/src/charon/sa/tasks/ike_auth_lifetime.h +++ b/src/charon/sa/tasks/ike_auth_lifetime.h @@ -30,7 +30,7 @@ typedef struct ike_auth_lifetime_t ike_auth_lifetime_t; /** * Task of type IKE_AUTH_LIFETIME, implements RFC4478. * - * This task exchanges lifetimes for IKE_AUTH to force a client to + * This task exchanges lifetimes for IKE_AUTH to force a client to * reauthenticate before the responders lifetime reaches the limit. */ struct ike_auth_lifetime_t { @@ -46,7 +46,7 @@ struct ike_auth_lifetime_t { * * @param ike_sa IKE_SA this task works for * @param initiator TRUE if taks is initiated by us - * @return ike_auth_lifetime task to handle by the task_manager + * @return ike_auth_lifetime task to handle by the task_manager */ ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/charon/sa/tasks/ike_cert_post.c b/src/charon/sa/tasks/ike_cert_post.c index 70e87c2e7..c831df975 100644 --- a/src/charon/sa/tasks/ike_cert_post.c +++ b/src/charon/sa/tasks/ike_cert_post.c @@ -30,17 +30,17 @@ typedef struct private_ike_cert_post_t private_ike_cert_post_t; * Private members of a ike_cert_post_t task. */ struct private_ike_cert_post_t { - + /** * Public methods and task_t interface. */ ike_cert_post_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ @@ -50,49 +50,47 @@ struct private_ike_cert_post_t { /** * Generates the cert payload, if possible with "Hash and URL" */ -static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, certificate_t *cert) +static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, + certificate_t *cert) { + hasher_t *hasher; + identification_t *id; + chunk_t hash, encoded ; + enumerator_t *enumerator; + char *url; cert_payload_t *payload = NULL; - - if (this->ike_sa->supports_extension(this->ike_sa, EXT_HASH_AND_URL)) + + if (!this->ike_sa->supports_extension(this->ike_sa, EXT_HASH_AND_URL)) { - /* ok, our peer sent us a HTTP_CERT_LOOKUP_SUPPORTED Notify */ - hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher != NULL) - { - chunk_t hash, encoded = cert->get_encoding(cert); - enumerator_t *enumerator; - char *url; - - hasher->allocate_hash(hasher, encoded, &hash); - identification_t *id = identification_create_from_encoding(ID_CERT_DER_SHA1, hash); - - enumerator = charon->credentials->create_cdp_enumerator(charon->credentials, CERT_X509, id); - if (enumerator->enumerate(enumerator, &url)) - { - /* if we have an URL available we send that to our peer */ - payload = cert_payload_create_from_hash_and_url(hash, url); - } - enumerator->destroy(enumerator); - - id->destroy(id); - chunk_free(&hash); - chunk_free(&encoded); - hasher->destroy(hasher); - } - else - { - DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported"); - } + return cert_payload_create_from_cert(cert); + } + + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher) + { + DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported"); + return cert_payload_create_from_cert(cert); } - - if (!payload) + + encoded = cert->get_encoding(cert); + hasher->allocate_hash(hasher, encoded, &hash); + chunk_free(&encoded); + hasher->destroy(hasher); + id = identification_create_from_encoding(ID_KEY_ID, hash); + + enumerator = charon->credentials->create_cdp_enumerator(charon->credentials, + CERT_X509, id); + if (enumerator->enumerate(enumerator, &url)) + { + payload = cert_payload_create_from_hash_and_url(hash, url); + } + else { - /* our peer does not support "Hash and URL" or we do not have an URL - * to send to our peer, just create a normal cert payload */ payload = cert_payload_create_from_cert(cert); } - + enumerator->destroy(enumerator); + chunk_free(&hash); + id->destroy(id); return payload; } @@ -103,14 +101,14 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) { peer_cfg_t *peer_cfg; auth_payload_t *payload; - + payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION); peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); if (!peer_cfg || !payload || payload->get_auth_method(payload) == AUTH_PSK) { /* no CERT payload for EAP/PSK */ return; } - + switch (peer_cfg->get_cert_policy(peer_cfg)) { case CERT_NEVER_SEND: @@ -128,9 +126,9 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) certificate_t *cert; auth_rule_t type; auth_cfg_t *auth; - + auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); - + /* get subject cert first, then issuing certificates */ cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (!cert) @@ -145,7 +143,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) DBG1(DBG_IKE, "sending end entity cert \"%Y\"", cert->get_subject(cert)); message->add_payload(message, (payload_t*)payload); - + enumerator = auth->create_enumerator(auth); while (enumerator->enumerate(enumerator, &type, &cert)) { @@ -161,7 +159,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) } } enumerator->destroy(enumerator); - } + } } } @@ -171,7 +169,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) static status_t build_i(private_ike_cert_post_t *this, message_t *message) { build_certs(this, message); - + return NEED_MORE; } @@ -179,7 +177,7 @@ static status_t build_i(private_ike_cert_post_t *this, message_t *message) * Implementation of task_t.process for responder */ static status_t process_r(private_ike_cert_post_t *this, message_t *message) -{ +{ return NEED_MORE; } @@ -189,7 +187,7 @@ static status_t process_r(private_ike_cert_post_t *this, message_t *message) static status_t build_r(private_ike_cert_post_t *this, message_t *message) { build_certs(this, message); - + if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED) { /* stay alive, we might have additional rounds with certs */ return NEED_MORE; @@ -243,7 +241,7 @@ ike_cert_post_t *ike_cert_post_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -254,10 +252,10 @@ ike_cert_post_t *ike_cert_post_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_cert_post.h b/src/charon/sa/tasks/ike_cert_post.h index fa555eac7..a21f45927 100644 --- a/src/charon/sa/tasks/ike_cert_post.h +++ b/src/charon/sa/tasks/ike_cert_post.h @@ -46,7 +46,7 @@ struct ike_cert_post_t { * * @param ike_sa IKE_SA this task works for * @param initiator TRUE if thask is the original initator - * @return ike_cert_post task to handle by the task_manager + * @return ike_cert_post task to handle by the task_manager */ ike_cert_post_t *ike_cert_post_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/charon/sa/tasks/ike_cert_pre.c b/src/charon/sa/tasks/ike_cert_pre.c index 1c72f289f..0805d0290 100644 --- a/src/charon/sa/tasks/ike_cert_pre.c +++ b/src/charon/sa/tasks/ike_cert_pre.c @@ -29,27 +29,27 @@ typedef struct private_ike_cert_pre_t private_ike_cert_pre_t; * Private members of a ike_cert_pre_t task. */ struct private_ike_cert_pre_t { - + /** * Public methods and task_t interface. */ ike_cert_pre_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Do we accept HTTP certificate lookup requests */ bool do_http_lookup; - + /** * wheter this is the final authentication round */ @@ -57,29 +57,29 @@ struct private_ike_cert_pre_t { }; /** - * read certificate requests + * read certificate requests */ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) { enumerator_t *enumerator; payload_t *payload; auth_cfg_t *auth; - + auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { - switch(payload->get_type(payload)) + switch (payload->get_type(payload)) { case CERTIFICATE_REQUEST: { certreq_payload_t *certreq = (certreq_payload_t*)payload; enumerator_t *enumerator; chunk_t keyid; - + this->ike_sa->set_condition(this->ike_sa, COND_CERTREQ_SEEN, TRUE); - + if (certreq->get_cert_type(certreq) != CERT_X509) { DBG1(DBG_IKE, "cert payload %N not supported - ignored", @@ -91,10 +91,9 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) { identification_t *id; certificate_t *cert; - - id = identification_create_from_encoding( - ID_PUBKEY_INFO_SHA1, keyid); - cert = charon->credentials->get_cert(charon->credentials, + + id = identification_create_from_encoding(ID_KEY_ID, keyid); + cert = charon->credentials->get_cert(charon->credentials, CERT_X509, KEY_ANY, id, TRUE); if (cert) { @@ -115,7 +114,7 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) case NOTIFY: { notify_payload_t *notify = (notify_payload_t*)payload; - + /* we only handle one type of notify here */ if (notify->get_notify_type(notify) == HTTP_CERT_LOOKUP_SUPPORTED) { @@ -135,11 +134,11 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message) * tries to extract a certificate from the cert payload or the credential * manager (based on the hash of a "Hash and URL" encoded cert). * Note: the returned certificate (if any) has to be destroyed - */ + */ static certificate_t *try_get_cert(cert_payload_t *cert_payload) { certificate_t *cert = NULL; - + switch (cert_payload->get_cert_encoding(cert_payload)) { case ENC_X509_SIGNATURE: @@ -156,8 +155,8 @@ static certificate_t *try_get_cert(cert_payload_t *cert_payload) /* invalid "Hash and URL" data (logged elsewhere) */ break; } - id = identification_create_from_encoding(ID_CERT_DER_SHA1, hash); - cert = charon->credentials->get_cert(charon->credentials, + id = identification_create_from_encoding(ID_KEY_ID, hash); + cert = charon->credentials->get_cert(charon->credentials, CERT_X509, KEY_ANY, id, FALSE); id->destroy(id); break; @@ -179,9 +178,9 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) payload_t *payload; auth_cfg_t *auth; bool first = TRUE; - + auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -191,10 +190,10 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message) cert_encoding_t encoding; certificate_t *cert; char *url; - + cert_payload = (cert_payload_t*)payload; encoding = cert_payload->get_cert_encoding(cert_payload); - + switch (encoding) { case ENC_X509_HASH_AND_URL: @@ -284,9 +283,9 @@ static void add_certreq(certreq_payload_t **req, certificate_t *cert) case CERT_X509: { public_key_t *public; - identification_t *keyid; + chunk_t keyid; x509_t *x509 = (x509_t*)cert; - + if (!(x509->get_flags(x509) & X509_CA)) { /* no CA cert, skip */ break; @@ -300,11 +299,13 @@ static void add_certreq(certreq_payload_t **req, certificate_t *cert) { *req = certreq_payload_create_type(CERT_X509); } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - (*req)->add_keyid(*req, keyid->get_encoding(keyid)); + if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &keyid)) + { + (*req)->add_keyid(*req, keyid); + DBG1(DBG_IKE, "sending cert request for \"%Y\"", + cert->get_subject(cert)); + } public->destroy(public); - DBG1(DBG_IKE, "sending cert request for \"%Y\"", - cert->get_subject(cert)); break; } default: @@ -320,7 +321,7 @@ static void add_certreqs(certreq_payload_t **req, auth_cfg_t *auth) enumerator_t *enumerator; auth_rule_t type; void *value; - + enumerator = auth->create_enumerator(auth); while (enumerator->enumerate(enumerator, &type, &value)) { @@ -347,13 +348,13 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) certificate_t *cert; auth_cfg_t *auth; certreq_payload_t *req = NULL; - + ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); if (!ike_cfg->send_certreq(ike_cfg)) { return; } - + /* check if we require a specific CA for that peer */ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); if (peer_cfg) @@ -365,7 +366,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) } enumerator->destroy(enumerator); } - + if (!req) { /* otherwise add all trusted CA certificates */ @@ -377,11 +378,11 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) } enumerator->destroy(enumerator); } - + if (req) { message->add_payload(message, (payload_t*)req); - + if (lib->settings->get_bool(lib->settings, "charon.hash_and_url", FALSE)) { message->add_notify(message, FALSE, HTTP_CERT_LOOKUP_SUPPORTED, @@ -396,29 +397,15 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) */ static bool final_auth(message_t *message) { - enumerator_t *enumerator; - payload_t *payload; - notify_payload_t *notify; - /* we check for an AUTH payload without a ANOTHER_AUTH_FOLLOWS notify */ if (message->get_payload(message, AUTHENTICATION) == NULL) { return FALSE; } - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS)) { - if (payload->get_type(payload) == NOTIFY) - { - notify = (notify_payload_t*)payload; - if (notify->get_notify_type(notify) == ANOTHER_AUTH_FOLLOWS) - { - enumerator->destroy(enumerator); - return FALSE; - } - } + return FALSE; } - enumerator->destroy(enumerator); return TRUE; } @@ -426,7 +413,7 @@ static bool final_auth(message_t *message) * Implementation of task_t.process for initiator */ static status_t build_i(private_ike_cert_pre_t *this, message_t *message) -{ +{ if (message->get_message_id(message) == 1) { /* initiator sends CERTREQs in first IKE_AUTH */ build_certreqs(this, message); @@ -474,7 +461,7 @@ static status_t process_i(private_ike_cert_pre_t *this, message_t *message) process_certreqs(this, message); } process_certs(this, message); - + if (final_auth(message)) { return SUCCESS; @@ -516,7 +503,7 @@ ike_cert_pre_t *ike_cert_pre_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -527,11 +514,11 @@ ike_cert_pre_t *ike_cert_pre_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; this->do_http_lookup = FALSE; this->final = FALSE; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_cert_pre.h b/src/charon/sa/tasks/ike_cert_pre.h index d49005e68..1541b80e5 100644 --- a/src/charon/sa/tasks/ike_cert_pre.h +++ b/src/charon/sa/tasks/ike_cert_pre.h @@ -46,7 +46,7 @@ struct ike_cert_pre_t { * * @param ike_sa IKE_SA this task works for * @param initiator TRUE if thask is the original initator - * @return ike_cert_pre task to handle by the task_manager + * @return ike_cert_pre task to handle by the task_manager */ ike_cert_pre_t *ike_cert_pre_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/charon/sa/tasks/ike_config.c b/src/charon/sa/tasks/ike_config.c index 1f75521b6..f010439fe 100644 --- a/src/charon/sa/tasks/ike_config.c +++ b/src/charon/sa/tasks/ike_config.c @@ -19,50 +19,60 @@ #include #include -#define DNS_SERVER_MAX 2 -#define NBNS_SERVER_MAX 2 - typedef struct private_ike_config_t private_ike_config_t; /** * Private members of a ike_config_t task. */ struct private_ike_config_t { - + /** * Public methods and task_t interface. */ ike_config_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * virtual ip */ host_t *virtual_ip; + + /** + * list of attributes requested and its handler, entry_t + */ + linked_list_t *requested; }; /** - * build INTERNAL_IPV4/6_ADDRESS from virtual ip + * Entry for a requested attribute and the requesting handler + */ +typedef struct { + /** attribute requested */ + configuration_attribute_type_t type; + /** handler requesting this attribute */ + attribute_handler_t *handler; +} entry_t; + +/** + * build INTERNAL_IPV4/6_ADDRESS attribute from virtual ip */ -static void build_vip(private_ike_config_t *this, host_t *vip, cp_payload_t *cp) +static configuration_attribute_t *build_vip(host_t *vip) { - configuration_attribute_t *ca; + configuration_attribute_type_t type; chunk_t chunk, prefix; - - ca = configuration_attribute_create(); - + if (vip->get_family(vip) == AF_INET) { - ca->set_type(ca, INTERNAL_IP4_ADDRESS); + type = INTERNAL_IP4_ADDRESS; if (vip->is_anyaddr(vip)) { chunk = chunk_empty; @@ -74,7 +84,7 @@ static void build_vip(private_ike_config_t *this, host_t *vip, cp_payload_t *cp) } else { - ca->set_type(ca, INTERNAL_IP6_ADDRESS); + type = INTERNAL_IP6_ADDRESS; if (vip->is_anyaddr(vip)) { chunk = chunk_empty; @@ -87,8 +97,42 @@ static void build_vip(private_ike_config_t *this, host_t *vip, cp_payload_t *cp) chunk = chunk_cata("cc", chunk, prefix); } } - ca->set_value(ca, chunk); - cp->add_configuration_attribute(cp, ca); + return configuration_attribute_create_value(type, chunk); +} + +/** + * Handle a received attribute as initiator + */ +static void handle_attribute(private_ike_config_t *this, + configuration_attribute_t *ca) +{ + attribute_handler_t *handler = NULL; + enumerator_t *enumerator; + entry_t *entry; + + /* find the handler which requested this attribute */ + enumerator = this->requested->create_enumerator(this->requested); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->type == ca->get_type(ca)) + { + handler = entry->handler; + this->requested->remove_at(this->requested, enumerator); + free(entry); + break; + } + } + enumerator->destroy(enumerator); + + /* and pass it to the handle function */ + handler = lib->attributes->handle(lib->attributes, + this->ike_sa->get_other_id(this->ike_sa), handler, + ca->get_type(ca), ca->get_value(ca)); + if (handler) + { + this->ike_sa->add_configuration_attribute(this->ike_sa, + handler, ca->get_type(ca), ca->get_value(ca)); + } } /** @@ -100,7 +144,7 @@ static void process_attribute(private_ike_config_t *this, host_t *ip; chunk_t addr; int family = AF_INET6; - + switch (ca->get_type(ca)) { case INTERNAL_IP4_ADDRESS: @@ -118,7 +162,7 @@ static void process_attribute(private_ike_config_t *this, /* skip prefix byte in IPv6 payload*/ if (family == AF_INET6) { - addr.len--; + addr.len--; } ip = host_create_from_chunk(family, addr, 0); } @@ -130,15 +174,12 @@ static void process_attribute(private_ike_config_t *this, break; } default: + { if (this->initiator) { - this->ike_sa->add_configuration_attribute(this->ike_sa, - ca->get_type(ca), ca->get_value(ca)); - } - else - { - /* we do not handle attribute requests other than for VIPs */ + handle_attribute(this, ca); } + } } } @@ -147,10 +188,9 @@ static void process_attribute(private_ike_config_t *this, */ static void process_payloads(private_ike_config_t *this, message_t *message) { - enumerator_t *enumerator; - iterator_t *attributes; + enumerator_t *enumerator, *attributes; payload_t *payload; - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -158,22 +198,25 @@ static void process_payloads(private_ike_config_t *this, message_t *message) { cp_payload_t *cp = (cp_payload_t*)payload; configuration_attribute_t *ca; - switch (cp->get_config_type(cp)) + + switch (cp->get_type(cp)) { case CFG_REQUEST: case CFG_REPLY: { - attributes = cp->create_attribute_iterator(cp); - while (attributes->iterate(attributes, (void**)&ca)) + attributes = cp->create_attribute_enumerator(cp); + while (attributes->enumerate(attributes, &ca)) { + DBG2(DBG_IKE, "processing %N attribute", + configuration_attribute_type_names, ca->get_type(ca)); process_attribute(this, ca); } attributes->destroy(attributes); break; } default: - DBG1(DBG_IKE, "ignoring %N config payload", - config_type_names, cp->get_config_type(cp)); + DBG1(DBG_IKE, "ignoring %N config payload", + config_type_names, cp->get_type(cp)); break; } } @@ -188,9 +231,14 @@ static status_t build_i(private_ike_config_t *this, message_t *message) { if (message->get_message_id(message) == 1) { /* in first IKE_AUTH only */ + cp_payload_t *cp = NULL; + enumerator_t *enumerator; + attribute_handler_t *handler; peer_cfg_t *config; + configuration_attribute_type_t type; + chunk_t data; host_t *vip; - + /* reuse virtual IP if we already have one */ vip = this->ike_sa->get_virtual_ip(this->ike_sa, TRUE); if (!vip) @@ -199,26 +247,39 @@ static status_t build_i(private_ike_config_t *this, message_t *message) vip = config->get_virtual_ip(config); } if (vip) + { + cp = cp_payload_create_type(CFG_REQUEST); + cp->add_attribute(cp, build_vip(vip)); + } + + enumerator = lib->attributes->create_initiator_enumerator(lib->attributes, + this->ike_sa->get_other_id(this->ike_sa), vip); + while (enumerator->enumerate(enumerator, &handler, &type, &data)) { configuration_attribute_t *ca; - cp_payload_t *cp; - - cp = cp_payload_create(); - cp->set_config_type(cp, CFG_REQUEST); - - build_vip(this, vip, cp); - - /* we currently always add a DNS request if we request an IP */ - ca = configuration_attribute_create(); - if (vip->get_family(vip) == AF_INET) - { - ca->set_type(ca, INTERNAL_IP4_DNS); - } - else + entry_t *entry; + + /* create configuration attribute */ + DBG2(DBG_IKE, "building %N attribute", + configuration_attribute_type_names, type); + ca = configuration_attribute_create_value(type, data); + if (!cp) { - ca->set_type(ca, INTERNAL_IP6_DNS); + cp = cp_payload_create_type(CFG_REQUEST); } - cp->add_configuration_attribute(cp, ca); + cp->add_attribute(cp, ca); + + /* save handler along with requested type */ + entry = malloc_thing(entry_t); + entry->type = type; + entry->handler = handler; + + this->requested->insert_last(this->requested, entry); + } + enumerator->destroy(enumerator); + + if (cp) + { message->add_payload(message, (payload_t*)cp); } } @@ -237,6 +298,38 @@ static status_t process_r(private_ike_config_t *this, message_t *message) return NEED_MORE; } +/** + * Find a peer (EAP) identity to query provider for attributes + */ +static identification_t *get_peer_identity(private_ike_config_t *this) +{ + identification_t *id = NULL, *current; + enumerator_t *enumerator; + auth_cfg_t *cfg; + + enumerator = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE); + while (enumerator->enumerate(enumerator, &cfg)) + { + /* prefer EAP-Identity of last round */ + current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY); + if (!current || current->get_type(current) == ID_ANY) + { + current = cfg->get(cfg, AUTH_RULE_IDENTITY); + } + if (current && current->get_type(current) != ID_ANY) + { + id = current; + continue; + } + } + enumerator->destroy(enumerator); + if (!id) + { /* fallback, should not happen */ + id = this->ike_sa->get_other_id(this->ike_sa); + } + return id; +} + /** * Implementation of task_t.build for responder */ @@ -244,24 +337,24 @@ static status_t build_r(private_ike_config_t *this, message_t *message) { if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) { /* in last IKE_AUTH exchange */ - peer_cfg_t *config = this->ike_sa->get_peer_cfg(this->ike_sa); - + enumerator_t *enumerator; + configuration_attribute_type_t type; + chunk_t value; + host_t *vip = NULL; + cp_payload_t *cp = NULL; + peer_cfg_t *config; + identification_t *id; + + id = get_peer_identity(this); + + config = this->ike_sa->get_peer_cfg(this->ike_sa); if (config && this->virtual_ip) { - enumerator_t *enumerator; - configuration_attribute_type_t type; - configuration_attribute_t *ca; - chunk_t value; - cp_payload_t *cp; - host_t *vip = NULL; - DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip); if (config->get_pool(config)) { - vip = charon->attributes->acquire_address(charon->attributes, - config->get_pool(config), - this->ike_sa->get_other_id(this->ike_sa), - this->virtual_ip); + vip = lib->attributes->acquire_address(lib->attributes, + config->get_pool(config), id, this->virtual_ip); } if (vip == NULL) { @@ -273,27 +366,32 @@ static status_t build_r(private_ike_config_t *this, message_t *message) } DBG1(DBG_IKE, "assigning virtual IP %H to peer", vip); this->ike_sa->set_virtual_ip(this->ike_sa, FALSE, vip); - - cp = cp_payload_create(); - cp->set_config_type(cp, CFG_REPLY); - - build_vip(this, vip, cp); - vip->destroy(vip); - - /* if we add an IP, we also look for other attributes */ - enumerator = charon->attributes->create_attribute_enumerator( - charon->attributes, this->ike_sa->get_other_id(this->ike_sa)); - while (enumerator->enumerate(enumerator, &type, &value)) + + cp = cp_payload_create_type(CFG_REPLY); + cp->add_attribute(cp, build_vip(vip)); + } + + /* query registered providers for additional attributes to include */ + enumerator = lib->attributes->create_responder_enumerator( + lib->attributes, id, vip); + while (enumerator->enumerate(enumerator, &type, &value)) + { + if (!cp) { - ca = configuration_attribute_create(); - ca->set_type(ca, type); - ca->set_value(ca, value); - cp->add_configuration_attribute(cp, ca); + cp = cp_payload_create_type(CFG_REPLY); } - enumerator->destroy(enumerator); - + DBG2(DBG_IKE, "building %N attribute", + configuration_attribute_type_names, type); + cp->add_attribute(cp, + configuration_attribute_create_value(type, value)); + } + enumerator->destroy(enumerator); + + if (cp) + { message->add_payload(message, (payload_t*)cp); } + DESTROY_IF(vip); return SUCCESS; } return NEED_MORE; @@ -306,9 +404,9 @@ static status_t process_i(private_ike_config_t *this, message_t *message) { if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED) { /* in last IKE_AUTH exchange */ - + process_payloads(this, message); - + if (this->virtual_ip) { this->ike_sa->set_virtual_ip(this->ike_sa, TRUE, this->virtual_ip); @@ -332,9 +430,11 @@ static task_type_t get_type(private_ike_config_t *this) static void migrate(private_ike_config_t *this, ike_sa_t *ike_sa) { DESTROY_IF(this->virtual_ip); - + this->ike_sa = ike_sa; this->virtual_ip = NULL; + this->requested->destroy_function(this->requested, free); + this->requested = linked_list_create(); } /** @@ -343,6 +443,7 @@ static void migrate(private_ike_config_t *this, ike_sa_t *ike_sa) static void destroy(private_ike_config_t *this) { DESTROY_IF(this->virtual_ip); + this->requested->destroy_function(this->requested, free); free(this); } @@ -352,15 +453,16 @@ static void destroy(private_ike_config_t *this) ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator) { private_ike_config_t *this = malloc_thing(private_ike_config_t); - + this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + this->initiator = initiator; this->ike_sa = ike_sa; this->virtual_ip = NULL; - + this->requested = linked_list_create(); + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -371,7 +473,7 @@ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_config.h b/src/charon/sa/tasks/ike_config.h index 32635e85e..8cef08697 100644 --- a/src/charon/sa/tasks/ike_config.h +++ b/src/charon/sa/tasks/ike_config.h @@ -44,7 +44,7 @@ struct ike_config_t { * * @param ike_sa IKE_SA this task works for * @param initiator TRUE for initiator - * @return ike_config task to handle by the task_manager + * @return ike_config task to handle by the task_manager */ ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/charon/sa/tasks/ike_delete.c b/src/charon/sa/tasks/ike_delete.c index cde117934..130948836 100644 --- a/src/charon/sa/tasks/ike_delete.c +++ b/src/charon/sa/tasks/ike_delete.c @@ -25,27 +25,27 @@ typedef struct private_ike_delete_t private_ike_delete_t; * Private members of a ike_delete_t task. */ struct private_ike_delete_t { - + /** * Public methods and task_t interface. */ ike_delete_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * are we deleting a rekeyed SA? */ bool rekeyed; - + /** * are we responding to a delete, but have initated our own? */ @@ -69,7 +69,7 @@ static status_t build_i(private_ike_delete_t *this, message_t *message) delete_payload = delete_payload_create(PROTO_IKE); message->add_payload(message, (payload_t*)delete_payload); - + if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) { this->rekeyed = TRUE; @@ -189,7 +189,7 @@ ike_delete_t *ike_delete_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -200,11 +200,11 @@ ike_delete_t *ike_delete_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; this->rekeyed = FALSE; this->simultaneous = FALSE; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_dpd.c b/src/charon/sa/tasks/ike_dpd.c index 3aa714049..4c6ba7662 100644 --- a/src/charon/sa/tasks/ike_dpd.c +++ b/src/charon/sa/tasks/ike_dpd.c @@ -24,7 +24,7 @@ typedef struct private_ike_dpd_t private_ike_dpd_t; * Private members of a ike_dpd_t task. */ struct private_ike_dpd_t { - + /** * Public methods and task_t interface. */ @@ -83,7 +83,7 @@ ike_dpd_t *ike_dpd_create(bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))return_need_more; @@ -94,6 +94,6 @@ ike_dpd_t *ike_dpd_create(bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))return_success; this->public.task.process = (status_t(*)(task_t*,message_t*))return_need_more; } - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_init.c b/src/charon/sa/tasks/ike_init.c index 2705f5886..5eb33b540 100644 --- a/src/charon/sa/tasks/ike_init.c +++ b/src/charon/sa/tasks/ike_init.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2009 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -24,7 +24,6 @@ #include #include #include -#include /** maximum retries to do with cookies/other dh groups */ #define MAX_RETRIES 5 @@ -35,67 +34,67 @@ typedef struct private_ike_init_t private_ike_init_t; * Private members of a ike_init_t task. */ struct private_ike_init_t { - + /** * Public methods and task_t interface. */ ike_init_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * IKE config to establish */ ike_cfg_t *config; - + /** * diffie hellman group to use */ diffie_hellman_group_t dh_group; - + /** * diffie hellman key exchange */ diffie_hellman_t *dh; - + /** * Keymat derivation (from IKE_SA) */ keymat_t *keymat; - + /** * nonce chosen by us */ chunk_t my_nonce; - + /** * nonce chosen by peer */ chunk_t other_nonce; - + /** * Negotiated proposal used for IKE_SA */ proposal_t *proposal; - + /** * Old IKE_SA which gets rekeyed */ ike_sa_t *old_sa; - + /** * cookie received from responder */ chunk_t cookie; - + /** * retries done so far after failure (cookie or bad dh group) */ @@ -114,16 +113,16 @@ static void build_payloads(private_ike_init_t *this, message_t *message) ike_sa_id_t *id; proposal_t *proposal; iterator_t *iterator; - + id = this->ike_sa->get_id(this->ike_sa); - + this->config = this->ike_sa->get_ike_cfg(this->ike_sa); if (this->initiator) { proposal_list = this->config->get_proposals(this->config); if (this->old_sa) - { + { /* include SPI of new IKE_SA when we are rekeying */ iterator = proposal_list->create_iterator(proposal_list, TRUE); while (iterator->iterate(iterator, (void**)&proposal)) @@ -132,7 +131,7 @@ static void build_payloads(private_ike_init_t *this, message_t *message) } iterator->destroy(iterator); } - + sa_payload = sa_payload_create_from_proposal_list(proposal_list); proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy)); } @@ -146,11 +145,11 @@ static void build_payloads(private_ike_init_t *this, message_t *message) sa_payload = sa_payload_create_from_proposal(this->proposal); } message->add_payload(message, (payload_t*)sa_payload); - + nonce_payload = nonce_payload_create(); nonce_payload->set_nonce(nonce_payload, this->my_nonce); ke_payload = ke_payload_create_from_diffie_hellman(this->dh); - + if (this->old_sa) { /* payload order differs if we are rekeying */ message->add_payload(message, (payload_t*)nonce_payload); @@ -170,7 +169,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message) { enumerator_t *enumerator; payload_t *payload; - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -180,18 +179,21 @@ static void process_payloads(private_ike_init_t *this, message_t *message) { sa_payload_t *sa_payload = (sa_payload_t*)payload; linked_list_t *proposal_list; - + bool private; + proposal_list = sa_payload->get_proposals(sa_payload); + private = this->ike_sa->supports_extension(this->ike_sa, + EXT_STRONGSWAN); this->proposal = this->config->select_proposal(this->config, - proposal_list); - proposal_list->destroy_offset(proposal_list, + proposal_list, private); + proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy)); break; } case KEY_EXCHANGE: { ke_payload_t *ke_payload = (ke_payload_t*)payload; - + this->dh_group = ke_payload->get_dh_group_number(ke_payload); if (!this->initiator) { @@ -212,13 +214,6 @@ static void process_payloads(private_ike_init_t *this, message_t *message) this->other_nonce = nonce_payload->get_nonce(nonce_payload); break; } - case VENDOR_ID: - { - vendor_id_payload_t *vendor_id = (vendor_id_payload_t*)payload; - chunk_t vid = vendor_id->get_data(vendor_id); - - DBG1(DBG_ENC, "received vendor id: %#B", &vid); - } default: break; } @@ -232,20 +227,20 @@ static void process_payloads(private_ike_init_t *this, message_t *message) static status_t build_i(private_ike_init_t *this, message_t *message) { rng_t *rng; - + this->config = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H", this->ike_sa->get_name(this->ike_sa), this->ike_sa->get_unique_id(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa)); this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING); - - if (this->retry++ >= MAX_RETRIES) + + if (this->retry >= MAX_RETRIES) { DBG1(DBG_IKE, "giving up after %d retries", MAX_RETRIES); return FAILED; } - + /* if the DH group is set via use_dh_group(), we already have a DH object */ if (!this->dh) { @@ -258,7 +253,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message) return FAILED; } } - + /* generate nonce only when we are trying the first time */ if (this->my_nonce.ptr == NULL) { @@ -271,12 +266,12 @@ static status_t build_i(private_ike_init_t *this, message_t *message) rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce); rng->destroy(rng); } - + if (this->cookie.ptr) { message->add_notify(message, FALSE, COOKIE, this->cookie); } - + build_payloads(this, message); #ifdef ME @@ -288,7 +283,7 @@ static status_t build_i(private_ike_init_t *this, message_t *message) } } #endif /* ME */ - + return NEED_MORE; } @@ -296,9 +291,9 @@ static status_t build_i(private_ike_init_t *this, message_t *message) * Implementation of task_t.process for responder */ static status_t process_r(private_ike_init_t *this, message_t *message) -{ +{ rng_t *rng; - + this->config = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message)); this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING); @@ -311,59 +306,22 @@ static status_t process_r(private_ike_init_t *this, message_t *message) } rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce); rng->destroy(rng); - + #ifdef ME { - chunk_t connect_id = chunk_empty; - enumerator_t *enumerator; - payload_t *payload; - - /* check for a ME_CONNECTID notify */ - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) - { - if (payload->get_type(payload) == NOTIFY) - { - notify_payload_t *notify = (notify_payload_t*)payload; - notify_type_t type = notify->get_notify_type(notify); - - switch (type) - { - case ME_CONNECTID: - { - chunk_free(&connect_id); - connect_id = chunk_clone(notify->get_notification_data(notify)); - DBG2(DBG_IKE, "received ME_CONNECTID %#B", &connect_id); - break; - } - default: - { - if (type < 16383) - { - DBG1(DBG_IKE, "received %N notify error", - notify_type_names, type); - break; - } - DBG2(DBG_IKE, "received %N notify", - notify_type_names, type); - break; - } - } - } - } - enumerator->destroy(enumerator); - - if (connect_id.ptr) + notify_payload_t *notify = message->get_notify(message, ME_CONNECTID); + if (notify) { + chunk_t connect_id = notify->get_notification_data(notify); + DBG2(DBG_IKE, "received ME_CONNECTID %#B", &connect_id); charon->connect_manager->stop_checks(charon->connect_manager, - connect_id); - chunk_free(&connect_id); + connect_id); } } #endif /* ME */ - + process_payloads(this, message); - + return NEED_MORE; } @@ -377,7 +335,7 @@ static bool derive_keys(private_ike_init_t *this, pseudo_random_function_t prf_alg = PRF_UNDEFINED; chunk_t skd = chunk_empty; ike_sa_id_t *id; - + id = this->ike_sa->get_id(this->ike_sa); if (this->old_sa) { @@ -417,12 +375,12 @@ static status_t build_r(private_ike_init_t *this, message_t *message) return FAILED; } this->ike_sa->set_proposal(this->ike_sa, this->proposal); - + if (this->dh == NULL || !this->proposal->has_dh_group(this->proposal, this->dh_group)) { u_int16_t group; - + if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) { @@ -440,7 +398,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message) } return FAILED; } - + if (!derive_keys(this, this->other_nonce, this->my_nonce)) { DBG1(DBG_IKE, "key derivation failed"); @@ -458,7 +416,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) { enumerator_t *enumerator; payload_t *payload; - + /* check for erronous notifies */ enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) @@ -467,27 +425,28 @@ static status_t process_i(private_ike_init_t *this, message_t *message) { notify_payload_t *notify = (notify_payload_t*)payload; notify_type_t type = notify->get_notify_type(notify); - + switch (type) { case INVALID_KE_PAYLOAD: { chunk_t data; diffie_hellman_group_t bad_group; - + bad_group = this->dh_group; data = notify->get_notification_data(notify); this->dh_group = ntohs(*((u_int16_t*)data.ptr)); DBG1(DBG_IKE, "peer didn't accept DH group %N, " "it requested %N", diffie_hellman_group_names, bad_group, diffie_hellman_group_names, this->dh_group); - + if (this->old_sa == NULL) { /* reset the IKE_SA if we are not rekeying */ this->ike_sa->reset(this->ike_sa); } - + enumerator->destroy(enumerator); + this->retry++; return NEED_MORE; } case NAT_DETECTION_SOURCE_IP: @@ -504,6 +463,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) this->ike_sa->reset(this->ike_sa); enumerator->destroy(enumerator); DBG2(DBG_IKE, "received %N notify", notify_type_names, type); + this->retry++; return NEED_MORE; } default: @@ -513,7 +473,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) DBG1(DBG_IKE, "received %N notify error", notify_type_names, type); enumerator->destroy(enumerator); - return FAILED; + return FAILED; } DBG2(DBG_IKE, "received %N notify", notify_type_names, type); @@ -523,7 +483,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) } } enumerator->destroy(enumerator); - + process_payloads(this, message); /* check if we have everything */ @@ -534,14 +494,14 @@ static status_t process_i(private_ike_init_t *this, message_t *message) return FAILED; } this->ike_sa->set_proposal(this->ike_sa, this->proposal); - + if (this->dh == NULL || !this->proposal->has_dh_group(this->proposal, this->dh_group)) { DBG1(DBG_IKE, "peer DH group selection invalid"); return FAILED; } - + if (!derive_keys(this, this->my_nonce, this->other_nonce)) { DBG1(DBG_IKE, "key derivation failed"); @@ -581,7 +541,7 @@ static void migrate(private_ike_init_t *this, ike_sa_t *ike_sa) { DESTROY_IF(this->proposal); chunk_free(&this->other_nonce); - + this->ike_sa = ike_sa; this->proposal = NULL; DESTROY_IF(this->dh); @@ -622,7 +582,7 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; this->dh_group = MODP_NONE; @@ -635,6 +595,6 @@ ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa) this->config = NULL; this->old_sa = old_sa; this->retry = 0; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_init.h b/src/charon/sa/tasks/ike_init.h index 8d3810ef2..7bd784cff 100644 --- a/src/charon/sa/tasks/ike_init.h +++ b/src/charon/sa/tasks/ike_init.h @@ -38,7 +38,7 @@ struct ike_init_t { * Implements the task_t interface */ task_t task; - + /** * Get the lower of the two nonces, used for rekey collisions. * diff --git a/src/charon/sa/tasks/ike_me.c b/src/charon/sa/tasks/ike_me.c index d359aa339..2d2847ae0 100644 --- a/src/charon/sa/tasks/ike_me.c +++ b/src/charon/sa/tasks/ike_me.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "ike_me.h" #include @@ -33,71 +33,71 @@ typedef struct private_ike_me_t private_ike_me_t; * Private members of a ike_me_t task. */ struct private_ike_me_t { - + /** * Public methods and task_t interface. */ ike_me_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Is this a mediation connection? */ bool mediation; - + /** * Is this the response from another peer? */ bool response; - + /** * Gathered endpoints */ linked_list_t *local_endpoints; - + /** * Parsed endpoints */ linked_list_t *remote_endpoints; - + /** * Did the peer request a callback? */ bool callback; - + /** * Did the connect fail? */ bool failed; - + /** * Was there anything wrong with the payloads? */ bool invalid_syntax; - + /** * The requested peer */ - identification_t *peer_id; + identification_t *peer_id; /** * Received ID used for connectivity checks */ chunk_t connect_id; - + /** * Received key used for connectivity checks */ chunk_t connect_key; - + /** * Peer config of the mediated connection */ @@ -112,7 +112,7 @@ static void add_endpoints_to_message(message_t *message, linked_list_t *endpoint { iterator_t *iterator; endpoint_notify_t *endpoint; - + iterator = endpoints->create_iterator(endpoints, TRUE); while (iterator->iterate(iterator, (void**)&endpoint)) { @@ -129,25 +129,25 @@ static void gather_and_add_endpoints(private_ike_me_t *this, message_t *message) enumerator_t *enumerator; host_t *addr, *host; u_int16_t port; - + /* get the port that is used to communicate with the ms */ host = this->ike_sa->get_my_host(this->ike_sa); port = host->get_port(host); - + enumerator = charon->kernel_interface->create_address_enumerator( charon->kernel_interface, FALSE, FALSE); while (enumerator->enumerate(enumerator, (void**)&addr)) { host = addr->clone(addr); host->set_port(host, port); - + this->local_endpoints->insert_last(this->local_endpoints, endpoint_notify_create_from_host(HOST, host, NULL)); - + host->destroy(host); } enumerator->destroy(enumerator); - + host = this->ike_sa->get_server_reflexive_host(this->ike_sa); if (host) { @@ -155,7 +155,7 @@ static void gather_and_add_endpoints(private_ike_me_t *this, message_t *message) endpoint_notify_create_from_host(SERVER_REFLEXIVE, host, this->ike_sa->get_my_host(this->ike_sa))); } - + add_endpoints_to_message(message, this->local_endpoints); } @@ -166,7 +166,7 @@ static void process_payloads(private_ike_me_t *this, message_t *message) { enumerator_t *enumerator; payload_t *payload; - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -174,9 +174,9 @@ static void process_payloads(private_ike_me_t *this, message_t *message) { continue; } - + notify_payload_t *notify = (notify_payload_t*)payload; - + switch (notify->get_notify_type(notify)) { case ME_CONNECT_FAILED: @@ -193,16 +193,19 @@ static void process_payloads(private_ike_me_t *this, message_t *message) } case ME_ENDPOINT: { - endpoint_notify_t *endpoint = endpoint_notify_create_from_payload(notify); + endpoint_notify_t *endpoint; + endpoint = endpoint_notify_create_from_payload(notify); if (!endpoint) { DBG1(DBG_IKE, "received invalid ME_ENDPOINT notify"); break; } - DBG1(DBG_IKE, "received %N ME_ENDPOINT %#H", me_endpoint_type_names, - endpoint->get_type(endpoint), endpoint->get_host(endpoint)); - - this->remote_endpoints->insert_last(this->remote_endpoints, endpoint); + DBG1(DBG_IKE, "received %N ME_ENDPOINT %#H", + me_endpoint_type_names, endpoint->get_type(endpoint), + endpoint->get_host(endpoint)); + + this->remote_endpoints->insert_last(this->remote_endpoints, + endpoint); break; } case ME_CALLBACK: @@ -263,7 +266,9 @@ static status_t build_i(private_ike_me_t *this, message_t *message) { if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE)) { - endpoint_notify_t *endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE, NULL, NULL); + endpoint_notify_t *endpoint; + endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE, + NULL, NULL); message->add_payload(message, (payload_t*)endpoint->build_notify(endpoint)); endpoint->destroy(endpoint); } @@ -271,42 +276,42 @@ static status_t build_i(private_ike_me_t *this, message_t *message) } case ME_CONNECT: { - id_payload_t *id_payload; rng_t *rng; - - id_payload = id_payload_create_from_identification(ID_PEER, this->peer_id); + id_payload_t *id_payload; + id_payload = id_payload_create_from_identification(ID_PEER, + this->peer_id); message->add_payload(message, (payload_t*)id_payload); - + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (!rng) { - DBG1(DBG_IKE, "unable to generate connect ID for ME_CONNECT"); + DBG1(DBG_IKE, "unable to generate connect ID for ME_CONNECT"); return FAILED; } if (!this->response) { - /* only the initiator creates a connect ID. the responder returns - * the connect ID that it received from the initiator */ + /* only the initiator creates a connect ID. the responder + * returns the connect ID that it received from the initiator */ rng->allocate_bytes(rng, ME_CONNECTID_LEN, &this->connect_id); } rng->allocate_bytes(rng, ME_CONNECTKEY_LEN, &this->connect_key); rng->destroy(rng); - + message->add_notify(message, FALSE, ME_CONNECTID, this->connect_id); message->add_notify(message, FALSE, ME_CONNECTKEY, this->connect_key); - + if (this->response) { message->add_notify(message, FALSE, ME_RESPONSE, chunk_empty); } else { - /* FIXME: should we make that configurable? */ + /* FIXME: should we make this configurable? */ message->add_notify(message, FALSE, ME_CALLBACK, chunk_empty); } - + gather_and_add_endpoints(this, message); - + break; } default: @@ -328,40 +333,44 @@ static status_t process_r(private_ike_me_t *this, message_t *message) id_payload = (id_payload_t*)message->get_payload(message, ID_PEER); if (!id_payload) { - DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload" + ", aborting"); break; } this->peer_id = id_payload->get_identification(id_payload); - + process_payloads(this, message); - + if (this->callback) { DBG1(DBG_IKE, "received ME_CALLBACK for '%Y'", this->peer_id); break; - } - + } + if (!this->connect_id.ptr) { - DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify" + ", aborting"); this->invalid_syntax = TRUE; break; } - + if (!this->connect_key.ptr) { - DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY " + "notify, aborting"); this->invalid_syntax = TRUE; break; } - + if (!this->remote_endpoints->get_count(this->remote_endpoints)) { - DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT payloads, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT " + "payloads, aborting"); this->invalid_syntax = TRUE; break; } - + DBG1(DBG_IKE, "received ME_CONNECT"); break; } @@ -385,33 +394,39 @@ static status_t build_r(private_ike_me_t *this, message_t *message) message->add_notify(message, TRUE, INVALID_SYNTAX, chunk_empty); break; } - + if (this->callback) { - charon->connect_manager->check_and_initiate(charon->connect_manager, + /* we got a callback from the mediation server, initiate the + * queued mediated connecction */ + charon->connect_manager->check_and_initiate( + charon->connect_manager, this->ike_sa->get_id(this->ike_sa), this->ike_sa->get_my_id(this->ike_sa), this->peer_id); return SUCCESS; } - + if (this->response) { /* FIXME: handle result of set_responder_data * as initiator, upon receiving a response from another peer, * update the checklist and start sending checks */ - charon->connect_manager->set_responder_data(charon->connect_manager, - this->connect_id, this->connect_key, this->remote_endpoints); + charon->connect_manager->set_responder_data( + charon->connect_manager, + this->connect_id, this->connect_key, + this->remote_endpoints); } else { /* FIXME: handle result of set_initiator_data * as responder, create a checklist with the initiator's data */ - charon->connect_manager->set_initiator_data(charon->connect_manager, + charon->connect_manager->set_initiator_data( + charon->connect_manager, this->peer_id, this->ike_sa->get_my_id(this->ike_sa), - this->connect_id, this->connect_key, this->remote_endpoints, - FALSE); + this->connect_id, this->connect_key, + this->remote_endpoints, FALSE); if (this->ike_sa->respond(this->ike_sa, this->peer_id, - this->connect_id) != SUCCESS) + this->connect_id) != SUCCESS) { return FAILED; } @@ -434,13 +449,11 @@ static status_t process_i(private_ike_me_t *this, message_t *message) case IKE_SA_INIT: { process_payloads(this, message); - if (!this->mediation) { DBG1(DBG_IKE, "server did not return a ME_MEDIATION, aborting"); return FAILED; } - return NEED_MORE; } case IKE_AUTH: @@ -449,24 +462,21 @@ static status_t process_i(private_ike_me_t *this, message_t *message) /* FIXME: we should update the server reflexive endpoint somehow, * if mobike notices a change */ endpoint_notify_t *reflexive; - if (this->remote_endpoints->get_first(this->remote_endpoints, + if (this->remote_endpoints->get_first(this->remote_endpoints, (void**)&reflexive) == SUCCESS && reflexive->get_type(reflexive) == SERVER_REFLEXIVE) - { /* FIXME: should we accept this endpoint even if we did not send + { /* FIXME: should we accept this endpoint even if we did not send * a request? */ host_t *endpoint = reflexive->get_host(reflexive); - - this->ike_sa->set_server_reflexive_host(this->ike_sa, endpoint->clone(endpoint)); + endpoint = endpoint->clone(endpoint); + this->ike_sa->set_server_reflexive_host(this->ike_sa, endpoint); } - /* FIXME: what if it failed? e.g. AUTH failure */ - DBG1(DBG_IKE, "established mediation connection successfully"); - break; } case ME_CONNECT: { process_payloads(this, message); - + if (this->failed) { DBG1(DBG_IKE, "peer '%Y' is not online", this->peer_id); @@ -476,21 +486,25 @@ static status_t process_i(private_ike_me_t *this, message_t *message) { if (this->response) { - /* FIXME: handle result of set_responder_data. - * as responder, we update the checklist and start sending checks */ - charon->connect_manager->set_responder_data(charon->connect_manager, - this->connect_id, this->connect_key, this->local_endpoints); + /* FIXME: handle result of set_responder_data. */ + /* as responder, we update the checklist and start sending + * checks */ + charon->connect_manager->set_responder_data( + charon->connect_manager, this->connect_id, + this->connect_key, this->local_endpoints); } else { - /* FIXME: handle result of set_initiator_data - * as initiator, we create a checklist and set the initiator's data */ - charon->connect_manager->set_initiator_data(charon->connect_manager, - this->ike_sa->get_my_id(this->ike_sa), this->peer_id, - this->connect_id, this->connect_key, this->local_endpoints, - TRUE); - /* FIXME: also start a timer for the whole transaction (maybe - * within the connect_manager?) */ + /* FIXME: handle result of set_initiator_data */ + /* as initiator, we create a checklist and set the + * initiator's data */ + charon->connect_manager->set_initiator_data( + charon->connect_manager, + this->ike_sa->get_my_id(this->ike_sa), + this->peer_id, this->connect_id, this->connect_key, + this->local_endpoints, TRUE); + /* FIXME: also start a timer for the whole transaction + * (maybe within the connect_manager?) */ } } break; @@ -510,9 +524,11 @@ static status_t build_i_ms(private_ike_me_t *this, message_t *message) { case ME_CONNECT: { - id_payload_t *id_payload = id_payload_create_from_identification(ID_PEER, this->peer_id); + id_payload_t *id_payload; + id_payload = id_payload_create_from_identification(ID_PEER, + this->peer_id); message->add_payload(message, (payload_t*)id_payload); - + if (this->callback) { message->add_notify(message, FALSE, ME_CALLBACK, chunk_empty); @@ -521,11 +537,13 @@ static status_t build_i_ms(private_ike_me_t *this, message_t *message) { if (this->response) { - message->add_notify(message, FALSE, ME_RESPONSE, chunk_empty); - } - message->add_notify(message, FALSE, ME_CONNECTID, this->connect_id); - message->add_notify(message, FALSE, ME_CONNECTKEY, this->connect_key); - + message->add_notify(message, FALSE, ME_RESPONSE, + chunk_empty); + } + message->add_notify(message, FALSE, ME_CONNECTID, + this->connect_id); + message->add_notify(message, FALSE, ME_CONNECTKEY, + this->connect_key); add_endpoints_to_message(message, this->remote_endpoints); } break; @@ -533,7 +551,6 @@ static status_t build_i_ms(private_ike_me_t *this, message_t *message) default: break; } - return NEED_MORE; } @@ -546,15 +563,15 @@ static status_t process_r_ms(private_ike_me_t *this, message_t *message) { case IKE_SA_INIT: { - /* FIXME: we should check for SA* and TS* payloads - * if any are there send NO_ADDITIONAL_SAS back and delete this SA */ + /* FIXME: we should check for SA* and TS* payloads. if there are + * any, send NO_ADDITIONAL_SAS back and delete this SA */ process_payloads(this, message); return this->mediation ? NEED_MORE : SUCCESS; } case IKE_AUTH: { - /* FIXME: we should check whether the current peer_config is configured - * as mediation connection */ + /* FIXME: we should check whether the current peer_config is + * configured as mediation connection */ process_payloads(this, message); break; } @@ -570,32 +587,35 @@ static status_t process_r_ms(private_ike_me_t *this, message_t *message) id_payload = (id_payload_t*)message->get_payload(message, ID_PEER); if (!id_payload) { - DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload" + ", aborting"); this->invalid_syntax = TRUE; break; } - this->peer_id = id_payload->get_identification(id_payload); - + process_payloads(this, message); - + if (!this->connect_id.ptr) { - DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTID notify" + ", aborting"); this->invalid_syntax = TRUE; break; } - + if (!this->connect_key.ptr) { - DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without ME_CONNECTKEY notify" + ", aborting"); this->invalid_syntax = TRUE; break; } - + if (!this->remote_endpoints->get_count(this->remote_endpoints)) { - DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT payloads, aborting"); + DBG1(DBG_IKE, "received ME_CONNECT without any ME_ENDPOINT " + "payloads, aborting"); this->invalid_syntax = TRUE; break; } @@ -604,7 +624,6 @@ static status_t process_r_ms(private_ike_me_t *this, message_t *message) default: break; } - return NEED_MORE; } @@ -623,58 +642,54 @@ static status_t build_r_ms(private_ike_me_t *this, message_t *message) case IKE_AUTH: { endpoint_notify_t *endpoint; - if (this->remote_endpoints->get_first(this->remote_endpoints, (void**)&endpoint) == SUCCESS && - endpoint->get_type(endpoint) == SERVER_REFLEXIVE) + if (this->remote_endpoints->get_first(this->remote_endpoints, + (void**)&endpoint) == SUCCESS && + endpoint->get_type(endpoint) == SERVER_REFLEXIVE) { host_t *host = this->ike_sa->get_other_host(this->ike_sa); - - DBG2(DBG_IKE, "received request for a server reflexive endpoint " - "sending: %#H", host); - - endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE, host, NULL); + DBG2(DBG_IKE, "received request for a server reflexive " + "endpoint sending: %#H", host); + endpoint = endpoint_notify_create_from_host(SERVER_REFLEXIVE, + host, NULL); message->add_payload(message, (payload_t*)endpoint->build_notify(endpoint)); endpoint->destroy(endpoint); } - - /* FIXME: we actually must delete any existing IKE_SAs with the same remote id */ this->ike_sa->act_as_mediation_server(this->ike_sa); - - DBG1(DBG_IKE, "established mediation connection successfully"); - break; } case ME_CONNECT: - { + { if (this->invalid_syntax) { message->add_notify(message, TRUE, INVALID_SYNTAX, chunk_empty); break; } - + ike_sa_id_t *peer_sa; if (this->callback) { - peer_sa = charon->mediation_manager->check_and_register(charon->mediation_manager, - this->peer_id, this->ike_sa->get_other_id(this->ike_sa)); + peer_sa = charon->mediation_manager->check_and_register( + charon->mediation_manager, this->peer_id, + this->ike_sa->get_other_id(this->ike_sa)); } else { - peer_sa = charon->mediation_manager->check(charon->mediation_manager, - this->peer_id); + peer_sa = charon->mediation_manager->check( + charon->mediation_manager, this->peer_id); } - + if (!peer_sa) { /* the peer is not online */ - message->add_notify(message, TRUE, ME_CONNECT_FAILED, chunk_empty); + message->add_notify(message, TRUE, ME_CONNECT_FAILED, + chunk_empty); break; } - + job_t *job = (job_t*)mediation_job_create(this->peer_id, this->ike_sa->get_other_id(this->ike_sa), this->connect_id, this->connect_key, this->remote_endpoints, this->response); charon->processor->queue_job(charon->processor, job); - break; } default: @@ -706,8 +721,8 @@ static void me_connect(private_ike_me_t *this, identification_t *peer_id) /** * Implementation of ike_me.respond */ -static void me_respond(private_ike_me_t *this, identification_t *peer_id, - chunk_t connect_id) +static void me_respond(private_ike_me_t *this, identification_t *peer_id, + chunk_t connect_id) { this->peer_id = peer_id->clone(peer_id); this->connect_id = chunk_clone(connect_id); @@ -726,16 +741,19 @@ static void me_callback(private_ike_me_t *this, identification_t *peer_id) /** * Implementation of ike_me.relay */ -static void relay(private_ike_me_t *this, identification_t *requester, chunk_t connect_id, - chunk_t connect_key, linked_list_t *endpoints, bool response) +static void relay(private_ike_me_t *this, identification_t *requester, + chunk_t connect_id, chunk_t connect_key, + linked_list_t *endpoints, bool response) { this->peer_id = requester->clone(requester); this->connect_id = chunk_clone(connect_id); this->connect_key = chunk_clone(connect_key); - - this->remote_endpoints->destroy_offset(this->remote_endpoints, offsetof(endpoint_notify_t, destroy)); - this->remote_endpoints = endpoints->clone_offset(endpoints, offsetof(endpoint_notify_t, clone)); - + + this->remote_endpoints->destroy_offset(this->remote_endpoints, + offsetof(endpoint_notify_t, destroy)); + this->remote_endpoints = endpoints->clone_offset(endpoints, + offsetof(endpoint_notify_t, clone)); + this->response = response; } @@ -761,13 +779,15 @@ static void migrate(private_ike_me_t *this, ike_sa_t *ike_sa) static void destroy(private_ike_me_t *this) { DESTROY_IF(this->peer_id); - + chunk_free(&this->connect_id); chunk_free(&this->connect_key); - - this->local_endpoints->destroy_offset(this->local_endpoints, offsetof(endpoint_notify_t, destroy)); - this->remote_endpoints->destroy_offset(this->remote_endpoints, offsetof(endpoint_notify_t, destroy)); - + + this->local_endpoints->destroy_offset(this->local_endpoints, + offsetof(endpoint_notify_t, destroy)); + this->remote_endpoints->destroy_offset(this->remote_endpoints, + offsetof(endpoint_notify_t, destroy)); + DESTROY_IF(this->mediated_cfg); free(this); } @@ -782,7 +802,7 @@ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (ike_sa->has_condition(ike_sa, COND_ORIGINAL_INITIATOR)) { if (initiator) @@ -810,15 +830,15 @@ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator) this->public.task.process = (status_t(*)(task_t*,message_t*))process_r_ms; } } - + this->public.connect = (void(*)(ike_me_t*,identification_t*))me_connect; this->public.respond = (void(*)(ike_me_t*,identification_t*,chunk_t))me_respond; this->public.callback = (void(*)(ike_me_t*,identification_t*))me_callback; this->public.relay = (void(*)(ike_me_t*,identification_t*,chunk_t,chunk_t,linked_list_t*,bool))relay; - + this->ike_sa = ike_sa; this->initiator = initiator; - + this->peer_id = NULL; this->connect_id = chunk_empty; this->connect_key = chunk_empty; @@ -829,8 +849,8 @@ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator) this->callback = FALSE; this->failed = FALSE; this->invalid_syntax = FALSE; - + this->mediated_cfg = NULL; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_me.h b/src/charon/sa/tasks/ike_me.h index 4b35c313c..31285a426 100644 --- a/src/charon/sa/tasks/ike_me.h +++ b/src/charon/sa/tasks/ike_me.h @@ -34,18 +34,17 @@ typedef struct ike_me_t ike_me_t; * connection, allows to initiate mediated connections using ME_CONNECT * exchanges and to request reflexive addresses from the mediation server using * ME_ENDPOINT notifies. - * + * * @note This task has to be activated before the IKE_AUTH task, because that * task generates the IKE_SA_INIT message so that no more payloads can be added * to it afterwards. */ struct ike_me_t { - /** * Implements the task_t interface */ task_t task; - + /** * Initiates a connection with another peer (i.e. sends a ME_CONNECT * to the mediation server) @@ -53,45 +52,48 @@ struct ike_me_t { * @param peer_id ID of the other peer (gets cloned) */ void (*connect)(ike_me_t *this, identification_t *peer_id); - + /** * Responds to a ME_CONNECT from another peer (i.e. sends a ME_CONNECT * to the mediation server) - * - * @param peer_id ID of the other peer (gets cloned) - * @param connect_id the connect ID as provided by the initiator (gets cloned) + * + * Data gets cloned. + * + * @param peer_id ID of the other peer + * @param connect_id the connect ID as provided by the initiator */ - void (*respond)(ike_me_t *this, identification_t *peer_id, chunk_t connect_id); - + void (*respond)(ike_me_t *this, identification_t *peer_id, + chunk_t connect_id); + /** - * Sends a ME_CALLBACK to a peer that previously requested another peer. - * + * Sends a ME_CALLBACK to a peer that previously requested some other peer. + * * @param peer_id ID of the other peer (gets cloned) */ void (*callback)(ike_me_t *this, identification_t *peer_id); - + /** * Relays data to another peer (i.e. sends a ME_CONNECT to the peer) - * + * * Data gets cloned. - * + * * @param requester ID of the requesting peer * @param connect_id content of the ME_CONNECTID notify * @param connect_key content of the ME_CONNECTKEY notify * @param endpoints endpoints * @param response TRUE if this is a response */ - void (*relay)(ike_me_t *this, identification_t *requester, chunk_t connect_id, - chunk_t connect_key, linked_list_t *endpoints, bool response); - + void (*relay)(ike_me_t *this, identification_t *requester, + chunk_t connect_id, chunk_t connect_key, + linked_list_t *endpoints, bool response); }; /** * Create a new ike_me task. * * @param ike_sa IKE_SA this task works for - * @param initiator TRUE if taks is initiated by us - * @return ike_me task to handle by the task_manager + * @param initiator TRUE if task is initiated by us + * @return ike_me task to be handled by the task_manager */ ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/charon/sa/tasks/ike_mobike.c b/src/charon/sa/tasks/ike_mobike.c index 9a1afe744..d76ba8d2b 100644 --- a/src/charon/sa/tasks/ike_mobike.c +++ b/src/charon/sa/tasks/ike_mobike.c @@ -30,42 +30,42 @@ typedef struct private_ike_mobike_t private_ike_mobike_t; * Private members of a ike_mobike_t task. */ struct private_ike_mobike_t { - + /** * Public methods and task_t interface. */ ike_mobike_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * cookie2 value to verify new addresses */ chunk_t cookie2; - + /** * NAT discovery reusing the IKE_NATD task */ ike_natd_t *natd; - + /** * use task to update addresses */ bool update; - + /** * do routability check */ bool check; - + /** * include address list update */ @@ -79,7 +79,7 @@ static void flush_additional_addresses(private_ike_mobike_t *this) { iterator_t *iterator; host_t *host; - + iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa); while (iterator->iterate(iterator, (void**)&host)) { @@ -98,7 +98,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) enumerator_t *enumerator; payload_t *payload; bool first = TRUE; - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -106,7 +106,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) notify_payload_t *notify; chunk_t data; host_t *host; - + if (payload->get_type(payload) != NOTIFY) { continue; @@ -117,9 +117,9 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message) case MOBIKE_SUPPORTED: { peer_cfg_t *peer_cfg; - + peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - if (!this->initiator && + if (!this->initiator && peer_cfg && !peer_cfg->use_mobike(peer_cfg)) { DBG1(DBG_IKE, "peer supports MOBIKE, but disabled in config"); @@ -191,7 +191,7 @@ static void build_address_list(private_ike_mobike_t *this, message_t *message) host_t *host, *me; notify_type_t type; int added = 0; - + me = this->ike_sa->get_my_host(this->ike_sa); enumerator = charon->kernel_interface->create_address_enumerator( charon->kernel_interface, FALSE, FALSE); @@ -227,7 +227,7 @@ static void build_address_list(private_ike_mobike_t *this, message_t *message) } /** - * build a cookie and add it to the message + * build a cookie and add it to the message */ static void build_cookie(private_ike_mobike_t *this, message_t *message) { @@ -250,12 +250,12 @@ static void update_children(private_ike_mobike_t *this) { iterator_t *iterator; child_sa_t *child_sa; - + iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa); while (iterator->iterate(iterator, (void**)&child_sa)) { if (child_sa->update(child_sa, - this->ike_sa->get_my_host(this->ike_sa), + this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_virtual_ip(this->ike_sa, TRUE), this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)) == NOT_SUPPORTED) @@ -276,7 +276,7 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet) host_t *me, *other, *me_old, *other_old; iterator_t *iterator; packet_t *copy; - + if (!this->check) { return; @@ -284,16 +284,19 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet) me_old = this->ike_sa->get_my_host(this->ike_sa); other_old = this->ike_sa->get_other_host(this->ike_sa); - + me = charon->kernel_interface->get_source_addr( charon->kernel_interface, other_old, NULL); if (me) { me->set_port(me, me->ip_equals(me, me_old) ? me_old->get_port(me_old) : IKEV2_NATT_PORT); - packet->set_source(packet, me); + DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old); + copy = packet->clone(packet); + copy->set_source(copy, me); + charon->sender->send(charon->sender, copy); } - + iterator = this->ike_sa->create_additional_address_iterator(this->ike_sa); while (iterator->iterate(iterator, (void**)&other)) { @@ -320,9 +323,6 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet) } } iterator->destroy(iterator); - me = packet->get_source(packet); - other = packet->get_destination(packet); - DBG1(DBG_IKE, "checking path %#H - %#H", me, other); } /** @@ -338,8 +338,8 @@ static status_t build_i(private_ike_mobike_t *this, message_t *message) else if (message->get_exchange_type(message) == INFORMATIONAL) { host_t *old, *new; - - /* we check if the existing address is still valid */ + + /* we check if the existing address is still valid */ old = message->get_source(message); new = charon->kernel_interface->get_source_addr(charon->kernel_interface, message->get_destination(message), old); @@ -388,13 +388,13 @@ static status_t process_r(private_ike_mobike_t *this, message_t *message) if (this->update) { host_t *me, *other; - + me = message->get_destination(message); other = message->get_source(message); this->ike_sa->set_my_host(this->ike_sa, me->clone(me)); this->ike_sa->set_other_host(this->ike_sa, other->clone(other)); } - + if (this->natd) { this->natd->task.process(&this->natd->task, message); @@ -461,7 +461,7 @@ static status_t process_i(private_ike_mobike_t *this, message_t *message) if (this->cookie2.ptr) { /* check cookie if we included one */ chunk_t cookie2; - + cookie2 = this->cookie2; this->cookie2 = chunk_empty; process_payloads(this, message); @@ -496,17 +496,17 @@ static status_t process_i(private_ike_mobike_t *this, message_t *message) if (this->check) { host_t *me_new, *me_old, *other_new, *other_old; - + me_new = message->get_destination(message); other_new = message->get_source(message); me_old = this->ike_sa->get_my_host(this->ike_sa); other_old = this->ike_sa->get_other_host(this->ike_sa); - + if (!me_new->equals(me_new, me_old)) { this->update = TRUE; this->ike_sa->set_my_host(this->ike_sa, me_new->clone(me_new)); - } + } if (!other_new->equals(other_new, other_old)) { this->update = TRUE; @@ -538,7 +538,7 @@ static void roam(private_ike_mobike_t *this, bool address) { this->check = TRUE; this->address = address; - this->ike_sa->set_pending_updates(this->ike_sa, + this->ike_sa->set_pending_updates(this->ike_sa, this->ike_sa->get_pending_updates(this->ike_sa) + 1); } @@ -552,7 +552,7 @@ static void dpd(private_ike_mobike_t *this) this->natd = ike_natd_create(this->ike_sa, this->initiator); } this->address = FALSE; - this->ike_sa->set_pending_updates(this->ike_sa, + this->ike_sa->set_pending_updates(this->ike_sa, this->ike_sa->get_pending_updates(this->ike_sa) + 1); } @@ -612,7 +612,7 @@ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -623,7 +623,7 @@ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->initiator = initiator; this->update = FALSE; @@ -631,7 +631,7 @@ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator) this->address = TRUE; this->cookie2 = chunk_empty; this->natd = NULL; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_mobike.h b/src/charon/sa/tasks/ike_mobike.h index 919b5ddd3..05b2224d1 100644 --- a/src/charon/sa/tasks/ike_mobike.h +++ b/src/charon/sa/tasks/ike_mobike.h @@ -35,7 +35,7 @@ typedef struct ike_mobike_t ike_mobike_t; * and IPsec tunnel addresses. * This tasks handles the MOBIKE_SUPPORTED notify exchange to detect MOBIKE * support, allows the exchange of ADDITIONAL_*_ADDRESS to exchange additional - * endpoints and handles the UPDATE_SA_ADDRESS notify to finally update + * endpoints and handles the UPDATE_SA_ADDRESS notify to finally update * endpoints. */ struct ike_mobike_t { @@ -44,36 +44,36 @@ struct ike_mobike_t { * Implements the task_t interface */ task_t task; - + /** * Use the task to roam to other addresses. * * @param address TRUE to include address list update */ void (*roam)(ike_mobike_t *this, bool address); - + /** * Use the task for a DPD check which detects changes in NAT mappings. */ void (*dpd)(ike_mobike_t *this); - + /** * Transmision hook, called by task manager. * - * The task manager calls this hook whenever it transmits a packet. It + * The task manager calls this hook whenever it transmits a packet. It * allows the mobike task to send the packet on multiple paths to do path * probing. * * @param packet the packet to transmit */ void (*transmit)(ike_mobike_t *this, packet_t *packet); - + /** * Check if this task is probing for routability. * * @return TRUE if task is probing */ - bool (*is_probing)(ike_mobike_t *this); + bool (*is_probing)(ike_mobike_t *this); }; /** @@ -81,7 +81,7 @@ struct ike_mobike_t { * * @param ike_sa IKE_SA this task works for * @param initiator TRUE if taks is initiated by us - * @return ike_mobike task to handle by the task_manager + * @return ike_mobike task to handle by the task_manager */ ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/charon/sa/tasks/ike_natd.c b/src/charon/sa/tasks/ike_natd.c index bb18e7bda..9121fe2ea 100644 --- a/src/charon/sa/tasks/ike_natd.c +++ b/src/charon/sa/tasks/ike_natd.c @@ -30,47 +30,47 @@ typedef struct private_ike_natd_t private_ike_natd_t; * Private members of a ike_natd_t task. */ struct private_ike_natd_t { - + /** * Public methods and task_t interface. */ ike_natd_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * Hasher used to build NAT detection hashes */ hasher_t *hasher; - + /** * Did we process any NAT detection notifys for a source address? */ bool src_seen; - + /** * Did we process any NAT detection notifys for a destination address? */ bool dst_seen; - + /** * Have we found a matching source address NAT hash? */ bool src_matched; - + /** * Have we found a matching destination address NAT hash? */ bool dst_matched; - + /** * whether NAT mappings for our NATed address has changed */ @@ -88,7 +88,7 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this, chunk_t natd_hash; u_int64_t spi_i, spi_r; u_int16_t port; - + /* prepare all required chunks */ spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); spi_r = ike_sa_id->get_responder_spi(ike_sa_id); @@ -100,13 +100,13 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this, port_chunk.ptr = (void*)&port; port_chunk.len = sizeof(port); addr_chunk = host->get_address(host); - + /* natd_hash = SHA1( spi_i | spi_r | address | port ) */ natd_chunk = chunk_cat("cccc", spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk); this->hasher->allocate_hash(this->hasher, natd_chunk, &natd_hash); DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk); DBG3(DBG_IKE, "natd_hash %B", &natd_hash); - + chunk_free(&natd_chunk); return natd_hash; } @@ -118,7 +118,7 @@ static chunk_t generate_natd_hash_faked(private_ike_natd_t *this) { rng_t *rng; chunk_t chunk; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -137,10 +137,10 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, notify_type_t type, host_t *host) { chunk_t hash; - notify_payload_t *notify; + notify_payload_t *notify; ike_sa_id_t *ike_sa_id; ike_cfg_t *config; - + ike_sa_id = this->ike_sa->get_id(this->ike_sa); config = this->ike_sa->get_ike_cfg(this->ike_sa); if (config->force_encap(config) && type == NAT_DETECTION_SOURCE_IP) @@ -155,7 +155,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, notify->set_notify_type(notify, type); notify->set_notification_data(notify, hash); chunk_free(&hash); - + return notify; } @@ -171,17 +171,17 @@ static void process_payloads(private_ike_natd_t *this, message_t *message) ike_sa_id_t *ike_sa_id; host_t *me, *other; ike_cfg_t *config; - + /* Precompute NAT-D hashes for incoming NAT notify comparison */ ike_sa_id = message->get_ike_sa_id(message); me = message->get_destination(message); other = message->get_source(message); dst_hash = generate_natd_hash(this, ike_sa_id, me); src_hash = generate_natd_hash(this, ike_sa_id, other); - + DBG3(DBG_IKE, "precalculated src_hash %B", &src_hash); DBG3(DBG_IKE, "precalculated dst_hash %B", &dst_hash); - + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { @@ -234,10 +234,10 @@ static void process_payloads(private_ike_natd_t *this, message_t *message) } } enumerator->destroy(enumerator); - + chunk_free(&src_hash); chunk_free(&dst_hash); - + if (this->src_seen && this->dst_seen) { this->ike_sa->enable_extension(this->ike_sa, EXT_NATT); @@ -245,12 +245,12 @@ static void process_payloads(private_ike_natd_t *this, message_t *message) this->ike_sa->set_condition(this->ike_sa, COND_NAT_HERE, !this->dst_matched); this->ike_sa->set_condition(this->ike_sa, COND_NAT_THERE, - !this->src_matched); + !this->src_matched); config = this->ike_sa->get_ike_cfg(this->ike_sa); if (this->dst_matched && this->src_matched && config->force_encap(config)) { - this->ike_sa->set_condition(this->ike_sa, COND_NAT_FAKE, TRUE); + this->ike_sa->set_condition(this->ike_sa, COND_NAT_FAKE, TRUE); } } } @@ -261,7 +261,7 @@ static void process_payloads(private_ike_natd_t *this, message_t *message) static status_t process_i(private_ike_natd_t *this, message_t *message) { process_payloads(this, message); - + if (message->get_exchange_type(message) == IKE_SA_INIT) { peer_cfg_t *peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); @@ -275,10 +275,10 @@ static status_t process_i(private_ike_natd_t *this, message_t *message) return SUCCESS; } #endif /* ME */ - + if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY) || #ifdef ME - /* if we are on a mediation connection we swith to port 4500 even + /* if we are on a mediation connection we switch to port 4500 even * if no NAT is detected. */ peer_cfg->is_mediation(peer_cfg) || #endif /* ME */ @@ -288,7 +288,7 @@ static status_t process_i(private_ike_natd_t *this, message_t *message) this->ike_sa->supports_extension(this->ike_sa, EXT_NATT))) { host_t *me, *other; - + /* do not switch if we have a custom port from mobike/NAT */ me = this->ike_sa->get_my_host(this->ike_sa); if (me->get_port(me) == IKEV2_UDP_PORT) @@ -302,7 +302,7 @@ static status_t process_i(private_ike_natd_t *this, message_t *message) } } } - + return SUCCESS; } @@ -314,18 +314,18 @@ static status_t build_i(private_ike_natd_t *this, message_t *message) notify_payload_t *notify; enumerator_t *enumerator; host_t *host; - + if (this->hasher == NULL) { DBG1(DBG_IKE, "unable to build NATD payloads, SHA1 not supported"); return NEED_MORE; } - + /* destination is always set */ host = message->get_destination(message); notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host); message->add_payload(message, (payload_t*)notify); - + /* source may be any, we have 3 possibilities to get our source address: * 1. It is defined in the config => use the one of the IKE_SA * 2. We do a routing lookup in the kernel interface @@ -374,7 +374,7 @@ static status_t build_r(private_ike_natd_t *this, message_t *message) { notify_payload_t *notify; host_t *me, *other; - + /* only add notifies on successfull responses. */ if (message->get_exchange_type(message) == IKE_SA_INIT && message->get_payload(message, SECURITY_ASSOCIATION) == NULL) @@ -389,12 +389,12 @@ static status_t build_r(private_ike_natd_t *this, message_t *message) DBG1(DBG_IKE, "unable to build NATD payloads, SHA1 not supported"); return SUCCESS; } - + /* initiator seems to support NAT detection, add response */ me = message->get_source(message); notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, me); message->add_payload(message, (payload_t*)notify); - + other = message->get_destination(message); notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, other); message->add_payload(message, (payload_t*)notify); @@ -406,9 +406,9 @@ static status_t build_r(private_ike_natd_t *this, message_t *message) * Implementation of task_t.process for responder */ static status_t process_r(private_ike_natd_t *this, message_t *message) -{ +{ process_payloads(this, message); - + return NEED_MORE; } @@ -460,7 +460,7 @@ ike_natd_t *ike_natd_create(ike_sa_t *ike_sa, bool initiator) this->public.task.get_type = (task_type_t(*)(task_t*))get_type; this->public.task.migrate = (void(*)(task_t*,ike_sa_t*))migrate; this->public.task.destroy = (void(*)(task_t*))destroy; - + if (initiator) { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; @@ -471,9 +471,9 @@ ike_natd_t *ike_natd_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->public.has_mapping_changed = (bool(*)(ike_natd_t*))has_mapping_changed; - + this->ike_sa = ike_sa; this->initiator = initiator; this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); @@ -482,6 +482,6 @@ ike_natd_t *ike_natd_create(ike_sa_t *ike_sa, bool initiator) this->src_matched = FALSE; this->dst_matched = FALSE; this->mapping_changed = FALSE; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_natd.h b/src/charon/sa/tasks/ike_natd.h index 698394842..97b652ead 100644 --- a/src/charon/sa/tasks/ike_natd.h +++ b/src/charon/sa/tasks/ike_natd.h @@ -36,7 +36,7 @@ struct ike_natd_t { * Implements the task_t interface */ task_t task; - + /** * Check if the NAT mapping has changed for our address. * diff --git a/src/charon/sa/tasks/ike_reauth.c b/src/charon/sa/tasks/ike_reauth.c index 80f1b7b8c..ac89c358b 100644 --- a/src/charon/sa/tasks/ike_reauth.c +++ b/src/charon/sa/tasks/ike_reauth.c @@ -25,17 +25,17 @@ typedef struct private_ike_reauth_t private_ike_reauth_t; * Private members of a ike_reauth_t task. */ struct private_ike_reauth_t { - + /** * Public methods and task_t interface. */ ike_reauth_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * reused ike_delete task */ @@ -60,17 +60,17 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) iterator_t *iterator; child_sa_t *child_sa; peer_cfg_t *peer_cfg; - + /* process delete response first */ this->ike_delete->task.process(&this->ike_delete->task, message); peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - + /* reauthenticate only if we have children */ iterator = this->ike_sa->create_child_sa_iterator(this->ike_sa); if (iterator->get_count(iterator) == 0 #ifdef ME - /* we allow a peer to reauth a mediation connection (without CHILD_SA) */ + /* we allow peers to reauth mediation connections (without children) */ && !peer_cfg->is_mediation(peer_cfg) #endif /* ME */ ) @@ -79,9 +79,9 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) iterator->destroy(iterator); return FAILED; } - + new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, TRUE); - + new->set_peer_cfg(new, peer_cfg); host = this->ike_sa->get_other_host(this->ike_sa); new->set_other_host(new, host->clone(host)); @@ -93,7 +93,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) { new->set_virtual_ip(new, TRUE, host); } - + #ifdef ME /* we initiate the new IKE_SA of the mediation connection without CHILD_SA */ if (peer_cfg->is_mediation(peer_cfg)) @@ -109,7 +109,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) } } #endif /* ME */ - + while (iterator->iterate(iterator, (void**)&child_sa)) { switch (child_sa->get_state(child_sa)) @@ -144,7 +144,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message) charon->ike_sa_manager->checkin(charon->ike_sa_manager, new); /* set threads active IKE_SA after checkin */ charon->bus->set_sa(charon->bus, this->ike_sa); - + /* we always return failed to delete the obsolete IKE_SA */ return FAILED; } @@ -187,10 +187,10 @@ ike_reauth_t *ike_reauth_create(ike_sa_t *ike_sa) this->public.task.destroy = (void(*)(task_t*))destroy; this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; - + this->ike_sa = ike_sa; this->ike_delete = ike_delete_create(ike_sa, TRUE); - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/charon/sa/tasks/ike_rekey.c index 3a049b566..a2275e796 100644 --- a/src/charon/sa/tasks/ike_rekey.c +++ b/src/charon/sa/tasks/ike_rekey.c @@ -30,37 +30,37 @@ typedef struct private_ike_rekey_t private_ike_rekey_t; * Private members of a ike_rekey_t task. */ struct private_ike_rekey_t { - + /** * Public methods and task_t interface. */ ike_rekey_t public; - + /** * Assigned IKE_SA. */ ike_sa_t *ike_sa; - + /** * New IKE_SA which replaces the current one */ ike_sa_t *new_sa; - + /** * Are we the initiator? */ bool initiator; - + /** * the IKE_INIT task which is reused to simplify rekeying */ ike_init_t *ike_init; - + /** * IKE_DELETE task to delete the old IKE_SA after rekeying was successful */ ike_delete_t *ike_delete; - + /** * colliding task detected by the task manager */ @@ -74,7 +74,7 @@ static status_t build_i_delete(private_ike_rekey_t *this, message_t *message) { /* update exchange type to INFORMATIONAL for the delete */ message->set_exchange_type(message, INFORMATIONAL); - + return this->ike_delete->task.build(&this->ike_delete->task, message); } @@ -93,13 +93,13 @@ static status_t build_i(private_ike_rekey_t *this, message_t *message) { peer_cfg_t *peer_cfg; host_t *other_host; - + /* create new SA only on first try */ if (this->new_sa == NULL) { this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, TRUE); - + peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); other_host = this->ike_sa->get_other_host(this->ike_sa); this->new_sa->set_peer_cfg(this->new_sa, peer_cfg); @@ -120,7 +120,7 @@ static status_t process_r(private_ike_rekey_t *this, message_t *message) peer_cfg_t *peer_cfg; iterator_t *iterator; child_sa_t *child_sa; - + if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) { DBG1(DBG_IKE, "peer initiated rekeying, but we are deleting"); @@ -144,15 +144,15 @@ static status_t process_r(private_ike_rekey_t *this, message_t *message) } } iterator->destroy(iterator); - + this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, FALSE); - + peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); this->new_sa->set_peer_cfg(this->new_sa, peer_cfg); this->ike_init = ike_init_create(this->new_sa, FALSE, this->ike_sa); this->ike_init->task.process(&this->ike_init->task, message); - + return NEED_MORE; } @@ -167,12 +167,12 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message) message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return SUCCESS; } - + if (this->ike_init->task.build(&this->ike_init->task, message) == FAILED) { return SUCCESS; } - + this->ike_sa->set_state(this->ike_sa, IKE_REKEYING); this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED); DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]", @@ -182,7 +182,7 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message) this->ike_sa->get_my_id(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); - + return SUCCESS; } @@ -191,32 +191,17 @@ static status_t build_r(private_ike_rekey_t *this, message_t *message) */ static status_t process_i(private_ike_rekey_t *this, message_t *message) { - enumerator_t *enumerator; - payload_t *payload; - - /* handle NO_ADDITIONAL_SAS notify */ - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) + if (message->get_notify(message, NO_ADDITIONAL_SAS)) { - if (payload->get_type(payload) == NOTIFY) - { - notify_payload_t *notify = (notify_payload_t*)payload; - - if (notify->get_notify_type(notify) == NO_ADDITIONAL_SAS) - { - DBG1(DBG_IKE, "peer seems to not support IKE rekeying, " - "starting reauthentication"); - this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); - charon->processor->queue_job(charon->processor, - (job_t*)rekey_ike_sa_job_create( - this->ike_sa->get_id(this->ike_sa), TRUE)); - enumerator->destroy(enumerator); - return SUCCESS; - } - } + DBG1(DBG_IKE, "peer seems to not support IKE rekeying, " + "starting reauthentication"); + this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); + charon->processor->queue_job(charon->processor, + (job_t*)rekey_ike_sa_job_create( + this->ike_sa->get_id(this->ike_sa), TRUE)); + return SUCCESS; } - enumerator->destroy(enumerator); - + switch (this->ike_init->task.process(&this->ike_init->task, message)) { case FAILED: @@ -230,7 +215,7 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) job = (job_t*)rekey_ike_sa_job_create( this->ike_sa->get_id(this->ike_sa), FALSE); DBG1(DBG_IKE, "IKE_SA rekeying failed, " - "trying again in %d seconds", retry); + "trying again in %d seconds", retry); this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); charon->scheduler->schedule_job(charon->scheduler, job, retry); } @@ -242,7 +227,7 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) default: break; } - + this->new_sa->set_state(this->new_sa, IKE_ESTABLISHED); DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]", this->new_sa->get_name(this->new_sa), @@ -251,7 +236,7 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) this->ike_sa->get_my_id(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); - + /* check for collisions */ if (this->collision && this->collision->get_type(this->collision) == IKE_REKEY) @@ -259,13 +244,13 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) chunk_t this_nonce, other_nonce; host_t *host; private_ike_rekey_t *other = (private_ike_rekey_t*)this->collision; - + this_nonce = this->ike_init->get_lower_nonce(this->ike_init); other_nonce = other->ike_init->get_lower_nonce(other->ike_init); - + /* if we have the lower nonce, delete rekeyed SA. If not, delete * the redundant. */ - if (memcmp(this_nonce.ptr, other_nonce.ptr, + if (memcmp(this_nonce.ptr, other_nonce.ptr, min(this_nonce.len, other_nonce.len)) < 0) { /* peer should delete this SA. Add a timeout just in case. */ @@ -305,12 +290,12 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message) /* set threads active IKE_SA after checkin */ charon->bus->set_sa(charon->bus, this->ike_sa); } - + /* rekeying successful, delete the IKE_SA using a subtask */ this->ike_delete = ike_delete_create(this->ike_sa, TRUE); this->public.task.build = (status_t(*)(task_t*,message_t*))build_i_delete; this->public.task.process = (status_t(*)(task_t*,message_t*))process_i_delete; - + return NEED_MORE; } @@ -349,7 +334,7 @@ static void migrate(private_ike_rekey_t *this, ike_sa_t *ike_sa) charon->bus->set_sa(charon->bus, this->ike_sa); } DESTROY_IF(this->collision); - + this->collision = NULL; this->ike_sa = ike_sa; this->new_sa = NULL; @@ -412,13 +397,13 @@ ike_rekey_t *ike_rekey_create(ike_sa_t *ike_sa, bool initiator) this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; } - + this->ike_sa = ike_sa; this->new_sa = NULL; this->ike_init = NULL; this->ike_delete = NULL; this->initiator = initiator; this->collision = NULL; - + return &this->public; } diff --git a/src/charon/sa/tasks/ike_rekey.h b/src/charon/sa/tasks/ike_rekey.h index 6748279ab..1c9550768 100644 --- a/src/charon/sa/tasks/ike_rekey.h +++ b/src/charon/sa/tasks/ike_rekey.h @@ -36,7 +36,7 @@ struct ike_rekey_t { * Implements the task_t interface */ task_t task; - + /** * Register a rekeying task which collides with this one. * @@ -54,7 +54,7 @@ struct ike_rekey_t { * * @param ike_sa IKE_SA this task works for * @param initiator TRUE for initiator, FALSE for responder - * @return IKE_REKEY task to handle by the task_manager + * @return IKE_REKEY task to handle by the task_manager */ ike_rekey_t *ike_rekey_create(ike_sa_t *ike_sa, bool initiator); diff --git a/src/charon/sa/tasks/ike_vendor.c b/src/charon/sa/tasks/ike_vendor.c new file mode 100644 index 000000000..7c435b6d1 --- /dev/null +++ b/src/charon/sa/tasks/ike_vendor.c @@ -0,0 +1,139 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ike_vendor.h" + +#include +#include + +typedef struct private_ike_vendor_t private_ike_vendor_t; + +/** + * Private data of an ike_vendor_t object. + */ +struct private_ike_vendor_t { + + /** + * Public ike_vendor_t interface. + */ + ike_vendor_t public; + + /** + * Associated IKE_SA + */ + ike_sa_t *ike_sa; + + /** + * Are we the inititator of this task + */ + bool initiator; +}; + +/** + * strongSwan specific vendor ID without version, MD5("strongSwan") + */ +static chunk_t strongswan_vid = chunk_from_chars( + 0x88,0x2f,0xe5,0x6d,0x6f,0xd2,0x0d,0xbc, + 0x22,0x51,0x61,0x3b,0x2e,0xbe,0x5b,0xeb +); + +METHOD(task_t, build, status_t, + private_ike_vendor_t *this, message_t *message) +{ + if (lib->settings->get_bool(lib->settings, + "charon.send_vendor_id", FALSE)) + { + vendor_id_payload_t *vid; + + vid = vendor_id_payload_create_data(chunk_clone(strongswan_vid)); + message->add_payload(message, &vid->payload_interface); + } + + return this->initiator ? NEED_MORE : SUCCESS; +} + +METHOD(task_t, process, status_t, + private_ike_vendor_t *this, message_t *message) +{ + enumerator_t *enumerator; + payload_t *payload; + + enumerator = message->create_payload_enumerator(message); + while (enumerator->enumerate(enumerator, &payload)) + { + if (payload->get_type(payload) == VENDOR_ID) + { + vendor_id_payload_t *vid; + chunk_t data; + + vid = (vendor_id_payload_t*)payload; + data = vid->get_data(vid); + + if (chunk_equals(data, strongswan_vid)) + { + DBG1(DBG_IKE, "received strongSwan vendor id"); + this->ike_sa->enable_extension(this->ike_sa, EXT_STRONGSWAN); + } + else + { + DBG1(DBG_ENC, "received unknown vendor id: %#B", &data); + } + } + } + enumerator->destroy(enumerator); + + return this->initiator ? SUCCESS : NEED_MORE; +} + +METHOD(task_t, migrate, void, + private_ike_vendor_t *this, ike_sa_t *ike_sa) +{ + this->ike_sa = ike_sa; +} + +METHOD(task_t, get_type, task_type_t, + private_ike_vendor_t *this) +{ + return IKE_VENDOR; +} + +METHOD(task_t, destroy, void, + private_ike_vendor_t *this) +{ + free(this); +} + +/** + * See header + */ +ike_vendor_t *ike_vendor_create(ike_sa_t *ike_sa, bool initiator) +{ + private_ike_vendor_t *this; + + INIT(this, + .public.task = { + .build = _build, + .process = _process, + .migrate = _migrate, + .get_type = _get_type, + .destroy = _destroy, + }, + .initiator = initiator, + .ike_sa = ike_sa, + ); + + return &this->public; +} + diff --git a/src/charon/sa/tasks/ike_vendor.h b/src/charon/sa/tasks/ike_vendor.h new file mode 100644 index 000000000..dcdd37424 --- /dev/null +++ b/src/charon/sa/tasks/ike_vendor.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ike_vendor ike_vendor + * @{ @ingroup tasks + */ + +#ifndef IKE_VENDOR_H_ +#define IKE_VENDOR_H_ + +typedef struct ike_vendor_t ike_vendor_t; + +#include +#include +#include + +/** + * Vendor ID processing task. + */ +struct ike_vendor_t { + + /** + * Implements task interface. + */ + task_t task; +}; + +/** + * Create a ike_vendor instance. + * + * @param ike_sa IKE_SA this task works for + * @param initiator TRUE if thask is the original initator + */ +ike_vendor_t *ike_vendor_create(ike_sa_t *ike_sa, bool initiator); + +#endif /** IKE_VENDOR_H_ @}*/ diff --git a/src/charon/sa/tasks/task.c b/src/charon/sa/tasks/task.c index 9e35b62a5..0d7383141 100644 --- a/src/charon/sa/tasks/task.c +++ b/src/charon/sa/tasks/task.c @@ -30,6 +30,7 @@ ENUM(task_type_names, IKE_INIT, CHILD_REKEY, "IKE_REAUTH", "IKE_DELETE", "IKE_DPD", + "IKE_VENDOR", "IKE_ME", "CHILD_CREATE", "CHILD_DELETE", @@ -49,6 +50,7 @@ ENUM(task_type_names, IKE_INIT, CHILD_REKEY, "IKE_REAUTH", "IKE_DELETE", "IKE_DPD", + "IKE_VENDOR", "CHILD_CREATE", "CHILD_DELETE", "CHILD_REKEY", diff --git a/src/charon/sa/tasks/task.h b/src/charon/sa/tasks/task.h index 3d2014599..4468f2ebe 100644 --- a/src/charon/sa/tasks/task.h +++ b/src/charon/sa/tasks/task.h @@ -57,6 +57,8 @@ enum task_type_t { IKE_DELETE, /** liveness check */ IKE_DPD, + /** Vendor ID processing */ + IKE_VENDOR, #ifdef ME /** handle ME stuff */ IKE_ME, @@ -79,7 +81,7 @@ extern enum_name_t *task_type_names; * * A task is an elemantary operation. It may be handled by a single or by * multiple exchanges. An exchange may even complete multiple tasks. - * A task has a build() and an process() operation. The build() operation + * A task has a build() and an process() operation. The build() operation * creates payloads and adds it to the message. The process() operation * inspects a message and handles its payloads. An initiator of an exchange * first calls build() to build the request, and processes the response message @@ -97,7 +99,7 @@ struct task_t { /** * Build a request or response message for this task. - * + * * @param message message to add payloads to * @return * - FAILED if a critical error occured @@ -109,7 +111,7 @@ struct task_t { /** * Process a request or response message for this task. - * + * * @param message message to read payloads from * @return * - FAILED if a critical error occured @@ -123,7 +125,7 @@ struct task_t { * Get the type of the task implementation. */ task_type_t (*get_type) (task_t *this); - + /** * Migrate a task to a new IKE_SA. * @@ -138,7 +140,7 @@ struct task_t { * @param ike_sa new IKE_SA this task works for */ void (*migrate) (task_t *this, ike_sa_t *ike_sa); - + /** * Destroys a task_t object. */ diff --git a/src/charon/sa/trap_manager.c b/src/charon/sa/trap_manager.c index 570335eb4..ed758995a 100644 --- a/src/charon/sa/trap_manager.c +++ b/src/charon/sa/trap_manager.c @@ -16,7 +16,7 @@ #include "trap_manager.h" #include -#include +#include #include @@ -27,12 +27,12 @@ typedef struct trap_listener_t trap_listener_t; * listener to track acquires */ struct trap_listener_t { - + /** * Implements listener interface */ listener_t listener; - + /** * points to trap_manager */ @@ -43,22 +43,22 @@ struct trap_listener_t { * Private data of an trap_manager_t object. */ struct private_trap_manager_t { - + /** * Public trap_manager_t interface. */ trap_manager_t public; - + /** * Installed traps, as entry_t */ linked_list_t *traps; - + /** * read write lock for traps list */ rwlock_t *lock; - + /** * listener to track acquiring IKE_SAs */ @@ -102,7 +102,7 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer, bool found = FALSE; status_t status; u_int32_t reqid; - + /* check if not already done */ this->lock->read_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); @@ -123,10 +123,10 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer, child->get_name(child)); return 0; } - + /* try to resolve addresses */ ike_cfg = peer->get_ike_cfg(peer); - other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg), + other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg), 0, IKEV2_UDP_PORT); if (!other) { @@ -148,14 +148,14 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer, } me->set_port(me, IKEV2_UDP_PORT); } - + /* create and route CHILD_SA */ child_sa = child_sa_create(me, other, child, 0, FALSE); my_ts = child->get_traffic_selectors(child, TRUE, NULL, me); other_ts = child->get_traffic_selectors(child, FALSE, NULL, other); me->destroy(me); other->destroy(other); - + /* while we don't know the finally negotiated protocol (ESP|AH), we * could iterate all proposals for a best guest (TODO). But as we * support ESP only for now, we set here. */ @@ -170,17 +170,17 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer, DBG1(DBG_CFG, "installing trap failed"); return 0; } - + reqid = child_sa->get_reqid(child_sa); entry = malloc_thing(entry_t); entry->child_sa = child_sa; entry->peer_cfg = peer->get_ref(peer); entry->pending = NULL; - + this->lock->write_lock(this->lock); this->traps->insert_last(this->traps, entry); this->lock->unlock(this->lock); - + return reqid; } @@ -191,7 +191,7 @@ static bool uninstall(private_trap_manager_t *this, u_int32_t reqid) { enumerator_t *enumerator; entry_t *entry, *found = NULL; - + this->lock->write_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) @@ -205,13 +205,13 @@ static bool uninstall(private_trap_manager_t *this, u_int32_t reqid) } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - + if (!found) { DBG1(DBG_CFG, "trap %d not found to uninstall", reqid); return FALSE; } - + destroy_entry(found); return TRUE; } @@ -255,7 +255,7 @@ static void acquire(private_trap_manager_t *this, u_int32_t reqid, peer_cfg_t *peer; child_cfg_t *child; ike_sa_t *ike_sa; - + this->lock->read_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) @@ -267,7 +267,7 @@ static void acquire(private_trap_manager_t *this, u_int32_t reqid, } } enumerator->destroy(enumerator); - + if (!found) { DBG1(DBG_CFG, "trap not found, unable to acquire reqid %d",reqid); @@ -303,37 +303,64 @@ static void acquire(private_trap_manager_t *this, u_int32_t reqid, } /** - * Implementation of listener_t.ike_state_change + * Complete the acquire, if successful or failed */ -static bool ike_state_change(trap_listener_t *listener, ike_sa_t *ike_sa, - ike_sa_state_t state) +static void complete(private_trap_manager_t *this, ike_sa_t *ike_sa, + child_sa_t *child_sa) { - private_trap_manager_t *this; enumerator_t *enumerator; entry_t *entry; - - switch (state) - { - case IKE_ESTABLISHED: - case IKE_DESTROYING: - break; - default: - return TRUE; - } - - this = listener->traps; + this->lock->read_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) { - if (entry->pending == ike_sa) + if (entry->pending != ike_sa) + { + continue; + } + if (child_sa && child_sa->get_reqid(child_sa) != + entry->child_sa->get_reqid(entry->child_sa)) { - entry->pending = NULL; + continue; } + entry->pending = NULL; } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - return TRUE; +} + +/** + * Implementation of listener_t.ike_state_change + */ +static bool ike_state_change(trap_listener_t *listener, ike_sa_t *ike_sa, + ike_sa_state_t state) +{ + switch (state) + { + case IKE_DESTROYING: + complete(listener->traps, ike_sa, NULL); + return TRUE; + default: + return TRUE; + } +} + +/** + * Implementation of listener_t.child_state_change + */ +static bool child_state_change(trap_listener_t *listener, ike_sa_t *ike_sa, + child_sa_t *child_sa, child_sa_state_t state) +{ + switch (state) + { + case CHILD_INSTALLED: + case CHILD_DESTROYING: + complete(listener->traps, ike_sa, child_sa); + return TRUE; + default: + return TRUE; + } } /** @@ -354,22 +381,23 @@ static void destroy(private_trap_manager_t *this) trap_manager_t *trap_manager_create() { private_trap_manager_t *this = malloc_thing(private_trap_manager_t); - + this->public.install = (u_int(*)(trap_manager_t*, peer_cfg_t *peer, child_cfg_t *child))install; this->public.uninstall = (bool(*)(trap_manager_t*, u_int32_t id))uninstall; this->public.create_enumerator = (enumerator_t*(*)(trap_manager_t*))create_enumerator; this->public.acquire = (void(*)(trap_manager_t*, u_int32_t reqid, traffic_selector_t *src, traffic_selector_t *dst))acquire; this->public.destroy = (void(*)(trap_manager_t*))destroy; - + this->traps = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + /* register listener for IKE state changes */ this->listener.traps = this; memset(&this->listener.listener, 0, sizeof(listener_t)); this->listener.listener.ike_state_change = (void*)ike_state_change; + this->listener.listener.child_state_change = (void*)child_state_change; charon->bus->add_listener(charon->bus, &this->listener.listener); - + return &this->public; } diff --git a/src/charon/sa/trap_manager.h b/src/charon/sa/trap_manager.h index cb6907cdc..37b42e2b0 100644 --- a/src/charon/sa/trap_manager.h +++ b/src/charon/sa/trap_manager.h @@ -31,7 +31,7 @@ typedef struct trap_manager_t trap_manager_t; * Manage policies to create SAs from traffic. */ struct trap_manager_t { - + /** * Install a policy as a trap. * @@ -41,7 +41,7 @@ struct trap_manager_t { */ u_int32_t (*install)(trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child); - + /** * Uninstall a trap policy. * @@ -49,14 +49,14 @@ struct trap_manager_t { * @return TRUE if uninstalled successfully */ bool (*uninstall)(trap_manager_t *this, u_int32_t reqid); - + /** * Create an enumerator over all installed traps. * * @return enumerator over (peer_cfg_t, child_sa_t) */ enumerator_t* (*create_enumerator)(trap_manager_t *this); - + /** * Acquire an SA triggered by an installed trap. * @@ -66,7 +66,7 @@ struct trap_manager_t { */ void (*acquire)(trap_manager_t *this, u_int32_t reqid, traffic_selector_t *src, traffic_selector_t *dst); - + /** * Destroy a trap_manager_t. */ @@ -78,4 +78,4 @@ struct trap_manager_t { */ trap_manager_t *trap_manager_create(); -#endif /* TRAP_MANAGER_ @}*/ +#endif /** TRAP_MANAGER_H_ @}*/ diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index bd42c231f..d0413e64e 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -25,11 +25,12 @@ endif if USE_TOOLS libs += $(top_builddir)/src/openac/.libs/openac + libs += $(top_builddir)/src/pki/.libs/pki libs += $(top_builddir)/src/scepclient/.libs/scepclient endif -if USE_SQL - libs += $(top_builddir)/src/charon/plugins/sql/.libs/pool +if USE_ATTR_SQL + libs += $(top_builddir)/src/libstrongswan/plugins/attr_sql/.libs/pool endif checksum.c : checksum_builder $(libs) diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index 4d38df2dd..6769c2601 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -17,8 +18,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -38,24 +40,47 @@ noinst_PROGRAMS = checksum_builder$(EXEEXT) @USE_PLUTO_TRUE@am__append_2 = $(top_builddir)/src/pluto/.libs/pluto @USE_TOOLS_TRUE@am__append_3 = \ @USE_TOOLS_TRUE@ $(top_builddir)/src/openac/.libs/openac \ +@USE_TOOLS_TRUE@ $(top_builddir)/src/pki/.libs/pki \ @USE_TOOLS_TRUE@ $(top_builddir)/src/scepclient/.libs/scepclient -@USE_SQL_TRUE@am__append_4 = $(top_builddir)/src/charon/plugins/sql/.libs/pool +@USE_ATTR_SQL_TRUE@am__append_4 = $(top_builddir)/src/libstrongswan/plugins/attr_sql/.libs/pool subdir = src/checksum DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(ipsecdir)" -ipsecLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(ipsec_LTLIBRARIES) libchecksum_la_LIBADD = nodist_libchecksum_la_OBJECTS = checksum.lo @@ -71,6 +96,7 @@ checksum_builder_DEPENDENCIES = \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -118,25 +144,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -148,11 +171,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -181,9 +207,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -206,7 +232,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -214,6 +240,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -222,10 +249,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -233,6 +262,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ ipsec_LTLIBRARIES = libchecksum.la @@ -262,9 +292,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/checksum/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/checksum/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/checksum/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/checksum/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -282,23 +312,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecLTLIBRARIES: $(ipsec_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_LTLIBRARIES)'; for p in $$list; do \ + @list='$(ipsec_LTLIBRARIES)'; test -n "$(ipsecdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(ipsecdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipsecdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipsecdir)"; \ + } uninstall-ipsecLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(ipsec_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipsecdir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipsecdir)/$$p"; \ + @list='$(ipsec_LTLIBRARIES)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ done clean-ipsecLTLIBRARIES: @@ -313,11 +348,13 @@ libchecksum.la: $(libchecksum_la_OBJECTS) $(libchecksum_la_DEPENDENCIES) $(libchecksum_la_LINK) -rpath $(ipsecdir) $(libchecksum_la_OBJECTS) $(libchecksum_la_LIBADD) $(LIBS) clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list checksum_builder$(EXEEXT): $(checksum_builder_OBJECTS) $(checksum_builder_DEPENDENCIES) @rm -f checksum_builder$(EXEEXT) $(LINK) $(checksum_builder_OBJECTS) $(checksum_builder_LDADD) $(LIBS) @@ -333,21 +370,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -370,7 +407,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -378,29 +415,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -421,13 +463,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -461,6 +507,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -483,6 +530,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -491,18 +540,28 @@ install-data-am: install-ipsecLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -525,7 +584,7 @@ ps-am: uninstall-am: uninstall-ipsecLTLIBRARIES -.MAKE: install-am install-strip +.MAKE: all check install install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-ipsecLTLIBRARIES clean-libtool clean-noinstPROGRAMS \ @@ -545,6 +604,7 @@ uninstall-am: uninstall-ipsecLTLIBRARIES checksum.c : checksum_builder $(libs) ./checksum_builder $(libs) > checksum.c + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c index a713eb526..54f4539ff 100644 --- a/src/checksum/checksum_builder.c +++ b/src/checksum/checksum_builder.c @@ -28,14 +28,14 @@ int main(int argc, char* argv[]) { int i; integrity_checker_t *integrity; - + /* avoid confusing leak reports in build process */ setenv("LEAK_DETECTIVE_DISABLE", "1", 0); library_init(NULL); atexit(library_deinit); - + integrity = integrity_checker_create(NULL); - + printf("/**\n"); printf(" * checksums of files and loaded code segments.\n"); printf(" * created by %s\n", argv[0]); @@ -55,7 +55,7 @@ int main(int argc, char* argv[]) size_t ssize = 0; path = argv[i]; - + if ((name = strstr(path, "libstrongswan-"))) { name = strdup(name + strlen("libstrongswan-")); @@ -89,12 +89,16 @@ int main(int argc, char* argv[]) { name = strdup("scepclient\","); } + else if (strstr(path, "pki")) + { + name = strdup("pki\","); + } else { fprintf(stderr, "don't know how to handle '%s', ignored", path); continue; } - + fsum = integrity->build_file(integrity, path, &fsize); ssum = 0; if (sname) @@ -120,7 +124,7 @@ int main(int argc, char* argv[]) } printf("\t{\"%-20s%7u, 0x%08x, %6u, 0x%08x},\n", name, fsize, fsum, ssize, ssum); - fprintf(stderr, "\"%-20s%7u / 0x%08x %6u / 0x%08x\n", + fprintf(stderr, "\"%-20s%7u / 0x%08x %6u / 0x%08x\n", name, fsize, fsum, ssize, ssum); free(name); } @@ -129,7 +133,7 @@ int main(int argc, char* argv[]) printf("int checksum_count = countof(checksums);\n"); printf("\n"); integrity->destroy(integrity); - + exit(0); } diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index 817e31104..8bc08e2c1 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -17,8 +18,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -37,26 +39,47 @@ ipsec_PROGRAMS = dumm$(EXEEXT) irdumm$(EXEEXT) subdir = src/dumm DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(ipsecdir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) libdumm_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la am_libdumm_la_OBJECTS = dumm.lo guest.lo iface.lo bridge.lo \ mconsole.lo cowfs.lo libdumm_la_OBJECTS = $(am_libdumm_la_OBJECTS) -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(ipsec_PROGRAMS) am_dumm_OBJECTS = main.$(OBJEXT) dumm_OBJECTS = $(am_dumm_OBJECTS) @@ -68,6 +91,7 @@ irdumm_DEPENDENCIES = libdumm.la DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -115,25 +139,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -145,11 +166,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -178,9 +202,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -203,7 +227,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -211,6 +235,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -219,10 +244,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -230,6 +257,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ EXTRA_DIST = ext/dumm.c ext/README \ @@ -263,9 +291,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/dumm/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/dumm/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/dumm/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/dumm/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -283,23 +311,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -315,31 +348,46 @@ libdumm.la: $(libdumm_la_OBJECTS) $(libdumm_la_DEPENDENCIES) install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list dumm$(EXEEXT): $(dumm_OBJECTS) $(dumm_DEPENDENCIES) @rm -f dumm$(EXEEXT) $(LINK) $(dumm_OBJECTS) $(dumm_LDADD) $(LIBS) @@ -364,21 +412,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -401,7 +449,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -409,29 +457,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -452,13 +505,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -489,6 +546,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -510,6 +568,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -518,18 +578,28 @@ install-data-am: install-data-local install-ipsecPROGRAMS install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libLTLIBRARIES install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -583,6 +653,7 @@ ext: libdumm.la (cd ext && $(RUBY) extconf.rb && $(MAKE)) .PHONY: ext + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/dumm/bridge.c b/src/dumm/bridge.c index 209e54fc1..592fecefd 100644 --- a/src/dumm/bridge.c +++ b/src/dumm/bridge.c @@ -36,7 +36,7 @@ struct private_bridge_t { * defined in iface.c */ bool iface_control(char *name, bool up); - + /** * Implementation of bridge_t.get_name. */ @@ -149,7 +149,7 @@ static void destroy(private_bridge_t *this) bridge_t *bridge_create(char *name) { private_bridge_t *this; - + if (instances == 0) { if (br_init() != 0) @@ -158,7 +158,7 @@ bridge_t *bridge_create(char *name) return NULL; } } - + this = malloc_thing(private_bridge_t); this->public.get_name = (char*(*)(bridge_t*))get_name; this->public.create_iface_enumerator = (enumerator_t*(*)(bridge_t*))create_iface_enumerator; diff --git a/src/dumm/bridge.h b/src/dumm/bridge.h index 37b22a03e..c557de994 100644 --- a/src/dumm/bridge.h +++ b/src/dumm/bridge.h @@ -27,14 +27,14 @@ typedef struct bridge_t bridge_t; * Interface in a guest, connected to a tap device on the host. */ struct bridge_t { - + /** * Get the name of the bridge. * * @return name of the bridge */ char* (*get_name)(bridge_t *this); - + /** * Add an interface to a bridge. * @@ -42,7 +42,7 @@ struct bridge_t { * @return TRUE if interface added */ bool (*connect_iface)(bridge_t *this, iface_t *iface); - + /** * Remove an interface from a bridge. * @@ -50,14 +50,14 @@ struct bridge_t { * @return TRUE if interface removed */ bool (*disconnect_iface)(bridge_t *this, iface_t *iface); - + /** * Create an enumerator over all interfaces. * * @return enumerator over iface_t's */ - enumerator_t* (*create_iface_enumerator)(bridge_t *this); - + enumerator_t* (*create_iface_enumerator)(bridge_t *this); + /** * Destroy a bridge */ diff --git a/src/dumm/cowfs.c b/src/dumm/cowfs.c index 69f008976..f7b6b0cf3 100644 --- a/src/dumm/cowfs.c +++ b/src/dumm/cowfs.c @@ -29,12 +29,12 @@ #include #include #include -#include #include "cowfs.h" #include #include +#include /** define _XOPEN_SOURCE 500 fails when using libstrongswan, define popen */ extern ssize_t pread(int fd, void *buf, size_t count, off_t offset); @@ -64,7 +64,7 @@ struct private_cowfs_t { /** optional COW overlay */ int over_fd; /** thread processing FUSE */ - pthread_t thread; + thread_t *thread; }; /** @@ -96,7 +96,7 @@ static void rel(const char **path) static int get_rd(const char *path) { private_cowfs_t *this = get_this(); - + if (this->over_fd > 0 && faccessat(this->over_fd, path, F_OK, 0) == 0) { return this->over_fd; @@ -130,7 +130,7 @@ static bool clone_path(int rd, int wr, const char *path) struct stat st; full = strdupa(path); pos = full; - + while ((pos = strchr(pos, '/'))) { *pos = '\0'; @@ -162,10 +162,10 @@ static int copy(const char *path) int rd, wr; int from, to; struct stat st; - + rd = get_rd(path); wr = get_wr(path); - + if (rd == wr) { /* already writeable */ @@ -223,7 +223,7 @@ static int copy(const char *path) static int cowfs_getattr(const char *path, struct stat *stbuf) { rel(&path); - + if (fstatat(get_rd(path), path, stbuf, AT_SYMLINK_NOFOLLOW) < 0) { return -errno; @@ -237,7 +237,7 @@ static int cowfs_getattr(const char *path, struct stat *stbuf) static int cowfs_access(const char *path, int mask) { rel(&path); - + if (faccessat(get_rd(path), path, mask, 0) < 0) { return -errno; @@ -251,9 +251,9 @@ static int cowfs_access(const char *path, int mask) static int cowfs_readlink(const char *path, char *buf, size_t size) { int res; - + rel(&path); - + res = readlinkat(get_rd(path), path, buf, size - 1); if (res < 0) { @@ -269,16 +269,16 @@ static int cowfs_readlink(const char *path, char *buf, size_t size) static DIR* get_dir(char *dir, const char *subdir) { char *full; - + if (dir == NULL) { return NULL; } - + full = alloca(strlen(dir) + strlen(subdir) + 1); strcpy(full, dir); strcat(full, subdir); - + return opendir(full); } @@ -290,7 +290,7 @@ static bool contains_dir(DIR *d, char *dirname) if (d) { struct dirent *ent; - + rewinddir(d); while ((ent = readdir(d))) { @@ -313,13 +313,13 @@ static int cowfs_readdir(const char *path, void *buf, fuse_fill_dir_t filler, DIR *d1, *d2, *d3; struct stat st; struct dirent *ent; - + memset(&st, 0, sizeof(st)); - + d1 = get_dir(this->master, path); d2 = get_dir(this->host, path); d3 = get_dir(this->over, path); - + if (d1) { while ((ent = readdir(d1))) @@ -369,13 +369,13 @@ static int cowfs_mknod(const char *path, mode_t mode, dev_t rdev) { int fd; rel(&path); - + fd = get_wr(path); if (!clone_path(get_rd(path), fd, path)) { return -errno; } - + if (mknodat(fd, path, mode, rdev) < 0) { return -errno; @@ -390,7 +390,7 @@ static int cowfs_mkdir(const char *path, mode_t mode) { int fd; rel(&path); - + fd = get_wr(path); if (!clone_path(get_rd(path), fd, path)) { @@ -409,7 +409,7 @@ static int cowfs_mkdir(const char *path, mode_t mode) static int cowfs_unlink(const char *path) { rel(&path); - + /* TODO: whiteout master */ if (unlinkat(get_wr(path), path, 0) < 0) { @@ -424,7 +424,7 @@ static int cowfs_unlink(const char *path) static int cowfs_rmdir(const char *path) { rel(&path); - + /* TODO: whiteout master */ if (unlinkat(get_wr(path), path, AT_REMOVEDIR) < 0) { @@ -440,10 +440,10 @@ static int cowfs_symlink(const char *from, const char *to) { int fd; const char *fromrel = from; - + rel(&to); rel(&fromrel); - + fd = get_wr(to); if (!clone_path(get_rd(fromrel), fd, fromrel)) { @@ -462,10 +462,10 @@ static int cowfs_symlink(const char *from, const char *to) static int cowfs_rename(const char *from, const char *to) { int fd; - + rel(&from); rel(&to); - + fd = copy(from); if (fd < 0) { @@ -484,13 +484,13 @@ static int cowfs_rename(const char *from, const char *to) static int cowfs_link(const char *from, const char *to) { int rd, wr; - + rel(&from); rel(&to); - + rd = get_rd(from); wr = get_wr(to); - + if (!clone_path(rd, wr, to)) { DBG1("cloning path '%s' failed", to); @@ -511,7 +511,7 @@ static int cowfs_chmod(const char *path, mode_t mode) { int fd; struct stat st; - + rel(&path); fd = get_rd(path); if (fstatat(fd, path, &st, 0) < 0) @@ -541,7 +541,7 @@ static int cowfs_chown(const char *path, uid_t uid, gid_t gid) { int fd; struct stat st; - + rel(&path); fd = get_rd(path); if (fstatat(fd, path, &st, 0) < 0) @@ -571,7 +571,7 @@ static int cowfs_truncate(const char *path, off_t size) { int fd; struct stat st; - + rel(&path); fd = get_rd(path); if (fstatat(fd, path, &st, 0) < 0) @@ -608,19 +608,19 @@ static int cowfs_utimens(const char *path, const struct timespec ts[2]) { struct timeval tv[2]; int fd; - + rel(&path); fd = copy(path); if (fd < 0) { return -errno; } - + tv[0].tv_sec = ts[0].tv_sec; tv[0].tv_usec = ts[0].tv_nsec / 1000; tv[1].tv_sec = ts[1].tv_sec; tv[1].tv_usec = ts[1].tv_nsec / 1000; - + if (futimesat(fd, path, tv) < 0) { return -errno; @@ -634,10 +634,10 @@ static int cowfs_utimens(const char *path, const struct timespec ts[2]) static int cowfs_open(const char *path, struct fuse_file_info *fi) { int fd; - + rel(&path); fd = get_rd(path); - + fd = openat(fd, path, fi->flags); if (fd < 0) { @@ -654,17 +654,17 @@ static int cowfs_read(const char *path, char *buf, size_t size, off_t offset, struct fuse_file_info *fi) { int file, fd, res; - + rel(&path); - + fd = get_rd(path); - + file = openat(fd, path, O_RDONLY); if (file < 0) { return -errno; } - + res = pread(file, buf, size, offset); if (res < 0) { @@ -681,9 +681,9 @@ static int cowfs_write(const char *path, const char *buf, size_t size, off_t offset, struct fuse_file_info *fi) { int file, fd, res; - + rel(&path); - + fd = copy(path); if (fd < 0) { @@ -709,25 +709,25 @@ static int cowfs_write(const char *path, const char *buf, size_t size, static int cowfs_statfs(const char *path, struct statvfs *stbuf) { int fd; - + fd = get_rd(path); if (fstatvfs(fd, stbuf) < 0) { return -errno; } - + return 0; } -/** +/** * FUSE init method */ static void *cowfs_init(struct fuse_conn_info *conn) { struct fuse_context *ctx; - + ctx = fuse_get_context(); - + return ctx->private_data; } @@ -792,7 +792,7 @@ static void destroy(private_cowfs_t *this) { fuse_exit(this->fuse); fuse_unmount(this->mount, this->chan); - pthread_join(this->thread, NULL); + this->thread->join(this->thread); fuse_destroy(this->fuse); free(this->mount); free(this->master); @@ -814,10 +814,10 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount) { struct fuse_args args = {0, NULL, 0}; private_cowfs_t *this = malloc_thing(private_cowfs_t); - + this->public.set_overlay = (bool(*)(cowfs_t*, char *path))set_overlay; this->public.destroy = (void(*)(cowfs_t*))destroy; - + this->master_fd = open(master, O_RDONLY | O_DIRECTORY); if (this->master_fd < 0) { @@ -834,7 +834,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount) return NULL; } this->over_fd = -1; - + this->chan = fuse_mount(mount, &args); if (this->chan == NULL) { @@ -844,7 +844,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount) free(this); return NULL; } - + this->fuse = fuse_new(this->chan, &args, &cowfs_operations, sizeof(cowfs_operations), this); if (this->fuse == NULL) @@ -856,13 +856,14 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount) free(this); return NULL; } - + this->mount = strdup(mount); this->master = strdup(master); this->host = strdup(host); this->over = NULL; - - if (pthread_create(&this->thread, NULL, (void*)fuse_loop, this->fuse) != 0) + + this->thread = thread_create((thread_main_t)fuse_loop, this->fuse); + if (!this->thread) { DBG1("creating thread to handle FUSE failed"); fuse_unmount(mount, this->chan); @@ -874,7 +875,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount) free(this); return NULL; } - + return &this->public; } diff --git a/src/dumm/cowfs.h b/src/dumm/cowfs.h index bb589f158..d430597a8 100644 --- a/src/dumm/cowfs.h +++ b/src/dumm/cowfs.h @@ -25,7 +25,7 @@ typedef struct cowfs_t cowfs_t; * */ struct cowfs_t { - + /** * Set an additional copy on write overlay. * @@ -33,7 +33,7 @@ struct cowfs_t { * @return FALSE if failed */ bool (*set_overlay)(cowfs_t *this, char *path); - + /** * Stop, umount and destroy a cowfs FUSE filesystem. */ diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c index 2cb1235e1..0e8ab43f3 100644 --- a/src/dumm/dumm.c +++ b/src/dumm/dumm.c @@ -52,11 +52,11 @@ struct private_dumm_t { /** * Implementation of dumm_t.create_guest. */ -static guest_t* create_guest(private_dumm_t *this, char *name, char *kernel, +static guest_t* create_guest(private_dumm_t *this, char *name, char *kernel, char *master, char *args) { guest_t *guest; - + guest = guest_create(this->guest_dir, name, kernel, master, args); if (guest) { @@ -82,7 +82,7 @@ static void delete_guest(private_dumm_t *this, guest_t *guest) { char buf[512]; int len; - + len = snprintf(buf, sizeof(buf), "rm -Rf %s/%s", this->guest_dir, guest->get_name(guest)); guest->destroy(guest); @@ -99,7 +99,7 @@ static void delete_guest(private_dumm_t *this, guest_t *guest) static bridge_t* create_bridge(private_dumm_t *this, char *name) { bridge_t *bridge; - + bridge = bridge_create(name); if (bridge) { @@ -128,16 +128,16 @@ static void delete_bridge(private_dumm_t *this, bridge_t *bridge) } /** - * disable the currently enabled template + * disable the currently enabled template */ static void clear_template(private_dumm_t *this) { enumerator_t *enumerator; guest_t *guest; - + free(this->template); this->template = NULL; - + enumerator = this->guests->create_enumerator(this->guests); while (enumerator->enumerate(enumerator, (void**)&guest)) { @@ -153,9 +153,9 @@ static bool load_template(private_dumm_t *this, char *dir) { enumerator_t *enumerator; guest_t *guest; - + clear_template(this); - + if (dir == NULL) { return TRUE; @@ -165,7 +165,7 @@ static bool load_template(private_dumm_t *this, char *dir) DBG1("template directory string '%s' is too long", dir); return FALSE; } - + if (asprintf(&this->template, "%s/%s", TEMPLATE_DIR, dir) < 0) { this->template = NULL; @@ -210,7 +210,7 @@ static bool template_enumerate(template_enumerator_t *this, char **template) { struct stat st; char *rel; - + while (this->inner->enumerate(this->inner, &rel, NULL, &st)) { if (S_ISDIR(st.st_mode) && *rel != '.') @@ -237,12 +237,12 @@ static void template_enumerator_destroy(template_enumerator_t *this) static enumerator_t* create_template_enumerator(private_dumm_t *this) { template_enumerator_t *enumerator; - + enumerator = malloc_thing(template_enumerator_t); enumerator->public.enumerate = (void*)template_enumerate; enumerator->public.destroy = (void*)template_enumerator_destroy; enumerator->inner = enumerator_create_directory(TEMPLATE_DIR); - + return &enumerator->public; } @@ -253,16 +253,16 @@ static void destroy(private_dumm_t *this) { enumerator_t *enumerator; guest_t *guest; - + this->bridges->destroy_offset(this->bridges, offsetof(bridge_t, destroy)); - + enumerator = this->guests->create_enumerator(this->guests); while (enumerator->enumerate(enumerator, (void**)&guest)) { guest->stop(guest, NULL); } enumerator->destroy(enumerator); - + while (this->guests->remove_last(this->guests, (void**)&guest) == SUCCESS) { guest->destroy(guest); @@ -282,13 +282,13 @@ static void load_guests(private_dumm_t *this) DIR *dir; struct dirent *ent; guest_t *guest; - + dir = opendir(this->guest_dir); if (dir == NULL) { return; } - + while ((ent = readdir(dir))) { if (*ent->d_name == '.') @@ -315,7 +315,7 @@ dumm_t *dumm_create(char *dir) { char cwd[PATH_MAX]; private_dumm_t *this = malloc_thing(private_dumm_t); - + this->public.create_guest = (guest_t*(*)(dumm_t*,char*,char*,char*,char*))create_guest; this->public.create_guest_enumerator = (enumerator_t*(*)(dumm_t*))create_guest_enumerator; this->public.delete_guest = (void(*)(dumm_t*,guest_t*))delete_guest; @@ -325,7 +325,7 @@ dumm_t *dumm_create(char *dir) this->public.load_template = (bool(*)(dumm_t*, char *name))load_template; this->public.create_template_enumerator = (enumerator_t*(*)(dumm_t*))create_template_enumerator; this->public.destroy = (void(*)(dumm_t*))destroy; - + if (dir && *dir == '/') { this->dir = strdup(dir); @@ -356,7 +356,7 @@ dumm_t *dumm_create(char *dir) } this->guests = linked_list_create(); this->bridges = linked_list_create(); - + if (this->dir == NULL || this->guest_dir == NULL || (mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST)) { @@ -364,7 +364,7 @@ dumm_t *dumm_create(char *dir) destroy(this); return NULL; } - + load_guests(this); return &this->public; } diff --git a/src/dumm/dumm.h b/src/dumm/dumm.h index 5f2e0542a..54c3fbc03 100644 --- a/src/dumm/dumm.h +++ b/src/dumm/dumm.h @@ -43,23 +43,23 @@ struct dumm_t { * @param args additional args to pass to kernel * @return guest if started, NULL if failed */ - guest_t* (*create_guest) (dumm_t *this, char *name, char *kernel, + guest_t* (*create_guest) (dumm_t *this, char *name, char *kernel, char *master, char *args); - + /** * Create an enumerator over all guests. * * @return enumerator over guest_t's */ enumerator_t* (*create_guest_enumerator) (dumm_t *this); - + /** * Delete a guest from disk. * * @param guest guest to destroy */ void (*delete_guest) (dumm_t *this, guest_t *guest); - + /** * Create a new bridge. * @@ -67,21 +67,21 @@ struct dumm_t { * @return created bridge */ bridge_t* (*create_bridge)(dumm_t *this, char *name); - + /** * Create an enumerator over all bridges. * * @return enumerator over bridge_t's */ enumerator_t* (*create_bridge_enumerator)(dumm_t *this); - + /** * Delete a bridge. * * @param bridge bridge to destroy */ void (*delete_bridge) (dumm_t *this, bridge_t *bridge); - + /** * Loads a template, create a new one if it does not exist. * @@ -89,14 +89,14 @@ struct dumm_t { * @return FALSE if load/create failed */ bool (*load_template)(dumm_t *this, char *dir); - + /** * Create an enumerator over all available templates. * * @return enumerator over char* */ enumerator_t* (*create_template_enumerator)(dumm_t *this); - + /** * stop all guests and destroy the modeler */ diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c index f7caf252d..230e8ae68 100644 --- a/src/dumm/ext/dumm.c +++ b/src/dumm/ext/dumm.c @@ -29,6 +29,7 @@ #undef PACKAGE_VERSION #undef PACKAGE_STRING #undef PACKAGE_BUGREPORT +#undef PACKAGE_URL #include static dumm_t *dumm; @@ -45,7 +46,7 @@ static VALUE rbc_template; static pid_t invoke(void *null, guest_t *guest, char *args[], int argc) { pid_t pid; - + pid = fork(); switch (pid) { @@ -71,7 +72,7 @@ static void sigchld_handler(int signal, siginfo_t *info, void* ptr) { enumerator_t *enumerator; guest_t *guest; - + enumerator = dumm->create_guest_enumerator(dumm); while (enumerator->enumerate(enumerator, &guest)) { @@ -91,7 +92,7 @@ static VALUE guest_find(VALUE class, VALUE key) { enumerator_t *enumerator; guest_t *guest, *found = NULL; - + if (TYPE(key) == T_SYMBOL) { key = rb_convert_type(key, T_STRING, "String", "to_s"); @@ -128,7 +129,7 @@ static VALUE guest_each(int argc, VALUE *argv, VALUE class) linked_list_t *list; enumerator_t *enumerator; guest_t *guest; - + if (!rb_block_given_p()) { rb_raise(rb_eArgError, "must be called with a block"); @@ -152,7 +153,7 @@ static VALUE guest_new(VALUE class, VALUE name, VALUE kernel, VALUE master, VALUE args) { guest_t *guest; - + guest = dumm->create_guest(dumm, StringValuePtr(name), StringValuePtr(kernel), StringValuePtr(master), StringValuePtr(args)); if (!guest) @@ -165,7 +166,7 @@ static VALUE guest_new(VALUE class, VALUE name, VALUE kernel, static VALUE guest_to_s(VALUE self) { guest_t *guest; - + Data_Get_Struct(self, guest_t, guest); return rb_str_new2(guest->get_name(guest)); } @@ -173,9 +174,9 @@ static VALUE guest_to_s(VALUE self) static VALUE guest_start(VALUE self) { guest_t *guest; - + Data_Get_Struct(self, guest_t, guest); - + if (!guest->start(guest, invoke, NULL, NULL)) { rb_raise(rb_eRuntimeError, "starting guest failed"); @@ -186,7 +187,7 @@ static VALUE guest_start(VALUE self) static VALUE guest_stop(VALUE self) { guest_t *guest; - + Data_Get_Struct(self, guest_t, guest); guest->stop(guest, NULL); return self; @@ -195,7 +196,7 @@ static VALUE guest_stop(VALUE self) static VALUE guest_running(VALUE self) { guest_t *guest; - + Data_Get_Struct(self, guest_t, guest); return guest->get_pid(guest) ? Qtrue : Qfalse; } @@ -210,7 +211,7 @@ static VALUE guest_exec(VALUE self, VALUE cmd) guest_t *guest; bool block; int ret; - + block = rb_block_given_p(); Data_Get_Struct(self, guest_t, guest); if ((ret = guest->exec_str(guest, block ? (void*)exec_cb : NULL, TRUE, NULL, @@ -226,7 +227,7 @@ static VALUE guest_mconsole(VALUE self, VALUE cmd) guest_t *guest; bool block; int ret; - + block = rb_block_given_p(); Data_Get_Struct(self, guest_t, guest); if ((ret = guest->exec_str(guest, block ? (void*)exec_cb : NULL, TRUE, NULL, @@ -241,7 +242,7 @@ static VALUE guest_add_iface(VALUE self, VALUE name) { guest_t *guest; iface_t *iface; - + Data_Get_Struct(self, guest_t, guest); iface = guest->create_iface(guest, StringValuePtr(name)); if (!iface) @@ -256,7 +257,7 @@ static VALUE guest_find_iface(VALUE self, VALUE key) enumerator_t *enumerator; iface_t *iface, *found = NULL; guest_t *guest; - + if (TYPE(key) == T_SYMBOL) { key = rb_convert_type(key, T_STRING, "String", "to_s"); @@ -295,7 +296,7 @@ static VALUE guest_each_iface(int argc, VALUE *argv, VALUE self) linked_list_t *list; guest_t *guest; iface_t *iface; - + if (!rb_block_given_p()) { rb_raise(rb_eArgError, "must be called with a block"); @@ -319,7 +320,7 @@ static VALUE guest_each_iface(int argc, VALUE *argv, VALUE self) static VALUE guest_delete(VALUE self) { guest_t *guest; - + Data_Get_Struct(self, guest_t, guest); if (guest->get_pid(guest)) { @@ -334,13 +335,13 @@ static void guest_init() rbc_guest = rb_define_class_under(rbm_dumm , "Guest", rb_cObject); rb_include_module(rb_class_of(rbc_guest), rb_mEnumerable); rb_include_module(rbc_guest, rb_mEnumerable); - + rb_define_singleton_method(rbc_guest, "[]", guest_get, 1); rb_define_singleton_method(rbc_guest, "each", guest_each, -1); rb_define_singleton_method(rbc_guest, "new", guest_new, 4); rb_define_singleton_method(rbc_guest, "include?", guest_find, 1); rb_define_singleton_method(rbc_guest, "guest?", guest_find, 1); - + rb_define_method(rbc_guest, "to_s", guest_to_s, 0); rb_define_method(rbc_guest, "start", guest_start, 0); rb_define_method(rbc_guest, "stop", guest_stop, 0); @@ -362,7 +363,7 @@ static VALUE bridge_find(VALUE class, VALUE key) { enumerator_t *enumerator; bridge_t *bridge, *found = NULL; - + if (TYPE(key) == T_SYMBOL) { key = rb_convert_type(key, T_STRING, "String", "to_s"); @@ -399,7 +400,7 @@ static VALUE bridge_each(int argc, VALUE *argv, VALUE class) enumerator_t *enumerator; linked_list_t *list; bridge_t *bridge; - + if (!rb_block_given_p()) { rb_raise(rb_eArgError, "must be called with a block"); @@ -423,7 +424,7 @@ static VALUE bridge_new(VALUE class, VALUE name) { bridge_t *bridge; - + bridge = dumm->create_bridge(dumm, StringValuePtr(name)); if (!bridge) { @@ -435,7 +436,7 @@ static VALUE bridge_new(VALUE class, VALUE name) static VALUE bridge_to_s(VALUE self) { bridge_t *bridge; - + Data_Get_Struct(self, bridge_t, bridge); return rb_str_new2(bridge->get_name(bridge)); } @@ -446,7 +447,7 @@ static VALUE bridge_each_iface(int argc, VALUE *argv, VALUE self) linked_list_t *list; bridge_t *bridge; iface_t *iface; - + if (!rb_block_given_p()) { rb_raise(rb_eArgError, "must be called with a block"); @@ -470,7 +471,7 @@ static VALUE bridge_each_iface(int argc, VALUE *argv, VALUE self) static VALUE bridge_delete(VALUE self) { bridge_t *bridge; - + Data_Get_Struct(self, bridge_t, bridge); dumm->delete_bridge(dumm, bridge); return Qnil; @@ -481,13 +482,13 @@ static void bridge_init() rbc_bridge = rb_define_class_under(rbm_dumm , "Bridge", rb_cObject); rb_include_module(rb_class_of(rbc_bridge), rb_mEnumerable); rb_include_module(rbc_bridge, rb_mEnumerable); - + rb_define_singleton_method(rbc_bridge, "[]", bridge_get, 1); rb_define_singleton_method(rbc_bridge, "each", bridge_each, -1); rb_define_singleton_method(rbc_bridge, "new", bridge_new, 1); rb_define_singleton_method(rbc_bridge, "include?", bridge_find, 1); rb_define_singleton_method(rbc_bridge, "bridge?", bridge_find, 1); - + rb_define_method(rbc_bridge, "to_s", bridge_to_s, 0); rb_define_method(rbc_bridge, "each", bridge_each_iface, -1); rb_define_method(rbc_bridge, "delete", bridge_delete, 0); @@ -499,7 +500,7 @@ static void bridge_init() static VALUE iface_to_s(VALUE self) { iface_t *iface; - + Data_Get_Struct(self, iface_t, iface); return rb_str_new2(iface->get_hostif(iface)); } @@ -508,7 +509,7 @@ static VALUE iface_connect(VALUE self, VALUE vbridge) { iface_t *iface; bridge_t *bridge; - + Data_Get_Struct(self, iface_t, iface); Data_Get_Struct(vbridge, bridge_t, bridge); if (!bridge->connect_iface(bridge, iface)) @@ -522,7 +523,7 @@ static VALUE iface_disconnect(VALUE self) { iface_t *iface; bridge_t *bridge; - + Data_Get_Struct(self, iface_t, iface); bridge = iface->get_bridge(iface); if (!bridge || !bridge->disconnect_iface(bridge, iface)) @@ -536,7 +537,7 @@ static VALUE iface_add_addr(VALUE self, VALUE name) { iface_t *iface; host_t *addr; - + addr = host_create_from_string(StringValuePtr(name), 0); if (!addr) { @@ -563,7 +564,7 @@ static VALUE iface_each_addr(int argc, VALUE *argv, VALUE self) iface_t *iface; host_t *addr; char buf[64]; - + if (!rb_block_given_p()) { rb_raise(rb_eArgError, "must be called with a block"); @@ -589,7 +590,7 @@ static VALUE iface_del_addr(VALUE self, VALUE vaddr) { iface_t *iface; host_t *addr; - + addr = host_create_from_string(StringValuePtr(vaddr), 0); if (!addr) { @@ -613,7 +614,7 @@ static VALUE iface_delete(VALUE self) { guest_t *guest; iface_t *iface; - + Data_Get_Struct(self, iface_t, iface); guest = iface->get_guest(iface); guest->destroy_iface(guest, iface); @@ -624,7 +625,7 @@ static void iface_init() { rbc_iface = rb_define_class_under(rbm_dumm , "Iface", rb_cObject); rb_include_module(rbc_iface, rb_mEnumerable); - + rb_define_method(rbc_iface, "to_s", iface_to_s, 0); rb_define_method(rbc_iface, "connect", iface_connect, 1); rb_define_method(rbc_iface, "disconnect", iface_disconnect, 0); @@ -656,7 +657,7 @@ static VALUE template_each(int argc, VALUE *argv, VALUE class) { enumerator_t *enumerator; char *template; - + if (!rb_block_given_p()) { rb_raise(rb_eArgError, "must be called with a block"); @@ -673,7 +674,7 @@ static VALUE template_each(int argc, VALUE *argv, VALUE class) static void template_init() { rbc_template = rb_define_class_under(rbm_dumm , "Template", rb_cObject); - + rb_define_singleton_method(rbc_template, "load", template_load, 1); rb_define_singleton_method(rbc_template, "unload", template_unload, 0); rb_define_singleton_method(rbc_template, "each", template_each, -1); @@ -685,14 +686,14 @@ static void template_init() void Final_dumm() { struct sigaction action; - + dumm->destroy(dumm); - + sigemptyset(&action.sa_mask); action.sa_handler = SIG_DFL; action.sa_flags = 0; sigaction(SIGCHLD, &action, NULL); - + library_deinit(); } @@ -702,25 +703,25 @@ void Final_dumm() void Init_dumm() { struct sigaction action; - + /* there are too many to report, rubyruby... */ setenv("LEAK_DETECTIVE_DISABLE", "1", 1); - + library_init(NULL); - + dumm = dumm_create(NULL); - + rbm_dumm = rb_define_module("Dumm"); - + guest_init(); bridge_init(); iface_init(); template_init(); - + sigemptyset(&action.sa_mask); action.sa_sigaction = sigchld_handler; action.sa_flags = SA_SIGINFO; sigaction(SIGCHLD, &action, NULL); - + rb_set_end_proc(Final_dumm, 0); } diff --git a/src/dumm/guest.c b/src/dumm/guest.c index 969a2a99d..112adb441 100644 --- a/src/dumm/guest.c +++ b/src/dumm/guest.c @@ -97,13 +97,13 @@ static iface_t* create_iface(private_guest_t *this, char *name) { enumerator_t *enumerator; iface_t *iface; - + if (this->state != GUEST_RUNNING) { DBG1("guest '%s' not running, unable to add interface", this->name); return NULL; } - + enumerator = this->ifaces->create_enumerator(this->ifaces); while (enumerator->enumerate(enumerator, (void**)&iface)) { @@ -131,7 +131,7 @@ static void destroy_iface(private_guest_t *this, iface_t *iface) { enumerator_t *enumerator; iface_t *current; - + enumerator = this->ifaces->create_enumerator(this->ifaces); while (enumerator->enumerate(enumerator, (void**)¤t)) { @@ -152,7 +152,7 @@ static enumerator_t* create_iface_enumerator(private_guest_t *this) { return this->ifaces->create_enumerator(this->ifaces); } - + /** * Implementation of guest_t.get_state. */ @@ -224,7 +224,7 @@ static void stop(private_guest_t *this, idle_function_t idle) void savepid(private_guest_t *this) { FILE *file; - + file = fdopen(openat(this->dir, PID_FILE, O_RDWR | O_CREAT | O_TRUNC, PERM), "w"); if (file) @@ -246,18 +246,18 @@ static bool start(private_guest_t *this, invoke_function_t invoke, void* data, char *args[32]; int i = 0; size_t left = sizeof(buf); - + memset(args, 0, sizeof(args)); - + if (this->state != GUEST_STOPPED) { DBG1("unable to start guest in state %N", guest_state_names, this->state); return FALSE; } this->state = GUEST_STARTING; - + notify = write_arg(&pos, &left, "%s/%s", this->dirname, NOTIFY_FILE); - + args[i++] = write_arg(&pos, &left, "nice"); args[i++] = write_arg(&pos, &left, "%s/%s", this->dirname, KERNEL_FILE); args[i++] = write_arg(&pos, &left, "root=/dev/root"); @@ -271,7 +271,7 @@ static bool start(private_guest_t *this, invoke_function_t invoke, void* data, { args[i++] = this->args; } - + this->pid = invoke(data, &this->public, args, i); if (!this->pid) { @@ -279,7 +279,7 @@ static bool start(private_guest_t *this, invoke_function_t invoke, void* data, return FALSE; } savepid(this); - + /* open mconsole */ this->mconsole = mconsole_create(notify, idle); if (this->mconsole == NULL) @@ -288,11 +288,11 @@ static bool start(private_guest_t *this, invoke_function_t invoke, void* data, stop(this, NULL); return FALSE; } - + this->state = GUEST_RUNNING; return TRUE; -} - +} + /** * Implementation of guest_t.load_template. */ @@ -300,12 +300,12 @@ static bool load_template(private_guest_t *this, char *path) { char dir[PATH_MAX]; size_t len; - + if (path == NULL) { - return this->cowfs->set_overlay(this->cowfs, NULL); + return this->cowfs->set_overlay(this->cowfs, NULL); } - + len = snprintf(dir, sizeof(dir), "%s/%s", path, this->name); if (len < 0 || len >= sizeof(dir)) { @@ -334,11 +334,11 @@ static int vexec(private_guest_t *this, void(*cb)(void*,char*,size_t), void *dat { char buf[1024]; size_t len; - + if (this->mconsole) { len = vsnprintf(buf, sizeof(buf), cmd, args); - + if (len > 0 && len < sizeof(buf)) { return this->mconsole->exec(this->mconsole, cb, data, buf); @@ -389,7 +389,7 @@ static void exec_str_cb(exec_str_t *data, char *buf, size_t len) } strncat(data->buf.ptr, buf, len); } - + if (data->cb) { char *nl; @@ -477,7 +477,7 @@ static bool mount_unionfs(private_guest_t *this) snprintf(master, sizeof(master), "%s/%s", this->dirname, MASTER_DIR); snprintf(diff, sizeof(diff), "%s/%s", this->dirname, DIFF_DIR); snprintf(mount, sizeof(mount), "%s/%s", this->dirname, UNION_DIR); - + this->cowfs = cowfs_create(master, diff, mount); if (this->cowfs) { @@ -494,7 +494,7 @@ char *loadargs(private_guest_t *this) { FILE *file; char buf[512], *args = NULL; - + file = fdopen(openat(this->dir, ARGS_FILE, O_RDONLY, PERM), "r"); if (file) { @@ -514,7 +514,7 @@ bool saveargs(private_guest_t *this, char *args) { FILE *file; bool retval = FALSE; - + file = fdopen(openat(this->dir, ARGS_FILE, O_RDWR | O_CREAT | O_TRUNC, PERM), "w"); if (file) @@ -554,7 +554,7 @@ static private_guest_t *guest_create_generic(char *parent, char *name, { char cwd[PATH_MAX]; private_guest_t *this = malloc_thing(private_guest_t); - + this->public.get_name = (void*)get_name; this->public.get_pid = (pid_t(*)(guest_t*))get_pid; this->public.get_state = (guest_state_t(*)(guest_t*))get_state; @@ -568,7 +568,7 @@ static private_guest_t *guest_create_generic(char *parent, char *name, this->public.exec_str = (int(*)(guest_t*, void(*cb)(void*,char*),bool,void*,char*,...))exec_str; this->public.sigchild = (void(*)(guest_t*))sigchild; this->public.destroy = (void*)destroy; - + if (*parent == '/' || getcwd(cwd, sizeof(cwd)) == NULL) { if (asprintf(&this->dirname, "%s/%s", parent, name) < 0) @@ -607,7 +607,7 @@ static private_guest_t *guest_create_generic(char *parent, char *name, this->args = NULL; this->name = strdup(name); this->cowfs = NULL; - + return this; } @@ -618,7 +618,7 @@ static bool make_symlink(private_guest_t *this, char *old, char *new) { char cwd[PATH_MAX]; char buf[PATH_MAX]; - + if (*old == '/' || getcwd(cwd, sizeof(cwd)) == NULL) { snprintf(buf, sizeof(buf), "%s", old); @@ -632,18 +632,18 @@ static bool make_symlink(private_guest_t *this, char *old, char *new) /** - * create the guest instance, including required dirs and mounts + * create the guest instance, including required dirs and mounts */ guest_t *guest_create(char *parent, char *name, char *kernel, char *master, char *args) { private_guest_t *this = guest_create_generic(parent, name, TRUE); - + if (this == NULL) { return NULL; } - + if (!make_symlink(this, master, MASTER_DIR) || !make_symlink(this, kernel, KERNEL_FILE)) { @@ -651,22 +651,22 @@ guest_t *guest_create(char *parent, char *name, char *kernel, destroy(this); return NULL; } - - if (mkdirat(this->dir, UNION_DIR, PERME) != 0 || + + if (mkdirat(this->dir, UNION_DIR, PERME) != 0 || mkdirat(this->dir, DIFF_DIR, PERME) != 0) { DBG1("unable to create directories for '%s': %m", name); destroy(this); return NULL; } - + this->args = args; if (args && !saveargs(this, args)) { destroy(this); return NULL; } - + if (!mount_unionfs(this)) { destroy(this); @@ -682,20 +682,20 @@ guest_t *guest_create(char *parent, char *name, char *kernel, guest_t *guest_load(char *parent, char *name) { private_guest_t *this = guest_create_generic(parent, name, FALSE); - + if (this == NULL) { return NULL; } - + this->args = loadargs(this); - + if (!mount_unionfs(this)) { destroy(this); return NULL; } - + return &this->public; } diff --git a/src/dumm/guest.h b/src/dumm/guest.h index a1e4966ac..5f812f8eb 100644 --- a/src/dumm/guest.h +++ b/src/dumm/guest.h @@ -56,10 +56,10 @@ extern enum_name_t *guest_state_names; * @param guest guest to start * @param args args to use for guest invocation, args[0] is kernel * @param argc number of elements in args - * @param idle + * @param idle * @return PID of child, 0 if failed */ -typedef pid_t (*invoke_function_t)(void *data, guest_t *guest, +typedef pid_t (*invoke_function_t)(void *data, guest_t *guest, char *args[], int argc); /** @@ -71,28 +71,28 @@ typedef void (*idle_function_t)(void); * A guest is a UML instance running on the host. **/ struct guest_t { - + /** * Get the name of this guest. * * @return name of the guest */ char* (*get_name) (guest_t *this); - + /** * Get the process ID of the guest child process. * * @return name of the guest */ pid_t (*get_pid) (guest_t *this); - + /** * Get the state of the guest (stopped, started, etc.). * * @return guests state */ - guest_state_t (*get_state)(guest_t *this); - + guest_state_t (*get_state)(guest_t *this); + /** * Start the guest. * @@ -103,14 +103,14 @@ struct guest_t { */ bool (*start) (guest_t *this, invoke_function_t invoke, void *data, idle_function_t idle); - + /** * Kill the guest. * * @param idle idle function to call while waiting to termination */ void (*stop) (guest_t *this, idle_function_t idle); - + /** * Create a new interface in the current scenario. * @@ -118,21 +118,21 @@ struct guest_t { * @return created interface, or NULL if failed */ iface_t* (*create_iface)(guest_t *this, char *name); - + /** * Destroy an interface on guest. * * @param iface interface to destroy */ void (*destroy_iface)(guest_t *this, iface_t *iface); - + /** * Create an enumerator over all guest interfaces. * * @return enumerator over iface_t's */ enumerator_t* (*create_iface_enumerator)(guest_t *this); - + /** * Set the template COWFS overlay to use. * @@ -140,7 +140,7 @@ struct guest_t { * @return FALSE if failed */ bool (*load_template)(guest_t *this, char *parent); - + /** * Execute a command on the guests mconsole. * @@ -152,15 +152,15 @@ struct guest_t { */ int (*exec)(guest_t *this, void(*cb)(void*,char*,size_t), void *data, char *cmd, ...); - + /** * Execute a command on the guests mconsole, with output formatter. - * + * * If lines is TRUE, callback is invoked for each output line. Otherwise * the full result is returned in one callback invocation. - * + * * @note This function does not work with binary output. - * + * * @param cb callback to call for each line or for the complete output * @param lines TRUE if the callback should be called for each line * @param data data to pass to callback @@ -170,15 +170,15 @@ struct guest_t { */ int (*exec_str)(guest_t *this, void(*cb)(void*,char*), bool lines, void *data, char *cmd, ...); - + /** * Called whenever a SIGCHILD for the guests PID is received. */ void (*sigchild)(guest_t *this); - + /** * Close and destroy a guest with all interfaces - */ + */ void (*destroy) (guest_t *this); }; diff --git a/src/dumm/iface.c b/src/dumm/iface.c index bf73c82a5..9910c392e 100644 --- a/src/dumm/iface.c +++ b/src/dumm/iface.c @@ -55,10 +55,10 @@ bool iface_control(char *name, bool up) int s; bool good = FALSE; struct ifreq ifr; - + memset(&ifr, 0, sizeof(struct ifreq)); strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); - + s = socket(AF_INET, SOCK_DGRAM, 0); if (!s) { @@ -104,7 +104,7 @@ static char* get_hostif(private_iface_t *this) */ static bool add_address(private_iface_t *this, host_t *addr) { - return (this->guest->exec(this->guest, NULL, NULL, + return (this->guest->exec(this->guest, NULL, NULL, "exec ip addr add %H dev %s", addr, this->guestif) == 0); } @@ -185,7 +185,7 @@ static guest_t* get_guest(private_iface_t *this) { return this->guest; } - + /** * destroy the tap device */ @@ -193,7 +193,7 @@ static bool destroy_tap(private_iface_t *this) { struct ifreq ifr; int tap; - + if (!iface_control(this->hostif, FALSE)) { DBG1("bringing iface down failed: %m"); @@ -201,7 +201,7 @@ static bool destroy_tap(private_iface_t *this) memset(&ifr, 0, sizeof(ifr)); ifr.ifr_flags = IFF_TAP | IFF_NO_PI; strncpy(ifr.ifr_name, this->hostif, sizeof(ifr.ifr_name) - 1); - + tap = open(TAP_DEVICE, O_RDWR); if (tap < 0) { @@ -241,11 +241,11 @@ static char* create_tap(private_iface_t *this) if (ioctl(tap, TUNSETIFF, &ifr) < 0 || ioctl(tap, TUNSETPERSIST, 1) < 0 || ioctl(tap, TUNSETOWNER, 0)) - { + { DBG1("creating new tap device failed: %m"); close(tap); return NULL; - } + } close(tap); return strdup(ifr.ifr_name); } @@ -274,7 +274,7 @@ static void destroy(private_iface_t *this) iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole) { private_iface_t *this = malloc_thing(private_iface_t); - + this->public.get_hostif = (char*(*)(iface_t*))get_hostif; this->public.get_guestif = (char*(*)(iface_t*))get_guestif; this->public.add_address = (bool(*)(iface_t*, host_t *addr))add_address; diff --git a/src/dumm/iface.h b/src/dumm/iface.h index 7aef95c01..dabefaa17 100644 --- a/src/dumm/iface.h +++ b/src/dumm/iface.h @@ -32,21 +32,21 @@ typedef struct iface_t iface_t; * Interface in a guest, connected to a tap device on the host. */ struct iface_t { - + /** * Get the interface name in the guest (e.g. eth0). * * @return guest interface name */ char* (*get_guestif)(iface_t *this); - + /** * Get the interface name at the host (e.g. tap0). * * @return host interface (tap device) name */ char* (*get_hostif)(iface_t *this); - + /** * Add an address to the interface. * @@ -54,43 +54,43 @@ struct iface_t { * @return TRUE if address added */ bool (*add_address)(iface_t *this, host_t *addr); - + /** * Create an enumerator over all installed addresses. * * @return enumerator over host_t* */ enumerator_t* (*create_address_enumerator)(iface_t *this); - + /** * Remove an address from an interface. * * @param addr address to remove * @return TRUE if address removed */ - bool (*delete_address)(iface_t *this, host_t *addr); - + bool (*delete_address)(iface_t *this, host_t *addr); + /** * Set the bridge this interface is attached to. * * @param bridge assigned bridge, or NULL for none */ void (*set_bridge)(iface_t *this, bridge_t *bridge); - + /** * Get the bridge this iface is connected, or NULL. * * @return connected bridge, or NULL */ bridge_t* (*get_bridge)(iface_t *this); - + /** * Get the guest this iface belongs to. * * @return guest of this iface */ guest_t* (*get_guest)(iface_t *this); - + /** * Destroy an interface */ diff --git a/src/dumm/irdumm.c b/src/dumm/irdumm.c index bca8ce1db..7543e6bd6 100644 --- a/src/dumm/irdumm.c +++ b/src/dumm/irdumm.c @@ -17,6 +17,8 @@ #undef PACKAGE_TARNAME #undef PACKAGE_VERSION #undef PACKAGE_STRING +#undef PACKAGE_BUGREPORT +#undef PACKAGE_URL #include /** @@ -26,10 +28,10 @@ int main(int argc, char *argv[]) { int state, i; char buf[512]; - + ruby_init(); ruby_init_loadpath(); - + rb_eval_string_protect("require 'dumm' and include Dumm", &state); if (state) { @@ -53,7 +55,7 @@ int main(int argc, char *argv[]) { rb_p(ruby_errinfo); } - + ruby_finalize(); return 0; } diff --git a/src/dumm/main.c b/src/dumm/main.c index ba2801760..337a1a144 100644 --- a/src/dumm/main.c +++ b/src/dumm/main.c @@ -62,7 +62,7 @@ static void child_exited(VteReaper *vtereaper, gint pid, gint status) { enumerator_t *enumerator; page_t *page; - + enumerator = pages->create_enumerator(pages); while (enumerator->enumerate(enumerator, (void**)&page)) { @@ -81,7 +81,7 @@ static page_t* get_page(int num) { enumerator_t *enumerator; page_t *page, *found = NULL; - + enumerator = pages->create_enumerator(pages); while (enumerator->enumerate(enumerator, (void**)&page)) { @@ -114,7 +114,7 @@ void idle(void) static void start_guest() { page_t *page; - + page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook))); if (page && page->guest->get_state(page->guest) == GUEST_STOPPED) { @@ -128,7 +128,7 @@ static void start_all_guests() { enumerator_t *enumerator; page_t *page; - + enumerator = pages->create_enumerator(pages); while (enumerator->enumerate(enumerator, (void**)&page)) { @@ -146,7 +146,7 @@ static void start_all_guests() static void stop_guest() { page_t *page; - + page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook))); if (page && page->guest->get_state(page->guest) == GUEST_RUNNING) { @@ -163,17 +163,17 @@ static void quit() page_t *page; dumm->load_template(dumm, NULL); - + enumerator = pages->create_enumerator(pages); while (enumerator->enumerate(enumerator, &page)) { if (page->guest->get_state(page->guest) != GUEST_STOPPED) - { + { page->guest->stop(page->guest, idle); } } enumerator->destroy(enumerator); - gtk_main_quit(); + gtk_main_quit(); } static void error_dialog(char *msg) @@ -191,32 +191,32 @@ static void create_switch() { GtkWidget *dialog, *table, *label, *name; bridge_t *bridge; - + dialog = gtk_dialog_new_with_buttons("Create new switch", GTK_WINDOW(window), GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT, GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL); - + table = gtk_table_new(1, 2, TRUE); gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table); - + label = gtk_label_new("Switch name"); gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0); gtk_widget_show(label); - + name = gtk_entry_new(); gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1, GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); gtk_widget_show(name); - + gtk_widget_show(table); - + while (TRUE) { switch (gtk_dialog_run(GTK_DIALOG(dialog))) { case GTK_RESPONSE_ACCEPT: - { + { if (streq(gtk_entry_get_text(GTK_ENTRY(name)), "")) { continue; @@ -250,34 +250,34 @@ static void connect_guest() bridge_t *bridge; iface_t *iface; enumerator_t *enumerator; - + page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook))); if (!page || page->guest->get_state(page->guest) != GUEST_RUNNING) { return; } - + dialog = gtk_dialog_new_with_buttons("Connect guest", GTK_WINDOW(window), GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT, GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL); - + table = gtk_table_new(2, 2, TRUE); gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table); - + label = gtk_label_new("Interface name"); gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0); gtk_widget_show(label); - + name = gtk_entry_new(); gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1, GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); gtk_widget_show(name); - + label = gtk_label_new("Connected switch"); gtk_table_attach(GTK_TABLE(table), label, 0, 1, 1, 2, 0, 0, 0, 0); gtk_widget_show(label); - + box = gtk_combo_box_new_text(); gtk_table_attach(GTK_TABLE(table), box, 1, 2, 1, 2, GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); @@ -288,20 +288,20 @@ static void connect_guest() } enumerator->destroy(enumerator); gtk_widget_show(box); - + gtk_widget_show(table); - + while (TRUE) { switch (gtk_dialog_run(GTK_DIALOG(dialog))) { case GTK_RESPONSE_ACCEPT: - { + { if (streq(gtk_entry_get_text(GTK_ENTRY(name)), "")) { continue; } - + iface = page->guest->create_iface(page->guest, (char*)gtk_entry_get_text(GTK_ENTRY(name))); if (!iface) @@ -337,7 +337,7 @@ static void disconnect_guest() static void delete_guest() { page_t *page; - + page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook))); if (page) { @@ -356,7 +356,7 @@ static page_t* create_page(guest_t *guest) { GtkWidget *label; page_t *page; - + page = g_new(page_t, 1); page->guest = guest; page->vte = vte_terminal_new(); @@ -375,55 +375,55 @@ static void create_guest() { guest_t *guest; GtkWidget *dialog, *table, *label, *name, *kernel, *master, *args; - + dialog = gtk_dialog_new_with_buttons("Create new guest", GTK_WINDOW(window), GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT, GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL); - + table = gtk_table_new(4, 2, TRUE); gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table); - + label = gtk_label_new("Guest name"); gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0); gtk_widget_show(label); - + label = gtk_label_new("UML kernel"); gtk_table_attach(GTK_TABLE(table), label, 0, 1, 1, 2, 0, 0, 0, 0); gtk_widget_show(label); - + label = gtk_label_new("Master filesystem"); gtk_table_attach(GTK_TABLE(table), label, 0, 1, 2, 3, 0, 0, 0, 0); gtk_widget_show(label); - + label = gtk_label_new("Kernel arguments"); gtk_table_attach(GTK_TABLE(table), label, 0, 1, 3, 4, 0, 0, 0, 0); gtk_widget_show(label); - + name = gtk_entry_new(); gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1, GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); gtk_widget_show(name); - + kernel = gtk_file_chooser_button_new("Select UML kernel image", GTK_FILE_CHOOSER_ACTION_OPEN); gtk_table_attach(GTK_TABLE(table), kernel, 1, 2, 1, 2, GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); gtk_widget_show(kernel); - + master = gtk_file_chooser_button_new("Select master filesystem", GTK_FILE_CHOOSER_ACTION_SELECT_FOLDER); gtk_table_attach(GTK_TABLE(table), master, 1, 2, 2, 3, GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); gtk_widget_show(master); - + args = gtk_entry_new(); gtk_table_attach(GTK_TABLE(table), args, 1, 2, 3, 4, GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0); gtk_widget_show(args); - + gtk_widget_show(table); - + while (TRUE) { switch (gtk_dialog_run(GTK_DIALOG(dialog))) @@ -432,12 +432,12 @@ static void create_guest() { char *sname, *skernel, *smaster, *sargs; page_t *page; - + sname = (char*)gtk_entry_get_text(GTK_ENTRY(name)); skernel = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(kernel)); smaster = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(master)); sargs = (char*)gtk_entry_get_text(GTK_ENTRY(args)); - + if (!sname[0] || !skernel || !smaster) { continue; @@ -469,10 +469,10 @@ int main(int argc, char *argv[]) GtkWidget *dummMenu, *guestMenu, *switchMenu; enumerator_t *enumerator; guest_t *guest; - + library_init(NULL); gtk_init(&argc, &argv); - + pages = linked_list_create(); dumm = dumm_create(NULL); @@ -483,7 +483,7 @@ int main(int argc, char *argv[]) gtk_window_set_default_size(GTK_WINDOW (window), 1000, 500); g_signal_connect(G_OBJECT(vte_reaper_get()), "child-exited", G_CALLBACK(child_exited), NULL); - + /* add vbox with menubar, notebook */ vbox = gtk_vbox_new(FALSE, 0); gtk_container_add(GTK_CONTAINER(window), vbox); @@ -492,15 +492,15 @@ int main(int argc, char *argv[]) notebook = gtk_notebook_new(); g_object_set(G_OBJECT(notebook), "homogeneous", TRUE, NULL); gtk_notebook_set_tab_pos(GTK_NOTEBOOK(notebook), GTK_POS_BOTTOM); - gtk_container_add(GTK_CONTAINER(vbox), notebook); + gtk_container_add(GTK_CONTAINER(vbox), notebook); /* Dumm menu */ menu = gtk_menu_new(); - dummMenu = gtk_menu_item_new_with_mnemonic("_Dumm"); + dummMenu = gtk_menu_item_new_with_mnemonic("_Dumm"); gtk_menu_bar_append(GTK_MENU_BAR(menubar), dummMenu); gtk_widget_show(dummMenu); gtk_menu_item_set_submenu(GTK_MENU_ITEM(dummMenu), menu); - + /* Dumm -> exit */ menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_QUIT, NULL); g_signal_connect(G_OBJECT(menuitem), "activate", @@ -510,61 +510,61 @@ int main(int argc, char *argv[]) /* Guest menu */ menu = gtk_menu_new(); - guestMenu = gtk_menu_item_new_with_mnemonic("_Guest"); + guestMenu = gtk_menu_item_new_with_mnemonic("_Guest"); gtk_menu_bar_append(GTK_MENU_BAR(menubar), guestMenu); gtk_widget_show(guestMenu); gtk_menu_item_set_submenu(GTK_MENU_ITEM(guestMenu), menu); - + /* Guest -> new */ menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_NEW, NULL); g_signal_connect(G_OBJECT(menuitem), "activate", G_CALLBACK(create_guest), NULL); gtk_menu_append(GTK_MENU(menu), menuitem); gtk_widget_show(menuitem); - + /* Guest -> delete */ menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DELETE, NULL); g_signal_connect(G_OBJECT(menuitem), "activate", G_CALLBACK(delete_guest), NULL); gtk_menu_append(GTK_MENU(menu), menuitem); gtk_widget_show(menuitem); - + menuitem = gtk_separator_menu_item_new(); gtk_menu_append(GTK_MENU(menu), menuitem); gtk_widget_show(menuitem); - + /* Guest -> start */ menuitem = gtk_menu_item_new_with_mnemonic("_Start"); g_signal_connect(G_OBJECT(menuitem), "activate", G_CALLBACK(start_guest), NULL); gtk_menu_append(GTK_MENU(menu), menuitem); gtk_widget_show(menuitem); - + /* Guest -> startall */ menuitem = gtk_menu_item_new_with_mnemonic("Start _all"); g_signal_connect(G_OBJECT(menuitem), "activate", G_CALLBACK(start_all_guests), NULL); gtk_menu_append(GTK_MENU(menu), menuitem); gtk_widget_show(menuitem); - + /* Guest -> stop */ menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_STOP, NULL); g_signal_connect(G_OBJECT(menuitem), "activate", G_CALLBACK(stop_guest), NULL); gtk_menu_append(GTK_MENU(menu), menuitem); gtk_widget_show(menuitem); - + menuitem = gtk_separator_menu_item_new(); gtk_menu_append(GTK_MENU(menu), menuitem); gtk_widget_show(menuitem); - + /* Guest -> connect */ menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_CONNECT, NULL); g_signal_connect(G_OBJECT(menuitem), "activate", G_CALLBACK(connect_guest), NULL); gtk_menu_append(GTK_MENU(menu), menuitem); gtk_widget_show(menuitem); - + /* Guest -> disconnect */ menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DISCONNECT, NULL); g_signal_connect(G_OBJECT(menuitem), "activate", @@ -575,18 +575,18 @@ int main(int argc, char *argv[]) /* Switch menu */ menu = gtk_menu_new(); - switchMenu = gtk_menu_item_new_with_mnemonic("_Switch"); + switchMenu = gtk_menu_item_new_with_mnemonic("_Switch"); gtk_menu_bar_append(GTK_MENU_BAR(menubar), switchMenu); gtk_widget_show(switchMenu); gtk_menu_item_set_submenu(GTK_MENU_ITEM(switchMenu), menu); - + /* Switch -> new */ menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_NEW, NULL); g_signal_connect(G_OBJECT(menuitem), "activate", G_CALLBACK(create_switch), NULL); gtk_menu_append(GTK_MENU(menu), menuitem); gtk_widget_show(menuitem); - + /* Switch -> delete */ menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DELETE, NULL); g_signal_connect(G_OBJECT(menuitem), "activate", @@ -594,13 +594,13 @@ int main(int argc, char *argv[]) gtk_menu_append(GTK_MENU(menu), menuitem); gtk_widget_set_sensitive(menuitem, FALSE); gtk_widget_show(menuitem); - - /* show widgets */ + + /* show widgets */ gtk_widget_show(menubar); gtk_widget_show(notebook); gtk_widget_show(vbox); gtk_widget_show(window); - + /* fill notebook with guests */ enumerator = dumm->create_guest_enumerator(dumm); while (enumerator->enumerate(enumerator, (void**)&guest)) @@ -608,12 +608,12 @@ int main(int argc, char *argv[]) create_page(guest); } enumerator->destroy(enumerator); - + gtk_main(); - + dumm->destroy(dumm); pages->destroy_function(pages, g_free); - + library_deinit(); return 0; } diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c index 2ed96d562..35984bdd5 100644 --- a/src/dumm/mconsole.c +++ b/src/dumm/mconsole.c @@ -73,16 +73,16 @@ struct mconsole_reply { typedef struct mconsole_notify mconsole_notify; /** mconsole notify message */ struct mconsole_notify { - u_int32_t magic; - u_int32_t version; - enum { + u_int32_t magic; + u_int32_t version; + enum { MCONSOLE_SOCKET, MCONSOLE_PANIC, MCONSOLE_HANG, MCONSOLE_USER_NOTIFY, - } type; - u_int32_t len; - char data[MCONSOLE_MAX_DATA]; + } type; + u_int32_t len; + char data[MCONSOLE_MAX_DATA]; }; /** @@ -95,14 +95,14 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t), mconsole_reply reply; int len, flags = 0; va_list args; - + memset(&request, 0, sizeof(request)); request.magic = MCONSOLE_MAGIC; request.version = MCONSOLE_VERSION; va_start(args, command); request.len = vsnprintf(request.data, sizeof(request.data), command, args); va_end(args); - + if (this->idle) { flags = MSG_DONTWAIT; @@ -117,13 +117,13 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t), (struct sockaddr*)&this->uml, sizeof(this->uml)); } while (len < 0 && (errno == EINTR || errno == EAGAIN)); - + if (len < 0) { DBG1("sending mconsole command to UML failed: %m"); return -1; } - do + do { len = recv(this->console, &reply, sizeof(reply), flags); if (len < 0 && (errno == EINTR || errno == EAGAIN)) @@ -157,7 +157,7 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t), } } while (reply.more); - + return reply.err; } @@ -174,7 +174,7 @@ static void ignore(void *data, char *buf, size_t len) static bool add_iface(private_mconsole_t *this, char *guest, char *host) { int tries = 0; - + while (tries++ < 5) { if (request(this, ignore, NULL, "config %s=tuntap,%s", guest, host) == 0) @@ -190,7 +190,7 @@ static bool add_iface(private_mconsole_t *this, char *guest, char *host) * Implementation of mconsole_t.del_iface. */ static bool del_iface(private_mconsole_t *this, char *guest) -{ +{ if (request(this, NULL, NULL, "remove %s", guest) != 0) { return FALSE; @@ -270,7 +270,7 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock) len = recvfrom(this->notify, ¬ify, sizeof(notify), flags, NULL, 0); } while (len < 0 && (errno == EINTR || errno == EAGAIN)); - + if (len < 0 || len >= sizeof(notify)) { DBG1("reading from mconsole notify socket failed: %m"); @@ -300,7 +300,7 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock) static bool setup_console(private_mconsole_t *this) { struct sockaddr_un addr; - + this->console = socket(AF_UNIX, SOCK_DGRAM, 0); if (this->console < 0) { @@ -326,20 +326,20 @@ static bool setup_console(private_mconsole_t *this) mconsole_t *mconsole_create(char *notify, void(*idle)(void)) { private_mconsole_t *this = malloc_thing(private_mconsole_t); - + this->public.add_iface = (bool(*)(mconsole_t*, char *guest, char *host))add_iface; this->public.del_iface = (bool(*)(mconsole_t*, char *guest))del_iface; this->public.exec = (int(*)(mconsole_t*, void(*cb)(void*,char*,size_t), void *data, char *cmd))exec; this->public.destroy = (void*)destroy; - + this->idle = idle; - + if (!wait_for_notify(this, notify)) { free(this); return NULL; } - + if (!setup_console(this)) { close(this->notify); @@ -348,9 +348,9 @@ mconsole_t *mconsole_create(char *notify, void(*idle)(void)) return NULL; } unlink(notify); - + wait_bootup(this); - + return &this->public; } diff --git a/src/dumm/mconsole.h b/src/dumm/mconsole.h index a4d93e48e..9fa2755ef 100644 --- a/src/dumm/mconsole.h +++ b/src/dumm/mconsole.h @@ -24,7 +24,7 @@ typedef struct mconsole_t mconsole_t; * UML mconsole, change running UML configuration using mconsole. */ struct mconsole_t { - + /** * Create a guest interface and connect it to tap host interface. * @@ -33,7 +33,7 @@ struct mconsole_t { * @return TRUE if interface created */ bool (*add_iface)(mconsole_t *this, char *guest, char *host); - + /** * Delete a guest interface. * @@ -41,7 +41,7 @@ struct mconsole_t { * @return TRUE if interface deleted */ bool (*del_iface)(mconsole_t *this, char *guest); - + /** * Execute a command on the mconsole. * @@ -52,7 +52,7 @@ struct mconsole_t { */ int (*exec)(mconsole_t *this, void(*cb)(void*,char*,size_t), void *data, char *cmd); - + /** * Destroy the mconsole instance */ diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 495d02cc2..762b32649 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -15,8 +16,9 @@ @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -34,11 +36,19 @@ host_triplet = @host@ subdir = src/include DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -75,25 +85,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -105,11 +112,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -138,9 +148,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -163,7 +173,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -171,6 +181,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -179,10 +190,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -190,6 +203,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \ @@ -208,9 +222,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/include/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/include/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/include/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/include/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -228,6 +242,7 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -257,13 +272,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -291,6 +310,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -309,6 +329,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -317,18 +339,28 @@ install-data-am: install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -362,6 +394,7 @@ uninstall-am: maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/include/linux/netlink.h b/src/include/linux/netlink.h index af65dc499..1aeee628b 100644 --- a/src/include/linux/netlink.h +++ b/src/include/linux/netlink.h @@ -14,7 +14,7 @@ #define NETLINK_SELINUX 7 /* SELinux event notifications */ #define NETLINK_ISCSI 8 /* Open-iSCSI */ #define NETLINK_AUDIT 9 /* auditing */ -#define NETLINK_FIB_LOOKUP 10 +#define NETLINK_FIB_LOOKUP 10 #define NETLINK_CONNECTOR 11 #define NETLINK_NETFILTER 12 /* netfilter subsystem */ #define NETLINK_IP6_FW 13 @@ -22,14 +22,14 @@ #define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace */ #define NETLINK_GENERIC 16 -#define MAX_LINKS 32 +#define MAX_LINKS 32 struct sockaddr_nl { sa_family_t nl_family; /* AF_NETLINK */ unsigned short nl_pad; /* zero */ __u32 nl_pid; /* process pid */ - __u32 nl_groups; /* multicast groups mask */ + __u32 nl_groups; /* multicast groups mask */ }; struct nlmsghdr diff --git a/src/include/linux/rtnetlink.h b/src/include/linux/rtnetlink.h index 56bf7b01c..131822c0f 100644 --- a/src/include/linux/rtnetlink.h +++ b/src/include/linux/rtnetlink.h @@ -104,7 +104,7 @@ enum { #define RTM_NR_FAMILIES (RTM_NR_MSGTYPES >> 2) #define RTM_FAM(cmd) (((cmd) - RTM_BASE) >> 2) -/* +/* Generic structure for encapsulation of optional route information. It is reminiscent of sockaddr, but with sa_family replaced with attribute type. @@ -146,7 +146,7 @@ struct rtmsg unsigned char rtm_table; /* Routing table id */ unsigned char rtm_protocol; /* Routing protocol; see below */ - unsigned char rtm_scope; /* See below */ + unsigned char rtm_scope; /* See below */ unsigned char rtm_type; /* See below */ unsigned rtm_flags; @@ -632,7 +632,7 @@ struct ifinfomsg }; /******************************************************************** - * prefix information + * prefix information ****/ struct prefixmsg @@ -647,7 +647,7 @@ struct prefixmsg unsigned char prefix_pad3; }; -enum +enum { PREFIX_UNSPEC, PREFIX_ADDRESS, @@ -691,7 +691,7 @@ struct rtnl_link_stats __u32 tx_fifo_errors; __u32 tx_heartbeat_errors; __u32 tx_window_errors; - + /* for cslip etc */ __u32 rx_compressed; __u32 tx_compressed; @@ -902,7 +902,7 @@ struct tcamsg }; #define TA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct tcamsg)))) #define TA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct tcamsg)) -#define TCA_ACT_TAB 1 /* attr type must be >=1 */ +#define TCA_ACT_TAB 1 /* attr type must be >=1 */ #define TCAA_MAX 1 /* End of information exported to user level */ @@ -941,7 +941,7 @@ extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const voi #define RTA_PUT(skb, attrtype, attrlen, data) \ ({ if (unlikely(skb_tailroom(skb) < (int)RTA_SPACE(attrlen))) \ goto rtattr_failure; \ - __rta_fill(skb, attrtype, attrlen, data); }) + __rta_fill(skb, attrtype, attrlen, data); }) #define RTA_APPEND(skb, attrlen, data) \ ({ if (unlikely(skb_tailroom(skb) < (int)(attrlen))) \ @@ -1021,7 +1021,7 @@ extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const voi #define RTA_GET_SECS(rta) ((unsigned long) RTA_GET_U64(rta) * HZ) #define RTA_GET_MSECS(rta) (msecs_to_jiffies((unsigned long) RTA_GET_U64(rta))) - + static __inline__ struct rtattr * __rta_reserve(struct sk_buff *skb, int attrtype, int attrlen) { @@ -1038,7 +1038,7 @@ __rta_reserve(struct sk_buff *skb, int attrtype, int attrlen) #define __RTA_PUT(skb, attrtype, attrlen) \ ({ if (unlikely(skb_tailroom(skb) < (int)RTA_SPACE(attrlen))) \ goto rtattr_failure; \ - __rta_reserve(skb, attrtype, attrlen); }) + __rta_reserve(skb, attrtype, attrlen); }) extern void rtmsg_ifinfo(int type, struct net_device *dev, unsigned change); diff --git a/src/include/linux/udp.h b/src/include/linux/udp.h index 2ee121bd0..c213d2a51 100644 --- a/src/include/linux/udp.h +++ b/src/include/linux/udp.h @@ -45,7 +45,7 @@ struct udp_sock { struct inet_sock inet; int pending; /* Any pending frames ? */ unsigned int corkflag; /* Cork is required */ - __u16 encap_type; /* Is this an Encapsulation socket? */ + __u16 encap_type; /* Is this an Encapsulation socket? */ /* * Following member retains the infomation to create a UDP header * when the socket is uncorked. diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h index 52f3abd45..d28e85310 100644 --- a/src/include/linux/xfrm.h +++ b/src/include/linux/xfrm.h @@ -58,7 +58,7 @@ struct xfrm_selector __u8 prefixlen_s; __u8 proto; int ifindex; - uid_t user; + __kernel_uid32_t user; }; #define XFRM_INF (~(__u64)0) @@ -96,6 +96,13 @@ struct xfrm_algo { char alg_key[0]; }; +struct xfrm_algo_auth { + char alg_name[64]; + unsigned int alg_key_len; /* in bits */ + unsigned int alg_trunc_len; /* in bits */ + char alg_key[0]; +}; + struct xfrm_algo_aead { char alg_name[64]; unsigned int alg_key_len; /* in bits */ @@ -283,6 +290,7 @@ enum xfrm_attr_type_t { XFRMA_MIGRATE, XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */ XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */ + XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */ __XFRMA_MAX #define XFRMA_MAX (__XFRMA_MAX - 1) diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index de069b928..ff88ed1ff 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -36,13 +38,41 @@ subdir = src/ipsec DIST_COMMON = $(dist_man8_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)" -sbinSCRIPT_INSTALL = $(INSTALL_SCRIPT) SCRIPTS = $(sbin_SCRIPTS) SOURCES = DIST_SOURCES = @@ -83,25 +113,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -113,11 +140,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -146,9 +176,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -171,7 +201,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -179,6 +209,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -187,10 +218,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -198,6 +231,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ sbin_SCRIPTS = ipsec @@ -216,9 +250,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/ipsec/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/ipsec/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/ipsec/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/ipsec/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -236,76 +270,81 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-sbinSCRIPTS: $(sbin_SCRIPTS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_SCRIPTS)'; for p in $$list; do \ + @list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - if test -f $$d$$p; then \ - f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ - echo " $(sbinSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(sbindir)/$$f'"; \ - $(sbinSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(sbindir)/$$f"; \ - else :; fi; \ - done + if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n' \ + -e 'h;s|.*|.|' \ + -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) { files[d] = files[d] " " $$1; \ + if (++n[d] == $(am__install_max)) { \ + print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ + else { print "f", d "/" $$4, $$1 } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done uninstall-sbinSCRIPTS: @$(NORMAL_UNINSTALL) - @list='$(sbin_SCRIPTS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \ - echo " rm -f '$(DESTDIR)$(sbindir)/$$f'"; \ - rm -f "$(DESTDIR)$(sbindir)/$$f"; \ - done + @list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 's,.*/,,;$(transform)'`; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(dist_man8_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list='$(dist_man8_MANS)'; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } tags: TAGS TAGS: @@ -314,6 +353,19 @@ CTAGS: distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -329,13 +381,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -367,6 +423,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -385,6 +442,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -393,18 +452,28 @@ install-data-am: install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-sbinSCRIPTS install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -454,6 +523,7 @@ ipsec : ipsec.in -e "s:@IPSEC_PIDDIR@:$(piddir):" \ $(srcdir)/$@.in > $@ chmod +x $@ + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libfast/Makefile.am b/src/libfast/Makefile.am index 6104f335d..870dcd6f1 100644 --- a/src/libfast/Makefile.am +++ b/src/libfast/Makefile.am @@ -3,6 +3,6 @@ lib_LTLIBRARIES = libfast.la libfast_la_SOURCES = context.h dispatcher.c request.h session.h \ controller.h dispatcher.h request.c session.c filter.h libfast_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -lfcgi -lpthread -lneo_cgi -lneo_cs -lneo_utl -lz + -lfcgi -lneo_cgi -lneo_cs -lneo_utl -lz $(PTHREADLIB) INCLUDES = -I$(top_srcdir)/src/libstrongswan -I/usr/include/ClearSilver AM_CFLAGS = -rdynamic diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index 266898984..e5ed4a289 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,27 +37,52 @@ host_triplet = @host@ subdir = src/libfast DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) +am__DEPENDENCIES_1 = libfast_la_DEPENDENCIES = \ - $(top_builddir)/src/libstrongswan/libstrongswan.la + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(am__DEPENDENCIES_1) am_libfast_la_OBJECTS = dispatcher.lo request.lo session.lo libfast_la_OBJECTS = $(am_libfast_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -103,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -133,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -166,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -191,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -199,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -207,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -218,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ lib_LTLIBRARIES = libfast.la @@ -225,7 +256,7 @@ libfast_la_SOURCES = context.h dispatcher.c request.h session.h \ controller.h dispatcher.h request.c session.c filter.h libfast_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -lfcgi -lpthread -lneo_cgi -lneo_cs -lneo_utl -lz + -lfcgi -lneo_cgi -lneo_cs -lneo_utl -lz $(PTHREADLIB) INCLUDES = -I$(top_srcdir)/src/libstrongswan -I/usr/include/ClearSilver AM_CFLAGS = -rdynamic @@ -242,9 +273,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libfast/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libfast/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libfast/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libfast/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -262,23 +293,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -304,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -341,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -349,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -392,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -429,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -450,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -458,18 +506,28 @@ install-data-am: install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-libLTLIBRARIES install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -508,6 +566,7 @@ uninstall-am: uninstall-libLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-libLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libfast/context.h b/src/libfast/context.h index 48b3c5e23..4f8d11d2c 100644 --- a/src/libfast/context.h +++ b/src/libfast/context.h @@ -32,7 +32,7 @@ typedef context_t *(*context_constructor_t)(void *param); * User specific session context, to extend. */ struct context_t { - + /** * Destroy the context_t. */ diff --git a/src/libfast/controller.h b/src/libfast/controller.h index 55ba6f58a..1edf72e90 100644 --- a/src/libfast/controller.h +++ b/src/libfast/controller.h @@ -42,14 +42,14 @@ typedef controller_t *(*controller_constructor_t)(context_t* context, void *para * The controller handle function is called for each incoming request. */ struct controller_t { - + /** * Get the name of the controller. * * @return name of the controller */ char* (*get_name)(controller_t *this); - + /** * Handle a HTTP request for that controller. * @@ -67,7 +67,7 @@ struct controller_t { */ void (*handle)(controller_t *this, request_t *request, char *p1, char *p2, char *p3, char *p4, char *p5); - + /** * Destroy the controller instance. */ diff --git a/src/libfast/dispatcher.c b/src/libfast/dispatcher.c index 35ae55814..7690230d3 100644 --- a/src/libfast/dispatcher.c +++ b/src/libfast/dispatcher.c @@ -19,12 +19,18 @@ #include "session.h" #include -#include #include #include #include +#include +#include +#include #include +#include + +/** Intervall to check for expired sessions, in seconds */ +#define CLEANUP_INTERVAL 30 typedef struct private_dispatcher_t private_dispatcher_t; @@ -37,57 +43,62 @@ struct private_dispatcher_t { * public functions */ dispatcher_t public; - + /** * fcgi socket fd */ int fd; - + /** * thread list */ - pthread_t *threads; - + thread_t **threads; + /** * number of threads in "threads" */ int thread_count; - + /** * session locking mutex */ - pthread_mutex_t mutex; - + mutex_t *mutex; + /** - * List of sessions + * Hahstable with active sessions */ - linked_list_t *sessions; - + hashtable_t *sessions; + /** * session timeout */ time_t timeout; - + + /** + * timestamp of last session cleanup round + */ + time_t last_cleanup; + /** * running in debug mode? */ bool debug; - + /** * List of controllers controller_constructor_t */ linked_list_t *controllers; - + /** * List of filters filter_constructor_t */ linked_list_t *filters; - - /** + + /** * constructor function to create session context (in controller_entry_t) */ context_constructor_t context_constructor; - + /** * user param to context constructor */ @@ -112,7 +123,7 @@ typedef struct { /** session instance */ session_t *session; /** condvar to wait for session */ - pthread_cond_t cond; + condvar_t *cond; /** client host address, to prevent session hijacking */ char *host; /** TRUE if session is in use */ @@ -128,36 +139,36 @@ typedef struct { */ static session_t* load_session(private_dispatcher_t *this) { - iterator_t *iterator; + enumerator_t *enumerator; controller_entry_t *centry; filter_entry_t *fentry; session_t *session; context_t *context = NULL; controller_t *controller; filter_t *filter; - + if (this->context_constructor) { context = this->context_constructor(this->param); } session = session_create(context); - - iterator = this->controllers->create_iterator(this->controllers, TRUE); - while (iterator->iterate(iterator, (void**)¢ry)) + + enumerator = this->controllers->create_enumerator(this->controllers); + while (enumerator->enumerate(enumerator, ¢ry)) { controller = centry->constructor(context, centry->param); session->add_controller(session, controller); } - iterator->destroy(iterator); - - iterator = this->filters->create_iterator(this->filters, TRUE); - while (iterator->iterate(iterator, (void**)&fentry)) + enumerator->destroy(enumerator); + + enumerator = this->filters->create_enumerator(this->filters); + while (enumerator->enumerate(enumerator, &fentry)) { filter = fentry->constructor(context, fentry->param); session->add_filter(session, filter); } - iterator->destroy(iterator); - + enumerator->destroy(enumerator); + return session; } @@ -168,21 +179,25 @@ static session_entry_t *session_entry_create(private_dispatcher_t *this, char *host) { session_entry_t *entry; - + entry = malloc_thing(session_entry_t); entry->in_use = FALSE; entry->closed = FALSE; - pthread_cond_init(&entry->cond, NULL); + entry->cond = condvar_create(CONDVAR_TYPE_DEFAULT); entry->session = load_session(this); - entry->used = time(NULL); + entry->used = time_monotonic(NULL); entry->host = strdup(host); - + return entry; } +/** + * destroy a session + */ static void session_entry_destroy(session_entry_t *entry) { entry->session->destroy(entry->session); + entry->cond->destroy(entry->cond); free(entry->host); free(entry); } @@ -194,7 +209,7 @@ static void add_controller(private_dispatcher_t *this, controller_constructor_t constructor, void *param) { controller_entry_t *entry = malloc_thing(controller_entry_t); - + entry->constructor = constructor; entry->param = param; this->controllers->insert_last(this->controllers, entry); @@ -207,90 +222,129 @@ static void add_filter(private_dispatcher_t *this, filter_constructor_t constructor, void *param) { filter_entry_t *entry = malloc_thing(filter_entry_t); - + entry->constructor = constructor; entry->param = param; this->filters->insert_last(this->filters, entry); } /** - * Actual dispatching code + * Hashtable hash function + */ +static u_int session_hash(char *sid) +{ + return chunk_hash(chunk_create(sid, strlen(sid))); +} + +/** + * Hashtable equals function + */ +static bool session_equals(char *sid1, char *sid2) +{ + return streq(sid1, sid2); +} + +/** + * Cleanup unused sessions + */ +static void cleanup_sessions(private_dispatcher_t *this, time_t now) +{ + if (this->last_cleanup < now - CLEANUP_INTERVAL) + { + char *sid; + session_entry_t *entry; + enumerator_t *enumerator; + linked_list_t *remove; + + this->last_cleanup = now; + remove = linked_list_create(); + enumerator = this->sessions->create_enumerator(this->sessions); + while (enumerator->enumerate(enumerator, &sid, &entry)) + { + /* check all sessions for timeout or close flag */ + if (!entry->in_use && + (entry->used < now - this->timeout || entry->closed)) + { + remove->insert_last(remove, sid); + } + } + enumerator->destroy(enumerator); + + while (remove->remove_last(remove, (void**)&sid) == SUCCESS) + { + entry = this->sessions->remove(this->sessions, sid); + if (entry) + { + session_entry_destroy(entry); + } + } + remove->destroy(remove); + } +} + +/** + * Actual dispatching code */ static void dispatch(private_dispatcher_t *this) { - pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); + thread_cancelability(FALSE); while (TRUE) { request_t *request; - session_entry_t *current, *found = NULL; - iterator_t *iterator; + session_entry_t *found = NULL; time_t now; char *sid; - - pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL); + + thread_cancelability(TRUE); request = request_create(this->fd, this->debug); - pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); + thread_cancelability(FALSE); if (request == NULL) { continue; } + now = time_monotonic(NULL); sid = request->get_cookie(request, "SID"); - now = time(NULL); - - /* find session */ - pthread_mutex_lock(&this->mutex); - iterator = this->sessions->create_iterator(this->sessions, TRUE); - while (iterator->iterate(iterator, (void**)¤t)) + + this->mutex->lock(this->mutex); + if (sid) { - /* check all sessions for timeout or close flag - * TODO: use a seperate cleanup thread */ - if (!current->in_use && - (current->used < now - this->timeout || current->closed)) - { - iterator->remove(iterator); - session_entry_destroy(current); - continue; - } - /* find by session ID. Prevent session hijacking by host check */ - if (!found && sid && - streq(current->session->get_sid(current->session), sid) && - streq(current->host, request->get_host(request))) - { - found = current; - } + found = this->sessions->get(this->sessions, sid); + } + if (found && !streq(found->host, request->get_host(request))) + { + found = NULL; } - iterator->destroy(iterator); - if (found) { /* wait until session is unused */ while (found->in_use) { - pthread_cond_wait(&found->cond, &this->mutex); + found->cond->wait(found->cond, this->mutex); } } else { /* create a new session if not found */ found = session_entry_create(this, request->get_host(request)); - this->sessions->insert_first(this->sessions, found); + sid = found->session->get_sid(found->session); + this->sessions->put(this->sessions, sid, found); } found->in_use = TRUE; - pthread_mutex_unlock(&this->mutex); - + this->mutex->unlock(this->mutex); + /* start processing */ found->session->process(found->session, request); - found->used = time(NULL); - + found->used = time_monotonic(NULL); + /* release session */ - pthread_mutex_lock(&this->mutex); + this->mutex->lock(this->mutex); found->in_use = FALSE; found->closed = request->session_closed(request); - pthread_cond_signal(&found->cond); - pthread_mutex_unlock(&this->mutex); - - /* cleanup */ + found->cond->signal(found->cond); + cleanup_sessions(this, now); + this->mutex->unlock(this->mutex); + request->destroy(request); } } @@ -301,11 +355,12 @@ static void dispatch(private_dispatcher_t *this) static void run(private_dispatcher_t *this, int threads) { this->thread_count = threads; - this->threads = malloc(sizeof(pthread_t) * threads); + this->threads = malloc(sizeof(thread_t*) * threads); while (threads) { - if (pthread_create(&this->threads[threads - 1], - NULL, (void*)dispatch, this) == 0) + this->threads[threads - 1] = thread_create((thread_main_t)dispatch, + this); + if (this->threads[threads - 1]) { threads--; } @@ -319,7 +374,7 @@ static void waitsignal(private_dispatcher_t *this) { sigset_t set; int sig; - + sigemptyset(&set); sigaddset(&set, SIGINT); sigaddset(&set, SIGTERM); @@ -333,15 +388,27 @@ static void waitsignal(private_dispatcher_t *this) */ static void destroy(private_dispatcher_t *this) { + char *sid; + session_entry_t *entry; + enumerator_t *enumerator; + FCGX_ShutdownPending(); while (this->thread_count--) { - pthread_cancel(this->threads[this->thread_count]); - pthread_join(this->threads[this->thread_count], NULL); + thread_t *thread = this->threads[this->thread_count]; + thread->cancel(thread); + thread->join(thread); + } + enumerator = this->sessions->create_enumerator(this->sessions); + while (enumerator->enumerate(enumerator, &sid, &entry)) + { + session_entry_destroy(entry); } - this->sessions->destroy_function(this->sessions, (void*)session_entry_destroy); + enumerator->destroy(enumerator); + this->sessions->destroy(this->sessions); this->controllers->destroy_function(this->controllers, free); this->filters->destroy_function(this->filters, free); + this->mutex->destroy(this->mutex); free(this->threads); free(this); } @@ -359,22 +426,24 @@ dispatcher_t *dispatcher_create(char *socket, bool debug, int timeout, this->public.run = (void(*)(dispatcher_t*, int threads))run; this->public.waitsignal = (void(*)(dispatcher_t*))waitsignal; this->public.destroy = (void(*)(dispatcher_t*))destroy; - - this->sessions = linked_list_create(); + + this->sessions = hashtable_create((void*)session_hash, + (void*)session_equals, 4096); this->controllers = linked_list_create(); this->filters = linked_list_create(); this->context_constructor = constructor; - pthread_mutex_init(&this->mutex, NULL); + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->param = param; - this->fd = 0; - this->timeout = timeout; - this->debug = debug; - this->threads = NULL; - - FCGX_Init(); - - if (socket) - { + this->fd = 0; + this->timeout = timeout; + this->last_cleanup = time_monotonic(NULL); + this->debug = debug; + this->threads = NULL; + + FCGX_Init(); + + if (socket) + { unlink(socket); this->fd = FCGX_OpenSocket(socket, 10); } diff --git a/src/libfast/dispatcher.h b/src/libfast/dispatcher.h index 5b4e3f947..16223fe76 100644 --- a/src/libfast/dispatcher.h +++ b/src/libfast/dispatcher.h @@ -23,33 +23,33 @@ * the webserver. It is multithreaded and really fast. * * The application has a global context and a session context. The global - * context is accessed from all sessions simultaneously and therefore + * context is accessed from all sessions simultaneously and therefore * needs to be threadsave. Often a database wrapper is the global context. * The session context is instanciated per session. Sessions are managed * automatically through session cookies. The session context is kept alive * until the session times out. It must implement the context_t interface and - * a #context_constructor_t is needed to create instances. To each session, - * a set of controllers gets instanciated. The controller instances are per + * a #context_constructor_t is needed to create instances. To each session, + * a set of controllers gets instanciated. The controller instances are per * session, so you can hold private data for each user. - * Controllers need to implement the controller_t interface and need a + * Controllers need to implement the controller_t interface and need a * #controller_constructor_t function to create instances. * * A small example shows how to set up libfast: * @code dispatcher_t *dispatcher; your_global_context_implementation_t *global; - - global = initialize_your_global_context(); - - dispatcher = dispatcher_create(NULL, FALSE, 180, + + global = initialize_your_global_context(); + + dispatcher = dispatcher_create(NULL, FALSE, 180, (context_constructor_t)your_session_context_create, global); dispatcher->add_controller(dispatcher, your_controller1_create, param1); dispatcher->add_controller(dispatcher, your_controller2_create, param2); - + dispatcher->run(dispatcher, 20); - + dispatcher->waitsignal(dispatcher); - + dispatcher->destroy(dispatcher); global->destroy(); @endcode @@ -76,7 +76,7 @@ typedef struct dispatcher_t dispatcher_t; * constructor added with add_controller. */ struct dispatcher_t { - + /** * Register a controller to the dispatcher. * @@ -90,14 +90,14 @@ struct dispatcher_t { controller_constructor_t constructor, void *param); /** - * @brief Add a filter to the dispatcher. + * Add a filter to the dispatcher. * * @param constructor constructor to create filter in session * @param param param to pass to constructor */ void (*add_filter)(dispatcher_t *this, - filter_constructor_t constructor, void *param); - + filter_constructor_t constructor, void *param); + /** * Start with dispatching. * @@ -106,13 +106,13 @@ struct dispatcher_t { * @param threads number of dispatching threads */ void (*run)(dispatcher_t *this, int threads); - + /** * Wait for a relevant signal action. * */ void (*waitsignal)(dispatcher_t *this); - + /** * Destroy the dispatcher_t. */ diff --git a/src/libfast/filter.h b/src/libfast/filter.h index d2602db9d..305a8bb6e 100644 --- a/src/libfast/filter.h +++ b/src/libfast/filter.h @@ -39,7 +39,7 @@ typedef filter_t *(*filter_constructor_t)(context_t* context, void *param); * Filter interface, to be implemented by users filters. */ struct filter_t { - + /** * Called before the controller handles the request. * @@ -53,7 +53,7 @@ struct filter_t { */ bool (*run)(filter_t *this, request_t *request, char *p0, char *p1, char *p2, char *p3, char *p4, char *p5); - + /** * Destroy the filter instance. */ diff --git a/src/libfast/request.c b/src/libfast/request.c index 96dfab8e7..3f4894c45 100644 --- a/src/libfast/request.c +++ b/src/libfast/request.c @@ -20,10 +20,13 @@ #include #include #include -#include #include +#include #include +#include +#include + typedef struct private_request_t private_request_t; /** @@ -35,32 +38,32 @@ struct private_request_t { * public functions */ request_t public; - + /** * FastCGI request object */ FCGX_Request req; - + /** * length of the req.envp array */ int req_env_len; - + /** * ClearSilver CGI Kit context */ CGI *cgi; - + /** * ClearSilver HDF dataset for this request */ HDF *hdf; - - /** + + /** * close the session? */ bool closed; - + /** * reference count */ @@ -68,11 +71,10 @@ struct private_request_t { }; /** - * key to a the threads "this" request, used for ClearSilver cgiwrap callbacks. * ClearSilver cgiwrap is not threadsave, so we use a private * context for each thread. */ -static pthread_key_t this_key; +static thread_value_t *thread_this; /** * control variable for pthread_once @@ -84,8 +86,8 @@ pthread_once_t once = PTHREAD_ONCE_INIT; */ static int read_cb(void *null, char *buf, int size) { - private_request_t *this = (private_request_t*)pthread_getspecific(this_key); - + private_request_t *this = (private_request_t*)thread_this->get(thread_this); + return FCGX_GetStr(buf, size, this->req.in); } @@ -94,8 +96,8 @@ static int read_cb(void *null, char *buf, int size) */ static int writef_cb(void *null, const char *format, va_list args) { - private_request_t *this = (private_request_t*)pthread_getspecific(this_key); - + private_request_t *this = (private_request_t*)thread_this->get(thread_this); + FCGX_VFPrintF(this->req.out, format, args); return 0; } @@ -104,8 +106,8 @@ static int writef_cb(void *null, const char *format, va_list args) */ static int write_cb(void *null, const char *buf, int size) { - private_request_t *this = (private_request_t*)pthread_getspecific(this_key); - + private_request_t *this = (private_request_t*)thread_this->get(thread_this); + return FCGX_PutStr(buf, size, this->req.out); } @@ -115,8 +117,8 @@ static int write_cb(void *null, const char *buf, int size) static char *getenv_cb(void *null, const char *key) { char *value; - private_request_t *this = (private_request_t*)pthread_getspecific(this_key); - + private_request_t *this = (private_request_t*)thread_this->get(thread_this); + value = FCGX_GetParam(key, this->req.envp); return value ? strdup(value) : NULL; } @@ -137,7 +139,7 @@ static int iterenv_cb(void *null, int num, char **key, char **value) { *key = NULL; *value = NULL; - private_request_t *this = (private_request_t*)pthread_getspecific(this_key); + private_request_t *this = (private_request_t*)thread_this->get(thread_this); if (num < this->req_env_len) { char *eq; @@ -157,7 +159,7 @@ static int iterenv_cb(void *null, int num, char **key, char **value) } return 0; } - + /** * Implementation of request_t.get_cookie. */ @@ -165,7 +167,7 @@ static char* get_cookie(private_request_t *this, char *name) { return hdf_get_valuef(this->hdf, "Cookie.%s", name); } - + /** * Implementation of request_t.get_path. */ @@ -206,12 +208,12 @@ static char* get_query_data(private_request_t *this, char *name) */ static void add_cookie(private_request_t *this, char *name, char *value) { - pthread_setspecific(this_key, this); + thread_this->set(thread_this, this); cgi_cookie_set (this->cgi, name, value, FCGX_GetParam("SCRIPT_NAME", this->req.envp), NULL, NULL, 0, 0); } - + /** * Implementation of request_t.redirect. */ @@ -246,7 +248,7 @@ static char* get_base(private_request_t *this) { return FCGX_GetParam("SCRIPT_NAME", this->req.envp); } - + /** * Implementation of request_t.session_closed. */ @@ -279,8 +281,8 @@ static void serve(private_request_t *this, char *headers, chunk_t chunk) static void render(private_request_t *this, char *template) { NEOERR* err; - - pthread_setspecific(this_key, this); + + thread_this->set(thread_this, this); err = cgi_display(this->cgi, template); if (err) { @@ -327,8 +329,8 @@ static void setf(private_request_t *this, char *format, ...) va_start(args, format); hdf_set_valuevf(this->hdf, format, args); va_end(args); -} - +} + /** * Implementation of request_t.get_ref. */ @@ -345,7 +347,7 @@ static void destroy(private_request_t *this) { if (ref_put(&this->ref)) { - pthread_setspecific(this_key, this); + thread_this->set(thread_this, this); cgi_destroy(&this->cgi); FCGX_Finish_r(&this->req); free(this); @@ -359,8 +361,8 @@ static void destroy(private_request_t *this) static void init(void) { cgiwrap_init_emu(NULL, read_cb, writef_cb, write_cb, - getenv_cb, putenv_cb, iterenv_cb); - pthread_key_create(&this_key, NULL); + getenv_cb, putenv_cb, iterenv_cb); + thread_this = thread_value_create(NULL); } /* @@ -371,14 +373,14 @@ request_t *request_create(int fd, bool debug) NEOERR* err; private_request_t *this = malloc_thing(private_request_t); bool failed = FALSE; - - pthread_cleanup_push(free, this); + + thread_cleanup_push(free, this); if (FCGX_InitRequest(&this->req, fd, 0) != 0 || FCGX_Accept_r(&this->req) != 0) { failed = TRUE; } - pthread_cleanup_pop(failed); + thread_cleanup_pop(failed); if (failed) { return NULL; @@ -402,18 +404,18 @@ request_t *request_create(int fd, bool debug) this->public.setf = (void(*)(request_t*, char *format, ...))setf; this->public.get_ref = (request_t*(*)(request_t*))get_ref; this->public.destroy = (void(*)(request_t*))destroy; - + pthread_once(&once, init); - pthread_setspecific(this_key, this); - + thread_this->set(thread_this, this); + this->ref = 1; this->closed = FALSE; - this->req_env_len = 0; + this->req_env_len = 0; while (this->req.envp[this->req_env_len] != NULL) { this->req_env_len++; } - + err = hdf_init(&this->hdf); if (!err) { @@ -425,7 +427,7 @@ request_t *request_create(int fd, bool debug) hdf_set_value(this->hdf, "Config.CompressionEnabled", "1"); hdf_set_value(this->hdf, "Config.WhiteSpaceStrip", "2"); } - + err = cgi_init(&this->cgi, this->hdf); if (!err) { diff --git a/src/libfast/request.h b/src/libfast/request.h index b9ea88830..61e2d59f0 100644 --- a/src/libfast/request.h +++ b/src/libfast/request.h @@ -32,7 +32,7 @@ typedef struct request_t request_t; * The response is also handled through the request object. */ struct request_t { - + /** * Add a cookie to the reply (Set-Cookie header). * @@ -40,7 +40,7 @@ struct request_t { * @param value value of the cookie */ void (*add_cookie)(request_t *this, char *name, char *value); - + /** * Get a cookie the client sent in the request. * @@ -48,35 +48,35 @@ struct request_t { * @return cookie value, NULL if no such cookie found */ char* (*get_cookie)(request_t *this, char *name); - + /** * Get the request path relative to the application. * * @return path */ char* (*get_path)(request_t *this); - + /** * Get the base path of the application. * * @return base path */ char* (*get_base)(request_t *this); - + /** * Get the remote host address of this request. * * @return host address as string */ char* (*get_host)(request_t *this); - + /** * Get the user agent string. * * @return user agent string */ char* (*get_user_agent)(request_t *this); - + /** * Get a post/get variable included in the request. * @@ -84,19 +84,19 @@ struct request_t { * @return value, NULL if not found */ char* (*get_query_data)(request_t *this, char *name); - + /** * Close the session and it's context after handling. */ void (*close_session)(request_t *this); - + /** * Has the session been closed by close_session()? * * @return TRUE if session has been closed */ bool (*session_closed)(request_t *this); - + /** * Redirect the client to another location. * @@ -104,12 +104,12 @@ struct request_t { * @param ... variable argument for fmt */ void (*redirect)(request_t *this, char *fmt, ...); - + /** * Redirect the client to the referer. */ void (*to_referer)(request_t *this); - + /** * Set a template value. * @@ -117,7 +117,7 @@ struct request_t { * @param value value to set key to */ void (*set)(request_t *this, char *key, char *value); - + /** * Set a template value using format strings. * @@ -128,7 +128,7 @@ struct request_t { * @param ... variable argument list */ void (*setf)(request_t *this, char *format, ...); - + /** * Render a template. * @@ -139,7 +139,7 @@ struct request_t { * @param template clearsilver template file location */ void (*render)(request_t *this, char *template); - + /** * Stream a format string to the client. * @@ -151,7 +151,7 @@ struct request_t { * @return number of streamed bytes, < 0 if stream closed */ int (*streamf)(request_t *this, char *format, ...); - + /** * Serve a request with headers and a body. * @@ -159,14 +159,14 @@ struct request_t { * @param chunk body to write to output */ void (*serve)(request_t *this, char *headers, chunk_t chunk); - + /** * Increase the reference count to the stream. * * @return this with increased refcount */ request_t* (*get_ref)(request_t *this); - + /** * Destroy the request_t. */ diff --git a/src/libfast/session.c b/src/libfast/session.c index 455c8d5e1..f03b75542 100644 --- a/src/libfast/session.c +++ b/src/libfast/session.c @@ -23,6 +23,8 @@ #include +#define COOKIE_LEN 16 + typedef struct private_session_t private_session_t; /** @@ -34,22 +36,27 @@ struct private_session_t { * public functions */ session_t public; - + /** * session ID */ - char *sid; - + char sid[COOKIE_LEN * 2 + 1]; + + /** + * have we sent the session cookie? + */ + bool cookie_sent; + /** * list of controller instances controller_t */ linked_list_t *controllers; - + /** * list of filter instances filter_t */ linked_list_t *filters; - + /** * user defined session context */ @@ -75,20 +82,20 @@ static void add_filter(private_session_t *this, filter_t *filter) /** * Create a session ID and a cookie */ -static void create_sid(private_session_t *this, request_t *request) +static void create_sid(private_session_t *this) { - char buf[16]; - chunk_t chunk = chunk_from_buf(buf); + char buf[COOKIE_LEN]; rng_t *rng; - + + memset(buf, 0, sizeof(buf)); + memset(this->sid, 0, sizeof(this->sid)); rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (rng) { rng->get_bytes(rng, sizeof(buf), buf); - this->sid = chunk_to_hex(chunk, NULL, FALSE).ptr; - request->add_cookie(request, "SID", this->sid); rng->destroy(rng); } + chunk_to_hex(chunk_create(buf, sizeof(buf)), this->sid, FALSE); } /** @@ -99,7 +106,7 @@ static bool run_filter(private_session_t *this, request_t *request, char *p0, { enumerator_t *enumerator; filter_t *filter; - + enumerator = this->filters->create_enumerator(this->filters); while (enumerator->enumerate(enumerator, &filter)) { @@ -123,12 +130,13 @@ static void process(private_session_t *this, request_t *request) bool handled = FALSE; controller_t *current; int i = 0; - - if (this->sid == NULL) + + if (!this->cookie_sent) { - create_sid(this, request); + request->add_cookie(request, "SID", this->sid); + this->cookie_sent = TRUE; } - + start = request->get_path(request); if (start) { @@ -142,15 +150,15 @@ static void process(private_session_t *this, request_t *request) start = pos + 1; } param[i] = strdupa(start); - - if (run_filter(this, request, param[0], param[1], param[2], param[3], - param[4], param[5])) + + if (run_filter(this, request, param[0], param[1], param[2], param[3], + param[4], param[5])) { enumerator = this->controllers->create_enumerator(this->controllers); while (enumerator->enumerate(enumerator, ¤t)) { if (streq(current->get_name(current), param[0])) - { + { current->handle(current, request, param[1], param[2], param[3], param[4], param[5]); handled = TRUE; @@ -190,7 +198,6 @@ static void destroy(private_session_t *this) this->controllers->destroy_offset(this->controllers, offsetof(controller_t, destroy)); this->filters->destroy_offset(this->filters, offsetof(filter_t, destroy)); DESTROY_IF(this->context); - free(this->sid); free(this); } @@ -207,11 +214,12 @@ session_t *session_create(context_t *context) this->public.get_sid = (char*(*)(session_t*))get_sid; this->public.destroy = (void(*)(session_t*))destroy; - this->sid = NULL; + create_sid(this); + this->cookie_sent = FALSE; this->controllers = linked_list_create(); this->filters = linked_list_create(); this->context = context; - + return &this->public; } diff --git a/src/libfast/session.h b/src/libfast/session.h index 524e60f46..c6633f9ae 100644 --- a/src/libfast/session.h +++ b/src/libfast/session.h @@ -31,35 +31,35 @@ typedef struct session_t session_t; * Session handling class, instanciated for each user session. */ struct session_t { - + /** * Get the session ID of the session. * * @return session ID */ char* (*get_sid)(session_t *this); - + /** * Add a controller instance to the session. * * @param controller controller to add */ void (*add_controller)(session_t *this, controller_t *controller); - + /** - * @brief Add a filter instance to the session. + * Add a filter instance to the session. * * @param filter filter to add */ void (*add_filter)(session_t *this, filter_t *filter); - + /** * Process a request in this session. * * @param request request to process */ void (*process)(session_t *this, request_t *request); - + /** * Destroy the session_t. * diff --git a/src/libfreeswan/Makefile.in b/src/libfreeswan/Makefile.in index 31ea3a634..e72759bca 100644 --- a/src/libfreeswan/Makefile.in +++ b/src/libfreeswan/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -36,11 +38,19 @@ subdir = src/libfreeswan DIST_COMMON = $(dist_man3_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = LIBRARIES = $(noinst_LIBRARIES) ARFLAGS = cru libfreeswan_a_AR = $(AR) $(ARFLAGS) @@ -64,6 +74,7 @@ libfreeswan_a_OBJECTS = $(am_libfreeswan_a_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -75,6 +86,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libfreeswan_a_SOURCES) DIST_SOURCES = $(libfreeswan_a_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man3dir = $(mandir)/man3 am__installdirs = "$(DESTDIR)$(man3dir)" NROFF = nroff @@ -115,25 +147,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -145,11 +174,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -178,9 +210,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -203,7 +235,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -211,6 +243,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -219,10 +252,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -230,6 +265,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ noinst_LIBRARIES = libfreeswan.a @@ -264,9 +300,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libfreeswan/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libfreeswan/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libfreeswan/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libfreeswan/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -284,6 +320,7 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): clean-noinstLIBRARIES: -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES) @@ -340,21 +377,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -364,51 +401,40 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man3: $(man3_MANS) $(man_MANS) +install-man3: $(dist_man3_MANS) @$(NORMAL_INSTALL) test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ + @list='$(dist_man3_MANS)'; test -n "$(man3dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ + done; } + uninstall-man3: @$(NORMAL_UNINSTALL) - @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.3*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 3*) ;; \ - *) ext='3' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man3dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man3dir)/$$inst"; \ - done + @list='$(dist_man3_MANS)'; test -n "$(man3dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man3dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -422,7 +448,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -430,34 +456,52 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -473,13 +517,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -510,6 +558,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -531,6 +580,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -539,18 +590,28 @@ install-data-am: install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man3 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -591,6 +652,7 @@ uninstall-man: uninstall-man3 mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ uninstall-am uninstall-man uninstall-man3 + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libfreeswan/addrtoa.c b/src/libfreeswan/addrtoa.c index 7acfa5ded..e1c71da3c 100644 --- a/src/libfreeswan/addrtoa.c +++ b/src/libfreeswan/addrtoa.c @@ -1,12 +1,12 @@ /* * addresses to ASCII * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/addrtot.c b/src/libfreeswan/addrtot.c index 6efdfccca..d1a338730 100644 --- a/src/libfreeswan/addrtot.c +++ b/src/libfreeswan/addrtot.c @@ -1,12 +1,12 @@ /* * addresses to text * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public @@ -251,7 +251,7 @@ struct rtab { {"1:2::3:4", 'Q', "1:2:0:0:0:0:3:4"}, {"1:2:0:0:3:4:0:0", 0, "1:2::3:4:0:0"}, {"1.2.3.4", 'r' , "4.3.2.1.IN-ADDR.ARPA."}, - /* 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 1 2 3 4 5 6 7 8 9 a b c d e f */ + /* 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 1 2 3 4 5 6 7 8 9 a b c d e f */ {"1:2::3:4", 'r', "4.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.0.0.IP6.ARPA."}, {NULL, 0, NULL} }; @@ -279,11 +279,11 @@ regress() if (n == 0 && r->output == NULL) {} /* okay, error expected */ - + else if (n == 0) { printf("`%s' atoasr failed\n", r->input); status = 1; - + } else if (r->output == NULL) { printf("`%s' atoasr succeeded unexpectedly '%c'\n", r->input, r->format); diff --git a/src/libfreeswan/addrtypeof.c b/src/libfreeswan/addrtypeof.c index f402eca70..ee3cc998f 100644 --- a/src/libfreeswan/addrtypeof.c +++ b/src/libfreeswan/addrtypeof.c @@ -1,12 +1,12 @@ /* * extract parts of an ip_address * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/anyaddr.c b/src/libfreeswan/anyaddr.c index f2eb8d07a..5b7691b7b 100644 --- a/src/libfreeswan/anyaddr.c +++ b/src/libfreeswan/anyaddr.c @@ -1,12 +1,12 @@ /* * special addresses * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/atoaddr.c b/src/libfreeswan/atoaddr.c index cbda541d3..8f1be0a84 100644 --- a/src/libfreeswan/atoaddr.c +++ b/src/libfreeswan/atoaddr.c @@ -1,12 +1,12 @@ /* * conversion from ASCII forms of addresses to internal ones * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/atoasr.c b/src/libfreeswan/atoasr.c index ef8412fe8..ad62ef46b 100644 --- a/src/libfreeswan/atoasr.c +++ b/src/libfreeswan/atoasr.c @@ -1,12 +1,12 @@ /* * convert from ASCII form of address/subnet/range to binary * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/atosa.c b/src/libfreeswan/atosa.c index aeb5742e1..7339b4c3e 100644 --- a/src/libfreeswan/atosa.c +++ b/src/libfreeswan/atosa.c @@ -1,12 +1,12 @@ /* * convert from ASCII form of SA ID to binary * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/atosubnet.c b/src/libfreeswan/atosubnet.c index a123a39da..8b2bfa17e 100644 --- a/src/libfreeswan/atosubnet.c +++ b/src/libfreeswan/atosubnet.c @@ -1,12 +1,12 @@ /* * convert from ASCII form of subnet specification to binary * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/atoul.c b/src/libfreeswan/atoul.c index 7e51de8fe..d8e1528cb 100644 --- a/src/libfreeswan/atoul.c +++ b/src/libfreeswan/atoul.c @@ -1,12 +1,12 @@ /* * convert from ASCII form of unsigned long to binary * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/datatot.c b/src/libfreeswan/datatot.c index b18d4b050..3e2aed76d 100644 --- a/src/libfreeswan/datatot.c +++ b/src/libfreeswan/datatot.c @@ -1,12 +1,12 @@ /* * convert from binary data (e.g. key) to text form * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h index 77ce8f2be..342f59987 100644 --- a/src/libfreeswan/freeswan.h +++ b/src/libfreeswan/freeswan.h @@ -3,12 +3,12 @@ * header file for FreeS/WAN library functions * Copyright (C) 1998, 1999, 2000 Henry Spencer. * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public @@ -391,7 +391,7 @@ extern unsigned int pfkey_lib_debug; /* bits selecting what to report */ /* * pluto and lwdnsq need to know the maximum size of the commands to, - * and replies from lwdnsq. + * and replies from lwdnsq. */ #define LWDNSQ_CMDBUF_LEN 1024 diff --git a/src/libfreeswan/goodmask.c b/src/libfreeswan/goodmask.c index a2d51de0c..66edae20f 100644 --- a/src/libfreeswan/goodmask.c +++ b/src/libfreeswan/goodmask.c @@ -1,12 +1,12 @@ /* * minor utilities for subnet-mask manipulation * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public @@ -17,7 +17,7 @@ /* - goodmask - is this a good (^1*0*$) subnet mask? - * You are not expected to understand this. See Henry S. Warren Jr, + * You are not expected to understand this. See Henry S. Warren Jr, * "Functions realizable with word-parallel logical and two's-complement * addition instructions", CACM 20.6 (June 1977), p.439. */ diff --git a/src/libfreeswan/initaddr.c b/src/libfreeswan/initaddr.c index c30efb812..c84006f47 100644 --- a/src/libfreeswan/initaddr.c +++ b/src/libfreeswan/initaddr.c @@ -1,12 +1,12 @@ /* * initialize address structure * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/initsaid.c b/src/libfreeswan/initsaid.c index fb8187422..4e4bc9a35 100644 --- a/src/libfreeswan/initsaid.c +++ b/src/libfreeswan/initsaid.c @@ -1,12 +1,12 @@ /* * initialize SA ID structure * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/initsubnet.c b/src/libfreeswan/initsubnet.c index 0e19098c5..27faddabc 100644 --- a/src/libfreeswan/initsubnet.c +++ b/src/libfreeswan/initsubnet.c @@ -1,12 +1,12 @@ /* * initialize subnet structure * Copyright (C) 2000, 2002 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/internal.h b/src/libfreeswan/internal.h index fa24f7d2d..832c8a53d 100644 --- a/src/libfreeswan/internal.h +++ b/src/libfreeswan/internal.h @@ -1,12 +1,12 @@ /* * internal definitions for use within the library; do not export! * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/ipsec_param.h b/src/libfreeswan/ipsec_param.h index b0ee845a5..93426b8ee 100644 --- a/src/libfreeswan/ipsec_param.h +++ b/src/libfreeswan/ipsec_param.h @@ -3,19 +3,19 @@ * * Copyright (C) 2001 Richard Guy Briggs * and Michael Richardson - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ -/* +/* * This file provides a set of #define's which may be tuned by various * people/configurations. It keeps all compile-time tunables in one place. * @@ -38,16 +38,16 @@ # define IPSEC_SA_REF_TABLE_IDX_WIDTH 16 #endif -#ifndef IPSEC_SA_REF_MAINTABLE_IDX_WIDTH -# define IPSEC_SA_REF_MAINTABLE_IDX_WIDTH 4 +#ifndef IPSEC_SA_REF_MAINTABLE_IDX_WIDTH +# define IPSEC_SA_REF_MAINTABLE_IDX_WIDTH 4 #endif -#ifndef IPSEC_SA_REF_FREELIST_NUM_ENTRIES +#ifndef IPSEC_SA_REF_FREELIST_NUM_ENTRIES # define IPSEC_SA_REF_FREELIST_NUM_ENTRIES 256 #endif -#ifndef IPSEC_SA_REF_CODE -# define IPSEC_SA_REF_CODE 1 +#ifndef IPSEC_SA_REF_CODE +# define IPSEC_SA_REF_CODE 1 #endif #define _IPSEC_PARAM_H_ diff --git a/src/libfreeswan/keyblobtoid.c b/src/libfreeswan/keyblobtoid.c index 118e61391..89ab5fced 100644 --- a/src/libfreeswan/keyblobtoid.c +++ b/src/libfreeswan/keyblobtoid.c @@ -1,12 +1,12 @@ /* * generate printable key IDs * Copyright (C) 2002 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/pfkey.h b/src/libfreeswan/pfkey.h index ba0010bc7..993678c8b 100644 --- a/src/libfreeswan/pfkey.h +++ b/src/libfreeswan/pfkey.h @@ -1,12 +1,12 @@ /* * FreeS/WAN specific PF_KEY headers * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License diff --git a/src/libfreeswan/pfkey_v2_build.c b/src/libfreeswan/pfkey_v2_build.c index ddc21040f..c0bb369cb 100644 --- a/src/libfreeswan/pfkey_v2_build.c +++ b/src/libfreeswan/pfkey_v2_build.c @@ -1,12 +1,12 @@ /* * RFC2367 PF_KEYv2 Key management API message parser * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License @@ -48,7 +48,7 @@ void pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) { int i; - + for (i = 0; i != SADB_EXT_MAX + 1; i++) { extensions[i] = NULL; } @@ -58,7 +58,7 @@ void pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) { int i; - + if (!extensions) { return; } @@ -68,7 +68,7 @@ pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) FREE(extensions[0]); extensions[0] = NULL; } - + for (i = 1; i != SADB_EXT_MAX + 1; i++) { if(extensions[i]) { memset(extensions[i], 0, extensions[i]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); @@ -135,7 +135,7 @@ pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext, if (satype > SADB_SATYPE_MAX) { DEBUGGING( "pfkey_msg_hdr_build: " - "satype %d > max %d\n", + "satype %d > max %d\n", satype, SADB_SATYPE_MAX); SENDERR(EINVAL); } @@ -169,7 +169,7 @@ pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext, *pfkey_ext); errlab: return error; -} +} int pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, @@ -254,7 +254,7 @@ pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, SADB_SASTATE_DEAD); SENDERR(EINVAL); } - + if ((IPSEC_SAREF_NULL != ref) && (ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) { DEBUGGING( "pfkey_sa_build: " @@ -264,7 +264,7 @@ pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, IPSEC_SA_REF_TABLE_NUM_ENTRIES); SENDERR(EINVAL); } - + pfkey_sa = (struct sadb_sa*)MALLOC(sizeof(struct sadb_sa)); *pfkey_ext = (struct sadb_ext*)pfkey_sa; @@ -275,7 +275,7 @@ pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, SENDERR(ENOMEM); } memset(pfkey_sa, 0, sizeof(struct sadb_sa)); - + pfkey_sa->sadb_sa_len = sizeof(*pfkey_sa) / IPSEC_PFKEYv2_ALIGN; pfkey_sa->sadb_sa_exttype = exttype; pfkey_sa->sadb_sa_spi = spi; @@ -284,11 +284,11 @@ pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, pfkey_sa->sadb_sa_auth = auth; pfkey_sa->sadb_sa_encrypt = encrypt; pfkey_sa->sadb_sa_flags = flags; - pfkey_sa->sadb_x_sa_ref = ref; + pfkey_sa->sadb_x_sa_ref = ref; errlab: return error; -} +} int pfkey_sa_build(struct sadb_ext ** pfkey_ext, @@ -377,7 +377,7 @@ pfkey_address_build(struct sadb_ext** pfkey_ext, int saddr_len = 0; char ipaddr_txt[ADDRTOT_BUF + 6/*extra for port number*/]; struct sadb_address *pfkey_address = (struct sadb_address *)*pfkey_ext; - + DEBUGGING( "pfkey_address_build: " "exttype=%d proto=%d prefixlen=%d\n", @@ -397,8 +397,8 @@ pfkey_address_build(struct sadb_ext** pfkey_ext, "address is NULL\n"); SENDERR(EINVAL); } - - switch(exttype) { + + switch(exttype) { case SADB_EXT_ADDRESS_SRC: case SADB_EXT_ADDRESS_DST: case SADB_EXT_ADDRESS_PROXY: @@ -410,11 +410,11 @@ pfkey_address_build(struct sadb_ext** pfkey_ext, case SADB_X_EXT_NAT_T_OA: break; default: - DEBUGGING( + DEBUGGING( "pfkey_address_build: " - "unrecognised ext_type=%d.\n", - exttype); - SENDERR(EINVAL); + "unrecognised ext_type=%d.\n", + exttype); + SENDERR(EINVAL); } switch (address->sa_family) { @@ -479,10 +479,10 @@ pfkey_address_build(struct sadb_ext** pfkey_ext, 0, ALIGN_N(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)); - + pfkey_address->sadb_address_len = DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN); - + pfkey_address->sadb_address_exttype = exttype; pfkey_address->sadb_address_proto = proto; pfkey_address->sadb_address_prefixlen = prefixlen; @@ -540,7 +540,7 @@ pfkey_key_build(struct sadb_ext** pfkey_ext, } pfkey_key = (struct sadb_key*) - MALLOC(sizeof(struct sadb_key) + + MALLOC(sizeof(struct sadb_key) + DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN); *pfkey_ext = (struct sadb_ext*)pfkey_key; @@ -554,7 +554,7 @@ pfkey_key_build(struct sadb_ext** pfkey_ext, 0, sizeof(struct sadb_key) + DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN); - + pfkey_key->sadb_key_len = DIVUP(sizeof(struct sadb_key) * IPSEC_PFKEYv2_ALIGN + key_bits, 64); pfkey_key->sadb_key_exttype = exttype; @@ -622,12 +622,12 @@ pfkey_ident_build(struct sadb_ext** pfkey_ext, "string required to allocate size of extension.\n"); SENDERR(EINVAL); } - + #if 0 if (ident_type == SADB_IDENTTYPE_USERFQDN) { } #endif - + pfkey_ident = (struct sadb_ident*) MALLOC(ident_len * IPSEC_PFKEYv2_ALIGN); *pfkey_ext = (struct sadb_ext*)pfkey_ident; @@ -639,7 +639,7 @@ pfkey_ident_build(struct sadb_ext** pfkey_ext, SENDERR(ENOMEM); } memset(pfkey_ident, 0, ident_len * IPSEC_PFKEYv2_ALIGN); - + pfkey_ident->sadb_ident_len = ident_len; pfkey_ident->sadb_ident_exttype = exttype; pfkey_ident->sadb_ident_type = ident_type; @@ -699,7 +699,7 @@ pfkey_sens_build(struct sadb_ext** pfkey_ext, 0, sizeof(struct sadb_sens) + (sens_len + integ_len) * sizeof(uint64_t)); - + pfkey_sens->sadb_sens_len = (sizeof(struct sadb_sens) + (sens_len + integ_len) * sizeof(uint64_t)) / IPSEC_PFKEYv2_ALIGN; pfkey_sens->sadb_sens_exttype = SADB_EXT_SENSITIVITY; @@ -761,7 +761,7 @@ pfkey_prop_build(struct sadb_ext** pfkey_ext, 0, sizeof(struct sadb_prop) + comb_num * sizeof(struct sadb_comb)); - + pfkey_prop->sadb_prop_len = (sizeof(struct sadb_prop) + comb_num * sizeof(struct sadb_comb)) / IPSEC_PFKEYv2_ALIGN; @@ -846,7 +846,7 @@ pfkey_supported_build(struct sadb_ext** pfkey_ext, sizeof(struct sadb_supported) + alg_num * sizeof(struct sadb_alg)); - + pfkey_supported->sadb_supported_len = (sizeof(struct sadb_supported) + alg_num * sizeof(struct sadb_alg)) / @@ -860,7 +860,7 @@ pfkey_supported_build(struct sadb_ext** pfkey_ext, pfkey_alg->sadb_alg_reserved = 0; pfkey_alg++; } - + #if 0 DEBUGGING( "pfkey_supported_build: " @@ -886,7 +886,7 @@ pfkey_spirange_build(struct sadb_ext** pfkey_ext, { int error = 0; struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)*pfkey_ext; - + /* sanity checks... */ if (pfkey_spirange) { DEBUGGING( @@ -894,7 +894,7 @@ pfkey_spirange_build(struct sadb_ext** pfkey_ext, "why is pfkey_spirange already pointing to something?\n"); SENDERR(EINVAL); } - + if (ntohl(max) < ntohl(min)) { DEBUGGING( "pfkey_spirange_build: " @@ -903,7 +903,7 @@ pfkey_spirange_build(struct sadb_ext** pfkey_ext, ntohl(max)); SENDERR(EINVAL); } - + if (ntohl(min) <= 255) { DEBUGGING( "pfkey_spirange_build: " @@ -911,7 +911,7 @@ pfkey_spirange_build(struct sadb_ext** pfkey_ext, ntohl(min)); SENDERR(EEXIST); } - + pfkey_spirange = (struct sadb_spirange*) MALLOC(sizeof(struct sadb_spirange)); *pfkey_ext = (struct sadb_ext*)pfkey_spirange; @@ -925,7 +925,7 @@ pfkey_spirange_build(struct sadb_ext** pfkey_ext, memset(pfkey_spirange, 0, sizeof(struct sadb_spirange)); - + pfkey_spirange->sadb_spirange_len = sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN; pfkey_spirange->sadb_spirange_exttype = SADB_EXT_SPIRANGE; @@ -949,7 +949,7 @@ pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext) "why is pfkey_x_kmprivate already pointing to something?\n"); SENDERR(EINVAL); } - + pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0; DEBUGGING( @@ -971,7 +971,7 @@ pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext) memset(pfkey_x_kmprivate, 0, sizeof(struct sadb_x_kmprivate)); - + pfkey_x_kmprivate->sadb_x_kmprivate_len = sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN; @@ -998,7 +998,7 @@ pfkey_x_satype_build(struct sadb_ext** pfkey_ext, "why is pfkey_x_satype already pointing to something?\n"); SENDERR(EINVAL); } - + if (!satype) { DEBUGGING( "pfkey_x_satype_build: " @@ -1009,7 +1009,7 @@ pfkey_x_satype_build(struct sadb_ext** pfkey_ext, if (satype > SADB_SATYPE_MAX) { DEBUGGING( "pfkey_x_satype_build: " - "satype %d > max %d\n", + "satype %d > max %d\n", satype, SADB_SATYPE_MAX); SENDERR(EINVAL); } @@ -1028,7 +1028,7 @@ pfkey_x_satype_build(struct sadb_ext** pfkey_ext, memset(pfkey_x_satype, 0, sizeof(struct sadb_x_satype)); - + pfkey_x_satype->sadb_x_satype_len = sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN; pfkey_x_satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2; @@ -1069,7 +1069,7 @@ pfkey_x_debug_build(struct sadb_ext** pfkey_ext, "why is pfkey_x_debug already pointing to something?\n"); SENDERR(EINVAL); } - + DEBUGGING( "pfkey_x_debug_build: " "tunnel=%x netlink=%x xform=%x eroute=%x spi=%x radij=%x esp=%x ah=%x rcv=%x pfkey=%x ipcomp=%x verbose=%x?\n", @@ -1090,7 +1090,7 @@ pfkey_x_debug_build(struct sadb_ext** pfkey_ext, 0, sizeof(struct sadb_x_debug)); #endif - + pfkey_x_debug->sadb_x_debug_len = sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN; pfkey_x_debug->sadb_x_debug_exttype = SADB_X_EXT_DEBUG; @@ -1132,7 +1132,7 @@ pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext, "why is pfkey_x_nat_t_type already pointing to something?\n"); SENDERR(EINVAL); } - + DEBUGGING( "pfkey_x_nat_t_type_build: " "type=%d\n", type); @@ -1147,7 +1147,7 @@ pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext, "memory allocation failed\n"); SENDERR(ENOMEM); } - + pfkey_x_nat_t_type->sadb_x_nat_t_type_len = sizeof(struct sadb_x_nat_t_type) / IPSEC_PFKEYv2_ALIGN; pfkey_x_nat_t_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; pfkey_x_nat_t_type->sadb_x_nat_t_type_type = type; @@ -1176,17 +1176,17 @@ pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext, "why is pfkey_x_nat_t_port already pointing to something?\n"); SENDERR(EINVAL); } - - switch (exttype) { + + switch (exttype) { case SADB_X_EXT_NAT_T_SPORT: case SADB_X_EXT_NAT_T_DPORT: break; default: - DEBUGGING( + DEBUGGING( "pfkey_nat_t_port_build: " - "unrecognised ext_type=%d.\n", - exttype); - SENDERR(EINVAL); + "unrecognised ext_type=%d.\n", + exttype); + SENDERR(EINVAL); } DEBUGGING( @@ -1203,7 +1203,7 @@ pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext, "memory allocation failed\n"); SENDERR(ENOMEM); } - + pfkey_x_nat_t_port->sadb_x_nat_t_port_len = sizeof(struct sadb_x_nat_t_port) / IPSEC_PFKEYv2_ALIGN; pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype = exttype; pfkey_x_nat_t_port->sadb_x_nat_t_port_port = port; @@ -1281,7 +1281,7 @@ pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int struct sadb_ext *pfkey_ext; int extensions_seen = 0; struct sadb_ext *extensions_check[SADB_EXT_MAX + 1]; - + if (!extensions[0]) { DEBUGGING( "pfkey_msg_build: " @@ -1294,7 +1294,7 @@ pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int if(extensions[ext]) { total_size += (extensions[ext])->sadb_ext_len; } - } + } if (!(*pfkey_msg = (struct sadb_msg*)MALLOC(total_size * IPSEC_PFKEYv2_ALIGN))) { DEBUGGING( @@ -1320,14 +1320,14 @@ pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int for (ext = 1; ext <= SADB_EXT_MAX; ext++) { /* copy from extension[ext] to buffer */ - if (extensions[ext]) { + if (extensions[ext]) { /* Is this type of extension permitted for this type of message? */ if (!(extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type] & 1<sadb_msg_type], 1<sadb_ext_len * IPSEC_PFKEYv2_ALIGN); - { + { char *pfkey_ext_c = (char *)pfkey_ext; pfkey_ext_c += (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN; @@ -1360,7 +1360,7 @@ pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type], extensions_seen, extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]); - + if ((extensions_seen & extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) != extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) { @@ -1372,7 +1372,7 @@ pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) ); SENDERR(EINVAL); } - + error = pfkey_msg_parse(*pfkey_msg, NULL, extensions_check, dir); if (error) { DEBUGGING( diff --git a/src/libfreeswan/pfkey_v2_debug.c b/src/libfreeswan/pfkey_v2_debug.c index 0256e2a03..0217538a0 100644 --- a/src/libfreeswan/pfkey_v2_debug.c +++ b/src/libfreeswan/pfkey_v2_debug.c @@ -3,12 +3,12 @@ * * Copyright (C) 2001 Richard Guy Briggs * and Michael Richardson - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License @@ -22,7 +22,7 @@ #include "pfkeyv2.h" #include "pfkey.h" -/* +/* * This file provides ASCII translations of PF_KEY magic numbers. * */ diff --git a/src/libfreeswan/pfkey_v2_ext_bits.c b/src/libfreeswan/pfkey_v2_ext_bits.c index b6ef4496d..49b4aa567 100644 --- a/src/libfreeswan/pfkey_v2_ext_bits.c +++ b/src/libfreeswan/pfkey_v2_ext_bits.c @@ -1,12 +1,12 @@ /* * RFC2367 PF_KEYv2 Key management API message parser * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License diff --git a/src/libfreeswan/pfkey_v2_parse.c b/src/libfreeswan/pfkey_v2_parse.c index 7ee08978c..49d5cdf4a 100644 --- a/src/libfreeswan/pfkey_v2_parse.c +++ b/src/libfreeswan/pfkey_v2_parse.c @@ -1,12 +1,12 @@ /* * RFC2367 PF_KEYv2 Key management API message parser * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License @@ -107,7 +107,7 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) #if 0 struct sadb_sa sav2; #endif - + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, "pfkey_sa_parse: entry\n"); /* sanity checks... */ @@ -117,7 +117,7 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) "NULL pointer passed in.\n"); SENDERR(EINVAL); } - + #if 0 /* check if this structure is short, and if so, fix it up. * XXX this is NOT the way to do things. @@ -129,7 +129,7 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) memcpy(&sav2, pfkey_sa, sizeof(struct sadb_sa_v1)); sav2.sadb_x_sa_ref=-1; sav2.sadb_sa_len = sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN; - + pfkey_sa = &sav2; } #endif @@ -143,7 +143,7 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) (int)sizeof(struct sadb_sa)); SENDERR(EINVAL); } - + if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_sa_parse: " @@ -152,7 +152,7 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) SADB_EALG_MAX); SENDERR(EINVAL); } - + if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_sa_parse: " @@ -161,7 +161,7 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) SADB_AALG_MAX); SENDERR(EINVAL); } - + if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_sa_parse: " @@ -170,7 +170,7 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) SADB_SASTATE_MAX); SENDERR(EINVAL); } - + if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_sa_parse: " @@ -179,7 +179,7 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) SADB_SASTATE_DEAD); SENDERR(EINVAL); } - + if(pfkey_sa->sadb_sa_replay > 64) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_sa_parse: " @@ -187,7 +187,7 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) pfkey_sa->sadb_sa_replay); SENDERR(EINVAL); } - + if(! ((pfkey_sa->sadb_sa_exttype == SADB_EXT_SA) || (pfkey_sa->sadb_sa_exttype == SADB_X_EXT_SA2))) { @@ -209,7 +209,7 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) IPSEC_SA_REF_TABLE_NUM_ENTRIES); SENDERR(EINVAL); } - + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, "pfkey_sa_parse: " "successfully found len=%d exttype=%d(%s) spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d ref=%d.\n", @@ -223,10 +223,10 @@ pfkey_sa_parse(struct sadb_ext *pfkey_ext) pfkey_sa->sadb_sa_encrypt, pfkey_sa->sadb_sa_flags, pfkey_sa->sadb_x_sa_ref); - + errlab: return error; -} +} DEBUG_NO_STATIC int pfkey_lifetime_parse(struct sadb_ext *pfkey_ext) @@ -259,21 +259,21 @@ pfkey_lifetime_parse(struct sadb_ext *pfkey_ext) (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_lifetime_parse: " - "unexpected ext_type=%d.\n", - pfkey_lifetime->sadb_lifetime_exttype); + "unexpected ext_type=%d.\n", + pfkey_lifetime->sadb_lifetime_exttype); SENDERR(EINVAL); } DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, "pfkey_lifetime_parse: " - "life_type=%d(%s) alloc=%u bytes=%u add=%u use=%u pkts=%u.\n", + "life_type=%d(%s) alloc=%u bytes=%u add=%u use=%u pkts=%u.\n", pfkey_lifetime->sadb_lifetime_exttype, pfkey_v2_sadb_ext_string(pfkey_lifetime->sadb_lifetime_exttype), pfkey_lifetime->sadb_lifetime_allocations, (unsigned)pfkey_lifetime->sadb_lifetime_bytes, (unsigned)pfkey_lifetime->sadb_lifetime_addtime, (unsigned)pfkey_lifetime->sadb_lifetime_usetime, - pfkey_lifetime->sadb_x_lifetime_packets); + pfkey_lifetime->sadb_x_lifetime_packets); errlab: return error; } @@ -286,7 +286,7 @@ pfkey_address_parse(struct sadb_ext *pfkey_ext) struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext; struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address)); char ipaddr_txt[ADDRTOT_BUF]; - + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, "pfkey_address_parse:enter\n"); /* sanity checks... */ @@ -296,7 +296,7 @@ pfkey_address_parse(struct sadb_ext *pfkey_ext) "NULL pointer passed in.\n"); SENDERR(EINVAL); } - + if(pfkey_address->sadb_address_len < (sizeof(struct sadb_address) + sizeof(struct sockaddr))/ IPSEC_PFKEYv2_ALIGN) { @@ -308,7 +308,7 @@ pfkey_address_parse(struct sadb_ext *pfkey_ext) (int)sizeof(struct sockaddr)); SENDERR(EINVAL); } - + if(pfkey_address->sadb_address_reserved) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_address_parse: " @@ -316,8 +316,8 @@ pfkey_address_parse(struct sadb_ext *pfkey_ext) pfkey_address->sadb_address_reserved); SENDERR(EINVAL); } - - switch(pfkey_address->sadb_address_exttype) { + + switch(pfkey_address->sadb_address_exttype) { case SADB_EXT_ADDRESS_SRC: case SADB_EXT_ADDRESS_DST: case SADB_EXT_ADDRESS_PROXY: @@ -329,7 +329,7 @@ pfkey_address_parse(struct sadb_ext *pfkey_ext) case SADB_X_EXT_NAT_T_OA: break; default: - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_address_parse: " "unexpected ext_type=%d.\n", pfkey_address->sadb_address_exttype); @@ -382,7 +382,7 @@ pfkey_address_parse(struct sadb_ext *pfkey_ext) s->sa_family); SENDERR(EPFNOSUPPORT); } - + if(pfkey_address->sadb_address_len != DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, @@ -393,16 +393,16 @@ pfkey_address_parse(struct sadb_ext *pfkey_ext) saddr_len); SENDERR(EINVAL); } - + if(pfkey_address->sadb_address_prefixlen != 0) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_address_parse: " "address prefixes not supported yet.\n"); SENDERR(EAFNOSUPPORT); /* not supported yet */ } - + /* XXX check if port!=0 */ - + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, "pfkey_address_parse: successful.\n"); errlab: @@ -452,7 +452,7 @@ pfkey_key_parse(struct sadb_ext *pfkey_ext) pfkey_key->sadb_key_len); SENDERR(EINVAL); } - + if(pfkey_key->sadb_key_reserved) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_key_parse: " @@ -527,7 +527,7 @@ pfkey_ident_parse(struct sadb_ext *pfkey_ext) SENDERR(EINVAL); } } - + if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) || (pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, @@ -578,7 +578,7 @@ pfkey_prop_parse(struct sadb_ext *pfkey_ext) struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop)); /* sanity checks... */ - if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) || + if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) || (((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_prop_parse: " @@ -596,7 +596,7 @@ pfkey_prop_parse(struct sadb_ext *pfkey_ext) pfkey_prop->sadb_prop_replay); SENDERR(EINVAL); } - + for(i=0; i<3; i++) { if(pfkey_prop->sadb_prop_reserved[i]) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, @@ -869,7 +869,7 @@ pfkey_supported_parse(struct sadb_ext *pfkey_ext) } pfkey_alg++; } - + errlab: return error; } @@ -879,7 +879,7 @@ pfkey_spirange_parse(struct sadb_ext *pfkey_ext) { int error = 0; struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext; - + /* sanity checks... */ if(pfkey_spirange->sadb_spirange_len != sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) { @@ -890,7 +890,7 @@ pfkey_spirange_parse(struct sadb_ext *pfkey_ext) (int)sizeof(struct sadb_spirange)); SENDERR(EINVAL); } - + if(pfkey_spirange->sadb_spirange_reserved) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_spirange_parse: " @@ -898,7 +898,7 @@ pfkey_spirange_parse(struct sadb_ext *pfkey_ext) pfkey_spirange->sadb_spirange_reserved); SENDERR(EINVAL); } - + if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_spirange_parse: " @@ -907,7 +907,7 @@ pfkey_spirange_parse(struct sadb_ext *pfkey_ext) ntohl(pfkey_spirange->sadb_spirange_max)); SENDERR(EINVAL); } - + if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_spirange_parse: " @@ -915,7 +915,7 @@ pfkey_spirange_parse(struct sadb_ext *pfkey_ext) ntohl(pfkey_spirange->sadb_spirange_min)); SENDERR(EEXIST); } - + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, "pfkey_spirange_parse: " "ext_len=%u ext_type=%u(%s) min=%u max=%u res=%u.\n", @@ -983,7 +983,7 @@ pfkey_x_satype_parse(struct sadb_ext *pfkey_ext) (int)sizeof(struct sadb_x_satype)); SENDERR(EINVAL); } - + if(!pfkey_x_satype->sadb_x_satype_satype) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_satype_parse: " @@ -994,7 +994,7 @@ pfkey_x_satype_parse(struct sadb_ext *pfkey_ext) if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_satype_parse: " - "satype %d > max %d, invalid.\n", + "satype %d > max %d, invalid.\n", pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX); SENDERR(EINVAL); } @@ -1016,7 +1016,7 @@ pfkey_x_satype_parse(struct sadb_ext *pfkey_ext) SENDERR(EINVAL); } } - + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, "pfkey_x_satype_parse: " "len=%u ext=%u(%s) satype=%u(%s) res=%u,%u,%u.\n", @@ -1051,7 +1051,7 @@ pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext) (int)sizeof(struct sadb_x_debug)); SENDERR(EINVAL); } - + for(i = 0; i < 4; i++) { if(pfkey_x_debug->sadb_x_debug_reserved[i]) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, @@ -1061,7 +1061,7 @@ pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext) SENDERR(EINVAL); } } - + errlab: return error; } @@ -1071,17 +1071,17 @@ pfkey_x_ext_protocol_parse(struct sadb_ext *pfkey_ext) { int error = 0; struct sadb_protocol *p = (struct sadb_protocol *)pfkey_ext; - + DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_protocol_parse:\n"); /* sanity checks... */ - + if (p->sadb_protocol_len != sizeof(*p)/IPSEC_PFKEYv2_ALIGN) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_protocol_parse: size wrong ext_len=%d, key_ext_len=%d.\n", p->sadb_protocol_len, (int)sizeof(*p)); SENDERR(EINVAL); } - + if (p->sadb_protocol_reserved2 != 0) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_protocol_parse: res=%d, must be zero.\n", @@ -1168,10 +1168,10 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, int remain; struct sadb_ext *pfkey_ext; int extensions_seen = 0; - + DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, "pfkey_msg_parse: " - "parsing message ver=%d, type=%d(%s), errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n", + "parsing message ver=%d, type=%d(%s), errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n", pfkey_msg->sadb_msg_version, pfkey_msg->sadb_msg_type, pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type), @@ -1182,20 +1182,20 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, pfkey_msg->sadb_msg_reserved, pfkey_msg->sadb_msg_seq, pfkey_msg->sadb_msg_pid); - + if(ext_parsers == NULL) ext_parsers = ext_default_parsers; - + pfkey_extensions_init(extensions); - + remain = pfkey_msg->sadb_msg_len; remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; - + pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg + sizeof(struct sadb_msg)); - + extensions[0] = (struct sadb_ext *) pfkey_msg; - - + + if(pfkey_msg->sadb_msg_version != PF_KEY_V2) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_msg_parse: " @@ -1261,7 +1261,7 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, default: break; } - + /* errno must not be set in downward messages */ /* this is not entirely true... a response to an ACQUIRE could return an error */ if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) { @@ -1274,54 +1274,54 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, "pfkey_msg_parse: " - "remain=%d, ext_type=%d(%s), ext_len=%d.\n", + "remain=%d, ext_type=%d(%s), ext_len=%d.\n", remain, pfkey_ext->sadb_ext_type, pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), pfkey_ext->sadb_ext_len); - + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, "pfkey_msg_parse: " "extensions permitted=%08x, required=%08x.\n", extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); - + extensions_seen = 1; - + while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) { /* Is there enough message left to support another extension header? */ if(remain < pfkey_ext->sadb_ext_len) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_msg_parse: " - "remain %d less than ext len %d.\n", + "remain %d less than ext len %d.\n", remain, pfkey_ext->sadb_ext_len); SENDERR(EINVAL); } - + DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, "pfkey_msg_parse: " "parsing ext type=%d(%s) remain=%d.\n", pfkey_ext->sadb_ext_type, pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), remain); - + /* Is the extension header type valid? */ if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_msg_parse: " - "ext type %d(%s) invalid, SADB_EXT_MAX=%d.\n", + "ext type %d(%s) invalid, SADB_EXT_MAX=%d.\n", pfkey_ext->sadb_ext_type, pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), SADB_EXT_MAX); SENDERR(EINVAL); } - + /* Have we already seen this type of extension? */ if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_msg_parse: " - "ext type %d(%s) already seen.\n", + "ext type %d(%s) already seen.\n", pfkey_ext->sadb_ext_type, pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); SENDERR(EINVAL); @@ -1331,7 +1331,7 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, if(ext_parsers[pfkey_ext->sadb_ext_type]==NULL) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_msg_parse: " - "ext type %d(%s) unknown, ignoring.\n", + "ext type %d(%s) unknown, ignoring.\n", pfkey_ext->sadb_ext_type, pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); goto next_ext; @@ -1342,8 +1342,8 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, 1<sadb_ext_type)) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_msg_parse: " - "ext type %d(%s) not permitted, exts_perm_in=%08x, 1<sadb_ext_type, + "ext type %d(%s) not permitted, exts_perm_in=%08x, 1<sadb_ext_type, pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], 1<sadb_ext_type); @@ -1359,7 +1359,7 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, pfkey_ext->sadb_ext_len, pfkey_ext, ext_parsers[pfkey_ext->sadb_ext_type]->parser_name); - + /* Parse the extension */ if((error = (*ext_parsers[pfkey_ext->sadb_ext_type]->parser)(pfkey_ext))) { @@ -1368,7 +1368,7 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, "extension parsing for type %d(%s) failed with error %d.\n", pfkey_ext->sadb_ext_type, pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - error); + error); SENDERR(-error); } DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, @@ -1376,12 +1376,12 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, "Extension %d(%s) parsed.\n", pfkey_ext->sadb_ext_type, pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); - + /* Mark that we have seen this extension and remember the header location */ extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type ); extensions[pfkey_ext->sadb_ext_type] = pfkey_ext; - next_ext: + next_ext: /* Calculate how much message remains */ remain -= pfkey_ext->sadb_ext_len; @@ -1396,7 +1396,7 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, if(remain) { DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_msg_parse: " - "unexpected remainder of %d.\n", + "unexpected remainder of %d.\n", remain); /* why is there still something remaining? */ SENDERR(EINVAL); @@ -1427,7 +1427,7 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type])); SENDERR(EINVAL); } - + if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW) && ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW) != SADB_X_EXT_ADDRESS_DELFLOW) @@ -1443,7 +1443,7 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, (1<sadb_msg_type) { case SADB_ADD: case SADB_UPDATE: @@ -1457,7 +1457,7 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, SADB_SASTATE_MATURE); SENDERR(EINVAL); } - + /* check AH and ESP */ switch(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype) { case SADB_SATYPE_AH: @@ -1529,7 +1529,7 @@ pfkey_msg_parse(struct sadb_msg *pfkey_msg, ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi)); SENDERR(EINVAL); } - default: + default: break; } errlab: diff --git a/src/libfreeswan/pfkeyv2.h b/src/libfreeswan/pfkeyv2.h index 461299c78..685db1273 100644 --- a/src/libfreeswan/pfkeyv2.h +++ b/src/libfreeswan/pfkeyv2.h @@ -182,7 +182,7 @@ struct sadb_x_satype { uint8_t sadb_x_satype_satype; uint8_t sadb_x_satype_reserved[3]; }; - + struct sadb_x_policy { uint16_t sadb_x_policy_len; uint16_t sadb_x_policy_exttype; @@ -192,7 +192,7 @@ struct sadb_x_policy { uint32_t sadb_x_policy_id; uint32_t sadb_x_policy_reserved2; }; - + struct sadb_x_debug { uint16_t sadb_x_debug_len; uint16_t sadb_x_debug_exttype; @@ -318,7 +318,8 @@ struct sadb_protocol { #define SADB_X_AALG_RIPEMD160HMAC 8 #define SADB_X_AALG_AES_XCBC_MAC 9 #define SADB_X_AALG_NULL 251 /* kame */ -#define SADB_AALG_MAX 251 +#define SADB_X_AALG_SHA2_256_96HMAC 252 +#define SADB_AALG_MAX 252 /* Encryption algorithms */ #define SADB_EALG_NONE 0 diff --git a/src/libfreeswan/portof.c b/src/libfreeswan/portof.c index 6d06473ad..c44b839f3 100644 --- a/src/libfreeswan/portof.c +++ b/src/libfreeswan/portof.c @@ -1,12 +1,12 @@ /* * low-level ip_address ugliness * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/prng.c b/src/libfreeswan/prng.c index 6cb84e484..347f13f89 100644 --- a/src/libfreeswan/prng.c +++ b/src/libfreeswan/prng.c @@ -2,12 +2,12 @@ * crypto-class pseudorandom number generator * currently uses same algorithm as RC4(TM), from Schneier 2nd ed p397 * Copyright (C) 2002 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/rangetoa.c b/src/libfreeswan/rangetoa.c index c5a7ddfda..704558248 100644 --- a/src/libfreeswan/rangetoa.c +++ b/src/libfreeswan/rangetoa.c @@ -1,12 +1,12 @@ /* * convert binary form of address range to ASCII * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/rangetosubnet.c b/src/libfreeswan/rangetosubnet.c index 0defa0739..2a989300e 100644 --- a/src/libfreeswan/rangetosubnet.c +++ b/src/libfreeswan/rangetosubnet.c @@ -1,12 +1,12 @@ /* * express an address range as a subnet (if possible) * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/sameaddr.c b/src/libfreeswan/sameaddr.c index 653b94c30..47daaa4ee 100644 --- a/src/libfreeswan/sameaddr.c +++ b/src/libfreeswan/sameaddr.c @@ -1,12 +1,12 @@ /* * comparisons * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/satoa.c b/src/libfreeswan/satoa.c index fe7fb2ea0..09a152727 100644 --- a/src/libfreeswan/satoa.c +++ b/src/libfreeswan/satoa.c @@ -1,12 +1,12 @@ /* * convert from binary form of SA ID to ASCII * Copyright (C) 1998, 1999, 2001 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/satot.c b/src/libfreeswan/satot.c index a16d62840..e70036482 100644 --- a/src/libfreeswan/satot.c +++ b/src/libfreeswan/satot.c @@ -1,12 +1,12 @@ /* * convert from binary form of SA ID to text * Copyright (C) 2000, 2001 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public @@ -91,7 +91,7 @@ size_t dstlen; PASSTHROUGH6NAME); len = strlen(buf); } - + if (sa->proto == SA_INT && addrtypeof(&sa->dst) == AF_INET && isunspecaddr(&sa->dst)) { switch (ntohl(sa->spi)) { diff --git a/src/libfreeswan/subnetof.c b/src/libfreeswan/subnetof.c index 55786a2e4..ec9b8ec7d 100644 --- a/src/libfreeswan/subnetof.c +++ b/src/libfreeswan/subnetof.c @@ -1,12 +1,12 @@ /* * minor network-address manipulation utilities * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/subnettoa.c b/src/libfreeswan/subnettoa.c index e8d98168d..694fa40da 100644 --- a/src/libfreeswan/subnettoa.c +++ b/src/libfreeswan/subnettoa.c @@ -1,12 +1,12 @@ /* * convert binary form of subnet description to ASCII * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/subnettot.c b/src/libfreeswan/subnettot.c index 03d2e1e57..64d511ba2 100644 --- a/src/libfreeswan/subnettot.c +++ b/src/libfreeswan/subnettot.c @@ -1,12 +1,12 @@ /* * convert binary form of subnet description to text * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/subnettypeof.c b/src/libfreeswan/subnettypeof.c index 9fa15a7d5..96c283c04 100644 --- a/src/libfreeswan/subnettypeof.c +++ b/src/libfreeswan/subnettypeof.c @@ -1,12 +1,12 @@ /* * extract parts of an ip_subnet, and related * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/ttoaddr.c b/src/libfreeswan/ttoaddr.c index bda2be5ed..234c9d8e7 100644 --- a/src/libfreeswan/ttoaddr.c +++ b/src/libfreeswan/ttoaddr.c @@ -1,12 +1,12 @@ /* * conversion from text forms of addresses to internal ones * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public @@ -61,7 +61,7 @@ ip_address *dst; case AF_INET6: case 0: /* guess */ break; - + default: return "invalid address family"; } @@ -78,7 +78,7 @@ ip_address *dst; { af = AF_INET6; } - + if (af != AF_INET6) return "non-ipv6 address may not contain `:'"; return colon(src, srclen, dst); @@ -127,7 +127,7 @@ ip_address *dst; } return "does not appear to be either IPv4 or IPv6 numeric address"; break; - + case AF_INET6: return colon(src, srclen, dst); break; diff --git a/src/libfreeswan/ttodata.c b/src/libfreeswan/ttodata.c index b0d5e4d01..ef3717797 100644 --- a/src/libfreeswan/ttodata.c +++ b/src/libfreeswan/ttodata.c @@ -1,12 +1,12 @@ /* * convert from text form of arbitrary data (e.g., keys) to binary * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public @@ -125,7 +125,7 @@ unsigned int flags; else if (!(skipSpace && (*src == ' ' || *src == '\t'))) stage[sl++] = *src; } - + nbytes = (*decode)(stage, buf, sizeof(buf)); switch (nbytes) { case BADCH0: @@ -229,7 +229,7 @@ size_t dstlen; /* not large enough is a failure */ if (dstlen < 1) return SHORT; - + p = strchr(hex, *src); if (p == NULL) p = strchr(hex, tolower(*src)); @@ -659,7 +659,7 @@ char *pgm; break; } } - + if (base >= IGNORESPACE_BIAS) { base = base - IGNORESPACE_BIAS; check(r, buf, n, ttodatav(r->ascii, 0, base, buf, sizeof(buf), &n, NULL, 0, TTODATAV_IGNORESPACE), &status); diff --git a/src/libfreeswan/ttoprotoport.c b/src/libfreeswan/ttoprotoport.c index c3d033168..e75b206be 100644 --- a/src/libfreeswan/ttoprotoport.c +++ b/src/libfreeswan/ttoprotoport.c @@ -72,7 +72,7 @@ bool *has_port_wildcard; /* set if port is %any */ /* is there a port wildcard? */ *has_port_wildcard = (strcmp(service_name, "%any") == 0); - + if (*has_port_wildcard) { *port = 0; diff --git a/src/libfreeswan/ttosa.c b/src/libfreeswan/ttosa.c index 20e01b152..9873231c0 100644 --- a/src/libfreeswan/ttosa.c +++ b/src/libfreeswan/ttosa.c @@ -1,12 +1,12 @@ /* * convert from text form of SA ID to binary * Copyright (C) 2000, 2001 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/ttosubnet.c b/src/libfreeswan/ttosubnet.c index 36c039a96..a18a3f326 100644 --- a/src/libfreeswan/ttosubnet.c +++ b/src/libfreeswan/ttosubnet.c @@ -1,12 +1,12 @@ /* * convert from text form of subnet specification to binary * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/ttoul.c b/src/libfreeswan/ttoul.c index 853a6130c..7524789c4 100644 --- a/src/libfreeswan/ttoul.c +++ b/src/libfreeswan/ttoul.c @@ -1,12 +1,12 @@ /* * convert from text form of unsigned long to binary * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/ultoa.c b/src/libfreeswan/ultoa.c index ef45366a1..16ddd2c1e 100644 --- a/src/libfreeswan/ultoa.c +++ b/src/libfreeswan/ultoa.c @@ -1,12 +1,12 @@ /* * convert unsigned long to ASCII * Copyright (C) 1998, 1999 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libfreeswan/ultot.c b/src/libfreeswan/ultot.c index c4f2d7884..6685f8f7c 100644 --- a/src/libfreeswan/ultot.c +++ b/src/libfreeswan/ultot.c @@ -1,12 +1,12 @@ /* * convert unsigned long to text * Copyright (C) 2000 Henry Spencer. - * + * * This library is free software; you can redistribute it and/or modify it * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public diff --git a/src/libsimaka/Makefile.am b/src/libsimaka/Makefile.am new file mode 100644 index 000000000..f64e4dba3 --- /dev/null +++ b/src/libsimaka/Makefile.am @@ -0,0 +1,6 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon + +noinst_LTLIBRARIES = libsimaka.la +libsimaka_la_SOURCES = simaka_message.h simaka_message.c \ + simaka_crypto.h simaka_crypto.c diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in new file mode 100644 index 000000000..9a448ef02 --- /dev/null +++ b/src/libsimaka/Makefile.in @@ -0,0 +1,516 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libsimaka +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +LTLIBRARIES = $(noinst_LTLIBRARIES) +libsimaka_la_LIBADD = +am_libsimaka_la_OBJECTS = simaka_message.lo simaka_crypto.lo +libsimaka_la_OBJECTS = $(am_libsimaka_la_OBJECTS) +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libsimaka_la_SOURCES) +DIST_SOURCES = $(libsimaka_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +noinst_LTLIBRARIES = libsimaka.la +libsimaka_la_SOURCES = simaka_message.h simaka_message.c \ + simaka_crypto.h simaka_crypto.c + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libsimaka/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libsimaka/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libsimaka.la: $(libsimaka_la_OBJECTS) $(libsimaka_la_DEPENDENCIES) + $(LINK) $(libsimaka_la_OBJECTS) $(libsimaka_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/simaka_crypto.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/simaka_message.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libsimaka/simaka_crypto.c b/src/libsimaka/simaka_crypto.c new file mode 100644 index 000000000..b85502012 --- /dev/null +++ b/src/libsimaka/simaka_crypto.c @@ -0,0 +1,241 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "simaka_crypto.h" + +#include + +/** length of the k_encr key */ +#define KENCR_LEN 16 +/** length of the k_auth key */ +#define KAUTH_LEN 16 +/** length of the MSK */ +#define MSK_LEN 64 +/** length of the EMSK */ +#define EMSK_LEN 64 + +typedef struct private_simaka_crypto_t private_simaka_crypto_t; + +/** + * Private data of an simaka_crypto_t object. + */ +struct private_simaka_crypto_t { + + /** + * Public simaka_crypto_t interface. + */ + simaka_crypto_t public; + + /** + * signer to create/verify AT_MAC + */ + signer_t *signer; + + /** + * crypter to encrypt/decrypt AT_ENCR_DATA + */ + crypter_t *crypter; + + /** + * hasher used in key derivation + */ + hasher_t *hasher; + + /** + * PRF function used in key derivation + */ + prf_t *prf; + + /** + * Random number generator to generate nonces + */ + rng_t *rng; + + /** + * Have k_encr/k_auth been derived? + */ + bool derived; +}; + +/** + * Implementation of simaka_crypto_t.get_signer + */ +static signer_t* get_signer(private_simaka_crypto_t *this) +{ + return this->derived ? this->signer : NULL; +} + +/** + * Implementation of simaka_crypto_t.get_crypter + */ +static crypter_t* get_crypter(private_simaka_crypto_t *this) +{ + return this->derived ? this->crypter : NULL; +} + +/** + * Implementation of simaka_crypto_t.get_rng + */ +static rng_t* get_rng(private_simaka_crypto_t *this) +{ + return this->rng; +} + +/** + * Implementation of simaka_crypto_t.derive_keys_full + */ +static chunk_t derive_keys_full(private_simaka_crypto_t *this, + identification_t *id, chunk_t data, chunk_t *mk) +{ + chunk_t str, msk, k_encr, k_auth; + int i; + + /* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) + * For AKA: MK = SHA1(Identity|IK|CK) */ + this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL); + this->hasher->allocate_hash(this->hasher, data, mk); + DBG3(DBG_IKE, "MK %B", mk); + + /* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() */ + this->prf->set_key(this->prf, *mk); + str = chunk_alloca(this->prf->get_block_size(this->prf) * 3); + for (i = 0; i < 3; i++) + { + this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 3 * i); + } + + k_encr = chunk_create(str.ptr, KENCR_LEN); + k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN); + msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN); + DBG3(DBG_IKE, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk); + + this->signer->set_key(this->signer, k_auth); + this->crypter->set_key(this->crypter, k_encr); + + charon->sim->key_hook(charon->sim, k_encr, k_auth); + + this->derived = TRUE; + return chunk_clone(msk); +} + +/** + * Implementation of simaka_crypto_t.derive_keys_reauth + */ +static void derive_keys_reauth(private_simaka_crypto_t *this, chunk_t mk) +{ + chunk_t str, k_encr, k_auth; + int i; + + /* K_encr | K_auth = prf() | prf() */ + this->prf->set_key(this->prf, mk); + str = chunk_alloca(this->prf->get_block_size(this->prf) * 2); + for (i = 0; i < 2; i++) + { + this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i); + } + k_encr = chunk_create(str.ptr, KENCR_LEN); + k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN); + DBG3(DBG_IKE, "K_encr %B\nK_auth %B", &k_encr, &k_auth); + + this->signer->set_key(this->signer, k_auth); + this->crypter->set_key(this->crypter, k_encr); + + charon->sim->key_hook(charon->sim, k_encr, k_auth); + + this->derived = TRUE; +} + +/** + * Implementation of simaka_crypto_t.derive_keys_reauth_msk + */ +static chunk_t derive_keys_reauth_msk(private_simaka_crypto_t *this, + identification_t *id, chunk_t counter, + chunk_t nonce_s, chunk_t mk) +{ + char xkey[HASH_SIZE_SHA1]; + chunk_t str, msk; + int i; + + this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL); + this->hasher->get_hash(this->hasher, counter, NULL); + this->hasher->get_hash(this->hasher, nonce_s, NULL); + this->hasher->get_hash(this->hasher, mk, xkey); + + /* MSK | EMSK = prf() | prf() | prf() | prf() */ + this->prf->set_key(this->prf, chunk_create(xkey, sizeof(xkey))); + str = chunk_alloca(this->prf->get_block_size(this->prf) * 2); + for (i = 0; i < 2; i++) + { + this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i); + } + msk = chunk_create(str.ptr, MSK_LEN); + DBG3(DBG_IKE, "MSK %B", &msk); + + return chunk_clone(msk); +} + +/** + * Implementation of simaka_crypto_t.clear_keys + */ +static void clear_keys(private_simaka_crypto_t *this) +{ + this->derived = FALSE; +} + +/** + * Implementation of simaka_crypto_t.destroy. + */ +static void destroy(private_simaka_crypto_t *this) +{ + DESTROY_IF(this->rng); + DESTROY_IF(this->hasher); + DESTROY_IF(this->prf); + DESTROY_IF(this->signer); + DESTROY_IF(this->crypter); + free(this); +} + +/** + * See header + */ +simaka_crypto_t *simaka_crypto_create() +{ + private_simaka_crypto_t *this = malloc_thing(private_simaka_crypto_t); + + this->public.get_signer = (signer_t*(*)(simaka_crypto_t*))get_signer; + this->public.get_crypter = (crypter_t*(*)(simaka_crypto_t*))get_crypter; + this->public.get_rng = (rng_t*(*)(simaka_crypto_t*))get_rng; + this->public.derive_keys_full = (chunk_t(*)(simaka_crypto_t*, identification_t *id, chunk_t data, chunk_t *mk))derive_keys_full; + this->public.derive_keys_reauth = (void(*)(simaka_crypto_t*, chunk_t mk))derive_keys_reauth; + this->public.derive_keys_reauth_msk = (chunk_t(*)(simaka_crypto_t*, identification_t *id, chunk_t counter, chunk_t nonce_s, chunk_t mk))derive_keys_reauth_msk; + this->public.clear_keys = (void(*)(simaka_crypto_t*))clear_keys; + this->public.destroy = (void(*)(simaka_crypto_t*))destroy; + + this->derived = FALSE; + this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + this->prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160); + this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128); + this->crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); + if (!this->rng || !this->hasher || !this->prf || + !this->signer || !this->crypter) + { + DBG1(DBG_IKE, "unable to use EAP-SIM, missing algorithms"); + destroy(this); + return NULL; + } + return &this->public; +} + diff --git a/src/libsimaka/simaka_crypto.h b/src/libsimaka/simaka_crypto.h new file mode 100644 index 000000000..d1830e658 --- /dev/null +++ b/src/libsimaka/simaka_crypto.h @@ -0,0 +1,110 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup simaka_crypto simaka_crypto + * @{ @ingroup libsimaka + */ + +#ifndef SIMAKA_CRYPTO_H_ +#define SIMAKA_CRYPTO_H_ + +#include + +typedef struct simaka_crypto_t simaka_crypto_t; + +/** + * EAP-SIM/AKA crypto helper and key derivation class. + */ +struct simaka_crypto_t { + + /** + * Get the signer to use for AT_MAC calculation/verification. + * + * @return signer reference, NULL if no keys have been derived + */ + signer_t* (*get_signer)(simaka_crypto_t *this); + + /** + * Get the signer to use for AT_ENCR_DATA encryption/decryption. + * + * @return crypter reference, NULL if no keys have been derived + */ + crypter_t* (*get_crypter)(simaka_crypto_t *this); + + /** + * Get the random number generator. + * + * @return rng reference + */ + rng_t* (*get_rng)(simaka_crypto_t *this); + + /** + * Derive keys after full authentication. + * + * This methods derives the k_encr/k_auth keys and loads them into the + * internal crypter/signer instances. The passed data is method specific: + * For EAP-SIM, it is "n*Kc|NONCE_MT|Version List|Selected Version", for + * EAP-AKA it is "IK|CK". + * + * @param id peer identity + * @param data method specific data + * @param mk chunk receiving allocated master key MK + * @return allocated MSK value + */ + chunk_t (*derive_keys_full)(simaka_crypto_t *this, identification_t *id, + chunk_t data, chunk_t *mk); + + /** + * Derive k_encr/k_auth keys from MK using fast reauthentication. + * + * This methods derives the k_encr/k_auth keys and loads them into the + * internal crypter/signer instances. + * + * @param mk master key + */ + void (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk); + + /** + * Derive MSK using fast reauthentication. + * + * @param id fast reauthentication identity + * @param counter fast reauthentication counter value, network order + * @param nonce_s server generated NONCE_S value + * @param mk master key of last full authentication + */ + chunk_t (*derive_keys_reauth_msk)(simaka_crypto_t *this, + identification_t *id, chunk_t counter, + chunk_t nonce_s, chunk_t mk); + + /** + * Clear keys (partially) derived. + */ + void (*clear_keys)(simaka_crypto_t *this); + + /** + * Destroy a simaka_crypto_t. + */ + void (*destroy)(simaka_crypto_t *this); +}; + +/** + * Create a simaka_crypto instance. + * + * @return EAP-SIM/AKA crypto instance, NULL if algorithms missing + */ +simaka_crypto_t *simaka_crypto_create(); + +#endif /** SIMAKA_CRYPTO_H_ @}*/ diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c new file mode 100644 index 000000000..22d111bfd --- /dev/null +++ b/src/libsimaka/simaka_message.c @@ -0,0 +1,909 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "simaka_message.h" + +typedef struct private_simaka_message_t private_simaka_message_t; +typedef struct hdr_t hdr_t; +typedef struct attr_hdr_t attr_hdr_t; +typedef struct attr_t attr_t; + +/** + * packed EAP-SIM/AKA header struct + */ +struct hdr_t { + /** EAP code (REQUEST/RESPONSE) */ + u_int8_t code; + /** unique message identifier */ + u_int8_t identifier; + /** length of whole message */ + u_int16_t length; + /** EAP type => EAP_SIM/EAP_AKA */ + u_int8_t type; + /** SIM subtype */ + u_int8_t subtype; + /** reserved bytes */ + u_int16_t reserved; +} __attribute__((__packed__)); + +/** + * packed EAP-SIM/AKA attribute header struct + */ +struct attr_hdr_t { + /** attribute type */ + u_int8_t type; + /** attibute length */ + u_int8_t length; +} __attribute__((__packed__)); + +/** + * SIM/AKA attribute, parsed + */ +struct attr_t { + /** type of attribute */ + simaka_attribute_t type; + /** length of data */ + size_t len; + /** start of data, variable length */ + char data[]; +}; + +ENUM_BEGIN(simaka_subtype_names, AKA_CHALLENGE, AKA_IDENTITY, + "AKA_CHALLENGE", + "AKA_AUTHENTICATION_REJECT", + "AKA_3", + "AKA_SYNCHRONIZATION_FAILURE", + "AKA_IDENTITY"); +ENUM_NEXT(simaka_subtype_names, SIM_START, AKA_CLIENT_ERROR, AKA_IDENTITY, + "SIM_START", + "SIM_CHALLENGE", + "SIM/AKA_NOTIFICATION", + "SIM/AKA_REAUTHENTICATION", + "SIM/AKA_CLIENT_ERROR"); +ENUM_END(simaka_subtype_names, AKA_CLIENT_ERROR); + + +ENUM_BEGIN(simaka_attribute_names, AT_RAND, AT_CLIENT_ERROR_CODE, + "AT_RAND", + "AT_AUTN", + "AT_RES", + "AT_AUTS", + "AT_5", + "AT_PADDING", + "AT_NONCE_MT", + "AT_8", + "AT_9", + "AT_PERMANENT_ID_REQ", + "AT_MAC", + "AT_NOTIFICATION", + "AT_ANY_ID_REQ", + "AT_IDENTITY", + "AT_VERSION_LIST", + "AT_SELECTED_VERSION", + "AT_FULLAUTH_ID_REQ", + "AT_18", + "AT_COUNTER", + "AT_COUNTER_TOO_SMALL", + "AT_NONCE_S", + "AT_CLIENT_ERROR_CODE"); +ENUM_NEXT(simaka_attribute_names, AT_IV, AT_RESULT_IND, AT_CLIENT_ERROR_CODE, + "AT_IV", + "AT_ENCR_DATA", + "AT_131", + "AT_NEXT_PSEUDONYM", + "AT_NEXT_REAUTH_ID", + "AT_CHECKCODE", + "AT_RESULT_IND"); +ENUM_END(simaka_attribute_names, AT_RESULT_IND); + + +ENUM_BEGIN(simaka_notification_names, SIM_GENERAL_FAILURE_AA, SIM_GENERAL_FAILURE_AA, + "General failure after authentication"); +ENUM_NEXT(simaka_notification_names, SIM_TEMP_DENIED, SIM_TEMP_DENIED, SIM_GENERAL_FAILURE_AA, + "User has been temporarily denied access"); +ENUM_NEXT(simaka_notification_names, SIM_NOT_SUBSCRIBED, SIM_NOT_SUBSCRIBED, SIM_TEMP_DENIED, + "User has not subscribed to the requested service"); +ENUM_NEXT(simaka_notification_names, SIM_GENERAL_FAILURE, SIM_GENERAL_FAILURE, SIM_NOT_SUBSCRIBED, + "General failure"); +ENUM_NEXT(simaka_notification_names, SIM_SUCCESS, SIM_SUCCESS, SIM_GENERAL_FAILURE, + "User has been successfully authenticated"); +ENUM_END(simaka_notification_names, SIM_SUCCESS); + + +ENUM(simaka_client_error_names, SIM_UNABLE_TO_PROCESS, SIM_RANDS_NOT_FRESH, + "unable to process packet", + "unsupported version", + "insufficient number of challenges", + "RANDs are not fresh", +); + +/** + * Check if an EAP-SIM/AKA attribute is skippable + */ +bool simaka_attribute_skippable(simaka_attribute_t attribute) +{ + bool skippable = !(attribute >= 0 && attribute <= 127); + + DBG1(DBG_IKE, "%sskippable EAP-SIM/AKA attribute %N", + skippable ? "ignoring " : "found non-", + simaka_attribute_names, attribute); + return skippable; +} + +/** + * Private data of an simaka_message_t object. + */ +struct private_simaka_message_t { + + /** + * Public simaka_message_t interface. + */ + simaka_message_t public; + + /** + * EAP message, starting with EAP header + */ + hdr_t *hdr; + + /** + * List of parsed attributes, attr_t + */ + linked_list_t *attributes; + + /** + * Currently parsing AT_ENCR_DATA wrapped attributes? + */ + bool encrypted; + + /** + * crypto helper + */ + simaka_crypto_t *crypto; + + /** + * Phase a NOTIFICATION is sent within + */ + bool p_bit; + + /** + * MAC value, pointing into message + */ + chunk_t mac; + + /** + * ENCR_DATA value, pointing into message + */ + chunk_t encr; + + /** + * IV value, pointing into message + */ + chunk_t iv; +}; + +/** + * Implementation of simaka_message_t.is_request + */ +static bool is_request(private_simaka_message_t *this) +{ + return this->hdr->code == EAP_REQUEST; +} + +/** + * Implementation of simaka_message_t.get_identifier + */ +static u_int8_t get_identifier(private_simaka_message_t *this) +{ + return this->hdr->identifier; +} + +/** + * Implementation of simaka_message_t.get_subtype + */ +static simaka_subtype_t get_subtype(private_simaka_message_t *this) +{ + return this->hdr->subtype; +} + +/** + * Implementation of simaka_message_t.get_type + */ +static eap_type_t get_type(private_simaka_message_t *this) +{ + return this->hdr->type; +} + +/** + * convert attr_t to type and data enumeration + */ +static bool attr_enum_filter(void *null, attr_t **in, simaka_attribute_t *type, + void *dummy, chunk_t *data) +{ + attr_t *attr = *in; + + *type = attr->type; + *data = chunk_create(attr->data, attr->len); + return TRUE; +} + +/** + * Implementation of simaka_message_t.create_attribute_enumerator + */ +static enumerator_t* create_attribute_enumerator(private_simaka_message_t *this) +{ + return enumerator_create_filter( + this->attributes->create_enumerator(this->attributes), + (void*)attr_enum_filter, NULL, NULL); +} + +/** + * Implementation of simaka_message_t.add_attribute + */ +static void add_attribute(private_simaka_message_t *this, + simaka_attribute_t type, chunk_t data) +{ + attr_t *attr; + + if (!charon->sim->attribute_hook(charon->sim, this->hdr->code, + this->hdr->type, this->hdr->subtype, type, data)) + { + attr = malloc(sizeof(attr_t) + data.len); + attr->len = data.len; + attr->type = type; + memcpy(attr->data, data.ptr, data.len); + + this->attributes->insert_last(this->attributes, attr); + } +} + +/** + * Error handling for unencrypted attributes + */ +static bool not_encrypted(simaka_attribute_t type) +{ + DBG1(DBG_IKE, "received unencrypted %N", simaka_attribute_names, type); + return FALSE; +} + +/** + * Error handling for invalid length + */ +static bool invalid_length(simaka_attribute_t type) +{ + DBG1(DBG_IKE, "invalid length of %N", simaka_attribute_names, type); + return FALSE; +} + +/** + * Parse attributes from a chunk of data + */ +static bool parse_attributes(private_simaka_message_t *this, chunk_t in) +{ + while (in.len) + { + attr_hdr_t *hdr; + chunk_t data; + + if (in.len < sizeof(attr_hdr_t)) + { + DBG1(DBG_IKE, "found short %N attribute header", + eap_type_names, this->hdr->type); + return FALSE; + } + hdr = (attr_hdr_t*)in.ptr; + + switch (hdr->type) + { + /* attributes without data */ + case AT_COUNTER_TOO_SMALL: + if (!this->encrypted) + { + return not_encrypted(hdr->type); + } + /* FALL */ + case AT_ANY_ID_REQ: + case AT_PERMANENT_ID_REQ: + case AT_FULLAUTH_ID_REQ: + { + if (hdr->length != 1 || in.len < 4) + { + return invalid_length(hdr->type); + } + data = chunk_empty; + in = chunk_skip(in, 4); + break; + } + /* attributes with two bytes data */ + case AT_COUNTER: + if (!this->encrypted) + { + return not_encrypted(hdr->type); + } + /* FALL */ + case AT_CLIENT_ERROR_CODE: + case AT_SELECTED_VERSION: + case AT_NOTIFICATION: + { + if (hdr->length != 1 || in.len < 4) + { + return invalid_length(hdr->type); + } + data = chunk_create(in.ptr + 2, 2); + in = chunk_skip(in, 4); + break; + } + /* attributes with an additional actual-length in bits or bytes */ + case AT_NEXT_PSEUDONYM: + case AT_NEXT_REAUTH_ID: + if (!this->encrypted) + { + return not_encrypted(hdr->type); + } + /* FALL */ + case AT_RES: + case AT_IDENTITY: + case AT_VERSION_LIST: + { + u_int16_t len; + + if (hdr->length < 1 || in.len < 4) + { + return invalid_length(hdr->type); + } + memcpy(&len, in.ptr + 2, 2); + len = ntohs(len); + if (hdr->type == AT_RES) + { /* AT_RES uses length encoding in bits */ + len /= 8; + } + if (len > hdr->length * 4 || len > in.len) + { + return invalid_length(hdr->type); + } + data = chunk_create(in.ptr + 4, len); + in = chunk_skip(in, hdr->length * 4); + break; + } + /* attributes with two reserved bytes, 16 bytes length */ + case AT_NONCE_S: + if (!this->encrypted) + { + return not_encrypted(hdr->type); + } + /* FALL */ + case AT_AUTN: + case AT_NONCE_MT: + case AT_IV: + case AT_MAC: + { + if (hdr->length != 5 || in.len < 20) + { + return invalid_length(hdr->type); + } + data = chunk_create(in.ptr + 4, 16); + in = chunk_skip(in, 20); + break; + } + /* attributes with two reserved bytes, variable length */ + case AT_ENCR_DATA: + case AT_RAND: + { + if (hdr->length * 4 > in.len || in.len < 4) + { + return invalid_length(hdr->type); + } + data = chunk_create(in.ptr + 4, hdr->length * 4 - 4); + in = chunk_skip(in, hdr->length * 4); + break; + } + /* attributes with no reserved bytes, 14 bytes length */ + case AT_AUTS: + { + if (hdr->length != 4 || in.len < 16) + { + return invalid_length(hdr->type); + } + data = chunk_create(in.ptr + 2, 14); + in = chunk_skip(in, 16); + break; + } + /* other attributes (with 4n + 2 length) */ + case AT_PADDING: + default: + { + if (hdr->length * 4 > in.len || in.len < 4) + { + return invalid_length(hdr->type); + } + data = chunk_create(in.ptr + 2, hdr->length * 4 - 2); + in = chunk_skip(in, hdr->length * 4); + break; + } + } + + /* handle special attributes */ + switch (hdr->type) + { + case AT_MAC: + this->mac = data; + break; + case AT_IV: + this->iv = data; + break; + case AT_ENCR_DATA: + this->encr = data; + break; + case AT_PADDING: + break; + case AT_NOTIFICATION: + if (this->p_bit) + { /* remember P bit for MAC verification */ + this->p_bit = !!(data.ptr[0] & 0x40); + } + else if (!this->encrypted) + { + DBG1(DBG_IKE, "found P-bit 0 notify in unencrypted message"); + return FALSE; + } + /* FALL */ + default: + add_attribute(this, hdr->type, data); + break; + } + } + return TRUE; +} + +/** + * Decrypt a message and parse the decrypted attributes + */ +static bool decrypt(private_simaka_message_t *this) +{ + bool success; + crypter_t *crypter; + chunk_t plain; + + crypter = this->crypto->get_crypter(this->crypto); + if (!crypter || !this->iv.len || !this->encr.len || this->encrypted) + { + return TRUE; + } + if (this->encr.len % crypter->get_block_size(crypter)) + { + DBG1(DBG_IKE, "%N ENCR_DATA not a multiple of block size", + eap_type_names, this->hdr->type); + return FALSE; + } + + crypter->decrypt(crypter, this->encr, this->iv, &plain); + + this->encrypted = TRUE; + success = parse_attributes(this, plain); + this->encrypted = FALSE; + free(plain.ptr); + return success; +} + +/** + * Implementation of simaka_message_t.parse + */ +static bool parse(private_simaka_message_t *this) +{ + chunk_t in; + + if (this->attributes->get_count(this->attributes)) + { /* Already parsed. Try to decrypt and parse AT_ENCR_DATA. */ + return decrypt(this); + } + + in = chunk_create((char*)this->hdr, ntohs(this->hdr->length)); + if (!parse_attributes(this, chunk_skip(in, sizeof(hdr_t)))) + { + return FALSE; + } + /* try to decrypt if we already have keys */ + return decrypt(this); +} + +/** + * Implementation of simaka_message_t.verify + */ +static bool verify(private_simaka_message_t *this, chunk_t sigdata) +{ + chunk_t data, backup; + signer_t *signer; + + signer = this->crypto->get_signer(this->crypto); + + switch (this->hdr->subtype) + { + case SIM_START: + case SIM_CLIENT_ERROR: + /* AKA_CLIENT_ERROR: */ + case AKA_AUTHENTICATION_REJECT: + case AKA_SYNCHRONIZATION_FAILURE: + case AKA_IDENTITY: + /* skip MAC if available */ + return TRUE; + case SIM_CHALLENGE: + case AKA_CHALLENGE: + case SIM_REAUTHENTICATION: + /* AKA_REAUTHENTICATION: */ + { + if (!this->mac.ptr || !signer) + { /* require MAC, but not found */ + DBG1(DBG_IKE, "%N message requires a MAC, but none found", + simaka_subtype_names, this->hdr->subtype); + return FALSE; + } + break; + } + case SIM_NOTIFICATION: + /* AKA_NOTIFICATION: */ + { + if (this->p_bit) + { /* MAC not verified if in Phase 1 */ + return TRUE; + } + if (!this->mac.ptr || !signer) + { + DBG1(DBG_IKE, "%N message has a phase 0 notify, but " + "no MAC found", simaka_subtype_names, this->hdr->subtype); + return FALSE; + } + break; + } + default: + /* unknown message? */ + DBG1(DBG_IKE, "signature rule for %N messages missing", + simaka_subtype_names, this->hdr->subtype); + return FALSE; + } + + /* zero MAC for verification */ + backup = chunk_clonea(this->mac); + memset(this->mac.ptr, 0, this->mac.len); + + data = chunk_create((char*)this->hdr, ntohs(this->hdr->length)); + if (sigdata.len) + { + data = chunk_cata("cc", data, sigdata); + } + if (!signer->verify_signature(signer, data, backup)) + { + DBG1(DBG_IKE, "%N MAC verification failed", + eap_type_names, this->hdr->type); + return FALSE; + } + return TRUE; +} + +/** + * Implementation of simaka_message_t.generate + */ +static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata) +{ + /* buffers large enough for messages we generate */ + char out_buf[1024], encr_buf[512]; + enumerator_t *enumerator; + chunk_t out, encr, data, *target, mac = chunk_empty; + simaka_attribute_t type; + attr_hdr_t *hdr; + u_int16_t len; + signer_t *signer; + + out = chunk_create(out_buf, sizeof(out_buf)); + encr = chunk_create(encr_buf, sizeof(encr_buf)); + + /* copy header */ + memcpy(out.ptr, this->hdr, sizeof(hdr_t)); + out = chunk_skip(out, sizeof(hdr_t)); + + /* encode attributes */ + enumerator = create_attribute_enumerator(this); + while (enumerator->enumerate(enumerator, &type, &data)) + { + /* encrypt this attribute? */ + switch (type) + { + case AT_NONCE_S: + case AT_NEXT_PSEUDONYM: + case AT_NEXT_REAUTH_ID: + case AT_COUNTER: + case AT_COUNTER_TOO_SMALL: + target = &encr; + break; + case AT_NOTIFICATION: + /* P bit not set, encrypt */ + if (!(data.ptr[0] & 0x40)) + { + target = &encr; + break; + } + /* FALL */ + default: + target = &out; + break; + } + + hdr = (attr_hdr_t*)target->ptr; + hdr->type = type; + + /* encode type specific */ + switch (type) + { + /* attributes without data */ + case AT_COUNTER_TOO_SMALL: + case AT_ANY_ID_REQ: + case AT_PERMANENT_ID_REQ: + case AT_FULLAUTH_ID_REQ: + { + hdr->length = 1; + memset(target->ptr + 2, 0, 2); + *target = chunk_skip(*target, 4); + break; + } + /* attributes with two bytes data */ + case AT_COUNTER: + case AT_CLIENT_ERROR_CODE: + case AT_SELECTED_VERSION: + case AT_NOTIFICATION: + { + hdr->length = 1; + memcpy(target->ptr + 2, data.ptr, 2); + *target = chunk_skip(*target, 4); + break; + } + /* attributes with an additional actual-length in bits or bytes */ + case AT_NEXT_PSEUDONYM: + case AT_NEXT_REAUTH_ID: + case AT_IDENTITY: + case AT_VERSION_LIST: + case AT_RES: + { + u_int16_t len, padding; + + len = htons(data.len); + if (type == AT_RES) + { /* AT_RES uses length encoding in bits */ + len *= 8; + } + memcpy(target->ptr + 2, &len, sizeof(len)); + memcpy(target->ptr + 4, data.ptr, data.len); + hdr->length = data.len / 4 + 1; + padding = (4 - (data.len % 4)) % 4; + if (padding) + { + hdr->length++; + memset(target->ptr + 4 + data.len, 0, padding); + } + *target = chunk_skip(*target, hdr->length * 4); + break; + } + /* attributes with two reserved bytes, 16 bytes length */ + case AT_NONCE_S: + case AT_NONCE_MT: + case AT_AUTN: + { + hdr->length = 5; + memset(target->ptr + 2, 0, 2); + memcpy(target->ptr + 4, data.ptr, data.len); + *target = chunk_skip(*target, 20); + break; + } + /* attributes with two reserved bytes, variable length */ + case AT_RAND: + { + hdr->length = 1 + data.len / 4; + memset(target->ptr + 2, 0, 2); + memcpy(target->ptr + 4, data.ptr, data.len); + *target = chunk_skip(*target, data.len + 4); + break; + } + /* attributes with no reserved bytes, 14 bytes length */ + case AT_AUTS: + { + hdr->length = 4; + memcpy(target->ptr + 2, data.ptr, data.len); + *target = chunk_skip(*target, 16); + break; + } + default: + { + DBG1(DBG_IKE, "no rule to encode %N, skipped", + simaka_attribute_names, type); + break; + } + } + } + enumerator->destroy(enumerator); + + /* encrypt attributes, if any */ + if (encr.len < sizeof(encr_buf)) + { + chunk_t iv; + size_t bs, padding; + crypter_t *crypter; + rng_t *rng; + + crypter = this->crypto->get_crypter(this->crypto); + bs = crypter->get_block_size(crypter); + + /* add AT_PADDING attribute */ + padding = bs - ((sizeof(encr_buf) - encr.len) % bs); + if (padding) + { + hdr = (attr_hdr_t*)encr.ptr; + hdr->type = AT_PADDING; + hdr->length = padding / 4; + memset(encr.ptr + 2, 0, padding - 2); + encr = chunk_skip(encr, padding); + } + encr = chunk_create(encr_buf, sizeof(encr_buf) - encr.len); + + /* add IV attribute */ + hdr = (attr_hdr_t*)out.ptr; + hdr->type = AT_IV; + hdr->length = bs / 4 + 1; + memset(out.ptr + 2, 0, 2); + out = chunk_skip(out, 4); + + rng = this->crypto->get_rng(this->crypto); + rng->get_bytes(rng, bs, out.ptr); + + iv = chunk_clonea(chunk_create(out.ptr, bs)); + out = chunk_skip(out, bs); + + /* inline encryption */ + crypter->encrypt(crypter, encr, iv, NULL); + + /* add ENCR_DATA attribute */ + hdr = (attr_hdr_t*)out.ptr; + hdr->type = AT_ENCR_DATA; + hdr->length = encr.len / 4 + 1; + memset(out.ptr + 2, 0, 2); + memcpy(out.ptr + 4, encr.ptr, encr.len); + out = chunk_skip(out, encr.len + 4); + } + + /* include MAC ? */ + signer = this->crypto->get_signer(this->crypto); + switch (this->hdr->subtype) + { + case SIM_CHALLENGE: + case AKA_CHALLENGE: + case SIM_REAUTHENTICATION: + /* AKA_REAUTHENTICATION: */ + /* TODO: Notifications without P bit */ + { + size_t bs; + + bs = signer->get_block_size(signer); + hdr = (attr_hdr_t*)out.ptr; + hdr->type = AT_MAC; + hdr->length = bs / 4 + 1; + memset(out.ptr + 2, 0, 2 + bs); + mac = chunk_create(out.ptr + 4, bs); + out = chunk_skip(out, bs + 4); + break; + } + default: + break; + } + + /* calculate message length */ + out = chunk_create(out_buf, sizeof(out_buf) - out.len); + len = htons(out.len); + memcpy(out.ptr + 2, &len, sizeof(len)); + + /* generate MAC */ + if (mac.len) + { + data = chunk_cata("cc", out, sigdata); + signer->get_signature(signer, data, mac.ptr); + } + return eap_payload_create_data(out); +} + +/** + * Implementation of simaka_message_t.destroy. + */ +static void destroy(private_simaka_message_t *this) +{ + this->attributes->destroy_function(this->attributes, free); + free(this->hdr); + free(this); +} + +/** + * Generic constructor. + */ +static simaka_message_t *simaka_message_create_data(chunk_t data, + simaka_crypto_t *crypto) +{ + private_simaka_message_t *this; + hdr_t *hdr = (hdr_t*)data.ptr; + + if (data.len < sizeof(hdr_t) || hdr->length != htons(data.len)) + { + DBG1(DBG_IKE, "EAP-SIM/AKA header has invalid length"); + return NULL; + } + if (hdr->code != EAP_REQUEST && hdr->code != EAP_RESPONSE) + { + DBG1(DBG_IKE, "invalid EAP code in EAP-SIM/AKA message", + eap_type_names, hdr->type); + return NULL; + } + if (hdr->type != EAP_SIM && hdr->type != EAP_AKA) + { + DBG1(DBG_IKE, "invalid EAP type in EAP-SIM/AKA message", + eap_type_names, hdr->type); + return NULL; + } + + this = malloc_thing(private_simaka_message_t); + + this->public.is_request = (bool(*)(simaka_message_t*))is_request; + this->public.get_identifier = (u_int8_t(*)(simaka_message_t*))get_identifier; + this->public.get_type = (eap_type_t(*)(simaka_message_t*))get_type; + this->public.get_subtype = (simaka_subtype_t(*)(simaka_message_t*))get_subtype; + this->public.create_attribute_enumerator = (enumerator_t*(*)(simaka_message_t*))create_attribute_enumerator; + this->public.add_attribute = (void(*)(simaka_message_t*, simaka_attribute_t type, chunk_t data))add_attribute; + this->public.parse = (bool(*)(simaka_message_t*))parse; + this->public.verify = (bool(*)(simaka_message_t*, chunk_t sigdata))verify; + this->public.generate = (eap_payload_t*(*)(simaka_message_t*, chunk_t sigdata))generate; + this->public.destroy = (void(*)(simaka_message_t*))destroy; + + this->attributes = linked_list_create(); + this->encrypted = FALSE; + this->crypto = crypto; + this->p_bit = TRUE; + this->mac = chunk_empty; + this->encr = chunk_empty; + this->iv = chunk_empty; + this->hdr = malloc(data.len); + memcpy(this->hdr, hdr, data.len); + + return &this->public; +} + +/** + * See header. + */ +simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload, + simaka_crypto_t *crypto) +{ + return simaka_message_create_data(payload->get_data(payload), crypto); +} + +/** + * See header. + */ +simaka_message_t *simaka_message_create(bool request, u_int8_t identifier, + eap_type_t type, simaka_subtype_t subtype, + simaka_crypto_t *crypto) +{ + hdr_t hdr = { + .code = request ? EAP_REQUEST : EAP_RESPONSE, + .identifier = identifier, + .length = htons(sizeof(hdr_t)), + .type = type, + .subtype = subtype, + }; + return simaka_message_create_data(chunk_create((char*)&hdr, sizeof(hdr)), + crypto); +} + diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h new file mode 100644 index 000000000..ee9b3ebec --- /dev/null +++ b/src/libsimaka/simaka_message.h @@ -0,0 +1,273 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup libsimaka libsimaka + * + * @addtogroup libsimaka + * Library providing functions shared between EAP-SIM and EAP-AKA plugins. + * + * @defgroup simaka_message simaka_message + * @{ @ingroup libsimaka + */ + +#ifndef SIMAKA_MESSAGE_H_ +#define SIMAKA_MESSAGE_H_ + +#include +#include + +#include "simaka_crypto.h" + +typedef struct simaka_message_t simaka_message_t; +typedef enum simaka_attribute_t simaka_attribute_t; +typedef enum simaka_subtype_t simaka_subtype_t; +typedef enum simaka_notification_t simaka_notification_t; +typedef enum simaka_client_error_t simaka_client_error_t; + +/** + * Subtypes of EAP-SIM/AKA messages + */ +enum simaka_subtype_t { + AKA_CHALLENGE = 1, + AKA_AUTHENTICATION_REJECT = 2, + AKA_SYNCHRONIZATION_FAILURE = 4, + AKA_IDENTITY = 5, + SIM_START = 10, + SIM_CHALLENGE = 11, + SIM_NOTIFICATION = 12, + AKA_NOTIFICATION = 12, + SIM_REAUTHENTICATION = 13, + AKA_REAUTHENTICATION = 13, + SIM_CLIENT_ERROR = 14, + AKA_CLIENT_ERROR = 14, +}; + +/** + * Enum names for simaka_subtype_t + */ +extern enum_name_t *simaka_subtype_names; + +/** + * Attributes in EAP-SIM/AKA messages + */ +enum simaka_attribute_t { + AT_RAND = 1, + AT_AUTN = 2, + AT_RES = 3, + AT_AUTS = 4, + AT_PADDING = 6, + AT_NONCE_MT = 7, + AT_PERMANENT_ID_REQ = 10, + AT_MAC = 11, + AT_NOTIFICATION = 12, + AT_ANY_ID_REQ = 13, + AT_IDENTITY = 14, + AT_VERSION_LIST = 15, + AT_SELECTED_VERSION = 16, + AT_FULLAUTH_ID_REQ = 17, + AT_COUNTER = 19, + AT_COUNTER_TOO_SMALL = 20, + AT_NONCE_S = 21, + AT_CLIENT_ERROR_CODE = 22, + AT_IV = 129, + AT_ENCR_DATA = 130, + AT_NEXT_PSEUDONYM = 132, + AT_NEXT_REAUTH_ID = 133, + AT_CHECKCODE = 134, + AT_RESULT_IND = 135, +}; + +/** + * Enum names for simaka_attribute_t + */ +extern enum_name_t *simaka_attribute_names; + +/** + * Notification codes used within AT_NOTIFICATION attribute. + */ +enum simaka_notification_t { + /** SIM General failure after authentication. (Implies failure) */ + SIM_GENERAL_FAILURE_AA = 0, + /** AKA General failure after authentication. (Implies failure) */ + AKA_GENERAL_FAILURE_AA = 0, + /** SIM General failure. (Implies failure, used before authentication) */ + SIM_GENERAL_FAILURE = 16384, + /** AKA General failure. (Implies failure, used before authentication) */ + AKA_GENERAL_FAILURE = 16384, + /** SIM User has been temporarily denied access to the requested service. */ + SIM_TEMP_DENIED = 1026, + /** AKA User has been temporarily denied access to the requested service. */ + AKA_TEMP_DENIED = 1026, + /** SIM User has not subscribed to the requested service. */ + SIM_NOT_SUBSCRIBED = 1031, + /** AKA User has not subscribed to the requested service. */ + AKA_NOT_SUBSCRIBED = 1031, + /** SIM Success. User has been successfully authenticated. */ + SIM_SUCCESS = 32768, + /** AKA Success. User has been successfully authenticated. */ + AKA_SUCCESS = 32768, +}; + +/** + * Enum names for simaka_notification_t + */ +extern enum_name_t *simaka_notification_names; + +/** + * Error codes sent in AT_CLIENT_ERROR_CODE attribute + */ +enum simaka_client_error_t { + /** AKA unable to process packet */ + AKA_UNABLE_TO_PROCESS = 0, + /** SIM unable to process packet */ + SIM_UNABLE_TO_PROCESS = 0, + /** SIM unsupported version */ + SIM_UNSUPPORTED_VERSION = 1, + /** SIM insufficient number of challenges */ + SIM_INSUFFICIENT_CHALLENGES = 2, + /** SIM RANDs are not fresh */ + SIM_RANDS_NOT_FRESH = 3, +}; + +/** + * Enum names for simaka_client_error_t + */ +extern enum_name_t *simaka_client_error_names; + +/** + * Check if an EAP-SIM/AKA attribute is "skippable". + * + * @param attribute attribute to check + * @return TRUE if attribute skippable, FALSE if non-skippable + */ +bool simaka_attribute_skippable(simaka_attribute_t attribute); + +/** + * EAP-SIM and EAP-AKA message abstraction. + * + * Messages for EAP-SIM and EAP-AKA share a common format, this class + * abstracts such a message and provides encoding/encryption/signing + * functionality. + */ +struct simaka_message_t { + + /** + * Check if the given message is a request or response. + * + * @return TRUE if request, FALSE if response + */ + bool (*is_request)(simaka_message_t *this); + + /** + * Get the EAP message identifier. + * + * @return EAP message identifier + */ + u_int8_t (*get_identifier)(simaka_message_t *this); + + /** + * Get the EAP type of the message. + * + * @return EAP type: EAP-SIM or EAP-AKA + */ + eap_type_t (*get_type)(simaka_message_t *this); + + /** + * Get the subtype of an EAP-SIM message. + * + * @return subtype of message + */ + simaka_subtype_t (*get_subtype)(simaka_message_t *this); + + /** + * Create an enumerator over message attributes. + * + * @return enumerator over (simaka_attribute_t, chunk_t) + */ + enumerator_t* (*create_attribute_enumerator)(simaka_message_t *this); + + /** + * Append an attribute to the EAP-SIM message. + * + * Make sure to pass only data of correct length for the given attribute. + * + * @param type type of attribute to add to message + * @param data unpadded attribute data to add + */ + void (*add_attribute)(simaka_message_t *this, simaka_attribute_t type, + chunk_t data); + + /** + * Parse a message, with optional attribute decryption. + * + * This method does not verify message integrity, as the key is available + * only after the payload has been parsed. It might be necessary to call + * parse twice, as key derivation data in EAP-SIM/AKA is in the same + * packet as encrypted data. + * + * @param crypto EAP-SIM/AKA crypto helper + * @return TRUE if message parsed successfully + */ + bool (*parse)(simaka_message_t *this); + + /** + * Verify the message integrity of a parsed message. + * + * @param crypto EAP-SIM/AKA crypto helper + * @param sigdata additional data to include in signature, if any + * @return TRUE if message integrity check successful + */ + bool (*verify)(simaka_message_t *this, chunk_t sigdata); + + /** + * Generate a message, optionally encrypt attributes and create a MAC. + * + * @param sigdata additional data to include in signature, if any + * @return generated eap payload, NULL if failed + */ + eap_payload_t* (*generate)(simaka_message_t *this, chunk_t sigdata); + + /** + * Destroy a simaka_message_t. + */ + void (*destroy)(simaka_message_t *this); +}; + +/** + * Create an empty simaka_message. + * + * @param request TRUE for a request message, FALSE for a response + * @param identifier EAP message identifier + * @param type EAP type: EAP-SIM or EAP-AKA + * @param subtype subtype of the EAP message + * @param crypto EAP-SIM/AKA crypto helper + * @return empty message of requested kind, NULL on error + */ +simaka_message_t *simaka_message_create(bool request, u_int8_t identifier, + eap_type_t type, simaka_subtype_t subtype, + simaka_crypto_t *crypto); + +/** + * Create an simaka_message from a chunk of data. + * + * @param payload payload to create message from + * @param crypto EAP-SIM/AKA crypto helper + * @return EAP message, NULL on error + */ +simaka_message_t *simaka_message_create_from_payload(eap_payload_t *payload, + simaka_crypto_t *crypto); + +#endif /** SIMAKA_MESSAGE_H_ @}*/ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index ee6996558..7ee15052c 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -10,7 +10,9 @@ printf_hook.c printf_hook.h \ asn1/asn1.c asn1/asn1.h \ asn1/asn1_parser.c asn1/asn1_parser.h \ asn1/oid.c asn1/oid.h \ -asn1/pem.c asn1/pem.h \ +attributes/attributes.c attributes/attributes.h \ +attributes/attribute_provider.h attributes/attribute_handler.h \ +attributes/attribute_manager.c attributes/attribute_manager.h \ crypto/crypters/crypter.c crypto/crypters/crypter.h \ crypto/hashers/hasher.h crypto/hashers/hasher.c \ crypto/pkcs9.c crypto/pkcs9.h \ @@ -25,6 +27,7 @@ crypto/diffie_hellman.c crypto/diffie_hellman.h \ crypto/transform.c crypto/transform.h \ credentials/credential_factory.c credentials/credential_factory.h \ credentials/builder.c credentials/builder.h \ +credentials/keys/key_encoding.c credentials/keys/key_encoding.h \ credentials/keys/private_key.c credentials/keys/private_key.h \ credentials/keys/public_key.c credentials/keys/public_key.h \ credentials/keys/shared_key.c credentials/keys/shared_key.h \ @@ -32,11 +35,19 @@ credentials/certificates/certificate.c credentials/certificates/certificate.h \ credentials/certificates/x509.h credentials/certificates/x509.c \ credentials/certificates/ac.h \ credentials/certificates/crl.h credentials/certificates/crl.c \ +credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ credentials/certificates/ocsp_response.h credentials/certificates/ocsp_response.c \ +credentials/certificates/pgp_certificate.h \ +credentials/ietf_attributes/ietf_attributes.c credentials/ietf_attributes/ietf_attributes.h \ database/database.h database/database_factory.h database/database_factory.c \ fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ -pgp/pgp.c pgp/pgp.h \ +selectors/traffic_selector.c selectors/traffic_selector.h \ +threading/thread.h threading/thread.c \ +threading/thread_value.h threading/thread_value.c \ +threading/mutex.h threading/mutex.c threading/condvar.h \ +threading/rwlock.h threading/rwlock.c \ +threading/lock_profiler.h \ utils.h utils.c \ utils/host.c utils/host.h \ utils/identification.c utils/identification.h \ @@ -46,16 +57,16 @@ utils/linked_list.c utils/linked_list.h \ utils/hashtable.c utils/hashtable.h \ utils/enumerator.c utils/enumerator.h \ utils/optionsfrom.c utils/optionsfrom.h \ -utils/mutex.c utils/mutex.h \ utils/backtrace.c utils/backtrace.h \ plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h -libstrongswan_la_LIBADD = -lpthread $(DLLIB) $(BTLIB) $(SOCKLIB) +libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ -DIPSEC_DIR=\"${ipsecdir}\" \ --DIPSEC_PLUGINDIR=\"${plugindir}\" +-DPLUGINDIR=\"${plugindir}\" \ +-DSTRONGSWAN_CONF=\"${strongswan_conf}\" if USE_LEAK_DETECTIVE AM_CFLAGS += -DLEAK_DETECTIVE @@ -162,6 +173,22 @@ if USE_PUBKEY SUBDIRS += plugins/pubkey endif +if USE_PKCS1 + SUBDIRS += plugins/pkcs1 +endif + +if USE_PGP + SUBDIRS += plugins/pgp +endif + +if USE_DNSKEY + SUBDIRS += plugins/dnskey +endif + +if USE_PEM + SUBDIRS += plugins/pem +endif + if USE_CURL SUBDIRS += plugins/curl endif @@ -178,6 +205,10 @@ if USE_SQLITE SUBDIRS += plugins/sqlite endif +if USE_ATTR_SQL + SUBDIRS += plugins/attr_sql +endif + if USE_PADLOCK SUBDIRS += plugins/padlock endif diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index ae751c098..729d32eb3 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -56,44 +58,74 @@ host_triplet = @host@ @USE_XCBC_TRUE@am__append_18 = plugins/xcbc @USE_X509_TRUE@am__append_19 = plugins/x509 @USE_PUBKEY_TRUE@am__append_20 = plugins/pubkey -@USE_CURL_TRUE@am__append_21 = plugins/curl -@USE_LDAP_TRUE@am__append_22 = plugins/ldap -@USE_MYSQL_TRUE@am__append_23 = plugins/mysql -@USE_SQLITE_TRUE@am__append_24 = plugins/sqlite -@USE_PADLOCK_TRUE@am__append_25 = plugins/padlock -@USE_OPENSSL_TRUE@am__append_26 = plugins/openssl -@USE_GCRYPT_TRUE@am__append_27 = plugins/gcrypt -@USE_AGENT_TRUE@am__append_28 = plugins/agent -@USE_TEST_VECTORS_TRUE@am__append_29 = plugins/test_vectors +@USE_PKCS1_TRUE@am__append_21 = plugins/pkcs1 +@USE_PGP_TRUE@am__append_22 = plugins/pgp +@USE_DNSKEY_TRUE@am__append_23 = plugins/dnskey +@USE_PEM_TRUE@am__append_24 = plugins/pem +@USE_CURL_TRUE@am__append_25 = plugins/curl +@USE_LDAP_TRUE@am__append_26 = plugins/ldap +@USE_MYSQL_TRUE@am__append_27 = plugins/mysql +@USE_SQLITE_TRUE@am__append_28 = plugins/sqlite +@USE_ATTR_SQL_TRUE@am__append_29 = plugins/attr_sql +@USE_PADLOCK_TRUE@am__append_30 = plugins/padlock +@USE_OPENSSL_TRUE@am__append_31 = plugins/openssl +@USE_GCRYPT_TRUE@am__append_32 = plugins/gcrypt +@USE_AGENT_TRUE@am__append_33 = plugins/agent +@USE_TEST_VECTORS_TRUE@am__append_34 = plugins/test_vectors subdir = src/libstrongswan DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" -libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \ printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \ asn1/asn1_parser.c asn1/asn1_parser.h asn1/oid.c asn1/oid.h \ - asn1/pem.c asn1/pem.h crypto/crypters/crypter.c \ - crypto/crypters/crypter.h crypto/hashers/hasher.h \ - crypto/hashers/hasher.c crypto/pkcs9.c crypto/pkcs9.h \ - crypto/proposal/proposal_keywords.c \ + attributes/attributes.c attributes/attributes.h \ + attributes/attribute_provider.h attributes/attribute_handler.h \ + attributes/attribute_manager.c attributes/attribute_manager.h \ + crypto/crypters/crypter.c crypto/crypters/crypter.h \ + crypto/hashers/hasher.h crypto/hashers/hasher.c crypto/pkcs9.c \ + crypto/pkcs9.h crypto/proposal/proposal_keywords.c \ crypto/proposal/proposal_keywords.h crypto/prfs/prf.c \ crypto/prfs/prf.h crypto/rngs/rng.c crypto/rngs/rng.h \ crypto/prf_plus.h crypto/prf_plus.c crypto/signers/signer.c \ @@ -103,7 +135,8 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ crypto/diffie_hellman.h crypto/transform.c crypto/transform.h \ credentials/credential_factory.c \ credentials/credential_factory.h credentials/builder.c \ - credentials/builder.h credentials/keys/private_key.c \ + credentials/builder.h credentials/keys/key_encoding.c \ + credentials/keys/key_encoding.h credentials/keys/private_key.c \ credentials/keys/private_key.h credentials/keys/public_key.c \ credentials/keys/public_key.h credentials/keys/shared_key.c \ credentials/keys/shared_key.h \ @@ -112,18 +145,26 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ credentials/certificates/x509.h \ credentials/certificates/x509.c credentials/certificates/ac.h \ credentials/certificates/crl.h credentials/certificates/crl.c \ + credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ credentials/certificates/ocsp_response.h \ - credentials/certificates/ocsp_response.c database/database.h \ - database/database_factory.h database/database_factory.c \ - fetcher/fetcher.h fetcher/fetcher_manager.h \ - fetcher/fetcher_manager.c pgp/pgp.c pgp/pgp.h utils.h utils.c \ - utils/host.c utils/host.h utils/identification.c \ - utils/identification.h utils/iterator.h utils/lexparser.c \ - utils/lexparser.h utils/linked_list.c utils/linked_list.h \ - utils/hashtable.c utils/hashtable.h utils/enumerator.c \ - utils/enumerator.h utils/optionsfrom.c utils/optionsfrom.h \ - utils/mutex.c utils/mutex.h utils/backtrace.c \ + credentials/certificates/ocsp_response.c \ + credentials/certificates/pgp_certificate.h \ + credentials/ietf_attributes/ietf_attributes.c \ + credentials/ietf_attributes/ietf_attributes.h \ + database/database.h database/database_factory.h \ + database/database_factory.c fetcher/fetcher.h \ + fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ + selectors/traffic_selector.c selectors/traffic_selector.h \ + threading/thread.h threading/thread.c threading/thread_value.h \ + threading/thread_value.c threading/mutex.h threading/mutex.c \ + threading/condvar.h threading/rwlock.h threading/rwlock.c \ + threading/lock_profiler.h utils.h utils.c utils/host.c \ + utils/host.h utils/identification.c utils/identification.h \ + utils/iterator.h utils/lexparser.c utils/lexparser.h \ + utils/linked_list.c utils/linked_list.h utils/hashtable.c \ + utils/hashtable.h utils/enumerator.c utils/enumerator.h \ + utils/optionsfrom.c utils/optionsfrom.h utils/backtrace.c \ utils/backtrace.h plugins/plugin_loader.c \ plugins/plugin_loader.h plugins/plugin.h \ utils/leak_detective.c utils/leak_detective.h \ @@ -132,19 +173,22 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ @USE_INTEGRITY_TEST_TRUE@am__objects_2 = integrity_checker.lo am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \ settings.lo printf_hook.lo asn1.lo asn1_parser.lo oid.lo \ - pem.lo crypter.lo hasher.lo pkcs9.lo proposal_keywords.lo \ - prf.lo rng.lo prf_plus.lo signer.lo crypto_factory.lo \ - crypto_tester.lo diffie_hellman.lo transform.lo \ - credential_factory.lo builder.lo private_key.lo public_key.lo \ - shared_key.lo certificate.lo x509.lo crl.lo ocsp_response.lo \ - database_factory.lo fetcher_manager.lo pgp.lo utils.lo host.lo \ + attributes.lo attribute_manager.lo crypter.lo hasher.lo \ + pkcs9.lo proposal_keywords.lo prf.lo rng.lo prf_plus.lo \ + signer.lo crypto_factory.lo crypto_tester.lo diffie_hellman.lo \ + transform.lo credential_factory.lo builder.lo key_encoding.lo \ + private_key.lo public_key.lo shared_key.lo certificate.lo \ + x509.lo crl.lo ocsp_response.lo ietf_attributes.lo \ + database_factory.lo fetcher_manager.lo traffic_selector.lo \ + thread.lo thread_value.lo mutex.lo rwlock.lo utils.lo host.lo \ identification.lo lexparser.lo linked_list.lo hashtable.lo \ - enumerator.lo optionsfrom.lo mutex.lo backtrace.lo \ - plugin_loader.lo $(am__objects_1) $(am__objects_2) + enumerator.lo optionsfrom.lo backtrace.lo plugin_loader.lo \ + $(am__objects_1) $(am__objects_2) libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -165,15 +209,45 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . plugins/aes plugins/des plugins/blowfish plugins/md4 \ plugins/md5 plugins/sha1 plugins/sha2 plugins/fips_prf \ plugins/gmp plugins/random plugins/hmac plugins/xcbc \ - plugins/x509 plugins/pubkey plugins/curl plugins/ldap \ - plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \ - plugins/gcrypt plugins/agent plugins/test_vectors + plugins/x509 plugins/pubkey plugins/pkcs1 plugins/pgp \ + plugins/dnskey plugins/pem plugins/curl plugins/ldap \ + plugins/mysql plugins/sqlite plugins/attr_sql plugins/padlock \ + plugins/openssl plugins/gcrypt plugins/agent \ + plugins/test_vectors DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ @@ -207,25 +281,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -237,11 +308,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -270,9 +344,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -295,7 +369,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -303,6 +377,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -311,10 +386,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -322,13 +399,17 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ lib_LTLIBRARIES = libstrongswan.la libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ debug.h enum.c enum.h settings.h settings.c printf_hook.c \ printf_hook.h asn1/asn1.c asn1/asn1.h asn1/asn1_parser.c \ - asn1/asn1_parser.h asn1/oid.c asn1/oid.h asn1/pem.c asn1/pem.h \ + asn1/asn1_parser.h asn1/oid.c asn1/oid.h \ + attributes/attributes.c attributes/attributes.h \ + attributes/attribute_provider.h attributes/attribute_handler.h \ + attributes/attribute_manager.c attributes/attribute_manager.h \ crypto/crypters/crypter.c crypto/crypters/crypter.h \ crypto/hashers/hasher.h crypto/hashers/hasher.c crypto/pkcs9.c \ crypto/pkcs9.h crypto/proposal/proposal_keywords.c \ @@ -341,7 +422,8 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ crypto/diffie_hellman.h crypto/transform.c crypto/transform.h \ credentials/credential_factory.c \ credentials/credential_factory.h credentials/builder.c \ - credentials/builder.h credentials/keys/private_key.c \ + credentials/builder.h credentials/keys/key_encoding.c \ + credentials/keys/key_encoding.h credentials/keys/private_key.c \ credentials/keys/private_key.h credentials/keys/public_key.c \ credentials/keys/public_key.h credentials/keys/shared_key.c \ credentials/keys/shared_key.h \ @@ -350,26 +432,34 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ credentials/certificates/x509.h \ credentials/certificates/x509.c credentials/certificates/ac.h \ credentials/certificates/crl.h credentials/certificates/crl.c \ + credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ credentials/certificates/ocsp_response.h \ - credentials/certificates/ocsp_response.c database/database.h \ - database/database_factory.h database/database_factory.c \ - fetcher/fetcher.h fetcher/fetcher_manager.h \ - fetcher/fetcher_manager.c pgp/pgp.c pgp/pgp.h utils.h utils.c \ - utils/host.c utils/host.h utils/identification.c \ - utils/identification.h utils/iterator.h utils/lexparser.c \ - utils/lexparser.h utils/linked_list.c utils/linked_list.h \ - utils/hashtable.c utils/hashtable.h utils/enumerator.c \ - utils/enumerator.h utils/optionsfrom.c utils/optionsfrom.h \ - utils/mutex.c utils/mutex.h utils/backtrace.c \ + credentials/certificates/ocsp_response.c \ + credentials/certificates/pgp_certificate.h \ + credentials/ietf_attributes/ietf_attributes.c \ + credentials/ietf_attributes/ietf_attributes.h \ + database/database.h database/database_factory.h \ + database/database_factory.c fetcher/fetcher.h \ + fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ + selectors/traffic_selector.c selectors/traffic_selector.h \ + threading/thread.h threading/thread.c threading/thread_value.h \ + threading/thread_value.c threading/mutex.h threading/mutex.c \ + threading/condvar.h threading/rwlock.h threading/rwlock.c \ + threading/lock_profiler.h utils.h utils.c utils/host.c \ + utils/host.h utils/identification.c utils/identification.h \ + utils/iterator.h utils/lexparser.c utils/lexparser.h \ + utils/linked_list.c utils/linked_list.h utils/hashtable.c \ + utils/hashtable.h utils/enumerator.c utils/enumerator.h \ + utils/optionsfrom.c utils/optionsfrom.h utils/backtrace.c \ utils/backtrace.h plugins/plugin_loader.c \ plugins/plugin_loader.h plugins/plugin.h $(am__append_2) \ $(am__append_5) -libstrongswan_la_LIBADD = -lpthread $(DLLIB) $(BTLIB) $(SOCKLIB) \ - $(am__append_6) +libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \ + $(RTLIB) $(am__append_6) INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\" $(am__append_1) \ +AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DPLUGINDIR=\"${plugindir}\" \ + -DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_1) \ $(am__append_3) $(am__append_4) EXTRA_DIST = \ asn1/oid.txt asn1/oid.pl \ @@ -393,7 +483,9 @@ SUBDIRS = . $(am__append_7) $(am__append_8) $(am__append_9) \ $(am__append_19) $(am__append_20) $(am__append_21) \ $(am__append_22) $(am__append_23) $(am__append_24) \ $(am__append_25) $(am__append_26) $(am__append_27) \ - $(am__append_28) $(am__append_29) + $(am__append_28) $(am__append_29) $(am__append_30) \ + $(am__append_31) $(am__append_32) $(am__append_33) \ + $(am__append_34) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -408,9 +500,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -428,23 +520,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: @@ -466,6 +563,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_parser.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attribute_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attributes.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backtrace.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/builder.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certificate.Plo@am__quote@ @@ -485,7 +584,9 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hashtable.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/host.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/identification.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ietf_attributes.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/integrity_checker.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key_encoding.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/leak_detective.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lexparser.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/library.Plo@am__quote@ @@ -494,8 +595,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_response.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/oid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/optionsfrom.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs9.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugin_loader.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prf.Plo@am__quote@ @@ -505,306 +604,352 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal_keywords.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/public_key.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rwlock.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/settings.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shared_key.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signer.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/thread.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/thread_value.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< asn1.lo: asn1/asn1.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1.lo -MD -MP -MF $(DEPDIR)/asn1.Tpo -c -o asn1.lo `test -f 'asn1/asn1.c' || echo '$(srcdir)/'`asn1/asn1.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/asn1.Tpo $(DEPDIR)/asn1.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1.lo -MD -MP -MF $(DEPDIR)/asn1.Tpo -c -o asn1.lo `test -f 'asn1/asn1.c' || echo '$(srcdir)/'`asn1/asn1.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/asn1.Tpo $(DEPDIR)/asn1.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1/asn1.c' object='asn1.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1.lo `test -f 'asn1/asn1.c' || echo '$(srcdir)/'`asn1/asn1.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1.lo `test -f 'asn1/asn1.c' || echo '$(srcdir)/'`asn1/asn1.c asn1_parser.lo: asn1/asn1_parser.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1_parser.lo -MD -MP -MF $(DEPDIR)/asn1_parser.Tpo -c -o asn1_parser.lo `test -f 'asn1/asn1_parser.c' || echo '$(srcdir)/'`asn1/asn1_parser.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/asn1_parser.Tpo $(DEPDIR)/asn1_parser.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1_parser.lo -MD -MP -MF $(DEPDIR)/asn1_parser.Tpo -c -o asn1_parser.lo `test -f 'asn1/asn1_parser.c' || echo '$(srcdir)/'`asn1/asn1_parser.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/asn1_parser.Tpo $(DEPDIR)/asn1_parser.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1/asn1_parser.c' object='asn1_parser.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1_parser.lo `test -f 'asn1/asn1_parser.c' || echo '$(srcdir)/'`asn1/asn1_parser.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1_parser.lo `test -f 'asn1/asn1_parser.c' || echo '$(srcdir)/'`asn1/asn1_parser.c oid.lo: asn1/oid.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT oid.lo -MD -MP -MF $(DEPDIR)/oid.Tpo -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/oid.Tpo $(DEPDIR)/oid.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT oid.lo -MD -MP -MF $(DEPDIR)/oid.Tpo -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/oid.Tpo $(DEPDIR)/oid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1/oid.c' object='oid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c -pem.lo: asn1/pem.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pem.lo -MD -MP -MF $(DEPDIR)/pem.Tpo -c -o pem.lo `test -f 'asn1/pem.c' || echo '$(srcdir)/'`asn1/pem.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/pem.Tpo $(DEPDIR)/pem.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1/pem.c' object='pem.lo' libtool=yes @AMDEPBACKSLASH@ +attributes.lo: attributes/attributes.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attributes.lo -MD -MP -MF $(DEPDIR)/attributes.Tpo -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/attributes.Tpo $(DEPDIR)/attributes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/attributes.c' object='attributes.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pem.lo `test -f 'asn1/pem.c' || echo '$(srcdir)/'`asn1/pem.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c + +attribute_manager.lo: attributes/attribute_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attribute_manager.lo -MD -MP -MF $(DEPDIR)/attribute_manager.Tpo -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/attribute_manager.Tpo $(DEPDIR)/attribute_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/attribute_manager.c' object='attribute_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c crypter.lo: crypto/crypters/crypter.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypter.lo -MD -MP -MF $(DEPDIR)/crypter.Tpo -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/crypter.Tpo $(DEPDIR)/crypter.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypter.lo -MD -MP -MF $(DEPDIR)/crypter.Tpo -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crypter.Tpo $(DEPDIR)/crypter.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/crypters/crypter.c' object='crypter.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c hasher.lo: crypto/hashers/hasher.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hasher.lo -MD -MP -MF $(DEPDIR)/hasher.Tpo -c -o hasher.lo `test -f 'crypto/hashers/hasher.c' || echo '$(srcdir)/'`crypto/hashers/hasher.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/hasher.Tpo $(DEPDIR)/hasher.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hasher.lo -MD -MP -MF $(DEPDIR)/hasher.Tpo -c -o hasher.lo `test -f 'crypto/hashers/hasher.c' || echo '$(srcdir)/'`crypto/hashers/hasher.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/hasher.Tpo $(DEPDIR)/hasher.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/hashers/hasher.c' object='hasher.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hasher.lo `test -f 'crypto/hashers/hasher.c' || echo '$(srcdir)/'`crypto/hashers/hasher.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hasher.lo `test -f 'crypto/hashers/hasher.c' || echo '$(srcdir)/'`crypto/hashers/hasher.c pkcs9.lo: crypto/pkcs9.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs9.lo -MD -MP -MF $(DEPDIR)/pkcs9.Tpo -c -o pkcs9.lo `test -f 'crypto/pkcs9.c' || echo '$(srcdir)/'`crypto/pkcs9.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/pkcs9.Tpo $(DEPDIR)/pkcs9.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs9.lo -MD -MP -MF $(DEPDIR)/pkcs9.Tpo -c -o pkcs9.lo `test -f 'crypto/pkcs9.c' || echo '$(srcdir)/'`crypto/pkcs9.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pkcs9.Tpo $(DEPDIR)/pkcs9.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/pkcs9.c' object='pkcs9.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs9.lo `test -f 'crypto/pkcs9.c' || echo '$(srcdir)/'`crypto/pkcs9.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs9.lo `test -f 'crypto/pkcs9.c' || echo '$(srcdir)/'`crypto/pkcs9.c proposal_keywords.lo: crypto/proposal/proposal_keywords.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_keywords.lo -MD -MP -MF $(DEPDIR)/proposal_keywords.Tpo -c -o proposal_keywords.lo `test -f 'crypto/proposal/proposal_keywords.c' || echo '$(srcdir)/'`crypto/proposal/proposal_keywords.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/proposal_keywords.Tpo $(DEPDIR)/proposal_keywords.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_keywords.lo -MD -MP -MF $(DEPDIR)/proposal_keywords.Tpo -c -o proposal_keywords.lo `test -f 'crypto/proposal/proposal_keywords.c' || echo '$(srcdir)/'`crypto/proposal/proposal_keywords.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal_keywords.Tpo $(DEPDIR)/proposal_keywords.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/proposal/proposal_keywords.c' object='proposal_keywords.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_keywords.lo `test -f 'crypto/proposal/proposal_keywords.c' || echo '$(srcdir)/'`crypto/proposal/proposal_keywords.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_keywords.lo `test -f 'crypto/proposal/proposal_keywords.c' || echo '$(srcdir)/'`crypto/proposal/proposal_keywords.c prf.lo: crypto/prfs/prf.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prf.lo -MD -MP -MF $(DEPDIR)/prf.Tpo -c -o prf.lo `test -f 'crypto/prfs/prf.c' || echo '$(srcdir)/'`crypto/prfs/prf.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/prf.Tpo $(DEPDIR)/prf.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prf.lo -MD -MP -MF $(DEPDIR)/prf.Tpo -c -o prf.lo `test -f 'crypto/prfs/prf.c' || echo '$(srcdir)/'`crypto/prfs/prf.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/prf.Tpo $(DEPDIR)/prf.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/prfs/prf.c' object='prf.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o prf.lo `test -f 'crypto/prfs/prf.c' || echo '$(srcdir)/'`crypto/prfs/prf.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o prf.lo `test -f 'crypto/prfs/prf.c' || echo '$(srcdir)/'`crypto/prfs/prf.c rng.lo: crypto/rngs/rng.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rng.lo -MD -MP -MF $(DEPDIR)/rng.Tpo -c -o rng.lo `test -f 'crypto/rngs/rng.c' || echo '$(srcdir)/'`crypto/rngs/rng.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rng.Tpo $(DEPDIR)/rng.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rng.lo -MD -MP -MF $(DEPDIR)/rng.Tpo -c -o rng.lo `test -f 'crypto/rngs/rng.c' || echo '$(srcdir)/'`crypto/rngs/rng.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rng.Tpo $(DEPDIR)/rng.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/rngs/rng.c' object='rng.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rng.lo `test -f 'crypto/rngs/rng.c' || echo '$(srcdir)/'`crypto/rngs/rng.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rng.lo `test -f 'crypto/rngs/rng.c' || echo '$(srcdir)/'`crypto/rngs/rng.c prf_plus.lo: crypto/prf_plus.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prf_plus.lo -MD -MP -MF $(DEPDIR)/prf_plus.Tpo -c -o prf_plus.lo `test -f 'crypto/prf_plus.c' || echo '$(srcdir)/'`crypto/prf_plus.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/prf_plus.Tpo $(DEPDIR)/prf_plus.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prf_plus.lo -MD -MP -MF $(DEPDIR)/prf_plus.Tpo -c -o prf_plus.lo `test -f 'crypto/prf_plus.c' || echo '$(srcdir)/'`crypto/prf_plus.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/prf_plus.Tpo $(DEPDIR)/prf_plus.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/prf_plus.c' object='prf_plus.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o prf_plus.lo `test -f 'crypto/prf_plus.c' || echo '$(srcdir)/'`crypto/prf_plus.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o prf_plus.lo `test -f 'crypto/prf_plus.c' || echo '$(srcdir)/'`crypto/prf_plus.c signer.lo: crypto/signers/signer.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT signer.lo -MD -MP -MF $(DEPDIR)/signer.Tpo -c -o signer.lo `test -f 'crypto/signers/signer.c' || echo '$(srcdir)/'`crypto/signers/signer.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/signer.Tpo $(DEPDIR)/signer.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT signer.lo -MD -MP -MF $(DEPDIR)/signer.Tpo -c -o signer.lo `test -f 'crypto/signers/signer.c' || echo '$(srcdir)/'`crypto/signers/signer.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/signer.Tpo $(DEPDIR)/signer.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/signers/signer.c' object='signer.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o signer.lo `test -f 'crypto/signers/signer.c' || echo '$(srcdir)/'`crypto/signers/signer.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o signer.lo `test -f 'crypto/signers/signer.c' || echo '$(srcdir)/'`crypto/signers/signer.c crypto_factory.lo: crypto/crypto_factory.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_factory.lo -MD -MP -MF $(DEPDIR)/crypto_factory.Tpo -c -o crypto_factory.lo `test -f 'crypto/crypto_factory.c' || echo '$(srcdir)/'`crypto/crypto_factory.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/crypto_factory.Tpo $(DEPDIR)/crypto_factory.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_factory.lo -MD -MP -MF $(DEPDIR)/crypto_factory.Tpo -c -o crypto_factory.lo `test -f 'crypto/crypto_factory.c' || echo '$(srcdir)/'`crypto/crypto_factory.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crypto_factory.Tpo $(DEPDIR)/crypto_factory.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/crypto_factory.c' object='crypto_factory.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_factory.lo `test -f 'crypto/crypto_factory.c' || echo '$(srcdir)/'`crypto/crypto_factory.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_factory.lo `test -f 'crypto/crypto_factory.c' || echo '$(srcdir)/'`crypto/crypto_factory.c crypto_tester.lo: crypto/crypto_tester.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_tester.lo -MD -MP -MF $(DEPDIR)/crypto_tester.Tpo -c -o crypto_tester.lo `test -f 'crypto/crypto_tester.c' || echo '$(srcdir)/'`crypto/crypto_tester.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/crypto_tester.Tpo $(DEPDIR)/crypto_tester.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_tester.lo -MD -MP -MF $(DEPDIR)/crypto_tester.Tpo -c -o crypto_tester.lo `test -f 'crypto/crypto_tester.c' || echo '$(srcdir)/'`crypto/crypto_tester.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crypto_tester.Tpo $(DEPDIR)/crypto_tester.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/crypto_tester.c' object='crypto_tester.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_tester.lo `test -f 'crypto/crypto_tester.c' || echo '$(srcdir)/'`crypto/crypto_tester.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_tester.lo `test -f 'crypto/crypto_tester.c' || echo '$(srcdir)/'`crypto/crypto_tester.c diffie_hellman.lo: crypto/diffie_hellman.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT diffie_hellman.lo -MD -MP -MF $(DEPDIR)/diffie_hellman.Tpo -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/diffie_hellman.Tpo $(DEPDIR)/diffie_hellman.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT diffie_hellman.lo -MD -MP -MF $(DEPDIR)/diffie_hellman.Tpo -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/diffie_hellman.Tpo $(DEPDIR)/diffie_hellman.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/diffie_hellman.c' object='diffie_hellman.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c transform.lo: crypto/transform.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform.lo -MD -MP -MF $(DEPDIR)/transform.Tpo -c -o transform.lo `test -f 'crypto/transform.c' || echo '$(srcdir)/'`crypto/transform.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/transform.Tpo $(DEPDIR)/transform.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform.lo -MD -MP -MF $(DEPDIR)/transform.Tpo -c -o transform.lo `test -f 'crypto/transform.c' || echo '$(srcdir)/'`crypto/transform.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform.Tpo $(DEPDIR)/transform.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/transform.c' object='transform.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform.lo `test -f 'crypto/transform.c' || echo '$(srcdir)/'`crypto/transform.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform.lo `test -f 'crypto/transform.c' || echo '$(srcdir)/'`crypto/transform.c credential_factory.lo: credentials/credential_factory.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_factory.lo -MD -MP -MF $(DEPDIR)/credential_factory.Tpo -c -o credential_factory.lo `test -f 'credentials/credential_factory.c' || echo '$(srcdir)/'`credentials/credential_factory.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/credential_factory.Tpo $(DEPDIR)/credential_factory.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_factory.lo -MD -MP -MF $(DEPDIR)/credential_factory.Tpo -c -o credential_factory.lo `test -f 'credentials/credential_factory.c' || echo '$(srcdir)/'`credentials/credential_factory.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/credential_factory.Tpo $(DEPDIR)/credential_factory.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/credential_factory.c' object='credential_factory.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_factory.lo `test -f 'credentials/credential_factory.c' || echo '$(srcdir)/'`credentials/credential_factory.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_factory.lo `test -f 'credentials/credential_factory.c' || echo '$(srcdir)/'`credentials/credential_factory.c builder.lo: credentials/builder.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT builder.lo -MD -MP -MF $(DEPDIR)/builder.Tpo -c -o builder.lo `test -f 'credentials/builder.c' || echo '$(srcdir)/'`credentials/builder.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/builder.Tpo $(DEPDIR)/builder.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT builder.lo -MD -MP -MF $(DEPDIR)/builder.Tpo -c -o builder.lo `test -f 'credentials/builder.c' || echo '$(srcdir)/'`credentials/builder.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/builder.Tpo $(DEPDIR)/builder.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/builder.c' object='builder.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o builder.lo `test -f 'credentials/builder.c' || echo '$(srcdir)/'`credentials/builder.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o builder.lo `test -f 'credentials/builder.c' || echo '$(srcdir)/'`credentials/builder.c + +key_encoding.lo: credentials/keys/key_encoding.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT key_encoding.lo -MD -MP -MF $(DEPDIR)/key_encoding.Tpo -c -o key_encoding.lo `test -f 'credentials/keys/key_encoding.c' || echo '$(srcdir)/'`credentials/keys/key_encoding.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/key_encoding.Tpo $(DEPDIR)/key_encoding.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/keys/key_encoding.c' object='key_encoding.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o key_encoding.lo `test -f 'credentials/keys/key_encoding.c' || echo '$(srcdir)/'`credentials/keys/key_encoding.c private_key.lo: credentials/keys/private_key.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT private_key.lo -MD -MP -MF $(DEPDIR)/private_key.Tpo -c -o private_key.lo `test -f 'credentials/keys/private_key.c' || echo '$(srcdir)/'`credentials/keys/private_key.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/private_key.Tpo $(DEPDIR)/private_key.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT private_key.lo -MD -MP -MF $(DEPDIR)/private_key.Tpo -c -o private_key.lo `test -f 'credentials/keys/private_key.c' || echo '$(srcdir)/'`credentials/keys/private_key.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/private_key.Tpo $(DEPDIR)/private_key.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/keys/private_key.c' object='private_key.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o private_key.lo `test -f 'credentials/keys/private_key.c' || echo '$(srcdir)/'`credentials/keys/private_key.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o private_key.lo `test -f 'credentials/keys/private_key.c' || echo '$(srcdir)/'`credentials/keys/private_key.c public_key.lo: credentials/keys/public_key.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT public_key.lo -MD -MP -MF $(DEPDIR)/public_key.Tpo -c -o public_key.lo `test -f 'credentials/keys/public_key.c' || echo '$(srcdir)/'`credentials/keys/public_key.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/public_key.Tpo $(DEPDIR)/public_key.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT public_key.lo -MD -MP -MF $(DEPDIR)/public_key.Tpo -c -o public_key.lo `test -f 'credentials/keys/public_key.c' || echo '$(srcdir)/'`credentials/keys/public_key.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/public_key.Tpo $(DEPDIR)/public_key.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/keys/public_key.c' object='public_key.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o public_key.lo `test -f 'credentials/keys/public_key.c' || echo '$(srcdir)/'`credentials/keys/public_key.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o public_key.lo `test -f 'credentials/keys/public_key.c' || echo '$(srcdir)/'`credentials/keys/public_key.c shared_key.lo: credentials/keys/shared_key.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT shared_key.lo -MD -MP -MF $(DEPDIR)/shared_key.Tpo -c -o shared_key.lo `test -f 'credentials/keys/shared_key.c' || echo '$(srcdir)/'`credentials/keys/shared_key.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/shared_key.Tpo $(DEPDIR)/shared_key.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT shared_key.lo -MD -MP -MF $(DEPDIR)/shared_key.Tpo -c -o shared_key.lo `test -f 'credentials/keys/shared_key.c' || echo '$(srcdir)/'`credentials/keys/shared_key.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/shared_key.Tpo $(DEPDIR)/shared_key.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/keys/shared_key.c' object='shared_key.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o shared_key.lo `test -f 'credentials/keys/shared_key.c' || echo '$(srcdir)/'`credentials/keys/shared_key.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o shared_key.lo `test -f 'credentials/keys/shared_key.c' || echo '$(srcdir)/'`credentials/keys/shared_key.c certificate.lo: credentials/certificates/certificate.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certificate.lo -MD -MP -MF $(DEPDIR)/certificate.Tpo -c -o certificate.lo `test -f 'credentials/certificates/certificate.c' || echo '$(srcdir)/'`credentials/certificates/certificate.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/certificate.Tpo $(DEPDIR)/certificate.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certificate.lo -MD -MP -MF $(DEPDIR)/certificate.Tpo -c -o certificate.lo `test -f 'credentials/certificates/certificate.c' || echo '$(srcdir)/'`credentials/certificates/certificate.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/certificate.Tpo $(DEPDIR)/certificate.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/certificates/certificate.c' object='certificate.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certificate.lo `test -f 'credentials/certificates/certificate.c' || echo '$(srcdir)/'`credentials/certificates/certificate.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certificate.lo `test -f 'credentials/certificates/certificate.c' || echo '$(srcdir)/'`credentials/certificates/certificate.c x509.lo: credentials/certificates/x509.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT x509.lo -MD -MP -MF $(DEPDIR)/x509.Tpo -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/x509.Tpo $(DEPDIR)/x509.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT x509.lo -MD -MP -MF $(DEPDIR)/x509.Tpo -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/x509.Tpo $(DEPDIR)/x509.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/certificates/x509.c' object='x509.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c crl.lo: credentials/certificates/crl.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crl.lo -MD -MP -MF $(DEPDIR)/crl.Tpo -c -o crl.lo `test -f 'credentials/certificates/crl.c' || echo '$(srcdir)/'`credentials/certificates/crl.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/crl.Tpo $(DEPDIR)/crl.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crl.lo -MD -MP -MF $(DEPDIR)/crl.Tpo -c -o crl.lo `test -f 'credentials/certificates/crl.c' || echo '$(srcdir)/'`credentials/certificates/crl.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crl.Tpo $(DEPDIR)/crl.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/certificates/crl.c' object='crl.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crl.lo `test -f 'credentials/certificates/crl.c' || echo '$(srcdir)/'`credentials/certificates/crl.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crl.lo `test -f 'credentials/certificates/crl.c' || echo '$(srcdir)/'`credentials/certificates/crl.c ocsp_response.lo: credentials/certificates/ocsp_response.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response.lo -MD -MP -MF $(DEPDIR)/ocsp_response.Tpo -c -o ocsp_response.lo `test -f 'credentials/certificates/ocsp_response.c' || echo '$(srcdir)/'`credentials/certificates/ocsp_response.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ocsp_response.Tpo $(DEPDIR)/ocsp_response.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response.lo -MD -MP -MF $(DEPDIR)/ocsp_response.Tpo -c -o ocsp_response.lo `test -f 'credentials/certificates/ocsp_response.c' || echo '$(srcdir)/'`credentials/certificates/ocsp_response.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ocsp_response.Tpo $(DEPDIR)/ocsp_response.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/certificates/ocsp_response.c' object='ocsp_response.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response.lo `test -f 'credentials/certificates/ocsp_response.c' || echo '$(srcdir)/'`credentials/certificates/ocsp_response.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response.lo `test -f 'credentials/certificates/ocsp_response.c' || echo '$(srcdir)/'`credentials/certificates/ocsp_response.c + +ietf_attributes.lo: credentials/ietf_attributes/ietf_attributes.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ietf_attributes.lo -MD -MP -MF $(DEPDIR)/ietf_attributes.Tpo -c -o ietf_attributes.lo `test -f 'credentials/ietf_attributes/ietf_attributes.c' || echo '$(srcdir)/'`credentials/ietf_attributes/ietf_attributes.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ietf_attributes.Tpo $(DEPDIR)/ietf_attributes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/ietf_attributes/ietf_attributes.c' object='ietf_attributes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ietf_attributes.lo `test -f 'credentials/ietf_attributes/ietf_attributes.c' || echo '$(srcdir)/'`credentials/ietf_attributes/ietf_attributes.c database_factory.lo: database/database_factory.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT database_factory.lo -MD -MP -MF $(DEPDIR)/database_factory.Tpo -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/database_factory.Tpo $(DEPDIR)/database_factory.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT database_factory.lo -MD -MP -MF $(DEPDIR)/database_factory.Tpo -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/database_factory.Tpo $(DEPDIR)/database_factory.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='database/database_factory.c' object='database_factory.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c fetcher_manager.lo: fetcher/fetcher_manager.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fetcher_manager.lo -MD -MP -MF $(DEPDIR)/fetcher_manager.Tpo -c -o fetcher_manager.lo `test -f 'fetcher/fetcher_manager.c' || echo '$(srcdir)/'`fetcher/fetcher_manager.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fetcher_manager.Tpo $(DEPDIR)/fetcher_manager.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fetcher_manager.lo -MD -MP -MF $(DEPDIR)/fetcher_manager.Tpo -c -o fetcher_manager.lo `test -f 'fetcher/fetcher_manager.c' || echo '$(srcdir)/'`fetcher/fetcher_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/fetcher_manager.Tpo $(DEPDIR)/fetcher_manager.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fetcher/fetcher_manager.c' object='fetcher_manager.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fetcher_manager.lo `test -f 'fetcher/fetcher_manager.c' || echo '$(srcdir)/'`fetcher/fetcher_manager.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fetcher_manager.lo `test -f 'fetcher/fetcher_manager.c' || echo '$(srcdir)/'`fetcher/fetcher_manager.c + +traffic_selector.lo: selectors/traffic_selector.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector.lo -MD -MP -MF $(DEPDIR)/traffic_selector.Tpo -c -o traffic_selector.lo `test -f 'selectors/traffic_selector.c' || echo '$(srcdir)/'`selectors/traffic_selector.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/traffic_selector.Tpo $(DEPDIR)/traffic_selector.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='selectors/traffic_selector.c' object='traffic_selector.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector.lo `test -f 'selectors/traffic_selector.c' || echo '$(srcdir)/'`selectors/traffic_selector.c + +thread.lo: threading/thread.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT thread.lo -MD -MP -MF $(DEPDIR)/thread.Tpo -c -o thread.lo `test -f 'threading/thread.c' || echo '$(srcdir)/'`threading/thread.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/thread.Tpo $(DEPDIR)/thread.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threading/thread.c' object='thread.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o thread.lo `test -f 'threading/thread.c' || echo '$(srcdir)/'`threading/thread.c -pgp.lo: pgp/pgp.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pgp.lo -MD -MP -MF $(DEPDIR)/pgp.Tpo -c -o pgp.lo `test -f 'pgp/pgp.c' || echo '$(srcdir)/'`pgp/pgp.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/pgp.Tpo $(DEPDIR)/pgp.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pgp/pgp.c' object='pgp.lo' libtool=yes @AMDEPBACKSLASH@ +thread_value.lo: threading/thread_value.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT thread_value.lo -MD -MP -MF $(DEPDIR)/thread_value.Tpo -c -o thread_value.lo `test -f 'threading/thread_value.c' || echo '$(srcdir)/'`threading/thread_value.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/thread_value.Tpo $(DEPDIR)/thread_value.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threading/thread_value.c' object='thread_value.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pgp.lo `test -f 'pgp/pgp.c' || echo '$(srcdir)/'`pgp/pgp.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o thread_value.lo `test -f 'threading/thread_value.c' || echo '$(srcdir)/'`threading/thread_value.c + +mutex.lo: threading/mutex.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mutex.lo -MD -MP -MF $(DEPDIR)/mutex.Tpo -c -o mutex.lo `test -f 'threading/mutex.c' || echo '$(srcdir)/'`threading/mutex.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mutex.Tpo $(DEPDIR)/mutex.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threading/mutex.c' object='mutex.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mutex.lo `test -f 'threading/mutex.c' || echo '$(srcdir)/'`threading/mutex.c + +rwlock.lo: threading/rwlock.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rwlock.lo -MD -MP -MF $(DEPDIR)/rwlock.Tpo -c -o rwlock.lo `test -f 'threading/rwlock.c' || echo '$(srcdir)/'`threading/rwlock.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rwlock.Tpo $(DEPDIR)/rwlock.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='threading/rwlock.c' object='rwlock.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rwlock.lo `test -f 'threading/rwlock.c' || echo '$(srcdir)/'`threading/rwlock.c host.lo: utils/host.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT host.lo -MD -MP -MF $(DEPDIR)/host.Tpo -c -o host.lo `test -f 'utils/host.c' || echo '$(srcdir)/'`utils/host.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/host.Tpo $(DEPDIR)/host.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT host.lo -MD -MP -MF $(DEPDIR)/host.Tpo -c -o host.lo `test -f 'utils/host.c' || echo '$(srcdir)/'`utils/host.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/host.Tpo $(DEPDIR)/host.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/host.c' object='host.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o host.lo `test -f 'utils/host.c' || echo '$(srcdir)/'`utils/host.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o host.lo `test -f 'utils/host.c' || echo '$(srcdir)/'`utils/host.c identification.lo: utils/identification.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT identification.lo -MD -MP -MF $(DEPDIR)/identification.Tpo -c -o identification.lo `test -f 'utils/identification.c' || echo '$(srcdir)/'`utils/identification.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/identification.Tpo $(DEPDIR)/identification.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT identification.lo -MD -MP -MF $(DEPDIR)/identification.Tpo -c -o identification.lo `test -f 'utils/identification.c' || echo '$(srcdir)/'`utils/identification.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/identification.Tpo $(DEPDIR)/identification.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/identification.c' object='identification.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o identification.lo `test -f 'utils/identification.c' || echo '$(srcdir)/'`utils/identification.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o identification.lo `test -f 'utils/identification.c' || echo '$(srcdir)/'`utils/identification.c lexparser.lo: utils/lexparser.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lexparser.lo -MD -MP -MF $(DEPDIR)/lexparser.Tpo -c -o lexparser.lo `test -f 'utils/lexparser.c' || echo '$(srcdir)/'`utils/lexparser.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/lexparser.Tpo $(DEPDIR)/lexparser.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lexparser.lo -MD -MP -MF $(DEPDIR)/lexparser.Tpo -c -o lexparser.lo `test -f 'utils/lexparser.c' || echo '$(srcdir)/'`utils/lexparser.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/lexparser.Tpo $(DEPDIR)/lexparser.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/lexparser.c' object='lexparser.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lexparser.lo `test -f 'utils/lexparser.c' || echo '$(srcdir)/'`utils/lexparser.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lexparser.lo `test -f 'utils/lexparser.c' || echo '$(srcdir)/'`utils/lexparser.c linked_list.lo: utils/linked_list.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT linked_list.lo -MD -MP -MF $(DEPDIR)/linked_list.Tpo -c -o linked_list.lo `test -f 'utils/linked_list.c' || echo '$(srcdir)/'`utils/linked_list.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/linked_list.Tpo $(DEPDIR)/linked_list.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT linked_list.lo -MD -MP -MF $(DEPDIR)/linked_list.Tpo -c -o linked_list.lo `test -f 'utils/linked_list.c' || echo '$(srcdir)/'`utils/linked_list.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/linked_list.Tpo $(DEPDIR)/linked_list.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/linked_list.c' object='linked_list.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o linked_list.lo `test -f 'utils/linked_list.c' || echo '$(srcdir)/'`utils/linked_list.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o linked_list.lo `test -f 'utils/linked_list.c' || echo '$(srcdir)/'`utils/linked_list.c hashtable.lo: utils/hashtable.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hashtable.lo -MD -MP -MF $(DEPDIR)/hashtable.Tpo -c -o hashtable.lo `test -f 'utils/hashtable.c' || echo '$(srcdir)/'`utils/hashtable.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/hashtable.Tpo $(DEPDIR)/hashtable.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hashtable.lo -MD -MP -MF $(DEPDIR)/hashtable.Tpo -c -o hashtable.lo `test -f 'utils/hashtable.c' || echo '$(srcdir)/'`utils/hashtable.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/hashtable.Tpo $(DEPDIR)/hashtable.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/hashtable.c' object='hashtable.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hashtable.lo `test -f 'utils/hashtable.c' || echo '$(srcdir)/'`utils/hashtable.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hashtable.lo `test -f 'utils/hashtable.c' || echo '$(srcdir)/'`utils/hashtable.c enumerator.lo: utils/enumerator.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT enumerator.lo -MD -MP -MF $(DEPDIR)/enumerator.Tpo -c -o enumerator.lo `test -f 'utils/enumerator.c' || echo '$(srcdir)/'`utils/enumerator.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/enumerator.Tpo $(DEPDIR)/enumerator.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT enumerator.lo -MD -MP -MF $(DEPDIR)/enumerator.Tpo -c -o enumerator.lo `test -f 'utils/enumerator.c' || echo '$(srcdir)/'`utils/enumerator.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/enumerator.Tpo $(DEPDIR)/enumerator.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/enumerator.c' object='enumerator.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o enumerator.lo `test -f 'utils/enumerator.c' || echo '$(srcdir)/'`utils/enumerator.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o enumerator.lo `test -f 'utils/enumerator.c' || echo '$(srcdir)/'`utils/enumerator.c optionsfrom.lo: utils/optionsfrom.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT optionsfrom.lo -MD -MP -MF $(DEPDIR)/optionsfrom.Tpo -c -o optionsfrom.lo `test -f 'utils/optionsfrom.c' || echo '$(srcdir)/'`utils/optionsfrom.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/optionsfrom.Tpo $(DEPDIR)/optionsfrom.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT optionsfrom.lo -MD -MP -MF $(DEPDIR)/optionsfrom.Tpo -c -o optionsfrom.lo `test -f 'utils/optionsfrom.c' || echo '$(srcdir)/'`utils/optionsfrom.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/optionsfrom.Tpo $(DEPDIR)/optionsfrom.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/optionsfrom.c' object='optionsfrom.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o optionsfrom.lo `test -f 'utils/optionsfrom.c' || echo '$(srcdir)/'`utils/optionsfrom.c - -mutex.lo: utils/mutex.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mutex.lo -MD -MP -MF $(DEPDIR)/mutex.Tpo -c -o mutex.lo `test -f 'utils/mutex.c' || echo '$(srcdir)/'`utils/mutex.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/mutex.Tpo $(DEPDIR)/mutex.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/mutex.c' object='mutex.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mutex.lo `test -f 'utils/mutex.c' || echo '$(srcdir)/'`utils/mutex.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o optionsfrom.lo `test -f 'utils/optionsfrom.c' || echo '$(srcdir)/'`utils/optionsfrom.c backtrace.lo: utils/backtrace.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backtrace.lo -MD -MP -MF $(DEPDIR)/backtrace.Tpo -c -o backtrace.lo `test -f 'utils/backtrace.c' || echo '$(srcdir)/'`utils/backtrace.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/backtrace.Tpo $(DEPDIR)/backtrace.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backtrace.lo -MD -MP -MF $(DEPDIR)/backtrace.Tpo -c -o backtrace.lo `test -f 'utils/backtrace.c' || echo '$(srcdir)/'`utils/backtrace.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/backtrace.Tpo $(DEPDIR)/backtrace.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/backtrace.c' object='backtrace.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backtrace.lo `test -f 'utils/backtrace.c' || echo '$(srcdir)/'`utils/backtrace.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backtrace.lo `test -f 'utils/backtrace.c' || echo '$(srcdir)/'`utils/backtrace.c plugin_loader.lo: plugins/plugin_loader.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT plugin_loader.lo -MD -MP -MF $(DEPDIR)/plugin_loader.Tpo -c -o plugin_loader.lo `test -f 'plugins/plugin_loader.c' || echo '$(srcdir)/'`plugins/plugin_loader.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/plugin_loader.Tpo $(DEPDIR)/plugin_loader.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT plugin_loader.lo -MD -MP -MF $(DEPDIR)/plugin_loader.Tpo -c -o plugin_loader.lo `test -f 'plugins/plugin_loader.c' || echo '$(srcdir)/'`plugins/plugin_loader.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/plugin_loader.Tpo $(DEPDIR)/plugin_loader.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='plugins/plugin_loader.c' object='plugin_loader.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o plugin_loader.lo `test -f 'plugins/plugin_loader.c' || echo '$(srcdir)/'`plugins/plugin_loader.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o plugin_loader.lo `test -f 'plugins/plugin_loader.c' || echo '$(srcdir)/'`plugins/plugin_loader.c leak_detective.lo: utils/leak_detective.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT leak_detective.lo -MD -MP -MF $(DEPDIR)/leak_detective.Tpo -c -o leak_detective.lo `test -f 'utils/leak_detective.c' || echo '$(srcdir)/'`utils/leak_detective.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/leak_detective.Tpo $(DEPDIR)/leak_detective.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT leak_detective.lo -MD -MP -MF $(DEPDIR)/leak_detective.Tpo -c -o leak_detective.lo `test -f 'utils/leak_detective.c' || echo '$(srcdir)/'`utils/leak_detective.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/leak_detective.Tpo $(DEPDIR)/leak_detective.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/leak_detective.c' object='leak_detective.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o leak_detective.lo `test -f 'utils/leak_detective.c' || echo '$(srcdir)/'`utils/leak_detective.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o leak_detective.lo `test -f 'utils/leak_detective.c' || echo '$(srcdir)/'`utils/leak_detective.c mostlyclean-libtool: -rm -f *.lo @@ -836,7 +981,7 @@ $(RECURSIVE_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ @@ -870,16 +1015,16 @@ $(RECURSIVE_CLEAN_TARGETS): else \ local_target="$$target"; \ fi; \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) @@ -894,7 +1039,7 @@ tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ @@ -906,7 +1051,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -915,29 +1060,34 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -958,29 +1108,44 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ - distdir=`$(am__cd) $(distdir) && pwd`; \ - top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ - (cd $$subdir && \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$top_distdir" \ - distdir="$$distdir/$$subdir" \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ + am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ @@ -1015,6 +1180,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -1038,6 +1204,8 @@ dvi-am: html: html-recursive +html-am: + info: info-recursive info-am: @@ -1046,18 +1214,28 @@ install-data-am: install-dvi: install-dvi-recursive +install-dvi-am: + install-exec-am: install-libLTLIBRARIES install-html: install-html-recursive +install-html-am: + install-info: install-info-recursive +install-info-am: + install-man: install-pdf: install-pdf-recursive +install-pdf-am: + install-ps: install-ps-recursive +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-recursive @@ -1080,8 +1258,9 @@ ps-am: uninstall-am: uninstall-libLTLIBRARIES -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \ - install-strip +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all check \ + ctags-recursive install install-am install-strip \ + tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic \ @@ -1110,6 +1289,7 @@ $(srcdir)/crypto/proposal/proposal_keywords.c: $(srcdir)/crypto/proposal/proposa $(srcdir)/crypto/proposal/proposal_keywords.h $(GPERF) -N proposal_get_token -m 10 -C -G -c -t -D < \ $(srcdir)/crypto/proposal/proposal_keywords.txt > $@ + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index ec46b165b..763caafc4 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -18,7 +18,6 @@ #include #include #include -#include #include #include @@ -28,161 +27,34 @@ #include "asn1_parser.h" /** - * some common prefabricated ASN.1 constants + * Commonly used ASN1 values. */ -static u_char ASN1_INTEGER_0_str[] = { 0x02, 0x00 }; -static u_char ASN1_INTEGER_1_str[] = { 0x02, 0x01, 0x01 }; -static u_char ASN1_INTEGER_2_str[] = { 0x02, 0x01, 0x02 }; - -const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str); -const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str); -const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str); - -/** - * some popular algorithmIdentifiers - */ - -static u_char ASN1_md2_id_str[] = { - 0x30, 0x0c, - 0x06, 0x08, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02, - 0x05,0x00, -}; - -static u_char ASN1_md5_id_str[] = { - 0x30, 0x0C, - 0x06, 0x08, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, - 0x05, 0x00 -}; - -static u_char ASN1_sha1_id_str[] = { - 0x30, 0x09, - 0x06, 0x05, - 0x2B, 0x0E,0x03, 0x02, 0x1A, - 0x05, 0x00 -}; - -static u_char ASN1_sha256_id_str[] = { - 0x30, 0x0d, - 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, - 0x05, 0x00 -}; - -static u_char ASN1_sha384_id_str[] = { - 0x30, 0x0d, - 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, - 0x05, 0x00 -}; - -static u_char ASN1_sha512_id_str[] = { - 0x30, 0x0d, - 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, - 0x05,0x00 -}; - -static u_char ASN1_md2WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02, - 0x05, 0x00 -}; - -static u_char ASN1_md5WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04, - 0x05, 0x00 -}; - -static u_char ASN1_sha1WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, - 0x05, 0x00 -}; - -static u_char ASN1_sha256WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, - 0x05, 0x00 -}; - -static u_char ASN1_sha384WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, - 0x05, 0x00 -}; - -static u_char ASN1_sha512WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D, - 0x05, 0x00 -}; - -static u_char ASN1_rsaEncryption_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, - 0x05, 0x00 -}; - -static const chunk_t ASN1_md2_id = chunk_from_buf(ASN1_md2_id_str); -static const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str); -static const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str); -static const chunk_t ASN1_sha256_id = chunk_from_buf(ASN1_sha256_id_str); -static const chunk_t ASN1_sha384_id = chunk_from_buf(ASN1_sha384_id_str); -static const chunk_t ASN1_sha512_id = chunk_from_buf(ASN1_sha512_id_str); -static const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str); -static const chunk_t ASN1_md2WithRSA_id = chunk_from_buf(ASN1_md2WithRSA_id_str); -static const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str); -static const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str); -static const chunk_t ASN1_sha256WithRSA_id = chunk_from_buf(ASN1_sha256WithRSA_id_str); -static const chunk_t ASN1_sha384WithRSA_id = chunk_from_buf(ASN1_sha384WithRSA_id_str); -static const chunk_t ASN1_sha512WithRSA_id = chunk_from_buf(ASN1_sha512WithRSA_id_str); +const chunk_t ASN1_INTEGER_0 = chunk_from_chars(0x02, 0x00); +const chunk_t ASN1_INTEGER_1 = chunk_from_chars(0x02, 0x01, 0x01); +const chunk_t ASN1_INTEGER_2 = chunk_from_chars(0x02, 0x01, 0x02); /* * Defined in header. */ chunk_t asn1_algorithmIdentifier(int oid) { + chunk_t parameters; + + /* some algorithmIdentifiers have a NULL parameters field and some do not */ switch (oid) { - case OID_RSA_ENCRYPTION: - return ASN1_rsaEncryption_id; - case OID_MD2_WITH_RSA: - return ASN1_md2WithRSA_id; - case OID_MD5_WITH_RSA: - return ASN1_md5WithRSA_id; - case OID_SHA1_WITH_RSA: - return ASN1_sha1WithRSA_id; - case OID_SHA256_WITH_RSA: - return ASN1_sha256WithRSA_id; - case OID_SHA384_WITH_RSA: - return ASN1_sha384WithRSA_id; - case OID_SHA512_WITH_RSA: - return ASN1_sha512WithRSA_id; - case OID_MD2: - return ASN1_md2_id; - case OID_MD5: - return ASN1_md5_id; - case OID_SHA1: - return ASN1_sha1_id; - case OID_SHA256: - return ASN1_sha256_id; - case OID_SHA384: - return ASN1_sha384_id; - case OID_SHA512: - return ASN1_sha512_id; + case OID_ECDSA_WITH_SHA1: + case OID_ECDSA_WITH_SHA224: + case OID_ECDSA_WITH_SHA256: + case OID_ECDSA_WITH_SHA384: + case OID_ECDSA_WITH_SHA512: + parameters = chunk_empty; + break; default: - return chunk_empty; + parameters = asn1_simple_object(ASN1_NULL, chunk_empty); + break; } + return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(oid), parameters); } /* @@ -191,14 +63,14 @@ chunk_t asn1_algorithmIdentifier(int oid) int asn1_known_oid(chunk_t object) { int oid = 0; - + while (object.len) { if (oid_names[oid].octet == *object.ptr) { if (--object.len == 0 || oid_names[oid].down == 0) { - return oid; /* found terminal symbol */ + return oid; /* found terminal symbol */ } else { @@ -227,17 +99,17 @@ chunk_t asn1_build_known_oid(int n) { chunk_t oid; int i; - + if (n < 0 || n >= OID_MAX) { return chunk_empty; } - + i = oid_names[n].level + 1; oid = chunk_alloc(2 + i); oid.ptr[0] = ASN1_OID; oid.ptr[1] = i; - + do { if (oid_names[n].level >= i) @@ -248,7 +120,7 @@ chunk_t asn1_build_known_oid(int n) oid.ptr[--i + 2] = oid_names[n--].octet; } while (i > 0); - + return oid; } @@ -259,18 +131,18 @@ size_t asn1_length(chunk_t *blob) { u_char n; size_t len; - + if (blob->len < 2) { DBG2("insufficient number of octets to parse ASN.1 length"); return ASN1_INVALID_LENGTH; } - + /* read length field, skip tag and length */ n = blob->ptr[1]; *blob = chunk_skip(*blob, 2); - - if ((n & 0x80) == 0) + + if ((n & 0x80) == 0) { /* single length octet */ if (n > blob->len) { @@ -279,25 +151,25 @@ size_t asn1_length(chunk_t *blob) } return n; } - + /* composite length, determine number of length octets */ n &= 0x7f; - + if (n == 0 || n > blob->len) { DBG2("number of length octets invalid"); return ASN1_INVALID_LENGTH; } - + if (n > sizeof(len)) { - DBG2("number of length octets is larger than limit of %d octets", + DBG2("number of length octets is larger than limit of %d octets", (int)sizeof(len)); return ASN1_INVALID_LENGTH; } - + len = 0; - + while (n-- > 0) { len = 256*len + *blob->ptr++; @@ -319,7 +191,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) chunk_t res; u_char len; int type; - + if (blob->len < 2) { return ASN1_INVALID; @@ -327,7 +199,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) type = blob->ptr[0]; len = blob->ptr[1]; *blob = chunk_skip(*blob, 2); - + if ((len & 0x80) == 0) { /* single length octet */ res.len = len; @@ -358,8 +230,6 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) return type; } -#define TIME_MAX 0x7fffffff - static const int days[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 }; static const int tm_leap_1970 = 477; @@ -373,7 +243,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) int tz_hour, tz_min, tz_offset; time_t tm_secs; u_char *eot = NULL; - + if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL) { tz_offset = 0; /* Zulu time with a zero time zone offset */ @@ -398,19 +268,19 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) { return 0; /* error in time format */ } - + /* parse ASN.1 time string */ { const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d": "%4d%2d%2d%2d%2d"; - + if (sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day, &tm_hour, &tm_min) != 5) { return 0; /* error in [yy]yymmddhhmm time format */ } } - + /* is there a seconds field? */ if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14)) { @@ -423,17 +293,17 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) { tm_sec = 0; } - + /* representation of two-digit years */ if (type == ASN1_UTCTIME) { tm_year += (tm_year < 50) ? 2000 : 1900; } - + /* prevent large 32 bit integer overflows */ if (sizeof(time_t) == 4 && tm_year > 2038) { - return TIME_MAX; + return TIME_32_BIT_SIGNED_MAX; } /* representation of months as 0..11*/ @@ -442,7 +312,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) return 0; /* error in month format */ } tm_mon--; - + /* representation of days as 0..30 */ tm_day--; @@ -461,8 +331,8 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap; tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec - tz_offset; - /* has a 32 bit overflow occurred? */ - return (tm_secs < 0) ? TIME_MAX : tm_secs; + /* has a 32 bit signed integer overflow occurred? */ + return (tm_secs < 0) ? TIME_32_BIT_SIGNED_MAX : tm_secs; } /** @@ -475,7 +345,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type) char buf[BUF_LEN]; chunk_t formatted_time; struct tm t; - + gmtime_r(time, &t); if (type == ASN1_GENERALIZEDTIME) { @@ -487,7 +357,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type) format = "%02d%02d%02d%02d%02d%02dZ"; offset = (t.tm_year < 100)? 0 : -100; } - snprintf(buf, BUF_LEN, format, t.tm_year + offset, + snprintf(buf, BUF_LEN, format, t.tm_year + offset, t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec); formatted_time.ptr = buf; formatted_time.len = strlen(buf); @@ -500,7 +370,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type) void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) { int oid; - + switch (type) { case ASN1_OID: @@ -545,30 +415,30 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const char* name) { size_t len; - + /* an ASN.1 object must possess at least a tag and length field */ if (object->len < 2) { DBG2("L%d - %s: ASN.1 object smaller than 2 octets", level, name); return FALSE; } - + if (*object->ptr != type) { DBG2("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", level, name, type, *object->ptr); return FALSE; } - + len = asn1_length(object); - + if (len == ASN1_INVALID_LENGTH || object->len < len) { DBG2("L%d - %s: length of ASN.1 object invalid or too large", level, name); return FALSE; } - + DBG2("L%d - %s:", level, name); asn1_debug_simple_object(*object, type, FALSE); return TRUE; @@ -578,11 +448,11 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c * ASN.1 definition of an algorithmIdentifier */ static const asn1Object_t algorithmIdentifierObjects[] = { - { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */ - { 1, "parameters", ASN1_EOC, ASN1_RAW|ASN1_OPT }, /* 2 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */ + { 1, "parameters", ASN1_EOC, ASN1_RAW|ASN1_OPT }, /* 2 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define ALGORITHM_ID_ALG 1 #define ALGORITHM_ID_PARAMETERS 2 @@ -596,10 +466,10 @@ int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters chunk_t object; int objectID; int alg = OID_UNKNOWN; - + parser = asn1_parser_create(algorithmIdentifierObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { switch (objectID) @@ -629,7 +499,7 @@ bool is_asn1(chunk_t blob) u_int len; u_char tag = *blob.ptr; - if (tag != ASN1_SEQUENCE && tag != ASN1_SET) + if (tag != ASN1_SEQUENCE && tag != ASN1_SET && tag != ASN1_OCTET_STRING) { DBG2(" file content is not binary ASN.1"); return FALSE; @@ -661,7 +531,7 @@ bool asn1_is_printablestring(chunk_t str) const char printablestring_charset[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 '()+,-./:=?"; u_int i; - + for (i = 0; i < str.len; i++) { if (strchr(printablestring_charset, str.ptr[i]) == NULL) @@ -711,24 +581,24 @@ u_char* asn1_build_object(chunk_t *object, asn1_t type, size_t datalen) u_char length_buf[4]; chunk_t length = { length_buf, 0 }; u_char *pos; - + /* code the asn.1 length field */ asn1_code_length(datalen, &length); - + /* allocate memory for the asn.1 TLV object */ object->len = 1 + length.len + datalen; object->ptr = malloc(object->len); - + /* set position pointer at the start of the object */ pos = object->ptr; - + /* copy the asn.1 tag field and advance the pointer */ *pos++ = type; - + /* copy the asn.1 length field and advance the pointer */ - memcpy(pos, length.ptr, length.len); + memcpy(pos, length.ptr, length.len); pos += length.len; - + return pos; } @@ -738,11 +608,11 @@ u_char* asn1_build_object(chunk_t *object, asn1_t type, size_t datalen) chunk_t asn1_simple_object(asn1_t tag, chunk_t content) { chunk_t object; - + u_char *pos = asn1_build_object(&object, tag, content.len); - memcpy(pos, content.ptr, content.len); + memcpy(pos, content.ptr, content.len); pos += content.len; - + return object; } @@ -809,8 +679,8 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...) u_char *pos; int i; int count = strlen(mode); - - /* sum up lengths of individual chunks */ + + /* sum up lengths of individual chunks */ va_start(chunks, mode); construct.len = 0; for (i = 0; i < count; i++) @@ -819,26 +689,33 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...) construct.len += ch.len; } va_end(chunks); - + /* allocate needed memory for construct */ pos = asn1_build_object(&construct, type, construct.len); - + /* copy or move the chunks */ va_start(chunks, mode); for (i = 0; i < count; i++) { chunk_t ch = va_arg(chunks, chunk_t); - + memcpy(pos, ch.ptr, ch.len); pos += ch.len; - if (*mode++ == 'm') + switch (*mode++) { - free(ch.ptr); + case 's': + chunk_clear(&ch); + break; + case 'm': + free(ch.ptr); + break; + default: + break; } } va_end(chunks); - + return construct; } @@ -846,11 +723,11 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...) * ASN.1 definition of time */ static const asn1Object_t timeObjects[] = { - { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */ - { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */ - { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */ - { 0, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */ + { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */ + { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */ + { 0, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define TIME_UTC 0 #define TIME_GENERALIZED 2 @@ -864,10 +741,10 @@ time_t asn1_parse_time(chunk_t blob, int level0) chunk_t object; int objectID; time_t utc_time = 0; - + parser= asn1_parser_create(timeObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { if (objectID == TIME_UTC || objectID == TIME_GENERALIZED) diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 8072d62d6..d29190df7 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup asn1i asn1 * @{ @ingroup asn1 @@ -32,51 +32,51 @@ * Definition of some primitive ASN1 types */ typedef enum { - ASN1_EOC = 0x00, - ASN1_BOOLEAN = 0x01, - ASN1_INTEGER = 0x02, - ASN1_BIT_STRING = 0x03, - ASN1_OCTET_STRING = 0x04, - ASN1_NULL = 0x05, - ASN1_OID = 0x06, - ASN1_ENUMERATED = 0x0A, - ASN1_UTF8STRING = 0x0C, - ASN1_NUMERICSTRING = 0x12, - ASN1_PRINTABLESTRING = 0x13, - ASN1_T61STRING = 0x14, - ASN1_VIDEOTEXSTRING = 0x15, - ASN1_IA5STRING = 0x16, - ASN1_UTCTIME = 0x17, - ASN1_GENERALIZEDTIME = 0x18, - ASN1_GRAPHICSTRING = 0x19, - ASN1_VISIBLESTRING = 0x1A, - ASN1_GENERALSTRING = 0x1B, - ASN1_UNIVERSALSTRING = 0x1C, - ASN1_BMPSTRING = 0x1E, - - ASN1_CONSTRUCTED = 0x20, - - ASN1_SEQUENCE = 0x30, - ASN1_SET = 0x31, - - ASN1_CONTEXT_S_0 = 0x80, - ASN1_CONTEXT_S_1 = 0x81, - ASN1_CONTEXT_S_2 = 0x82, - ASN1_CONTEXT_S_3 = 0x83, - ASN1_CONTEXT_S_4 = 0x84, - ASN1_CONTEXT_S_5 = 0x85, - ASN1_CONTEXT_S_6 = 0x86, - ASN1_CONTEXT_S_7 = 0x87, - ASN1_CONTEXT_S_8 = 0x88, - - ASN1_CONTEXT_C_0 = 0xA0, - ASN1_CONTEXT_C_1 = 0xA1, - ASN1_CONTEXT_C_2 = 0xA2, - ASN1_CONTEXT_C_3 = 0xA3, - ASN1_CONTEXT_C_4 = 0xA4, - ASN1_CONTEXT_C_5 = 0xA5, - - ASN1_INVALID = 0x100, + ASN1_EOC = 0x00, + ASN1_BOOLEAN = 0x01, + ASN1_INTEGER = 0x02, + ASN1_BIT_STRING = 0x03, + ASN1_OCTET_STRING = 0x04, + ASN1_NULL = 0x05, + ASN1_OID = 0x06, + ASN1_ENUMERATED = 0x0A, + ASN1_UTF8STRING = 0x0C, + ASN1_NUMERICSTRING = 0x12, + ASN1_PRINTABLESTRING = 0x13, + ASN1_T61STRING = 0x14, + ASN1_VIDEOTEXSTRING = 0x15, + ASN1_IA5STRING = 0x16, + ASN1_UTCTIME = 0x17, + ASN1_GENERALIZEDTIME = 0x18, + ASN1_GRAPHICSTRING = 0x19, + ASN1_VISIBLESTRING = 0x1A, + ASN1_GENERALSTRING = 0x1B, + ASN1_UNIVERSALSTRING = 0x1C, + ASN1_BMPSTRING = 0x1E, + + ASN1_CONSTRUCTED = 0x20, + + ASN1_SEQUENCE = 0x30, + ASN1_SET = 0x31, + + ASN1_CONTEXT_S_0 = 0x80, + ASN1_CONTEXT_S_1 = 0x81, + ASN1_CONTEXT_S_2 = 0x82, + ASN1_CONTEXT_S_3 = 0x83, + ASN1_CONTEXT_S_4 = 0x84, + ASN1_CONTEXT_S_5 = 0x85, + ASN1_CONTEXT_S_6 = 0x86, + ASN1_CONTEXT_S_7 = 0x87, + ASN1_CONTEXT_S_8 = 0x88, + + ASN1_CONTEXT_C_0 = 0xA0, + ASN1_CONTEXT_C_1 = 0xA1, + ASN1_CONTEXT_C_2 = 0xA2, + ASN1_CONTEXT_C_3 = 0xA3, + ASN1_CONTEXT_C_4 = 0xA4, + ASN1_CONTEXT_C_5 = 0xA5, + + ASN1_INVALID = 0x100, } asn1_t; #define ASN1_INVALID_LENGTH 0xffffffff @@ -92,10 +92,10 @@ extern const chunk_t ASN1_INTEGER_2; /** Some ASN.1 analysis functions */ /** - * Returns some popular algorithmIdentifiers + * Build an algorithmIdentifier from a known OID. * * @param oid known OID index - * @return body of the corresponding OID + * @return body of the corresponding OID, allocated */ chunk_t asn1_algorithmIdentifier(int oid); @@ -103,7 +103,7 @@ chunk_t asn1_algorithmIdentifier(int oid); * Converts an ASN.1 OID into a known OID index * * @param object body of an OID - * @return index into the oid_names[] table or OID_UNKNOWN + * @return index into the oid_names[] table or OID_UNKNOWN */ int asn1_known_oid(chunk_t object); @@ -139,7 +139,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *content); * @param blob ASN.1 coded blob * @param level0 top-most level offset * @param params returns optional [ASN.1 coded] parameters - * @return known OID index or OID_UNKNOWN + * @return known OID index or OID_UNKNOWN */ int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *params); @@ -178,7 +178,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type); * * @param time time_t in UTC * @param type ASN1_UTCTIME or ASN1_GENERALIZEDTIME - * @return body of an ASN.1 code time object + * @return body of an ASN.1 code time object */ chunk_t asn1_from_time(const time_t *time, asn1_t type); @@ -187,7 +187,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type); * * @param blob ASN.1 coded time object * @param level0 top-most level offset - * @return time_t in UTC + * @return time_t in UTC */ time_t asn1_parse_time(chunk_t blob, int level0); @@ -250,8 +250,12 @@ chunk_t asn1_integer(const char *mode, chunk_t content); /** * Build an ASN.1 object from a variable number of individual chunks * + * The mode string specifies the number of chunks, and how to handle each of + * them with a single character: 'c' for copy (allocate new chunk), 'm' for move + * (free given chunk) or 's' for sensitive-copy (clear given chunk, then free). + * * @param type ASN.1 type to be created - * @param mode for each list member: 'c' for copy or 'm' for move + * @param mode for each list member: 'c', 'm' or 's' * @return chunk containing the ASN.1 coded object */ chunk_t asn1_wrap(asn1_t type, const char *mode, ...); diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index bc4c0b50f..dc7726ad7 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -54,7 +54,7 @@ struct private_asn1_parser_t { bool success; /** - * Declare object data as private - use debug level 4 to log it + * Declare object data as private - use debug level 4 to log it */ bool private; @@ -88,7 +88,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) u_char *start_ptr; u_int level; asn1Object_t obj; - + *object = chunk_empty; /* Advance to the next object syntax definition line */ @@ -99,7 +99,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) { return FALSE; } - + if (obj.flags & ASN1_END) /* end of loop or option found */ { if (this->loopAddr[obj.level] && this->blobs[obj.level+1].len > 0) @@ -109,16 +109,16 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) } else { - this->loopAddr[obj.level] = 0; /* exit loop or option*/ + this->loopAddr[obj.level] = 0; /* exit loop or option*/ goto end; } } - + level = this->level0 + obj.level; blob = this->blobs + obj.level; blob1 = blob + 1; start_ptr = blob->ptr; - + /* handle ASN.1 defaults values */ if ((obj.flags & ASN1_DEF) && (blob->len == 0 || *start_ptr != obj.type) ) { @@ -130,9 +130,9 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) } goto end; } - + /* handle ASN.1 options */ - + if ((obj.flags & ASN1_OPT) && (blob->len == 0 || *start_ptr != obj.type)) { @@ -145,9 +145,9 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) (this->objects[this->line].level == obj.level))); goto end; } - + /* an ASN.1 object must possess at least a tag and length field */ - + if (blob->len < 2) { DBG1("L%d - %s: ASN.1 object smaller than 2 octets", @@ -155,22 +155,22 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) this->success = FALSE; goto end; } - + blob1->len = asn1_length(blob); - + if (blob1->len == ASN1_INVALID_LENGTH) { - DBG1("L%d - %s: length of ASN.1 object invalid or too large", + DBG1("L%d - %s: length of ASN.1 object invalid or too large", level, obj.name); this->success = FALSE; } - + blob1->ptr = blob->ptr; blob->ptr += blob1->len; blob->len -= blob1->len; - + /* return raw ASN.1 object without prior type checking */ - + if (obj.flags & ASN1_RAW) { DBG2("L%d - %s:", level, obj.name); @@ -187,10 +187,10 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) this->success = FALSE; goto end; } - + DBG2("L%d - %s:", level, obj.name); - - /* In case of "SEQUENCE OF" or "SET OF" start a loop */ + + /* In case of "SEQUENCE OF" or "SET OF" start a loop */ if (obj.flags & ASN1_LOOP) { if (blob1->len > 0) diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h index b2f4133a1..49325232d 100644 --- a/src/libstrongswan/asn1/asn1_parser.h +++ b/src/libstrongswan/asn1/asn1_parser.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup asn1_parser asn1_parser * @{ @ingroup asn1 @@ -57,7 +57,7 @@ struct asn1Object_t{ typedef struct asn1_parser_t asn1_parser_t; /** - * Public interface of an ASN.1 parser + * Public interface of an ASN.1 parser */ struct asn1_parser_t { @@ -69,25 +69,25 @@ struct asn1_parser_t { * @return - FALSE if end of object syntax definition was reached * or a parsing error occurred * - TRUE otherwise - */ + */ bool (*iterate)(asn1_parser_t *this, int *objectID, chunk_t *object); /** - * Get the current parsing level + * Get the current parsing level * * @return current level */ u_int (*get_level)(asn1_parser_t *this); /** - * Set the top-most level + * Set the top-most level * * @param level top-most level */ void (*set_top_level)(asn1_parser_t *this, u_int level0); /** - * Set implicit and private flags + * Set implicit and private flags * * @param implicit top-most type of object is implicit * @param private object data is private (use debug level 4) @@ -95,7 +95,7 @@ struct asn1_parser_t { void (*set_flags)(asn1_parser_t *this, bool implicit, bool private); /** - * Show final parsing status + * Show final parsing status * * @return TRUE if parsing was successful, FALSE otherwise */ @@ -106,7 +106,7 @@ struct asn1_parser_t { */ void (*destroy)(asn1_parser_t *this); }; - + /** * Create an ASN.1 parser * diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index 391d65e89..8f91a2e2b 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -28,7 +28,7 @@ const oid_t oid_names[] = { { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ { 0x01, 17, 0, 9, "UID" }, /* 16 */ { 0x19, 0, 0, 9, "DC" }, /* 17 */ - {0x55, 52, 1, 0, "X.500" }, /* 18 */ + {0x55, 64, 1, 0, "X.500" }, /* 18 */ { 0x04, 36, 1, 1, "X.509" }, /* 19 */ { 0x03, 21, 0, 2, "CN" }, /* 20 */ { 0x04, 22, 0, 2, "S" }, /* 21 */ @@ -56,260 +56,312 @@ const oid_t oid_names[] = { { 0x13, 44, 0, 2, "basicConstraints" }, /* 43 */ { 0x14, 45, 0, 2, "crlNumber" }, /* 44 */ { 0x15, 46, 0, 2, "reasonCode" }, /* 45 */ - { 0x1F, 47, 0, 2, "crlDistributionPoints" }, /* 46 */ - { 0x20, 48, 0, 2, "certificatePolicies" }, /* 47 */ - { 0x23, 49, 0, 2, "authorityKeyIdentifier" }, /* 48 */ - { 0x25, 50, 0, 2, "extendedKeyUsage" }, /* 49 */ - { 0x37, 51, 0, 2, "targetInformation" }, /* 50 */ - { 0x38, 0, 0, 2, "noRevAvail" }, /* 51 */ - {0x2A, 149, 1, 0, "" }, /* 52 */ - { 0x83, 65, 1, 1, "" }, /* 53 */ - { 0x08, 0, 1, 2, "jp" }, /* 54 */ - { 0x8C, 0, 1, 3, "" }, /* 55 */ - { 0x9A, 0, 1, 4, "" }, /* 56 */ - { 0x4B, 0, 1, 5, "" }, /* 57 */ - { 0x3D, 0, 1, 6, "" }, /* 58 */ - { 0x01, 0, 1, 7, "security" }, /* 59 */ - { 0x01, 0, 1, 8, "algorithm" }, /* 60 */ - { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 61 */ - { 0x02, 63, 0, 10, "camellia128-cbc" }, /* 62 */ - { 0x03, 64, 0, 10, "camellia192-cbc" }, /* 63 */ - { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 64 */ - { 0x86, 0, 1, 1, "" }, /* 65 */ - { 0x48, 0, 1, 2, "us" }, /* 66 */ - { 0x86, 108, 1, 3, "" }, /* 67 */ - { 0xF6, 73, 1, 4, "" }, /* 68 */ - { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 69 */ - { 0x07, 0, 1, 6, "Entrust" }, /* 70 */ - { 0x41, 0, 1, 7, "nsn-ce" }, /* 71 */ - { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 72 */ - { 0xF7, 0, 1, 4, "" }, /* 73 */ - { 0x0D, 0, 1, 5, "RSADSI" }, /* 74 */ - { 0x01, 103, 1, 6, "PKCS" }, /* 75 */ - { 0x01, 85, 1, 7, "PKCS-1" }, /* 76 */ - { 0x01, 78, 0, 8, "rsaEncryption" }, /* 77 */ - { 0x02, 79, 0, 8, "md2WithRSAEncryption" }, /* 78 */ - { 0x04, 80, 0, 8, "md5WithRSAEncryption" }, /* 79 */ - { 0x05, 81, 0, 8, "sha-1WithRSAEncryption" }, /* 80 */ - { 0x0B, 82, 0, 8, "sha256WithRSAEncryption" }, /* 81 */ - { 0x0C, 83, 0, 8, "sha384WithRSAEncryption" }, /* 82 */ - { 0x0D, 84, 0, 8, "sha512WithRSAEncryption" }, /* 83 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 84 */ - { 0x07, 92, 1, 7, "PKCS-7" }, /* 85 */ - { 0x01, 87, 0, 8, "data" }, /* 86 */ - { 0x02, 88, 0, 8, "signedData" }, /* 87 */ - { 0x03, 89, 0, 8, "envelopedData" }, /* 88 */ - { 0x04, 90, 0, 8, "signedAndEnvelopedData" }, /* 89 */ - { 0x05, 91, 0, 8, "digestedData" }, /* 90 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 91 */ - { 0x09, 0, 1, 7, "PKCS-9" }, /* 92 */ - { 0x01, 94, 0, 8, "E" }, /* 93 */ - { 0x02, 95, 0, 8, "unstructuredName" }, /* 94 */ - { 0x03, 96, 0, 8, "contentType" }, /* 95 */ - { 0x04, 97, 0, 8, "messageDigest" }, /* 96 */ - { 0x05, 98, 0, 8, "signingTime" }, /* 97 */ - { 0x06, 99, 0, 8, "counterSignature" }, /* 98 */ - { 0x07, 100, 0, 8, "challengePassword" }, /* 99 */ - { 0x08, 101, 0, 8, "unstructuredAddress" }, /* 100 */ - { 0x0E, 102, 0, 8, "extensionRequest" }, /* 101 */ - { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 102 */ - { 0x02, 106, 1, 6, "digestAlgorithm" }, /* 103 */ - { 0x02, 105, 0, 7, "md2" }, /* 104 */ - { 0x05, 0, 0, 7, "md5" }, /* 105 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 106 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 107 */ - { 0xCE, 0, 1, 3, "" }, /* 108 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 109 */ - { 0x02, 112, 1, 5, "id-publicKeyType" }, /* 110 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 111 */ - { 0x03, 142, 1, 5, "ellipticCurve" }, /* 112 */ - { 0x00, 134, 1, 6, "c-TwoCurve" }, /* 113 */ - { 0x01, 115, 0, 7, "c2pnb163v1" }, /* 114 */ - { 0x02, 116, 0, 7, "c2pnb163v2" }, /* 115 */ - { 0x03, 117, 0, 7, "c2pnb163v3" }, /* 116 */ - { 0x04, 118, 0, 7, "c2pnb176w1" }, /* 117 */ - { 0x05, 119, 0, 7, "c2tnb191v1" }, /* 118 */ - { 0x06, 120, 0, 7, "c2tnb191v2" }, /* 119 */ - { 0x07, 121, 0, 7, "c2tnb191v3" }, /* 120 */ - { 0x08, 122, 0, 7, "c2onb191v4" }, /* 121 */ - { 0x09, 123, 0, 7, "c2onb191v5" }, /* 122 */ - { 0x0A, 124, 0, 7, "c2pnb208w1" }, /* 123 */ - { 0x0B, 125, 0, 7, "c2tnb239v1" }, /* 124 */ - { 0x0C, 126, 0, 7, "c2tnb239v2" }, /* 125 */ - { 0x0D, 127, 0, 7, "c2tnb239v3" }, /* 126 */ - { 0x0E, 128, 0, 7, "c2onb239v4" }, /* 127 */ - { 0x0F, 129, 0, 7, "c2onb239v5" }, /* 128 */ - { 0x10, 130, 0, 7, "c2pnb272w1" }, /* 129 */ - { 0x11, 131, 0, 7, "c2pnb304w1" }, /* 130 */ - { 0x12, 132, 0, 7, "c2tnb359v1" }, /* 131 */ - { 0x13, 133, 0, 7, "c2pnb368w1" }, /* 132 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 133 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 134 */ - { 0x01, 136, 0, 7, "prime192v1" }, /* 135 */ - { 0x02, 137, 0, 7, "prime192v2" }, /* 136 */ - { 0x03, 138, 0, 7, "prime192v3" }, /* 137 */ - { 0x04, 139, 0, 7, "prime239v1" }, /* 138 */ - { 0x05, 140, 0, 7, "prime239v2" }, /* 139 */ - { 0x06, 141, 0, 7, "prime239v3" }, /* 140 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 141 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 142 */ - { 0x01, 144, 0, 6, "ecdsa-with-SHA1" }, /* 143 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 144 */ - { 0x01, 146, 0, 7, "ecdsa-with-SHA224" }, /* 145 */ - { 0x02, 147, 0, 7, "ecdsa-with-SHA256" }, /* 146 */ - { 0x03, 148, 0, 7, "ecdsa-with-SHA384" }, /* 147 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 148 */ - {0x2B, 249, 1, 0, "" }, /* 149 */ - { 0x06, 202, 1, 1, "dod" }, /* 150 */ - { 0x01, 0, 1, 2, "internet" }, /* 151 */ - { 0x04, 170, 1, 3, "private" }, /* 152 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 153 */ - { 0x82, 163, 1, 5, "" }, /* 154 */ - { 0x37, 0, 1, 6, "Microsoft" }, /* 155 */ - { 0x0A, 160, 1, 7, "" }, /* 156 */ - { 0x03, 0, 1, 8, "" }, /* 157 */ - { 0x03, 159, 0, 9, "msSGC" }, /* 158 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 159 */ - { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 160 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 161 */ - { 0x02, 0, 0, 9, "msSmartcardLogon" }, /* 162 */ - { 0x89, 0, 1, 5, "" }, /* 163 */ - { 0x31, 0, 1, 6, "" }, /* 164 */ - { 0x01, 0, 1, 7, "" }, /* 165 */ - { 0x01, 0, 1, 8, "" }, /* 166 */ - { 0x02, 0, 1, 9, "" }, /* 167 */ - { 0x02, 169, 0, 10, "" }, /* 168 */ - { 0x4B, 0, 0, 10, "TCGID" }, /* 169 */ - { 0x05, 0, 1, 3, "security" }, /* 170 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 171 */ - { 0x07, 0, 1, 5, "id-pkix" }, /* 172 */ - { 0x01, 175, 1, 6, "id-pe" }, /* 173 */ - { 0x01, 0, 0, 7, "authorityInfoAccess" }, /* 174 */ - { 0x03, 185, 1, 6, "id-kp" }, /* 175 */ - { 0x01, 177, 0, 7, "serverAuth" }, /* 176 */ - { 0x02, 178, 0, 7, "clientAuth" }, /* 177 */ - { 0x03, 179, 0, 7, "codeSigning" }, /* 178 */ - { 0x04, 180, 0, 7, "emailProtection" }, /* 179 */ - { 0x05, 181, 0, 7, "ipsecEndSystem" }, /* 180 */ - { 0x06, 182, 0, 7, "ipsecTunnel" }, /* 181 */ - { 0x07, 183, 0, 7, "ipsecUser" }, /* 182 */ - { 0x08, 184, 0, 7, "timeStamping" }, /* 183 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 184 */ - { 0x08, 187, 1, 6, "id-otherNames" }, /* 185 */ - { 0x05, 0, 0, 7, "xmppAddr" }, /* 186 */ - { 0x0A, 192, 1, 6, "id-aca" }, /* 187 */ - { 0x01, 189, 0, 7, "authenticationInfo" }, /* 188 */ - { 0x02, 190, 0, 7, "accessIdentity" }, /* 189 */ - { 0x03, 191, 0, 7, "chargingIdentity" }, /* 190 */ - { 0x04, 0, 0, 7, "group" }, /* 191 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 192 */ - { 0x01, 201, 1, 7, "ocsp" }, /* 193 */ - { 0x01, 195, 0, 8, "basic" }, /* 194 */ - { 0x02, 196, 0, 8, "nonce" }, /* 195 */ - { 0x03, 197, 0, 8, "crl" }, /* 196 */ - { 0x04, 198, 0, 8, "response" }, /* 197 */ - { 0x05, 199, 0, 8, "noCheck" }, /* 198 */ - { 0x06, 200, 0, 8, "archiveCutoff" }, /* 199 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 200 */ - { 0x02, 0, 0, 7, "caIssuers" }, /* 201 */ - { 0x0E, 208, 1, 1, "oiw" }, /* 202 */ - { 0x03, 0, 1, 2, "secsig" }, /* 203 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 204 */ - { 0x07, 206, 0, 4, "des-cbc" }, /* 205 */ - { 0x1A, 207, 0, 4, "sha-1" }, /* 206 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 207 */ - { 0x24, 215, 1, 1, "TeleTrusT" }, /* 208 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 209 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 210 */ - { 0x01, 0, 1, 4, "rsaSignature" }, /* 211 */ - { 0x02, 213, 0, 5, "rsaSigWithripemd160" }, /* 212 */ - { 0x03, 214, 0, 5, "rsaSigWithripemd128" }, /* 213 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 214 */ - { 0x81, 0, 1, 1, "" }, /* 215 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 216 */ - { 0x00, 0, 1, 3, "curve" }, /* 217 */ - { 0x01, 219, 0, 4, "sect163k1" }, /* 218 */ - { 0x02, 220, 0, 4, "sect163r1" }, /* 219 */ - { 0x03, 221, 0, 4, "sect239k1" }, /* 220 */ - { 0x04, 222, 0, 4, "sect113r1" }, /* 221 */ - { 0x05, 223, 0, 4, "sect113r2" }, /* 222 */ - { 0x06, 224, 0, 4, "secp112r1" }, /* 223 */ - { 0x07, 225, 0, 4, "secp112r2" }, /* 224 */ - { 0x08, 226, 0, 4, "secp160r1" }, /* 225 */ - { 0x09, 227, 0, 4, "secp160k1" }, /* 226 */ - { 0x0A, 228, 0, 4, "secp256k1" }, /* 227 */ - { 0x0F, 229, 0, 4, "sect163r2" }, /* 228 */ - { 0x10, 230, 0, 4, "sect283k1" }, /* 229 */ - { 0x11, 231, 0, 4, "sect283r1" }, /* 230 */ - { 0x16, 232, 0, 4, "sect131r1" }, /* 231 */ - { 0x17, 233, 0, 4, "sect131r2" }, /* 232 */ - { 0x18, 234, 0, 4, "sect193r1" }, /* 233 */ - { 0x19, 235, 0, 4, "sect193r2" }, /* 234 */ - { 0x1A, 236, 0, 4, "sect233k1" }, /* 235 */ - { 0x1B, 237, 0, 4, "sect233r1" }, /* 236 */ - { 0x1C, 238, 0, 4, "secp128r1" }, /* 237 */ - { 0x1D, 239, 0, 4, "secp128r2" }, /* 238 */ - { 0x1E, 240, 0, 4, "secp160r2" }, /* 239 */ - { 0x1F, 241, 0, 4, "secp192k1" }, /* 240 */ - { 0x20, 242, 0, 4, "secp224k1" }, /* 241 */ - { 0x21, 243, 0, 4, "secp224r1" }, /* 242 */ - { 0x22, 244, 0, 4, "secp384r1" }, /* 243 */ - { 0x23, 245, 0, 4, "secp521r1" }, /* 244 */ - { 0x24, 246, 0, 4, "sect409k1" }, /* 245 */ - { 0x25, 247, 0, 4, "sect409r1" }, /* 246 */ - { 0x26, 248, 0, 4, "sect571k1" }, /* 247 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 248 */ - {0x60, 0, 1, 0, "" }, /* 249 */ - { 0x86, 0, 1, 1, "" }, /* 250 */ - { 0x48, 0, 1, 2, "" }, /* 251 */ - { 0x01, 295, 1, 3, "organization" }, /* 252 */ - { 0x65, 271, 1, 4, "gov" }, /* 253 */ - { 0x03, 0, 1, 5, "csor" }, /* 254 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 255 */ - { 0x01, 266, 1, 7, "aes" }, /* 256 */ - { 0x02, 258, 0, 8, "id-aes128-CBC" }, /* 257 */ - { 0x06, 259, 0, 8, "id-aes128-GCM" }, /* 258 */ - { 0x07, 260, 0, 8, "id-aes128-CCM" }, /* 259 */ - { 0x16, 261, 0, 8, "id-aes192-CBC" }, /* 260 */ - { 0x1A, 262, 0, 8, "id-aes192-GCM" }, /* 261 */ - { 0x1B, 263, 0, 8, "id-aes192-CCM" }, /* 262 */ - { 0x2A, 264, 0, 8, "id-aes256-CBC" }, /* 263 */ - { 0x2E, 265, 0, 8, "id-aes256-GCM" }, /* 264 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 265 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 266 */ - { 0x01, 268, 0, 8, "id-SHA-256" }, /* 267 */ - { 0x02, 269, 0, 8, "id-SHA-384" }, /* 268 */ - { 0x03, 270, 0, 8, "id-SHA-512" }, /* 269 */ - { 0x04, 0, 0, 8, "id-SHA-224" }, /* 270 */ - { 0x86, 0, 1, 4, "" }, /* 271 */ - { 0xf8, 0, 1, 5, "" }, /* 272 */ - { 0x42, 285, 1, 6, "netscape" }, /* 273 */ - { 0x01, 280, 1, 7, "" }, /* 274 */ - { 0x01, 276, 0, 8, "nsCertType" }, /* 275 */ - { 0x03, 277, 0, 8, "nsRevocationUrl" }, /* 276 */ - { 0x04, 278, 0, 8, "nsCaRevocationUrl" }, /* 277 */ - { 0x08, 279, 0, 8, "nsCaPolicyUrl" }, /* 278 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 279 */ - { 0x03, 283, 1, 7, "directory" }, /* 280 */ - { 0x01, 0, 1, 8, "" }, /* 281 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 282 */ - { 0x04, 0, 1, 7, "policy" }, /* 283 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 284 */ - { 0x45, 0, 1, 6, "verisign" }, /* 285 */ - { 0x01, 0, 1, 7, "pki" }, /* 286 */ - { 0x09, 0, 1, 8, "attributes" }, /* 287 */ - { 0x02, 289, 0, 9, "messageType" }, /* 288 */ - { 0x03, 290, 0, 9, "pkiStatus" }, /* 289 */ - { 0x04, 291, 0, 9, "failInfo" }, /* 290 */ - { 0x05, 292, 0, 9, "senderNonce" }, /* 291 */ - { 0x06, 293, 0, 9, "recipientNonce" }, /* 292 */ - { 0x07, 294, 0, 9, "transID" }, /* 293 */ - { 0x08, 0, 0, 9, "extensionReq" }, /* 294 */ - { 0x86, 0, 1, 3, "old-netscape" }, /* 295 */ - { 0xF7, 0, 1, 4, "" }, /* 296 */ - { 0x0D, 0, 1, 5, "" }, /* 297 */ - { 0x01, 0, 1, 6, "" }, /* 298 */ - { 0x09, 0, 1, 7, "" }, /* 299 */ - { 0x01, 301, 0, 8, "emailAddress" }, /* 300 */ - { 0x02, 0, 0, 8, "unstructuredName" } /* 301 */ + { 0x17, 47, 0, 2, "holdInstructionCode" }, /* 46 */ + { 0x18, 48, 0, 2, "invalidityDate" }, /* 47 */ + { 0x1B, 49, 0, 2, "deltaCrlIndicator" }, /* 48 */ + { 0x1C, 50, 0, 2, "issuingDistributionPoint" }, /* 49 */ + { 0x1D, 51, 0, 2, "certificateIssuer" }, /* 50 */ + { 0x1E, 52, 0, 2, "nameConstraints" }, /* 51 */ + { 0x1F, 53, 0, 2, "crlDistributionPoints" }, /* 52 */ + { 0x20, 55, 1, 2, "certificatePolicies" }, /* 53 */ + { 0x00, 0, 0, 3, "anyPolicy" }, /* 54 */ + { 0x21, 56, 0, 2, "policyMappings" }, /* 55 */ + { 0x23, 57, 0, 2, "authorityKeyIdentifier" }, /* 56 */ + { 0x24, 58, 0, 2, "policyConstraints" }, /* 57 */ + { 0x25, 60, 1, 2, "extendedKeyUsage" }, /* 58 */ + { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 59 */ + { 0x2E, 61, 0, 2, "freshestCRL" }, /* 60 */ + { 0x36, 62, 0, 2, "inhibitAnyPolicy" }, /* 61 */ + { 0x37, 63, 0, 2, "targetInformation" }, /* 62 */ + { 0x38, 0, 0, 2, "noRevAvail" }, /* 63 */ + {0x2A, 161, 1, 0, "" }, /* 64 */ + { 0x83, 77, 1, 1, "" }, /* 65 */ + { 0x08, 0, 1, 2, "jp" }, /* 66 */ + { 0x8C, 0, 1, 3, "" }, /* 67 */ + { 0x9A, 0, 1, 4, "" }, /* 68 */ + { 0x4B, 0, 1, 5, "" }, /* 69 */ + { 0x3D, 0, 1, 6, "" }, /* 70 */ + { 0x01, 0, 1, 7, "security" }, /* 71 */ + { 0x01, 0, 1, 8, "algorithm" }, /* 72 */ + { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 73 */ + { 0x02, 75, 0, 10, "camellia128-cbc" }, /* 74 */ + { 0x03, 76, 0, 10, "camellia192-cbc" }, /* 75 */ + { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 76 */ + { 0x86, 0, 1, 1, "" }, /* 77 */ + { 0x48, 0, 1, 2, "us" }, /* 78 */ + { 0x86, 120, 1, 3, "" }, /* 79 */ + { 0xF6, 85, 1, 4, "" }, /* 80 */ + { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 81 */ + { 0x07, 0, 1, 6, "Entrust" }, /* 82 */ + { 0x41, 0, 1, 7, "nsn-ce" }, /* 83 */ + { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 84 */ + { 0xF7, 0, 1, 4, "" }, /* 85 */ + { 0x0D, 0, 1, 5, "RSADSI" }, /* 86 */ + { 0x01, 115, 1, 6, "PKCS" }, /* 87 */ + { 0x01, 97, 1, 7, "PKCS-1" }, /* 88 */ + { 0x01, 90, 0, 8, "rsaEncryption" }, /* 89 */ + { 0x02, 91, 0, 8, "md2WithRSAEncryption" }, /* 90 */ + { 0x04, 92, 0, 8, "md5WithRSAEncryption" }, /* 91 */ + { 0x05, 93, 0, 8, "sha-1WithRSAEncryption" }, /* 92 */ + { 0x0B, 94, 0, 8, "sha256WithRSAEncryption" }, /* 93 */ + { 0x0C, 95, 0, 8, "sha384WithRSAEncryption" }, /* 94 */ + { 0x0D, 96, 0, 8, "sha512WithRSAEncryption" }, /* 95 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 96 */ + { 0x07, 104, 1, 7, "PKCS-7" }, /* 97 */ + { 0x01, 99, 0, 8, "data" }, /* 98 */ + { 0x02, 100, 0, 8, "signedData" }, /* 99 */ + { 0x03, 101, 0, 8, "envelopedData" }, /* 100 */ + { 0x04, 102, 0, 8, "signedAndEnvelopedData" }, /* 101 */ + { 0x05, 103, 0, 8, "digestedData" }, /* 102 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 103 */ + { 0x09, 0, 1, 7, "PKCS-9" }, /* 104 */ + { 0x01, 106, 0, 8, "E" }, /* 105 */ + { 0x02, 107, 0, 8, "unstructuredName" }, /* 106 */ + { 0x03, 108, 0, 8, "contentType" }, /* 107 */ + { 0x04, 109, 0, 8, "messageDigest" }, /* 108 */ + { 0x05, 110, 0, 8, "signingTime" }, /* 109 */ + { 0x06, 111, 0, 8, "counterSignature" }, /* 110 */ + { 0x07, 112, 0, 8, "challengePassword" }, /* 111 */ + { 0x08, 113, 0, 8, "unstructuredAddress" }, /* 112 */ + { 0x0E, 114, 0, 8, "extensionRequest" }, /* 113 */ + { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 114 */ + { 0x02, 118, 1, 6, "digestAlgorithm" }, /* 115 */ + { 0x02, 117, 0, 7, "md2" }, /* 116 */ + { 0x05, 0, 0, 7, "md5" }, /* 117 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 118 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 119 */ + { 0xCE, 0, 1, 3, "" }, /* 120 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 121 */ + { 0x02, 124, 1, 5, "id-publicKeyType" }, /* 122 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 123 */ + { 0x03, 154, 1, 5, "ellipticCurve" }, /* 124 */ + { 0x00, 146, 1, 6, "c-TwoCurve" }, /* 125 */ + { 0x01, 127, 0, 7, "c2pnb163v1" }, /* 126 */ + { 0x02, 128, 0, 7, "c2pnb163v2" }, /* 127 */ + { 0x03, 129, 0, 7, "c2pnb163v3" }, /* 128 */ + { 0x04, 130, 0, 7, "c2pnb176w1" }, /* 129 */ + { 0x05, 131, 0, 7, "c2tnb191v1" }, /* 130 */ + { 0x06, 132, 0, 7, "c2tnb191v2" }, /* 131 */ + { 0x07, 133, 0, 7, "c2tnb191v3" }, /* 132 */ + { 0x08, 134, 0, 7, "c2onb191v4" }, /* 133 */ + { 0x09, 135, 0, 7, "c2onb191v5" }, /* 134 */ + { 0x0A, 136, 0, 7, "c2pnb208w1" }, /* 135 */ + { 0x0B, 137, 0, 7, "c2tnb239v1" }, /* 136 */ + { 0x0C, 138, 0, 7, "c2tnb239v2" }, /* 137 */ + { 0x0D, 139, 0, 7, "c2tnb239v3" }, /* 138 */ + { 0x0E, 140, 0, 7, "c2onb239v4" }, /* 139 */ + { 0x0F, 141, 0, 7, "c2onb239v5" }, /* 140 */ + { 0x10, 142, 0, 7, "c2pnb272w1" }, /* 141 */ + { 0x11, 143, 0, 7, "c2pnb304w1" }, /* 142 */ + { 0x12, 144, 0, 7, "c2tnb359v1" }, /* 143 */ + { 0x13, 145, 0, 7, "c2pnb368w1" }, /* 144 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 145 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 146 */ + { 0x01, 148, 0, 7, "prime192v1" }, /* 147 */ + { 0x02, 149, 0, 7, "prime192v2" }, /* 148 */ + { 0x03, 150, 0, 7, "prime192v3" }, /* 149 */ + { 0x04, 151, 0, 7, "prime239v1" }, /* 150 */ + { 0x05, 152, 0, 7, "prime239v2" }, /* 151 */ + { 0x06, 153, 0, 7, "prime239v3" }, /* 152 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 153 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 154 */ + { 0x01, 156, 0, 6, "ecdsa-with-SHA1" }, /* 155 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 156 */ + { 0x01, 158, 0, 7, "ecdsa-with-SHA224" }, /* 157 */ + { 0x02, 159, 0, 7, "ecdsa-with-SHA256" }, /* 158 */ + { 0x03, 160, 0, 7, "ecdsa-with-SHA384" }, /* 159 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 160 */ + {0x2B, 307, 1, 0, "" }, /* 161 */ + { 0x06, 221, 1, 1, "dod" }, /* 162 */ + { 0x01, 0, 1, 2, "internet" }, /* 163 */ + { 0x04, 182, 1, 3, "private" }, /* 164 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 165 */ + { 0x82, 175, 1, 5, "" }, /* 166 */ + { 0x37, 0, 1, 6, "Microsoft" }, /* 167 */ + { 0x0A, 172, 1, 7, "" }, /* 168 */ + { 0x03, 0, 1, 8, "" }, /* 169 */ + { 0x03, 171, 0, 9, "msSGC" }, /* 170 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 171 */ + { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 172 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 173 */ + { 0x02, 0, 0, 9, "msSmartcardLogon" }, /* 174 */ + { 0x89, 0, 1, 5, "" }, /* 175 */ + { 0x31, 0, 1, 6, "" }, /* 176 */ + { 0x01, 0, 1, 7, "" }, /* 177 */ + { 0x01, 0, 1, 8, "" }, /* 178 */ + { 0x02, 0, 1, 9, "" }, /* 179 */ + { 0x02, 181, 0, 10, "" }, /* 180 */ + { 0x4B, 0, 0, 10, "TCGID" }, /* 181 */ + { 0x05, 0, 1, 3, "security" }, /* 182 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 183 */ + { 0x07, 0, 1, 5, "id-pkix" }, /* 184 */ + { 0x01, 188, 1, 6, "id-pe" }, /* 185 */ + { 0x01, 187, 0, 7, "authorityInfoAccess" }, /* 186 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 187 */ + { 0x02, 191, 1, 6, "id-qt" }, /* 188 */ + { 0x01, 190, 0, 7, "cps" }, /* 189 */ + { 0x02, 0, 0, 7, "unotice" }, /* 190 */ + { 0x03, 201, 1, 6, "id-kp" }, /* 191 */ + { 0x01, 193, 0, 7, "serverAuth" }, /* 192 */ + { 0x02, 194, 0, 7, "clientAuth" }, /* 193 */ + { 0x03, 195, 0, 7, "codeSigning" }, /* 194 */ + { 0x04, 196, 0, 7, "emailProtection" }, /* 195 */ + { 0x05, 197, 0, 7, "ipsecEndSystem" }, /* 196 */ + { 0x06, 198, 0, 7, "ipsecTunnel" }, /* 197 */ + { 0x07, 199, 0, 7, "ipsecUser" }, /* 198 */ + { 0x08, 200, 0, 7, "timeStamping" }, /* 199 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 200 */ + { 0x08, 203, 1, 6, "id-otherNames" }, /* 201 */ + { 0x05, 0, 0, 7, "xmppAddr" }, /* 202 */ + { 0x0A, 208, 1, 6, "id-aca" }, /* 203 */ + { 0x01, 205, 0, 7, "authenticationInfo" }, /* 204 */ + { 0x02, 206, 0, 7, "accessIdentity" }, /* 205 */ + { 0x03, 207, 0, 7, "chargingIdentity" }, /* 206 */ + { 0x04, 0, 0, 7, "group" }, /* 207 */ + { 0x0B, 209, 0, 6, "subjectInfoAccess" }, /* 208 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 209 */ + { 0x01, 218, 1, 7, "ocsp" }, /* 210 */ + { 0x01, 212, 0, 8, "basic" }, /* 211 */ + { 0x02, 213, 0, 8, "nonce" }, /* 212 */ + { 0x03, 214, 0, 8, "crl" }, /* 213 */ + { 0x04, 215, 0, 8, "response" }, /* 214 */ + { 0x05, 216, 0, 8, "noCheck" }, /* 215 */ + { 0x06, 217, 0, 8, "archiveCutoff" }, /* 216 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 217 */ + { 0x02, 219, 0, 7, "caIssuers" }, /* 218 */ + { 0x03, 220, 0, 7, "timeStamping" }, /* 219 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 220 */ + { 0x0E, 227, 1, 1, "oiw" }, /* 221 */ + { 0x03, 0, 1, 2, "secsig" }, /* 222 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 223 */ + { 0x07, 225, 0, 4, "des-cbc" }, /* 224 */ + { 0x1A, 226, 0, 4, "sha-1" }, /* 225 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 226 */ + { 0x24, 273, 1, 1, "TeleTrusT" }, /* 227 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 228 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 229 */ + { 0x01, 234, 1, 4, "rsaSignature" }, /* 230 */ + { 0x02, 232, 0, 5, "rsaSigWithripemd160" }, /* 231 */ + { 0x03, 233, 0, 5, "rsaSigWithripemd128" }, /* 232 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 233 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 234 */ + { 0x01, 236, 0, 5, "ecSignWithsha1" }, /* 235 */ + { 0x02, 237, 0, 5, "ecSignWithripemd160" }, /* 236 */ + { 0x03, 238, 0, 5, "ecSignWithmd2" }, /* 237 */ + { 0x04, 239, 0, 5, "ecSignWithmd5" }, /* 238 */ + { 0x05, 256, 1, 5, "ttt-ecg" }, /* 239 */ + { 0x01, 244, 1, 6, "fieldType" }, /* 240 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 241 */ + { 0x01, 0, 1, 8, "basisType" }, /* 242 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 243 */ + { 0x02, 246, 1, 6, "keyType" }, /* 244 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 245 */ + { 0x03, 247, 0, 6, "curve" }, /* 246 */ + { 0x04, 254, 1, 6, "signatures" }, /* 247 */ + { 0x01, 249, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 248 */ + { 0x02, 250, 0, 7, "ecgdsa-with-SHA1" }, /* 249 */ + { 0x03, 251, 0, 7, "ecgdsa-with-SHA224" }, /* 250 */ + { 0x04, 252, 0, 7, "ecgdsa-with-SHA256" }, /* 251 */ + { 0x05, 253, 0, 7, "ecgdsa-with-SHA384" }, /* 252 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 253 */ + { 0x05, 0, 1, 6, "module" }, /* 254 */ + { 0x01, 0, 0, 7, "1" }, /* 255 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 256 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 257 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 258 */ + { 0x01, 260, 0, 8, "brainpoolP160r1" }, /* 259 */ + { 0x02, 261, 0, 8, "brainpoolP160t1" }, /* 260 */ + { 0x03, 262, 0, 8, "brainpoolP192r1" }, /* 261 */ + { 0x04, 263, 0, 8, "brainpoolP192t1" }, /* 262 */ + { 0x05, 264, 0, 8, "brainpoolP224r1" }, /* 263 */ + { 0x06, 265, 0, 8, "brainpoolP224t1" }, /* 264 */ + { 0x07, 266, 0, 8, "brainpoolP256r1" }, /* 265 */ + { 0x08, 267, 0, 8, "brainpoolP256t1" }, /* 266 */ + { 0x09, 268, 0, 8, "brainpoolP320r1" }, /* 267 */ + { 0x0A, 269, 0, 8, "brainpoolP320t1" }, /* 268 */ + { 0x0B, 270, 0, 8, "brainpoolP384r1" }, /* 269 */ + { 0x0C, 271, 0, 8, "brainpoolP384t1" }, /* 270 */ + { 0x0D, 272, 0, 8, "brainpoolP512r1" }, /* 271 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 272 */ + { 0x81, 0, 1, 1, "" }, /* 273 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 274 */ + { 0x00, 0, 1, 3, "curve" }, /* 275 */ + { 0x01, 277, 0, 4, "sect163k1" }, /* 276 */ + { 0x02, 278, 0, 4, "sect163r1" }, /* 277 */ + { 0x03, 279, 0, 4, "sect239k1" }, /* 278 */ + { 0x04, 280, 0, 4, "sect113r1" }, /* 279 */ + { 0x05, 281, 0, 4, "sect113r2" }, /* 280 */ + { 0x06, 282, 0, 4, "secp112r1" }, /* 281 */ + { 0x07, 283, 0, 4, "secp112r2" }, /* 282 */ + { 0x08, 284, 0, 4, "secp160r1" }, /* 283 */ + { 0x09, 285, 0, 4, "secp160k1" }, /* 284 */ + { 0x0A, 286, 0, 4, "secp256k1" }, /* 285 */ + { 0x0F, 287, 0, 4, "sect163r2" }, /* 286 */ + { 0x10, 288, 0, 4, "sect283k1" }, /* 287 */ + { 0x11, 289, 0, 4, "sect283r1" }, /* 288 */ + { 0x16, 290, 0, 4, "sect131r1" }, /* 289 */ + { 0x17, 291, 0, 4, "sect131r2" }, /* 290 */ + { 0x18, 292, 0, 4, "sect193r1" }, /* 291 */ + { 0x19, 293, 0, 4, "sect193r2" }, /* 292 */ + { 0x1A, 294, 0, 4, "sect233k1" }, /* 293 */ + { 0x1B, 295, 0, 4, "sect233r1" }, /* 294 */ + { 0x1C, 296, 0, 4, "secp128r1" }, /* 295 */ + { 0x1D, 297, 0, 4, "secp128r2" }, /* 296 */ + { 0x1E, 298, 0, 4, "secp160r2" }, /* 297 */ + { 0x1F, 299, 0, 4, "secp192k1" }, /* 298 */ + { 0x20, 300, 0, 4, "secp224k1" }, /* 299 */ + { 0x21, 301, 0, 4, "secp224r1" }, /* 300 */ + { 0x22, 302, 0, 4, "secp384r1" }, /* 301 */ + { 0x23, 303, 0, 4, "secp521r1" }, /* 302 */ + { 0x24, 304, 0, 4, "sect409k1" }, /* 303 */ + { 0x25, 305, 0, 4, "sect409r1" }, /* 304 */ + { 0x26, 306, 0, 4, "sect571k1" }, /* 305 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 306 */ + {0x60, 0, 1, 0, "" }, /* 307 */ + { 0x86, 0, 1, 1, "" }, /* 308 */ + { 0x48, 0, 1, 2, "" }, /* 309 */ + { 0x01, 0, 1, 3, "organization" }, /* 310 */ + { 0x65, 329, 1, 4, "gov" }, /* 311 */ + { 0x03, 0, 1, 5, "csor" }, /* 312 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 313 */ + { 0x01, 324, 1, 7, "aes" }, /* 314 */ + { 0x02, 316, 0, 8, "id-aes128-CBC" }, /* 315 */ + { 0x06, 317, 0, 8, "id-aes128-GCM" }, /* 316 */ + { 0x07, 318, 0, 8, "id-aes128-CCM" }, /* 317 */ + { 0x16, 319, 0, 8, "id-aes192-CBC" }, /* 318 */ + { 0x1A, 320, 0, 8, "id-aes192-GCM" }, /* 319 */ + { 0x1B, 321, 0, 8, "id-aes192-CCM" }, /* 320 */ + { 0x2A, 322, 0, 8, "id-aes256-CBC" }, /* 321 */ + { 0x2E, 323, 0, 8, "id-aes256-GCM" }, /* 322 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 323 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 324 */ + { 0x01, 326, 0, 8, "id-SHA-256" }, /* 325 */ + { 0x02, 327, 0, 8, "id-SHA-384" }, /* 326 */ + { 0x03, 328, 0, 8, "id-SHA-512" }, /* 327 */ + { 0x04, 0, 0, 8, "id-SHA-224" }, /* 328 */ + { 0x86, 0, 1, 4, "" }, /* 329 */ + { 0xf8, 0, 1, 5, "" }, /* 330 */ + { 0x42, 343, 1, 6, "netscape" }, /* 331 */ + { 0x01, 338, 1, 7, "" }, /* 332 */ + { 0x01, 334, 0, 8, "nsCertType" }, /* 333 */ + { 0x03, 335, 0, 8, "nsRevocationUrl" }, /* 334 */ + { 0x04, 336, 0, 8, "nsCaRevocationUrl" }, /* 335 */ + { 0x08, 337, 0, 8, "nsCaPolicyUrl" }, /* 336 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 337 */ + { 0x03, 341, 1, 7, "directory" }, /* 338 */ + { 0x01, 0, 1, 8, "" }, /* 339 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 340 */ + { 0x04, 0, 1, 7, "policy" }, /* 341 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 342 */ + { 0x45, 0, 1, 6, "verisign" }, /* 343 */ + { 0x01, 0, 1, 7, "pki" }, /* 344 */ + { 0x09, 0, 1, 8, "attributes" }, /* 345 */ + { 0x02, 347, 0, 9, "messageType" }, /* 346 */ + { 0x03, 348, 0, 9, "pkiStatus" }, /* 347 */ + { 0x04, 349, 0, 9, "failInfo" }, /* 348 */ + { 0x05, 350, 0, 9, "senderNonce" }, /* 349 */ + { 0x06, 351, 0, 9, "recipientNonce" }, /* 350 */ + { 0x07, 352, 0, 9, "transID" }, /* 351 */ + { 0x08, 353, 0, 9, "extensionReq" }, /* 352 */ + { 0x08, 0, 0, 9, "extensionReq" } /* 353 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index b7241af8d..32e2eb033 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -45,146 +45,162 @@ extern const oid_t oid_names[]; #define OID_BASIC_CONSTRAINTS 43 #define OID_CRL_NUMBER 44 #define OID_CRL_REASON_CODE 45 -#define OID_CRL_DISTRIBUTION_POINTS 46 -#define OID_AUTHORITY_KEY_ID 48 -#define OID_EXTENDED_KEY_USAGE 49 -#define OID_TARGET_INFORMATION 50 -#define OID_NO_REV_AVAIL 51 -#define OID_CAMELLIA128_CBC 62 -#define OID_CAMELLIA192_CBC 63 -#define OID_CAMELLIA256_CBC 64 -#define OID_RSA_ENCRYPTION 77 -#define OID_MD2_WITH_RSA 78 -#define OID_MD5_WITH_RSA 79 -#define OID_SHA1_WITH_RSA 80 -#define OID_SHA256_WITH_RSA 81 -#define OID_SHA384_WITH_RSA 82 -#define OID_SHA512_WITH_RSA 83 -#define OID_SHA224_WITH_RSA 84 -#define OID_PKCS7_DATA 86 -#define OID_PKCS7_SIGNED_DATA 87 -#define OID_PKCS7_ENVELOPED_DATA 88 -#define OID_PKCS7_SIGNED_ENVELOPED_DATA 89 -#define OID_PKCS7_DIGESTED_DATA 90 -#define OID_PKCS7_ENCRYPTED_DATA 91 -#define OID_PKCS9_EMAIL 93 -#define OID_PKCS9_CONTENT_TYPE 95 -#define OID_PKCS9_MESSAGE_DIGEST 96 -#define OID_PKCS9_SIGNING_TIME 97 -#define OID_MD2 104 -#define OID_MD5 105 -#define OID_3DES_EDE_CBC 107 -#define OID_EC_PUBLICKEY 111 -#define OID_C2PNB163V1 114 -#define OID_C2PNB163V2 115 -#define OID_C2PNB163V3 116 -#define OID_C2PNB176W1 117 -#define OID_C2PNB191V1 118 -#define OID_C2PNB191V2 119 -#define OID_C2PNB191V3 120 -#define OID_C2PNB191V4 121 -#define OID_C2PNB191V5 122 -#define OID_C2PNB208W1 123 -#define OID_C2PNB239V1 124 -#define OID_C2PNB239V2 125 -#define OID_C2PNB239V3 126 -#define OID_C2PNB239V4 127 -#define OID_C2PNB239V5 128 -#define OID_C2PNB272W1 129 -#define OID_C2PNB304W1 130 -#define OID_C2PNB359V1 131 -#define OID_C2PNB368W1 132 -#define OID_C2PNB431R1 133 -#define OID_PRIME192V1 135 -#define OID_PRIME192V2 136 -#define OID_PRIME192V3 137 -#define OID_PRIME239V1 138 -#define OID_PRIME239V2 139 -#define OID_PRIME239V3 140 -#define OID_PRIME256V1 141 -#define OID_ECDSA_WITH_SHA1 143 -#define OID_ECDSA_WITH_SHA224 145 -#define OID_ECDSA_WITH_SHA256 146 -#define OID_ECDSA_WITH_SHA384 147 -#define OID_ECDSA_WITH_SHA512 148 -#define OID_TCGID 169 -#define OID_AUTHORITY_INFO_ACCESS 174 -#define OID_OCSP_SIGNING 184 -#define OID_XMPP_ADDR 186 -#define OID_AUTHENTICATION_INFO 188 -#define OID_ACCESS_IDENTITY 189 -#define OID_CHARGING_IDENTITY 190 -#define OID_GROUP 191 -#define OID_OCSP 193 -#define OID_BASIC 194 -#define OID_NONCE 195 -#define OID_CRL 196 -#define OID_RESPONSE 197 -#define OID_NO_CHECK 198 -#define OID_ARCHIVE_CUTOFF 199 -#define OID_SERVICE_LOCATOR 200 -#define OID_CA_ISSUERS 201 -#define OID_DES_CBC 205 -#define OID_SHA1 206 -#define OID_SHA1_WITH_RSA_OIW 207 -#define OID_SECT163K1 218 -#define OID_SECT163R1 219 -#define OID_SECT239K1 220 -#define OID_SECT113R1 221 -#define OID_SECT113R2 222 -#define OID_SECT112R1 223 -#define OID_SECT112R2 224 -#define OID_SECT160R1 225 -#define OID_SECT160K1 226 -#define OID_SECT256K1 227 -#define OID_SECT163R2 228 -#define OID_SECT283K1 229 -#define OID_SECT283R1 230 -#define OID_SECT131R1 231 -#define OID_SECT131R2 232 -#define OID_SECT193R1 233 -#define OID_SECT193R2 234 -#define OID_SECT233K1 235 -#define OID_SECT233R1 236 -#define OID_SECT128R1 237 -#define OID_SECT128R2 238 -#define OID_SECT160R2 239 -#define OID_SECT192K1 240 -#define OID_SECT224K1 241 -#define OID_SECT224R1 242 -#define OID_SECT384R1 243 -#define OID_SECT521R1 244 -#define OID_SECT409K1 245 -#define OID_SECT409R1 246 -#define OID_SECT571K1 247 -#define OID_SECT571R1 248 -#define OID_AES128_CBC 257 -#define OID_AES128_GCM 258 -#define OID_AES128_CCM 259 -#define OID_AES192_CBC 260 -#define OID_AES192_GCM 261 -#define OID_AES192_CCM 262 -#define OID_AES256_CBC 263 -#define OID_AES256_GCM 264 -#define OID_AES256_CCM 265 -#define OID_SHA256 267 -#define OID_SHA384 268 -#define OID_SHA512 269 -#define OID_SHA224 270 -#define OID_NS_REVOCATION_URL 276 -#define OID_NS_CA_REVOCATION_URL 277 -#define OID_NS_CA_POLICY_URL 278 -#define OID_NS_COMMENT 279 -#define OID_EMPLOYEE_NUMBER 282 -#define OID_PKI_MESSAGE_TYPE 288 -#define OID_PKI_STATUS 289 -#define OID_PKI_FAIL_INFO 290 -#define OID_PKI_SENDER_NONCE 291 -#define OID_PKI_RECIPIENT_NONCE 292 -#define OID_PKI_TRANS_ID 293 -#define OID_EMAIL_ADDRESS 300 -#define OID_UNSTRUCTURED_NAME 301 +#define OID_DELTA_CRL_INDICATOR 48 +#define OID_NAME_CONSTRAINTS 51 +#define OID_CRL_DISTRIBUTION_POINTS 52 +#define OID_ANY_POLICY 54 +#define OID_AUTHORITY_KEY_ID 56 +#define OID_EXTENDED_KEY_USAGE 58 +#define OID_FRESHEST_CRL 60 +#define OID_INHIBIT_ANY_POLICY 61 +#define OID_TARGET_INFORMATION 62 +#define OID_NO_REV_AVAIL 63 +#define OID_CAMELLIA128_CBC 74 +#define OID_CAMELLIA192_CBC 75 +#define OID_CAMELLIA256_CBC 76 +#define OID_RSA_ENCRYPTION 89 +#define OID_MD2_WITH_RSA 90 +#define OID_MD5_WITH_RSA 91 +#define OID_SHA1_WITH_RSA 92 +#define OID_SHA256_WITH_RSA 93 +#define OID_SHA384_WITH_RSA 94 +#define OID_SHA512_WITH_RSA 95 +#define OID_SHA224_WITH_RSA 96 +#define OID_PKCS7_DATA 98 +#define OID_PKCS7_SIGNED_DATA 99 +#define OID_PKCS7_ENVELOPED_DATA 100 +#define OID_PKCS7_SIGNED_ENVELOPED_DATA 101 +#define OID_PKCS7_DIGESTED_DATA 102 +#define OID_PKCS7_ENCRYPTED_DATA 103 +#define OID_EMAIL_ADDRESS 105 +#define OID_UNSTRUCTURED_NAME 106 +#define OID_PKCS9_CONTENT_TYPE 107 +#define OID_PKCS9_MESSAGE_DIGEST 108 +#define OID_PKCS9_SIGNING_TIME 109 +#define OID_CHALLENGE_PASSWORD 111 +#define OID_EXTENSION_REQUEST 113 +#define OID_MD2 116 +#define OID_MD5 117 +#define OID_3DES_EDE_CBC 119 +#define OID_EC_PUBLICKEY 123 +#define OID_C2PNB163V1 126 +#define OID_C2PNB163V2 127 +#define OID_C2PNB163V3 128 +#define OID_C2PNB176W1 129 +#define OID_C2PNB191V1 130 +#define OID_C2PNB191V2 131 +#define OID_C2PNB191V3 132 +#define OID_C2PNB191V4 133 +#define OID_C2PNB191V5 134 +#define OID_C2PNB208W1 135 +#define OID_C2PNB239V1 136 +#define OID_C2PNB239V2 137 +#define OID_C2PNB239V3 138 +#define OID_C2PNB239V4 139 +#define OID_C2PNB239V5 140 +#define OID_C2PNB272W1 141 +#define OID_C2PNB304W1 142 +#define OID_C2PNB359V1 143 +#define OID_C2PNB368W1 144 +#define OID_C2PNB431R1 145 +#define OID_PRIME192V1 147 +#define OID_PRIME192V2 148 +#define OID_PRIME192V3 149 +#define OID_PRIME239V1 150 +#define OID_PRIME239V2 151 +#define OID_PRIME239V3 152 +#define OID_PRIME256V1 153 +#define OID_ECDSA_WITH_SHA1 155 +#define OID_ECDSA_WITH_SHA224 157 +#define OID_ECDSA_WITH_SHA256 158 +#define OID_ECDSA_WITH_SHA384 159 +#define OID_ECDSA_WITH_SHA512 160 +#define OID_TCGID 181 +#define OID_AUTHORITY_INFO_ACCESS 186 +#define OID_IP_ADDR_BLOCKS 187 +#define OID_SERVER_AUTH 192 +#define OID_CLIENT_AUTH 193 +#define OID_OCSP_SIGNING 200 +#define OID_XMPP_ADDR 202 +#define OID_AUTHENTICATION_INFO 204 +#define OID_ACCESS_IDENTITY 205 +#define OID_CHARGING_IDENTITY 206 +#define OID_GROUP 207 +#define OID_OCSP 210 +#define OID_BASIC 211 +#define OID_NONCE 212 +#define OID_CRL 213 +#define OID_RESPONSE 214 +#define OID_NO_CHECK 215 +#define OID_ARCHIVE_CUTOFF 216 +#define OID_SERVICE_LOCATOR 217 +#define OID_CA_ISSUERS 218 +#define OID_DES_CBC 224 +#define OID_SHA1 225 +#define OID_SHA1_WITH_RSA_OIW 226 +#define OID_ECGDSA_PUBKEY 245 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 248 +#define OID_ECGDSA_SIG_WITH_SHA1 249 +#define OID_ECGDSA_SIG_WITH_SHA224 250 +#define OID_ECGDSA_SIG_WITH_SHA256 251 +#define OID_ECGDSA_SIG_WITH_SHA384 252 +#define OID_ECGDSA_SIG_WITH_SHA512 253 +#define OID_SECT163K1 276 +#define OID_SECT163R1 277 +#define OID_SECT239K1 278 +#define OID_SECT113R1 279 +#define OID_SECT113R2 280 +#define OID_SECT112R1 281 +#define OID_SECT112R2 282 +#define OID_SECT160R1 283 +#define OID_SECT160K1 284 +#define OID_SECT256K1 285 +#define OID_SECT163R2 286 +#define OID_SECT283K1 287 +#define OID_SECT283R1 288 +#define OID_SECT131R1 289 +#define OID_SECT131R2 290 +#define OID_SECT193R1 291 +#define OID_SECT193R2 292 +#define OID_SECT233K1 293 +#define OID_SECT233R1 294 +#define OID_SECT128R1 295 +#define OID_SECT128R2 296 +#define OID_SECT160R2 297 +#define OID_SECT192K1 298 +#define OID_SECT224K1 299 +#define OID_SECT224R1 300 +#define OID_SECT384R1 301 +#define OID_SECT521R1 302 +#define OID_SECT409K1 303 +#define OID_SECT409R1 304 +#define OID_SECT571K1 305 +#define OID_SECT571R1 306 +#define OID_AES128_CBC 315 +#define OID_AES128_GCM 316 +#define OID_AES128_CCM 317 +#define OID_AES192_CBC 318 +#define OID_AES192_GCM 319 +#define OID_AES192_CCM 320 +#define OID_AES256_CBC 321 +#define OID_AES256_GCM 322 +#define OID_AES256_CCM 323 +#define OID_SHA256 325 +#define OID_SHA384 326 +#define OID_SHA512 327 +#define OID_SHA224 328 +#define OID_NS_REVOCATION_URL 334 +#define OID_NS_CA_REVOCATION_URL 335 +#define OID_NS_CA_POLICY_URL 336 +#define OID_NS_COMMENT 337 +#define OID_EMPLOYEE_NUMBER 340 +#define OID_PKI_MESSAGE_TYPE 346 +#define OID_PKI_STATUS 347 +#define OID_PKI_FAIL_INFO 348 +#define OID_PKI_SENDER_NONCE 349 +#define OID_PKI_RECIPIENT_NONCE 350 +#define OID_PKI_TRANS_ID 351 -#define OID_MAX 302 +#define OID_MAX 354 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index 5adca6289..203bc1f28 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -44,10 +44,22 @@ 0x13 "basicConstraints" OID_BASIC_CONSTRAINTS 0x14 "crlNumber" OID_CRL_NUMBER 0x15 "reasonCode" OID_CRL_REASON_CODE + 0x17 "holdInstructionCode" + 0x18 "invalidityDate" + 0x1B "deltaCrlIndicator" OID_DELTA_CRL_INDICATOR + 0x1C "issuingDistributionPoint" + 0x1D "certificateIssuer" + 0x1E "nameConstraints" OID_NAME_CONSTRAINTS 0x1F "crlDistributionPoints" OID_CRL_DISTRIBUTION_POINTS 0x20 "certificatePolicies" + 0x00 "anyPolicy" OID_ANY_POLICY + 0x21 "policyMappings" 0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID + 0x24 "policyConstraints" 0x25 "extendedKeyUsage" OID_EXTENDED_KEY_USAGE + 0x00 "anyExtendedKeyUsage" + 0x2E "freshestCRL" OID_FRESHEST_CRL + 0x36 "inhibitAnyPolicy" OID_INHIBIT_ANY_POLICY 0x37 "targetInformation" OID_TARGET_INFORMATION 0x38 "noRevAvail" OID_NO_REV_AVAIL 0x2A "" @@ -91,15 +103,15 @@ 0x05 "digestedData" OID_PKCS7_DIGESTED_DATA 0x06 "encryptedData" OID_PKCS7_ENCRYPTED_DATA 0x09 "PKCS-9" - 0x01 "E" OID_PKCS9_EMAIL - 0x02 "unstructuredName" + 0x01 "E" OID_EMAIL_ADDRESS + 0x02 "unstructuredName" OID_UNSTRUCTURED_NAME 0x03 "contentType" OID_PKCS9_CONTENT_TYPE 0x04 "messageDigest" OID_PKCS9_MESSAGE_DIGEST 0x05 "signingTime" OID_PKCS9_SIGNING_TIME 0x06 "counterSignature" - 0x07 "challengePassword" + 0x07 "challengePassword" OID_CHALLENGE_PASSWORD 0x08 "unstructuredAddress" - 0x0E "extensionRequest" + 0x0E "extensionRequest" OID_EXTENSION_REQUEST 0x0F "S/MIME Capabilities" 0x02 "digestAlgorithm" 0x02 "md2" OID_MD2 @@ -173,9 +185,13 @@ 0x07 "id-pkix" 0x01 "id-pe" 0x01 "authorityInfoAccess" OID_AUTHORITY_INFO_ACCESS + 0x07 "ipAddrBlocks" OID_IP_ADDR_BLOCKS + 0x02 "id-qt" + 0x01 "cps" + 0x02 "unotice" 0x03 "id-kp" - 0x01 "serverAuth" - 0x02 "clientAuth" + 0x01 "serverAuth" OID_SERVER_AUTH + 0x02 "clientAuth" OID_CLIENT_AUTH 0x03 "codeSigning" 0x04 "emailProtection" 0x05 "ipsecEndSystem" @@ -190,6 +206,7 @@ 0x02 "accessIdentity" OID_ACCESS_IDENTITY 0x03 "chargingIdentity" OID_CHARGING_IDENTITY 0x04 "group" OID_GROUP + 0x0B "subjectInfoAccess" 0x30 "id-ad" 0x01 "ocsp" OID_OCSP 0x01 "basic" OID_BASIC @@ -200,6 +217,8 @@ 0x06 "archiveCutoff" OID_ARCHIVE_CUTOFF 0x07 "serviceLocator" OID_SERVICE_LOCATOR 0x02 "caIssuers" OID_CA_ISSUERS + 0x03 "timeStamping" + 0x05 "caRepository" 0x0E "oiw" 0x03 "secsig" 0x02 "algorithms" @@ -213,6 +232,45 @@ 0x02 "rsaSigWithripemd160" 0x03 "rsaSigWithripemd128" 0x04 "rsaSigWithripemd256" + 0x02 "ecSign" + 0x01 "ecSignWithsha1" + 0x02 "ecSignWithripemd160" + 0x03 "ecSignWithmd2" + 0x04 "ecSignWithmd5" + 0x05 "ttt-ecg" + 0x01 "fieldType" + 0x01 "characteristictwoField" + 0x01 "basisType" + 0x01 "ipBasis" + 0x02 "keyType" + 0x01 "ecgPublicKey" OID_ECGDSA_PUBKEY + 0x03 "curve" + 0x04 "signatures" + 0x01 "ecgdsa-with-RIPEMD160" OID_ECGDSA_SIG_WITH_RIPEMD160 + 0x02 "ecgdsa-with-SHA1" OID_ECGDSA_SIG_WITH_SHA1 + 0x03 "ecgdsa-with-SHA224" OID_ECGDSA_SIG_WITH_SHA224 + 0x04 "ecgdsa-with-SHA256" OID_ECGDSA_SIG_WITH_SHA256 + 0x05 "ecgdsa-with-SHA384" OID_ECGDSA_SIG_WITH_SHA384 + 0x06 "ecgdsa-with-SHA512" OID_ECGDSA_SIG_WITH_SHA512 + 0x05 "module" + 0x01 "1" + 0x08 "ecStdCurvesAndGeneration" + 0x01 "ellipticCurve" + 0x01 "versionOne" + 0x01 "brainpoolP160r1" + 0x02 "brainpoolP160t1" + 0x03 "brainpoolP192r1" + 0x04 "brainpoolP192t1" + 0x05 "brainpoolP224r1" + 0x06 "brainpoolP224t1" + 0x07 "brainpoolP256r1" + 0x08 "brainpoolP256t1" + 0x09 "brainpoolP320r1" + 0x0A "brainpoolP320t1" + 0x0B "brainpoolP384r1" + 0x0C "brainpoolP384t1" + 0x0D "brainpoolP512r1" + 0x0E "brainpoolP512t1" 0x81 "" 0x04 "Certicom" 0x00 "curve" @@ -293,10 +351,4 @@ 0x06 "recipientNonce" OID_PKI_RECIPIENT_NONCE 0x07 "transID" OID_PKI_TRANS_ID 0x08 "extensionReq" - 0x86 "old-netscape" - 0xF7 "" - 0x0D "" - 0x01 "" - 0x09 "" - 0x01 "emailAddress" OID_EMAIL_ADDRESS - 0x02 "unstructuredName" OID_UNSTRUCTURED_NAME + diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c deleted file mode 100755 index 059795548..000000000 --- a/src/libstrongswan/asn1/pem.c +++ /dev/null @@ -1,393 +0,0 @@ -/* - * Copyright (C) 2001-2008 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "pem.h" - -#include -#include -#include - -#include -#include -#include - -#define PKCS5_SALT_LEN 8 /* bytes */ - -/** - * check the presence of a pattern in a character string - */ -static bool present(const char* pattern, chunk_t* ch) -{ - u_int pattern_len = strlen(pattern); - - if (ch->len >= pattern_len && strneq(ch->ptr, pattern, pattern_len)) - { - ch->ptr += pattern_len; - ch->len -= pattern_len; - return TRUE; - } - return FALSE; -} - -/** - * find a boundary of the form -----tag name----- - */ -static bool find_boundary(const char* tag, chunk_t *line) -{ - chunk_t name = chunk_empty; - - if (!present("-----", line)) - return FALSE; - if (!present(tag, line)) - return FALSE; - if (*line->ptr != ' ') - return FALSE; - line->ptr++; line->len--; - - /* extract name */ - name.ptr = line->ptr; - while (line->len > 0) - { - if (present("-----", line)) - { - DBG2(" -----%s %.*s-----", tag, (int)name.len, name.ptr); - return TRUE; - } - line->ptr++; line->len--; name.len++; - } - return FALSE; -} - -/* - * decrypts a passphrase protected encrypted data block - */ -static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size, - chunk_t *iv, chunk_t passphrase) -{ - hasher_t *hasher; - crypter_t *crypter; - chunk_t salt = { iv->ptr, PKCS5_SALT_LEN }; - chunk_t hash; - chunk_t decrypted; - chunk_t key = {alloca(key_size), key_size}; - u_int8_t padding, *last_padding_pos, *first_padding_pos; - - if (passphrase.len == 0) - { - DBG1(" missing passphrase"); - return INVALID_ARG; - } - - /* build key from passphrase and IV */ - hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - if (hasher == NULL) - { - DBG1(" MD5 hash algorithm not available"); - return NOT_SUPPORTED; - } - hash.len = hasher->get_hash_size(hasher); - hash.ptr = alloca(hash.len); - hasher->get_hash(hasher, passphrase, NULL); - hasher->get_hash(hasher, salt, hash.ptr); - memcpy(key.ptr, hash.ptr, hash.len); - - if (key.len > hash.len) - { - hasher->get_hash(hasher, hash, NULL); - hasher->get_hash(hasher, passphrase, NULL); - hasher->get_hash(hasher, salt, hash.ptr); - memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len); - } - hasher->destroy(hasher); - - /* decrypt blob */ - crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size); - if (crypter == NULL) - { - DBG1(" %N encryption algorithm not available", - encryption_algorithm_names, alg); - return NOT_SUPPORTED; - } - crypter->set_key(crypter, key); - - if (iv->len != crypter->get_block_size(crypter) || - blob->len % iv->len) - { - crypter->destroy(crypter); - DBG1(" data size is not multiple of block size"); - return PARSE_ERROR; - } - crypter->decrypt(crypter, *blob, *iv, &decrypted); - crypter->destroy(crypter); - memcpy(blob->ptr, decrypted.ptr, blob->len); - chunk_free(&decrypted); - - /* determine amount of padding */ - last_padding_pos = blob->ptr + blob->len - 1; - padding = *last_padding_pos; - first_padding_pos = (padding > blob->len) ? blob->ptr : last_padding_pos - padding; - - /* check the padding pattern */ - while (--last_padding_pos > first_padding_pos) - { - if (*last_padding_pos != padding) - { - DBG1(" invalid passphrase"); - return INVALID_ARG; - } - } - /* remove padding */ - blob->len -= padding; - return SUCCESS; -} - -/* Converts a PEM encoded file into its binary form - * - * RFC 1421 Privacy Enhancement for Electronic Mail, February 1993 - * RFC 934 Message Encapsulation, January 1985 - */ -status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp) -{ - typedef enum { - PEM_PRE = 0, - PEM_MSG = 1, - PEM_HEADER = 2, - PEM_BODY = 3, - PEM_POST = 4, - PEM_ABORT = 5 - } state_t; - - encryption_algorithm_t alg = ENCR_UNDEFINED; - size_t key_size = 0; - - bool encrypted = FALSE; - - state_t state = PEM_PRE; - - chunk_t src = *blob; - chunk_t dst = *blob; - chunk_t line = chunk_empty; - chunk_t iv = chunk_empty; - - u_char iv_buf[16]; /* MD5 digest size */ - - /* zero size of converted blob */ - dst.len = 0; - - /* zero size of IV */ - iv.ptr = iv_buf; - iv.len = 0; - - while (fetchline(&src, &line)) - { - if (state == PEM_PRE) - { - if (find_boundary("BEGIN", &line)) - { - state = PEM_MSG; - } - continue; - } - else - { - if (find_boundary("END", &line)) - { - state = PEM_POST; - break; - } - if (state == PEM_MSG) - { - state = (memchr(line.ptr, ':', line.len) == NULL) ? PEM_BODY : PEM_HEADER; - } - if (state == PEM_HEADER) - { - err_t ugh = NULL; - chunk_t name = chunk_empty; - chunk_t value = chunk_empty; - - /* an empty line separates HEADER and BODY */ - if (line.len == 0) - { - state = PEM_BODY; - continue; - } - - /* we are looking for a parameter: value pair */ - DBG2(" %.*s", (int)line.len, line.ptr); - ugh = extract_parameter_value(&name, &value, &line); - if (ugh != NULL) - { - continue; - } - if (match("Proc-Type", &name) && *value.ptr == '4') - { - encrypted = TRUE; - } - else if (match("DEK-Info", &name)) - { - chunk_t dek; - - if (!extract_token(&dek, ',', &value)) - { - dek = value; - } - if (match("DES-EDE3-CBC", &dek)) - { - alg = ENCR_3DES; - key_size = 24; - } - else if (match("AES-128-CBC", &dek)) - { - alg = ENCR_AES_CBC; - key_size = 16; - } - else if (match("AES-192-CBC", &dek)) - { - alg = ENCR_AES_CBC; - key_size = 24; - } - else if (match("AES-256-CBC", &dek)) - { - alg = ENCR_AES_CBC; - key_size = 32; - } - else - { - DBG1(" encryption algorithm '%.s' not supported", - dek.len, dek.ptr); - return NOT_SUPPORTED; - } - eat_whitespace(&value); - iv = chunk_from_hex(value, iv.ptr); - } - } - else /* state is PEM_BODY */ - { - chunk_t data; - - /* remove any trailing whitespace */ - if (!extract_token(&data ,' ', &line)) - { - data = line; - } - - /* check for PGP armor checksum */ - if (*data.ptr == '=') - { - *pgp = TRUE; - data.ptr++; - data.len--; - DBG2(" armor checksum: %.*s", (int)data.len, data.ptr); - continue; - } - - if (blob->len - dst.len < data.len / 4 * 3) - { - state = PEM_ABORT; - } - data = chunk_from_base64(data, dst.ptr); - - dst.ptr += data.len; - dst.len += data.len; - } - } - } - /* set length to size of binary blob */ - blob->len = dst.len; - - if (state != PEM_POST) - { - DBG1(" file coded in unknown format, discarded"); - return PARSE_ERROR; - } - if (!encrypted) - { - return SUCCESS; - } - return pem_decrypt(blob, alg, key_size, &iv, passphrase); - -} - -/* load a coded key or certificate file with autodetection - * of binary DER or base64 PEM ASN.1 formats and armored PGP format - */ -bool pem_asn1_load_file(char *filename, chunk_t *passphrase, - chunk_t *blob, bool *pgp) -{ - FILE *fd = fopen(filename, "r"); - - if (fd) - { - chunk_t pass = chunk_empty; - int bytes; - - fseek(fd, 0, SEEK_END ); - blob->len = ftell(fd); - rewind(fd); - blob->ptr = malloc(blob->len); - bytes = fread(blob->ptr, 1, blob->len, fd); - fclose(fd); - DBG2(" loading '%s' (%d bytes)", filename, bytes); - - *pgp = FALSE; - - /* try DER format */ - if (is_asn1(*blob)) - { - DBG2(" file coded in DER format"); - return TRUE; - } - - if (passphrase != NULL) - { - pass = *passphrase; - DBG4(" passphrase: %#B", passphrase); - } - - /* try PEM format */ - if (pem_to_bin(blob, pass, pgp) == SUCCESS) - { - if (*pgp) - { - DBG2(" file coded in armored PGP format"); - return TRUE; - } - if (is_asn1(*blob)) - { - DBG2(" file coded in PEM format"); - return TRUE; - } - DBG1(" file coded in unknown format, discarded"); - } - - /* a conversion error has occured */ - chunk_free(blob); - } - else - { - DBG1(" reading file '%s' failed", filename); - } - return FALSE; -} - diff --git a/src/libstrongswan/asn1/pem.h b/src/libstrongswan/asn1/pem.h deleted file mode 100755 index 7385330d7..000000000 --- a/src/libstrongswan/asn1/pem.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (C) 2001-2008 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef PEM_H_ -#define PEM_H_ - -#include - -#include - -status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp); - -bool pem_asn1_load_file(char *filename, chunk_t *passphrase, chunk_t *blob, - bool *pgp); - -#endif /*PEM_H_ @} */ diff --git a/src/libstrongswan/attributes/attribute_handler.h b/src/libstrongswan/attributes/attribute_handler.h new file mode 100644 index 000000000..d042f47ef --- /dev/null +++ b/src/libstrongswan/attributes/attribute_handler.h @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup attribute_handler attribute_handler + * @{ @ingroup attributes + */ + +#ifndef ATTRIBUTE_HANDLER_H_ +#define ATTRIBUTE_HANDLER_H_ + +#include +#include +#include + +#include "attributes.h" + +typedef struct attribute_handler_t attribute_handler_t; + +/** + * Interface to handle configuration payload attributes. + */ +struct attribute_handler_t { + + /** + * Handle a configuration attribute. + * + * After receiving a configuration attriubte, it is passed to each + * attribute handler until it is handled. + * + * @param server server from which the attribute was received + * @param type type of configuration attribute to handle + * @param data associated attribute data + * @return TRUE if attribute handled + */ + bool (*handle)(attribute_handler_t *this, identification_t *server, + configuration_attribute_type_t type, chunk_t data); + + /** + * Release an attribute handled during handle(). + * + * A handler that handle()d an attribute gets a call to release() when the + * connection gets closed. Depending on the implementation, this is required + * to remove the attribute. + */ + void (*release)(attribute_handler_t *this, identification_t *server, + configuration_attribute_type_t type, chunk_t data); + + /** + * Enumerate attributes to request from a server. + * + * @param server server identity to request attributes from + * @param vip virtual IP we are requesting, if any + * @return enumerator (configuration_attribute_type_t, chunk_t) + */ + enumerator_t* (*create_attribute_enumerator)(attribute_handler_t *this, + identification_t *server, host_t *vip); +}; + +#endif /** ATTRIBUTE_HANDLER_H_ @}*/ diff --git a/src/libstrongswan/attributes/attribute_manager.c b/src/libstrongswan/attributes/attribute_manager.c new file mode 100644 index 000000000..91fa1ebb5 --- /dev/null +++ b/src/libstrongswan/attributes/attribute_manager.c @@ -0,0 +1,374 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "attribute_manager.h" + +#include +#include +#include + +typedef struct private_attribute_manager_t private_attribute_manager_t; + +/** + * private data of attribute_manager + */ +struct private_attribute_manager_t { + + /** + * public functions + */ + attribute_manager_t public; + + /** + * list of registered providers + */ + linked_list_t *providers; + + /** + * list of registered handlers + */ + linked_list_t *handlers; + + /** + * rwlock provider list + */ + rwlock_t *lock; +}; + +/** + * Data to pass to enumerator filters + */ +typedef struct { + /** server/peer identity */ + identification_t *id; + /** requesting/assigned virtual IP */ + host_t *vip; +} enum_data_t; + +/** + * Implementation of attribute_manager_t.acquire_address. + */ +static host_t* acquire_address(private_attribute_manager_t *this, + char *pool, identification_t *id, + host_t *requested) +{ + enumerator_t *enumerator; + attribute_provider_t *current; + host_t *host = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, ¤t)) + { + host = current->acquire_address(current, pool, id, requested); + if (host) + { + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + + if (!host) + { + DBG1("acquiring address from pool '%s' failed", pool); + } + return host; +} + +/** + * Implementation of attribute_manager_t.release_address. + */ +static void release_address(private_attribute_manager_t *this, + char *pool, host_t *address, identification_t *id) +{ + enumerator_t *enumerator; + attribute_provider_t *current; + bool found = FALSE; + + this->lock->read_lock(this->lock); + enumerator = this->providers->create_enumerator(this->providers); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (current->release_address(current, pool, address, id)) + { + found = TRUE; + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + + if (!found) + { + DBG1("releasing address to pool '%s' failed", pool); + } +} + +/** + * inner enumerator constructor for responder attributes + */ +static enumerator_t *responder_enum_create(attribute_provider_t *provider, + enum_data_t *data) +{ + return provider->create_attribute_enumerator(provider, data->id, data->vip); +} + +/** + * Implementation of attribute_manager_t.create_responder_enumerator + */ +static enumerator_t* create_responder_enumerator( + private_attribute_manager_t *this, identification_t *id, host_t *vip) +{ + enum_data_t *data = malloc_thing(enum_data_t); + + data->id = id; + data->vip = vip; + this->lock->read_lock(this->lock); + return enumerator_create_cleaner( + enumerator_create_nested( + this->providers->create_enumerator(this->providers), + (void*)responder_enum_create, data, free), + (void*)this->lock->unlock, this->lock); +} + +/** + * Implementation of attribute_manager_t.add_provider. + */ +static void add_provider(private_attribute_manager_t *this, + attribute_provider_t *provider) +{ + this->lock->write_lock(this->lock); + this->providers->insert_last(this->providers, provider); + this->lock->unlock(this->lock); +} + +/** + * Implementation of attribute_manager_t.remove_provider. + */ +static void remove_provider(private_attribute_manager_t *this, + attribute_provider_t *provider) +{ + this->lock->write_lock(this->lock); + this->providers->remove(this->providers, provider, NULL); + this->lock->unlock(this->lock); +} + +/** + * Implementation of attribute_manager_t.handle + */ +static attribute_handler_t* handle(private_attribute_manager_t *this, + identification_t *server, attribute_handler_t *handler, + configuration_attribute_type_t type, chunk_t data) +{ + enumerator_t *enumerator; + attribute_handler_t *current, *handled = NULL; + + this->lock->read_lock(this->lock); + + /* try to find the passed handler */ + enumerator = this->handlers->create_enumerator(this->handlers); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (current == handler && current->handle(current, server, type, data)) + { + handled = current; + break; + } + } + enumerator->destroy(enumerator); + if (!handled) + { /* handler requesting this attribute not found, try any other */ + enumerator = this->handlers->create_enumerator(this->handlers); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (current->handle(current, server, type, data)) + { + handled = current; + break; + } + } + enumerator->destroy(enumerator); + } + this->lock->unlock(this->lock); + + if (!handled) + { + DBG1("handling %N attribute failed", + configuration_attribute_type_names, type); + } + return handled; +} + +/** + * Implementation of attribute_manager_t.release + */ +static void release(private_attribute_manager_t *this, + attribute_handler_t *handler, + identification_t *server, + configuration_attribute_type_t type, chunk_t data) +{ + enumerator_t *enumerator; + attribute_handler_t *current; + + this->lock->read_lock(this->lock); + enumerator = this->handlers->create_enumerator(this->handlers); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (current == handler) + { + current->release(current, server, type, data); + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +/** + * Enumerator implementation to enumerate nested initiator attributes + */ +typedef struct { + /** implements enumerator_t */ + enumerator_t public; + /** back ref */ + private_attribute_manager_t *this; + /** currently processing handler */ + attribute_handler_t *handler; + /** outer enumerator over handlers */ + enumerator_t *outer; + /** inner enumerator over current handlers attributes */ + enumerator_t *inner; + /** server ID we want attributes for */ + identification_t *id; + /** virtual IP we are requesting along with attriubutes */ + host_t *vip; +} initiator_enumerator_t; + +/** + * Enumerator implementation for initiator attributes + */ +static bool initiator_enumerate(initiator_enumerator_t *this, + attribute_handler_t **handler, + configuration_attribute_type_t *type, + chunk_t *value) +{ + /* enumerate inner attributes using outer handler enumerator */ + while (!this->inner || !this->inner->enumerate(this->inner, type, value)) + { + if (!this->outer->enumerate(this->outer, &this->handler)) + { + return FALSE; + } + DESTROY_IF(this->inner); + this->inner = this->handler->create_attribute_enumerator(this->handler, + this->id, this->vip); + } + /* inject the handler as additional attribute */ + *handler = this->handler; + return TRUE; +} + +/** + * Cleanup function of initiator attribute enumerator + */ +static void initiator_destroy(initiator_enumerator_t *this) +{ + this->this->lock->unlock(this->this->lock); + this->outer->destroy(this->outer); + DESTROY_IF(this->inner); + free(this); +} + +/** + * Implementation of attribute_manager_t.create_initiator_enumerator + */ +static enumerator_t* create_initiator_enumerator( + private_attribute_manager_t *this, identification_t *id, host_t *vip) +{ + initiator_enumerator_t *enumerator = malloc_thing(initiator_enumerator_t); + + this->lock->read_lock(this->lock); + enumerator->public.enumerate = (void*)initiator_enumerate; + enumerator->public.destroy = (void*)initiator_destroy; + enumerator->this = this; + enumerator->id = id; + enumerator->vip = vip; + enumerator->outer = this->handlers->create_enumerator(this->handlers); + enumerator->inner = NULL; + enumerator->handler = NULL; + + return &enumerator->public; +} + +/** + * Implementation of attribute_manager_t.add_handler + */ +static void add_handler(private_attribute_manager_t *this, + attribute_handler_t *handler) +{ + this->lock->write_lock(this->lock); + this->handlers->insert_last(this->handlers, handler); + this->lock->unlock(this->lock); +} + +/** + * Implementation of attribute_manager_t.remove_handler + */ +static void remove_handler(private_attribute_manager_t *this, + attribute_handler_t *handler) +{ + this->lock->write_lock(this->lock); + this->handlers->remove(this->handlers, handler, NULL); + this->lock->unlock(this->lock); +} + +/** + * Implementation of attribute_manager_t.destroy + */ +static void destroy(private_attribute_manager_t *this) +{ + this->providers->destroy(this->providers); + this->handlers->destroy(this->handlers); + this->lock->destroy(this->lock); + free(this); +} + +/* + * see header file + */ +attribute_manager_t *attribute_manager_create() +{ + private_attribute_manager_t *this = malloc_thing(private_attribute_manager_t); + + this->public.acquire_address = (host_t*(*)(attribute_manager_t*, char*, identification_t*,host_t*))acquire_address; + this->public.release_address = (void(*)(attribute_manager_t*, char *, host_t*, identification_t*))release_address; + this->public.create_responder_enumerator = (enumerator_t*(*)(attribute_manager_t*, identification_t*, host_t*))create_responder_enumerator; + this->public.add_provider = (void(*)(attribute_manager_t*, attribute_provider_t *provider))add_provider; + this->public.remove_provider = (void(*)(attribute_manager_t*, attribute_provider_t *provider))remove_provider; + this->public.handle = (attribute_handler_t*(*)(attribute_manager_t*,identification_t*, attribute_handler_t*, configuration_attribute_type_t, chunk_t))handle; + this->public.release = (void(*)(attribute_manager_t*, attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))release; + this->public.create_initiator_enumerator = (enumerator_t*(*)(attribute_manager_t*, identification_t*, host_t*))create_initiator_enumerator; + this->public.add_handler = (void(*)(attribute_manager_t*, attribute_handler_t*))add_handler; + this->public.remove_handler = (void(*)(attribute_manager_t*, attribute_handler_t*))remove_handler; + this->public.destroy = (void(*)(attribute_manager_t*))destroy; + + this->providers = linked_list_create(); + this->handlers = linked_list_create(); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); + + return &this->public; +} + diff --git a/src/libstrongswan/attributes/attribute_manager.h b/src/libstrongswan/attributes/attribute_manager.h new file mode 100644 index 000000000..642662366 --- /dev/null +++ b/src/libstrongswan/attributes/attribute_manager.h @@ -0,0 +1,149 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup attribute_manager attribute_manager + * @{ @ingroup attributes + */ + +#ifndef ATTRIBUTE_MANAGER_H_ +#define ATTRIBUTE_MANAGER_H_ + +#include "attribute_provider.h" +#include "attribute_handler.h" + +typedef struct attribute_manager_t attribute_manager_t; + +/** + * The attribute manager hands out attributes or handles them. + * + * The attribute manager manages both, attribute providers and attribute + * handlers. Attribute providers are responsible to hand out attributes if + * a connecting peer requests them. Handlers handle such attributes if they + * are received on the requesting peer. + */ +struct attribute_manager_t { + + /** + * Acquire a virtual IP address to assign to a peer. + * + * @param pool pool name to acquire address from + * @param id peer identity to get address forua + * @param requested IP in configuration request + * @return allocated address, NULL to serve none + */ + host_t* (*acquire_address)(attribute_manager_t *this, + char *pool, identification_t *id, + host_t *requested); + + /** + * Release a previously acquired address. + * + * @param pool pool name from which the address was acquired + * @param address address to release + * @param id peer identity to get address for + */ + void (*release_address)(attribute_manager_t *this, + char *pool, host_t *address, identification_t *id); + + /** + * Create an enumerator over attributes to hand out to a peer. + * + * @param id peer identity to hand out attributes to + * @param vip virtual IP to assign to peer, if any + * @return enumerator (configuration_attribute_type_t, chunk_t) + */ + enumerator_t* (*create_responder_enumerator)(attribute_manager_t *this, + identification_t *id, host_t *vip); + + /** + * Register an attribute provider to the manager. + * + * @param provider attribute provider to register + */ + void (*add_provider)(attribute_manager_t *this, + attribute_provider_t *provider); + /** + * Unregister an attribute provider from the manager. + * + * @param provider attribute provider to unregister + */ + void (*remove_provider)(attribute_manager_t *this, + attribute_provider_t *provider); + + /** + * Handle a configuration attribute by passing them to the handlers. + * + * @param server server from which the attribute was received + * @param handler handler we requested the attribute for, if any + * @param type type of configuration attribute + * @param data associated attribute data + * @return handler which handled this attribute, NULL if none + */ + attribute_handler_t* (*handle)(attribute_manager_t *this, + identification_t *server, attribute_handler_t *handler, + configuration_attribute_type_t type, chunk_t data); + + /** + * Release an attribute previously handle()d by a handler. + * + * @param handler handler returned by handle() for this attribute + * @param server server from which the attribute was received + * @param type type of attribute to release + * @param data associated attribute data + */ + void (*release)(attribute_manager_t *this, attribute_handler_t *handler, + identification_t *server, + configuration_attribute_type_t type, + chunk_t data); + + /** + * Create an enumerator over attributes to request from server. + * + * @param id server identity to hand out attributes to + * @param vip virtual IP going to request, if any + * @return enumerator (attribute_handler_t, ca_type_t, chunk_t) + */ + enumerator_t* (*create_initiator_enumerator)(attribute_manager_t *this, + identification_t *id, host_t *vip); + + /** + * Register an attribute handler to the manager. + * + * @param handler attribute handler to register + */ + void (*add_handler)(attribute_manager_t *this, + attribute_handler_t *handler); + + /** + * Unregister an attribute handler from the manager. + * + * @param handler attribute handler to unregister + */ + void (*remove_handler)(attribute_manager_t *this, + attribute_handler_t *handler); + + /** + * Destroy a attribute_manager instance. + */ + void (*destroy)(attribute_manager_t *this); +}; + +/** + * Create a attribute_manager instance. + */ +attribute_manager_t *attribute_manager_create(); + +#endif /** ATTRIBUTE_MANAGER_H_ @}*/ diff --git a/src/libstrongswan/attributes/attribute_provider.h b/src/libstrongswan/attributes/attribute_provider.h new file mode 100644 index 000000000..f8485cc6c --- /dev/null +++ b/src/libstrongswan/attributes/attribute_provider.h @@ -0,0 +1,67 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup attribute_provider attribute_provider + * @{ @ingroup attributes + */ + +#ifndef ATTRIBUTE_PROVIDER_H_ +#define ATTRIBUTE_PROVIDER_H_ + +#include +#include + +typedef struct attribute_provider_t attribute_provider_t; + +/** + * Interface to provide attributes to peers through attribute manager. + */ +struct attribute_provider_t { + + /** + * Acquire a virtual IP address to assign to a peer. + * + * @param pool name of the pool to acquire address from + * @param id peer ID + * @param requested IP in configuration request + * @return allocated address, NULL to serve none + */ + host_t* (*acquire_address)(attribute_provider_t *this, + char *pool, identification_t *id, + host_t *requested); + /** + * Release a previously acquired address. + * + * @param pool name of the pool this address was acquired from + * @param address address to release + * @param id peer ID + * @return TRUE if the address has been released by the provider + */ + bool (*release_address)(attribute_provider_t *this, + char *pool, host_t *address, identification_t *id); + + /** + * Create an enumerator over attributes to hand out to a peer. + * + * @param id peer ID + * @param vip virtual IP to assign to peer, if any + * @return enumerator (configuration_attribute_type_t, chunk_t) + */ + enumerator_t* (*create_attribute_enumerator)(attribute_provider_t *this, + identification_t *id, host_t *vip); +}; + +#endif /** ATTRIBUTE_PROVIDER_H_ @}*/ diff --git a/src/libstrongswan/attributes/attributes.c b/src/libstrongswan/attributes/attributes.c new file mode 100644 index 000000000..83feed17e --- /dev/null +++ b/src/libstrongswan/attributes/attributes.c @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + + +#include "attributes.h" + +ENUM_BEGIN(configuration_attribute_type_names, INTERNAL_IP4_ADDRESS, INTERNAL_IP6_PREFIX, + "INTERNAL_IP4_ADDRESS", + "INTERNAL_IP4_NETMASK", + "INTERNAL_IP4_DNS", + "INTERNAL_IP4_NBNS", + "INTERNAL_ADDRESS_EXPIRY", + "INTERNAL_IP4_DHCP", + "APPLICATION_VERSION", + "INTERNAL_IP6_ADDRESS", + "INTERNAL_IP6_NETMASK", + "INTERNAL_IP6_DNS", + "INTERNAL_IP6_NBNS", + "INTERNAL_IP6_DHCP", + "INTERNAL_IP4_SUBNET", + "SUPPORTED_ATTRIBUTES", + "INTERNAL_IP6_SUBNET", + "MIP6_HOME_PREFIX", + "INTERNAL_IP6_LINK", + "INTERNAL_IP6_PREFIX"); +ENUM_NEXT(configuration_attribute_type_names, INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, INTERNAL_IP6_PREFIX, + "INTERNAL_IP4_SERVER", + "INTERNAL_IP6_SERVER"); +ENUM_END(configuration_attribute_type_names, INTERNAL_IP6_SERVER); + diff --git a/src/libstrongswan/attributes/attributes.h b/src/libstrongswan/attributes/attributes.h new file mode 100644 index 000000000..f4a396f21 --- /dev/null +++ b/src/libstrongswan/attributes/attributes.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup attributes_g attributes + * @{ @ingroup attributes + */ + +#ifndef ATTRIBUTES_H_ +#define ATTRIBUTES_H_ + +typedef enum configuration_attribute_type_t configuration_attribute_type_t; + +#include + +/** + * Type of the attribute, as in IKEv2 RFC 3.15.1 or IKEv1 ModeConfig. + */ +enum configuration_attribute_type_t { + INTERNAL_IP4_ADDRESS = 1, + INTERNAL_IP4_NETMASK = 2, + INTERNAL_IP4_DNS = 3, + INTERNAL_IP4_NBNS = 4, + INTERNAL_ADDRESS_EXPIRY = 5, + INTERNAL_IP4_DHCP = 6, + APPLICATION_VERSION = 7, + INTERNAL_IP6_ADDRESS = 8, + INTERNAL_IP6_NETMASK = 9, + INTERNAL_IP6_DNS = 10, + INTERNAL_IP6_NBNS = 11, + INTERNAL_IP6_DHCP = 12, + INTERNAL_IP4_SUBNET = 13, + SUPPORTED_ATTRIBUTES = 14, + INTERNAL_IP6_SUBNET = 15, + MIP6_HOME_PREFIX = 16, + INTERNAL_IP6_LINK = 17, + INTERNAL_IP6_PREFIX = 18, + /* proprietary Microsoft attributes */ + INTERNAL_IP4_SERVER = 23456, + INTERNAL_IP6_SERVER = 23457 +}; + +/** + * enum names for configuration_attribute_type_t. + */ +extern enum_name_t *configuration_attribute_type_names; + + +#endif /** ATTRIBUTES_H_ @}*/ diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c index 40a93e21a..86436e997 100644 --- a/src/libstrongswan/chunk.c +++ b/src/libstrongswan/chunk.c @@ -46,14 +46,14 @@ chunk_t chunk_empty = { NULL, 0 }; chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk) { chunk_t clone = chunk_empty; - + if (chunk.ptr && chunk.len > 0) { clone.ptr = ptr; clone.len = chunk.len; memcpy(clone.ptr, chunk.ptr, chunk.len); } - + return clone; } @@ -64,7 +64,7 @@ size_t chunk_length(const char* mode, ...) { va_list chunks; size_t length = 0; - + va_start(chunks, mode); while (TRUE) { @@ -72,6 +72,7 @@ size_t chunk_length(const char* mode, ...) { case 'm': case 'c': + case 's': { chunk_t ch = va_arg(chunks, chunk_t); length += ch.len; @@ -93,36 +94,42 @@ chunk_t chunk_create_cat(u_char *ptr, const char* mode, ...) { va_list chunks; chunk_t construct = chunk_create(ptr, 0); - + va_start(chunks, mode); while (TRUE) { - bool free_chunk = FALSE; + bool free_chunk = FALSE, clear_chunk = FALSE; + chunk_t ch; + switch (*mode++) { + case 's': + clear_chunk = TRUE; + /* FALL */ case 'm': - { free_chunk = TRUE; - } + /* FALL */ case 'c': - { - chunk_t ch = va_arg(chunks, chunk_t); - memcpy(ptr, ch.ptr, ch.len); + ch = va_arg(chunks, chunk_t); + memcpy(ptr, ch.ptr, ch.len); ptr += ch.len; construct.len += ch.len; - if (free_chunk) + if (clear_chunk) + { + chunk_clear(&ch); + } + else if (free_chunk) { free(ch.ptr); } continue; - } default: break; } break; } va_end(chunks); - + return construct; } @@ -134,7 +141,7 @@ void chunk_split(chunk_t chunk, const char *mode, ...) va_list chunks; u_int len; chunk_t *ch; - + va_start(chunks, mode); while (TRUE) { @@ -255,19 +262,19 @@ chunk_t chunk_to_hex(chunk_t chunk, char *buf, bool uppercase) { int i, len; char *hexdig = hexdig_lower; - + if (uppercase) { hexdig = hexdig_upper; } - + len = chunk.len * 2; if (!buf) { buf = malloc(len + 1); } buf[len] = '\0'; - + for (i = 0; i < chunk.len; i++) { buf[i*2] = hexdig[(chunk.ptr[i] >> 4) & 0xF]; @@ -301,7 +308,7 @@ chunk_t chunk_from_hex(chunk_t hex, char *buf) { int i, len; bool odd = FALSE; - + len = (hex.len / 2); if (hex.len % 2) { @@ -327,7 +334,7 @@ chunk_t chunk_from_hex(chunk_t hex, char *buf) } /** base 64 conversion digits */ -static char b64digits[] = +static char b64digits[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; /** @@ -337,7 +344,7 @@ chunk_t chunk_to_base64(chunk_t chunk, char *buf) { int i, len; char *pos; - + len = chunk.len + ((3 - chunk.len % 3) % 3); if (!buf) { @@ -401,7 +408,7 @@ chunk_t chunk_from_base64(chunk_t base64, char *buf) { u_char *pos, byte[4]; int i, j, len, outlen; - + len = base64.len / 4 * 3; if (!buf) { @@ -442,6 +449,24 @@ int chunk_compare(chunk_t a, chunk_t b) return memcmp(a.ptr, b.ptr, len); }; + +/** + * Described in header. + */ +bool chunk_increment(chunk_t chunk) +{ + int i; + + for (i = chunk.len - 1; i >= 0; i--) + { + if (++chunk.ptr[i] != 0) + { + return FALSE; + } + } + return TRUE; +} + /** * Remove non-printable characters from a chunk. */ @@ -449,7 +474,7 @@ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace) { bool printable = TRUE; int i; - + if (sane) { *sane = chunk_clone(chunk); @@ -470,7 +495,7 @@ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace) /** * Described in header. - * + * * The implementation is based on Paul Hsieh's SuperFastHash: * http://www.azillionmonkeys.com/qed/hash.html */ @@ -480,15 +505,15 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) size_t len = chunk.len; u_int32_t tmp; int rem; - + if (!len || data == NULL) { return 0; } - + rem = len & 3; len >>= 2; - + /* Main loop */ for (; len > 0; --len) { @@ -498,7 +523,7 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) data += 2 * sizeof(u_int16_t); hash += hash >> 11; } - + /* Handle end cases */ switch (rem) { @@ -525,7 +550,7 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) break; } } - + /* Force "avalanching" of final 127 bits */ hash ^= hash << 3; hash += hash >> 5; @@ -533,7 +558,7 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) hash += hash >> 17; hash ^= hash << 25; hash += hash >> 6; - + return hash; } @@ -555,13 +580,13 @@ int chunk_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, bool first = TRUE; chunk_t copy = *chunk; int written = 0; - + if (!spec->hash) { const void *new_args[] = {&chunk->ptr, &chunk->len}; return mem_printf_hook(dst, len, spec, new_args); } - + while (copy.len > 0) { if (first) diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index 66c3f26a2..a526f4a89 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -69,9 +69,11 @@ chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk); size_t chunk_length(const char *mode, ...); /** - * Concatenate chunks into a chunk pointing to "ptr", - * "mode" is a string of "c" (copy) and "m" (move), which says - * how to handle the chunks in "..." + * Concatenate chunks into a chunk pointing to "ptr". + * + * The mode string specifies the number of chunks, and how to handle each of + * them with a single character: 'c' for copy (allocate new chunk), 'm' for move + * (free given chunk) or 's' for sensitive-move (clear given chunk, then free). */ chunk_t chunk_create_cat(u_char *ptr, const char* mode, ...); @@ -90,7 +92,7 @@ void chunk_split(chunk_t chunk, const char *mode, ...); * * @param chunk contents to write to file * @param path path where file is written to - * @param label label specifying file type + * @param label label specifying file type * @param mask file mode creation mask * @param force overwrite existing file by force * @return TRUE if write operation was successful @@ -167,9 +169,9 @@ static inline void chunk_clear(chunk_t *chunk) } /** - * Initialize a chunk to point to buffer inspectable by sizeof() + * Initialize a chunk using a char array */ -#define chunk_from_buf(str) { str, sizeof(str) } +#define chunk_from_chars(...) ((chunk_t){(char[]){__VA_ARGS__}, sizeof((char[]){__VA_ARGS__})}) /** * Initialize a chunk to point to a thing @@ -179,22 +181,22 @@ static inline void chunk_clear(chunk_t *chunk) /** * Allocate a chunk on the heap */ -#define chunk_alloc(bytes) chunk_create(malloc(bytes), bytes) +#define chunk_alloc(bytes) ({size_t x = (bytes); chunk_create(malloc(x), x);}) /** * Allocate a chunk on the stack */ -#define chunk_alloca(bytes) chunk_create(alloca(bytes), bytes) +#define chunk_alloca(bytes) ({size_t x = (bytes); chunk_create(alloca(x), x);}) /** * Clone a chunk on heap */ -#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc((chunk).len) : NULL, chunk) +#define chunk_clone(chunk) ({chunk_t x = (chunk); chunk_create_clone(x.len ? malloc(x.len) : NULL, x);}) /** * Clone a chunk on stack */ -#define chunk_clonea(chunk) chunk_create_clone(alloca((chunk).len), chunk) +#define chunk_clonea(chunk) ({chunk_t x = (chunk); chunk_create_clone(alloca(x.len), x);}) /** * Concatenate chunks into a chunk on heap @@ -236,6 +238,14 @@ static inline bool chunk_equals(chunk_t a, chunk_t b) a.len == b.len && memeq(a.ptr, b.ptr, a.len); } +/** + * Increment a chunk, as it would reprensent a network order integer. + * + * @param chunk chunk to increment + * @return TRUE if an overflow occured + */ +bool chunk_increment(chunk_t chunk); + /** * Check if a chunk has printable characters only. * @@ -263,8 +273,8 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash); /** * printf hook function for chunk_t. * - * Arguments are: - * chunk_t *chunk + * Arguments are: + * chunk_t *chunk * Use #-modifier to print a compact version */ int chunk_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index 701cbcde3..8be1c1576 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -17,36 +17,43 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_FROM_FILE", + "BUILD_FROM_FD", "BUILD_AGENT_SOCKET", "BUILD_BLOB_ASN1_DER", - "BUILD_BLOB_ASN1_PEM", + "BUILD_BLOB_PEM", "BUILD_BLOB_PGP", - "BUILD_BLOB_RFC_3110", + "BUILD_BLOB_DNSKEY", + "BUILD_PASSPHRASE", + "BUILD_PASSPHRASE_CALLBACK", "BUILD_KEY_SIZE", "BUILD_SIGNING_KEY", "BUILD_SIGNING_CERT", "BUILD_PUBLIC_KEY", "BUILD_SUBJECT", - "BUILD_SUBJECT_ALTNAME", + "BUILD_SUBJECT_ALTNAMES", "BUILD_ISSUER", - "BUILD_ISSUER_ALTNAME", + "BUILD_ISSUER_ALTNAMES", "BUILD_NOT_BEFORE_TIME", "BUILD_NOT_AFTER_TIME", "BUILD_SERIAL", + "BUILD_DIGEST_ALG", "BUILD_IETF_GROUP_ATTR", "BUILD_CA_CERT", "BUILD_CERT", + "BUILD_CRL_DISTRIBUTION_POINTS", + "BUILD_OCSP_ACCESS_LOCATIONS", + "BUILD_PATHLEN", "BUILD_X509_FLAG", "BUILD_SMARTCARD_KEYID", "BUILD_SMARTCARD_PIN", + "BUILD_RSA_MODULUS", + "BUILD_RSA_PUB_EXP", + "BUILD_RSA_PRIV_EXP", + "BUILD_RSA_PRIME1", + "BUILD_RSA_PRIME2", + "BUILD_RSA_EXP1", + "BUILD_RSA_EXP2", + "BUILD_RSA_COEFF", "BUILD_END", ); -/** - * See header. - */ -void* builder_free(builder_t *this) -{ - free(this); - return NULL; -} diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index 01ccf2a5c..62a6ffaaf 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -21,16 +21,21 @@ #ifndef BUILDER_H_ #define BUILDER_H_ -typedef struct builder_t builder_t; +#include + typedef enum builder_part_t builder_part_t; /** - * Constructor function which creates a new builder instance. + * Constructor function to build credentials. + * + * Any added parts are cloned/refcounted by the builder implementation, a + * caller may need to free the passed ressources themself. * - * @param subtype constructor specific subtype, e.g. certificate_type_t - * @return builder to construct a instance of type + * @param subtype constructor specific subtype, e.g. a certificate_type_t + * @param args list of builder part types, followed by parts, BUILD_END + * @return builder specific credential, NULL on error */ -typedef builder_t* (*builder_constructor_t)(int subtype); +typedef void* (*builder_function_t)(int subtype, va_list args); #include @@ -38,18 +43,26 @@ typedef builder_t* (*builder_constructor_t)(int subtype); * Parts to build credentials from. */ enum builder_part_t { - /** path to a file containing an ASN.1 blob, char* */ + /** path to a file encoded in any format, char* */ BUILD_FROM_FILE, + /** file descriptor to read data, encoded in any format, int */ + BUILD_FROM_FD, /** unix socket of a ssh/pgp agent, char* */ BUILD_AGENT_SOCKET, /** DER encoded ASN.1 blob, chunk_t */ BUILD_BLOB_ASN1_DER, - /** PEM encoded ASN.1 blob, null terminated char* */ - BUILD_BLOB_ASN1_PEM, + /** PEM encoded ASN.1/PGP blob, chunk_t */ + BUILD_BLOB_PEM, /** OpenPGP key blob, chunk_t */ BUILD_BLOB_PGP, - /** RFC 3110 DNS public key blob, chunk_t */ - BUILD_BLOB_RFC_3110, + /** DNS public key blob (RFC 4034, RSA specifc RFC 3110), chunk_t */ + BUILD_BLOB_DNSKEY, + /** passphrase for e.g. PEM decryption, chunk_t */ + BUILD_PASSPHRASE, + /** passphrase callback, chunk_t(*fn)(void *user, int try), void *user. + * The callback is invoked until the returned passphrase is accepted, or + * a zero-length passphrase is returned. Try starts at 1. */ + BUILD_PASSPHRASE_CALLBACK, /** key size in bits, as used for key generation, u_int */ BUILD_KEY_SIZE, /** private key to use for signing, private_key_t* */ @@ -60,30 +73,54 @@ enum builder_part_t { BUILD_PUBLIC_KEY, /** subject for e.g. certificates, identification_t* */ BUILD_SUBJECT, - /** additional subject name, identification_t* */ - BUILD_SUBJECT_ALTNAME, + /** additional subject names, linked_list_t* containing identification_t* */ + BUILD_SUBJECT_ALTNAMES, /** issuer for e.g. certificates, identification_t* */ BUILD_ISSUER, - /** additional issuer name, identification_t* */ - BUILD_ISSUER_ALTNAME, + /** additional issuer names, linked_list_t* containing identification_t* */ + BUILD_ISSUER_ALTNAMES, /** notBefore, time_t* */ BUILD_NOT_BEFORE_TIME, /** notAfter, time_t* */ BUILD_NOT_AFTER_TIME, /** a serial number in binary form, chunk_t */ BUILD_SERIAL, + /** digest algorithm to be used for signature, int */ + BUILD_DIGEST_ALG, /** a comma-separated list of ietf group attributes, char* */ BUILD_IETF_GROUP_ATTR, /** a ca certificate, certificate_t* */ BUILD_CA_CERT, /** a certificate, certificate_t* */ BUILD_CERT, + /** CRL distribution point URIs, linked_list_t* containing char* */ + BUILD_CRL_DISTRIBUTION_POINTS, + /** OCSP AuthorityInfoAccess locations, linked_list_t* containing char* */ + BUILD_OCSP_ACCESS_LOCATIONS, + /** certificate path length constraint */ + BUILD_PATHLEN, /** enforce an additional X509 flag, x509_flag_t */ BUILD_X509_FLAG, /** key ID of a key on a smartcard, null terminated char* ([slot:]keyid) */ BUILD_SMARTCARD_KEYID, /** pin to access a key on a smartcard, null terminated char* */ BUILD_SMARTCARD_PIN, + /** modulus (n) of a RSA key, chunk_t */ + BUILD_RSA_MODULUS, + /** public exponent (e) of a RSA key, chunk_t */ + BUILD_RSA_PUB_EXP, + /** private exponent (d) of a RSA key, chunk_t */ + BUILD_RSA_PRIV_EXP, + /** prime 1 (p) of a RSA key (p < q), chunk_t */ + BUILD_RSA_PRIME1, + /** prime 2 (q) of a RSA key (p < q), chunk_t */ + BUILD_RSA_PRIME2, + /** exponent 1 (exp1) of a RSA key, chunk_t */ + BUILD_RSA_EXP1, + /** exponent 2 (exp1) of a RSA key, chunk_t */ + BUILD_RSA_EXP2, + /** coefficient (coeff) of a RSA key, chunk_t */ + BUILD_RSA_COEFF, /** end of variable argument builder list */ BUILD_END, }; @@ -93,44 +130,4 @@ enum builder_part_t { */ extern enum_name_t *builder_part_names; -/** - * Credential construction API. - * - * The builder allows the construction of credentials in a generic and - * flexible way. - */ -struct builder_t { - - /** - * Add a part to the construct. - * - * Any added parts are cloned/refcounted by the builder implementation, a - * caller may need to free the passed ressources themself. - * - * @param part kind of part - * @param ... part specific variable argument - */ - void (*add)(builder_t *this, builder_part_t part, ...); - - /** - * Build the construct with all supplied parts. - * - * Once build() is called, the builder gets destroyed. - * - * @return specific interface, as requested with constructor. - */ - void* (*build)(builder_t *this); -}; - -/** - * Helper macro to cancel a build in a builder - */ -#define builder_cancel(builder) { (builder)->add = (void*)nop; \ - (builder)->build = (void*)builder_free; } - -/** - * Helper function for a cancelled build. - */ -void* builder_free(builder_t *this); - #endif /** BUILDER_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/ac.h b/src/libstrongswan/credentials/certificates/ac.h index fb99b4756..fef7f8c65 100644 --- a/src/libstrongswan/credentials/certificates/ac.h +++ b/src/libstrongswan/credentials/certificates/ac.h @@ -1,9 +1,7 @@ /* - * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler - * Copyright (C) 2003 Martin Berner, Lukas Suter - * Copyright (C) 2002-2008 Andreas Steffen + * Copyright (C) 2002-2009 Andreas Steffen * - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -26,6 +24,7 @@ #include #include +#include typedef struct ac_t ac_t; @@ -41,14 +40,14 @@ struct ac_t { * Implements the certificate_t interface */ certificate_t certificate; - + /** * Get the attribute certificate's serial number. * * @return chunk pointing to serialNumber */ chunk_t (*get_serial)(ac_t *this); - + /** * Get the serial number of the holder certificate. * @@ -64,11 +63,18 @@ struct ac_t { identification_t* (*get_holderIssuer)(ac_t *this); /** - * Get the thauthorityKeyIdentifier. + * Get the authorityKeyIdentifier. + * + * @return authKeyIdentifier as chunk_t, to internal data + */ + chunk_t (*get_authKeyIdentifier)(ac_t *this); + + /** + * Get the group memberships as a list of IETF attributes * - * @return authKeyIdentifier as identification_t* + * @return object containing a list of IETF attributes */ - identification_t* (*get_authKeyIdentifier)(ac_t *this); + ietf_attributes_t* (*get_groups)(ac_t *this); /** * @brief Checks if two attribute certificates belong to the same holder diff --git a/src/libstrongswan/credentials/certificates/certificate.c b/src/libstrongswan/credentials/certificates/certificate.c index 041e2f1db..156d12358 100644 --- a/src/libstrongswan/credentials/certificates/certificate.c +++ b/src/libstrongswan/credentials/certificates/certificate.c @@ -17,16 +17,19 @@ #include -ENUM(certificate_type_names, CERT_ANY, CERT_PGP, +ENUM(certificate_type_names, CERT_ANY, CERT_PLUTO_CRL, "ANY", "X509", "X509_CRL", "X509_OCSP_REQUEST", "X509_OCSP_RESPONSE", "X509_AC", - "X509_CHAIN", "TRUSTED_PUBKEY", + "PKCS10_REQUEST", "PGP", + "PLUTO_CERT", + "PLUTO_AC", + "PLUTO_CRL", ); ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_REVOKED, diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h index 81fce5508..a4f9aa3e0 100644 --- a/src/libstrongswan/credentials/certificates/certificate.h +++ b/src/libstrongswan/credentials/certificates/certificate.h @@ -47,8 +47,14 @@ enum certificate_type_t { CERT_X509_AC, /** trusted, preinstalled public key */ CERT_TRUSTED_PUBKEY, + /** PKCS#10 certificate request */ + CERT_PKCS10_REQUEST, /** PGP certificate */ - CERT_PGP, + CERT_GPG, + /** Pluto cert_t (not a certificate_t), either x509 or PGP */ + CERT_PLUTO_CERT, + /** Pluto x509crl_t (not a certificate_t), certificate revocation list */ + CERT_PLUTO_CRL, }; /** @@ -82,7 +88,7 @@ extern enum_name_t *cert_validation_names; /** * An abstract certificate. * - * A certificate designs a subject-issuer relationship. It may have an + * A certificate designs a subject-issuer relationship. It may have an * associated public key. */ struct certificate_t { @@ -90,7 +96,7 @@ struct certificate_t { /** * Get the type of the certificate. * - * @return certifcate type + * @return certificate type */ certificate_type_t (*get_type)(certificate_t *this); @@ -100,7 +106,7 @@ struct certificate_t { * @return subject identity */ identification_t* (*get_subject)(certificate_t *this); - + /** * Check if certificate contains a subject ID. * @@ -111,14 +117,14 @@ struct certificate_t { * @return matching value of best match */ id_match_t (*has_subject)(certificate_t *this, identification_t *subject); - + /** * Get the issuer which signed this certificate. * * @return issuer identity */ identification_t* (*get_issuer)(certificate_t *this); - + /** * Check if certificate contains an issuer ID. * @@ -129,7 +135,7 @@ struct certificate_t { * @return matching value of best match */ id_match_t (*has_issuer)(certificate_t *this, identification_t *issuer); - + /** * Check if this certificate is issued and signed by a specific issuer. * @@ -137,14 +143,14 @@ struct certificate_t { * @return TRUE if certificate issued by issuer and trusted */ bool (*issued_by)(certificate_t *this, certificate_t *issuer); - + /** * Get the public key associated to this certificate. * * @return newly referenced public_key, NULL if none available */ public_key_t* (*get_public_key)(certificate_t *this); - + /** * Check the lifetime of the certificate. * @@ -155,21 +161,21 @@ struct certificate_t { */ bool (*get_validity)(certificate_t *this, time_t *when, time_t *not_before, time_t *not_after); - + /** * Is this newer than that? * * @return TRUE if newer, FALSE otherwise */ bool (*is_newer)(certificate_t *this, certificate_t *that); - + /** * Get the certificate in an encoded form. * * @return allocated chunk of encoded cert */ chunk_t (*get_encoding)(certificate_t *this); - + /** * Check if two certificates are equal. * @@ -177,18 +183,18 @@ struct certificate_t { * @return TRUE if certificates are equal */ bool (*equals)(certificate_t *this, certificate_t *other); - + /** * Get a new reference to the certificate. * - * @return this, with an increased refcount + * @return this, with an increased refcount */ certificate_t* (*get_ref)(certificate_t *this); - + /** - * Destroy a certificate. - */ - void (*destroy)(certificate_t *this); + * Destroy a certificate. + */ + void (*destroy)(certificate_t *this); }; #endif /** CERTIFICATE_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/crl.c b/src/libstrongswan/credentials/certificates/crl.c index 0d6654075..085ad16cc 100644 --- a/src/libstrongswan/credentials/certificates/crl.c +++ b/src/libstrongswan/credentials/certificates/crl.c @@ -16,7 +16,7 @@ #include "crl.h" -ENUM(crl_reason_names, CRL_UNSPECIFIED, CRL_REMOVE_FROM_CRL, +ENUM(crl_reason_names, CRL_REASON_UNSPECIFIED, CRL_REASON_REMOVE_FROM_CRL, "unspecified", "key compromise", "ca compromise", diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index 3fef0d710..4b612390c 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -32,14 +32,14 @@ typedef enum crl_reason_t crl_reason_t; * RFC 2459 CRL reason codes */ enum crl_reason_t { - CRL_UNSPECIFIED = 0, - CRL_KEY_COMPROMISE = 1, - CRL_CA_COMPROMISE = 2, - CRL_AFFILIATION_CHANGED = 3, - CRL_SUPERSEDED = 4, - CRL_CESSATION_OF_OPERATON = 5, - CRL_CERTIFICATE_HOLD = 6, - CRL_REMOVE_FROM_CRL = 8, + CRL_REASON_UNSPECIFIED = 0, + CRL_REASON_KEY_COMPROMISE = 1, + CRL_REASON_CA_COMPROMISE = 2, + CRL_REASON_AFFILIATION_CHANGED = 3, + CRL_REASON_SUPERSEDED = 4, + CRL_REASON_CESSATION_OF_OPERATON = 5, + CRL_REASON_CERTIFICATE_HOLD = 6, + CRL_REASON_REMOVE_FROM_CRL = 8, }; /** @@ -56,21 +56,21 @@ struct crl_t { * Implements (parts of) the certificate_t interface */ certificate_t certificate; - + /** * Get the CRL serial number. * * @return chunk pointing to internal crlNumber */ chunk_t (*get_serial)(crl_t *this); - + /** * Get the the authorityKeyIdentifier. * - * @return authKeyIdentifier as identification_t* + * @return authKeyIdentifier chunk, point to internal data */ - identification_t* (*get_authKeyIdentifier)(crl_t *this); - + chunk_t (*get_authKeyIdentifier)(crl_t *this); + /** * Create an enumerator over all revoked certificates. * @@ -80,7 +80,7 @@ struct crl_t { * @return enumerator over revoked certificates. */ enumerator_t* (*create_enumerator)(crl_t *this); - + }; #endif /** CRL_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.h b/src/libstrongswan/credentials/certificates/ocsp_response.h index a70f3eee4..157577458 100644 --- a/src/libstrongswan/credentials/certificates/ocsp_response.h +++ b/src/libstrongswan/credentials/certificates/ocsp_response.h @@ -28,7 +28,7 @@ typedef struct ocsp_response_t ocsp_response_t; typedef enum ocsp_status_t ocsp_status_t; /** - * OCSP response status + * OCSP response status */ enum ocsp_status_t { OCSP_SUCCESSFUL = 0, @@ -53,7 +53,7 @@ struct ocsp_response_t { * Implements certificiate_t interface */ certificate_t certificate; - + /** * Check the status of a certificate by this OCSP response. * @@ -65,18 +65,18 @@ struct ocsp_response_t { * @param next_update exptected time of next revocation list * @return certificate revocation status */ - cert_validation_t (*get_status)(ocsp_response_t *this, + cert_validation_t (*get_status)(ocsp_response_t *this, x509_t *subject, x509_t *issuer, time_t *revocation_time, crl_reason_t *revocation_reason, time_t *this_update, time_t *next_update); - + /** * Create an enumerator over the contained certificates. * * @return enumerator over certificate_t* */ - enumerator_t* (*create_cert_enumerator)(ocsp_response_t *this); + enumerator_t* (*create_cert_enumerator)(ocsp_response_t *this); }; #endif /** OCSP_RESPONSE_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/pgp_certificate.h b/src/libstrongswan/credentials/certificates/pgp_certificate.h new file mode 100644 index 000000000..94a31e14d --- /dev/null +++ b/src/libstrongswan/credentials/certificates/pgp_certificate.h @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pgp_certificate pgp_certificate + * @{ @ingroup certificates + */ + +#ifndef PGP_CERTIFICATE_H_ +#define PGP_CERTIFICATE_H_ + +#include + +typedef struct pgp_certificate_t pgp_certificate_t; + +/** + * PGP certificate interface. + */ +struct pgp_certificate_t { + + /** + * Implements certificate_t. + */ + certificate_t interface; + + /** + * Get the v3 or v4 fingerprint of the PGP public key + * + * @return fingerprint as chunk_t, internal data + */ + chunk_t (*get_fingerprint)(pgp_certificate_t *this); +}; + +#endif /** PGP_CERTIFICATE_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/pkcs10.h b/src/libstrongswan/credentials/certificates/pkcs10.h new file mode 100644 index 000000000..9a4979757 --- /dev/null +++ b/src/libstrongswan/credentials/certificates/pkcs10.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2009 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup req req + * @{ @ingroup certificates + */ + +#ifndef PKCS10_H_ +#define PKCS10_H_ + +#include +#include + +typedef struct pkcs10_t pkcs10_t; + +/** + * PKCS#10 certificate request interface. + * + * This interface adds additional methods to the certificate_t type to + * allow further operations on a certificate request. + */ +struct pkcs10_t { + + /** + * Implements certificate_t. + */ + certificate_t interface; + + /** + * Get the challenge password + * + * @return challenge password as a chunk_t + */ + chunk_t (*get_challengePassword)(pkcs10_t *this); + + /** + * Get. + * + * @return enumerator over subjectAltNames as identification_t* + */ + enumerator_t* (*create_subjectAltName_enumerator)(pkcs10_t *this); +}; + +#endif /** PKCS10_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/x509.c b/src/libstrongswan/credentials/certificates/x509.c index 5d53f0c68..66dc192c1 100644 --- a/src/libstrongswan/credentials/certificates/x509.c +++ b/src/libstrongswan/credentials/certificates/x509.c @@ -15,10 +15,14 @@ #include "x509.h" -ENUM(x509_flag_names, X509_CA, X509_SELF_SIGNED, +ENUM(x509_flag_names, X509_NONE, X509_IP_ADDR_BLOCKS, + "X509_NONE", "X509_CA", "X509_AA", "X509_OCSP_SIGNER", + "X509_SERVER_AUTH", + "X509_CLIENT_AUTH", "X509_SELF_SIGNED", + "X509_IP_ADDR_BLOCKS", ); diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index eedab78f7..172bd9696 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -24,6 +24,9 @@ #include #include +#define X509_NO_PATH_LEN_CONSTRAINT -1 +#define X509_MAX_PATH_LEN 7 + typedef struct x509_t x509_t; typedef enum x509_flag_t x509_flag_t; @@ -31,14 +34,22 @@ typedef enum x509_flag_t x509_flag_t; * X.509 certificate flags. */ enum x509_flag_t { + /** cert has no constraints */ + X509_NONE = 0, /** cert has CA constraint */ - X509_CA = (1<<0), + X509_CA = (1<<0), /** cert has AA constraint */ - X509_AA = (1<<1), + X509_AA = (1<<1), /** cert has OCSP signer constraint */ - X509_OCSP_SIGNER = (1<<2), + X509_OCSP_SIGNER = (1<<2), + /** cert has serverAuth key usage */ + X509_SERVER_AUTH = (1<<3), + /** cert has clientAuth key usage */ + X509_CLIENT_AUTH = (1<<4), /** cert is self-signed */ - X509_SELF_SIGNED = (1<<3), + X509_SELF_SIGNED = (1<<5), + /** cert has an ipAddrBlocks extension */ + X509_IP_ADDR_BLOCKS = (1<<6), }; /** @@ -58,48 +69,69 @@ struct x509_t { * Implements certificate_t. */ certificate_t interface; - + /** * Get the flags set for this certificate. * * @return set of flags */ x509_flag_t (*get_flags)(x509_t *this); - + /** * Get the certificate serial number. * * @return chunk pointing to internal serial number */ chunk_t (*get_serial)(x509_t *this); - + + /** + * Get the the subjectKeyIdentifier. + * + * @return subjectKeyIdentifier as chunk_t, internal data + */ + chunk_t (*get_subjectKeyIdentifier)(x509_t *this); + /** * Get the the authorityKeyIdentifier. * - * @return authKeyIdentifier as identification_t* + * @return authKeyIdentifier as chunk_t, internal data */ - identification_t* (*get_authKeyIdentifier)(x509_t *this); - + chunk_t (*get_authKeyIdentifier)(x509_t *this); + + /** + * Get an optional path length constraint. + * + * @return pathLenConstraint, -1 if no constraint exists + */ + int (*get_pathLenConstraint)(x509_t *this); + /** * Create an enumerator over all subjectAltNames. * * @return enumerator over subjectAltNames as identification_t* */ enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this); - + /** * Create an enumerator over all CRL URIs. * * @return enumerator over URIs as char* */ enumerator_t* (*create_crl_uri_enumerator)(x509_t *this); - + /** * Create an enumerator over all OCSP URIs. * * @return enumerator over URIs as char* */ enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this); + + /** + * Create an enumerator over all ipAddrBlocks. + * + * @return enumerator over ipAddrBlocks as traffic_selector_t* + */ + enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this); }; #endif /** X509_H_ @}*/ diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c index e55df0398..5139ad504 100644 --- a/src/libstrongswan/credentials/credential_factory.c +++ b/src/libstrongswan/credentials/credential_factory.c @@ -13,17 +13,21 @@ * for more details. */ +#include + #include "credential_factory.h" #include #include -#include +#include +#include #include ENUM(credential_type_names, CRED_PRIVATE_KEY, CRED_CERTIFICATE, "CRED_PRIVATE_KEY", "CRED_PUBLIC_KEY", "CRED_CERTIFICATE", + "CRED_PLUTO_CERT", ); typedef struct private_credential_factory_t private_credential_factory_t; @@ -37,12 +41,17 @@ struct private_credential_factory_t { * public functions */ credential_factory_t public; - + /** * list with entry_t */ linked_list_t *constructors; - + + /** + * Thread specific recursiveness counter + */ + thread_value_t *recursive; + /** * lock access to builders */ @@ -55,52 +64,19 @@ struct entry_t { credential_type_t type; /** subtype of credential, e.g. certificate_type_t */ int subtype; - /** builder construction function */ - builder_constructor_t constructor; + /** builder function */ + builder_function_t constructor; }; -/** - * type/subtype filter function for builder_enumerator - */ -static bool builder_filter(entry_t *data, entry_t **in, builder_t **out) -{ - if (data->type == (*in)->type && - data->subtype == (*in)->subtype) - { - *out = (*in)->constructor(data->subtype); - return TRUE; - } - return FALSE; -} - -/** - * Implementation of credential_factory_t.create_builder_enumerator. - */ -static enumerator_t* create_builder_enumerator( - private_credential_factory_t *this, credential_type_t type, int subtype) -{ - entry_t *data = malloc_thing(entry_t); - - data->type = type; - data->subtype = subtype; - - this->lock->read_lock(this->lock); - return enumerator_create_cleaner( - enumerator_create_filter( - this->constructors->create_enumerator(this->constructors), - (void*)builder_filter, data, free), - (void*)this->lock->unlock, this->lock); -} - /** * Implementation of credential_factory_t.add_builder_constructor. */ static void add_builder(private_credential_factory_t *this, credential_type_t type, int subtype, - builder_constructor_t constructor) + builder_function_t constructor) { entry_t *entry = malloc_thing(entry_t); - + entry->type = type; entry->subtype = subtype; entry->constructor = constructor; @@ -113,11 +89,11 @@ static void add_builder(private_credential_factory_t *this, * Implementation of credential_factory_t.remove_builder. */ static void remove_builder(private_credential_factory_t *this, - builder_constructor_t constructor) + builder_function_t constructor) { enumerator_t *enumerator; entry_t *entry; - + this->lock->write_lock(this->lock); enumerator = this->constructors->create_enumerator(this->constructors); while (enumerator->enumerate(enumerator, &entry)) @@ -139,73 +115,46 @@ static void* create(private_credential_factory_t *this, credential_type_t type, int subtype, ...) { enumerator_t *enumerator; - builder_t *builder; - builder_part_t part; + entry_t *entry; va_list args; - void* construct = NULL; - - enumerator = create_builder_enumerator(this, type, subtype); - while (enumerator->enumerate(enumerator, &builder)) + void *construct = NULL; + int failures = 0; + uintptr_t level; + + level = (uintptr_t)this->recursive->get(this->recursive); + this->recursive->set(this->recursive, (void*)level + 1); + + this->lock->read_lock(this->lock); + enumerator = this->constructors->create_enumerator(this->constructors); + while (enumerator->enumerate(enumerator, &entry)) { - va_start(args, subtype); - while (TRUE) + if (entry->type == type && entry->subtype == subtype) { - part = va_arg(args, builder_part_t); - switch (part) + va_start(args, subtype); + construct = entry->constructor(subtype, args); + va_end(args); + if (construct) { - case BUILD_END: - break; - case BUILD_BLOB_ASN1_DER: - case BUILD_BLOB_PGP: - case BUILD_BLOB_RFC_3110: - case BUILD_SERIAL: - builder->add(builder, part, va_arg(args, chunk_t)); - continue; - case BUILD_X509_FLAG: - builder->add(builder, part, va_arg(args, x509_flag_t)); - continue; - case BUILD_KEY_SIZE: - builder->add(builder, part, va_arg(args, u_int)); - continue; - case BUILD_NOT_BEFORE_TIME: - case BUILD_NOT_AFTER_TIME: - builder->add(builder, part, va_arg(args, time_t)); - continue; - case BUILD_BLOB_ASN1_PEM: - case BUILD_FROM_FILE: - case BUILD_AGENT_SOCKET: - case BUILD_SIGNING_KEY: - case BUILD_PUBLIC_KEY: - case BUILD_SUBJECT: - case BUILD_SUBJECT_ALTNAME: - case BUILD_ISSUER: - case BUILD_ISSUER_ALTNAME: - case BUILD_SIGNING_CERT: - case BUILD_CA_CERT: - case BUILD_CERT: - case BUILD_IETF_GROUP_ATTR: - case BUILD_SMARTCARD_KEYID: - case BUILD_SMARTCARD_PIN: - builder->add(builder, part, va_arg(args, void*)); - continue; - /* no default to get a compiler warning */ + break; } - break; - } - va_end(args); - - construct = builder->build(builder); - if (construct) - { - break; + failures++; } } enumerator->destroy(enumerator); - if (!construct) + this->lock->unlock(this->lock); + + if (!construct && !level) { - DBG1("failed to create a builder for credential type %N," - " subtype (%d)", credential_type_names, type, subtype); + enum_name_t *names = key_type_names; + + if (type == CRED_CERTIFICATE) + { + names = certificate_type_names; + } + DBG1("building %N - %N failed, tried %d builders", + credential_type_names, type, names, subtype, failures); } + this->recursive->set(this->recursive, (void*)level); return construct; } @@ -215,6 +164,7 @@ static void* create(private_credential_factory_t *this, credential_type_t type, static void destroy(private_credential_factory_t *this) { this->constructors->destroy_function(this->constructors, free); + this->recursive->destroy(this->recursive); this->lock->destroy(this->lock); free(this); } @@ -227,15 +177,14 @@ credential_factory_t *credential_factory_create() private_credential_factory_t *this = malloc_thing(private_credential_factory_t); this->public.create = (void*(*)(credential_factory_t*, credential_type_t type, int subtype, ...))create; - this->public.create_builder_enumerator = (enumerator_t*(*)(credential_factory_t*, credential_type_t type, int subtype))create_builder_enumerator; - this->public.add_builder = (void(*)(credential_factory_t*,credential_type_t type, int subtype, builder_constructor_t constructor))add_builder; - this->public.remove_builder = (void(*)(credential_factory_t*,builder_constructor_t constructor))remove_builder; + this->public.add_builder = (void(*)(credential_factory_t*,credential_type_t type, int subtype, builder_function_t constructor))add_builder; + this->public.remove_builder = (void(*)(credential_factory_t*,builder_function_t constructor))remove_builder; this->public.destroy = (void(*)(credential_factory_t*))destroy; - + this->constructors = linked_list_create(); - + this->recursive = thread_value_create(NULL); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + return &this->public; } diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h index 5057a7aae..e8ffb6b9d 100644 --- a/src/libstrongswan/credentials/credential_factory.h +++ b/src/libstrongswan/credentials/credential_factory.h @@ -47,13 +47,13 @@ extern enum_name_t *credential_type_names; * Manages credential construction functions and creates instances. */ struct credential_factory_t { - + /** * Create a credential using a list of builder_part_t's. * * The variable argument list takes builder_part_t types followed * by the type specific value. The list must be terminated using BUILD_END. - * All passed parts get cloned/refcounted by the builder implementations, + * All passed parts get cloned/refcounted by the builder functions, * so free up allocated ressources after successful and unsuccessful * invocations. * @@ -64,41 +64,28 @@ struct credential_factory_t { */ void* (*create)(credential_factory_t *this, credential_type_t type, int subtype, ...); - - /** - * Create an enumerator for a builder type. - * - * The build() method has to be called on each enumerated builder to - * cleanup associated ressources. - * - * @param type type of credentials the builder creates - * @param subtype type specific subtype, such as certificate_type_t - * @return enumerator over builder_t - */ - enumerator_t* (*create_builder_enumerator)(credential_factory_t *this, - credential_type_t type, int subtype); - + /** - * Register a builder_t constructor function. + * Register a credential builder function. * * @param type type of credential the builder creates * @param constructor builder constructor function to register */ void (*add_builder)(credential_factory_t *this, - credential_type_t type, int subtype, - builder_constructor_t constructor); + credential_type_t type, int subtype, + builder_function_t constructor); /** - * Unregister a builder_t constructor function. + * Unregister a credential builder function. * * @param constructor constructor function to unregister. */ - void (*remove_builder)(credential_factory_t *this, - builder_constructor_t constructor); - + void (*remove_builder)(credential_factory_t *this, + builder_function_t constructor); + /** - * Destroy a credential_factory instance. - */ - void (*destroy)(credential_factory_t *this); + * Destroy a credential_factory instance. + */ + void (*destroy)(credential_factory_t *this); }; /** diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c new file mode 100644 index 000000000..ff3ddeb6f --- /dev/null +++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c @@ -0,0 +1,533 @@ +/* + * Copyright (C) 2007-2009 Andreas Steffen + * + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include +#include +#include +#include + +#include "ietf_attributes.h" + +/** + * Private definition of IETF attribute types + */ +typedef enum { + IETF_ATTRIBUTE_OCTETS = 0, + IETF_ATTRIBUTE_OID = 1, + IETF_ATTRIBUTE_STRING = 2 +} ietf_attribute_type_t; + +typedef struct ietf_attr_t ietf_attr_t; + +/** + * Private definition of an IETF attribute + */ +struct ietf_attr_t { + /** + * IETF attribute type + */ + ietf_attribute_type_t type; + + /** + * IETF attribute value + */ + chunk_t value; + + /** + * Compares two IETF attributes + * + * return -1 if this is earlier in the alphabet than other + * return 0 if this equals other + * return +1 if this is later in the alphabet than other + * + * @param other other object + */ + int (*compare) (ietf_attr_t *this, ietf_attr_t *other); + + /** + * Destroys an ietf_attr_t object. + */ + void (*destroy) (ietf_attr_t *this); +}; + +/** + * Implements ietf_attr_t.compare. + */ +static int ietf_attr_compare(ietf_attr_t *this, ietf_attr_t *other) +{ + int cmp_len, len, cmp_value; + + /* OID attributes are appended after STRING and OCTETS attributes */ + if (this->type != IETF_ATTRIBUTE_OID && other->type == IETF_ATTRIBUTE_OID) + { + return -1; + } + if (this->type == IETF_ATTRIBUTE_OID && other->type != IETF_ATTRIBUTE_OID) + { + return 1; + } + + cmp_len = this->value.len - other->value.len; + len = (cmp_len < 0) ? this->value.len : other->value.len; + cmp_value = memcmp(this->value.ptr, other->value.ptr, len); + + return (cmp_value == 0) ? cmp_len : cmp_value; +} + +/** + * Implements ietf_attr_t.destroy. + */ +static void ietf_attr_destroy(ietf_attr_t *this) +{ + free(this->value.ptr); + free(this); +} + +/** + * Creates an ietf_attr_t object. + */ +static ietf_attr_t* ietf_attr_create(ietf_attribute_type_t type, chunk_t value) +{ + ietf_attr_t *this = malloc_thing(ietf_attr_t); + + /* initialize */ + this->type = type; + this->value = chunk_clone(value); + + /* function */ + this->compare = ietf_attr_compare; + this->destroy = ietf_attr_destroy; + + return this; +} + +typedef struct private_ietf_attributes_t private_ietf_attributes_t; + +/** + * Private data of an ietf_attributes_t object. + */ +struct private_ietf_attributes_t { + /** + * Public interface. + */ + ietf_attributes_t public; + + /** + * Printable representation of the IETF attributes + */ + char *string; + + /** + * Linked list of IETF attributes. + */ + linked_list_t *list; + + /** + * reference count + */ + refcount_t ref; +}; + +/** + * Implementation of ietf_attributes_t.get_string. + */ +static char* get_string(private_ietf_attributes_t *this) +{ + if (this->string == NULL) + { + char buf[BUF_LEN]; + char *pos = buf; + int len = BUF_LEN; + bool first = TRUE; + ietf_attr_t *attr; + enumerator_t *enumerator; + + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, &attr)) + { + int written = 0; + + if (first) + { + first = FALSE; + } + else + { + written = snprintf(pos, len, ", "); + pos += written; + len -= written; + } + + switch (attr->type) + { + case IETF_ATTRIBUTE_OCTETS: + case IETF_ATTRIBUTE_STRING: + written = snprintf(pos, len, "%.*s", (int)attr->value.len, + attr->value.ptr); + break; + case IETF_ATTRIBUTE_OID: + { + int oid = asn1_known_oid(attr->value); + + if (oid == OID_UNKNOWN) + { + written = snprintf(pos, len, "0x#B", &attr->value); + } + else + { + written = snprintf(pos, len, "%s", oid_names[oid]); + } + break; + } + default: + break; + } + pos += written; + len -= written; + } + enumerator->destroy(enumerator); + if (len < BUF_LEN) + { + this->string = strdup(buf); + } + } + return this->string; +} + +/** + * Implementation of ietf_attributes_t.get_encoding. + */ +static chunk_t get_encoding(private_ietf_attributes_t *this) +{ + chunk_t values; + size_t size = 0; + u_char *pos; + ietf_attr_t *attr; + enumerator_t *enumerator; + + /* precalculate the total size of all values */ + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, &attr)) + { + size_t len = attr->value.len; + + size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len; + } + enumerator->destroy(enumerator); + + pos = asn1_build_object(&values, ASN1_SEQUENCE, size); + + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, &attr)) + { + chunk_t ietfAttribute; + asn1_t type = ASN1_NULL; + + switch (attr->type) + { + case IETF_ATTRIBUTE_OCTETS: + type = ASN1_OCTET_STRING; + break; + case IETF_ATTRIBUTE_STRING: + type = ASN1_UTF8STRING; + break; + case IETF_ATTRIBUTE_OID: + type = ASN1_OID; + break; + } + ietfAttribute = asn1_simple_object(type, attr->value); + + /* copy ietfAttribute into values chunk */ + memcpy(pos, ietfAttribute.ptr, ietfAttribute.len); + pos += ietfAttribute.len; + free(ietfAttribute.ptr); + } + enumerator->destroy(enumerator); + + return asn1_wrap(ASN1_SEQUENCE, "m", values); +} + +static bool equals(private_ietf_attributes_t *this, private_ietf_attributes_t *other) +{ + bool result = TRUE; + + /* lists must have the same number of attributes */ + if (other == NULL || + this->list->get_count(this->list) != other->list->get_count(other->list)) + { + return FALSE; + } + + /* compare two alphabetically-sorted lists */ + { + ietf_attr_t *attr_a, *attr_b; + enumerator_t *enum_a, *enum_b; + + enum_a = this->list->create_enumerator(this->list); + enum_b = other->list->create_enumerator(other->list); + while (enum_a->enumerate(enum_a, &attr_a) && + enum_b->enumerate(enum_b, &attr_b)) + { + if (attr_a->compare(attr_a, attr_b) != 0) + { + /* we have a mismatch */ + result = FALSE; + break; + } + } + enum_a->destroy(enum_a); + enum_b->destroy(enum_b); + } + return result; +} + +static bool matches(private_ietf_attributes_t *this, private_ietf_attributes_t *other) +{ + bool result = FALSE; + ietf_attr_t *attr_a, *attr_b; + enumerator_t *enum_a, *enum_b; + + /* always match if this->list does not contain any attributes */ + if (this->list->get_count(this->list) == 0) + { + return TRUE; + } + + /* never match if other->list does not contain any attributes */ + if (other == NULL || other->list->get_count(other->list) == 0) + { + return FALSE; + } + + /* get first attribute from both lists */ + enum_a = this->list->create_enumerator(this->list); + enum_a->enumerate(enum_a, &attr_a); + enum_b = other->list->create_enumerator(other->list); + enum_b->enumerate(enum_b, &attr_b); + + /* look for at least one common attribute */ + while (TRUE) + { + bool cmp = attr_a->compare(attr_a, attr_b); + + if (cmp == 0) + { + /* we have a match */ + result = TRUE; + break; + } + if (cmp == -1) + { + /* attr_a is earlier in the alphabet, get next attr_a */ + if (!enum_a->enumerate(enum_a, &attr_a)) + { + /* we have reached the end of enum_a */ + break; + } + } + else + { + /* attr_a is later in the alphabet, get next attr_b */ + if (!enum_b->enumerate(enum_b, &attr_b)) + { + /* we have reached the end of enum_b */ + break; + } + } + } + enum_a->destroy(enum_a); + enum_b->destroy(enum_b); + + return result; +} + +/** + * Implementation of ietf_attributes_t.get_ref + */ +static private_ietf_attributes_t* get_ref(private_ietf_attributes_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of ietf_attributes_t.destroy. + */ +static void destroy(private_ietf_attributes_t *this) +{ + if (ref_put(&this->ref)) + { + this->list->destroy_offset(this->list, offsetof(ietf_attr_t, destroy)); + free(this->string); + free(this); + } +} + +static private_ietf_attributes_t* create_empty(void) +{ + private_ietf_attributes_t *this = malloc_thing(private_ietf_attributes_t); + + this->public.get_string = (char* (*)(ietf_attributes_t*))get_string; + this->public.get_encoding = (chunk_t (*)(ietf_attributes_t*))get_encoding; + this->public.equals = (bool (*)(ietf_attributes_t*,ietf_attributes_t*))equals; + this->public.matches = (bool (*)(ietf_attributes_t*,ietf_attributes_t*))matches; + this->public.get_ref = (ietf_attributes_t* (*)(ietf_attributes_t*))get_ref; + this->public.destroy = (void (*)(ietf_attributes_t*))destroy; + + this->list = linked_list_create(); + this->string = NULL; + this->ref = 1; + return this; +} + +/** + * Adds an ietf_attr_t object to a sorted linked list + */ +static void ietf_attributes_add(private_ietf_attributes_t *this, + ietf_attr_t *attr) +{ + ietf_attr_t *current_attr; + bool found = FALSE; + iterator_t *iterator; + + iterator = this->list->create_iterator(this->list, TRUE); + while (iterator->iterate(iterator, (void **)¤t_attr)) + { + int cmp = attr->compare(attr, current_attr); + + if (cmp > 0) + { + continue; + } + if (cmp == 0) + { + attr->destroy(attr); + } + else + { + iterator->insert_before(iterator, attr); + } + found = TRUE; + break; + } + iterator->destroy(iterator); + if (!found) + { + this->list->insert_last(this->list, attr); + } +} + +/* + * Described in header. + */ +ietf_attributes_t *ietf_attributes_create_from_string(char *string) +{ + private_ietf_attributes_t *this = create_empty(); + + chunk_t line = { string, strlen(string) }; + + while (eat_whitespace(&line)) + { + chunk_t group; + + /* extract the next comma-separated group attribute */ + if (!extract_token(&group, ',', &line)) + { + group = line; + line.len = 0; + } + + /* remove any trailing spaces */ + while (group.len > 0 && *(group.ptr + group.len - 1) == ' ') + { + group.len--; + } + + /* add the group attribute to the list */ + if (group.len > 0) + { + ietf_attr_t *attr = ietf_attr_create(IETF_ATTRIBUTE_STRING, group); + + ietf_attributes_add(this, attr); + } + } + + return &(this->public); +} + +/** + * ASN.1 definition of ietfAttrSyntax + */ +static const asn1Object_t ietfAttrSyntaxObjects[] = +{ + { 0, "ietfAttrSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "policyAuthority", ASN1_CONTEXT_C_0, ASN1_OPT | + ASN1_BODY }, /* 1 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ + { 1, "values", ASN1_SEQUENCE, ASN1_LOOP }, /* 3 */ + { 2, "octets", ASN1_OCTET_STRING, ASN1_OPT | + ASN1_BODY }, /* 4 */ + { 2, "end choice", ASN1_EOC, ASN1_END }, /* 5 */ + { 2, "oid", ASN1_OID, ASN1_OPT | + ASN1_BODY }, /* 6 */ + { 2, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ + { 2, "string", ASN1_UTF8STRING, ASN1_OPT | + ASN1_BODY }, /* 8 */ + { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */ + { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define IETF_ATTR_OCTETS 4 +#define IETF_ATTR_OID 6 +#define IETF_ATTR_STRING 8 + +/* + * Described in header. + */ +ietf_attributes_t *ietf_attributes_create_from_encoding(chunk_t encoded) +{ + private_ietf_attributes_t *this = create_empty(); + asn1_parser_t *parser; + chunk_t object; + int objectID; + + parser = asn1_parser_create(ietfAttrSyntaxObjects, encoded); + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case IETF_ATTR_OCTETS: + case IETF_ATTR_OID: + case IETF_ATTR_STRING: + { + ietf_attribute_type_t type; + ietf_attr_t *attr; + + type = (objectID - IETF_ATTR_OCTETS) / 2; + attr = ietf_attr_create(type, object); + ietf_attributes_add(this, attr); + } + break; + default: + break; + } + } + parser->destroy(parser); + + return &(this->public); +} + diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.h b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.h new file mode 100644 index 000000000..ab6bae984 --- /dev/null +++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.h @@ -0,0 +1,92 @@ +/* + * Copyright (C) 2007-2009 Andreas Steffen + * + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ietf_attributes ietf_attributes + * @{ @ingroup credentials + */ + +#ifndef IETF_ATTRIBUTES_H_ +#define IETF_ATTRIBUTES_H_ + +typedef struct ietf_attributes_t ietf_attributes_t; + +#include + +/** + * + */ +struct ietf_attributes_t { + + /** + * Get the an alphabetically sorted list of printable IETF attributes. + * + * Result points to internal data, do not free. + * + * @return a string containing printable attributes + */ + char* (*get_string) (ietf_attributes_t *this); + + /** + * Get the ASN.1 encoding of the IETF attributes. + * + * @return allocated chunk containing the encoded bytes + */ + chunk_t (*get_encoding) (ietf_attributes_t *this); + + /** + * Check for equality between two lists. + * + * @param other attribute list to be checked for equality + * @return TRUE if equal + */ + bool (*equals) (ietf_attributes_t *this, ietf_attributes_t *other); + + /** + * Check for common attributes between two lists. + * + * @param other attribute list to be matched + * @return TRUE if there is at least a common attribute + */ + bool (*matches) (ietf_attributes_t *this, ietf_attributes_t *other); + + /** + * Get a new reference to the IETF attributes. + * + * @return this, with an increased refcount + */ + ietf_attributes_t* (*get_ref)(ietf_attributes_t *this); + + /** + * Destroys an ietf_attributes_t object. + */ + void (*destroy) (ietf_attributes_t *this); +}; + +/** + * @param string input string, which will be converted + * @return ietf_attributes_t + */ +ietf_attributes_t *ietf_attributes_create_from_string(char *string); + +/** + * @param encoded ASN.1 encoded bytes, such as from ietf_attributes.get_encoding + * @return ietf_attributes_t + */ +ietf_attributes_t *ietf_attributes_create_from_encoding(chunk_t encoded); + +#endif /** IETF_ATTRIBUTES_H_ @}*/ + diff --git a/src/libstrongswan/credentials/keys/key_encoding.c b/src/libstrongswan/credentials/keys/key_encoding.c new file mode 100644 index 000000000..89b25226c --- /dev/null +++ b/src/libstrongswan/credentials/keys/key_encoding.c @@ -0,0 +1,299 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "key_encoding.h" + +#include + +#include +#include +#include + +typedef struct private_key_encoding_t private_key_encoding_t; + +/** + * Private data of an key_encoding_t object. + */ +struct private_key_encoding_t { + + /** + * Public key_encoding_t interface. + */ + key_encoding_t public; + + /** + * cached encodings, a table for each encoding_type_t, containing chunk_t* + */ + hashtable_t *cache[KEY_ENCODING_MAX]; + + /** + * Registered encoding fuctions, key_encoder_t + */ + linked_list_t *encoders; + + /** + * lock to access cache/encoders + */ + rwlock_t *lock; +}; + +/** + * See header. + */ +bool key_encoding_args(va_list args, ...) +{ + va_list parts, copy; + bool failed = FALSE; + + va_start(parts, args); + + while (!failed) + { + key_encoding_part_t current, target; + chunk_t *out, data; + + /* get the part we are looking for */ + target = va_arg(parts, key_encoding_part_t); + if (target == KEY_PART_END) + { + break; + } + out = va_arg(parts, chunk_t*); + + va_copy(copy, args); + while (!failed) + { + current = va_arg(copy, key_encoding_part_t); + if (current == KEY_PART_END) + { + failed = TRUE; + break; + } + data = va_arg(copy, chunk_t); + if (current == target) + { + *out = data; + break; + } + } + va_end(copy); + } + va_end(parts); + return !failed; +} + +/** + * hashtable hash() function + */ +static u_int hash(void *key) +{ + return (uintptr_t)key; +} + +/** + * hashtable equals() function + */ +static bool equals(void *key1, void *key2) +{ + return key1 == key2; +} + +/** + * Implementation of key_encoding_t.get_cache + */ +static bool get_cache(private_key_encoding_t *this, key_encoding_type_t type, + void *cache, chunk_t *encoding) +{ + chunk_t *chunk; + + if (type >= KEY_ENCODING_MAX || type < 0) + { + return FALSE; + } + this->lock->read_lock(this->lock); + chunk = this->cache[type]->get(this->cache[type], cache); + if (chunk) + { + *encoding = *chunk; + } + this->lock->unlock(this->lock); + return !!chunk; +} + +/** + * Implementation of key_encoding_t.encode + */ +static bool encode(private_key_encoding_t *this, key_encoding_type_t type, + void *cache, chunk_t *encoding, ...) +{ + enumerator_t *enumerator; + va_list args, copy; + key_encoder_t encode; + bool success = FALSE; + chunk_t *chunk; + + if (type >= KEY_ENCODING_MAX || type < 0) + { + return FALSE; + } + this->lock->read_lock(this->lock); + if (cache) + { + chunk = this->cache[type]->get(this->cache[type], cache); + if (chunk) + { + *encoding = *chunk; + this->lock->unlock(this->lock); + return TRUE; + } + } + va_start(args, encoding); + enumerator = this->encoders->create_enumerator(this->encoders); + while (enumerator->enumerate(enumerator, &encode)) + { + va_copy(copy, args); + success = encode(type, encoding, copy); + va_end(copy); + if (success) + { + if (cache) + { + chunk = malloc_thing(chunk_t); + *chunk = *encoding; + this->lock->unlock(this->lock); + this->lock->write_lock(this->lock); + this->cache[type]->put(this->cache[type], cache, chunk); + } + break; + } + } + enumerator->destroy(enumerator); + va_end(args); + this->lock->unlock(this->lock); + return success; +} + +/** + * Implementation of key_encoding_t.cache + */ +static void cache(private_key_encoding_t *this, key_encoding_type_t type, + void *cache, chunk_t encoding) +{ + chunk_t *chunk; + + if (type >= KEY_ENCODING_MAX || type < 0) + { + return free(encoding.ptr); + } + chunk = malloc_thing(chunk_t); + *chunk = encoding; + this->lock->write_lock(this->lock); + chunk = this->cache[type]->put(this->cache[type], cache, chunk); + this->lock->unlock(this->lock); + /* free an encoding already associated to the cache */ + if (chunk) + { + free(chunk->ptr); + free(chunk); + } +} + +/** + * Implementation of key_encoding_t.clear_cache + */ +static void clear_cache(private_key_encoding_t *this, void *cache) +{ + key_encoding_type_t type; + chunk_t *chunk; + + this->lock->write_lock(this->lock); + for (type = 0; type < KEY_ENCODING_MAX; type++) + { + chunk = this->cache[type]->remove(this->cache[type], cache); + if (chunk) + { + chunk_free(chunk); + free(chunk); + } + } + this->lock->unlock(this->lock); +} + +/** + * Implementation of key_encoding_t.add_encoder + */ +static void add_encoder(private_key_encoding_t *this, key_encoder_t encoder) +{ + this->lock->write_lock(this->lock); + this->encoders->insert_last(this->encoders, encoder); + this->lock->unlock(this->lock); +} + +/** + * Implementation of key_encoding_t.remove_encoder + */ +static void remove_encoder(private_key_encoding_t *this, key_encoder_t encoder) +{ + this->lock->write_lock(this->lock); + this->encoders->remove(this->encoders, encoder, NULL); + this->lock->unlock(this->lock); +} + +/** + * Implementation of key_encoder_t.destroy. + */ +static void destroy(private_key_encoding_t *this) +{ + key_encoding_type_t type; + + for (type = 0; type < KEY_ENCODING_MAX; type++) + { + /* We explicitly do not free remaining encodings. All keys should + * have gone now, and they are responsible for cleaning out their + * cache entries. Not flushing here allows the leak detective to + * complain if a key did not flush cached encodings. */ + this->cache[type]->destroy(this->cache[type]); + } + this->encoders->destroy(this->encoders); + this->lock->destroy(this->lock); + free(this); +} + +/** + * See header + */ +key_encoding_t *key_encoding_create() +{ + private_key_encoding_t *this = malloc_thing(private_key_encoding_t); + key_encoding_type_t type; + + this->public.encode = (bool(*)(key_encoding_t*, key_encoding_type_t type, void *cache, chunk_t *encoding, ...))encode; + this->public.get_cache = (bool(*)(key_encoding_t*, key_encoding_type_t type, void *cache, chunk_t *encoding))get_cache; + this->public.cache = (void(*)(key_encoding_t*, key_encoding_type_t type, void *cache, chunk_t encoding))cache; + this->public.clear_cache = (void(*)(key_encoding_t*, void *cache))clear_cache; + this->public.add_encoder = (void(*)(key_encoding_t*, key_encoder_t encoder))add_encoder; + this->public.remove_encoder = (void(*)(key_encoding_t*, key_encoder_t encoder))remove_encoder; + this->public.destroy = (void(*)(key_encoding_t*))destroy; + + for (type = 0; type < KEY_ENCODING_MAX; type++) + { + this->cache[type] = hashtable_create(hash, equals, 8); + } + this->encoders = linked_list_create(); + this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); + + return &this->public; +} + diff --git a/src/libstrongswan/credentials/keys/key_encoding.h b/src/libstrongswan/credentials/keys/key_encoding.h new file mode 100644 index 000000000..384117166 --- /dev/null +++ b/src/libstrongswan/credentials/keys/key_encoding.h @@ -0,0 +1,203 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup key_encoding key_encoding + * @{ @ingroup keys + */ + +#ifndef KEY_ENCODING_H_ +#define KEY_ENCODING_H_ + +typedef struct key_encoding_t key_encoding_t; +typedef enum key_encoding_type_t key_encoding_type_t; +typedef enum key_encoding_part_t key_encoding_part_t; + +#include + +/** + * Key encoder function implementing encoding/fingerprinting. + * + * The variable argument list takes key_encoding_part_t, followed by part + * specific arguments, terminated by KEY_PART_END. + * + * @param type format to encode the key to + * @param args list of (key_encoding_part_t, data) + * @param encoding encoding result, allocated + * @return TRUE if encoding successful + */ +typedef bool (*key_encoder_t)(key_encoding_type_t type, chunk_t *encoding, + va_list args); + +/** + * Helper function for key_encoder_t implementations to parse argument list. + * + * Key encoder functions get a variable argument list to parse. To simplify + * the job, this function reads the arguments and returns chunks for each + * part. + * The argument list of this function takes a key_encoding_part_t, followed + * by a data pointer receiving the value, terminated by KEY_PART_END. + * + * @param args argument list passed to key encoder function + * @param ... list of (key_encoding_part_t, data*) + * @return TRUE if all parts found, FALSE otherwise + */ +bool key_encoding_args(va_list args, ...); + +/** + * Encoding type of a fingerprint/private-/public-key. + * + * Fingerprints have have the KEY_ID_*, public keys the KEY_PUB_* and + * private keys the KEY_PRIV_* prefix. + */ +enum key_encoding_type_t { + /** SHA1 fingerprint over subjectPublicKeyInfo */ + KEY_ID_PUBKEY_INFO_SHA1 = 0, + /** SHA1 fingerprint over subjectPublicKey */ + KEY_ID_PUBKEY_SHA1, + /** PGPv3 fingerprint */ + KEY_ID_PGPV3, + /** PGPv4 fingerprint */ + KEY_ID_PGPV4, + + KEY_ID_MAX, + + /** PKCS#1 and similar ASN.1 key encoding */ + KEY_PUB_ASN1_DER, + KEY_PRIV_ASN1_DER, + /** subjectPublicKeyInfo encoding */ + KEY_PUB_SPKI_ASN1_DER, + /** PEM oncoded PKCS#1 key */ + KEY_PUB_PEM, + KEY_PRIV_PEM, + /** PGP key encoding */ + KEY_PUB_PGP, + KEY_PRIV_PGP, + + KEY_ENCODING_MAX, +}; + +/** + * Parts of a key to encode. + */ +enum key_encoding_part_t { + /** modulus of a RSA key, n */ + KEY_PART_RSA_MODULUS, + /** public exponent of a RSA key, e */ + KEY_PART_RSA_PUB_EXP, + /** private exponent of a RSA key, d */ + KEY_PART_RSA_PRIV_EXP, + /** prime1 a RSA key, p */ + KEY_PART_RSA_PRIME1, + /** prime2 a RSA key, q */ + KEY_PART_RSA_PRIME2, + /** exponent1 a RSA key, exp1 */ + KEY_PART_RSA_EXP1, + /** exponent1 a RSA key, exp2 */ + KEY_PART_RSA_EXP2, + /** coefficient of RSA key, coeff */ + KEY_PART_RSA_COEFF, + /** a DER encoded RSA public key */ + KEY_PART_RSA_PUB_ASN1_DER, + /** a DER encoded RSA private key */ + KEY_PART_RSA_PRIV_ASN1_DER, + /** a DER encoded ECDSA public key */ + KEY_PART_ECDSA_PUB_ASN1_DER, + /** a DER encoded ECDSA private key */ + KEY_PART_ECDSA_PRIV_ASN1_DER, + + KEY_PART_END, +}; + +/** + * Private/Public key encoding and fingerprinting facility. + */ +struct key_encoding_t { + + /** + * Encode a key into a format using several key parts, optional caching. + * + * The variable argument list takes key_encoding_part_t, followed by part + * specific arguments, terminated by KEY_PART_END. + * If a cache key is given, the returned encoding points to internal data: + * do not free or modify. If no cache key is given, the encoding is + * allocated and must be freed by the caller. + * + * @param type format the key should be encoded to + * @param cache key to use for caching, NULL to not cache + * @param encoding encoding result, allocated if caching disabled + * @param ... list of (key_encoding_part_t, data) + * @return TRUE if encoding successful + */ + bool (*encode)(key_encoding_t *this, key_encoding_type_t type, void *cache, + chunk_t *encoding, ...); + + /** + * Clear all cached encodings of a given cache key. + * + * @param cache key used in encode() for caching + */ + void (*clear_cache)(key_encoding_t *this, void *cache); + + /** + * Check for a cached encoding. + * + * @param type format of the key encoding + * @param cache key to use for caching, as given to encode() + * @param encoding encoding result, internal data + * @return TRUE if cache entry found + */ + bool (*get_cache)(key_encoding_t *this, key_encoding_type_t type, + void *cache, chunk_t *encoding); + + /** + * Cache a key encoding created externally. + * + * After calling cache(), the passed encoding is owned by the key encoding + * facility. + * + * @param type format of the key encoding + * @param cache key to use for caching, as given to encode() + * @param encoding encoding to cache, gets owned by this + */ + void (*cache)(key_encoding_t *this, key_encoding_type_t type, void *cache, + chunk_t encoding); + + /** + * Register a key encoder function. + * + * @param encoder key encoder function to add + */ + void (*add_encoder)(key_encoding_t *this, key_encoder_t encoder); + + /** + * Unregister a previously registered key encoder function. + * + * @param encoder key encoder function to remove + */ + void (*remove_encoder)(key_encoding_t *this, key_encoder_t encoder); + + /** + * Destroy a key_encoding_t. + */ + void (*destroy)(key_encoding_t *this); +}; + +/** + * Create a key_encoding instance. + */ +key_encoding_t *key_encoding_create(); + +#endif /** KEY_ENCODING_H_ @}*/ diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c index 0a01d0385..c3b5ac55b 100644 --- a/src/libstrongswan/credentials/keys/private_key.c +++ b/src/libstrongswan/credentials/keys/private_key.c @@ -15,3 +15,65 @@ #include "private_key.h" +/** + * See header. + */ +bool private_key_equals(private_key_t *this, private_key_t *other) +{ + key_encoding_type_t type; + chunk_t a, b; + + if (this == other) + { + return TRUE; + } + + for (type = 0; type < KEY_ENCODING_MAX; type++) + { + if (this->get_fingerprint(this, type, &a) && + other->get_fingerprint(other, type, &b)) + { + return chunk_equals(a, b); + } + } + return FALSE; +} + +/** + * See header. + */ +bool private_key_belongs_to(private_key_t *private, public_key_t *public) +{ + key_encoding_type_t type; + chunk_t a, b; + + for (type = 0; type < KEY_ENCODING_MAX; type++) + { + if (private->get_fingerprint(private, type, &a) && + public->get_fingerprint(public, type, &b)) + { + return chunk_equals(a, b); + } + } + return FALSE; +} + +/** + * See header. + */ +bool private_key_has_fingerprint(private_key_t *private, chunk_t fingerprint) +{ + key_encoding_type_t type; + chunk_t current; + + for (type = 0; type < KEY_ID_MAX; type++) + { + if (private->get_fingerprint(private, type, ¤t) && + chunk_equals(current, fingerprint)) + { + return TRUE; + } + } + return FALSE; +} + diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h index f38af8ff4..d4517f296 100644 --- a/src/libstrongswan/credentials/keys/private_key.h +++ b/src/libstrongswan/credentials/keys/private_key.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup private_key private_key * @{ @ingroup keys @@ -23,7 +23,6 @@ typedef struct private_key_t private_key_t; -#include #include /** @@ -46,7 +45,7 @@ struct private_key_t { * @param signature where to allocate created signature * @return TRUE if signature created */ - bool (*sign)(private_key_t *this, signature_scheme_t scheme, + bool (*sign)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature); /** * Decrypt a chunk of data. @@ -56,32 +55,24 @@ struct private_key_t { * @return TRUE if data decrypted and plaintext allocated */ bool (*decrypt)(private_key_t *this, chunk_t crypto, chunk_t *plain); - + /** * Get the strength of the key in bytes. - * + * * @return strength of the key in bytes */ size_t (*get_keysize) (private_key_t *this); - /** - * Get a unique key identifier, such as a hash over the public key. - * - * @param type type of the key ID to get - * @return unique ID of the key as identification_t, or NULL - */ - identification_t* (*get_id) (private_key_t *this, id_type_t type); - /** * Get the public part from the private key. * * @return public key */ public_key_t* (*get_public_key)(private_key_t *this); - + /** * Check if two private keys are equal. - * + * * @param other other private key * @return TRUE, if equality */ @@ -89,32 +80,78 @@ struct private_key_t { /** * Check if a private key belongs to a public key. - * + * * @param public public key * @return TRUE, if keys belong together */ bool (*belongs_to) (private_key_t *this, public_key_t *public); - + /** - * Get an encoded form of the private key. + * Get the fingerprint of the key. * - * @todo Do we need a encoding type specification? + * @param type type of fingerprint, one of KEY_ID_* + * @param fp fingerprint, points to internal data + * @return TRUE if fingerprint type supported + */ + bool (*get_fingerprint)(private_key_t *this, key_encoding_type_t type, + chunk_t *fp); + + /** + * Check if a key has a given fingerprint of any kind. * - * @return allocated chunk containing encoded private key + * @param fp fingerprint to check + * @return TRUE if key has given fingerprint */ - chunk_t (*get_encoding)(private_key_t *this); - + bool (*has_fingerprint)(private_key_t *this, chunk_t fp); + + /** + * Get the key in an encoded form as a chunk. + * + * @param type type of the encoding, one of KEY_PRIV_* + * @param encoding encoding of the key, allocated + * @return TRUE if encoding supported + */ + bool (*get_encoding)(private_key_t *this, key_encoding_type_t type, + chunk_t *encoding); + /** * Increase the refcount to this private key. * * @return this, with an increased refcount */ private_key_t* (*get_ref)(private_key_t *this); - + /** - * Decrease refcount, destroy private_key if no more references. - */ - void (*destroy)(private_key_t *this); + * Decrease refcount, destroy private_key if no more references. + */ + void (*destroy)(private_key_t *this); }; +/** + * Generic private key equals() implementation, usable by implementors. + * + * @param this first key to compare + * @param other second key to compare + * @return TRUE if this is equal to other + */ +bool private_key_equals(private_key_t *this, private_key_t *other); + +/** + * Generic private key belongs_to() implementation, usable by implementors. + * + * @param private private key to check + * @param public public key to compare + * @return TRUE if this is equal to other + */ +bool private_key_belongs_to(private_key_t *private, public_key_t *public); + +/** + * Generic private key has_fingerprint() implementation, usable by implementors. + * + * @param this key to check fingerprint + * @param fingerprint fingerprint to check + * @return TRUE if key has given fingerprint + */ +bool private_key_has_fingerprint(private_key_t *this, chunk_t fingerprint); + #endif /** PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index a5f547038..ba3036793 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -32,13 +32,59 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521, "RSA_EMSA_PKCS1_SHA256", "RSA_EMSA_PKCS1_SHA384", "RSA_EMSA_PKCS1_SHA512", + "ECDSA_WITH_SHA1_DER", + "ECDSA_WITH_SHA256_DER", + "ECDSA_WITH_SHA384_DER", + "ECDSA_WITH_SHA512_DER", "ECDSA_WITH_NULL", - "ECDSA_WITH_SHA1", "ECDSA-256", "ECDSA-384", "ECDSA-521", ); +/** + * See header. + */ +bool public_key_equals(public_key_t *this, public_key_t *other) +{ + key_encoding_type_t type; + chunk_t a, b; + + if (this == other) + { + return TRUE; + } + + for (type = 0; type < KEY_ENCODING_MAX; type++) + { + if (this->get_fingerprint(this, type, &a) && + other->get_fingerprint(other, type, &b)) + { + return chunk_equals(a, b); + } + } + return FALSE; +} + +/** + * See header. + */ +bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint) +{ + key_encoding_type_t type; + chunk_t current; + + for (type = 0; type < KEY_ID_MAX; type++) + { + if (public->get_fingerprint(public, type, ¤t) && + chunk_equals(current, fingerprint)) + { + return TRUE; + } + } + return FALSE; +} + /* * Defined in header. */ @@ -66,13 +112,13 @@ signature_scheme_t signature_scheme_from_oid(int oid) return SIGN_RSA_EMSA_PKCS1_SHA512; case OID_ECDSA_WITH_SHA1: case OID_EC_PUBLICKEY: - return SIGN_ECDSA_WITH_SHA1; + return SIGN_ECDSA_WITH_SHA1_DER; case OID_ECDSA_WITH_SHA256: - return SIGN_ECDSA_256; + return SIGN_ECDSA_WITH_SHA256_DER; case OID_ECDSA_WITH_SHA384: - return SIGN_ECDSA_384; + return SIGN_ECDSA_WITH_SHA384_DER; case OID_ECDSA_WITH_SHA512: - return SIGN_ECDSA_521; + return SIGN_ECDSA_WITH_SHA512_DER; default: return SIGN_UNKNOWN; } diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index be5f3bde6..a421e7b5b 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup public_key public_key * @{ @ingroup keys @@ -28,6 +28,7 @@ typedef enum signature_scheme_t signature_scheme_t; #include #include +#include /** * Type of a key pair, the used crypto system @@ -53,9 +54,8 @@ extern enum_name_t *key_type_names; * Signature scheme for signature creation * * EMSA-PKCS1 signatures are defined in PKCS#1 standard. - * A prepended ASN.1 encoded digestInfo field contains the - * OID of the used hash algorithm. The ASN.1 type of the PKCS#7 - * variants is OCTET_STRING instead of the default BIT_STRING. + * A prepended ASN.1 encoded digestInfo field contains the + * OID of the used hash algorithm. */ enum signature_scheme_t { /** Unknown signature scheme */ @@ -74,10 +74,16 @@ enum signature_scheme_t { SIGN_RSA_EMSA_PKCS1_SHA384, /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */ SIGN_RSA_EMSA_PKCS1_SHA512, - /** ECDSA over precomputed digest */ + /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ + SIGN_ECDSA_WITH_SHA1_DER, + /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */ + SIGN_ECDSA_WITH_SHA256_DER, + /** ECDSA with SHA-384 using DER encoding as in RFC 3279 */ + SIGN_ECDSA_WITH_SHA384_DER, + /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ + SIGN_ECDSA_WITH_SHA512_DER, + /** ECDSA over precomputed digest, signature as in RFC 4754 */ SIGN_ECDSA_WITH_NULL, - /** ECDSA with SHA-1 */ - SIGN_ECDSA_WITH_SHA1, /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */ SIGN_ECDSA_256, /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */ @@ -102,7 +108,7 @@ struct public_key_t { * @return type of the key */ key_type_t (*get_type)(public_key_t *this); - + /** * Verifies a signature against a chunk of data. * @@ -111,9 +117,9 @@ struct public_key_t { * @param signature signature to check * @return TRUE if signature matches */ - bool (*verify)(public_key_t *this, signature_scheme_t scheme, + bool (*verify)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature); - + /** * Encrypt a chunk of data. * @@ -122,10 +128,10 @@ struct public_key_t { * @return TRUE if data successfully encrypted */ bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto); - + /** * Check if two public keys are equal. - * + * * @param other other public key * @return TRUE, if equality */ @@ -133,44 +139,73 @@ struct public_key_t { /** * Get the strength of the key in bytes. - * + * * @return strength of the key in bytes */ size_t (*get_keysize) (public_key_t *this); /** - * Get a unique key identifier, such as a hash over the key. - * - * @param type type of the key ID to get - * @return unique ID of the key as identification_t, or NULL + * Get the fingerprint of the key. + * + * @param type type of fingerprint, one of KEY_ID_* + * @param fp fingerprint, points to internal data + * @return TRUE if fingerprint type supported */ - identification_t* (*get_id) (public_key_t *this, id_type_t type); - + bool (*get_fingerprint)(public_key_t *this, key_encoding_type_t type, + chunk_t *fp); + /** - * Get an encoded form of the key. + * Check if a key has a given fingerprint of any kind. * - * @todo Do we need a encoding type specification? + * @param fp fingerprint to check + * @return TRUE if key has given fingerprint + */ + bool (*has_fingerprint)(public_key_t *this, chunk_t fp); + + /** + * Get the key in an encoded form as a chunk. * - * @return allocated chunk containing encoded key + * @param type type of the encoding, one of KEY_PRIV_* + * @param encoding encoding of the key, allocated + * @return TRUE if encoding supported */ - chunk_t (*get_encoding)(public_key_t *this); - + bool (*get_encoding)(public_key_t *this, key_encoding_type_t type, + chunk_t *encoding); + /** * Increase the refcount of the key. * * @return this with an increased refcount */ public_key_t* (*get_ref)(public_key_t *this); - + /** * Destroy a public_key instance. */ void (*destroy)(public_key_t *this); }; +/** + * Generic public key equals() implementation, usable by implementors. + * + * @param this first key to compare + * @param other second key to compare + * @return TRUE if this is equal to other + */ +bool public_key_equals(public_key_t *this, public_key_t *other); + +/** + * Generic public key has_fingerprint() implementation, usable by implementors. + * + * @param this key to check fingerprint + * @param fingerprint fingerprint to check + * @return TRUE if key has given fingerprint + */ +bool public_key_has_fingerprint(public_key_t *this, chunk_t fingerprint); + /** * Conversion of ASN.1 signature or hash OID to signature scheme. - * + * * @param oid ASN.1 OID * @return signature_scheme, SIGN_UNKNOWN if OID is unsupported */ diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c index c6f141446..f695c078d 100644 --- a/src/libstrongswan/credentials/keys/shared_key.c +++ b/src/libstrongswan/credentials/keys/shared_key.c @@ -34,17 +34,17 @@ struct private_shared_key_t { * public functions */ shared_key_t public; - + /** * type of this shared key */ shared_key_type_t type; - + /** * associated shared key data */ chunk_t key; - + /** * reference counter */ @@ -94,16 +94,16 @@ static void destroy(private_shared_key_t *this) shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key) { private_shared_key_t *this = malloc_thing(private_shared_key_t); - + this->public.get_type = (shared_key_type_t (*)(shared_key_t *this))get_type; this->public.get_key = (chunk_t (*)(shared_key_t *this))get_key; this->public.get_ref = (shared_key_t* (*)(shared_key_t *this))get_ref; this->public.destroy = (void(*)(shared_key_t*))destroy; - + this->type = type; this->key = key; this->ref = 1; - + return &this->public; } diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h index ceb1309b7..fe7bc86be 100644 --- a/src/libstrongswan/credentials/keys/shared_key.h +++ b/src/libstrongswan/credentials/keys/shared_key.h @@ -55,32 +55,32 @@ extern enum_name_t *shared_key_type_names; * reading. */ struct shared_key_t { - + /** * Get the kind of this key. * * @return type of the key */ shared_key_type_t (*get_type)(shared_key_t *this); - + /** * Get the shared key data. * * @return chunk pointing to the internal key */ chunk_t (*get_key)(shared_key_t *this); - - /** + + /** * Increase refcount of the key. * - * @return this with an increased refcount + * @return this with an increased refcount */ shared_key_t* (*get_ref)(shared_key_t *this); - + /** - * Destroy a shared_key instance if all references are gone. - */ - void (*destroy)(shared_key_t *this); + * Destroy a shared_key instance if all references are gone. + */ + void (*destroy)(shared_key_t *this); }; /** diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h index 2879e24c0..f052a181d 100644 --- a/src/libstrongswan/crypto/crypters/crypter.h +++ b/src/libstrongswan/crypto/crypters/crypter.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup crypter crypter * @{ @ingroup crypto @@ -56,14 +56,15 @@ enum encryption_algorithm_t { ENCR_CAMELLIA_CCM_ICV12 = 26, ENCR_CAMELLIA_CCM_ICV16 = 27, ENCR_UNDEFINED = 1024, - ENCR_DES_ECB = 1025, + ENCR_DES_ECB = 1025, ENCR_SERPENT_CBC = 1026, - ENCR_TWOFISH_CBC = 1027 + ENCR_TWOFISH_CBC = 1027 }; #define DES_BLOCK_SIZE 8 #define BLOWFISH_BLOCK_SIZE 8 #define AES_BLOCK_SIZE 16 +#define CAMELLIA_BLOCK_SIZE 16 #define SERPENT_BLOCK_SIZE 16 #define TWOFISH_BLOCK_SIZE 16 @@ -76,7 +77,7 @@ extern enum_name_t *encryption_algorithm_names; * Generic interface for symmetric encryption algorithms. */ struct crypter_t { - + /** * Encrypt a chunk of data and allocate space for the encrypted value. * @@ -90,14 +91,14 @@ struct crypter_t { */ void (*encrypt) (crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted); - + /** * Decrypt a chunk of data and allocate space for the decrypted value. * * The length of the iv must equal to get_block_size(), while the length * of data must be a multiple it. * If decrpyted is NULL, the encryption is done in-place (overwriting data). - * + * * @param data data to decrypt * @param iv initializing vector * @param encrypted chunk to allocate decrypted data, or NULL @@ -107,18 +108,18 @@ struct crypter_t { /** * Get the block size of the crypto algorithm. - * + * * @return block size in bytes */ size_t (*get_block_size) (crypter_t *this); /** * Get the key size of the crypto algorithm. - * + * * @return key size in bytes */ size_t (*get_key_size) (crypter_t *this); - + /** * Set the key. * @@ -127,7 +128,7 @@ struct crypter_t { * @param key key to set */ void (*set_key) (crypter_t *this, chunk_t key); - + /** * Destroys a crypter_t object. */ @@ -136,7 +137,7 @@ struct crypter_t { /** * Conversion of ASN.1 OID to encryption algorithm. - * + * * @param oid ASN.1 OID * @param key_size returns size of encryption key in bits * @return encryption algorithm, ENCR_UNDEFINED if OID unsupported @@ -145,7 +146,7 @@ encryption_algorithm_t encryption_algorithm_from_oid(int oid, size_t *key_size); /** * Conversion of encryption algorithm to ASN.1 OID. - * + * * @param alg encryption algorithm * @param key_size size of encryption key in bits * @return ASN.1 OID, OID_UNKNOWN if OID is unknown diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index e928e8cdf..46b50329d 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -16,7 +16,7 @@ #include "crypto_factory.h" #include -#include +#include #include #include @@ -46,52 +46,52 @@ struct private_crypto_factory_t { * public functions */ crypto_factory_t public; - + /** * registered crypters, as entry_t */ linked_list_t *crypters; - + /** * registered signers, as entry_t */ linked_list_t *signers; - + /** * registered hashers, as entry_t */ linked_list_t *hashers; - + /** * registered prfs, as entry_t */ linked_list_t *prfs; - + /** * registered rngs, as entry_t */ linked_list_t *rngs; - + /** * registered diffie hellman, as entry_t */ linked_list_t *dhs; - + /** * test manager to test crypto algorithms */ crypto_tester_t *tester; - + /** * whether to test algorithms during registration */ bool test_on_add; - + /** * whether to test algorithms on each crypto primitive construction */ bool test_on_create; - + /** * rwlock to lock access to modules */ @@ -107,7 +107,7 @@ static crypter_t* create_crypter(private_crypto_factory_t *this, enumerator_t *enumerator; entry_t *entry; crypter_t *crypter = NULL; - + this->lock->read_lock(this->lock); enumerator = this->crypters->create_enumerator(this->crypters); while (enumerator->enumerate(enumerator, &entry)) @@ -116,7 +116,7 @@ static crypter_t* create_crypter(private_crypto_factory_t *this, { if (this->test_on_create && !this->tester->test_crypter(this->tester, algo, key_size, - entry->create_crypter)) + entry->create_crypter)) { continue; } @@ -141,7 +141,7 @@ static signer_t* create_signer(private_crypto_factory_t *this, enumerator_t *enumerator; entry_t *entry; signer_t *signer = NULL; - + this->lock->read_lock(this->lock); enumerator = this->signers->create_enumerator(this->signers); while (enumerator->enumerate(enumerator, &entry)) @@ -163,7 +163,7 @@ static signer_t* create_signer(private_crypto_factory_t *this, } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - + return signer; } @@ -243,7 +243,7 @@ static rng_t* create_rng(private_crypto_factory_t *this, rng_quality_t quality) entry_t *entry; u_int diff = ~0; rng_constructor_t constr = NULL; - + this->lock->read_lock(this->lock); enumerator = this->rngs->create_enumerator(this->rngs); while (enumerator->enumerate(enumerator, &entry)) @@ -311,7 +311,7 @@ static void add_crypter(private_crypto_factory_t *this, this->tester->test_crypter(this->tester, algo, 0, create)) { entry_t *entry = malloc_thing(entry_t); - + entry->algo = algo; entry->create_crypter = create; this->lock->write_lock(this->lock); @@ -328,7 +328,7 @@ static void remove_crypter(private_crypto_factory_t *this, { entry_t *entry; enumerator_t *enumerator; - + this->lock->write_lock(this->lock); enumerator = this->crypters->create_enumerator(this->crypters); while (enumerator->enumerate(enumerator, &entry)) @@ -353,7 +353,7 @@ static void add_signer(private_crypto_factory_t *this, this->tester->test_signer(this->tester, algo, create)) { entry_t *entry = malloc_thing(entry_t); - + entry->algo = algo; entry->create_signer = create; this->lock->write_lock(this->lock); @@ -370,7 +370,7 @@ static void remove_signer(private_crypto_factory_t *this, { entry_t *entry; enumerator_t *enumerator; - + this->lock->write_lock(this->lock); enumerator = this->signers->create_enumerator(this->signers); while (enumerator->enumerate(enumerator, &entry)) @@ -395,7 +395,7 @@ static void add_hasher(private_crypto_factory_t *this, hash_algorithm_t algo, this->tester->test_hasher(this->tester, algo, create)) { entry_t *entry = malloc_thing(entry_t); - + entry->algo = algo; entry->create_hasher = create; this->lock->write_lock(this->lock); @@ -412,7 +412,7 @@ static void remove_hasher(private_crypto_factory_t *this, { entry_t *entry; enumerator_t *enumerator; - + this->lock->write_lock(this->lock); enumerator = this->hashers->create_enumerator(this->hashers); while (enumerator->enumerate(enumerator, &entry)) @@ -437,7 +437,7 @@ static void add_prf(private_crypto_factory_t *this, this->tester->test_prf(this->tester, algo, create)) { entry_t *entry = malloc_thing(entry_t); - + entry->algo = algo; entry->create_prf = create; this->lock->write_lock(this->lock); @@ -453,7 +453,7 @@ static void remove_prf(private_crypto_factory_t *this, prf_constructor_t create) { entry_t *entry; enumerator_t *enumerator; - + this->lock->write_lock(this->lock); enumerator = this->prfs->create_enumerator(this->prfs); while (enumerator->enumerate(enumerator, &entry)) @@ -478,7 +478,7 @@ static void add_rng(private_crypto_factory_t *this, rng_quality_t quality, this->tester->test_rng(this->tester, quality, create)) { entry_t *entry = malloc_thing(entry_t); - + entry->algo = quality; entry->create_rng = create; this->lock->write_lock(this->lock); @@ -494,7 +494,7 @@ static void remove_rng(private_crypto_factory_t *this, rng_constructor_t create) { entry_t *entry; enumerator_t *enumerator; - + this->lock->write_lock(this->lock); enumerator = this->rngs->create_enumerator(this->rngs); while (enumerator->enumerate(enumerator, &entry)) @@ -516,7 +516,7 @@ static void add_dh(private_crypto_factory_t *this, diffie_hellman_group_t group, dh_constructor_t create) { entry_t *entry = malloc_thing(entry_t); - + entry->algo = group; entry->create_dh = create; this->lock->write_lock(this->lock); @@ -531,7 +531,7 @@ static void remove_dh(private_crypto_factory_t *this, dh_constructor_t create) { entry_t *entry; enumerator_t *enumerator; - + this->lock->write_lock(this->lock); enumerator = this->dhs->create_enumerator(this->dhs); while (enumerator->enumerate(enumerator, &entry)) @@ -713,7 +713,7 @@ static void destroy(private_crypto_factory_t *this) crypto_factory_t *crypto_factory_create() { private_crypto_factory_t *this = malloc_thing(private_crypto_factory_t); - + this->public.create_crypter = (crypter_t*(*)(crypto_factory_t*, encryption_algorithm_t, size_t))create_crypter; this->public.create_signer = (signer_t*(*)(crypto_factory_t*, integrity_algorithm_t))create_signer; this->public.create_hasher = (hasher_t*(*)(crypto_factory_t*, hash_algorithm_t))create_hasher; @@ -739,7 +739,7 @@ crypto_factory_t *crypto_factory_create() this->public.create_dh_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_dh_enumerator; this->public.add_test_vector = (void(*)(crypto_factory_t*, transform_type_t type, ...))add_test_vector; this->public.destroy = (void(*)(crypto_factory_t*))destroy; - + this->crypters = linked_list_create(); this->signers = linked_list_create(); this->hashers = linked_list_create(); @@ -752,7 +752,7 @@ crypto_factory_t *crypto_factory_create() "libstrongswan.crypto_test.on_add", FALSE); this->test_on_create = lib->settings->get_bool(lib->settings, "libstrongswan.crypto_test.on_create", FALSE); - + return &this->public; } diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index f1ebcf90a..9c6effd26 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -76,7 +76,7 @@ struct crypto_factory_t { */ crypter_t* (*create_crypter)(crypto_factory_t *this, encryption_algorithm_t algo, size_t key_size); - + /** * Create a symmetric signer instance. * @@ -93,7 +93,7 @@ struct crypto_factory_t { * @return hasher_t instance, NULL if not supported */ hasher_t* (*create_hasher)(crypto_factory_t *this, hash_algorithm_t algo); - + /** * Create a pseudo random function instance. * @@ -101,7 +101,7 @@ struct crypto_factory_t { * @return prf_t instance, NULL if not supported */ prf_t* (*create_prf)(crypto_factory_t *this, pseudo_random_function_t algo); - + /** * Create a source of randomness. * @@ -109,7 +109,7 @@ struct crypto_factory_t { * @return rng_t instance, NULL if no RNG with such a quality */ rng_t* (*create_rng)(crypto_factory_t *this, rng_quality_t quality); - + /** * Create a diffie hellman instance. * @@ -118,7 +118,7 @@ struct crypto_factory_t { */ diffie_hellman_t* (*create_dh)(crypto_factory_t *this, diffie_hellman_group_t group); - + /** * Register a crypter constructor. * @@ -128,14 +128,14 @@ struct crypto_factory_t { */ void (*add_crypter)(crypto_factory_t *this, encryption_algorithm_t algo, crypter_constructor_t create); - + /** * Unregister a crypter constructor. * * @param create constructor function to unregister */ void (*remove_crypter)(crypto_factory_t *this, crypter_constructor_t create); - + /** * Register a signer constructor. * @@ -145,14 +145,14 @@ struct crypto_factory_t { */ void (*add_signer)(crypto_factory_t *this, integrity_algorithm_t algo, signer_constructor_t create); - + /** * Unregister a signer constructor. * * @param create constructor function to unregister */ void (*remove_signer)(crypto_factory_t *this, signer_constructor_t create); - + /** * Register a hasher constructor. * @@ -165,14 +165,14 @@ struct crypto_factory_t { */ void (*add_hasher)(crypto_factory_t *this, hash_algorithm_t algo, hasher_constructor_t create); - + /** * Unregister a hasher constructor. * * @param create constructor function to unregister */ void (*remove_hasher)(crypto_factory_t *this, hasher_constructor_t create); - + /** * Register a prf constructor. * @@ -182,14 +182,14 @@ struct crypto_factory_t { */ void (*add_prf)(crypto_factory_t *this, pseudo_random_function_t algo, prf_constructor_t create); - + /** * Unregister a prf constructor. * * @param create constructor function to unregister */ void (*remove_prf)(crypto_factory_t *this, prf_constructor_t create); - + /** * Register a source of randomness. * @@ -197,14 +197,14 @@ struct crypto_factory_t { * @param create constructor function for such a quality */ void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, rng_constructor_t create); - + /** * Unregister a source of randomness. * * @param create constructor function to unregister */ void (*remove_rng)(crypto_factory_t *this, rng_constructor_t create); - + /** * Register a diffie hellman constructor. * @@ -214,49 +214,49 @@ struct crypto_factory_t { */ void (*add_dh)(crypto_factory_t *this, diffie_hellman_group_t group, dh_constructor_t create); - + /** * Unregister a diffie hellman constructor. * * @param create constructor function to unregister */ void (*remove_dh)(crypto_factory_t *this, dh_constructor_t create); - + /** * Create an enumerator over all registered crypter algorithms. * * @return enumerator over encryption_algorithm_t */ enumerator_t* (*create_crypter_enumerator)(crypto_factory_t *this); - + /** * Create an enumerator over all registered signer algorithms. * * @return enumerator over integrity_algorithm_t */ enumerator_t* (*create_signer_enumerator)(crypto_factory_t *this); - + /** * Create an enumerator over all registered hasher algorithms. * * @return enumerator over hash_algorithm_t */ enumerator_t* (*create_hasher_enumerator)(crypto_factory_t *this); - + /** * Create an enumerator over all registered PRFs. * * @return enumerator over pseudo_random_function_t */ enumerator_t* (*create_prf_enumerator)(crypto_factory_t *this); - + /** * Create an enumerator over all registered diffie hellman groups. * * @return enumerator over diffie_hellman_group_t */ enumerator_t* (*create_dh_enumerator)(crypto_factory_t *this); - + /** * Add a test vector to the crypto factory. * @@ -264,7 +264,7 @@ struct crypto_factory_t { * @param ... pointer to a test vector, defined in crypto_tester.h */ void (*add_test_vector)(crypto_factory_t *this, transform_type_t type, ...); - + /** * Destroy a crypto_factory instance. */ diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 4d13474a1..86daf65f9 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -24,42 +24,42 @@ typedef struct private_crypto_tester_t private_crypto_tester_t; * Private data of an crypto_tester_t object. */ struct private_crypto_tester_t { - + /** * Public crypto_tester_t interface. */ crypto_tester_t public; - + /** * List of crypter test vectors */ linked_list_t *crypter; - + /** * List of signer test vectors */ linked_list_t *signer; - + /** * List of hasher test vectors */ linked_list_t *hasher; - + /** * List of PRF test vectors */ linked_list_t *prf; - + /** * List of RNG test vectors */ linked_list_t *rng; - + /** * Is a test vector required to pass a test? */ bool required; - + /** * should we run RNG_TRUE tests? Enough entropy? */ @@ -76,13 +76,13 @@ static bool test_crypter(private_crypto_tester_t *this, crypter_test_vector_t *vector; bool failed = FALSE; u_int tested = 0; - + enumerator = this->crypter->create_enumerator(this->crypter); while (enumerator->enumerate(enumerator, &vector)) { crypter_t *crypter; chunk_t key, plain, cipher, iv; - + if (vector->alg != alg) { continue; @@ -96,14 +96,14 @@ static bool test_crypter(private_crypto_tester_t *this, { /* key size not supported... */ continue; } - + failed = FALSE; tested++; - + key = chunk_create(vector->key, crypter->get_key_size(crypter)); crypter->set_key(crypter, key); iv = chunk_create(vector->iv, crypter->get_block_size(crypter)); - + /* allocated encryption */ plain = chunk_create(vector->plain, vector->len); crypter->encrypt(crypter, plain, iv, &cipher); @@ -132,7 +132,7 @@ static bool test_crypter(private_crypto_tester_t *this, failed = TRUE; } free(plain.ptr); - + crypter->destroy(crypter); if (failed) { @@ -167,18 +167,18 @@ static bool test_signer(private_crypto_tester_t *this, signer_test_vector_t *vector; bool failed = FALSE; u_int tested = 0; - + enumerator = this->signer->create_enumerator(this->signer); while (enumerator->enumerate(enumerator, &vector)) { signer_t *signer; chunk_t key, data, mac; - + if (vector->alg != alg) { continue; } - + tested++; signer = create(alg); if (!signer) @@ -188,12 +188,12 @@ static bool test_signer(private_crypto_tester_t *this, failed = TRUE; break; } - + failed = FALSE; - + key = chunk_create(vector->key, signer->get_key_size(signer)); signer->set_key(signer, key); - + /* allocated signature */ data = chunk_create(vector->data, vector->len); signer->allocate_signature(signer, data, &mac); @@ -236,7 +236,7 @@ static bool test_signer(private_crypto_tester_t *this, } } free(mac.ptr); - + signer->destroy(signer); if (failed) { @@ -271,18 +271,18 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg, hasher_test_vector_t *vector; bool failed = FALSE; u_int tested = 0; - + enumerator = this->hasher->create_enumerator(this->hasher); while (enumerator->enumerate(enumerator, &vector)) { hasher_t *hasher; chunk_t data, hash; - + if (vector->alg != alg) { continue; } - + tested++; hasher = create(alg); if (!hasher) @@ -292,9 +292,9 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg, failed = TRUE; break; } - + failed = FALSE; - + /* allocated hash */ data = chunk_create(vector->data, vector->len); hasher->allocate_hash(hasher, data, &hash); @@ -326,7 +326,7 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg, } } free(hash.ptr); - + hasher->destroy(hasher); if (failed) { @@ -361,18 +361,18 @@ static bool test_prf(private_crypto_tester_t *this, prf_test_vector_t *vector; bool failed = FALSE; u_int tested = 0; - + enumerator = this->prf->create_enumerator(this->prf); while (enumerator->enumerate(enumerator, &vector)) { prf_t *prf; chunk_t key, seed, out; - + if (vector->alg != alg) { continue; } - + tested++; prf = create(alg); if (!prf) @@ -382,12 +382,12 @@ static bool test_prf(private_crypto_tester_t *this, failed = TRUE; break; } - + failed = FALSE; - + key = chunk_create(vector->key, vector->key_size); prf->set_key(prf, key); - + /* allocated bytes */ seed = chunk_create(vector->seed, vector->len); prf->allocate_bytes(prf, seed, &out); @@ -427,7 +427,7 @@ static bool test_prf(private_crypto_tester_t *this, } } free(out.ptr); - + prf->destroy(prf); if (failed) { @@ -462,25 +462,25 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality, rng_test_vector_t *vector; bool failed = FALSE; u_int tested = 0; - + if (!this->rng_true && quality == RNG_TRUE) { DBG1("enabled %N: skipping test (disabled by config)", rng_quality_names, quality); return TRUE; } - + enumerator = this->rng->create_enumerator(this->rng); while (enumerator->enumerate(enumerator, &vector)) { rng_t *rng; chunk_t data; - + if (vector->quality != quality) { continue; } - + tested++; rng = create(quality); if (!rng) @@ -490,9 +490,9 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality, failed = TRUE; break; } - + failed = FALSE; - + /* allocated bytes */ rng->allocate_bytes(rng, vector->len, &data); if (data.len != vector->len) @@ -511,7 +511,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality, failed = TRUE; } free(data.ptr); - + rng->destroy(rng); if (failed) { @@ -600,7 +600,7 @@ static void destroy(private_crypto_tester_t *this) crypto_tester_t *crypto_tester_create() { private_crypto_tester_t *this = malloc_thing(private_crypto_tester_t); - + this->public.test_crypter = (bool(*)(crypto_tester_t*, encryption_algorithm_t alg,size_t key_size, crypter_constructor_t create))test_crypter; this->public.test_signer = (bool(*)(crypto_tester_t*, integrity_algorithm_t alg, signer_constructor_t create))test_signer; this->public.test_hasher = (bool(*)(crypto_tester_t*, hash_algorithm_t alg, hasher_constructor_t create))test_hasher; @@ -612,18 +612,18 @@ crypto_tester_t *crypto_tester_create() this->public.add_prf_vector = (void(*)(crypto_tester_t*, prf_test_vector_t *vector))add_prf_vector; this->public.add_rng_vector = (void(*)(crypto_tester_t*, rng_test_vector_t *vector))add_rng_vector; this->public.destroy = (void(*)(crypto_tester_t*))destroy; - + this->crypter = linked_list_create(); this->signer = linked_list_create(); this->hasher = linked_list_create(); this->prf = linked_list_create(); this->rng = linked_list_create(); - + this->required = lib->settings->get_bool(lib->settings, "libstrongswan.crypto_test.required", FALSE); this->rng_true = lib->settings->get_bool(lib->settings, "libstrongswan.crypto_test.rng_true", FALSE); - + return &this->public; } diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index d2929f33d..ddcc2da51 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -109,12 +109,12 @@ struct rng_test_vector_t { * Cryptographic primitive testing framework. */ struct crypto_tester_t { - + /** * Test a crypter algorithm, optionally using a specified key size. * * @param alg algorithm to test - * @param key_size key size to test, 0 for all + * @param key_size key size to test, 0 for all * @param create constructor function for the crypter * @return TRUE if test passed */ @@ -183,14 +183,14 @@ struct crypto_tester_t { * @param vector pointer to test vector */ void (*add_prf_vector)(crypto_tester_t *this, prf_test_vector_t *vector); - + /** * Add a test vector to test a RNG. * * @param vector pointer to test vector */ void (*add_rng_vector)(crypto_tester_t *this, rng_test_vector_t *vector); - + /** * Destroy a crypto_tester_t. */ @@ -202,4 +202,4 @@ struct crypto_tester_t { */ crypto_tester_t *crypto_tester_create(); -#endif /* CRYPTO_TESTER_ @}*/ +#endif /** CRYPTO_TESTER_H_ @}*/ diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index a40a73526..842938c3b 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup diffie_hellman diffie_hellman * @{ @ingroup crypto @@ -32,7 +32,7 @@ typedef struct diffie_hellman_t diffie_hellman_t; * * The modulus (or group) to use for a Diffie-Hellman calculation. * See IKEv2 RFC 3.3.2 and RFC 3526. - * + * * ECP groups are defined in RFC 4753 and RFC 5114. */ enum diffie_hellman_group_t { @@ -63,39 +63,39 @@ extern enum_name_t *diffie_hellman_group_names; * Implementation of the Diffie-Hellman algorithm, as in RFC2631. */ struct diffie_hellman_t { - + /** * Returns the shared secret of this diffie hellman exchange. - * - * Space for returned secret is allocated and must be + * + * Space for returned secret is allocated and must be * freed by the caller. - * + * * @param secret shared secret will be written into this chunk * @return SUCCESS, FAILED if not both DH values are set */ status_t (*get_shared_secret) (diffie_hellman_t *this, chunk_t *secret); - + /** * Sets the public value of partner. - * + * * Chunk gets cloned and can be destroyed afterwards. - * + * * @param value public value of partner */ void (*set_other_public_value) (diffie_hellman_t *this, chunk_t value); - + /** * Gets the own public value to transmit. - * + * * Space for returned chunk is allocated and must be freed by the caller. - * + * * @param value public value of caller is stored at this location */ void (*get_my_public_value) (diffie_hellman_t *this, chunk_t *value); - + /** * Get the DH group used. - * + * * @return DH group set in construction */ diffie_hellman_group_t (*get_dh_group) (diffie_hellman_t *this); diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index 4d6904e47..81750a519 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -104,36 +104,46 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg) /* * Described in header. */ -int hasher_signature_algorithm_to_oid(hash_algorithm_t alg) +int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key) { - int oid; - - switch (alg) + switch (key) { - case HASH_MD2: - oid = OID_MD2_WITH_RSA; - break; - case HASH_MD5: - oid = OID_MD5_WITH_RSA; - break; - case HASH_SHA1: - oid = OID_SHA1_WITH_RSA; - break; - case HASH_SHA224: - oid = OID_SHA224_WITH_RSA; - break; - case HASH_SHA256: - oid = OID_SHA256_WITH_RSA; - break; - case HASH_SHA384: - oid = OID_SHA384_WITH_RSA; - break; - case HASH_SHA512: - oid = OID_SHA512_WITH_RSA; - break; + case KEY_RSA: + switch (alg) + { + case HASH_MD2: + return OID_MD2_WITH_RSA; + case HASH_MD5: + return OID_MD5_WITH_RSA; + case HASH_SHA1: + return OID_SHA1_WITH_RSA; + case HASH_SHA224: + return OID_SHA224_WITH_RSA; + case HASH_SHA256: + return OID_SHA256_WITH_RSA; + case HASH_SHA384: + return OID_SHA384_WITH_RSA; + case HASH_SHA512: + return OID_SHA512_WITH_RSA; + default: + return OID_UNKNOWN; + } + case KEY_ECDSA: + switch (alg) + { + case HASH_SHA1: + return OID_ECDSA_WITH_SHA1; + case HASH_SHA256: + return OID_ECDSA_WITH_SHA256; + case HASH_SHA384: + return OID_ECDSA_WITH_SHA384; + case HASH_SHA512: + return OID_ECDSA_WITH_SHA512; + default: + return OID_UNKNOWN; + } default: - oid = OID_UNKNOWN; + return OID_UNKNOWN; } - return oid; } diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 6deed37ab..9fa043c7e 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup hasher hasher * @{ @ingroup crypto @@ -27,6 +27,7 @@ typedef enum hash_algorithm_t hash_algorithm_t; typedef struct hasher_t hasher_t; #include +#include /** * Algorithms to use for hashing. @@ -35,7 +36,7 @@ enum hash_algorithm_t { /** not specified hash function */ HASH_UNKNOWN = 0, /** preferred hash function, general purpose */ - HASH_PREFERRED = 1, + HASH_PREFERRED = 1, HASH_MD2 = 2, HASH_MD4 = 3, HASH_MD5 = 4, @@ -66,43 +67,43 @@ extern enum_name_t *hash_algorithm_names; struct hasher_t { /** * Hash data and write it in the buffer. - * + * * If the parameter hash is NULL, no result is written back * and more data can be appended to already hashed data. * If not, the result is written back and the hasher is reset. - * + * * The hash output parameter must hold at least * hash_t.get_block_size() bytes. - * + * * @param data data to hash * @param hash pointer where the hash will be written */ void (*get_hash) (hasher_t *this, chunk_t data, u_int8_t *hash); - + /** * Hash data and allocate space for the hash. - * + * * If the parameter hash is NULL, no result is written back * and more data can be appended to already hashed data. * If not, the result is written back and the hasher is reset. - * + * * @param data chunk with data to hash * @param hash chunk which will hold allocated hash */ void (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash); - + /** * Get the size of the resulting hash. - * + * * @return hash size in bytes */ size_t (*get_hash_size) (hasher_t *this); - + /** * Resets the hashers state. */ void (*reset) (hasher_t *this); - + /** * Destroys a hasher object. */ @@ -111,7 +112,7 @@ struct hasher_t { /** * Conversion of ASN.1 OID to hash algorithm. - * + * * @param oid ASN.1 OID * @return hash algorithm, HASH_UNKNOWN if OID unsuported */ @@ -119,7 +120,7 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid); /** * Conversion of hash algorithm into ASN.1 OID. - * + * * @param alg hash algorithm * @return ASN.1 OID, or OID_UNKNOW */ @@ -127,10 +128,11 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg); /** * Conversion of hash signature algorithm into ASN.1 OID. - * + * * @param alg hash algorithm + * @param key public key type * @return ASN.1 OID if, or OID_UNKNOW */ -int hasher_signature_algorithm_to_oid(hash_algorithm_t alg); +int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key); #endif /** HASHER_H_ @}*/ diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c index 525ea9db5..e3ba0f129 100644 --- a/src/libstrongswan/crypto/pkcs9.c +++ b/src/libstrongswan/crypto/pkcs9.c @@ -68,7 +68,7 @@ struct attribute_t { /** * Destroys the attribute. - * + * * @param this attribute to destroy */ void (*destroy) (attribute_t *this); @@ -78,48 +78,30 @@ struct attribute_t { /** * PKCS#9 attribute type OIDs */ -static u_char ASN1_contentType_oid_str[] = { +static chunk_t ASN1_contentType_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03 -}; - -static u_char ASN1_messageDigest_oid_str[] = { +); +static chunk_t ASN1_messageDigest_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04 -}; - -static u_char ASN1_signingTime_oid_str[] = { +); +static chunk_t ASN1_signingTime_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x05 -}; - -static char ASN1_messageType_oid_str[] = { +); +static chunk_t ASN1_messageType_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02 -}; - -static char ASN1_senderNonce_oid_str[] = { +); +static chunk_t ASN1_senderNonce_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05 -}; - -static char ASN1_transId_oid_str[] = { +); +static chunk_t ASN1_transId_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07 -}; - -static const chunk_t ASN1_contentType_oid = - chunk_from_buf(ASN1_contentType_oid_str); -static const chunk_t ASN1_messageDigest_oid = - chunk_from_buf(ASN1_messageDigest_oid_str); -static const chunk_t ASN1_signingTime_oid = - chunk_from_buf(ASN1_signingTime_oid_str); -static const chunk_t ASN1_messageType_oid = - chunk_from_buf(ASN1_messageType_oid_str); -static const chunk_t ASN1_senderNonce_oid = - chunk_from_buf(ASN1_senderNonce_oid_str); -static const chunk_t ASN1_transId_oid = - chunk_from_buf(ASN1_transId_oid_str); +); /** * return the ASN.1 encoded OID of a PKCS#9 attribute @@ -243,14 +225,14 @@ static void build_encoding(private_pkcs9_t *this) /* allocate memory for the attributes and build the encoding */ { u_char *pos = asn1_build_object(&this->encoding, ASN1_SET, attributes_len); - + iterator = this->attributes->create_iterator(this->attributes, TRUE); while (iterator->iterate(iterator, (void**)&attribute)) { memcpy(pos, attribute->encoding.ptr, attribute->encoding.len); - pos += attribute->encoding.len; - } + pos += attribute->encoding.len; + } iterator->destroy(iterator); } } @@ -346,7 +328,7 @@ static void destroy(private_pkcs9_t *this) static private_pkcs9_t *pkcs9_create_empty(void) { private_pkcs9_t *this = malloc_thing(private_pkcs9_t); - + /* initialize */ this->encoding = chunk_empty; this->attributes = linked_list_create(); @@ -428,7 +410,7 @@ static bool parse_attributes(chunk_t chunk, int level0, private_pkcs9_t* this) if (type != ASN1_EOC) { - if (!asn1_parse_simple_object(&object, type, + if (!asn1_parse_simple_object(&object, type, parser->get_level(parser)+1, oid_names[oid].name)) { @@ -452,7 +434,7 @@ end: pkcs9_t *pkcs9_create_from_chunk(chunk_t chunk, u_int level) { private_pkcs9_t *this = pkcs9_create_empty(); - + this->encoding = chunk_clone(chunk); if (!parse_attributes(chunk, level, this)) diff --git a/src/libstrongswan/crypto/pkcs9.h b/src/libstrongswan/crypto/pkcs9.h index 80d915701..5b85692d6 100644 --- a/src/libstrongswan/crypto/pkcs9.h +++ b/src/libstrongswan/crypto/pkcs9.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup pkcs9 pkcs9 * @{ @ingroup crypto @@ -29,7 +29,7 @@ typedef struct pkcs9_t pkcs9_t; * PKCS#9 attributes. */ struct pkcs9_t { - + /** * Generate ASN.1 encoding of attribute list */ @@ -54,7 +54,7 @@ struct pkcs9_t { * Adds a PKCS#9 attribute * * @param oid OID of the attribute - * @param value ASN.1 encoded value of the attribute + * @param value ASN.1 encoded value of the attribute */ void (*set_attribute) (pkcs9_t *this, int oid, chunk_t value); @@ -68,7 +68,7 @@ struct pkcs9_t { /** * Add a PKCS#9 messageDigest attribute * - * @param value messageDigest + * @param value messageDigest */ void (*set_messageDigest) (pkcs9_t *this, chunk_t value); @@ -80,7 +80,7 @@ struct pkcs9_t { /** * Read a PKCS#9 attribute list from a DER encoded chunk. - * + * * @param chunk chunk containing DER encoded data * @param level ASN.1 parsing start level * @return created pkcs9 attribute list, or NULL if invalid. @@ -89,7 +89,7 @@ pkcs9_t *pkcs9_create_from_chunk(chunk_t chunk, u_int level); /** * Create an empty PKCS#9 attribute list - * + * * @return created pkcs9 attribute list. */ pkcs9_t *pkcs9_create(void); diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c index a4fc377ef..6bd0f7465 100644 --- a/src/libstrongswan/crypto/prf_plus.c +++ b/src/libstrongswan/crypto/prf_plus.c @@ -22,34 +22,34 @@ typedef struct private_prf_plus_t private_prf_plus_t; /** * Private data of an prf_plus_t object. - * + * */ struct private_prf_plus_t { /** * Public interface of prf_plus_t. */ prf_plus_t public; - + /** * PRF to use. */ prf_t *prf; - + /** * Initial seed. */ chunk_t seed; - + /** * Buffer to store current PRF result. */ chunk_t buffer; - + /** * Already given out bytes in current buffer. */ size_t given_out; - + /** * Octet which will be appended to the seed. */ @@ -60,18 +60,18 @@ struct private_prf_plus_t { * Implementation of prf_plus_t.get_bytes. */ static void get_bytes(private_prf_plus_t *this, size_t length, u_int8_t *buffer) -{ +{ chunk_t appending_chunk; size_t bytes_in_round; size_t total_bytes_written = 0; - + appending_chunk.ptr = &(this->appending_octet); appending_chunk.len = 1; - + while (length > 0) { /* still more to do... */ if (this->buffer.len == this->given_out) - { /* no bytes left in buffer, get next*/ + { /* no bytes left in buffer, get next*/ this->prf->get_bytes(this->prf, this->buffer, NULL); this->prf->get_bytes(this->prf, this->seed, NULL); this->prf->get_bytes(this->prf, appending_chunk, this->buffer.ptr); @@ -82,7 +82,7 @@ static void get_bytes(private_prf_plus_t *this, size_t length, u_int8_t *buffer) bytes_in_round = min(length, this->buffer.len - this->given_out); /* copy bytes from buffer with offset */ memcpy(buffer + total_bytes_written, this->buffer.ptr + this->given_out, bytes_in_round); - + length -= bytes_in_round; this->given_out += bytes_in_round; total_bytes_written += bytes_in_round; @@ -91,7 +91,7 @@ static void get_bytes(private_prf_plus_t *this, size_t length, u_int8_t *buffer) /** * Implementation of prf_plus_t.allocate_bytes. - */ + */ static void allocate_bytes(private_prf_plus_t *this, size_t length, chunk_t *chunk) { if (length) @@ -123,23 +123,23 @@ prf_plus_t *prf_plus_create(prf_t *prf, chunk_t seed) { private_prf_plus_t *this; chunk_t appending_chunk; - + this = malloc_thing(private_prf_plus_t); /* set public methods */ this->public.get_bytes = (void (*)(prf_plus_t *,size_t,u_int8_t*))get_bytes; this->public.allocate_bytes = (void (*)(prf_plus_t *,size_t,chunk_t*))allocate_bytes; this->public.destroy = (void (*)(prf_plus_t *))destroy; - + /* take over prf */ this->prf = prf; - + /* allocate buffer for prf output */ this->buffer.len = prf->get_block_size(prf); this->buffer.ptr = malloc(this->buffer.len); this->appending_octet = 0x01; - + /* clone seed */ this->seed.ptr = clalloc(seed.ptr, seed.len); this->seed.len = seed.len; @@ -151,6 +151,6 @@ prf_plus_t *prf_plus_create(prf_t *prf, chunk_t seed) this->prf->get_bytes(this->prf, appending_chunk, this->buffer.ptr); this->given_out = 0; this->appending_octet++; - + return &(this->public); } diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h index 2e5b66152..4179f2695 100644 --- a/src/libstrongswan/crypto/prf_plus.h +++ b/src/libstrongswan/crypto/prf_plus.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup prf_plus prf_plus * @{ @ingroup crypto @@ -36,26 +36,26 @@ typedef struct prf_plus_t prf_plus_t; struct prf_plus_t { /** * Get pseudo random bytes. - * + * * Get the next few bytes of the prf+ output. Space * must be allocated by the caller. - * + * * @param length number of bytes to get * @param buffer pointer where the generated bytes will be written */ void (*get_bytes) (prf_plus_t *this, size_t length, u_int8_t *buffer); - + /** * Allocate pseudo random bytes. - * + * * Get the next few bytes of the prf+ output. This function * will allocate the required space. - * + * * @param length number of bytes to get * @param chunk chunk which will hold generated bytes */ void (*allocate_bytes) (prf_plus_t *this, size_t length, chunk_t *chunk); - + /** * Destroys a prf_plus_t object. */ @@ -64,11 +64,11 @@ struct prf_plus_t { /** * Creates a new prf_plus_t object. - * + * * Seed will be cloned. prf will * not be cloned, must be destroyed outside after * prf_plus_t usage. - * + * * @param prf prf object to use * @param seed input seed for prf * @return prf_plus_t object diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h index f2a5afc45..6e853444f 100644 --- a/src/libstrongswan/crypto/prfs/prf.h +++ b/src/libstrongswan/crypto/prfs/prf.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup prf prf * @{ @ingroup crypto @@ -55,7 +55,7 @@ enum pseudo_random_function_t { PRF_FIPS_SHA1_160 = 1025, /** FIPS 186-2-change1, uses fixed output size of 160bit */ PRF_FIPS_DES = 1026, - /** + /** * Keyed hash algorithm using SHA1, used in EAP-AKA: * This PRF uses SHA1, but XORs the key into the IV. No "Final()" operation * is applied to the SHA1 state. */ @@ -78,39 +78,39 @@ struct prf_t { * @param buffer pointer where the generated bytes will be written */ void (*get_bytes) (prf_t *this, chunk_t seed, u_int8_t *buffer); - + /** * Generates pseudo random bytes and allocate space for them. - * + * * @param seed a chunk containing the seed for the next bytes * @param chunk chunk which will hold generated bytes */ void (*allocate_bytes) (prf_t *this, chunk_t seed, chunk_t *chunk); - + /** * Get the block size of this prf_t object. - * + * * @return block size in bytes */ size_t (*get_block_size) (prf_t *this); - + /** * Get the key size of this prf_t object. * * This is a suggestion only, all implemented PRFs accept variable key * length. - * + * * @return key size in bytes */ size_t (*get_key_size) (prf_t *this); - + /** * Set the key for this prf_t object. - * + * * @param key key to set */ void (*set_key) (prf_t *this, chunk_t key); - + /** * Destroys a prf object. */ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index 14321e070..75816e8b3 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -56,15 +56,15 @@ struct proposal_token { char *name; transform_type_t type; u_int16_t algorithm; - u_int16_t keysize; + u_int16_t keysize; }; -#define TOTAL_KEYWORDS 87 +#define TOTAL_KEYWORDS 89 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 12 #define MIN_HASH_VALUE 4 -#define MAX_HASH_VALUE 129 -/* maximum key range = 126, duplicates = 0 */ +#define MAX_HASH_VALUE 123 +/* maximum key range = 120, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -80,32 +80,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 11, - 2, 15, 5, 27, 21, 8, 5, 0, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 39, 130, 24, 0, 1, - 8, 2, 50, 0, 9, 53, 130, 130, 0, 130, - 42, 0, 130, 130, 5, 9, 34, 4, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130, 130, 130, 130, - 130, 130, 130, 130, 130, 130, 130 + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 11, + 2, 23, 5, 27, 21, 8, 5, 0, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 22, 124, 24, 0, 1, + 8, 2, 50, 0, 11, 54, 124, 124, 0, 124, + 42, 0, 124, 124, 5, 9, 34, 6, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, + 124, 124, 124, 124, 124, 124, 124 }; register int hval = len; @@ -197,31 +197,33 @@ static const struct proposal_token wordlist[] = {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, + {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, - {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, - {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, + {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, - {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0} + {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256} }; static const short lookup[] = @@ -231,11 +233,10 @@ static const short lookup[] = 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, -1, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, - 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, -1, - 71, -1, 72, -1, 73, -1, 74, 75, 76, 77, 78, -1, -1, 79, - -1, -1, -1, -1, -1, -1, 80, -1, -1, -1, -1, -1, -1, 81, - -1, -1, -1, -1, -1, -1, 82, 83, 84, -1, 85, -1, -1, -1, - -1, -1, -1, 86 + 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, -1, 70, + 71, 72, -1, -1, 73, 74, 75, 76, 77, -1, 78, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 79, 80, -1, -1, -1, -1, -1, 81, + 82, 83, -1, 84, -1, -1, -1, 85, -1, 86, 87, 88 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h index 86cb7ef09..53fa1728f 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.h +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h @@ -21,10 +21,10 @@ typedef struct proposal_token proposal_token_t; struct proposal_token { - char *name; - transform_type_t type; + char *name; + transform_type_t type; u_int16_t algorithm; - u_int16_t keysize; + u_int16_t keysize; }; extern const proposal_token_t* proposal_get_token(register const char *str, diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt index 511fdd50a..139d689ca 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt @@ -26,7 +26,7 @@ struct proposal_token { char *name; transform_type_t type; u_int16_t algorithm; - u_int16_t keysize; + u_int16_t keysize; }; %% null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0 @@ -96,6 +96,8 @@ sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0 sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0 sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0 sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0 +sha256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0 +sha2_256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0 sha384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0 sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0 sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0 diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h index 89bc2f2de..36ef52bb4 100644 --- a/src/libstrongswan/crypto/rngs/rng.h +++ b/src/libstrongswan/crypto/rngs/rng.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup rng rng * @{ @ingroup crypto @@ -55,15 +55,15 @@ struct rng_t { * @param buffer pointer where the generated bytes will be written */ void (*get_bytes) (rng_t *this, size_t len, u_int8_t *buffer); - + /** * Generates random bytes and allocate space for them. - * + * * @param len number of bytes to get * @param chunk chunk which will hold generated bytes */ void (*allocate_bytes) (rng_t *this, size_t len, chunk_t *chunk); - + /** * Destroys a rng object. */ diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c index 1147e1f26..e98916bfe 100644 --- a/src/libstrongswan/crypto/signers/signer.c +++ b/src/libstrongswan/crypto/signers/signer.c @@ -16,10 +16,11 @@ #include "signer.h" -ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA1_128, +ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA2_256_96, "UNDEFINED", - "HMAC_SHA1_128"); -ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA1_128, + "HMAC_SHA1_128", + "HMAC_SHA2_256_96"); +ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA2_256_96, "HMAC_MD5_96", "HMAC_SHA1_96", "DES_MAC", diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index 0d9bfc5af..94e8c99b9 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup signer signer * @{ @ingroup crypto @@ -64,6 +64,8 @@ enum integrity_algorithm_t { AUTH_HMAC_SHA2_512_256 = 14, /** private use */ AUTH_HMAC_SHA1_128 = 1025, + /** SHA256 96 bit truncation variant, supported by Linux kernels */ + AUTH_HMAC_SHA2_256_96 = 1026, }; /** @@ -80,53 +82,53 @@ struct signer_t { * * If buffer is NULL, data is processed and prepended to a next call until * buffer is a valid pointer. - * + * * @param data a chunk containing the data to sign * @param buffer pointer where the signature will be written */ void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer); - + /** * Generate a signature and allocate space for it. * * If chunk is NULL, data is processed and prepended to a next call until * chunk is a valid chunk pointer. - * + * * @param data a chunk containing the data to sign * @param chunk chunk which will hold the allocated signature */ void (*allocate_signature) (signer_t *this, chunk_t data, chunk_t *chunk); - + /** * Verify a signature. - * + * * @param data a chunk containing the data to verify * @param signature a chunk containing the signature * @return TRUE, if signature is valid, FALSE otherwise */ bool (*verify_signature) (signer_t *this, chunk_t data, chunk_t signature); - + /** * Get the block size of this signature algorithm. - * + * * @return block size in bytes */ size_t (*get_block_size) (signer_t *this); - + /** * Get the key size of the signature algorithm. - * + * * @return key size in bytes */ size_t (*get_key_size) (signer_t *this); - + /** * Set the key for this object. - * + * * @param key key to set */ void (*set_key) (signer_t *this, chunk_t key); - + /** * Destroys a signer_t object. */ diff --git a/src/libstrongswan/database/database.h b/src/libstrongswan/database/database.h index 16472d869..8df1c6f7f 100644 --- a/src/libstrongswan/database/database.h +++ b/src/libstrongswan/database/database.h @@ -59,41 +59,41 @@ enum db_driver_t { * Interface for a database implementation. * * @code - int affected, rowid, aint; - char *atext; - database_t *db; - enumerator_t *enumerator; - - db = lib->database->create("mysql://user:pass@host/database"); - affected = db->execute(db, &rowid, "INSERT INTO table VALUES (?, ?)", - DB_INT, 77, DB_TEXT, "a text"); - printf("inserted %d row, new row ID: %d\n", affected, rowid); - - enumerator = db->query(db, "SELECT aint, atext FROM table WHERE aint > ?", - DB_INT, 10, // 1 argument to SQL string - DB_INT, DB_TEXT); // 2 enumerated types in query - if (enumerator) - { - while (enumerator->enumerate(enumerator, &aint, &atext)) - { - printf("%d: %s\n", aint, atext); - } - enumerator->destroy(enumerator); - } + int affected, rowid, aint; + char *atext; + database_t *db; + enumerator_t *enumerator; + + db = lib->database->create("mysql://user:pass@host/database"); + affected = db->execute(db, &rowid, "INSERT INTO table VALUES (?, ?)", + DB_INT, 77, DB_TEXT, "a text"); + printf("inserted %d row, new row ID: %d\n", affected, rowid); + + enumerator = db->query(db, "SELECT aint, atext FROM table WHERE aint > ?", + DB_INT, 10, // 1 argument to SQL string + DB_INT, DB_TEXT); // 2 enumerated types in query + if (enumerator) + { + while (enumerator->enumerate(enumerator, &aint, &atext)) + { + printf("%d: %s\n", aint, atext); + } + enumerator->destroy(enumerator); + } @endcode */ struct database_t { - + /** * Run a query which returns rows, such as a SELECT. * * @param sql sql query string, containing '?' placeholders * @param ... list of sql placeholder db_type_t followed by its value, - * followed by enumerators arguments as db_type_t's + * followed by enumerators arguments as db_type_t's * @return enumerator as defined with arguments, NULL on failure */ enumerator_t* (*query)(database_t *this, char *sql, ...); - + /** * Execute a query which dows not return rows, such as INSERT. * @@ -103,7 +103,7 @@ struct database_t { * @return number of affected rows, < 0 on failure */ int (*execute)(database_t *this, int *rowid, char *sql, ...); - + /** * Get the database implementation type. * @@ -113,11 +113,11 @@ struct database_t { * @return database implementation type */ db_driver_t (*get_driver)(database_t *this); - + /** - * Destroy a database connection. - */ - void (*destroy)(database_t *this); + * Destroy a database connection. + */ + void (*destroy)(database_t *this); }; #endif /** DATABASE_H_ @}*/ diff --git a/src/libstrongswan/database/database_factory.c b/src/libstrongswan/database/database_factory.c index ef6927874..3936565a1 100644 --- a/src/libstrongswan/database/database_factory.c +++ b/src/libstrongswan/database/database_factory.c @@ -16,7 +16,7 @@ #include "database_factory.h" #include -#include +#include typedef struct private_database_factory_t private_database_factory_t; @@ -29,12 +29,12 @@ struct private_database_factory_t { * public functions */ database_factory_t public; - + /** * list of registered database_t implementations */ linked_list_t *databases; - + /** * mutex to lock access to databases */ @@ -49,7 +49,7 @@ static database_t* create(private_database_factory_t *this, char *uri) enumerator_t *enumerator; database_t *database = NULL; database_constructor_t create; - + this->mutex->lock(this->mutex); enumerator = this->databases->create_enumerator(this->databases); while (enumerator->enumerate(enumerator, &create)) @@ -103,15 +103,15 @@ static void destroy(private_database_factory_t *this) database_factory_t *database_factory_create() { private_database_factory_t *this = malloc_thing(private_database_factory_t); - + this->public.create = (database_t*(*)(database_factory_t*, char *url))create; this->public.add_database = (void(*)(database_factory_t*, database_constructor_t))add_database; this->public.remove_database = (void(*)(database_factory_t*, database_constructor_t))remove_database; this->public.destroy = (void(*)(database_factory_t*))destroy; - + this->databases = linked_list_create(); this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - + return &this->public; } diff --git a/src/libstrongswan/database/database_factory.h b/src/libstrongswan/database/database_factory.h index 8875adad7..3213e1a08 100644 --- a/src/libstrongswan/database/database_factory.h +++ b/src/libstrongswan/database/database_factory.h @@ -44,25 +44,25 @@ struct database_factory_t { * @return database_t instance, NULL if not supported/failed */ database_t* (*create)(database_factory_t *this, char *uri); - + /** * Register a database constructor. * * @param create database constructor to register */ void (*add_database)(database_factory_t *this, database_constructor_t create); - + /** * Unregister a previously registered database constructor. * * @param create database constructor to unregister */ void (*remove_database)(database_factory_t *this, database_constructor_t create); - + /** - * Destroy a database_factory instance. - */ - void (*destroy)(database_factory_t *this); + * Destroy a database_factory instance. + */ + void (*destroy)(database_factory_t *this); }; /** diff --git a/src/libstrongswan/debug.c b/src/libstrongswan/debug.c index b4a84cf76..51b7875d8 100644 --- a/src/libstrongswan/debug.c +++ b/src/libstrongswan/debug.c @@ -14,24 +14,57 @@ */ #include -#include #include "debug.h" +/** + * level logged by the default logger + */ +static int default_level = 1; + +/** + * stream logged to by the default logger + */ +static FILE *default_stream = NULL; + /** * default dbg function which printf all to stderr */ void dbg_default(int level, char *fmt, ...) { - if (level <= 1) + if (!default_stream) + { + default_stream = stderr; + } + if (level <= default_level) { va_list args; - + va_start(args, fmt); - vfprintf(stderr, fmt, args); - fprintf(stderr, "\n"); + vfprintf(default_stream, fmt, args); + fprintf(default_stream, "\n"); va_end(args); } } +/** + * set the level logged by the default stderr logger + */ +void dbg_default_set_level(int level) +{ + default_level = level; +} + +/** + * set the stream logged by dbg_default() to + */ +void dbg_default_set_stream(FILE *stream) +{ + default_stream = stream; +} + +/** + * The registered debug hook. + */ void (*dbg) (int level, char *fmt, ...) = dbg_default; + diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h index 1413ff54e..085795acb 100644 --- a/src/libstrongswan/debug.h +++ b/src/libstrongswan/debug.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup debug debug * @{ @ingroup libstrongswan @@ -21,6 +21,8 @@ #ifndef DEBUG_H_ #define DEBUG_H_ +#include + #ifndef DEBUG_LEVEL # define DEBUG_LEVEL 4 #endif /* DEBUG_LEVEL */ @@ -52,10 +54,16 @@ # define DBG4(...) {} #endif -/** dbg function hook, uses stderr logger by default */ +/** dbg function hook, uses dbg_default() by default */ extern void (*dbg) (int level, char *fmt, ...); -/** default logging function, prints to stderr */ +/** default logging function */ void dbg_default(int level, char *fmt, ...); +/** set the level logged by dbg_default() */ +void dbg_default_set_level(int level); + +/** set the stream logged by dbg_default() to */ +void dbg_default_set_stream(FILE *stream); + #endif /** DEBUG_H_ @}*/ diff --git a/src/libstrongswan/enum.h b/src/libstrongswan/enum.h index 3f3ca1172..6b9fd7eaa 100644 --- a/src/libstrongswan/enum.h +++ b/src/libstrongswan/enum.h @@ -98,7 +98,7 @@ struct enum_name_t { * * This is a convenience macro to use when a enum_name list contains only * one range, and is equal as defining ENUM_BEGIN followed by ENUM_END. - * + * * @param name name of the enum_name list * @param first enum value of the first enum string * @param last enum value of the last enum string @@ -109,8 +109,8 @@ struct enum_name_t { /** * printf hook function for enum_names_t. * - * Arguments are: - * enum_names_t *names, int value + * Arguments are: + * enum_names_t *names, int value */ int enum_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); diff --git a/src/libstrongswan/fetcher/fetcher.h b/src/libstrongswan/fetcher/fetcher.h index 70d14bf97..f312206bb 100644 --- a/src/libstrongswan/fetcher/fetcher.h +++ b/src/libstrongswan/fetcher/fetcher.h @@ -33,36 +33,36 @@ typedef enum fetcher_option_t fetcher_option_t; */ enum fetcher_option_t { - /** + /** * Data to include in fetch request, e.g. on a HTTP post. * Additional argument is a chunk_t */ FETCH_REQUEST_DATA, - - /** + + /** * Mime-Type of data included in FETCH_REQUEST_DATA. * Additional argument is a char*. */ FETCH_REQUEST_TYPE, - - /** + + /** * HTTP header to be sent with with the fetch request. * Additional argument is a char*. */ FETCH_REQUEST_HEADER, - /** + /** * Use HTTP Version 1.0 instead of 1.1. * No additional argument is needed. */ FETCH_HTTP_VERSION_1_0, - /** + /** * Timeout to use for fetch, in seconds. * Additional argument is u_int */ FETCH_TIMEOUT, - + /** * end of fetching options */ @@ -96,7 +96,7 @@ struct fetcher_t { * - FAILED, NOT_FOUND, PARSE_ERROR on failure */ status_t (*fetch)(fetcher_t *this, char *uri, chunk_t *result); - + /** * Set a fetcher option, as defined in fetcher_option_t. * @@ -107,11 +107,11 @@ struct fetcher_t { * @return TRUE if option supported, FALSE otherwise */ bool (*set_option)(fetcher_t *this, fetcher_option_t option, ...); - + /** * Destroy the fetcher instance. */ - void (*destroy)(fetcher_t *this); + void (*destroy)(fetcher_t *this); }; #endif /** FETCHER_H_ @}*/ diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c index 1f87412c8..b73bfacf6 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.c +++ b/src/libstrongswan/fetcher/fetcher_manager.c @@ -16,7 +16,7 @@ #include "fetcher_manager.h" #include -#include +#include #include typedef struct private_fetcher_manager_t private_fetcher_manager_t; @@ -30,12 +30,12 @@ struct private_fetcher_manager_t { * public functions */ fetcher_manager_t public; - + /** * list of registered fetchers, as entry_t */ linked_list_t *fetchers; - + /** * read write lock to list */ @@ -68,7 +68,7 @@ static status_t fetch(private_fetcher_manager_t *this, status_t status = NOT_SUPPORTED; entry_t *entry; bool capable = FALSE; - + this->lock->read_lock(this->lock); enumerator = this->fetchers->create_enumerator(this->fetchers); while (enumerator->enumerate(enumerator, &entry)) @@ -119,7 +119,7 @@ static status_t fetch(private_fetcher_manager_t *this, fetcher->destroy(fetcher); continue; } - + status = fetcher->fetch(fetcher, url, response); fetcher->destroy(fetcher); /* try another fetcher only if this one does not support that URL */ @@ -142,11 +142,11 @@ static status_t fetch(private_fetcher_manager_t *this, /** * Implementation of fetcher_manager_t.add_fetcher. */ -static void add_fetcher(private_fetcher_manager_t *this, +static void add_fetcher(private_fetcher_manager_t *this, fetcher_constructor_t create, char *url) { entry_t *entry = malloc_thing(entry_t); - + entry->url = strdup(url); entry->create = create; @@ -163,7 +163,7 @@ static void remove_fetcher(private_fetcher_manager_t *this, { enumerator_t *enumerator; entry_t *entry; - + this->lock->write_lock(this->lock); enumerator = this->fetchers->create_enumerator(this->fetchers); while (enumerator->enumerate(enumerator, &entry)) @@ -194,15 +194,15 @@ static void destroy(private_fetcher_manager_t *this) fetcher_manager_t *fetcher_manager_create() { private_fetcher_manager_t *this = malloc_thing(private_fetcher_manager_t); - + this->public.fetch = (status_t(*)(fetcher_manager_t*, char *url, chunk_t *response, ...))fetch; this->public.add_fetcher = (void(*)(fetcher_manager_t*, fetcher_constructor_t,char*))add_fetcher; this->public.remove_fetcher = (void(*)(fetcher_manager_t*, fetcher_constructor_t))remove_fetcher; this->public.destroy = (void(*)(fetcher_manager_t*))destroy; - + this->fetchers = linked_list_create(); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); - + return &this->public; } diff --git a/src/libstrongswan/fetcher/fetcher_manager.h b/src/libstrongswan/fetcher/fetcher_manager.h index 183964d6c..a7ac6611e 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.h +++ b/src/libstrongswan/fetcher/fetcher_manager.h @@ -51,19 +51,19 @@ struct fetcher_manager_t { */ void (*add_fetcher)(fetcher_manager_t *this, fetcher_constructor_t constructor, char *url); - + /** * Unregister a previously registered fetcher implementation. * * @param constructor fetcher constructor function to unregister */ - void (*remove_fetcher)(fetcher_manager_t *this, + void (*remove_fetcher)(fetcher_manager_t *this, fetcher_constructor_t constructor); - + /** - * Destroy a fetcher_manager instance. - */ - void (*destroy)(fetcher_manager_t *this); + * Destroy a fetcher_manager instance. + */ + void (*destroy)(fetcher_manager_t *this); }; /** diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c index 32a296d79..51da4e725 100644 --- a/src/libstrongswan/integrity_checker.c +++ b/src/libstrongswan/integrity_checker.c @@ -35,22 +35,22 @@ typedef struct private_integrity_checker_t private_integrity_checker_t; * Private data of an integrity_checker_t object. */ struct private_integrity_checker_t { - + /** * Public integrity_checker_t interface. */ integrity_checker_t public; - + /** * dlopen handle to checksum library */ void *handle; - + /** * checksum array */ integrity_checksum_t *checksums; - + /** * number of checksums in array */ @@ -68,21 +68,21 @@ static u_int32_t build_file(private_integrity_checker_t *this, char *file, struct stat sb; void *addr; int fd; - + fd = open(file, O_RDONLY); if (fd == -1) { DBG1(" opening '%s' failed: %s", file, strerror(errno)); return 0; } - + if (fstat(fd, &sb) == -1) { DBG1(" getting file size of '%s' failed: %s", file, strerror(errno)); close(fd); return 0; } - + addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); if (addr == MAP_FAILED) { @@ -91,13 +91,13 @@ static u_int32_t build_file(private_integrity_checker_t *this, char *file, return 0; } - *len = sb.st_size; + *len = sb.st_size; contents = chunk_create(addr, sb.st_size); checksum = chunk_hash(contents); - + munmap(addr, sb.st_size); close(fd); - + return checksum; } @@ -116,11 +116,11 @@ static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli) dlpi->dlpi_name && *dlpi->dlpi_name) { int i; - + for (i = 0; i < dlpi->dlpi_phnum; i++) { const ElfW(Phdr) *sgmt = &dlpi->dlpi_phdr[i]; - + /* we are interested in the executable LOAD segment */ if (sgmt->p_type == PT_LOAD && (sgmt->p_flags & PF_X)) { @@ -143,7 +143,7 @@ static u_int32_t build_segment(private_integrity_checker_t *this, void *sym, { chunk_t segment; Dl_info dli; - + if (dladdr(sym, &dli) == 0) { DBG1(" unable to locate symbol: %s", dlerror()); @@ -155,7 +155,7 @@ static u_int32_t build_segment(private_integrity_checker_t *this, void *sym, DBG1(" executable section not found"); return 0; } - + segment = chunk_create(dli.dli_fbase, dli.dli_saddr - dli.dli_fbase); *len = segment.len; return chunk_hash(segment); @@ -168,7 +168,7 @@ static integrity_checksum_t *find_checksum(private_integrity_checker_t *this, char *name) { int i; - + for (i = 0; i < this->checksum_count; i++) { if (streq(this->checksums[i].name, name)) @@ -188,7 +188,7 @@ static bool check_file(private_integrity_checker_t *this, integrity_checksum_t *cs; u_int32_t sum; size_t len = 0; - + cs = find_checksum(this, name); if (!cs) { @@ -225,7 +225,7 @@ static bool check_segment(private_integrity_checker_t *this, integrity_checksum_t *cs; u_int32_t sum; size_t len = 0; - + cs = find_checksum(this, name); if (!cs) { @@ -259,7 +259,7 @@ static bool check_segment(private_integrity_checker_t *this, static bool check(private_integrity_checker_t *this, char *name, void *sym) { Dl_info dli; - + if (dladdr(sym, &dli) == 0) { DBG1("unable to locate symbol: %s", dlerror()); @@ -294,14 +294,14 @@ static void destroy(private_integrity_checker_t *this) integrity_checker_t *integrity_checker_create(char *checksum_library) { private_integrity_checker_t *this = malloc_thing(private_integrity_checker_t); - + this->public.check_file = (bool(*)(integrity_checker_t*, char *name, char *file))check_file; this->public.build_file = (u_int32_t(*)(integrity_checker_t*, char *file, size_t *len))build_file; this->public.check_segment = (bool(*)(integrity_checker_t*, char *name, void *sym))check_segment; this->public.build_segment = (u_int32_t(*)(integrity_checker_t*, void *sym, size_t *len))build_segment; this->public.check = (bool(*)(integrity_checker_t*, char *name, void *sym))check; this->public.destroy = (void(*)(integrity_checker_t*))destroy; - + this->checksum_count = 0; this->handle = NULL; if (checksum_library) @@ -310,7 +310,7 @@ integrity_checker_t *integrity_checker_create(char *checksum_library) if (this->handle) { int *checksum_count; - + this->checksums = dlsym(this->handle, "checksums"); checksum_count = dlsym(this->handle, "checksum_count"); if (this->checksums && checksum_count) diff --git a/src/libstrongswan/integrity_checker.h b/src/libstrongswan/integrity_checker.h index d078dd6fb..7349353f3 100644 --- a/src/libstrongswan/integrity_checker.h +++ b/src/libstrongswan/integrity_checker.h @@ -34,11 +34,11 @@ struct integrity_checksum_t { /* name of the checksum */ char *name; /* size in bytes of the file on disk */ - size_t file_len; + size_t file_len; /* checksum of the file on disk */ u_int32_t file; /* size in bytes of executable segment in memory */ - size_t segment_len; + size_t segment_len; /* checksum of the executable segment in memory */ u_int32_t segment; }; @@ -59,7 +59,7 @@ struct integrity_checker_t { * @return TRUE if integrity tested successfully */ bool (*check_file)(integrity_checker_t *this, char *name, char *file); - + /** * Build the integrity checksum of a file on disk. * @@ -68,7 +68,7 @@ struct integrity_checker_t { * @return checksum, 0 on error */ u_int32_t (*build_file)(integrity_checker_t *this, char *file, size_t *len); - + /** * Check the integrity of the code segment in memory. * @@ -85,7 +85,7 @@ struct integrity_checker_t { * @return checksum, 0 on error */ u_int32_t (*build_segment)(integrity_checker_t *this, void *sym, size_t *len); - + /** * Check both, on disk file integrity and loaded segment. * @@ -94,7 +94,7 @@ struct integrity_checker_t { * @return TRUE if integrity tested successfully */ bool (*check)(integrity_checker_t *this, char *name, void *sym); - + /** * Destroy a integrity_checker_t. */ @@ -108,4 +108,4 @@ struct integrity_checker_t { */ integrity_checker_t *integrity_checker_create(char *checksum_library); -#endif /* INTEGRITY_CHECKER_H_ @}*/ +#endif /** INTEGRITY_CHECKER_H_ @}*/ diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 832c8b607..4e8bb87d0 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #ifdef LEAK_DETECTIVE @@ -64,21 +65,26 @@ void library_deinit() this->public.plugins->destroy(this->public.plugins); this->public.settings->destroy(this->public.settings); this->public.creds->destroy(this->public.creds); + this->public.encoding->destroy(this->public.encoding); this->public.crypto->destroy(this->public.crypto); this->public.fetcher->destroy(this->public.fetcher); + this->public.attributes->destroy(this->public.attributes); this->public.db->destroy(this->public.db); this->public.printf_hook->destroy(this->public.printf_hook); if (this->public.integrity) { this->public.integrity->destroy(this->public.integrity); } - + #ifdef LEAK_DETECTIVE if (this->detective) { this->detective->destroy(this->detective); } #endif /* LEAK_DETECTIVE */ + + threads_deinit(); + free(this); lib = NULL; } @@ -91,16 +97,18 @@ bool library_init(char *settings) printf_hook_t *pfh; private_library_t *this = malloc_thing(private_library_t); lib = &this->public; - + + threads_init(); + lib->leak_detective = FALSE; - + #ifdef LEAK_DETECTIVE this->detective = leak_detective_create(); #endif /* LEAK_DETECTIVE */ pfh = printf_hook_create(); this->public.printf_hook = pfh; - + pfh->add_handler(pfh, 'b', mem_printf_hook, PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_INT, PRINTF_HOOK_ARGTYPE_END); @@ -119,15 +127,17 @@ bool library_init(char *settings) PRINTF_HOOK_ARGTYPE_END); pfh->add_handler(pfh, 'Y', identification_printf_hook, PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END); - + this->public.settings = settings_create(settings); this->public.crypto = crypto_factory_create(); this->public.creds = credential_factory_create(); + this->public.encoding = key_encoding_create(); this->public.fetcher = fetcher_manager_create(); + this->public.attributes = attribute_manager_create(); this->public.db = database_factory_create(); this->public.plugins = plugin_loader_create(); this->public.integrity = NULL; - + if (lib->settings->get_bool(lib->settings, "libstrongswan.integrity_test", FALSE)) { diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index df4121803..78a6fe0a9 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -19,9 +19,6 @@ * @defgroup asn1 asn1 * @ingroup libstrongswan * - * @defgroup pgp pgp - * @ingroup libstrongswan - * * @defgroup credentials credentials * @ingroup libstrongswan * @@ -43,6 +40,9 @@ * @defgroup plugins plugins * @ingroup libstrongswan * + * @defgroup threading threading + * @ingroup libstrongswan + * * @defgroup utils utils * @ingroup libstrongswan */ @@ -63,8 +63,10 @@ #include #include #include +#include #include #include +#include typedef struct library_t library_t; @@ -77,42 +79,52 @@ struct library_t { * Printf hook registering facility */ printf_hook_t *printf_hook; - + /** * crypto algorithm registry and factory */ crypto_factory_t *crypto; - + /** * credential constructor registry and factory */ credential_factory_t *creds; - + + /** + * key encoding registry and factory + */ + key_encoding_t *encoding; + /** * URL fetching facility */ fetcher_manager_t *fetcher; - + + /** + * manager for payload attributes + */ + attribute_manager_t *attributes; + /** * database construction factory */ database_factory_t *db; - + /** * plugin loading facility */ plugin_loader_t *plugins; - + /** * various settings loaded from settings file */ settings_t *settings; - + /** * integrity checker to verify code integrity */ integrity_checker_t *integrity; - + /** * is leak detective running? */ diff --git a/src/libstrongswan/pgp/pgp.c b/src/libstrongswan/pgp/pgp.c deleted file mode 100644 index 613c318c1..000000000 --- a/src/libstrongswan/pgp/pgp.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (C) 2002-2009 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "pgp.h" - -ENUM_BEGIN(pgp_packet_tag_names, PGP_PKT_RESERVED, PGP_PKT_PUBLIC_SUBKEY, - "Reserved", - "Public-Key Encrypted Session Key Packet", - "Signature Packet", - "Symmetric-Key Encrypted Session Key Packet", - "One-Pass Signature Packet", - "Secret Key Packet", - "Public Key Packet", - "Secret Subkey Packet", - "Compressed Data Packet", - "Symmetrically Encrypted Data Packet", - "Marker Packet", - "Literal Data Packet", - "Trust Packet", - "User ID Packet", - "Public Subkey Packet" -); -ENUM_NEXT(pgp_packet_tag_names, PGP_PKT_USER_ATTRIBUTE, PGP_PKT_MOD_DETECT_CODE, PGP_PKT_PUBLIC_SUBKEY, - "User Attribute Packet", - "Sym. Encrypted and Integrity Protected Data Packet", - "Modification Detection Code Packet" -); -ENUM_END(pgp_packet_tag_names, PGP_PKT_MOD_DETECT_CODE); - - -ENUM_BEGIN(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_RSA, PGP_PUBKEY_ALG_RSA_SIGN_ONLY, - "RSA", - "RSA_ENC_ONLY", - "RSA_SIGN_ONLY" -); -ENUM_NEXT(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_ELGAMAL_ENC_ONLY, PGP_PUBKEY_ALG_DIFFIE_HELLMAN, PGP_PUBKEY_ALG_RSA_SIGN_ONLY, - "ELGAMAL_ENC_ONLY", - "DSA", - "ECC", - "ECDSA", - "ELGAMAL", - "DIFFIE_HELLMAN" -); -ENUM_END(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_DIFFIE_HELLMAN); - - -ENUM(pgp_sym_alg_names, PGP_SYM_ALG_PLAIN, PGP_SYM_ALG_TWOFISH, - "PLAINTEXT", - "IDEA", - "3DES", - "CAST5", - "BLOWFISH", - "SAFER", - "DES", - "AES_128", - "AES_192", - "AES_256", - "TWOFISH" -); - -/* - * Defined in header. - */ -size_t pgp_length(chunk_t *blob, size_t len) -{ - size_t size = 0; - - if (len > blob->len) - { - return PGP_INVALID_LENGTH; - } - blob->len -= len; - - while (len-- > 0) - { - size = 256*size + *blob->ptr++; - } - return size; -} - diff --git a/src/libstrongswan/pgp/pgp.h b/src/libstrongswan/pgp/pgp.h deleted file mode 100644 index 677c5b1cc..000000000 --- a/src/libstrongswan/pgp/pgp.h +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright (C) 2002-2009 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup pgpi pgp - * @{ @ingroup pgp - */ - -#ifndef PGP_H_ -#define PGP_H_ - -typedef enum pgp_packet_tag_t pgp_packet_tag_t; -typedef enum pgp_pubkey_alg_t pgp_pubkey_alg_t; -typedef enum pgp_sym_alg_t pgp_sym_alg_t; - -#include -#include - -/** - * OpenPGP packet tags as defined in section 4.3 of RFC 4880 - */ -enum pgp_packet_tag_t { - PGP_PKT_RESERVED = 0, - PGP_PKT_PUBKEY_ENC_SESSION_KEY = 1, - PGP_PKT_SIGNATURE = 2, - PGP_PKT_SYMKEY_ENC_SESSION_KEY = 3, - PGP_PKT_ONE_PASS_SIGNATURE_PKT = 4, - PGP_PKT_SECRET_KEY = 5, - PGP_PKT_PUBLIC_KEY = 6, - PGP_PKT_SECRET_SUBKEY = 7, - PGP_PKT_COMPRESSED_DATA = 8, - PGP_PKT_SYMKEY_ENC_DATA = 9, - PGP_PKT_MARKER = 10, - PGP_PKT_LITERAL_DATA = 11, - PGP_PKT_TRUST = 12, - PGP_PKT_USER_ID = 13, - PGP_PKT_PUBLIC_SUBKEY = 14, - PGP_PKT_USER_ATTRIBUTE = 17, - PGP_PKT_SYM_ENC_INT_PROT_DATA = 18, - PGP_PKT_MOD_DETECT_CODE = 19 -}; - -/** - * Enum names for pgp_packet_tag_t - */ -extern enum_name_t *pgp_packet_tag_names; - -/** - * OpenPGP public key algorithms as defined in section 9.1 of RFC 4880 - */ -enum pgp_pubkey_alg_t { - PGP_PUBKEY_ALG_RSA = 1, - PGP_PUBKEY_ALG_RSA_ENC_ONLY = 2, - PGP_PUBKEY_ALG_RSA_SIGN_ONLY = 3, - PGP_PUBKEY_ALG_ELGAMAL_ENC_ONLY = 16, - PGP_PUBKEY_ALG_DSA = 17, - PGP_PUBKEY_ALG_ECC = 18, - PGP_PUBKEY_ALG_ECDSA = 19, - PGP_PUBKEY_ALG_ELGAMAL = 20, - PGP_PUBKEY_ALG_DIFFIE_HELLMAN = 21, -}; - -/** - * Enum names for pgp_pubkey_alg_t - */ -extern enum_name_t *pgp_pubkey_alg_names; - -/** - * OpenPGP symmetric key algorithms as defined in section 9.2 of RFC 4880 - */ -enum pgp_sym_alg_t { - PGP_SYM_ALG_PLAIN = 0, - PGP_SYM_ALG_IDEA = 1, - PGP_SYM_ALG_3DES = 2, - PGP_SYM_ALG_CAST5 = 3, - PGP_SYM_ALG_BLOWFISH = 4, - PGP_SYM_ALG_SAFER = 5, - PGP_SYM_ALG_DES = 6, - PGP_SYM_ALG_AES_128 = 7, - PGP_SYM_ALG_AES_192 = 8, - PGP_SYM_ALG_AES_256 = 9, - PGP_SYM_ALG_TWOFISH = 10 -}; - -/** - * Enum names for pgp_sym_alg_t - */ -extern enum_name_t *pgp_sym_alg_names; - -#define PGP_INVALID_LENGTH 0xffffffff - -/** - * Returns the length of an OpenPGP (RFC 4880) packet - * The blob pointer is advanced past the length field - * - * @param blob pointer to an OpenPGP blob - * @param len size of the length field - * @return length of the next OpenPGP packet - */ -size_t pgp_length(chunk_t *blob, size_t len); - -#endif /** PGP_H_ @}*/ diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 4414b2ede..03ef465e0 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/aes DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_aes_la_LIBADD = am_libstrongswan_aes_la_OBJECTS = aes_plugin.lo aes_crypter.lo @@ -58,6 +82,7 @@ libstrongswan_aes_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -240,9 +269,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,23 +289,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -301,21 +335,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +372,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +380,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +428,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +469,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -447,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -455,18 +501,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -505,6 +561,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c index c5b091750..10d48cf67 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.c +++ b/src/libstrongswan/plugins/aes/aes_crypter.c @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include "aes_crypter.h" /* @@ -36,26 +36,26 @@ typedef struct private_aes_crypter_t private_aes_crypter_t; /** * Class implementing the AES symmetric encryption algorithm. - * + * * @ingroup crypters */ struct private_aes_crypter_t { - + /** * Public part of this class. */ aes_crypter_t public; - + /** * Number of words in the key input block. */ u_int32_t aes_Nkey; - + /** * The number of cipher rounds. */ u_int32_t aes_Nrnd; - + /** * The encryption key schedule. */ @@ -65,7 +65,7 @@ struct private_aes_crypter_t { * The decryption key schedule. */ u_int32_t aes_d_key[AES_KS_LENGTH]; - + /** * Key size of this AES cypher object. */ @@ -84,13 +84,13 @@ struct private_aes_crypter_t { * is not defined, individually declared 32-bit words are used. * 6. Define FAST_VARIABLE if a high speed variable block implementation * is needed (essentially three separate fixed block size code sequences) - * 7. Define either ONE_TABLE or FOUR_TABLES for a fast table driven + * 7. Define either ONE_TABLE or FOUR_TABLES for a fast table driven * version using 1 table (2 kbytes of table space) or 4 tables (8 * kbytes of table space) for higher speed. - * 8. Define either ONE_LR_TABLE or FOUR_LR_TABLES for a further speed + * 8. Define either ONE_LR_TABLE or FOUR_LR_TABLES for a further speed * increase by using tables for the last rounds but with more table * space (2 or 8 kbytes extra). - * 9. If neither ONE_TABLE nor FOUR_TABLES is defined, a compact but + * 9. If neither ONE_TABLE nor FOUR_TABLES is defined, a compact but * slower version is provided. * 10. If fast decryption key scheduling is needed define ONE_IM_TABLE * or FOUR_IM_TABLES for higher speed (2 or 8 kbytes extra). @@ -131,17 +131,17 @@ struct private_aes_crypter_t { #if defined(AES_BLOCK_SIZE) && AES_BLOCK_SIZE != 16 && AES_BLOCK_SIZE != 24 && AES_BLOCK_SIZE != 32 #error an illegal block size has been specified -#endif +#endif /** - * Rotates bytes within words by n positions, moving bytes + * Rotates bytes within words by n positions, moving bytes * to higher index positions with wrap around into low positions. - */ + */ #define upr(x,n) (((x) << 8 * (n)) | ((x) >> (32 - 8 * (n)))) /** - * Moves bytes by n positions to higher index positions in + * Moves bytes by n positions to higher index positions in * words but without wrap around. - */ + */ #define ups(x,n) ((x) << 8 * (n)) /** @@ -154,7 +154,7 @@ struct private_aes_crypter_t { /* little endian processor without data alignment restrictions: AES_LE_OK */ /* original code: i386 */ -#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386) +#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386) #define AES_LE_OK 1 /* added (tested): alpha --jjo */ #elif defined(__alpha__)|| defined (__alpha) @@ -220,9 +220,9 @@ struct private_aes_crypter_t { // give improved performance if a fast 32-bit multiply is not available. Note // that a temporary variable u needs to be defined where FFmulX is used. -// #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) +// #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) // #define m4 0x1b1b1b1b -// #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) +// #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) // perform column mix operation on four bytes in parallel @@ -343,7 +343,7 @@ static const u_int32_t rcon_tab[29] = #define w2(p) 0x00##p##0000 #define w3(p) 0x##p##000000 -#if defined(FIXED_TABLES) && (defined(ONE_TABLE) || defined(FOUR_TABLES)) +#if defined(FIXED_TABLES) && (defined(ONE_TABLE) || defined(FOUR_TABLES)) // data for forward tables (other than last round) @@ -526,7 +526,7 @@ static const u_int32_t it_tab[4][256] = #endif -#if defined(FIXED_TABLES) && (defined(ONE_LR_TABLE) || defined(FOUR_LR_TABLES)) +#if defined(FIXED_TABLES) && (defined(ONE_LR_TABLE) || defined(FOUR_LR_TABLES)) // data for inverse tables (last round) @@ -608,7 +608,7 @@ static const u_int32_t il_tab[4][256] = #endif -#if defined(FIXED_TABLES) && (defined(ONE_IM_TABLE) || defined(FOUR_IM_TABLES)) +#if defined(FIXED_TABLES) && (defined(ONE_IM_TABLE) || defined(FOUR_IM_TABLES)) #define m_table \ r(00,00,00,00), r(0b,0d,09,0e), r(16,1a,12,1c), r(1d,17,1b,12),\ @@ -733,8 +733,8 @@ static u_int32_t im_tab[4][256]; #if !defined(FF_TABLES) -// It will generally be sensible to use tables to compute finite -// field multiplies and inverses but where memory is scarse this +// It will generally be sensible to use tables to compute finite +// field multiplies and inverses but where memory is scarse this // code might sometimes be better. // return 2 ^ (n - 1) where n is the bit number of the highest bit @@ -743,7 +743,7 @@ static u_int32_t im_tab[4][256]; static unsigned char hibit(const u_int32_t x) { unsigned char r = (unsigned char)((x >> 1) | (x >> 2)); - + r |= (r >> 2); r |= (r >> 4); return (r + 1) >> 1; @@ -761,14 +761,14 @@ static unsigned char FFinv(const unsigned char x) if(!n1) return v1; while(n2 >= n1) - { + { n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2); } - + if(!n2) return v2; while(n1 >= n2) - { + { n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1); } } @@ -815,9 +815,9 @@ static void gen_tabs(void) // 0x011b as modular polynomial - the simplest primitive // root is 0x03, used here to generate the tables - i = 0; w = 1; + i = 0; w = 1; do - { + { pow[i] = (unsigned char)w; pow[i + 255] = (unsigned char)w; log[w] = (unsigned char)i++; @@ -987,8 +987,8 @@ switch(nc) \ // is being computed, return the input state variables which are // needed for each row (r) of the state -// For the fixed block size options, compilers reduce these two -// expressions to fixed variable references. For variable block +// For the fixed block size options, compilers reduce these two +// expressions to fixed variable references. For variable block // size code conditional clauses will sometimes be returned #define unused 77 // Sunset Strip @@ -1226,17 +1226,17 @@ static void encrypt_block(const private_aes_crypter_t *this, const unsigned char switch(this->aes_Nrnd) { - case 14: round(fwd_rnd, b1, b0, kp ); + case 14: round(fwd_rnd, b1, b0, kp ); round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc; - case 12: round(fwd_rnd, b1, b0, kp ); + case 12: round(fwd_rnd, b1, b0, kp ); round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc; - case 10: round(fwd_rnd, b1, b0, kp ); + case 10: round(fwd_rnd, b1, b0, kp ); round(fwd_rnd, b0, b1, kp + nc); - round(fwd_rnd, b1, b0, kp + 2 * nc); + round(fwd_rnd, b1, b0, kp + 2 * nc); round(fwd_rnd, b0, b1, kp + 3 * nc); - round(fwd_rnd, b1, b0, kp + 4 * nc); + round(fwd_rnd, b1, b0, kp + 4 * nc); round(fwd_rnd, b0, b1, kp + 5 * nc); - round(fwd_rnd, b1, b0, kp + 6 * nc); + round(fwd_rnd, b1, b0, kp + 6 * nc); round(fwd_rnd, b0, b1, kp + 7 * nc); round(fwd_rnd, b1, b0, kp + 8 * nc); round(fwd_lrnd, b0, b1, kp + 9 * nc); @@ -1247,7 +1247,7 @@ static void encrypt_block(const private_aes_crypter_t *this, const unsigned char for(rnd = 0; rnd < (this->aes_Nrnd >> 1) - 1; ++rnd) { - round(fwd_rnd, b1, b0, kp); + round(fwd_rnd, b1, b0, kp); round(fwd_rnd, b0, b1, kp + nc); kp += 2 * nc; } @@ -1259,7 +1259,7 @@ static void encrypt_block(const private_aes_crypter_t *this, const unsigned char for(rnd = 0; rnd < this->aes_Nrnd - 1; ++rnd) { - round(fwd_rnd, b1, b0, kp); + round(fwd_rnd, b1, b0, kp); l_copy(b0, b1); kp += nc; } @@ -1278,7 +1278,7 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char const u_int32_t *kp = this->aes_d_key; #if !defined(ONE_TABLE) && !defined(FOUR_TABLES) - u_int32_t f2, f4, f8, f9; + u_int32_t f2, f4, f8, f9; #endif state_in(b0, in_blk, kp); kp += nc; @@ -1291,13 +1291,13 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc; case 12: round(inv_rnd, b1, b0, kp ); round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc; - case 10: round(inv_rnd, b1, b0, kp ); + case 10: round(inv_rnd, b1, b0, kp ); round(inv_rnd, b0, b1, kp + nc); - round(inv_rnd, b1, b0, kp + 2 * nc); + round(inv_rnd, b1, b0, kp + 2 * nc); round(inv_rnd, b0, b1, kp + 3 * nc); - round(inv_rnd, b1, b0, kp + 4 * nc); + round(inv_rnd, b1, b0, kp + 4 * nc); round(inv_rnd, b0, b1, kp + 5 * nc); - round(inv_rnd, b1, b0, kp + 6 * nc); + round(inv_rnd, b1, b0, kp + 6 * nc); round(inv_rnd, b0, b1, kp + 7 * nc); round(inv_rnd, b1, b0, kp + 8 * nc); round(inv_lrnd, b0, b1, kp + 9 * nc); @@ -1308,7 +1308,7 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char for(rnd = 0; rnd < (this->aes_Nrnd >> 1) - 1; ++rnd) { - round(inv_rnd, b1, b0, kp); + round(inv_rnd, b1, b0, kp); round(inv_rnd, b0, b1, kp + nc); kp += 2 * nc; } @@ -1320,7 +1320,7 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char for(rnd = 0; rnd < this->aes_Nrnd - 1; ++rnd) { - round(inv_rnd, b1, b0, kp); + round(inv_rnd, b1, b0, kp); l_copy(b0, b1); kp += nc; } @@ -1340,7 +1340,7 @@ static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv, int pos; const u_int32_t *iv_i; u_int8_t *in, *out; - + if (decrypted) { *decrypted = chunk_alloc(data.len); @@ -1351,7 +1351,7 @@ static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv, out = data.ptr; } in = data.ptr; - + pos = data.len-16; in += pos; out += pos; @@ -1386,7 +1386,7 @@ static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv, int pos; const u_int32_t *iv_i; u_int8_t *in, *out; - + in = data.ptr; out = data.ptr; if (encrypted) @@ -1394,7 +1394,7 @@ static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv, *encrypted = chunk_alloc(data.len); out = encrypted->ptr; } - + pos=0; while(posaes_Nrnd = (this->aes_Nkey > (nc) ? this->aes_Nkey : (nc)) + 6; - + + this->aes_Nrnd = (this->aes_Nkey > (nc) ? this->aes_Nkey : (nc)) + 6; + this->aes_e_key[0] = const_word_in(in_key ); this->aes_e_key[1] = const_word_in(in_key + 4); this->aes_e_key[2] = const_word_in(in_key + 8); this->aes_e_key[3] = const_word_in(in_key + 12); - - kf = this->aes_e_key; - kt = kf + nc * (this->aes_Nrnd + 1) - this->aes_Nkey; + + kf = this->aes_e_key; + kt = kf + nc * (this->aes_Nrnd + 1) - this->aes_Nkey; rci = 0; - + switch(this->aes_Nkey) { case 4: do @@ -1463,7 +1463,7 @@ static void set_key (private_aes_crypter_t *this, chunk_t key) } while(kf < kt); break; - + case 6: this->aes_e_key[4] = const_word_in(in_key + 16); this->aes_e_key[5] = const_word_in(in_key + 20); do @@ -1496,18 +1496,18 @@ static void set_key (private_aes_crypter_t *this, chunk_t key) while (kf < kt); break; } - + if(!f) { u_int32_t i; kt = this->aes_d_key + nc * this->aes_Nrnd; kf = this->aes_e_key; - + cpy(kt, kf); kt -= 2 * nc; - + for(i = 1; i < this->aes_Nrnd; ++i) - { + { #if defined(ONE_TABLE) || defined(FOUR_TABLES) #if !defined(ONE_IM_TABLE) && !defined(FOUR_IM_TABLES) u_int32_t f2, f4, f8, f9; @@ -1536,18 +1536,18 @@ static void destroy (private_aes_crypter_t *this) aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size) { private_aes_crypter_t *this; - + if (algo != ENCR_AES_CBC) { return NULL; } - + this = malloc_thing(private_aes_crypter_t); - + #if !defined(FIXED_TABLES) if(!tab_gen) { gen_tabs(); tab_gen = 1; } #endif - + this->key_size = key_size; switch(key_size) { @@ -1564,13 +1564,13 @@ aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size) free(this); return NULL; } - + this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + return &(this->public); } diff --git a/src/libstrongswan/plugins/aes/aes_crypter.h b/src/libstrongswan/plugins/aes/aes_crypter.h index 19ea6b4b7..061d72fd6 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.h +++ b/src/libstrongswan/plugins/aes/aes_crypter.h @@ -30,7 +30,7 @@ typedef struct aes_crypter_t aes_crypter_t; * Class implementing the AES encryption algorithm. */ struct aes_crypter_t { - + /** * The crypter_t interface. */ @@ -39,7 +39,7 @@ struct aes_crypter_t { /** * Constructor to create aes_crypter_t objects. - * + * * @param key_size key size in bytes * @param algo algorithm to implement * @return aes_crypter_t object, NULL if not supported diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c index 63fa48330..c6215cc7f 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.c +++ b/src/libstrongswan/plugins/aes/aes_plugin.c @@ -47,12 +47,12 @@ static void destroy(private_aes_plugin_t *this) plugin_t *plugin_create() { private_aes_plugin_t *this = malloc_thing(private_aes_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, (crypter_constructor_t)aes_crypter_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index a73edb362..5bf52aa56 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/agent DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_agent_la_LIBADD = am_libstrongswan_agent_la_OBJECTS = agent_plugin.lo \ @@ -59,6 +83,7 @@ libstrongswan_agent_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -243,9 +272,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +292,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -304,21 +338,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -341,7 +375,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -349,29 +383,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -392,13 +431,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -429,6 +472,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -450,6 +494,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -458,18 +504,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -508,6 +564,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c index 84b85d4bd..299b2cc1d 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.c +++ b/src/libstrongswan/plugins/agent/agent_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -37,7 +37,7 @@ struct private_agent_plugin_t { static void destroy(private_agent_plugin_t *this) { lib->creds->remove_builder(lib->creds, - (builder_constructor_t)agent_private_key_builder); + (builder_function_t)agent_private_key_open); free(this); } @@ -47,11 +47,11 @@ static void destroy(private_agent_plugin_t *this) plugin_t *plugin_create() { private_agent_plugin_t *this = malloc_thing(private_agent_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - (builder_constructor_t)agent_private_key_builder); + (builder_function_t)agent_private_key_open); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/agent/agent_plugin.h b/src/libstrongswan/plugins/agent/agent_plugin.h index 33a5dcb53..e49af42d8 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.h +++ b/src/libstrongswan/plugins/agent/agent_plugin.h @@ -16,7 +16,7 @@ /** * @defgroup agent_p agent * @ingroup plugins - * + * * @defgroup agent_plugin agent_plugin * @{ @ingroup agent_p */ diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index ffdc6d778..d0a2da87f 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -26,8 +26,6 @@ #include #include #include -#include -#include #ifndef UNIX_PATH_MAX #define UNIX_PATH_MAX 108 @@ -44,36 +42,26 @@ struct private_agent_private_key_t { * Public interface for this signer. */ agent_private_key_t public; - + /** * ssh-agent unix socket connection */ int socket; - + /** * key identity blob in ssh format */ chunk_t key; - + /** * keysize in bytes */ size_t key_size; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t* keyid; - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t* keyid_info; - /** * reference count */ - refcount_t ref; + refcount_t ref; }; /** @@ -127,7 +115,7 @@ static chunk_t read_string(chunk_t *blob) { int len; chunk_t str; - + len = read_uint32(blob); if (len > blob->len) { @@ -152,11 +140,11 @@ static int open_connection(char *path) DBG1("opening ssh-agent socket %s failed: %s:", path, strerror(errno)); return -1; } - + addr.sun_family = AF_UNIX; addr.sun_path[UNIX_PATH_MAX - 1] = '\0'; strncpy(addr.sun_path, path, UNIX_PATH_MAX - 1); - + if (connect(s, (struct sockaddr*)&addr, SUN_LEN(&addr)) != 0) { DBG1("connecting to ssh-agent socket failed: %s", strerror(errno)); @@ -167,51 +155,14 @@ static int open_connection(char *path) } /** - * check if the ssh agent key blob matches to our public key - */ -static bool matches_pubkey(chunk_t key, public_key_t *pubkey) -{ - chunk_t pubkeydata, hash, n, e; - hasher_t *hasher; - identification_t *id; - bool match; - - if (!pubkey) - { - return TRUE; - } - read_string(&key); - e = read_string(&key); - n = read_string(&key); - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - return FALSE; - } - pubkeydata = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("c", n), - asn1_integer("c", e)); - hasher->allocate_hash(hasher, pubkeydata, &hash); - free(pubkeydata.ptr); - id = pubkey->get_id(pubkey, ID_PUBKEY_SHA1); - if (!id) - { - return FALSE; - } - match = chunk_equals(id->get_encoding(id), hash); - free(hash.ptr); - return match; -} - -/** * Get the first usable key from the agent */ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) { int len, count; char buf[2048]; - chunk_t blob = chunk_from_buf(buf), key, type, tmp; - + chunk_t blob, key, type, n; + len = htonl(1); buf[0] = SSH_AGENT_ID_REQUEST; if (write(this->socket, &len, sizeof(len)) != sizeof(len) || @@ -220,9 +171,10 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) DBG1("writing to ssh-agent failed"); return FALSE; } - + + blob = chunk_create(buf, sizeof(buf)); blob.len = read(this->socket, blob.ptr, blob.len); - + if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || read_uint32(&blob) != blob.len || read_byte(&blob) != SSH_AGENT_ID_RESPONSE) @@ -231,51 +183,59 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) return FALSE; } count = read_uint32(&blob); - + while (blob.len) { key = read_string(&blob); - if (key.len) + if (!key.len) + { + break; + } + this->key = key; + type = read_string(&key); + if (!type.len || !strneq("ssh-rsa", type.ptr, type.len)) + { + break; + } + read_string(&key); + n = read_string(&key); + if (n.len <= 512/8) + { + break;; + } + if (pubkey && !private_key_belongs_to(&this->public.interface, pubkey)) { - tmp = key; - type = read_string(&tmp); - read_string(&tmp); - tmp = read_string(&tmp); - if (type.len && strneq("ssh-rsa", type.ptr, type.len) && - tmp.len >= 512/8 && matches_pubkey(key, pubkey)) - { - this->key = chunk_clone(key); - this->key_size = tmp.len; - if (tmp.ptr[0] == 0) - { - this->key_size--; - } - return TRUE; - } continue; } - break; + this->key_size = n.len; + if (n.ptr[0] == 0) + { + this->key_size--; + } + this->key = chunk_clone(this->key); + return TRUE; } + this->key = chunk_empty; return FALSE; } /** * Implementation of agent_private_key.destroy. */ -static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, +static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { u_int32_t len, flags; char buf[2048]; - chunk_t blob = chunk_from_buf(buf); - + chunk_t blob; + if (scheme != SIGN_RSA_EMSA_PKCS1_SHA1) { DBG1("signature scheme %N not supported by ssh-agent", signature_scheme_names, scheme); return FALSE; } - + len = htonl(1 + sizeof(u_int32_t) * 3 + this->key.len + data.len); buf[0] = SSH_AGENT_SIGN_REQUEST; if (write(this->socket, &len, sizeof(len)) != sizeof(len) || @@ -284,7 +244,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, DBG1("writing to ssh-agent failed"); return FALSE; } - + len = htonl(this->key.len); if (write(this->socket, &len, sizeof(len)) != sizeof(len) || write(this->socket, this->key.ptr, this->key.len) != this->key.len) @@ -292,7 +252,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, DBG1("writing to ssh-agent failed"); return FALSE; } - + len = htonl(data.len); if (write(this->socket, &len, sizeof(len)) != sizeof(len) || write(this->socket, data.ptr, data.len) != data.len) @@ -300,14 +260,15 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, DBG1("writing to ssh-agent failed"); return FALSE; } - + flags = htonl(0); if (write(this->socket, &flags, sizeof(flags)) != sizeof(flags)) { DBG1("writing to ssh-agent failed"); return FALSE; } - + + blob = chunk_create(buf, sizeof(buf)); blob.len = read(this->socket, blob.ptr, blob.len); if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || read_uint32(&blob) != blob.len || @@ -357,113 +318,50 @@ static size_t get_keysize(private_agent_private_key_t *this) return this->key_size; } -/** - * Implementation of agent_private_key.destroy. - */ -static identification_t* get_id(private_agent_private_key_t *this, - id_type_t type) -{ - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } -} - /** * Implementation of agent_private_key.get_public_key. */ static public_key_t* get_public_key(private_agent_private_key_t *this) { - chunk_t key, n, e, encoded; - public_key_t *public; - + chunk_t key, n, e; + key = this->key; read_string(&key); e = read_string(&key); n = read_string(&key); - encoded = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("c", n), - asn1_integer("c", e)); - - public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, encoded, BUILD_END); - free(encoded.ptr); - return public; + + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); } /** - * Implementation of agent_private_key.belongs_to. + * Implementation of private_key_t.get_encoding */ -static bool belongs_to(private_agent_private_key_t *this, public_key_t *public) +static bool get_encoding(private_agent_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - identification_t *keyid; - - if (public->get_type(public) != KEY_RSA) - { - return FALSE; - } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } return FALSE; } /** - * Build the RSA key identifier from n and e using SHA1 hashed publicKey(Info). + * Implementation of private_key_t.get_fingerprint */ -static bool build_ids(private_agent_private_key_t *this) +static bool get_fingerprint(private_agent_private_key_t *this, + key_encoding_type_t type, chunk_t *fp) { - chunk_t publicKeyInfo, publicKey, hash, key, n, e; - hasher_t *hasher; - + chunk_t n, e, key; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) + { + return TRUE; + } key = this->key; read_string(&key); e = read_string(&key); n = read_string(&key); - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - DBG1("SHA1 hash algorithm not supported, unable to use RSA"); - return FALSE; - } - publicKey = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("c", n), - asn1_integer("c", e)); - hasher->allocate_hash(hasher, publicKey, &hash); - this->keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", publicKey)); - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - this->keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - return TRUE; -} -/** - * Implementation of private_key_t.get_encoding. - */ -static chunk_t get_encoding(private_agent_private_key_t *this) -{ - return chunk_empty; + return lib->encoding->encode(lib->encoding, type, this, fp, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); } /** @@ -483,32 +381,58 @@ static void destroy(private_agent_private_key_t *this) if (ref_put(&this->ref)) { close(this->socket); - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); free(this->key.ptr); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } /** - * Internal constructor + * See header. */ -static agent_private_key_t *agent_private_key_create(char *path, - public_key_t *pubkey) +agent_private_key_t *agent_private_key_open(key_type_t type, va_list args) { - private_agent_private_key_t *this = malloc_thing(private_agent_private_key_t); - + private_agent_private_key_t *this; + public_key_t *pubkey = NULL; + char *path = NULL; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_AGENT_SOCKET: + path = va_arg(args, char*); + continue; + case BUILD_PUBLIC_KEY: + pubkey = va_arg(args, public_key_t*); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!path) + { + return FALSE; + } + + this = malloc_thing(private_agent_private_key_t); + this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to; - this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding; + this->public.interface.belongs_to = private_key_belongs_to; + this->public.interface.equals = private_key_equals; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; this->public.interface.destroy = (void (*)(private_key_t *this))destroy; - + this->socket = open_connection(path); if (this->socket < 0) { @@ -516,93 +440,13 @@ static agent_private_key_t *agent_private_key_create(char *path, return NULL; } this->key = chunk_empty; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - if (!read_key(this, pubkey) || !build_ids(this)) - { - destroy(this); - return NULL; - } - return &this->public; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** agent unix socket */ - char *socket; - /** matching public key */ - public_key_t *pubkey; -}; -/** - * Implementation of builder_t.build - */ -static agent_private_key_t *build(private_builder_t *this) -{ - agent_private_key_t *key = NULL; - - if (this->socket) - { - key = agent_private_key_create(this->socket, this->pubkey); - } - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - va_list args; - - switch (part) - { - case BUILD_AGENT_SOCKET: - { - va_start(args, part); - this->socket = va_arg(args, char*); - va_end(args); - return; - } - case BUILD_PUBLIC_KEY: - { - va_start(args, part); - this->pubkey = va_arg(args, public_key_t*); - va_end(args); - return; - } - default: - break; - } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *agent_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) + if (!read_key(this, pubkey)) { + destroy(this); return NULL; } - - this = malloc_thing(private_builder_t); - - this->pubkey = NULL; - this->socket = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/agent/agent_private_key.h b/src/libstrongswan/plugins/agent/agent_private_key.h index 929e88a50..3d9500c1a 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.h +++ b/src/libstrongswan/plugins/agent/agent_private_key.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ #ifndef AGENT_PRIVATE_KEY_H_ #define AGENT_PRIVATE_KEY_H_ +#include #include typedef struct agent_private_key_t agent_private_key_t; @@ -37,12 +38,16 @@ struct agent_private_key_t { }; /** - * Create the builder for a private key. + * Open connection to a private key stored in a SSH agent. * - * @param type type of the key - * @return builder instance + * The function takes BUILD_AGENT_SOCKET and optionally a BUILD_PUBLIC_KEY + * to select a specific key loaded in ssh-agent. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return built key, NULL on failure */ -builder_t *agent_private_key_builder(key_type_t type); +agent_private_key_t *agent_private_key_open(key_type_t type, va_list args); #endif /** AGENT_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/attr_sql/Makefile.am b/src/libstrongswan/plugins/attr_sql/Makefile.am new file mode 100644 index 000000000..5be310abf --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/Makefile.am @@ -0,0 +1,15 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic \ + -DPLUGINS=\""${libstrongswan_plugins}\"" + +plugin_LTLIBRARIES = libstrongswan-attr-sql.la +libstrongswan_attr_sql_la_SOURCES = \ + attr_sql_plugin.h attr_sql_plugin.c \ + sql_attribute.h sql_attribute.c +libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version + +ipsec_PROGRAMS = pool +pool_SOURCES = pool.c +pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la diff --git a/src/libstrongswan/plugins/attr_sql/Makefile.in b/src/libstrongswan/plugins/attr_sql/Makefile.in new file mode 100644 index 000000000..e157a9b78 --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/Makefile.in @@ -0,0 +1,633 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +ipsec_PROGRAMS = pool$(EXEEXT) +subdir = src/libstrongswan/plugins/attr_sql +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_attr_sql_la_LIBADD = +am_libstrongswan_attr_sql_la_OBJECTS = attr_sql_plugin.lo \ + sql_attribute.lo +libstrongswan_attr_sql_la_OBJECTS = \ + $(am_libstrongswan_attr_sql_la_OBJECTS) +libstrongswan_attr_sql_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_attr_sql_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +PROGRAMS = $(ipsec_PROGRAMS) +am_pool_OBJECTS = pool.$(OBJEXT) +pool_OBJECTS = $(am_pool_OBJECTS) +pool_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_attr_sql_la_SOURCES) $(pool_SOURCES) +DIST_SOURCES = $(libstrongswan_attr_sql_la_SOURCES) $(pool_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic \ + -DPLUGINS=\""${libstrongswan_plugins}\"" + +plugin_LTLIBRARIES = libstrongswan-attr-sql.la +libstrongswan_attr_sql_la_SOURCES = \ + attr_sql_plugin.h attr_sql_plugin.c \ + sql_attribute.h sql_attribute.c + +libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version +pool_SOURCES = pool.c +pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/attr_sql/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/attr_sql/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-attr-sql.la: $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_DEPENDENCIES) + $(libstrongswan_attr_sql_la_LINK) -rpath $(plugindir) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS) +install-ipsecPROGRAMS: $(ipsec_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-ipsecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files + +clean-ipsecPROGRAMS: + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +pool$(EXEEXT): $(pool_OBJECTS) $(pool_DEPENDENCIES) + @rm -f pool$(EXEEXT) + $(LINK) $(pool_OBJECTS) $(pool_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attr_sql_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pool.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sql_attribute.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-ipsecPROGRAMS install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-ipsecPROGRAMS clean-libtool clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-ipsecPROGRAMS install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-ipsecPROGRAMS \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c b/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c new file mode 100644 index 000000000..66b309c67 --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c @@ -0,0 +1,88 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include + +#include "attr_sql_plugin.h" +#include "sql_attribute.h" + +typedef struct private_attr_sql_plugin_t private_attr_sql_plugin_t; + +/** + * private data of attr_sql plugin + */ +struct private_attr_sql_plugin_t { + + /** + * implements plugin interface + */ + attr_sql_plugin_t public; + + /** + * database connection instance + */ + database_t *db; + + /** + * configuration attributes + */ + sql_attribute_t *attribute; + +}; + +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_attr_sql_plugin_t *this) +{ + lib->attributes->remove_provider(lib->attributes, &this->attribute->provider); + this->attribute->destroy(this->attribute); + this->db->destroy(this->db); + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + char *uri; + private_attr_sql_plugin_t *this; + + uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL); + if (!uri) + { + DBG1("attr-sql plugin: database URI not set"); + return NULL; + } + + this = malloc_thing(private_attr_sql_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + this->db = lib->db->create(lib->db, uri); + if (!this->db) + { + DBG1("attr-sql plugin failed to connect to database"); + free(this); + return NULL; + } + this->attribute = sql_attribute_create(this->db); + lib->attributes->add_provider(lib->attributes, &this->attribute->provider); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h b/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h new file mode 100644 index 000000000..3a60ea0d2 --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup attr_sql attr_sql + * @ingroup plugins + * + * @defgroup sql_plugin sql_plugin + * @{ @ingroup attr_sql + */ + +#ifndef ATTR_SQL_PLUGIN_H_ +#define ATTR_SQL_PLUGIN_H_ + +#include + +typedef struct attr_sql_plugin_t attr_sql_plugin_t; + +/** + * SQL database attribute configuration plugin + */ +struct attr_sql_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a sql_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** ATTR_SQL_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/attr_sql/pool.c b/src/libstrongswan/plugins/attr_sql/pool.c new file mode 100644 index 000000000..85b30a70f --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/pool.c @@ -0,0 +1,1050 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +/** + * global database handle + */ +database_t *db; + +/** + * --start/--end/--server addresses of various subcommands + */ +host_t *start = NULL, *end = NULL, *server = NULL; + +/** + * instead of a pool handle a DNS or NBNS attribute + */ +static bool is_attribute(char *name) +{ + return strcaseeq(name, "dns") || strcaseeq(name, "nbns") || + strcaseeq(name, "wins"); +} + +/** + * determine configuration attribute type + */ +static configuration_attribute_type_t get_attribute_type(char *name, host_t* addr) +{ + if (strcaseeq(name, "dns")) + { + return (addr->get_family(addr) == AF_INET) ? INTERNAL_IP4_DNS : + INTERNAL_IP6_DNS; + } + else + { + return (addr->get_family(addr) == AF_INET) ? INTERNAL_IP4_NBNS : + INTERNAL_IP6_NBNS; + } +} + +/** + * calculate the size of a pool using start and end address chunk + */ +static u_int get_pool_size(chunk_t start, chunk_t end) +{ + u_int *start_ptr, *end_ptr; + + if (start.len < sizeof(u_int) || end.len < sizeof(u_int)) + { + return 0; + } + start_ptr = (u_int*)(start.ptr + start.len - sizeof(u_int)); + end_ptr = (u_int*)(end.ptr + end.len - sizeof(u_int)); + return ntohl(*end_ptr) - ntohl(*start_ptr) + 1; +} + +/** + * print usage info + */ +static void usage(void) +{ + printf("\ +Usage:\n\ + ipsec pool --status|--add|--del|--resize|--purge [options]\n\ + \n\ + ipsec pool --status\n\ + Show a list of installed pools with statistics.\n\ + \n\ + ipsec pool --add --start --end [--timeout ]\n\ + Add a new pool to the database.\n\ + name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\ + start: Start address of the pool\n\ + end: End address of the pool\n\ + timeout: Lease time in hours, 0 for static leases\n\ + \n\ + ipsec pool --add dns|nbns|wins --server \n\ + Add a new DNS or NBNS server to the database.\n\ + server: IP address of the name server\n\ + \n\ + ipsec pool --del \n\ + Delete a pool from the database.\n\ + name: Name of the pool to delete\n\ + \n\ + ipsec pool --del dns|nbns|wins [--server ]\n\ + Delete a specific or all DNS or NBNS servers from the database.\n\ + server: IP address of the name server to delete\n\ + \n\ + ipsec pool --resize --end \n\ + Grow or shrink an existing pool.\n\ + name: Name of the pool to resize\n\ + end: New end address for the pool\n\ + \n\ + ipsec pool --leases [--filter ] [--utc]\n\ + Show lease information using filters:\n\ + filter: Filter string containing comma separated key=value filters,\n\ + e.g. id=alice@strongswan.org,addr=1.1.1.1\n\ + pool: name of the pool\n\ + id: assigned identity of the lease\n\ + addr: lease IP address\n\ + tstamp: UNIX timestamp when lease was valid, as integer\n\ + status: status of the lease: online|valid|expired\n\ + utc: Show times in UTC instead of local time\n\ + \n\ + ipsec pool --purge \n\ + Delete lease history of a pool:\n\ + name: Name of the pool to purge\n\ + \n"); + exit(0); +} + +/** + * ipsec pool --status - show pool overview + */ +static void status(void) +{ + enumerator_t *ns, *pool, *lease; + host_t *server; + chunk_t value; + bool found = FALSE; + + /* enumerate IPv4 DNS servers */ + ns = db->query(db, "SELECT value FROM attributes WHERE type = ?", + DB_INT, INTERNAL_IP4_DNS, DB_BLOB); + if (ns) + { + while (ns->enumerate(ns, &value)) + { + if (!found) + { + printf("dns servers:"); + found = TRUE; + } + server = host_create_from_chunk(AF_INET, value, 0); + if (server) + { + printf(" %H", server); + server->destroy(server); + } + } + ns->destroy(ns); + } + + /* enumerate IPv6 DNS servers */ + ns = db->query(db, "SELECT value FROM attributes WHERE type = ?", + DB_INT, INTERNAL_IP6_DNS, DB_BLOB); + if (ns) + { + while (ns->enumerate(ns, &value)) + { + if (!found) + { + printf("dns servers:"); + found = TRUE; + } + server = host_create_from_chunk(AF_INET6, value, 0); + if (server) + { + printf(" %H", server); + server->destroy(server); + } + } + ns->destroy(ns); + } + if (found) + { + printf("\n"); + } + else + { + printf("no dns servers found.\n"); + } + found = FALSE; + + /* enumerate IPv4 NBNS servers */ + ns = db->query(db, "SELECT value FROM attributes WHERE type = ?", + DB_INT, INTERNAL_IP4_NBNS, DB_BLOB); + if (ns) + { + while (ns->enumerate(ns, &value)) + { + if (!found) + { + printf("nbns servers:"); + found = TRUE; + } + server = host_create_from_chunk(AF_INET, value, 0); + if (server) + { + printf(" %H", server); + server->destroy(server); + } + } + ns->destroy(ns); + } + + /* enumerate IPv6 NBNS servers */ + ns = db->query(db, "SELECT value FROM attributes WHERE type = ?", + DB_INT, INTERNAL_IP6_NBNS, DB_BLOB); + if (ns) + { + while (ns->enumerate(ns, &value)) + { + if (!found) + { + printf("nbns servers:"); + found = TRUE; + } + server = host_create_from_chunk(AF_INET6, value, 0); + if (server) + { + printf(" %H", server); + server->destroy(server); + } + } + ns->destroy(ns); + } + if (found) + { + printf("\n"); + } + else + { + printf("no nbns servers found.\n"); + } + found = FALSE; + + pool = db->query(db, "SELECT id, name, start, end, timeout FROM pools", + DB_INT, DB_TEXT, DB_BLOB, DB_BLOB, DB_UINT); + if (pool) + { + char *name; + chunk_t start_chunk, end_chunk; + host_t *start, *end; + u_int id, timeout, online = 0, used = 0, size = 0; + + while (pool->enumerate(pool, &id, &name, + &start_chunk, &end_chunk, &timeout)) + { + if (!found) + { + printf("%8s %15s %15s %8s %6s %11s %11s\n", "name", "start", + "end", "timeout", "size", "online", "usage"); + found = TRUE; + } + + start = host_create_from_chunk(AF_UNSPEC, start_chunk, 0); + end = host_create_from_chunk(AF_UNSPEC, end_chunk, 0); + size = get_pool_size(start_chunk, end_chunk); + printf("%8s %15H %15H ", name, start, end); + if (timeout) + { + printf("%7dh ", timeout/3600); + } + else + { + printf("%8s ", "static"); + } + printf("%6d ", size); + /* get number of online hosts */ + lease = db->query(db, "SELECT COUNT(*) FROM addresses " + "WHERE pool = ? AND released = 0", + DB_UINT, id, DB_INT); + if (lease) + { + lease->enumerate(lease, &online); + lease->destroy(lease); + } + printf("%5d (%2d%%) ", online, online*100/size); + /* get number of online or valid lieases */ + lease = db->query(db, "SELECT COUNT(*) FROM addresses " + "WHERE addresses.pool = ? " + "AND ((? AND acquired != 0) " + " OR released = 0 OR released > ?) ", + DB_UINT, id, DB_UINT, !timeout, + DB_UINT, time(NULL) - timeout, DB_UINT); + if (lease) + { + lease->enumerate(lease, &used); + lease->destroy(lease); + } + printf("%5d (%2d%%) ", used, used*100/size); + + printf("\n"); + DESTROY_IF(start); + DESTROY_IF(end); + } + pool->destroy(pool); + } + if (!found) + { + printf("no pools found.\n"); + } + exit(0); +} + +/** + * ipsec pool --add - add a new pool + */ +static void add(char *name, host_t *start, host_t *end, int timeout) +{ + chunk_t start_addr, end_addr, cur_addr; + u_int id, count; + + start_addr = start->get_address(start); + end_addr = end->get_address(end); + cur_addr = chunk_clonea(start_addr); + count = get_pool_size(start_addr, end_addr); + + if (start_addr.len != end_addr.len || + memcmp(start_addr.ptr, end_addr.ptr, start_addr.len) > 0) + { + fprintf(stderr, "invalid start/end pair specified.\n"); + exit(-1); + } + if (db->execute(db, &id, + "INSERT INTO pools (name, start, end, timeout) " + "VALUES (?, ?, ?, ?)", + DB_TEXT, name, DB_BLOB, start_addr, + DB_BLOB, end_addr, DB_INT, timeout*3600) != 1) + { + fprintf(stderr, "creating pool failed.\n"); + exit(-1); + } + printf("allocating %d addresses... ", count); + fflush(stdout); + if (db->get_driver(db) == DB_SQLITE) + { /* run population in a transaction for sqlite */ + db->execute(db, NULL, "BEGIN TRANSACTION"); + } + while (TRUE) + { + db->execute(db, NULL, + "INSERT INTO addresses (pool, address, identity, acquired, released) " + "VALUES (?, ?, ?, ?, ?)", + DB_UINT, id, DB_BLOB, cur_addr, DB_UINT, 0, DB_UINT, 0, DB_UINT, 1); + if (chunk_equals(cur_addr, end_addr)) + { + break; + } + chunk_increment(cur_addr); + } + if (db->get_driver(db) == DB_SQLITE) + { + db->execute(db, NULL, "END TRANSACTION"); + } + printf("done.\n", count); + + exit(0); +} + +/** + * ipsec pool --add dns|nbns|wins - add a DNS or NBNS server entry + */ +static void add_attr(char *name, host_t *server) +{ + configuration_attribute_type_t type; + chunk_t value; + + type = get_attribute_type(name, server); + value = server->get_address(server); + if (db->execute(db, NULL, + "INSERT INTO attributes (type, value) VALUES (?, ?)", + DB_INT, type, DB_BLOB, value) != 1) + { + fprintf(stderr, "adding %s server %H failed.\n", name, server); + exit(-1); + } + printf("added %s server %H\n", name, server); + exit(0); +} + +/** + * ipsec pool --del - delete a pool + */ +static void del(char *name) +{ + enumerator_t *query; + u_int id; + bool found = FALSE; + + query = db->query(db, "SELECT id FROM pools WHERE name = ?", + DB_TEXT, name, DB_UINT); + if (!query) + { + fprintf(stderr, "deleting pool failed.\n"); + exit(-1); + } + while (query->enumerate(query, &id)) + { + found = TRUE; + if (db->execute(db, NULL, + "DELETE FROM leases WHERE address IN (" + " SELECT id FROM addresses WHERE pool = ?)", DB_UINT, id) < 0 || + db->execute(db, NULL, + "DELETE FROM addresses WHERE pool = ?", DB_UINT, id) < 0 || + db->execute(db, NULL, + "DELETE FROM pools WHERE id = ?", DB_UINT, id) < 0) + { + fprintf(stderr, "deleting pool failed.\n"); + query->destroy(query); + exit(-1); + } + } + query->destroy(query); + if (!found) + { + fprintf(stderr, "pool '%s' not found.\n", name); + exit(-1); + } + exit(0); +} + +/** + * ipsec pool --del dns|nbns|wins - delete a DNS or NBNS server entry + */ +static void del_attr(char *name, host_t *server) +{ + configuration_attribute_type_t type; + chunk_t value; + u_int id; + enumerator_t *query; + bool found = FALSE; + + if (server) + { + type = get_attribute_type(name, server); + value = server->get_address(server); + query = db->query(db, + "SELECT id, type, value FROM attributes " + "WHERE type = ? AND value = ?", + DB_INT, type, DB_BLOB, value, + DB_UINT, DB_INT, DB_BLOB); + } + else + { + configuration_attribute_type_t type_ip4, type_ip6; + + if (strcaseeq(name, "dns")) + { + type_ip4 = INTERNAL_IP4_DNS; + type_ip6 = INTERNAL_IP6_DNS; + } + else + { + type_ip4 = INTERNAL_IP4_NBNS; + type_ip6 = INTERNAL_IP6_NBNS; + } + + query = db->query(db, + "SELECT id, type, value FROM attributes " + "WHERE type = ? OR type = ?", + DB_INT, type_ip4, DB_INT, type_ip6, + DB_UINT, DB_INT, DB_BLOB); + } + if (!query) + { + fprintf(stderr, "deleting %s servers failed.\n", name); + exit(-1); + } + + while (query->enumerate(query, &id, &type, &value)) + { + int family; + host_t *host; + + found = TRUE; + family = (type == INTERNAL_IP4_DNS || type == INTERNAL_IP4_NBNS) ? + AF_INET : AF_INET6; + host = host_create_from_chunk(family, value, 0); + if (db->execute(db, NULL, + "DELETE FROM attributes WHERE id = ?", + DB_UINT, id) != 1) + { + fprintf(stderr, "deleting %s server %H failed\n", name, host); + query->destroy(query); + DESTROY_IF(host); + exit(-1); + } + printf("deleted %s server %H\n", name, host); + DESTROY_IF(host); + } + query->destroy(query); + + if (!found) + { + printf("no matching %s servers found\n", name); + exit(-1); + } + exit(0); +} + +/** + * ipsec pool --resize - resize a pool if (db->execute(db, NULL, + "DELETE FROM attributes WHERE type = ? AND value = ?", + DB_INT, type, DB_BLOB, value) != 1) + { + fprintf(stderr, "deleting %s server %H failed\n", name, server); + exit(-1); + } + printf("deleted %s server %H\n", name, server); + if (db->execute(db, NULL, + "DELETE FROM attributes WHERE type = ? AND value = ?", + DB_INT, type, DB_BLOB, value) != 1) + { + fprintf(stderr, "deleting %s server %H failed\n", name, server); + exit(-1); + } + printf("deleted %s server %H\n", name, server); + + */ +static void resize(char *name, host_t *end) +{ + enumerator_t *query; + chunk_t old_addr, new_addr, cur_addr; + u_int id, count; + + new_addr = end->get_address(end); + + query = db->query(db, "SELECT id, end FROM pools WHERE name = ?", + DB_TEXT, name, DB_UINT, DB_BLOB); + if (!query || !query->enumerate(query, &id, &old_addr)) + { + DESTROY_IF(query); + fprintf(stderr, "resizing pool failed.\n"); + exit(-1); + } + if (old_addr.len != new_addr.len || + memcmp(new_addr.ptr, old_addr.ptr, old_addr.len) < 0) + { + fprintf(stderr, "shrinking of pools not supported.\n"); + query->destroy(query); + exit(-1); + } + cur_addr = chunk_clonea(old_addr); + count = get_pool_size(old_addr, new_addr) - 1; + query->destroy(query); + + if (db->execute(db, NULL, + "UPDATE pools SET end = ? WHERE name = ?", + DB_BLOB, new_addr, DB_TEXT, name) <= 0) + { + fprintf(stderr, "pool '%s' not found.\n", name); + exit(-1); + } + + printf("allocating %d new addresses... ", count); + fflush(stdout); + if (db->get_driver(db) == DB_SQLITE) + { /* run population in a transaction for sqlite */ + db->execute(db, NULL, "BEGIN TRANSACTION"); + } + while (count-- > 0) + { + chunk_increment(cur_addr); + db->execute(db, NULL, + "INSERT INTO addresses (pool, address, identity, acquired, released) " + "VALUES (?, ?, ?, ?, ?)", + DB_UINT, id, DB_BLOB, cur_addr, DB_UINT, 0, DB_UINT, 0, DB_UINT, 1); + } + if (db->get_driver(db) == DB_SQLITE) + { + db->execute(db, NULL, "END TRANSACTION"); + } + printf("done.\n", count); + + exit(0); +} + +/** + * create the lease query using the filter string + */ +static enumerator_t *create_lease_query(char *filter) +{ + enumerator_t *query; + identification_t *id = NULL; + host_t *addr = NULL; + u_int tstamp = 0; + bool online = FALSE, valid = FALSE, expired = FALSE; + char *value, *pos, *pool = NULL; + enum { + FIL_POOL = 0, + FIL_ID, + FIL_ADDR, + FIL_TSTAMP, + FIL_STATE, + }; + char *const token[] = { + [FIL_POOL] = "pool", + [FIL_ID] = "id", + [FIL_ADDR] = "addr", + [FIL_TSTAMP] = "tstamp", + [FIL_STATE] = "status", + NULL + }; + + /* if the filter string contains a distinguished name as a ID, we replace + * ", " by "/ " in order to not confuse the getsubopt parser */ + pos = filter; + while ((pos = strchr(pos, ','))) + { + if (pos[1] == ' ') + { + pos[0] = '/'; + } + pos++; + } + + while (filter && *filter != '\0') + { + switch (getsubopt(&filter, token, &value)) + { + case FIL_POOL: + if (value) + { + pool = value; + } + break; + case FIL_ID: + if (value) + { + id = identification_create_from_string(value); + } + break; + case FIL_ADDR: + if (value) + { + addr = host_create_from_string(value, 0); + } + if (!addr) + { + fprintf(stderr, "invalid 'addr' in filter string.\n"); + exit(-1); + } + break; + case FIL_TSTAMP: + if (value) + { + tstamp = atoi(value); + } + if (tstamp == 0) + { + online = TRUE; + } + break; + case FIL_STATE: + if (value) + { + if (streq(value, "online")) + { + online = TRUE; + } + else if (streq(value, "valid")) + { + valid = TRUE; + } + else if (streq(value, "expired")) + { + expired = TRUE; + } + else + { + fprintf(stderr, "invalid 'state' in filter string.\n"); + exit(-1); + } + } + break; + default: + fprintf(stderr, "invalid filter string.\n"); + exit(-1); + break; + } + } + query = db->query(db, + "SELECT name, addresses.address, identities.type, " + "identities.data, leases.acquired, leases.released, timeout " + "FROM leases JOIN addresses ON leases.address = addresses.id " + "JOIN pools ON addresses.pool = pools.id " + "JOIN identities ON leases.identity = identities.id " + "WHERE (? OR name = ?) " + "AND (? OR (identities.type = ? AND identities.data = ?)) " + "AND (? OR addresses.address = ?) " + "AND (? OR (? >= leases.acquired AND (? <= leases.released))) " + "AND (? OR leases.released > ? - timeout) " + "AND (? OR leases.released < ? - timeout) " + "AND ? " + "UNION " + "SELECT name, address, identities.type, identities.data, " + "acquired, released, timeout FROM addresses " + "JOIN pools ON addresses.pool = pools.id " + "JOIN identities ON addresses.identity = identities.id " + "WHERE ? AND released = 0 " + "AND (? OR name = ?) " + "AND (? OR (identities.type = ? AND identities.data = ?)) " + "AND (? OR address = ?)", + DB_INT, pool == NULL, DB_TEXT, pool, + DB_INT, id == NULL, + DB_INT, id ? id->get_type(id) : 0, + DB_BLOB, id ? id->get_encoding(id) : chunk_empty, + DB_INT, addr == NULL, + DB_BLOB, addr ? addr->get_address(addr) : chunk_empty, + DB_INT, tstamp == 0, DB_UINT, tstamp, DB_UINT, tstamp, + DB_INT, !valid, DB_INT, time(NULL), + DB_INT, !expired, DB_INT, time(NULL), + DB_INT, !online, + /* union */ + DB_INT, !(valid || expired), + DB_INT, pool == NULL, DB_TEXT, pool, + DB_INT, id == NULL, + DB_INT, id ? id->get_type(id) : 0, + DB_BLOB, id ? id->get_encoding(id) : chunk_empty, + DB_INT, addr == NULL, + DB_BLOB, addr ? addr->get_address(addr) : chunk_empty, + /* res */ + DB_TEXT, DB_BLOB, DB_INT, DB_BLOB, DB_UINT, DB_UINT, DB_UINT); + /* id and addr leak but we can't destroy them until query is destroyed. */ + return query; +} + +/** + * ipsec pool --leases - show lease information of a pool + */ +static void leases(char *filter, bool utc) +{ + enumerator_t *query; + chunk_t address_chunk, identity_chunk; + int identity_type; + char *name; + u_int acquired, released, timeout; + host_t *address; + identification_t *identity; + bool found = FALSE; + + query = create_lease_query(filter); + if (!query) + { + fprintf(stderr, "querying leases failed.\n"); + exit(-1); + } + while (query->enumerate(query, &name, &address_chunk, &identity_type, + &identity_chunk, &acquired, &released, &timeout)) + { + if (!found) + { + int len = utc ? 25 : 21; + + found = TRUE; + printf("%-8s %-15s %-7s %-*s %-*s %s\n", + "name", "address", "status", len, "start", len, "end", "identity"); + } + address = host_create_from_chunk(AF_UNSPEC, address_chunk, 0); + identity = identification_create_from_encoding(identity_type, identity_chunk); + + printf("%-8s %-15H ", name, address); + if (released == 0) + { + printf("%-7s ", "online"); + } + else if (timeout == 0) + { + printf("%-7s ", "static"); + } + else if (released >= time(NULL) - timeout) + { + printf("%-7s ", "valid"); + } + else + { + printf("%-7s ", "expired"); + } + + printf(" %T ", &acquired, utc); + if (released) + { + printf("%T ", &released, utc); + } + else + { + printf(" "); + if (utc) + { + printf(" "); + } + } + printf("%Y\n", identity); + DESTROY_IF(address); + identity->destroy(identity); + } + query->destroy(query); + if (!found) + { + fprintf(stderr, "no matching leases found.\n"); + exit(-1); + } + exit(0); +} + +/** + * ipsec pool --purge - delete expired leases + */ +static void purge(char *name) +{ + int purged = 0; + + purged = db->execute(db, NULL, + "DELETE FROM leases WHERE address IN (" + " SELECT id FROM addresses WHERE pool IN (" + " SELECT id FROM pools WHERE name = ?))", + DB_TEXT, name); + if (purged < 0) + { + fprintf(stderr, "purging pool '%s' failed.\n", name); + exit(-1); + } + fprintf(stderr, "purged %d leases in pool '%s'.\n", purged, name); + exit(0); +} + +/** + * atexit handler to close db on shutdown + */ +static void cleanup(void) +{ + db->destroy(db); + DESTROY_IF(start); + DESTROY_IF(end); + DESTROY_IF(server); +} + +int main(int argc, char *argv[]) +{ + char *uri, *name = "", *filter = ""; + int timeout = 0; + bool utc = FALSE; + enum { + OP_USAGE, + OP_STATUS, + OP_ADD, + OP_ADD_ATTR, + OP_DEL, + OP_DEL_ATTR, + OP_RESIZE, + OP_LEASES, + OP_PURGE + } operation = OP_USAGE; + + atexit(library_deinit); + + /* initialize library */ + if (!library_init(NULL)) + { + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "pool", argv[0])) + { + fprintf(stderr, "integrity check of pool failed\n"); + exit(SS_RC_DAEMON_INTEGRITY); + } + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "pool.load", PLUGINS))) + { + exit(SS_RC_INITIALIZATION_FAILED); + } + + uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL); + if (!uri) + { + fprintf(stderr, "database URI libstrongswan.plugins.attr-sql.database not set.\n"); + exit(SS_RC_INITIALIZATION_FAILED); + } + db = lib->db->create(lib->db, uri); + if (!db) + { + fprintf(stderr, "opening database failed.\n"); + exit(SS_RC_INITIALIZATION_FAILED); + } + atexit(cleanup); + + while (TRUE) + { + int c; + + struct option long_opts[] = { + { "help", no_argument, NULL, 'h' }, + + { "utc", no_argument, NULL, 'u' }, + { "status", no_argument, NULL, 'w' }, + { "add", required_argument, NULL, 'a' }, + { "del", required_argument, NULL, 'd' }, + { "resize", required_argument, NULL, 'r' }, + { "leases", no_argument, NULL, 'l' }, + { "purge", required_argument, NULL, 'p' }, + + { "start", required_argument, NULL, 's' }, + { "end", required_argument, NULL, 'e' }, + { "timeout", required_argument, NULL, 't' }, + { "filter", required_argument, NULL, 'f' }, + { "server", required_argument, NULL, 'v' }, + { 0,0,0,0 } + }; + + c = getopt_long(argc, argv, "", long_opts, NULL); + switch (c) + { + case EOF: + break; + case 'h': + break; + case 'w': + operation = OP_STATUS; + break; + case 'u': + utc = TRUE; + continue; + case 'a': + name = optarg; + operation = is_attribute(name) ? OP_ADD_ATTR : OP_ADD; + continue; + case 'd': + name = optarg; + operation = is_attribute(name) ? OP_DEL_ATTR : OP_DEL; + continue; + case 'r': + name = optarg; + operation = OP_RESIZE; + continue; + case 'l': + operation = OP_LEASES; + continue; + case 'p': + name = optarg; + operation = OP_PURGE; + continue; + case 's': + start = host_create_from_string(optarg, 0); + if (start == NULL) + { + fprintf(stderr, "invalid start address: '%s'.\n", optarg); + operation = OP_USAGE; + break; + } + continue; + case 'e': + end = host_create_from_string(optarg, 0); + if (end == NULL) + { + fprintf(stderr, "invalid end address: '%s'.\n", optarg); + operation = OP_USAGE; + break; + } + continue; + case 't': + timeout = atoi(optarg); + if (timeout == 0 && strcmp(optarg, "0") != 0) + { + fprintf(stderr, "invalid timeout '%s'.\n", optarg); + operation = OP_USAGE; + break; + } + continue; + case 'f': + filter = optarg; + continue; + case 'v': + server = host_create_from_string(optarg, 0); + if (server == NULL) + { + fprintf(stderr, "invalid server address: '%s'.\n", optarg); + operation = OP_USAGE; + break; + } + continue; + default: + operation = OP_USAGE; + break; + } + break; + } + + switch (operation) + { + case OP_USAGE: + usage(); + break; + case OP_STATUS: + status(); + break; + case OP_ADD: + if (start == NULL || end == NULL) + { + fprintf(stderr, "missing arguments.\n"); + usage(); + } + add(name, start, end, timeout); + break; + case OP_ADD_ATTR: + if (server == NULL) + { + fprintf(stderr, "missing arguments.\n"); + usage(); + } + add_attr(name, server); + break; + case OP_DEL: + del(name); + break; + case OP_DEL_ATTR: + del_attr(name, server); + break; + case OP_RESIZE: + if (end == NULL) + { + fprintf(stderr, "missing arguments.\n"); + usage(); + } + resize(name, end); + break; + case OP_LEASES: + leases(filter, utc); + break; + case OP_PURGE: + purge(name); + break; + } + exit(0); +} + diff --git a/src/libstrongswan/plugins/attr_sql/sql_attribute.c b/src/libstrongswan/plugins/attr_sql/sql_attribute.c new file mode 100644 index 000000000..a89195b6d --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/sql_attribute.c @@ -0,0 +1,384 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include +#include + +#include "sql_attribute.h" + +typedef struct private_sql_attribute_t private_sql_attribute_t; + +/** + * private data of sql_attribute + */ +struct private_sql_attribute_t { + + /** + * public functions + */ + sql_attribute_t public; + + /** + * database connection + */ + database_t *db; + + /** + * wheter to record lease history in lease table + */ + bool history; +}; + +/** + * lookup/insert an identity + */ +static u_int get_identity(private_sql_attribute_t *this, identification_t *id) +{ + enumerator_t *e; + u_int row; + + /* look for peer identity in the identities table */ + e = this->db->query(this->db, + "SELECT id FROM identities WHERE type = ? AND data = ?", + DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id), + DB_UINT); + + if (e && e->enumerate(e, &row)) + { + e->destroy(e); + return row; + } + DESTROY_IF(e); + /* not found, insert new one */ + if (this->db->execute(this->db, &row, + "INSERT INTO identities (type, data) VALUES (?, ?)", + DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id)) == 1) + { + return row; + } + return 0; +} + +/** + * Lookup pool by name + */ +static u_int get_pool(private_sql_attribute_t *this, char *name, u_int *timeout) +{ + enumerator_t *e; + u_int pool; + + e = this->db->query(this->db, "SELECT id, timeout FROM pools WHERE name = ?", + DB_TEXT, name, DB_UINT, DB_UINT); + if (e && e->enumerate(e, &pool, timeout)) + { + e->destroy(e); + return pool; + } + DESTROY_IF(e); + return 0; +} + +/** + * Look up an existing lease + */ +static host_t* check_lease(private_sql_attribute_t *this, char *name, + u_int pool, u_int identity) +{ + while (TRUE) + { + u_int id; + chunk_t address; + enumerator_t *e; + time_t now = time(NULL); + + e = this->db->query(this->db, + "SELECT id, address FROM addresses " + "WHERE pool = ? AND identity = ? AND released != 0 LIMIT 1", + DB_UINT, pool, DB_UINT, identity, DB_UINT, DB_BLOB); + if (!e || !e->enumerate(e, &id, &address)) + { + DESTROY_IF(e); + break; + } + address = chunk_clonea(address); + e->destroy(e); + + if (this->db->execute(this->db, NULL, + "UPDATE addresses SET acquired = ?, released = 0 " + "WHERE id = ? AND identity = ? AND released != 0", + DB_UINT, now, DB_UINT, id, DB_UINT, identity) > 0) + { + host_t *host; + + host = host_create_from_chunk(AF_UNSPEC, address, 0); + if (host) + { + DBG1("acquired existing lease for address %H in pool '%s'", + host, name); + return host; + } + } + } + return NULL; +} + +/** + * We check for unallocated addresses or expired leases. First we select an + * address as a candidate, but double check later on if it is still available + * during the update operation. This allows us to work without locking. + */ +static host_t* get_lease(private_sql_attribute_t *this, char *name, + u_int pool, u_int timeout, u_int identity) +{ + while (TRUE) + { + u_int id; + chunk_t address; + enumerator_t *e; + time_t now = time(NULL); + int hits; + + if (timeout) + { + /* check for an expired lease */ + e = this->db->query(this->db, + "SELECT id, address FROM addresses " + "WHERE pool = ? AND released != 0 AND released < ? LIMIT 1", + DB_UINT, pool, DB_UINT, now - timeout, DB_UINT, DB_BLOB); + } + else + { + /* with static leases, check for an unallocated address */ + e = this->db->query(this->db, + "SELECT id, address FROM addresses " + "WHERE pool = ? AND identity = 0 LIMIT 1", + DB_UINT, pool, DB_UINT, DB_BLOB); + + } + + if (!e || !e->enumerate(e, &id, &address)) + { + DESTROY_IF(e); + break; + } + address = chunk_clonea(address); + e->destroy(e); + + if (timeout) + { + hits = this->db->execute(this->db, NULL, + "UPDATE addresses SET " + "acquired = ?, released = 0, identity = ? " + "WHERE id = ? AND released != 0 AND released < ?", + DB_UINT, now, DB_UINT, identity, + DB_UINT, id, DB_UINT, now - timeout); + } + else + { + hits = this->db->execute(this->db, NULL, + "UPDATE addresses SET " + "acquired = ?, released = 0, identity = ? " + "WHERE id = ? AND identity = 0", + DB_UINT, now, DB_UINT, identity, DB_UINT, id); + } + if (hits > 0) + { + host_t *host; + + host = host_create_from_chunk(AF_UNSPEC, address, 0); + if (host) + { + DBG1("acquired new lease for address %H in pool '%s'", + host, name); + return host; + } + } + } + DBG1("no available address found in pool '%s'", name); + return NULL; +} + +/** + * Implementation of attribute_provider_t.acquire_address + */ +static host_t* acquire_address(private_sql_attribute_t *this, + char *names, identification_t *id, + host_t *requested) +{ + host_t *address = NULL; + u_int identity, pool, timeout; + + identity = get_identity(this, id); + if (identity) + { + /* check for a single pool first (no concatenation and enumeration) */ + if (strchr(names, ',') == NULL) + { + pool = get_pool(this, names, &timeout); + if (pool) + { + /* check for an existing lease */ + address = check_lease(this, names, pool, identity); + if (address == NULL) + { + /* get an unallocated address or expired lease */ + address = get_lease(this, names, pool, timeout, identity); + } + } + } + else + { + enumerator_t *enumerator; + char *name; + + /* in a first step check for an existing lease over all pools */ + enumerator = enumerator_create_token(names, ",", " "); + while (enumerator->enumerate(enumerator, &name)) + { + pool = get_pool(this, name, &timeout); + if (pool) + { + address = check_lease(this, name, pool, identity); + if (address) + { + enumerator->destroy(enumerator); + return address; + } + } + } + enumerator->destroy(enumerator); + + /* in a second step get an unallocated address or expired lease */ + enumerator = enumerator_create_token(names, ",", " "); + while (enumerator->enumerate(enumerator, &name)) + { + pool = get_pool(this, name, &timeout); + if (pool) + { + address = get_lease(this, name, pool, timeout, identity); + if (address) + { + break; + } + } + } + enumerator->destroy(enumerator); + } + } + return address; +} + +/** + * Implementation of attribute_provider_t.release_address + */ +static bool release_address(private_sql_attribute_t *this, + char *name, host_t *address, identification_t *id) +{ + enumerator_t *enumerator; + bool found = FALSE; + time_t now = time(NULL); + + enumerator = enumerator_create_token(name, ",", " "); + while (enumerator->enumerate(enumerator, &name)) + { + u_int pool, timeout; + + pool = get_pool(this, name, &timeout); + if (pool) + { + if (this->history) + { + this->db->execute(this->db, NULL, + "INSERT INTO leases (address, identity, acquired, released)" + " SELECT id, identity, acquired, ? FROM addresses " + " WHERE pool = ? AND address = ?", + DB_UINT, now, DB_UINT, pool, + DB_BLOB, address->get_address(address)); + } + if (this->db->execute(this->db, NULL, + "UPDATE addresses SET released = ? WHERE " + "pool = ? AND address = ?", DB_UINT, time(NULL), + DB_UINT, pool, DB_BLOB, address->get_address(address)) > 0) + { + found = TRUE; + break; + } + } + } + enumerator->destroy(enumerator); + return found; +} + +/** + * Implementation of sql_attribute_t.create_attribute_enumerator + */ +static enumerator_t* create_attribute_enumerator(private_sql_attribute_t *this, + identification_t *id, host_t *vip) +{ + if (vip) + { + enumerator_t *enumerator; + + enumerator = this->db->query(this->db, + "SELECT type, value FROM attributes", DB_INT, DB_BLOB); + if (enumerator) + { + return enumerator; + } + } + return enumerator_create_empty(); +} + +/** + * Implementation of sql_attribute_t.destroy + */ +static void destroy(private_sql_attribute_t *this) +{ + free(this); +} + +/* + * see header file + */ +sql_attribute_t *sql_attribute_create(database_t *db) +{ + private_sql_attribute_t *this = malloc_thing(private_sql_attribute_t); + time_t now = time(NULL); + + this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *, host_t *))acquire_address; + this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address; + this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id, host_t *host))create_attribute_enumerator; + this->public.destroy = (void(*)(sql_attribute_t*))destroy; + + this->db = db; + this->history = lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.attr-sql.lease_history", TRUE); + + /* close any "online" leases in the case we crashed */ + if (this->history) + { + this->db->execute(this->db, NULL, + "INSERT INTO leases (address, identity, acquired, released)" + " SELECT id, identity, acquired, ? FROM addresses " + " WHERE released = 0", DB_UINT, now); + } + this->db->execute(this->db, NULL, + "UPDATE addresses SET released = ? WHERE released = 0", + DB_UINT, now); + return &this->public; +} + diff --git a/src/libstrongswan/plugins/attr_sql/sql_attribute.h b/src/libstrongswan/plugins/attr_sql/sql_attribute.h new file mode 100644 index 000000000..ca87eb27e --- /dev/null +++ b/src/libstrongswan/plugins/attr_sql/sql_attribute.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sql_attribute sql_attribute + * @{ @ingroup attr_sql + */ + +#ifndef SQL_ATTRIBUTE_H_ +#define SQL_ATTRIBUTE_H_ + +#include +#include + +typedef struct sql_attribute_t sql_attribute_t; + +/** + * SQL database based IKEv2 cfg attribute provider. + */ +struct sql_attribute_t { + + /** + * Implements attribute provider interface + */ + attribute_provider_t provider; + + /** + * Destroy a sql_attribute instance. + */ + void (*destroy)(sql_attribute_t *this); +}; + +/** + * Create a sql_attribute instance. + */ +sql_attribute_t *sql_attribute_create(database_t *db); + +#endif /** SQL_ATTRIBUTE_H_ @}*/ diff --git a/src/libstrongswan/plugins/blowfish/Makefile.am b/src/libstrongswan/plugins/blowfish/Makefile.am index 3fbc5893b..de8948445 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.am +++ b/src/libstrongswan/plugins/blowfish/Makefile.am @@ -7,6 +7,6 @@ plugin_LTLIBRARIES = libstrongswan-blowfish.la libstrongswan_blowfish_la_SOURCES = \ blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \ -bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c +bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index e536b5fc6..7b55d69c7 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/blowfish DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_blowfish_la_LIBADD = am_libstrongswan_blowfish_la_OBJECTS = blowfish_plugin.lo \ @@ -61,6 +85,7 @@ libstrongswan_blowfish_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -108,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -138,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -171,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -196,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -204,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -223,6 +251,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -230,7 +259,7 @@ AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-blowfish.la libstrongswan_blowfish_la_SOURCES = \ blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \ -bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c +bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version all: all-am @@ -246,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -266,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -309,21 +343,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -346,7 +380,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -354,29 +388,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -397,13 +436,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -434,6 +477,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -455,6 +499,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -463,18 +509,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -513,6 +569,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/blowfish/bf_enc.c b/src/libstrongswan/plugins/blowfish/bf_enc.c index c2f3ce2e8..ebcc5dbdf 100644 --- a/src/libstrongswan/plugins/blowfish/bf_enc.c +++ b/src/libstrongswan/plugins/blowfish/bf_enc.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence diff --git a/src/libstrongswan/plugins/blowfish/bf_locl.h b/src/libstrongswan/plugins/blowfish/bf_locl.h index 283bf4c43..1375a0aa9 100644 --- a/src/libstrongswan/plugins/blowfish/bf_locl.h +++ b/src/libstrongswan/plugins/blowfish/bf_locl.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence diff --git a/src/libstrongswan/plugins/blowfish/bf_pi.h b/src/libstrongswan/plugins/blowfish/bf_pi.h index 9949513c6..79d23db6c 100644 --- a/src/libstrongswan/plugins/blowfish/bf_pi.h +++ b/src/libstrongswan/plugins/blowfish/bf_pi.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -64,262 +64,262 @@ static const BF_KEY bf_init= { 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L, 0x9216d5d9L, 0x8979fb1b },{ - 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, - 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, - 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, - 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, - 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, - 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, - 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, - 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, - 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, - 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, - 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, - 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, - 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, - 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, - 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, - 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, - 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, - 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, - 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, - 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, - 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, - 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, - 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, - 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, - 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, - 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, - 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, - 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, - 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, - 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, - 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, - 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, - 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, - 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, - 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, - 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, - 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, - 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, - 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, - 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, - 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, - 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, - 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, - 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, - 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, - 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, - 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, - 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, - 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, - 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, - 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, - 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, - 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, - 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, - 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, - 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, - 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, - 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, - 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, - 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, - 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, - 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, - 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, - 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, - 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, - 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, - 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, - 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, - 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, - 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, - 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, - 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, - 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, - 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, - 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, - 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, - 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, - 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, - 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, - 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, - 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, - 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, - 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, - 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, - 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, - 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, - 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, - 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, - 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, - 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, - 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, - 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, - 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, - 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, - 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, - 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, - 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, - 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, - 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, - 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, - 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, - 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, - 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, - 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, - 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, - 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, - 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, - 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, - 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, - 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, - 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, - 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, - 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, - 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, - 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, - 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, - 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, - 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, - 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, - 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, - 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, - 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, - 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, - 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, - 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, - 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, - 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, - 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, - 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, - 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, - 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, - 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, - 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, - 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, - 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, - 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, - 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, - 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, - 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, - 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, - 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, - 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, - 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, - 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, - 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, - 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, - 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, - 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, - 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, - 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, - 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, - 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, - 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, - 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, - 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, - 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, - 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, - 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, - 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, - 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, - 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, - 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, - 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, - 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, - 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, - 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, - 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, - 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, - 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, - 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, - 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, - 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, - 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, - 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, - 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, - 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, - 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, - 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, - 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, - 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, - 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, - 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, - 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, - 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, - 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, - 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, - 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, - 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, - 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, - 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, - 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, - 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, - 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, - 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, - 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, - 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, - 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, - 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, - 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, - 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, - 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, - 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, - 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, - 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, - 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, - 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, - 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, - 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, - 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, - 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, - 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, - 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, - 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, - 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, - 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, - 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, - 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, - 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, - 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, - 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, - 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, - 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, - 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, - 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, - 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, - 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, - 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, - 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, - 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, - 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, - 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, - 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, - 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, - 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, - 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, - 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, - 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, - 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, - 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, - 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, - 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, - 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, - 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, - 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, - 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, - 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, - 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, - 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, - 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, - 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, - 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, - 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, - 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, - 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, - 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, - 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, + 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, + 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, + 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, + 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, + 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, + 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, + 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, + 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, + 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, + 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, + 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, + 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, + 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, + 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, + 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, + 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, + 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, + 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, + 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, + 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, + 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, + 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, + 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, + 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, + 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, + 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, + 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, + 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, + 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, + 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, + 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, + 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, + 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, + 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, + 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, + 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, + 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, + 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, + 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, + 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, + 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, + 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, + 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, + 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, + 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, + 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, + 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, + 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, + 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, + 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, + 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, + 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, + 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, + 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, + 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, + 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, + 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, + 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, + 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, + 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, + 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, + 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, + 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, + 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, + 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, + 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, + 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, + 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, + 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, + 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, + 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, + 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, + 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, + 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, + 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, + 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, + 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, + 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, + 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, + 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, + 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, + 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, + 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, + 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, + 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, + 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, + 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, + 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, + 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, + 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, + 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, + 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, + 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, + 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, + 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, + 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, + 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, + 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, + 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, + 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, + 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, + 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, + 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, + 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, + 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, + 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, + 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, + 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, + 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, + 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, + 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, + 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, + 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, + 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, + 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, + 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, + 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, + 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, + 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, + 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, + 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, + 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, + 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, + 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, + 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, + 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, + 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, + 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, + 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, + 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, + 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, + 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, + 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, + 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, + 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, + 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, + 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, + 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, + 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, + 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, + 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, + 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, + 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, + 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, + 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, + 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, + 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, + 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, + 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, + 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, + 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, + 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, + 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, + 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, + 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, + 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, + 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, + 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, + 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, + 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, + 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, + 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, + 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, + 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, + 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, + 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, + 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, + 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, + 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, + 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, + 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, + 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, + 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, + 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, + 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, + 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, + 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, + 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, + 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, + 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, + 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, + 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, + 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, + 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, + 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, + 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, + 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, + 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, + 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, + 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, + 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, + 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, + 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, + 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, + 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, + 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, + 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, + 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, + 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, + 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, + 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, + 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, + 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, + 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, + 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, + 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, + 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, + 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, + 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, + 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, + 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, + 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, + 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, + 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, + 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, + 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, + 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, + 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, + 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, + 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, + 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, + 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, + 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, + 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, + 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, + 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, + 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, + 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, + 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, + 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, + 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, + 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, + 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, + 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, + 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, + 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, + 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, + 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, + 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, + 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, + 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, + 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, + 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, + 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, + 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, + 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, + 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, + 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, + 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, + 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, + 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, + 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, + 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, + 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, + 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, + 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, } }; diff --git a/src/libstrongswan/plugins/blowfish/bf_skey.c b/src/libstrongswan/plugins/blowfish/bf_skey.c index 8cdbbd283..ceec3b8d4 100644 --- a/src/libstrongswan/plugins/blowfish/bf_skey.c +++ b/src/libstrongswan/plugins/blowfish/bf_skey.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence diff --git a/src/libstrongswan/plugins/blowfish/blowfish.h b/src/libstrongswan/plugins/blowfish/blowfish.h index ccb97e272..9aa30df4b 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish.h +++ b/src/libstrongswan/plugins/blowfish/blowfish.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -90,7 +90,7 @@ extern "C" { * So I've chosen long... * */ - + /* des.h-like hack */ #ifndef BF_LONG #ifdef __KERNEL__ @@ -110,7 +110,7 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; - + void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c index 5064bfef6..fb856ed37 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c @@ -4,21 +4,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -33,10 +33,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -48,7 +48,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,23 +61,23 @@ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) */ - + #include "blowfish_crypter.h" typedef struct private_blowfish_crypter_t private_blowfish_crypter_t; /** * Class implementing the Blowfish symmetric encryption algorithm. - * + * * @ingroup crypters */ struct private_blowfish_crypter_t { - + /** * Public part of this class. */ blowfish_crypter_t public; - + /** * Blowfish key schedule */ @@ -96,7 +96,7 @@ static void decrypt(private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { u_int8_t *in, *out; - + if (decrypted) { *decrypted = chunk_alloc(data.len); @@ -121,7 +121,7 @@ static void encrypt (private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { u_int8_t *in, *out; - + if (encrypted) { *encrypted = chunk_alloc(data.len); @@ -177,14 +177,14 @@ static void destroy (private_blowfish_crypter_t *this) blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t key_size) { private_blowfish_crypter_t *this; - + if (algo != ENCR_BLOWFISH) { return NULL; } - + this = malloc_thing(private_blowfish_crypter_t); - + this->key_size = key_size; this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; @@ -192,6 +192,6 @@ blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + return &(this->public); } diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h index 2bb896e64..71cc09cd0 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h @@ -30,7 +30,7 @@ typedef struct blowfish_crypter_t blowfish_crypter_t; * Class implementing the Blowfish encryption algorithm. */ struct blowfish_crypter_t { - + /** * The crypter_t interface. */ @@ -39,7 +39,7 @@ struct blowfish_crypter_t { /** * Constructor to create blowfish_crypter_t objects. - * + * * @param key_size key size in bytes * @param algo algorithm to implement * @return blowfish_crypter_t object, NULL if not supported diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c index 6e2f6d4fa..993dc8b3b 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c @@ -48,12 +48,12 @@ static void destroy(private_blowfish_plugin_t *this) plugin_t *plugin_create() { private_blowfish_plugin_t *this = malloc_thing(private_blowfish_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, (crypter_constructor_t)blowfish_crypter_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 21d77ac8f..32b2504fe 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/curl DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_curl_la_DEPENDENCIES = am_libstrongswan_curl_la_OBJECTS = curl_plugin.lo curl_fetcher.lo @@ -58,6 +82,7 @@ libstrongswan_curl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -241,9 +270,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -261,23 +290,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -302,21 +336,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -339,7 +373,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -347,29 +381,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -390,13 +429,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -427,6 +470,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -448,6 +492,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -456,18 +502,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -506,6 +562,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index 7ee9fa1bd..08315e932 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -33,14 +33,14 @@ struct private_curl_fetcher_t { * Public data */ curl_fetcher_t public; - + /** * CURL handle */ CURL* curl; - + /** - * Optional HTTP headers + * Optional HTTP headers */ struct curl_slist *headers; }; @@ -51,7 +51,7 @@ struct private_curl_fetcher_t { static size_t append(void *ptr, size_t size, size_t nmemb, chunk_t *data) { size_t realsize = size * nmemb; - + data->ptr = (u_char*)realloc(data->ptr, data->len + realsize); if (data->ptr) { @@ -61,16 +61,14 @@ static size_t append(void *ptr, size_t size, size_t nmemb, chunk_t *data) return realsize; } -/** - * Implements fetcher_t.fetch. - */ -static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result) +METHOD(fetcher_t, fetch, status_t, + private_curl_fetcher_t *this, char *uri, chunk_t *result) { char error[CURL_ERROR_SIZE]; status_t status; - + *result = chunk_empty; - + if (curl_easy_setopt(this->curl, CURLOPT_URL, uri) != CURLE_OK) { /* URL type not supported by curl */ return NOT_SUPPORTED; @@ -85,7 +83,7 @@ static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result) { curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers); } - + DBG2(" sending http request to '%s'...", uri); switch (curl_easy_perform(this->curl)) { @@ -103,13 +101,11 @@ static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result) return status; } -/** - * Implementation of fetcher_t.set_option. - */ -static bool set_option(private_curl_fetcher_t *this, fetcher_option_t option, ...) +METHOD(fetcher_t, set_option, bool, + private_curl_fetcher_t *this, fetcher_option_t option, ...) { va_list args; - + va_start(args, option); switch (option) { @@ -154,10 +150,8 @@ static bool set_option(private_curl_fetcher_t *this, fetcher_option_t option, .. } } -/** - * Implements fetcher_t.destroy - */ -static void destroy(private_curl_fetcher_t *this) +METHOD(fetcher_t, destroy, void, + private_curl_fetcher_t *this) { curl_slist_free_all(this->headers); curl_easy_cleanup(this->curl); @@ -169,20 +163,22 @@ static void destroy(private_curl_fetcher_t *this) */ curl_fetcher_t *curl_fetcher_create() { - private_curl_fetcher_t *this = malloc_thing(private_curl_fetcher_t); - - this->curl = curl_easy_init(); - if (this->curl == NULL) + private_curl_fetcher_t *this; + + INIT(this, + .public.interface = { + .fetch = _fetch, + .set_option = _set_option, + .destroy = _destroy, + }, + .curl = curl_easy_init(), + ); + + if (!this->curl) { free(this); return NULL; } - this->headers = NULL; - - this->public.interface.fetch = (status_t(*)(fetcher_t*,char*,chunk_t*))fetch; - this->public.interface.set_option = (bool(*)(fetcher_t*, fetcher_option_t option, ...))set_option; - this->public.interface.destroy = (void (*)(fetcher_t*))destroy; - return &this->public; } diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.h b/src/libstrongswan/plugins/curl/curl_fetcher.h index 043beb834..6b9cad657 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.h +++ b/src/libstrongswan/plugins/curl/curl_fetcher.h @@ -32,11 +32,6 @@ struct curl_fetcher_t { * Implements fetcher interface */ fetcher_t interface; - - /** - * Destroy a curl_fetcher instance. - */ - void (*destroy)(curl_fetcher_t *this); }; /** diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 97fa07866..13dfa053f 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -52,26 +52,26 @@ plugin_t *plugin_create() { CURLcode res; private_curl_plugin_t *this = malloc_thing(private_curl_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + res = curl_global_init(CURL_GLOBAL_NOTHING); if (res == CURLE_OK) { lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create, "file://"); - lib->fetcher->add_fetcher(lib->fetcher, + lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create, "http://"); lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create, "https://"); - lib->fetcher->add_fetcher(lib->fetcher, + lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create, "ftp://"); - } - else - { - DBG1("global libcurl initializing failed: %s, curl disabled", + } + else + { + DBG1("global libcurl initializing failed: %s, curl disabled", curl_easy_strerror(res)); - } + } return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 19da339fe..f68b4bd03 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/des DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_des_la_LIBADD = am_libstrongswan_des_la_OBJECTS = des_plugin.lo des_crypter.lo @@ -58,6 +82,7 @@ libstrongswan_des_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -240,9 +269,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,23 +289,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -301,21 +335,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +372,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +380,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +428,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +469,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -447,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -455,18 +501,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -505,6 +561,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c index 680fe8b6a..142e79613 100644 --- a/src/libstrongswan/plugins/des/des_crypter.c +++ b/src/libstrongswan/plugins/des/des_crypter.c @@ -11,17 +11,17 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -36,10 +36,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -73,17 +73,17 @@ typedef struct private_des_crypter_t private_des_crypter_t; * Private data for des_crypter_t */ struct private_des_crypter_t { - + /** * Public part of this class. */ des_crypter_t public; - + /** * Key size, depends on algoritm... */ size_t key_size; - + union { /** key schedule for single des */ des_key_schedule ks; @@ -141,7 +141,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! even newer MIPS CPU's, but at the moment one size fits all for optimization options. Older Sparc's work better with only UNROLL, but there's no way to tell at compile time what it is you're running on */ - + #if defined( sun ) /* Newer Sparc's */ #define DES_PTR #define DES_RISC1 @@ -879,7 +879,7 @@ static int des_set_key(des_cblock *key, des_key_schedule *schedule) c2l(in,c); c2l(in,d); - /* do PC1 in 60 simple operations */ + /* do PC1 in 60 simple operations */ /* PERM_OP(d,c,t,4,0x0f0f0f0fL); HPERM_OP(c,t,-2, 0xcccc0000L); HPERM_OP(c,t,-1, 0xaaaa0000L); @@ -1037,7 +1037,7 @@ static void des_encrypt(DES_LONG *data, des_key_schedule ks, int enc) /** * DES CBC encrypt decrypt routine */ -static void des_cbc_encrypt(des_cblock *input, des_cblock *output, long length, +static void des_cbc_encrypt(des_cblock *input, des_cblock *output, long length, des_key_schedule schedule, des_cblock *ivec, int enc) { register DES_LONG tin0,tin1; @@ -1110,7 +1110,7 @@ static void des_cbc_encrypt(des_cblock *input, des_cblock *output, long length, /** * DES ECB encrypt decrypt routine */ -static void des_ecb_encrypt(des_cblock *input, des_cblock *output, long length, +static void des_ecb_encrypt(des_cblock *input, des_cblock *output, long length, des_key_schedule schedule, int enc) { register DES_LONG tin0,tin1; @@ -1260,7 +1260,7 @@ static void des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc) /** * Single block 3DES EDE encrypt routine */ -static void des_encrypt3(DES_LONG *data, des_key_schedule ks1, +static void des_encrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3) { register DES_LONG l,r; @@ -1283,7 +1283,7 @@ static void des_encrypt3(DES_LONG *data, des_key_schedule ks1, /** * Single block 3DES EDE decrypt routine */ -static void des_decrypt3(DES_LONG *data, des_key_schedule ks1, +static void des_decrypt3(DES_LONG *data, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3) { register DES_LONG l,r; @@ -1391,7 +1391,7 @@ static void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long len { c2l(in,tin0); c2l(in,tin1); - + t0=tin0; t1=tin1; @@ -1400,7 +1400,7 @@ static void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long len des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); tout0=tin[0]; tout1=tin[1]; - + tout0^=xor0; tout1^=xor1; l2cn(tout0,tout1,out,l+8); @@ -1424,7 +1424,7 @@ static void decrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv, { des_cblock ivb; u_int8_t *out; - + out = data.ptr; if (decrypted) { @@ -1445,7 +1445,7 @@ static void encrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv, { des_cblock ivb; u_int8_t *out; - + out = data.ptr; if (encrypted) { @@ -1464,7 +1464,7 @@ static void decrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { u_int8_t *out; - + out = data.ptr; if (decrypted) { @@ -1482,7 +1482,7 @@ static void encrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { u_int8_t *out; - + out = data.ptr; if (encrypted) { @@ -1501,7 +1501,7 @@ static void decrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv, { des_cblock ivb; u_int8_t *out; - + out = data.ptr; if (decrypted) { @@ -1522,7 +1522,7 @@ static void encrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv, { des_cblock ivb; u_int8_t *out; - + out = data.ptr; if (encrypted) { @@ -1563,7 +1563,7 @@ static void set_key(private_des_crypter_t *this, chunk_t key) * Implementation of crypter_t.set_key for 3DES. */ static void set_key3(private_des_crypter_t *this, chunk_t key) -{ +{ des_set_key((des_cblock*)(key.ptr) + 0, &this->ks3[0]); des_set_key((des_cblock*)(key.ptr) + 1, &this->ks3[1]); des_set_key((des_cblock*)(key.ptr) + 2, &this->ks3[2]); @@ -1583,12 +1583,12 @@ static void destroy(private_des_crypter_t *this) des_crypter_t *des_crypter_create(encryption_algorithm_t algo) { private_des_crypter_t *this = malloc_thing(private_des_crypter_t); - - /* functions of crypter_t interface */ + + /* functions of crypter_t interface */ this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + /* use functions depending on algorithm */ switch (algo) { diff --git a/src/libstrongswan/plugins/des/des_crypter.h b/src/libstrongswan/plugins/des/des_crypter.h index 623b292fc..cffbd4ce3 100644 --- a/src/libstrongswan/plugins/des/des_crypter.h +++ b/src/libstrongswan/plugins/des/des_crypter.h @@ -30,7 +30,7 @@ typedef struct des_crypter_t des_crypter_t; * Class implementing the DES and 3DES encryption algorithms. */ struct des_crypter_t { - + /** * The crypter_t interface. */ @@ -39,7 +39,7 @@ struct des_crypter_t { /** * Constructor to create des_crypter_t objects. - * + * * @param algo ENCR_DES for single DES, ENCR_3DES for triple DES * @return des_crypter_t object, NULL if algo not supported */ diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c index e16b475d4..649d224ab 100644 --- a/src/libstrongswan/plugins/des/des_plugin.c +++ b/src/libstrongswan/plugins/des/des_plugin.c @@ -47,16 +47,16 @@ static void destroy(private_des_plugin_t *this) plugin_t *plugin_create() { private_des_plugin_t *this = malloc_thing(private_des_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, (crypter_constructor_t)des_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_DES, (crypter_constructor_t)des_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, (crypter_constructor_t)des_crypter_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/dnskey/Makefile.am b/src/libstrongswan/plugins/dnskey/Makefile.am new file mode 100644 index 000000000..fd020f505 --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/Makefile.am @@ -0,0 +1,12 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-dnskey.la + +libstrongswan_dnskey_la_SOURCES = dnskey_plugin.h dnskey_plugin.c \ + dnskey_builder.h dnskey_builder.c + +libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version + diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in new file mode 100644 index 000000000..d7d5ff29b --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -0,0 +1,571 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/dnskey +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_dnskey_la_LIBADD = +am_libstrongswan_dnskey_la_OBJECTS = dnskey_plugin.lo \ + dnskey_builder.lo +libstrongswan_dnskey_la_OBJECTS = \ + $(am_libstrongswan_dnskey_la_OBJECTS) +libstrongswan_dnskey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_dnskey_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_dnskey_la_SOURCES) +DIST_SOURCES = $(libstrongswan_dnskey_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-dnskey.la +libstrongswan_dnskey_la_SOURCES = dnskey_plugin.h dnskey_plugin.c \ + dnskey_builder.h dnskey_builder.c + +libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/dnskey/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/dnskey/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-dnskey.la: $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_DEPENDENCIES) + $(libstrongswan_dnskey_la_LINK) -rpath $(plugindir) $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnskey_builder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnskey_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.c b/src/libstrongswan/plugins/dnskey/dnskey_builder.c new file mode 100644 index 000000000..ba20e7158 --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.c @@ -0,0 +1,142 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "dnskey_builder.h" + +#include +#include + + +typedef struct dnskey_rr_t dnskey_rr_t; +typedef enum dnskey_algorithm_t dnskey_algorithm_t; + +/** + * Header of a DNSKEY resource record + */ +struct dnskey_rr_t { + u_int16_t flags; + u_int8_t protocol; + u_int8_t algorithm; + u_int8_t data[]; +} __attribute__((__packed__)); + +/** + * DNSSEC algorithms, RFC4034 Appendix A.1. + */ +enum dnskey_algorithm_t { + DNSKEY_ALG_RSA_MD5 = 1, + DNSKEY_ALG_DH = 2, + DNSKEY_ALG_DSA = 3, + DNSKEY_ALG_ECC = 4, + DNSKEY_ALG_RSA_SHA1 = 5, +}; + +/** + * Load a generic public key from a DNSKEY RR blob + */ +static dnskey_public_key_t *parse_public_key(chunk_t blob) +{ + dnskey_rr_t *rr = (dnskey_rr_t*)blob.ptr; + + if (blob.len < sizeof(dnskey_rr_t)) + { + DBG1("DNSKEY too short"); + return NULL; + } + blob = chunk_skip(blob, sizeof(dnskey_rr_t)); + + switch (rr->algorithm) + { + case DNSKEY_ALG_RSA_SHA1: + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_BLOB_DNSKEY, blob, BUILD_END); + default: + DBG1("DNSKEY public key algorithm %d not supported", rr->algorithm); + return NULL; + } +} + +/** + * Load a RSA public key from DNSKEY RR data + */ +static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob) +{ + chunk_t n, e; + + if (blob.len < 3) + { + DBG1("RFC 3110 public key blob too short for exponent length"); + return NULL; + } + + if (blob.ptr[0]) + { + e.len = blob.ptr[0]; + blob = chunk_skip(blob, 1); + } + else + { + e.len = blob.ptr[1] * 256 + blob.ptr[2]; + blob = chunk_skip(blob, 3); + } + e.ptr = blob.ptr; + if (e.len >= blob.len) + { + DBG1("RFC 3110 public key blob too short for exponent"); + return NULL; + } + n = chunk_skip(blob, e.len); + + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, + BUILD_END); +} + +/** + * See header. + */ +dnskey_public_key_t *dnskey_public_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_DNSKEY: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!blob.ptr) + { + return NULL; + } + switch (type) + { + case KEY_ANY: + return parse_public_key(blob); + case KEY_RSA: + return parse_rsa_public_key(blob); + default: + return NULL; + } +} + diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.h b/src/libstrongswan/plugins/dnskey/dnskey_builder.h new file mode 100644 index 000000000..16eff3269 --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup dnskey_public_key dnskey_public_key + * @{ @ingroup dnskey_p + */ + +#ifndef DNSKEY_BUILDER_H_ +#define DNSKEY_BUILDER_H_ + +#include +#include + +typedef struct dnskey_public_key_t dnskey_public_key_t; + +/** + * Public key implementation supporting RFC4034 decoding. + */ +struct dnskey_public_key_t { + + /** + * Implements public_key_t interface. + */ + public_key_t interface; +}; + +/** + * Load a public key in RFC4034 format. + * + * Takes a BUILD_BLOB_DNSKEY to parse the public key. + * + * @param type type of the key, must be KEY_RSA or KEY_ANY + * @param args builder_part_t argument list + * @return built key, NULL on failure + */ +dnskey_public_key_t *dnskey_public_key_load(key_type_t type, va_list args); + +#endif /** DNSKEY_BUILDER_H_ @}*/ diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c new file mode 100644 index 000000000..83dbe31a1 --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "dnskey_plugin.h" + +#include +#include "dnskey_builder.h" + +typedef struct private_dnskey_plugin_t private_dnskey_plugin_t; + +/** + * private data of dnskey_plugin + */ +struct private_dnskey_plugin_t { + + /** + * public functions + */ + dnskey_plugin_t public; +}; + +/** + * Implementation of dnskey_plugin_t.dnskeytroy + */ +static void destroy(private_dnskey_plugin_t *this) +{ + lib->creds->remove_builder(lib->creds, + (builder_function_t)dnskey_public_key_load); + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + private_dnskey_plugin_t *this = malloc_thing(private_dnskey_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + (builder_function_t)dnskey_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + (builder_function_t)dnskey_public_key_load); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h new file mode 100644 index 000000000..17790e1c6 --- /dev/null +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup dnskey_p dnskey + * @ingroup plugins + * + * @defgroup dnskey_plugin dnskey_plugin + * @{ @ingroup dnskey_p + */ + +#ifndef DNSKEY_PLUGIN_H_ +#define DNSKEY_PLUGIN_H_ + +#include + +typedef struct dnskey_plugin_t dnskey_plugin_t; + +/** + * Plugin providing RFC4034 public key decoding functions. + */ +struct dnskey_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a dnskey_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** DNSKEY_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 5dcae7f27..b23af6def 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/fips_prf DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_fips_prf_la_LIBADD = am_libstrongswan_fips_prf_la_OBJECTS = fips_prf_plugin.lo fips_prf.lo @@ -60,6 +84,7 @@ libstrongswan_fips_prf_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -242,9 +271,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -262,23 +291,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -303,21 +337,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -340,7 +374,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -348,29 +382,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -391,13 +430,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -428,6 +471,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -449,6 +493,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -457,18 +503,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -507,6 +563,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index be28f10bc..123d2a244 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -29,22 +29,22 @@ struct private_fips_prf_t { * Public fips_prf_t interface. */ fips_prf_t public; - + /** * key of prf function, "b" long */ u_int8_t *key; - + /** * size of "b" in bytes */ size_t b; - + /** * Keyed SHA1 prf: It does not use SHA1Final operation */ prf_t *keyed_prf; - + /** * G function, either SHA1 or DES */ @@ -57,11 +57,11 @@ struct private_fips_prf_t { static void add_mod(size_t length, u_int8_t a[], u_int8_t b[], u_int8_t sum[]) { int i, c = 0; - + for(i = length - 1; i >= 0; i--) { u_int32_t tmp; - + tmp = a[i] + b[i] + c; sum[i] = 0xff & tmp; c = tmp >> 8; @@ -114,14 +114,13 @@ static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) u_int8_t sum[this->b]; u_int8_t *xkey = this->key; u_int8_t one[this->b]; - chunk_t xval_chunk = chunk_from_buf(xval); - + memset(one, 0, this->b); one[this->b - 1] = 0x01; - + /* 3.1 */ chunk_mod(this->b, seed, xseed); - + /* 3.2 */ for (i = 0; i < 2; i++) /* twice */ { @@ -129,14 +128,14 @@ static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) add_mod(this->b, xkey, xseed, xval); DBG3("XVAL %b", xval, this->b); /* b. wi = G(t, XVAL ) */ - this->g(this, xval_chunk, &w[i * this->b]); + this->g(this, chunk_create(xval, this->b), &w[i * this->b]); DBG3("w[%d] %b", i, &w[i * this->b], this->b); /* c. XKEY = (1 + XKEY + wi) mod 2b */ add_mod(this->b, xkey, &w[i * this->b], sum); add_mod(this->b, sum, one, xkey); DBG3("XKEY %b", xkey, this->b); } - + /* 3.3 done already, mod q not used */ } @@ -179,7 +178,7 @@ static void set_key(private_fips_prf_t *this, chunk_t key) void g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[]) { u_int8_t buf[64]; - + if (c.len < sizeof(buf)) { /* pad c with zeros */ @@ -193,7 +192,7 @@ void g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[]) /* not more than 512 bits can be G()-ed */ c.len = sizeof(buf); } - + /* use the keyed hasher, but use an empty key to use SHA1 IV */ this->keyed_prf->set_key(this->keyed_prf, chunk_empty); this->keyed_prf->get_bytes(this->keyed_prf, c, res); @@ -215,14 +214,14 @@ static void destroy(private_fips_prf_t *this) fips_prf_t *fips_prf_create(pseudo_random_function_t algo) { private_fips_prf_t *this = malloc_thing(private_fips_prf_t); - + this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; - + switch (algo) { case PRF_FIPS_SHA1_160: @@ -244,7 +243,7 @@ fips_prf_t *fips_prf_create(pseudo_random_function_t algo) return NULL; } this->key = malloc(this->b); - + return &this->public; } diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.h b/src/libstrongswan/plugins/fips_prf/fips_prf.h index b2940be72..514e3c5d9 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.h +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.h @@ -37,7 +37,7 @@ typedef struct fips_prf_t fips_prf_t; * The FIPS PRF is stateful; the key changes every time when bytes are acquired. */ struct fips_prf_t { - + /** * Generic prf_t interface for this fips_prf_t class. */ @@ -46,7 +46,7 @@ struct fips_prf_t { /** * Creates a new fips_prf_t object. - * + * * FIPS 186-2 defines G() functions used in the PRF function. It can * be implemented either based on SHA1 or DES. * The G() function is selected using the algo parameter. diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c index 7576e79ad..6c0842f81 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c @@ -47,11 +47,11 @@ static void destroy(private_fips_prf_plugin_t *this) plugin_t *plugin_create() { private_fips_prf_plugin_t *this = malloc_thing(private_fips_prf_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, (prf_constructor_t)fips_prf_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am index 7394676e2..a468a5ed9 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.am +++ b/src/libstrongswan/plugins/gcrypt/Makefile.am @@ -1,7 +1,7 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic $(LIBGCRYPT_CFLAGS) +AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-gcrypt.la @@ -14,4 +14,4 @@ libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_hasher.h gcrypt_hasher.c libstrongswan_gcrypt_la_LDFLAGS = -module -avoid-version -libstrongswan_gcrypt_la_LIBADD = $(LIBGCRYPT_LIBS) +libstrongswan_gcrypt_la_LIBADD = -lgcrypt diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index e3d27f7f8..c3081e2dd 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,22 +37,43 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gcrypt DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -am__DEPENDENCIES_1 = -libstrongswan_gcrypt_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +libstrongswan_gcrypt_la_DEPENDENCIES = am_libstrongswan_gcrypt_la_OBJECTS = gcrypt_plugin.lo \ gcrypt_rsa_public_key.lo gcrypt_rsa_private_key.lo \ gcrypt_dh.lo gcrypt_rng.lo gcrypt_crypter.lo gcrypt_hasher.lo @@ -62,6 +85,7 @@ libstrongswan_gcrypt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -109,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -139,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -172,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -197,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -205,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -213,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -224,10 +251,11 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic $(LIBGCRYPT_CFLAGS) +AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-gcrypt.la libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \ @@ -238,7 +266,7 @@ libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_hasher.h gcrypt_hasher.c libstrongswan_gcrypt_la_LDFLAGS = -module -avoid-version -libstrongswan_gcrypt_la_LIBADD = $(LIBGCRYPT_LIBS) +libstrongswan_gcrypt_la_LIBADD = -lgcrypt all: all-am .SUFFIXES: @@ -252,9 +280,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -272,23 +300,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -318,21 +351,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -355,7 +388,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -363,29 +396,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -406,13 +444,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -443,6 +485,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -464,6 +507,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -472,18 +517,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -522,6 +577,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c index f82d23185..1eee6226d 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,17 +25,17 @@ typedef struct private_gcrypt_crypter_t private_gcrypt_crypter_t; * Private data of gcrypt_crypter_t */ struct private_gcrypt_crypter_t { - + /** * Public part of this class. */ gcrypt_crypter_t public; - + /** * gcrypt cipher handle */ gcry_cipher_hd_t h; - + /** * gcrypt algorithm identifier */ @@ -49,7 +49,7 @@ static void decrypt(private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { gcry_cipher_setiv(this->h, iv.ptr, iv.len); - + if (dst) { *dst = chunk_alloc(data.len); @@ -68,7 +68,7 @@ static void encrypt(private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { gcry_cipher_setiv(this->h, iv.ptr, iv.len); - + if (dst) { *dst = chunk_alloc(data.len); @@ -86,7 +86,7 @@ static void encrypt(private_gcrypt_crypter_t *this, chunk_t data, static size_t get_block_size(private_gcrypt_crypter_t *this) { size_t len = 0; - + gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len); return len; } @@ -97,7 +97,7 @@ static size_t get_block_size(private_gcrypt_crypter_t *this) static size_t get_key_size(private_gcrypt_crypter_t *this) { size_t len = 0; - + gcry_cipher_algo_info(this->alg, GCRYCTL_GET_KEYLEN, NULL, &len); return len; } @@ -129,7 +129,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, int gcrypt_alg; int mode = GCRY_CIPHER_MODE_CBC; gcry_error_t err; - + switch (algo) { case ENCR_DES: @@ -227,9 +227,9 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, default: return NULL; } - + this = malloc_thing(private_gcrypt_crypter_t); - + this->alg = gcrypt_alg; err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0); if (err) @@ -239,14 +239,14 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, free(this); return NULL; } - + this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *))encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *))decrypt; this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *))get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *))get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t))set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *))destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h index c5a5e6723..ce0ead4a8 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h @@ -29,7 +29,7 @@ typedef struct gcrypt_crypter_t gcrypt_crypter_t; * Implementation of crypters using gcrypt. */ struct gcrypt_crypter_t { - + /** * The crypter_t interface. */ @@ -38,7 +38,7 @@ struct gcrypt_crypter_t { /** * Constructor to create gcrypt_crypter_t. - * + * * @param algo algorithm to implement * @param key_size key size in bytes * @return gcrypt_crypter_t, NULL if not supported diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c index 89d9f2348..59c82f1e7 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c @@ -278,7 +278,7 @@ static u_int8_t group18_modulus[] = { typedef struct modulus_entry_t modulus_entry_t; -/** +/** * Entry of the modulus list. */ struct modulus_entry_t { @@ -312,7 +312,7 @@ static modulus_entry_t modulus_entries[] = { static modulus_entry_t *find_entry(diffie_hellman_group_t group) { int i; - + for (i = 0; i < countof(modulus_entries); i++) { if (modulus_entries[i].group == group) @@ -329,47 +329,47 @@ typedef struct private_gcrypt_dh_t private_gcrypt_dh_t; * Private data of an gcrypt_dh_t object. */ struct private_gcrypt_dh_t { - + /** * Public gcrypt_dh_t interface */ gcrypt_dh_t public; - + /** * Diffie Hellman group number */ u_int16_t group; - - /* + + /* * Generator value - */ + */ gcry_mpi_t g; - + /** * Own private value */ gcry_mpi_t xa; - + /** * Own public value */ gcry_mpi_t ya; - + /** * Other public value */ gcry_mpi_t yb; - + /** * Shared secret */ gcry_mpi_t zz; - + /** * Modulus */ gcry_mpi_t p; - + /** * Modulus length. */ @@ -383,7 +383,7 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value) { gcry_mpi_t p_min_1; gcry_error_t err; - + if (this->yb) { gcry_mpi_release(this->yb); @@ -395,11 +395,11 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value) DBG1("importing mpi yb failed: %s", gpg_strerror(err)); return; } - + p_min_1 = gcry_mpi_new(this->p_len * 8); gcry_mpi_sub_ui(p_min_1, this->p, 1); - - /* check public value: + + /* check public value: * 1. 0 or 1 is invalid as 0^a = 0 and 1^a = 1 * 2. a public value larger or equal the modulus is invalid */ if (gcry_mpi_cmp_ui(this->yb, 1) > 0 && @@ -425,7 +425,7 @@ static chunk_t export_mpi(gcry_mpi_t value, size_t len) { chunk_t chunk; size_t written; - + chunk = chunk_alloc(len); gcry_mpi_print(GCRYMPI_FMT_USG, chunk.ptr, chunk.len, &written, value); if (written < len) @@ -490,21 +490,21 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) chunk_t random; rng_t *rng; size_t len; - + entry = find_entry(group); if (!entry) { return NULL; } - + this = malloc_thing(private_gcrypt_dh_t); - + this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; - + this->group = group; this->p_len = entry->modulus.len; err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG, @@ -524,7 +524,7 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) { len = entry->opt_len; } - + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (rng) { /* prefer external randomizer */ @@ -551,14 +551,14 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) /* achieve bitsof(p)-1 by setting MSB to 0 */ gcry_mpi_clear_bit(this->xa, len * 8 - 1); } - + this->g = gcry_mpi_set_ui(NULL, entry->g); this->ya = gcry_mpi_new(this->p_len * 8); this->yb = NULL; this->zz = NULL; - + gcry_mpi_powm(this->ya, this->g, this->xa, this->p); - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h index dbef96ca7..95b68dcd0 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h @@ -29,7 +29,7 @@ typedef struct gcrypt_dh_t gcrypt_dh_t; * Implementation of the Diffie-Hellman algorithm using libgcrypt mpi. */ struct gcrypt_dh_t { - + /** * Implements diffie_hellman_t interface. */ @@ -38,7 +38,7 @@ struct gcrypt_dh_t { /** * Creates a new gcrypt_dh_t object. - * + * * @param group Diffie Hellman group number to use * @return gcrypt_dh_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index 41e17c897..d12fe11d5 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,12 +25,12 @@ typedef struct private_gcrypt_hasher_t private_gcrypt_hasher_t; * Private data of gcrypt_hasher_t */ struct private_gcrypt_hasher_t { - + /** * Public part of this class. */ gcrypt_hasher_t public; - + /** * gcrypt hasher context */ @@ -101,7 +101,7 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) private_gcrypt_hasher_t *this; int gcrypt_alg; gcry_error_t err; - + switch (algo) { case HASH_MD2: @@ -131,9 +131,9 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) default: return NULL; } - + this = malloc_thing(private_gcrypt_hasher_t); - + err = gcry_md_open(&this->hd, gcrypt_alg, 0); if (err) { @@ -142,13 +142,13 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) free(this); return NULL; } - + this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h index 6f724fba8..708ccaafb 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h @@ -29,7 +29,7 @@ typedef struct gcrypt_hasher_t gcrypt_hasher_t; * Implementation of hashers using libgcrypt. */ struct gcrypt_hasher_t { - + /** * The hasher_t interface. */ @@ -38,7 +38,7 @@ struct gcrypt_hasher_t { /** * Constructor to create gcrypt_hasher_t. - * + * * @param algo algorithm * @return gcrypt_hasher_t, NULL if not supported */ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index 939e0886c..8c9ea893b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -24,7 +24,7 @@ #include #include -#include +#include #include #include @@ -57,7 +57,7 @@ static int mutex_init(void **lock) static int mutex_destroy(void **lock) { mutex_t *mutex = *lock; - + mutex->destroy(mutex); return 0; } @@ -68,7 +68,7 @@ static int mutex_destroy(void **lock) static int mutex_lock(void **lock) { mutex_t *mutex = *lock; - + mutex->lock(mutex); return 0; } @@ -79,7 +79,7 @@ static int mutex_lock(void **lock) static int mutex_unlock(void **lock) { mutex_t *mutex = *lock; - + mutex->unlock(mutex); return 0; } @@ -107,9 +107,11 @@ static void destroy(private_gcrypt_plugin_t *this) lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)gcrypt_dh_create); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)gcrypt_rsa_private_key_builder); + (builder_function_t)gcrypt_rsa_private_key_gen); + lib->creds->remove_builder(lib->creds, + (builder_function_t)gcrypt_rsa_private_key_load); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)gcrypt_rsa_public_key_builder); + (builder_function_t)gcrypt_rsa_public_key_load); free(this); } @@ -119,15 +121,15 @@ static void destroy(private_gcrypt_plugin_t *this) plugin_t *plugin_create() { private_gcrypt_plugin_t *this; - + gcry_control(GCRYCTL_SET_THREAD_CBS, &thread_functions); - + if (!gcry_check_version(GCRYPT_VERSION)) { DBG1("libgcrypt version mismatch"); return NULL; } - + /* we currently do not use secure memory */ gcry_control(GCRYCTL_DISABLE_SECMEM, 0); if (lib->settings->get_bool(lib->settings, @@ -136,11 +138,11 @@ plugin_t *plugin_create() gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); } gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); - + this = malloc_thing(private_gcrypt_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + /* hashers */ lib->crypto->add_hasher(lib->crypto, HASH_SHA1, (hasher_constructor_t)gcrypt_hasher_create); @@ -156,7 +158,7 @@ plugin_t *plugin_create() (hasher_constructor_t)gcrypt_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, (hasher_constructor_t)gcrypt_hasher_create); - + /* crypters */ lib->crypto->add_crypter(lib->crypto, ENCR_3DES, (crypter_constructor_t)gcrypt_crypter_create); @@ -176,39 +178,41 @@ plugin_t *plugin_create() (crypter_constructor_t)gcrypt_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, (crypter_constructor_t)gcrypt_crypter_create); - + /* random numbers */ - lib->crypto->add_rng(lib->crypto, RNG_WEAK, + lib->crypto->add_rng(lib->crypto, RNG_WEAK, (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, + lib->crypto->add_rng(lib->crypto, RNG_STRONG, (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, + lib->crypto->add_rng(lib->crypto, RNG_TRUE, (rng_constructor_t)gcrypt_rng_create); - + /* diffie hellman groups, using modp */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, (dh_constructor_t)gcrypt_dh_create); lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)gcrypt_dh_create); - + /* RSA */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - (builder_constructor_t)gcrypt_rsa_private_key_builder); + (builder_function_t)gcrypt_rsa_private_key_gen); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)gcrypt_rsa_private_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - (builder_constructor_t)gcrypt_rsa_public_key_builder); - + (builder_function_t)gcrypt_rsa_public_key_load); + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c index 64b4eb8d0..d0d252572 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c @@ -28,7 +28,7 @@ struct private_gcrypt_rng_t { * Public gcrypt_rng_t interface. */ gcrypt_rng_t public; - + /** * RNG quality of this instance */ @@ -79,7 +79,7 @@ static void destroy(private_gcrypt_rng_t *this) gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality) { private_gcrypt_rng_t *this; - + switch (quality) { case RNG_WEAK: @@ -89,15 +89,15 @@ gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality) default: return NULL; } - + this = malloc_thing(private_gcrypt_rng_t); - + this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; this->public.rng.destroy = (void (*) (rng_t *))destroy; - + this->quality = quality; - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h index 3cfde8447..a0cc12369 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup gcrypt_rng gcrypt_rng * @{ @ingroup gcrypt_p @@ -29,7 +29,7 @@ typedef struct gcrypt_rng_t gcrypt_rng_t; * rng_t implementation using libgcrypt. */ struct gcrypt_rng_t { - + /** * Implements rng_t. */ @@ -38,7 +38,7 @@ struct gcrypt_rng_t { /** * Creates an gcrypt_rng_t instance. - * + * * @param quality required quality of gcryptness * @return created gcrypt_rng_t */ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index e0e8015db..cd156961e 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -28,38 +28,23 @@ typedef struct private_gcrypt_rsa_private_key_t private_gcrypt_rsa_private_key_t * Private data of a gcrypt_rsa_private_key_t object. */ struct private_gcrypt_rsa_private_key_t { - + /** * Public interface */ gcrypt_rsa_private_key_t public; - + /** * gcrypt S-expression representing an RSA key */ gcry_sexp_t key; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t* keyid_info; - + /** * reference count */ refcount_t ref; }; -/** - * Implemented in gcrypt_rsa_public_key.c - */ -public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key); - /** * find a token in a S-expression. If a key is given, its length is used to * pad the output to a given length. @@ -69,7 +54,7 @@ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key) gcry_sexp_t token; chunk_t data = chunk_empty, tmp; size_t len = 0; - + token = gcry_sexp_find_token(sexp, name, 1); if (token) { @@ -123,7 +108,7 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this, gcry_error_t err; chunk_t em; size_t k; - + /* EM = 0x00 || 0x01 || PS || 0x00 || T * PS = 0xFF padding, with length to fill em * T = data @@ -139,7 +124,7 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this, em.ptr[1] = 0x01; em.ptr[em.len - data.len - 1] = 0x00; memcpy(em.ptr + em.len - data.len, data.ptr, data.len); - + err = gcry_sexp_build(&in, NULL, "(data(flags raw)(value %b))", em.len, em.ptr); chunk_free(&em); @@ -172,7 +157,7 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, gcry_error_t err; gcry_sexp_t in, out; int hash_oid; - + hash_oid = hasher_algorithm_to_oid(hash_algorithm); if (hash_oid == OID_UNKNOWN) { @@ -185,7 +170,7 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, } hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); - + err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", hash_name, hash.len, hash.ptr); chunk_free(&hash); @@ -217,7 +202,7 @@ static key_type_t get_type(private_gcrypt_rsa_private_key_t *this) /** * Implementation of gcrypt_rsa_private_key.destroy. */ -static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, +static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *sig) { switch (scheme) @@ -253,7 +238,7 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this, gcry_sexp_t in, out; chunk_t padded; u_char *pos = NULL;; - + err = gcry_sexp_build(&in, NULL, "(enc-val(flags)(rsa(a %b)))", encrypted.len, encrypted.ptr); if (err) @@ -298,98 +283,41 @@ static size_t get_keysize(private_gcrypt_rsa_private_key_t *this) return gcry_pk_get_nbits(this->key) / 8; } -/** - * Implementation of gcrypt_rsa_private_key.destroy. - */ -static identification_t* get_id(private_gcrypt_rsa_private_key_t *this, - id_type_t type) -{ - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } -} - /** * Implementation of gcrypt_rsa_private_key.get_public_key. */ static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this) { - return gcrypt_rsa_public_key_create_from_sexp(this->key); -} + chunk_t n, e; + public_key_t *public; -/** - * Implementation of gcrypt_rsa_private_key.equals. - */ -static bool equals(private_gcrypt_rsa_private_key_t *this, private_key_t *other) -{ - identification_t *keyid; + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; -} + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); + chunk_free(&n); + chunk_free(&e); -/** - * Implementation of gcrypt_rsa_private_key.belongs_to. - */ -static bool belongs_to(private_gcrypt_rsa_private_key_t *this, - public_key_t *public) -{ - identification_t *keyid; - - if (public->get_type(public) != KEY_RSA) - { - return FALSE; - } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return public; } /** - * Implementation of private_key_t.get_encoding. + * Implementation of private_key_t.get_encoding */ -static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this) +static bool get_encoding(private_gcrypt_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - chunk_t cp, cq, cd, cexp1 = chunk_empty, cexp2 = chunk_empty; + chunk_t cn, ce, cp, cq, cd, cu, cexp1 = chunk_empty, cexp2 = chunk_empty; gcry_mpi_t p = NULL, q = NULL, d = NULL, exp1, exp2; gcry_error_t err; - + bool success; + /* p and q are swapped, gcrypt expects p < q */ cp = gcrypt_rsa_find_token(this->key, "q", NULL); cq = gcrypt_rsa_find_token(this->key, "p", NULL); cd = gcrypt_rsa_find_token(this->key, "d", NULL); - + err = gcry_mpi_scan(&p, GCRYMPI_FMT_USG, cp.ptr, cp.len, NULL) | gcry_mpi_scan(&q, GCRYMPI_FMT_USG, cq.ptr, cq.len, NULL) | gcry_mpi_scan(&d, GCRYMPI_FMT_USG, cd.ptr, cd.len, NULL); @@ -402,26 +330,26 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this) chunk_clear(&cq); chunk_clear(&cd); DBG1("scanning mpi for export failed: %s", gpg_strerror(err)); - return chunk_empty; + return FALSE; } - + gcry_mpi_sub_ui(p, p, 1); exp1 = gcry_mpi_new(gcry_pk_get_nbits(this->key)); gcry_mpi_mod(exp1, d, p); gcry_mpi_release(p); - + gcry_mpi_sub_ui(q, q, 1); exp2 = gcry_mpi_new(gcry_pk_get_nbits(this->key)); gcry_mpi_mod(exp1, d, q); gcry_mpi_release(q); - + err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp1.ptr, &cexp1.len, exp1) | gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp2.ptr, &cexp2.len, exp2); - + gcry_mpi_release(d); gcry_mpi_release(exp1); gcry_mpi_release(exp2); - + if (err) { DBG1("printing mpi for export failed: %s", gpg_strerror(err)); @@ -430,18 +358,53 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this) chunk_clear(&cd); chunk_clear(&cexp1); chunk_clear(&cexp2); - return chunk_empty; + return FALSE; + } + + cn = gcrypt_rsa_find_token(this->key, "n", NULL); + ce = gcrypt_rsa_find_token(this->key, "e", NULL); + cu = gcrypt_rsa_find_token(this->key, "u", NULL); + + success = lib->encoding->encode(lib->encoding, type, NULL, encoding, + KEY_PART_RSA_MODULUS, cn, + KEY_PART_RSA_PUB_EXP, ce, KEY_PART_RSA_PRIV_EXP, cd, + KEY_PART_RSA_PRIME1, cp, KEY_PART_RSA_PRIME2, cq, + KEY_PART_RSA_EXP1, cexp1, KEY_PART_RSA_EXP2, cexp2, + KEY_PART_RSA_COEFF, cu, KEY_PART_END); + chunk_free(&cn); + chunk_free(&ce); + chunk_clear(&cd); + chunk_clear(&cp); + chunk_clear(&cq); + chunk_clear(&cexp1); + chunk_clear(&cexp2); + chunk_clear(&cu); + + return success; +} + +/** + * Implementation of private_key_t.get_fingerprint + */ +static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *fp) +{ + chunk_t n, e; + bool success; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) + { + return TRUE; } - - return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm", ASN1_INTEGER_0, - asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)), - asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL)), - asn1_integer("m", cd), - asn1_integer("m", cp), - asn1_integer("m", cq), - asn1_integer("m", cexp1), - asn1_integer("m", cexp2), - asn1_integer("m", gcrypt_rsa_find_token(this->key, "u", NULL))); + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); + + success = lib->encoding->encode(lib->encoding, + type, this, fp, KEY_PART_RSA_MODULUS, n, + KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + return success; } /** @@ -460,9 +423,8 @@ static void destroy(private_gcrypt_rsa_private_key_t *this) { if (ref_put(&this->ref)) { - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); gcry_sexp_release(this->key); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } @@ -473,192 +435,121 @@ static void destroy(private_gcrypt_rsa_private_key_t *this) static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty() { private_gcrypt_rsa_private_key_t *this = malloc_thing(private_gcrypt_rsa_private_key_t); - + this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals; - this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to; - this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding; + this->public.interface.equals = private_key_equals; + this->public.interface.belongs_to = private_key_belongs_to; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; this->public.interface.destroy = (void (*)(private_key_t *this))destroy; - + this->key = NULL; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - + return this; } /** - * build the keyids of a private/public key + * See header. */ -bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid, - identification_t **keyid_info) +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type, + va_list args) { - chunk_t publicKeyInfo, publicKey, hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher) + private_gcrypt_rsa_private_key_t *this; + gcry_sexp_t param; + gcry_error_t err; + u_int key_size = 0; + + while (TRUE) { - DBG1("SHA1 hash algorithm not supported, unable to use RSA"); - return FALSE; + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!key_size) + { + return NULL; } - publicKey = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("m", gcrypt_rsa_find_token(key, "n", NULL)), - asn1_integer("m", gcrypt_rsa_find_token(key, "e", NULL))); - hasher->allocate_hash(hasher, publicKey, &hash); - *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", publicKey)); - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - - return TRUE; -} -/** - * Generate an RSA key of specified key size - */ -static gcrypt_rsa_private_key_t *generate(size_t key_size) -{ - private_gcrypt_rsa_private_key_t *this; - gcry_sexp_t param, key; - gcry_error_t err; - err = gcry_sexp_build(¶m, NULL, "(genkey(rsa(nbits %d)))", key_size); if (err) { DBG1("building S-expression failed: %s", gpg_strerror(err)); return NULL; } - - err = gcry_pk_genkey(&key, param); + this = gcrypt_rsa_private_key_create_empty(); + err = gcry_pk_genkey(&this->key, param); gcry_sexp_release(param); if (err) { + free(this); DBG1("generating RSA key failed: %s", gpg_strerror(err)); return NULL; } - this = gcrypt_rsa_private_key_create_empty(); - this->key = key; - - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; } /** - * ASN.1 definition of a PKCS#1 RSA private key - */ -static const asn1Object_t privkeyObjects[] = { - { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */ - { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */ - { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */ - { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */ - { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */ - { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */ - { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */ - { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT | - ASN1_LOOP }, /* 10 */ - { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */ - { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */ - { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */ - { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */ - { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PRIV_KEY_VERSION 1 -#define PRIV_KEY_MODULUS 2 -#define PRIV_KEY_PUB_EXP 3 -#define PRIV_KEY_PRIV_EXP 4 -#define PRIV_KEY_PRIME1 5 -#define PRIV_KEY_PRIME2 6 -#define PRIV_KEY_EXP1 7 -#define PRIV_KEY_EXP2 8 -#define PRIV_KEY_COEFF 9 - -/** - * load private key from a ASN1 encoded blob + * See header. */ -static gcrypt_rsa_private_key_t *load(chunk_t blob) +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, + va_list args) { private_gcrypt_rsa_private_key_t *this; - asn1_parser_t *parser; - chunk_t object; - int objectID ; - bool success = FALSE; - chunk_t n, e, d, u, p, q; + chunk_t n, e, d, p, q, exp, u; gcry_error_t err; - - n = e = d = u = p = q = chunk_empty; - - parser = asn1_parser_create(privkeyObjects, blob); - parser->set_flags(parser, FALSE, TRUE); - - while (parser->iterate(parser, &objectID, &object)) + + n = e = d = p = q = u = chunk_empty; + while (TRUE) { - switch (objectID) + switch (va_arg(args, builder_part_t)) { - case PRIV_KEY_VERSION: - if (object.len > 0 && *object.ptr != 0) - { - goto end; - } - break; - case PRIV_KEY_MODULUS: - n = object; - break; - case PRIV_KEY_PUB_EXP: - e = object; - break; - case PRIV_KEY_PRIV_EXP: - d = object; - break; - case PRIV_KEY_PRIME1: - /* p and q are swapped, as gcrypt expects p < q */ - q = object; - break; - case PRIV_KEY_PRIME2: - p = object; - break; - case PRIV_KEY_EXP1: - case PRIV_KEY_EXP2: - break; - case PRIV_KEY_COEFF: - u = object; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIV_EXP: + d = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME1: + /* swap p and q, gcrypt expects p < q */ + q = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME2: + p = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP1: + case BUILD_RSA_EXP2: + /* not required for gcrypt */ + exp = va_arg(args, chunk_t); + continue; + case BUILD_RSA_COEFF: + u = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - success = parser->success(parser); - -end: - parser->destroy(parser); - - if (!success) - { - return NULL; - } - + this = gcrypt_rsa_private_key_create_empty(); err = gcry_sexp_build(&this->key, NULL, "(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))", @@ -677,91 +568,6 @@ end: destroy(this); return NULL; } - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} - -typedef struct private_builder_t private_builder_t; - -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded/generated private key */ - gcrypt_rsa_private_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static gcrypt_rsa_private_key_t *build(private_builder_t *this) -{ - gcrypt_rsa_private_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - this->key = load(va_arg(args, chunk_t)); - va_end(args); - return; - } - case BUILD_KEY_SIZE: - { - va_start(args, part); - this->key = generate(va_arg(args, u_int)); - va_end(args); - return; - } - default: - break; - } - } - if (this->key) - { - destroy((private_gcrypt_rsa_private_key_t*)this->key); - } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *gcrypt_rsa_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h index 2edd7ce5d..4c3605f4b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h @@ -21,6 +21,7 @@ #ifndef GCRYPT_RSA_PRIVATE_KEY_H_ #define GCRYPT_RSA_PRIVATE_KEY_H_ +#include #include typedef struct gcrypt_rsa_private_key_t gcrypt_rsa_private_key_t; @@ -29,7 +30,7 @@ typedef struct gcrypt_rsa_private_key_t gcrypt_rsa_private_key_t; * Private_key_t implementation of RSA algorithm using libgcrypt. */ struct gcrypt_rsa_private_key_t { - + /** * Implements private_key_t interface */ @@ -37,11 +38,27 @@ struct gcrypt_rsa_private_key_t { }; /** - * Create the builder for a private key. + * Generate a private key using gcrypt. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type, + va_list args); + +/** + * Load a gcrypt RSA private keys. + * + * Accepts BUILD_RSA_* components. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *gcrypt_rsa_private_key_builder(key_type_t type); +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, + va_list args); #endif /** GCRYPT_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index 4d9c88c6d..e083fac94 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include #include "gcrypt_rsa_public_key.h" @@ -21,7 +21,6 @@ #include #include #include -#include #include typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t; @@ -30,27 +29,17 @@ typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t; * Private data structure with signing context. */ struct private_gcrypt_rsa_public_key_t { - + /** * Public interface for this signer. */ gcrypt_rsa_public_key_t public; - + /** * gcrypt S-expression representing an public RSA key */ gcry_sexp_t key; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t* keyid_info; - + /** * reference counter */ @@ -61,8 +50,6 @@ struct private_gcrypt_rsa_public_key_t { * Implemented in gcrypt_rsa_private_key.c */ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key); -bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid, - identification_t **keyid_info); /** * verification of a padded PKCS1 signature without an OID @@ -74,7 +61,7 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this, gcry_error_t err; chunk_t em; size_t k; - + /* EM = 0x00 || 0x01 || PS || 0x00 || T * PS = 0xFF padding, with length to fill em * T = data @@ -90,7 +77,7 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this, em.ptr[1] = 0x01; em.ptr[em.len - data.len - 1] = 0x00; memcpy(em.ptr + em.len - data.len, data.ptr, data.len); - + err = gcry_sexp_build(&in, NULL, "(data(flags raw)(value %b))", em.len, em.ptr); chunk_free(&em); @@ -129,7 +116,7 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, chunk_t hash; gcry_error_t err; gcry_sexp_t in, sig; - + hasher = lib->crypto->create_hasher(lib->crypto, algorithm); if (!hasher) { @@ -137,7 +124,7 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, } hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); - + err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", hash_name, hash.len, hash.ptr); chunk_free(&hash); @@ -146,7 +133,7 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, DBG1("building data S-expression failed: %s", gpg_strerror(err)); return FALSE; } - + err = gcry_sexp_build(&sig, NULL, "(sig-val(rsa(s %b)))", signature.len, signature.ptr); if (err) @@ -211,7 +198,7 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain, { gcry_sexp_t in, out; gcry_error_t err; - + /* "pkcs1" uses PKCS 1.5 (section 8.1) block type 2 encryption: * 00 | 02 | RANDOM | 00 | DATA */ err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(value %b))", @@ -234,66 +221,55 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain, } /** - * Implementation of gcrypt_rsa_public_key.equals. + * Implementation of public_key_t.get_keysize. */ -static bool equals(private_gcrypt_rsa_public_key_t *this, public_key_t *other) +static size_t get_keysize(private_gcrypt_rsa_public_key_t *this) { - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return gcry_pk_get_nbits(this->key) / 8; } /** - * Implementation of public_key_t.get_keysize. + * Implementation of private_key_t.get_encoding */ -static size_t get_keysize(private_gcrypt_rsa_public_key_t *this) +static bool get_encoding(private_gcrypt_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - return gcry_pk_get_nbits(this->key) / 8; + chunk_t n, e; + bool success; + + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); + success = lib->encoding->encode(lib->encoding, type, NULL, encoding, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, + KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + + return success; } /** - * Implementation of public_key_t.get_id. + * Implementation of private_key_t.get_fingerprint */ -static identification_t *get_id(private_gcrypt_rsa_public_key_t *this, - id_type_t type) +static bool get_fingerprint(private_gcrypt_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *fp) { - switch (type) + chunk_t n, e; + bool success; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; + return TRUE; } -} + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); -/* - * Implementation of public_key_t.get_encoding. - */ -static chunk_t get_encoding(private_gcrypt_rsa_public_key_t *this) -{ - return asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)), - asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL))); + success = lib->encoding->encode(lib->encoding, + type, this, fp, KEY_PART_RSA_MODULUS, n, + KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + return success; } /** @@ -312,118 +288,57 @@ static void destroy(private_gcrypt_rsa_public_key_t *this) { if (ref_put(&this->ref)) { - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); gcry_sexp_release(this->key); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } /** - * Generic private constructor - */ -static private_gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_create_empty() -{ - private_gcrypt_rsa_public_key_t *this = malloc_thing(private_gcrypt_rsa_public_key_t); - - this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; - this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; - this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; - this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; - this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id; - this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding; - this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - - this->key = NULL; - this->keyid = NULL; - this->keyid_info = NULL; - this->ref = 1; - - return this; -} - -/** - * Create a public key from a S-expression, used in gcrypt_rsa_private_key + * See header. */ -public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key) +gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type, + va_list args) { private_gcrypt_rsa_public_key_t *this; gcry_error_t err; chunk_t n, e; - - this = gcrypt_rsa_public_key_create_empty(); - n = gcrypt_rsa_find_token(key, "n", NULL); - e = gcrypt_rsa_find_token(key, "e", NULL); - - err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))", - n.len, n.ptr, e.len, e.ptr); - chunk_free(&n); - chunk_free(&e); - if (err) - { - DBG1("loading public key failed: %s", gpg_strerror(err)); - free(this); - return NULL; - } - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public.interface; -} -/** - * ASN.1 definition of RSApublicKey - */ -static const asn1Object_t pubkeyObjects[] = { - { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PUB_KEY_RSA_PUBLIC_KEY 0 -#define PUB_KEY_MODULUS 1 -#define PUB_KEY_EXPONENT 2 - -/** - * Load a public key from an ASN1 encoded blob - */ -static gcrypt_rsa_public_key_t *load(chunk_t blob) -{ - private_gcrypt_rsa_public_key_t *this; - asn1_parser_t *parser; - chunk_t object, n, e; - int objectID; - bool success = FALSE; - gcry_error_t err; - n = e = chunk_empty; - - parser = asn1_parser_create(pubkeyObjects, blob); - while (parser->iterate(parser, &objectID, &object)) + while (TRUE) { - switch (objectID) + switch (va_arg(args, builder_part_t)) { - case PUB_KEY_MODULUS: - n = object; - break; - case PUB_KEY_EXPONENT: - e = object; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - success = parser->success(parser); - parser->destroy(parser); - - if (!success) - { - return NULL; - } - - this = gcrypt_rsa_public_key_create_empty(); + + this = malloc_thing(private_gcrypt_rsa_public_key_t); + + this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; + this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; + this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; + this->public.interface.equals = public_key_equals; + this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; + this->public.interface.get_fingerprint = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; + this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; + this->public.interface.destroy = (void (*)(public_key_t *this))destroy; + + this->key = NULL; + this->ref = 1; + err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))", n.len, n.ptr, e.len, e.ptr); if (err) @@ -432,83 +347,7 @@ static gcrypt_rsa_public_key_t *load(chunk_t blob) free(this); return NULL; } - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - gcrypt_rsa_public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static gcrypt_rsa_public_key_t *build(private_builder_t *this) -{ - gcrypt_rsa_public_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - this->key = load(va_arg(args, chunk_t)); - va_end(args); - return; - } - default: - break; - } - } - if (this->key) - { - destroy((private_gcrypt_rsa_public_key_t*)this->key); - } - builder_cancel(&this->public); -} -/** - * Builder construction function - */ -builder_t *gcrypt_rsa_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h index 102547276..fa18c357b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h @@ -21,10 +21,11 @@ #ifndef GCRYPT_RSA_PUBLIC_KEY_H_ #define GCRYPT_RSA_PUBLIC_KEY_H_ -typedef struct gcrypt_rsa_public_key_t gcrypt_rsa_public_key_t; - +#include #include +typedef struct gcrypt_rsa_public_key_t gcrypt_rsa_public_key_t; + /** * public_key_t implementation of RSA algorithm using libgcrypt. */ @@ -37,11 +38,15 @@ struct gcrypt_rsa_public_key_t { }; /** - * Create the builder for a public key. + * Load a RSA public key using gcrypt. + * + * Accepts BUILD_RSA_* components. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *gcrypt_rsa_public_key_builder(key_type_t type); +gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type, + va_list args); #endif /** GCRYPT_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 8d5dff34b..3077ea7e8 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gmp DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_gmp_la_DEPENDENCIES = am_libstrongswan_gmp_la_OBJECTS = gmp_plugin.lo gmp_diffie_hellman.lo \ @@ -59,6 +83,7 @@ libstrongswan_gmp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -246,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -266,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -309,21 +343,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -346,7 +380,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -354,29 +388,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -397,13 +436,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -434,6 +477,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -455,6 +499,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -463,18 +509,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -513,6 +569,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c index a03e83e66..ea7e6fdd2 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c @@ -282,7 +282,7 @@ static u_int8_t group18_modulus[] = { typedef struct modulus_entry_t modulus_entry_t; -/** +/** * Entry of the modulus list. */ struct modulus_entry_t { @@ -290,25 +290,25 @@ struct modulus_entry_t { * Group number as it is defined in file transform_substructure.h. */ diffie_hellman_group_t group; - + /** * Pointer to first byte of modulus (network order). */ u_int8_t *modulus; - - /* + + /* * Length of modulus in bytes. - */ + */ size_t modulus_len; - - /* + + /* * Optimum length of exponent in bytes. - */ + */ size_t opt_exponent_len; - /* + /* * Generator value. - */ + */ u_int16_t generator; }; @@ -336,47 +336,47 @@ struct private_gmp_diffie_hellman_t { * Public gmp_diffie_hellman_t interface. */ gmp_diffie_hellman_t public; - + /** * Diffie Hellman group number. */ u_int16_t group; - - /* + + /* * Generator value. - */ + */ mpz_t g; - + /** * My private value. */ mpz_t xa; - + /** * My public value. */ mpz_t ya; - + /** * Other public value. - */ + */ mpz_t yb; - + /** * Shared secret. - */ + */ mpz_t zz; /** * Modulus. */ mpz_t p; - + /** * Modulus length. */ size_t p_len; - + /** * Optimal exponent length. */ @@ -394,13 +394,13 @@ struct private_gmp_diffie_hellman_t { static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t value) { mpz_t p_min_1; - + mpz_init(p_min_1); mpz_sub_ui(p_min_1, this->p, 1); - + mpz_import(this->yb, value.len, 1, 1, 1, 0, value.ptr); - - /* check public value: + + /* check public value: * 1. 0 or 1 is invalid as 0^a = 0 and 1^a = 1 * 2. a public value larger or equal the modulus is invalid */ if (mpz_cmp_ui(this->yb, 1) > 0 && @@ -409,7 +409,7 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v #ifdef EXTENDED_DH_TEST /* 3. test if y ^ q mod p = 1, where q = (p - 1)/2. */ mpz_t q, one; - + mpz_init(q); mpz_init(one); mpz_fdiv_q_2exp(q, p_min_1, 1); @@ -443,11 +443,11 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v static void get_my_public_value(private_gmp_diffie_hellman_t *this,chunk_t *value) { value->len = this->p_len; - value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya); - if (value->ptr == NULL) - { - value->len = 0; - } + value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya); + if (value->ptr == NULL) + { + value->len = 0; + } } /** @@ -483,7 +483,7 @@ static status_t set_modulus(private_gmp_diffie_hellman_t *this) { int i; status_t status = NOT_FOUND; - + for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++) { if (modulus_entries[i].group == this->group) @@ -533,7 +533,7 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; - + /* private variables */ this->group = group; mpz_init(this->p); @@ -542,10 +542,10 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) mpz_init(this->xa); mpz_init(this->zz); mpz_init(this->g); - + this->computed = FALSE; - - /* find a modulus according to group */ + + /* find a modulus according to group */ if (set_modulus(this) != SUCCESS) { destroy(this); @@ -561,7 +561,7 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) ansi_x9_42 = lib->settings->get_int(lib->settings, "libstrongswan.dh_exponent_ansi_x9_42", TRUE); - exponent_len = (ansi_x9_42) ? this->p_len : this->opt_exponent_len; + exponent_len = (ansi_x9_42) ? this->p_len : this->opt_exponent_len; rng->allocate_bytes(rng, exponent_len, &random); rng->destroy(rng); @@ -575,7 +575,7 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) DBG2("size of DH secret exponent: %u bits", mpz_sizeinbase(this->xa, 2)); mpz_powm(this->ya, this->g, this->xa, this->p); - + return &this->public; } diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h index 774c31cc2..2a54eebb1 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h @@ -30,7 +30,7 @@ typedef struct gmp_diffie_hellman_t gmp_diffie_hellman_t; * Implementation of the Diffie-Hellman algorithm, as in RFC2631. Uses libgmp. */ struct gmp_diffie_hellman_t { - + /** * Implements diffie_hellman_t interface. */ @@ -39,7 +39,7 @@ struct gmp_diffie_hellman_t { /** * Creates a new gmp_diffie_hellman_t object. - * + * * @param group Diffie Hellman group number to use * @return gmp_diffie_hellman_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index f6ea964c1..b70ff881c 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -41,9 +41,11 @@ static void destroy(private_gmp_plugin_t *this) lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)gmp_diffie_hellman_create); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)gmp_rsa_private_key_builder); + (builder_function_t)gmp_rsa_private_key_gen); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)gmp_rsa_public_key_builder); + (builder_function_t)gmp_rsa_private_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)gmp_rsa_public_key_load); free(this); } @@ -53,31 +55,33 @@ static void destroy(private_gmp_plugin_t *this) plugin_t *plugin_create() { private_gmp_plugin_t *this = malloc_thing(private_gmp_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, (dh_constructor_t)gmp_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - + + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)gmp_rsa_private_key_gen); lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - (builder_constructor_t)gmp_rsa_private_key_builder); + (builder_function_t)gmp_rsa_private_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - (builder_constructor_t)gmp_rsa_public_key_builder); - + (builder_function_t)gmp_rsa_public_key_load); + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.h b/src/libstrongswan/plugins/gmp/gmp_plugin.h index d707d78ea..77d53965d 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.h +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.h @@ -16,7 +16,7 @@ /** * @defgroup gmp_p gmp * @ingroup plugins - * + * * @defgroup gmp_plugin gmp_plugin * @{ @ingroup gmp_p */ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 259c8e9ad..1829bd459 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -26,7 +26,6 @@ #include #include #include -#include /** * Public exponent to use for key generation. @@ -43,89 +42,82 @@ struct private_gmp_rsa_private_key_t { * Public interface for this signer. */ gmp_rsa_private_key_t public; - - /** - * Version of key, as encoded in PKCS#1 - */ - u_int version; - + /** * Public modulus. */ mpz_t n; - + /** * Public exponent. */ mpz_t e; - + /** * Private prime 1. */ mpz_t p; - + /** * Private Prime 2. */ mpz_t q; - + /** * Private exponent. */ mpz_t d; - + /** * Private exponent 1. */ mpz_t exp1; - + /** * Private exponent 2. */ mpz_t exp2; - + /** * Private coefficient. */ mpz_t coeff; - + /** * Keysize in bytes. */ size_t k; - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t* keyid_info; - /** * reference count */ - refcount_t ref; + refcount_t ref; }; /** - * Shared functions defined in gmp_rsa_public_key.c + * Convert a MP integer into a chunk_t */ -extern bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, - identification_t **keyid, - identification_t **keyid_info); -extern gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e); +chunk_t gmp_mpz_to_chunk(const mpz_t value) +{ + chunk_t n; + + n.len = 1 + mpz_sizeinbase(value, 2) / BITS_PER_BYTE; + n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, value); + if (n.ptr == NULL) + { /* if we have zero in "value", gmp returns NULL */ + n.len = 0; + } + return n; +} /** * Auxiliary function overwriting private key material with zero bytes */ -static void mpz_clear_randomized(mpz_t z) +static void mpz_clear_sensitive(mpz_t z) { size_t len = mpz_size(z) * GMP_LIMB_BITS / BITS_PER_BYTE; u_int8_t *random = alloca(len); - + memset(random, 0, len); /* overwrite mpz_t with zero bytes before clearing it */ mpz_import(z, len, 1, 1, 1, 0, random); @@ -140,28 +132,28 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this, { rng_t *rng; chunk_t random_bytes; - + rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); if (!rng) { DBG1("no RNG of quality %N found", rng_quality_names, RNG_TRUE); return FAILED; } - + mpz_init(*prime); do { rng->allocate_bytes(rng, prime_size, &random_bytes); /* make sure most significant bit is set */ random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80; - + mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); mpz_nextprime (*prime, *prime); chunk_clear(&random_bytes); } /* check if it isn't too large */ while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size); - + rng->destroy(rng); return SUCCESS; } @@ -173,32 +165,32 @@ static chunk_t rsadp(private_gmp_rsa_private_key_t *this, chunk_t data) { mpz_t t1, t2; chunk_t decrypted; - + mpz_init(t1); mpz_init(t2); - + mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr); - + mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */ mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */ mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */ mpz_mod(t2, t2, this->p); mpz_mul(t2, t2, this->coeff); mpz_mod(t2, t2, this->p); - + mpz_mul(t2, t2, this->q); /* m = m2 + h q */ mpz_add(t1, t1, t2); - + decrypted.len = this->k; decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); if (decrypted.ptr == NULL) { decrypted.len = 0; } - - mpz_clear_randomized(t1); - mpz_clear_randomized(t2); - + + mpz_clear_sensitive(t1); + mpz_clear_sensitive(t2); + return decrypted; } @@ -225,7 +217,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, hasher_t *hasher; chunk_t hash; int hash_oid = hasher_algorithm_to_oid(hash_algorithm); - + if (hash_oid == OID_UNKNOWN) { return FALSE; @@ -238,9 +230,9 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, } hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); - + /* build DER-encoded digestInfo */ - digestInfo = asn1_wrap(ASN1_SEQUENCE, "cm", + digestInfo = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_algorithmIdentifier(hash_oid), asn1_simple_object(ASN1_OCTET_STRING, hash) ); @@ -254,15 +246,15 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, DBG1("unable to sign %d bytes using a %dbit key", data.len, this->k * 8); return FALSE; } - + /* build chunk to rsa-decrypt: - * EM = 0x00 || 0x01 || PS || 0x00 || T. + * EM = 0x00 || 0x01 || PS || 0x00 || T. * PS = 0xFF padding, with length to fill em * T = encoded_hash */ em.len = this->k; em.ptr = malloc(em.len); - + /* fill em with padding */ memset(em.ptr, 0xFF, em.len); /* set magic bytes */ @@ -274,11 +266,11 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, /* build signature */ *signature = rsasp1(this, em); - + free(digestInfo.ptr); free(em.ptr); - - return TRUE; + + return TRUE; } /** @@ -292,7 +284,7 @@ static key_type_t get_type(private_gmp_rsa_private_key_t *this) /** * Implementation of gmp_rsa_private_key.sign. */ -static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, +static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { switch (scheme) @@ -326,7 +318,7 @@ static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto, { chunk_t em, stripped; bool success = FALSE; - + /* rsa decryption using PKCS#1 RSADP */ stripped = em = rsadp(this, crypto); @@ -365,29 +357,23 @@ static size_t get_keysize(private_gmp_rsa_private_key_t *this) return this->k; } -/** - * Implementation of gmp_rsa_private_key.get_id. - */ -static identification_t* get_id(private_gmp_rsa_private_key_t *this, - id_type_t type) -{ - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } -} - /** * Implementation of gmp_rsa_private_key.get_public_key. */ -static gmp_rsa_public_key_t* get_public_key(private_gmp_rsa_private_key_t *this) +static public_key_t* get_public_key(private_gmp_rsa_private_key_t *this) { - return gmp_rsa_public_key_create_from_n_e(this->n, this->e); + chunk_t n, e; + public_key_t *public; + + n = gmp_mpz_to_chunk(this->n); + e = gmp_mpz_to_chunk(this->e); + + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); + chunk_free(&n); + chunk_free(&e); + + return public; } /** @@ -395,27 +381,7 @@ static gmp_rsa_public_key_t* get_public_key(private_gmp_rsa_private_key_t *this) */ static bool equals(private_gmp_rsa_private_key_t *this, private_key_t *other) { - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return private_key_equals(&this->public.interface, other); } /** @@ -423,64 +389,67 @@ static bool equals(private_gmp_rsa_private_key_t *this, private_key_t *other) */ static bool belongs_to(private_gmp_rsa_private_key_t *this, public_key_t *public) { - identification_t *keyid; - - if (public->get_type(public) != KEY_RSA) - { - return FALSE; - } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return private_key_belongs_to(&this->public.interface, public); } /** - * Convert a MP integer into a chunk_t + * Implementation of private_key_t.get_encoding */ -chunk_t gmp_mpz_to_chunk(const mpz_t value) +static bool get_encoding(private_gmp_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - chunk_t n; - - n.len = 1 + mpz_sizeinbase(value, 2) / BITS_PER_BYTE; - n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, value); - if (n.ptr == NULL) - { /* if we have zero in "value", gmp returns NULL */ - n.len = 0; - } - return n; -} + chunk_t n, e, d, p, q, exp1, exp2, coeff; + bool success; + + n = gmp_mpz_to_chunk(this->n); + e = gmp_mpz_to_chunk(this->e); + d = gmp_mpz_to_chunk(this->d); + p = gmp_mpz_to_chunk(this->p); + q = gmp_mpz_to_chunk(this->q); + exp1 = gmp_mpz_to_chunk(this->exp1); + exp2 = gmp_mpz_to_chunk(this->exp2); + coeff = gmp_mpz_to_chunk(this->coeff); + + success = lib->encoding->encode(lib->encoding, + type, NULL, encoding, KEY_PART_RSA_MODULUS, n, + KEY_PART_RSA_PUB_EXP, e, KEY_PART_RSA_PRIV_EXP, d, + KEY_PART_RSA_PRIME1, p, KEY_PART_RSA_PRIME2, q, + KEY_PART_RSA_EXP1, exp1, KEY_PART_RSA_EXP2, exp2, + KEY_PART_RSA_COEFF, coeff, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + chunk_clear(&d); + chunk_clear(&p); + chunk_clear(&q); + chunk_clear(&exp1); + chunk_clear(&exp2); + chunk_clear(&coeff); -/** - * Convert a MP integer into a DER coded ASN.1 object - */ -chunk_t gmp_mpz_to_asn1(const mpz_t value) -{ - return asn1_wrap(ASN1_INTEGER, "m", gmp_mpz_to_chunk(value)); + return success; } /** - * Implementation of private_key_t.get_encoding. + * Implementation of private_key_t.get_fingerprint */ -static chunk_t get_encoding(private_gmp_rsa_private_key_t *this) +static bool get_fingerprint(private_gmp_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *fp) { - return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm", - ASN1_INTEGER_0, - gmp_mpz_to_asn1(this->n), - gmp_mpz_to_asn1(this->e), - gmp_mpz_to_asn1(this->d), - gmp_mpz_to_asn1(this->p), - gmp_mpz_to_asn1(this->q), - gmp_mpz_to_asn1(this->exp1), - gmp_mpz_to_asn1(this->exp2), - gmp_mpz_to_asn1(this->coeff)); + chunk_t n, e; + bool success; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) + { + return TRUE; + } + n = gmp_mpz_to_chunk(this->n); + e = gmp_mpz_to_chunk(this->e); + + success = lib->encoding->encode(lib->encoding, type, this, fp, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + + return success; } /** @@ -490,7 +459,6 @@ static private_gmp_rsa_private_key_t* get_ref(private_gmp_rsa_private_key_t *thi { ref_get(&this->ref); return this; - } /** @@ -500,16 +468,15 @@ static void destroy(private_gmp_rsa_private_key_t *this) { if (ref_put(&this->ref)) { - mpz_clear_randomized(this->n); - mpz_clear_randomized(this->e); - mpz_clear_randomized(this->p); - mpz_clear_randomized(this->q); - mpz_clear_randomized(this->d); - mpz_clear_randomized(this->exp1); - mpz_clear_randomized(this->exp2); - mpz_clear_randomized(this->coeff); - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); + mpz_clear_sensitive(this->n); + mpz_clear_sensitive(this->e); + mpz_clear_sensitive(this->p); + mpz_clear_sensitive(this->q); + mpz_clear_sensitive(this->d); + mpz_clear_sensitive(this->exp1); + mpz_clear_sensitive(this->exp2); + mpz_clear_sensitive(this->coeff); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } @@ -521,7 +488,7 @@ static status_t check(private_gmp_rsa_private_key_t *this) { mpz_t t, u, q1; status_t status = SUCCESS; - + /* PKCS#1 1.5 section 6 requires modulus to have at least 12 octets. * We actually require more (for security). */ @@ -530,25 +497,25 @@ static status_t check(private_gmp_rsa_private_key_t *this) DBG1("key shorter than 512 bits"); return FAILED; } - + /* we picked a max modulus size to simplify buffer allocation */ if (this->k > 8192 / BITS_PER_BYTE) { DBG1("key larger than 8192 bits"); return FAILED; } - + mpz_init(t); mpz_init(u); mpz_init(q1); - + /* check that n == p * q */ mpz_mul(u, this->p, this->q); if (mpz_cmp(u, this->n) != 0) { status = FAILED; } - + /* check that e divides neither p-1 nor q-1 */ mpz_sub_ui(t, this->p, 1); mpz_mod(t, t, this->e); @@ -556,14 +523,14 @@ static status_t check(private_gmp_rsa_private_key_t *this) { status = FAILED; } - + mpz_sub_ui(t, this->q, 1); mpz_mod(t, t, this->e); if (mpz_cmp_ui(t, 0) == 0) { status = FAILED; } - + /* check that d is e^-1 (mod lcm(p-1, q-1)) */ /* see PKCS#1v2, aka RFC 2437, for the "lcm" */ mpz_sub_ui(q1, this->q, 1); @@ -571,14 +538,14 @@ static status_t check(private_gmp_rsa_private_key_t *this) mpz_gcd(t, u, q1); /* t := gcd(p-1, q-1) */ mpz_mul(u, u, q1); /* u := (p-1) * (q-1) */ mpz_divexact(u, u, t); /* u := lcm(p-1, q-1) */ - + mpz_mul(t, this->d, this->e); mpz_mod(t, t, u); if (mpz_cmp_ui(t, 1) != 0) { status = FAILED; } - + /* check that exp1 is d mod (p-1) */ mpz_sub_ui(u, this->p, 1); mpz_mod(t, this->d, u); @@ -586,7 +553,7 @@ static status_t check(private_gmp_rsa_private_key_t *this) { status = FAILED; } - + /* check that exp2 is d mod (q-1) */ mpz_sub_ui(u, this->q, 1); mpz_mod(t, this->d, u); @@ -594,7 +561,7 @@ static status_t check(private_gmp_rsa_private_key_t *this) { status = FAILED; } - + /* check that coeff is (q^-1) mod p */ mpz_mul(t, this->coeff, this->q); mpz_mod(t, t, this->p); @@ -602,10 +569,10 @@ static status_t check(private_gmp_rsa_private_key_t *this) { status = FAILED; } - - mpz_clear_randomized(t); - mpz_clear_randomized(u); - mpz_clear_randomized(q1); + + mpz_clear_sensitive(t); + mpz_clear_sensitive(u); + mpz_clear_sensitive(q1); if (status != SUCCESS) { DBG1("key integrity tests failed"); @@ -619,63 +586,82 @@ static status_t check(private_gmp_rsa_private_key_t *this) static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void) { private_gmp_rsa_private_key_t *this = malloc_thing(private_gmp_rsa_private_key_t); - + this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type; this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign; this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t*, id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key; this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals; this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to; - this->public.interface.get_encoding = (chunk_t (*) (private_key_t*))get_encoding; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref; this->public.interface.destroy = (void (*) (private_key_t*))destroy; - - this->keyid = NULL; - this->keyid_info = NULL; + this->ref = 1; - + return this; } /** - * Generate an RSA key of specified key size + * See header. */ -static gmp_rsa_private_key_t *generate(size_t key_size) +gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args) { - mpz_t p, q, n, e, d, exp1, exp2, coeff; - mpz_t m, q1, t; - private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty(); - + mpz_t p, q, n, e, d, exp1, exp2, coeff, m, q1, t; + private_gmp_rsa_private_key_t *this; + u_int key_size = 0; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!key_size) + { + return NULL; + } + + this = gmp_rsa_private_key_create_empty(); key_size = key_size / BITS_PER_BYTE; - + /* Get values of primes p and q */ if (compute_prime(this, key_size/2, &p) != SUCCESS) { free(this); return NULL; - } + } if (compute_prime(this, key_size/2, &q) != SUCCESS) { mpz_clear(p); free(this); return NULL; } - - mpz_init(t); + + mpz_init(t); mpz_init(n); mpz_init(d); mpz_init(exp1); mpz_init(exp2); mpz_init(coeff); - + /* Swapping Primes so p is larger then q */ if (mpz_cmp(p, q) < 0) { mpz_swap(p, q); } - + mpz_mul(n, p, q); /* n = p*q */ mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */ mpz_init_set(m, p); /* m = p */ @@ -696,16 +682,16 @@ static gmp_rsa_private_key_t *generate(size_t key_size) mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */ mpz_sub_ui(t, q, 1); /* t = q-1 */ mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */ - + mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */ if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */ { mpz_add(coeff, coeff, p); } - mpz_clear_randomized(q1); - mpz_clear_randomized(m); - mpz_clear_randomized(t); + mpz_clear_sensitive(q1); + mpz_clear_sensitive(m); + mpz_clear_sensitive(t); /* apply values */ *(this->p) = *p; @@ -716,145 +702,60 @@ static gmp_rsa_private_key_t *generate(size_t key_size) *(this->exp1) = *exp1; *(this->exp2) = *exp2; *(this->coeff) = *coeff; - + /* set key size in bytes */ this->k = key_size; - + return &this->public; } /** - * ASN.1 definition of a PKCS#1 RSA private key - */ -static const asn1Object_t privkeyObjects[] = { - { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */ - { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */ - { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */ - { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */ - { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */ - { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */ - { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */ - { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT | - ASN1_LOOP }, /* 10 */ - { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */ - { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */ - { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */ - { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */ - { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PRIV_KEY_VERSION 1 -#define PRIV_KEY_MODULUS 2 -#define PRIV_KEY_PUB_EXP 3 -#define PRIV_KEY_PRIV_EXP 4 -#define PRIV_KEY_PRIME1 5 -#define PRIV_KEY_PRIME2 6 -#define PRIV_KEY_EXP1 7 -#define PRIV_KEY_EXP2 8 -#define PRIV_KEY_COEFF 9 - -/** - * load private key from a ASN1 encoded blob + * See header. */ -static gmp_rsa_private_key_t *load_asn1_der(chunk_t blob) +gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args) { - asn1_parser_t *parser; - chunk_t object; - int objectID ; - bool success = FALSE; + chunk_t n, e, d, p, q, exp1, exp2, coeff; + private_gmp_rsa_private_key_t *this; - private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty(); - - mpz_init(this->n); - mpz_init(this->e); - mpz_init(this->p); - mpz_init(this->q); - mpz_init(this->d); - mpz_init(this->exp1); - mpz_init(this->exp2); - mpz_init(this->coeff); - - parser = asn1_parser_create(privkeyObjects, blob); - parser->set_flags(parser, FALSE, TRUE); - - while (parser->iterate(parser, &objectID, &object)) + n = e = d = p = q = exp1 = exp2 = coeff = chunk_empty; + while (TRUE) { - switch (objectID) + switch (va_arg(args, builder_part_t)) { - case PRIV_KEY_VERSION: - if (object.len > 0 && *object.ptr != 0) - { - DBG1("PKCS#1 private key format is not version 1"); - goto end; - } - break; - case PRIV_KEY_MODULUS: - mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PUB_EXP: - mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIV_EXP: - mpz_import(this->d, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIME1: - mpz_import(this->p, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIME2: - mpz_import(this->q, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_EXP1: - mpz_import(this->exp1, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_EXP2: - mpz_import(this->exp2, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_COEFF: - mpz_import(this->coeff, object.len, 1, 1, 1, 0, object.ptr); + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIV_EXP: + d = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME1: + p = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME2: + q = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP1: + exp1 = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP2: + exp2 = va_arg(args, chunk_t); + continue; + case BUILD_RSA_COEFF: + coeff = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - success = parser->success(parser); -end: - parser->destroy(parser); - chunk_clear(&blob); + this = gmp_rsa_private_key_create_empty(); - if (!success) - { - destroy(this); - return NULL; - } - - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - if (check(this) != SUCCESS) - { - destroy(this); - return NULL; - } - return &this->public; -} - -/** - * load private key from an OpenPGP blob coded according to section - */ -static gmp_rsa_private_key_t *load_pgp(chunk_t blob) -{ - mpz_t u; - int objectID; - chunk_t packet = blob; - private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty(); - mpz_init(this->n); mpz_init(this->e); mpz_init(this->p); @@ -864,205 +765,36 @@ static gmp_rsa_private_key_t *load_pgp(chunk_t blob) mpz_init(this->exp2); mpz_init(this->coeff); - for (objectID = PRIV_KEY_MODULUS; objectID <= PRIV_KEY_COEFF; objectID++) - { - chunk_t object; - - switch (objectID) - { - case PRIV_KEY_PRIV_EXP: - { - pgp_sym_alg_t s2k; - - /* string-to-key usage */ - s2k = pgp_length(&packet, 1); - DBG2("L3 - string-to-key: %d", s2k); - - if (s2k == 255 || s2k == 254) - { - DBG1("string-to-key specifiers not supported"); - goto end; - } - DBG2(" %N", pgp_sym_alg_names, s2k); - - if (s2k != PGP_SYM_ALG_PLAIN) - { - DBG1("%N encryption not supported", pgp_sym_alg_names, s2k); - goto end; - } - break; - } - case PRIV_KEY_EXP1: - case PRIV_KEY_EXP2: - /* not contained in OpenPGP secret key payload */ - continue; - default: - break; - } - - DBG2("L3 - %s:", privkeyObjects[objectID].name); - object.len = pgp_length(&packet, 2); - - if (object.len == PGP_INVALID_LENGTH) - { - DBG1("OpenPGP length is invalid"); - goto end; - } - object.len = (object.len + 7) / BITS_PER_BYTE; - if (object.len > packet.len) - { - DBG1("OpenPGP field is too short"); - goto end; - } - object.ptr = packet.ptr; - packet.ptr += object.len; - packet.len -= object.len; - DBG4("%B", &object); - - switch (objectID) - { - case PRIV_KEY_MODULUS: - mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PUB_EXP: - mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIV_EXP: - mpz_import(this->d, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIME1: - mpz_import(this->q, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_PRIME2: - mpz_import(this->p, object.len, 1, 1, 1, 0, object.ptr); - break; - case PRIV_KEY_COEFF: - mpz_import(this->coeff, object.len, 1, 1, 1, 0, object.ptr); - break; - } - } - - /* auxiliary variable */ - mpz_init(u); - - /* exp1 = d mod (p-1) */ - mpz_sub_ui(u, this->p, 1); - mpz_mod(this->exp1, this->d, u); - - /* exp2 = d mod (q-1) */ - mpz_sub_ui(u, this->q, 1); - mpz_mod(this->exp2, this->d, u); - - mpz_clear(u); - chunk_clear(&blob); - - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; + mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr); + mpz_import(this->e, e.len, 1, 1, 1, 0, e.ptr); + mpz_import(this->d, d.len, 1, 1, 1, 0, d.ptr); + mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr); + mpz_import(this->q, q.len, 1, 1, 1, 0, q.ptr); + mpz_import(this->coeff, coeff.len, 1, 1, 1, 0, coeff.ptr); + if (!exp1.len) + { /* exp1 missing in key, recalculate: exp1 = d mod (p-1) */ + mpz_sub_ui(this->exp1, this->p, 1); + mpz_mod(this->exp1, this->d, this->exp1); } - if (check(this) != SUCCESS) + else { - destroy(this); - return NULL; + mpz_import(this->exp1, exp1.len, 1, 1, 1, 0, exp1.ptr); } - return &this->public; - -end: - chunk_clear(&blob); - destroy(this); - return NULL; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded/generated private key */ - gmp_rsa_private_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static gmp_rsa_private_key_t *build(private_builder_t *this) -{ - gmp_rsa_private_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - chunk_t chunk; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load_asn1_der(chunk_clone(chunk)); - va_end(args); - return; - } - case BUILD_BLOB_PGP: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load_pgp(chunk_clone(chunk)); - va_end(args); - return; - } - case BUILD_KEY_SIZE: - { - va_start(args, part); - this->key = generate(va_arg(args, u_int)); - va_end(args); - return; - } - default: - break; - } + if (!exp2.len) + { /* exp2 missing in key, recalculate: exp2 = d mod (q-1) */ + mpz_sub_ui(this->exp2, this->q, 1); + mpz_mod(this->exp2, this->d, this->exp2); } - if (this->key) + else { - destroy((private_gmp_rsa_private_key_t*)this->key); + mpz_import(this->exp2, exp2.len, 1, 1, 1, 0, exp2.ptr); } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *gmp_rsa_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) + this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; + if (check(this) != SUCCESS) { + destroy(this); return NULL; } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h index d47e2583d..db1fcf535 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ #ifndef GMP_RSA_PRIVATE_KEY_H_ #define GMP_RSA_PRIVATE_KEY_H_ +#include #include typedef struct gmp_rsa_private_key_t gmp_rsa_private_key_t; @@ -37,12 +38,25 @@ struct gmp_rsa_private_key_t { }; /** - * Create the builder for a private key. + * Generated a RSA private keys using libgmp. + * + * Accepts the BUILD_KEY_SIZE argument. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return generated key, NULL on failure */ -builder_t *gmp_rsa_private_key_builder(key_type_t type); +gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args); -#endif /** GMP_RSA_PRIVATE_KEY_H_ @}*/ +/** + * Loaded a RSA private keys using libgmp. + * + * Accepts BUILD_RSA_* components. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args); +#endif /** GMP_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index c26187c64..5fea69131 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include #include #include @@ -26,9 +26,7 @@ #include #include #include -#include #include -#include typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t; @@ -40,32 +38,22 @@ struct private_gmp_rsa_public_key_t { * Public interface for this signer. */ gmp_rsa_public_key_t public; - + /** * Public modulus. */ mpz_t n; - + /** * Public exponent. */ mpz_t e; - + /** * Keysize in bytes. */ size_t k; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t *keyid_info; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t *keyid; - + /** * reference counter */ @@ -76,7 +64,6 @@ struct private_gmp_rsa_public_key_t { * Shared functions defined in gmp_rsa_private_key.c */ extern chunk_t gmp_mpz_to_chunk(const mpz_t value); -extern chunk_t gmp_mpz_to_asn1(const mpz_t value); /** * RSAEP algorithm specified in PKCS#1. @@ -85,12 +72,12 @@ static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data) { mpz_t m, c; chunk_t encrypted; - + mpz_init(c); mpz_init(m); - + mpz_import(m, data.len, 1, 1, 1, 0, data.ptr); - + mpz_powm(c, m, this->e, this->n); encrypted.len = this->k; @@ -99,10 +86,10 @@ static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data) { encrypted.len = 0; } - + mpz_clear(c); mpz_clear(m); - + return encrypted; } @@ -136,34 +123,34 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, { chunk_t em_ori, em; bool success = FALSE; - + /* remove any preceding 0-bytes from signature */ while (signature.len && *(signature.ptr) == 0x00) { signature = chunk_skip(signature, 1); } - + if (signature.len == 0 || signature.len > this->k) { return INVALID_ARG; } - + /* unpack signature */ em_ori = em = rsavp1(this, signature); - + /* result should look like this: - * EM = 0x00 || 0x01 || PS || 0x00 || T. + * EM = 0x00 || 0x01 || PS || 0x00 || T. * PS = 0xFF padding, with length to fill em * T = oid || hash */ - + /* check magic bytes */ if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) { goto end; } em = chunk_skip(em, 2); - + /* find magic 0x00 */ while (em.len > 0) { @@ -240,7 +227,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, { chunk_t hash; hasher_t *hasher; - + hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm); if (hasher == NULL) { @@ -290,7 +277,7 @@ static key_type_t get_type(private_gmp_rsa_public_key_t *this) /** * Implementation of public_key_t.verify. */ -static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, +static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature) { switch (scheme) @@ -316,7 +303,7 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme } } -#define MIN_PS_PADDING 8 +#define MIN_PS_PADDING 8 /** * Implementation of public_key_t.encrypt. @@ -327,7 +314,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, chunk_t em; u_char *pos; int padding, i; - rng_t *rng; + rng_t *rng; rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (rng == NULL) @@ -338,7 +325,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, /* number of pseudo-random padding octets */ padding = this->k - plain.len - 3; - if (padding < MIN_PS_PADDING) + if (padding < MIN_PS_PADDING) { DBG1("pseudo-random padding must be at least %d octets", MIN_PS_PADDING); return FALSE; @@ -346,9 +333,9 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, /* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */ DBG2("padding %u bytes of data to the rsa modulus size of %u bytes", - plain.len, this->k); + plain.len, this->k); em.len = this->k; - em.ptr = malloc(em.len); + em.ptr = malloc(em.len); pos = em.ptr; *pos++ = 0x00; *pos++ = 0x02; @@ -373,7 +360,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, /* now add the data */ memcpy(pos, plain.ptr, plain.len); DBG3("padded data before rsa encryption: %B", &em); - + /* rsa encryption using PKCS#1 RSAEP */ *crypto = rsaep(this, em); DBG3("rsa encrypted data: %B", crypto); @@ -386,27 +373,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, */ static bool equals(private_gmp_rsa_public_key_t *this, public_key_t *other) { - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return public_key_equals(&this->public.interface, other); } /** @@ -418,72 +385,47 @@ static size_t get_keysize(private_gmp_rsa_public_key_t *this) } /** - * Build the PGP version 3 RSA key identifier from n and e using - * MD5 hashed modulus and exponent. + * Implementation of public_key_t.get_encoding */ -static identification_t* gmp_rsa_build_pgp_v3_keyid(mpz_t n, mpz_t e) +static bool get_encoding(private_gmp_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - identification_t *keyid; - chunk_t modulus, mod, exponent, exp, hash; - hasher_t *hasher; - - hasher= lib->crypto->create_hasher(lib->crypto, HASH_MD5); - if (hasher == NULL) - { - DBG1("computation of PGP V3 keyid failed, no MD5 hasher is available"); - return NULL; - } - mod = modulus = gmp_mpz_to_chunk(n); - exp = exponent = gmp_mpz_to_chunk(e); + chunk_t n, e; + bool success; - /* remove leading zero bytes before hashing modulus and exponent */ - while (mod.len > 0 && *mod.ptr == 0x00) - { - mod.ptr++; - mod.len--; - } - while (exp.len > 0 && *exp.ptr == 0x00) - { - exp.ptr++; - exp.len--; - } - hasher->allocate_hash(hasher, mod, NULL); - hasher->allocate_hash(hasher, exp, &hash); - hasher->destroy(hasher); - keyid = identification_create_from_encoding(ID_KEY_ID, hash); - free(hash.ptr); - free(modulus.ptr); - free(exponent.ptr); - return keyid; + n = gmp_mpz_to_chunk(this->n); + e = gmp_mpz_to_chunk(this->e); + + success = lib->encoding->encode(lib->encoding, type, NULL, encoding, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + + return success; } /** - * Implementation of public_key_t.get_id. + * Implementation of public_key_t.get_fingerprint */ -static identification_t *get_id(private_gmp_rsa_public_key_t *this, - id_type_t type) +static bool get_fingerprint(private_gmp_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *fp) { - switch (type) + chunk_t n, e; + bool success; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - case ID_KEY_ID: - return gmp_rsa_build_pgp_v3_keyid(this->n, this->e); - default: - return NULL; + return TRUE; } -} + n = gmp_mpz_to_chunk(this->n); + e = gmp_mpz_to_chunk(this->e); -/* - * Implementation of public_key_t.get_encoding. - */ -static chunk_t get_encoding(private_gmp_rsa_public_key_t *this) -{ - return asn1_wrap(ASN1_SEQUENCE, "mm", - gmp_mpz_to_asn1(this->n), - gmp_mpz_to_asn1(this->e)); + success = lib->encoding->encode(lib->encoding, type, this, fp, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + + return success; } /** @@ -504,369 +446,65 @@ static void destroy(private_gmp_rsa_public_key_t *this) { mpz_clear(this->n); mpz_clear(this->e); - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } /** - * Generic private constructor + * See header. */ -static private_gmp_rsa_public_key_t *gmp_rsa_public_key_create_empty() +gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args) { - private_gmp_rsa_public_key_t *this = malloc_thing(private_gmp_rsa_public_key_t); - - this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type; - this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify; - this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_; - this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; - this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize; - this->public.interface.get_id = (identification_t* (*) (public_key_t*, id_type_t))get_id; - this->public.interface.get_encoding = (chunk_t(*) (public_key_t*))get_encoding; - this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref; - this->public.interface.destroy = (void (*) (public_key_t *this))destroy; - - this->keyid = NULL; - this->keyid_info = NULL; - this->ref = 1; - - return this; -} + private_gmp_rsa_public_key_t *this; + chunk_t n, e; -/** - * Build the RSA key identifier from n and e using SHA1 hashed publicKey(Info). - * Also used in rsa_private_key.c. - */ -bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, identification_t **keyid, - identification_t **keyid_info) -{ - chunk_t publicKeyInfo, publicKey, hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - DBG1("SHA1 hash algorithm not supported, unable to use RSA"); - return FALSE; - } - publicKey = asn1_wrap(ASN1_SEQUENCE, "mm", - gmp_mpz_to_asn1(n), - gmp_mpz_to_asn1(e)); - hasher->allocate_hash(hasher, publicKey, &hash); - *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", publicKey)); - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - - return TRUE; -} - -/** - * Create a public key from mpz values, used in gmp_rsa_private_key - */ -gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e) -{ - private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty(); - - mpz_init_set(this->n, n); - mpz_init_set(this->e, e); - - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) + n = e = chunk_empty; + while (TRUE) { - destroy(this); - return NULL; - } - return &this->public; -} - -/** - * ASN.1 definition of RSApublicKey - */ -static const asn1Object_t pubkeyObjects[] = { - { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PUB_KEY_RSA_PUBLIC_KEY 0 -#define PUB_KEY_MODULUS 1 -#define PUB_KEY_EXPONENT 2 - -/** - * Load a public key from an ASN.1 encoded blob - */ -static gmp_rsa_public_key_t *load_asn1_der(chunk_t blob) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - bool success = FALSE; - - private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty(); - - mpz_init(this->n); - mpz_init(this->e); - - parser = asn1_parser_create(pubkeyObjects, blob); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) + switch (va_arg(args, builder_part_t)) { - case PUB_KEY_MODULUS: - mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr); - break; - case PUB_KEY_EXPONENT: - mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr); + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - success = parser->success(parser); - free(blob.ptr); - parser->destroy(parser); - - if (!success) + if (!e.ptr || !n.ptr) { - destroy(this); return NULL; } - - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} + this = malloc_thing(private_gmp_rsa_public_key_t); -/** - * Load a public key from an OpenPGP blob - */ -static gmp_rsa_public_key_t* load_pgp(chunk_t blob) -{ - int objectID; - chunk_t packet = blob; - private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty(); - - mpz_init(this->n); - mpz_init(this->e); - - for (objectID = PUB_KEY_MODULUS; objectID <= PUB_KEY_EXPONENT; objectID++) - { - chunk_t object; - - DBG2("L3 - %s:", pubkeyObjects[objectID].name); - object.len = pgp_length(&packet, 2); - - if (object.len == PGP_INVALID_LENGTH) - { - DBG1("OpenPGP length is invalid"); - goto end; - } - object.len = (object.len + 7) / BITS_PER_BYTE; - if (object.len > packet.len) - { - DBG1("OpenPGP field is too short"); - goto end; - } - object.ptr = packet.ptr; - packet.ptr += object.len; - packet.len -= object.len; - DBG4("%B", &object); - - switch (objectID) - { - case PUB_KEY_MODULUS: - mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr); - break; - case PUB_KEY_EXPONENT: - mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr); - break; - } - } - - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - free(blob.ptr); - - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; + this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type; + this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify; + this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_; + this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; + this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize; + this->public.interface.get_fingerprint = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; + this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref; + this->public.interface.destroy = (void (*) (public_key_t *this))destroy; -end: - free(blob.ptr); - destroy(this); - return NULL; -} + this->ref = 1; -/** - * Load a public key from an RFC 3110 encoded blob - */ -static gmp_rsa_public_key_t *load_rfc_3110(chunk_t blob) -{ - chunk_t exponent, modulus; - u_char *pos = blob.ptr; - size_t len = blob.len; - private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty(); - mpz_init(this->n); mpz_init(this->e); - if (blob.len < 3) - { - DBG1("RFC 3110 public key blob too short for exponent length"); - goto end; - } - if (pos[0] != 0x00) - { - exponent = chunk_create(pos + 1, pos[0]); - pos++; - len--; - } - else - { - exponent = chunk_create(pos + 3, 256*pos[1] + pos[2]); - pos += 3; - len -= 3; - } - if (exponent.len > len) - { - DBG1("RFC 3110 public key blob too short for exponent"); - goto end; - } - pos += exponent.len; - len -= exponent.len; - - if (len == 0) - { - DBG1("RFC 3110 public key blob has zero length modulus"); - goto end; - } - modulus = chunk_create(pos, len); + mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr); + mpz_import(this->e, e.len, 1, 1, 1, 0, e.ptr); - mpz_import(this->n, modulus.len, 1, 1, 1, 0, modulus.ptr); - mpz_import(this->e, exponent.len, 1, 1, 1, 0, exponent.ptr); - this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - free(blob.ptr); + this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; - if (!gmp_rsa_public_key_build_id(this->n, this->e, - &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; - -end: - free(blob.ptr); - destroy(this); - return NULL; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - gmp_rsa_public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static gmp_rsa_public_key_t *build(private_builder_t *this) -{ - gmp_rsa_public_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - chunk_t chunk; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load_asn1_der(chunk_clone(chunk)); - va_end(args); - return; - } - case BUILD_BLOB_PGP: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load_pgp(chunk_clone(chunk)); - va_end(args); - return; - } - case BUILD_BLOB_RFC_3110: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load_rfc_3110(chunk_clone(chunk)); - va_end(args); - return; - } - default: - break; - } - } - if (this->key) - { - destroy((private_gmp_rsa_public_key_t*)this->key); - } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *gmp_rsa_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h index ed7b9429f..807f0bb7c 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h @@ -22,10 +22,11 @@ #ifndef GMP_RSA_PUBLIC_KEY_H_ #define GMP_RSA_PUBLIC_KEY_H_ -typedef struct gmp_rsa_public_key_t gmp_rsa_public_key_t; - +#include #include +typedef struct gmp_rsa_public_key_t gmp_rsa_public_key_t; + /** * public_key_t implementation of RSA algorithm using libgmp. */ @@ -38,11 +39,14 @@ struct gmp_rsa_public_key_t { }; /** - * Create the builder for a public key. + * Load a RSA public key using libgmp. + * + * Accepts BUILD_RSA_* components. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *gmp_rsa_public_key_builder(key_type_t type); +gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args); #endif /** GMP_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 389bde8f9..7dc8269a4 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/hmac DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_hmac_la_LIBADD = am_libstrongswan_hmac_la_OBJECTS = hmac_plugin.lo hmac.lo hmac_prf.lo \ @@ -59,6 +83,7 @@ libstrongswan_hmac_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -243,9 +272,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +292,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index 6dfa02233..c1ab48899 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -23,7 +23,7 @@ typedef struct private_hmac_t private_hmac_t; /** * Private data of a hmac_t object. - * + * * The variable names are the same as in the RFC. */ struct private_hmac_t { @@ -31,22 +31,22 @@ struct private_hmac_t { * Public hmac_t interface. */ hmac_t hmac; - + /** * Block size, as in RFC. */ u_int8_t b; - + /** * Hash function. */ hasher_t *h; - + /** * Previously xor'ed key using opad. */ chunk_t opaded_key; - + /** * Previously xor'ed key using ipad. */ @@ -58,16 +58,16 @@ struct private_hmac_t { */ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out) { - /* H(K XOR opad, H(K XOR ipad, text)) - * + /* H(K XOR opad, H(K XOR ipad, text)) + * * if out is NULL, we append text to the inner hash. * else, we complete the inner and do the outer. - * + * */ - + u_int8_t buffer[this->h->get_hash_size(this->h)]; chunk_t inner; - + if (out == NULL) { /* append data to inner */ @@ -78,14 +78,14 @@ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out) /* append and do outer hash */ inner.ptr = buffer; inner.len = this->h->get_hash_size(this->h); - + /* complete inner */ this->h->get_hash(this->h, data, buffer); - + /* do outer */ this->h->get_hash(this->h, this->opaded_key, NULL); this->h->get_hash(this->h, inner, out); - + /* reinit for next call */ this->h->get_hash(this->h, this->ipaded_key, NULL); } @@ -109,7 +109,7 @@ static void allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out) this->hmac.get_mac(&(this->hmac), data, out->ptr); } } - + /** * Implementation of hmac_t.get_block_size. */ @@ -125,27 +125,27 @@ static void set_key(private_hmac_t *this, chunk_t key) { int i; u_int8_t buffer[this->b]; - + memset(buffer, 0, this->b); - + if (key.len > this->b) - { + { /* if key is too long, it will be hashed */ this->h->get_hash(this->h, key, buffer); } else - { + { /* if not, just copy it in our pre-padded k */ - memcpy(buffer, key.ptr, key.len); + memcpy(buffer, key.ptr, key.len); } - + /* apply ipad and opad to key */ for (i = 0; i < this->b; i++) { this->ipaded_key.ptr[i] = buffer[i] ^ 0x36; this->opaded_key.ptr[i] = buffer[i] ^ 0x5C; } - + /* begin hashing of inner pad */ this->h->reset(this->h); this->h->get_hash(this->h, this->ipaded_key, NULL); @@ -175,7 +175,7 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm) this->hmac.get_block_size = (size_t (*)(hmac_t *))get_block_size; this->hmac.set_key = (void (*)(hmac_t *,chunk_t))set_key; this->hmac.destroy = (void (*)(hmac_t *))destroy; - + /* set b, according to hasher */ switch (hash_algorithm) { @@ -190,15 +190,15 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm) break; default: free(this); - return NULL; + return NULL; } - + /* build the hasher */ this->h = lib->crypto->create_hasher(lib->crypto, hash_algorithm); if (this->h == NULL) { free(this); - return NULL; + return NULL; } /* build ipad and opad */ diff --git a/src/libstrongswan/plugins/hmac/hmac.h b/src/libstrongswan/plugins/hmac/hmac.h index a204d3b17..be1bce66d 100644 --- a/src/libstrongswan/plugins/hmac/hmac.h +++ b/src/libstrongswan/plugins/hmac/hmac.h @@ -36,46 +36,46 @@ typedef struct hmac_t hmac_t; struct hmac_t { /** * Generate message authentication code. - * + * * If buffer is NULL, no result is given back. A next call will - * append the data to already supplied data. If buffer is not NULL, + * append the data to already supplied data. If buffer is not NULL, * the mac of all apended data is calculated, returned and the * state of the hmac_t is reseted. - * + * * @param data chunk of data to authenticate * @param buffer pointer where the generated bytes will be written */ void (*get_mac) (hmac_t *this, chunk_t data, u_int8_t *buffer); - + /** * Generates message authentication code and allocate space for them. - * + * * If chunk is NULL, no result is given back. A next call will - * append the data to already supplied. If chunk is not NULL, + * append the data to already supplied. If chunk is not NULL, * the mac of all apended data is calculated, returned and the * state of the hmac_t reset; - * + * * @param data chunk of data to authenticate * @param chunk chunk which will hold generated bytes */ void (*allocate_mac) (hmac_t *this, chunk_t data, chunk_t *chunk); - + /** * Get the block size of this hmac_t object. - * + * * @return block size in bytes */ - size_t (*get_block_size) (hmac_t *this); - + size_t (*get_block_size) (hmac_t *this); + /** * Set the key for this hmac_t object. - * + * * Any key length is accepted. - * + * * @param key key to set */ void (*set_key) (hmac_t *this, chunk_t key); - + /** * Destroys a hmac_t object. */ @@ -84,7 +84,7 @@ struct hmac_t { /** * Creates a new hmac_t object. - * + * * @param hash_algorithm hash algorithm to use * @return hmac_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index aa1e994b0..94332ee36 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -50,35 +50,35 @@ static void destroy(private_hmac_plugin_t *this) plugin_t *plugin_create() { private_hmac_plugin_t *this = malloc_thing(private_hmac_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, + + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, (prf_constructor_t)hmac_prf_create); - - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, + + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, (signer_constructor_t)hmac_signer_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.c b/src/libstrongswan/plugins/hmac/hmac_prf.c index 454d40be3..cca6e9570 100644 --- a/src/libstrongswan/plugins/hmac/hmac_prf.c +++ b/src/libstrongswan/plugins/hmac/hmac_prf.c @@ -28,8 +28,8 @@ struct private_hmac_prf_t { /** * Public hmac_prf_t interface. */ - hmac_prf_t public; - + hmac_prf_t public; + /** * Hmac to use for generation. */ @@ -93,7 +93,7 @@ hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo) { private_hmac_prf_t *this; hash_algorithm_t hash; - + switch (algo) { case PRF_HMAC_SHA1: @@ -114,22 +114,22 @@ hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo) default: return NULL; } - + this = malloc_thing(private_hmac_prf_t); this->hmac = hmac_create(hash); if (this->hmac == NULL) { free(this); - return NULL; + return NULL; } - + this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; - + return &(this->public); } diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.h b/src/libstrongswan/plugins/hmac/hmac_prf.h index aa75272e1..975b456f5 100644 --- a/src/libstrongswan/plugins/hmac/hmac_prf.h +++ b/src/libstrongswan/plugins/hmac/hmac_prf.h @@ -28,12 +28,12 @@ typedef struct hmac_prf_t hmac_prf_t; /** * Implementation of prf_t interface using the HMAC algorithm. - * + * * This simply wraps a hmac_t in a prf_t. More a question of * interface matching. */ struct hmac_prf_t { - + /** * Generic prf_t interface for this hmac_prf_t class. */ @@ -42,7 +42,7 @@ struct hmac_prf_t { /** * Creates a new hmac_prf_t object. - * + * * @param algo algorithm to implement * @return hmac_prf_t object, NULL if hash not supported */ diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c index b44bc2109..f82a8f3a1 100644 --- a/src/libstrongswan/plugins/hmac/hmac_signer.c +++ b/src/libstrongswan/plugins/hmac/hmac_signer.c @@ -29,12 +29,12 @@ struct private_hmac_signer_t { * Public interface of hmac_signer_t. */ hmac_signer_t public; - + /** * Assigned hmac function. */ hmac_t *hmac; - + /** * Block size (truncation of HMAC Hash) */ @@ -54,7 +54,7 @@ static void get_signature(private_hmac_signer_t *this, else { u_int8_t mac[this->hmac->get_block_size(this->hmac)]; - + this->hmac->get_mac(this->hmac, data, mac); memcpy(buffer, mac, this->block_size); } @@ -73,12 +73,12 @@ static void allocate_signature (private_hmac_signer_t *this, else { u_int8_t mac[this->hmac->get_block_size(this->hmac)]; - + this->hmac->get_mac(this->hmac, data, mac); chunk->ptr = malloc(this->block_size); chunk->len = this->block_size; - + memcpy(chunk->ptr, mac, this->block_size); } } @@ -90,9 +90,9 @@ static bool verify_signature(private_hmac_signer_t *this, chunk_t data, chunk_t signature) { u_int8_t mac[this->hmac->get_block_size(this->hmac)]; - + this->hmac->get_mac(this->hmac, data, mac); - + if (signature.len != this->block_size) { return FALSE; @@ -142,7 +142,7 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) private_hmac_signer_t *this; size_t trunc; hash_algorithm_t hash; - + switch (algo) { case AUTH_HMAC_SHA1_96: @@ -180,7 +180,7 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) default: return NULL; } - + this = malloc_thing(private_hmac_signer_t); this->hmac = hmac_create(hash); if (this->hmac == NULL) @@ -190,7 +190,7 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) } /* prevent invalid truncation */ this->block_size = min(trunc, this->hmac->get_block_size(this->hmac)); - + /* interface functions */ this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature; this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature; @@ -199,7 +199,7 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo) this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size; this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key; this->public.signer_interface.destroy = (void (*) (signer_t*))destroy; - + return &(this->public); } diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.h b/src/libstrongswan/plugins/hmac/hmac_signer.h index 197e28fa7..0de93440c 100644 --- a/src/libstrongswan/plugins/hmac/hmac_signer.h +++ b/src/libstrongswan/plugins/hmac/hmac_signer.h @@ -32,7 +32,7 @@ typedef struct hmac_signer_t hmac_signer_t; * HMAC uses a standard hash function implemented in a hasher_t to build a MAC. */ struct hmac_signer_t { - + /** * generic signer_t interface for this signer */ diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 93fc9a0c1..d9ebb0147 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/ldap DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_ldap_la_DEPENDENCIES = am_libstrongswan_ldap_la_OBJECTS = ldap_plugin.lo ldap_fetcher.lo @@ -58,6 +82,7 @@ libstrongswan_ldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -241,9 +270,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -261,23 +290,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -302,21 +336,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -339,7 +373,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -347,29 +381,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -390,13 +429,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -427,6 +470,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -448,6 +492,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -456,18 +502,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -506,6 +562,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index b2a40219f..ce5b7d56b 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -38,7 +38,7 @@ struct private_ldap_fetcher_t { * Public data */ ldap_fetcher_t public; - + /** * timeout to use for fetches */ @@ -79,7 +79,7 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response) } else { - DBG1("getting LDAP values failed: %s", + DBG1("getting LDAP values failed: %s", ldap_err2string(ldap_result2error(ldap, entry, 0))); } ldap_memfree(attr); @@ -110,7 +110,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url, int ldap_version = LDAP_VERSION3; struct timeval timeout; status_t status = FAILED; - + if (!strneq(url, "ldap", 4)) { return NOT_SUPPORTED; @@ -126,7 +126,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url, ldap_free_urldesc(lurl); return FAILED; } - + timeout.tv_sec = this->timeout; timeout.tv_usec = 0; @@ -171,7 +171,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url, static bool set_option(private_ldap_fetcher_t *this, fetcher_option_t option, ...) { va_list args; - + va_start(args, option); switch (option) { @@ -203,9 +203,9 @@ ldap_fetcher_t *ldap_fetcher_create() this->public.interface.fetch = (status_t(*)(fetcher_t*,char*,chunk_t*))fetch; this->public.interface.set_option = (bool(*)(fetcher_t*, fetcher_option_t option, ...))set_option; this->public.interface.destroy = (void (*)(fetcher_t*))destroy; - + this->timeout = DEFAULT_TIMEOUT; - + return &this->public; } diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c index 994f3db46..a31308bbf 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.c +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c @@ -36,7 +36,7 @@ struct private_ldap_plugin_t { */ static void destroy(private_ldap_plugin_t *this) { - lib->fetcher->remove_fetcher(lib->fetcher, + lib->fetcher->remove_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create); free(this); } @@ -47,14 +47,14 @@ static void destroy(private_ldap_plugin_t *this) plugin_t *plugin_create() { private_ldap_plugin_t *this = malloc_thing(private_ldap_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create, "ldap://"); lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create, "ldaps://"); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 7ca6a20cc..6014ddcf8 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/md4 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_md4_la_LIBADD = am_libstrongswan_md4_la_OBJECTS = md4_plugin.lo md4_hasher.lo @@ -58,6 +82,7 @@ libstrongswan_md4_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -240,9 +269,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,23 +289,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -301,21 +335,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +372,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +380,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +428,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +469,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -447,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -455,18 +501,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -505,6 +561,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c index 3801110dc..366d37328 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.c +++ b/src/libstrongswan/plugins/md4/md4_hasher.c @@ -2,9 +2,9 @@ * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil - * Copyright (C) 1990-1992, RSA Data Security, Inc. Created 1990. + * Copyright (C) 1990-1992, RSA Data Security, Inc. Created 1990. * All rights reserved. - * + * * Derived from the RSA Data Security, Inc. MD4 Message-Digest Algorithm. * Ported to fulfill hasher_t interface. * @@ -83,7 +83,7 @@ struct private_md4_hasher_t { * Public interface for this hasher. */ md4_hasher_t public; - + /* * State of the hasher. */ @@ -101,7 +101,7 @@ static void Encode (u_int8_t *output, u_int32_t *input, size_t len) { size_t i, j; - for (i = 0, j = 0; j < len; i++, j += 4) + for (i = 0, j = 0; j < len; i++, j += 4) { output[j] = (u_int8_t)(input[i] & 0xff); output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff); @@ -119,7 +119,7 @@ static void Decode(u_int32_t *output, u_int8_t *input, size_t len) for (i = 0, j = 0; j < len; i++, j += 4) { - output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | + output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24); } } @@ -220,14 +220,14 @@ static void MD4Update(private_md4_hasher_t *this, u_int8_t *input, size_t inputL partLen = 64 - index; /* Transform as many times as possible. */ - if (inputLen >= partLen) + if (inputLen >= partLen) { memcpy(&this->buffer[index], input, partLen); MD4Transform (this->state, this->buffer); for (i = partLen; i + 63 < inputLen; i += 64) { - MD4Transform (this->state, &input[i]); + MD4Transform (this->state, &input[i]); } index = 0; } @@ -288,7 +288,7 @@ static void get_hash(private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer static void allocate_hash(private_md4_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + MD4Update(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -297,11 +297,11 @@ static void allocate_hash(private_md4_hasher_t *this, chunk_t chunk, chunk_t *ha MD4Final(this, allocated_hash.ptr); this->public.hasher_interface.reset(&(this->public.hasher_interface)); - + *hash = allocated_hash; } } - + /** * Implementation of hasher_t.get_hash_size. */ @@ -337,21 +337,21 @@ static void destroy(private_md4_hasher_t *this) md4_hasher_t *md4_hasher_create(hash_algorithm_t algo) { private_md4_hasher_t *this; - + if (algo != HASH_MD4) { return NULL; } this = malloc_thing(private_md4_hasher_t); - + this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + /* initialize */ reset(this); - + return &(this->public); } diff --git a/src/libstrongswan/plugins/md4/md4_hasher.h b/src/libstrongswan/plugins/md4/md4_hasher.h index b0b8c65d2..aeb68f718 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.h +++ b/src/libstrongswan/plugins/md4/md4_hasher.h @@ -30,7 +30,7 @@ typedef struct md4_hasher_t md4_hasher_t; * Implementation of hasher_t interface using the MD4 algorithm. */ struct md4_hasher_t { - + /** * Generic hasher_t interface for this hasher. */ @@ -39,7 +39,7 @@ struct md4_hasher_t { /** * Creates a new md4_hasher_t. - * + * * @param algo hash algorithm, must be HASH_MD4 * @return md4_hasher_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c index 43ae6261d..ba4041d2d 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.c +++ b/src/libstrongswan/plugins/md4/md4_plugin.c @@ -47,12 +47,12 @@ static void destroy(private_md4_plugin_t *this) plugin_t *plugin_create() { private_md4_plugin_t *this = malloc_thing(private_md4_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_hasher(lib->crypto, HASH_MD4, (hasher_constructor_t)md4_hasher_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index fb9bc4b4d..fcb921316 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/md5 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_md5_la_LIBADD = am_libstrongswan_md5_la_OBJECTS = md5_plugin.lo md5_hasher.lo @@ -58,6 +82,7 @@ libstrongswan_md5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -240,9 +269,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,23 +289,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -301,21 +335,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +372,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +380,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +428,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +469,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -447,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -455,18 +501,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -505,6 +561,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c index 0ec5c073a..a97ad5cae 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.c +++ b/src/libstrongswan/plugins/md5/md5_hasher.c @@ -2,9 +2,9 @@ * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil - * Copyright (C) 1991-1992, RSA Data Security, Inc. Created 1991. + * Copyright (C) 1991-1992, RSA Data Security, Inc. Created 1991. * All rights reserved. - * + * * Derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. * Ported to fulfill hasher_t interface. * @@ -50,7 +50,7 @@ static u_int8_t PADDING[64] = { /* * ugly macro stuff - */ + */ /* F, G, H and I are basic MD5 functions. */ #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) @@ -98,13 +98,13 @@ struct private_md5_hasher_t { * Public interface for this hasher. */ md5_hasher_t public; - + /* * State of the hasher. */ u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + u_int32_t count[2]; + u_int8_t buffer[64]; }; @@ -117,7 +117,7 @@ static void Encode (u_int8_t *output, u_int32_t *input, size_t len) { size_t i, j; - for (i = 0, j = 0; j < len; i++, j += 4) + for (i = 0, j = 0; j < len; i++, j += 4) { output[j] = (u_int8_t)(input[i] & 0xff); output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff); @@ -135,7 +135,7 @@ static void Decode(u_int32_t *output, u_int8_t *input, size_t len) for (i = 0, j = 0; j < len; i++, j += 4) { - output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | + output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24); } } @@ -253,14 +253,14 @@ static void MD5Update(private_md5_hasher_t *this, u_int8_t *input, size_t inputL partLen = 64 - index; /* Transform as many times as possible. */ - if (inputLen >= partLen) + if (inputLen >= partLen) { memcpy(&this->buffer[index], input, partLen); MD5Transform (this->state, this->buffer); for (i = partLen; i + 63 < inputLen; i += 64) { - MD5Transform (this->state, &input[i]); + MD5Transform (this->state, &input[i]); } index = 0; } @@ -321,7 +321,7 @@ static void get_hash(private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + MD5Update(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -330,11 +330,11 @@ static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *ha MD5Final(this, allocated_hash.ptr); this->public.hasher_interface.reset(&(this->public.hasher_interface)); - + *hash = allocated_hash; } } - + /** * Implementation of hasher_t.get_hash_size. */ @@ -370,21 +370,21 @@ static void destroy(private_md5_hasher_t *this) md5_hasher_t *md5_hasher_create(hash_algorithm_t algo) { private_md5_hasher_t *this; - + if (algo != HASH_MD5) { return NULL; } this = malloc_thing(private_md5_hasher_t); - + this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + /* initialize */ reset(this); - + return &(this->public); } diff --git a/src/libstrongswan/plugins/md5/md5_hasher.h b/src/libstrongswan/plugins/md5/md5_hasher.h index 0064c177b..7f29a9621 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.h +++ b/src/libstrongswan/plugins/md5/md5_hasher.h @@ -30,7 +30,7 @@ typedef struct md5_hasher_t md5_hasher_t; * Implementation of hasher_t interface using the MD5 algorithm. */ struct md5_hasher_t { - + /** * Generic hasher_t interface for this hasher. */ @@ -39,7 +39,7 @@ struct md5_hasher_t { /** * Creates a new md5_hasher_t. - * + * * @param algo hash algorithm, must be HASH_MD5 * @return md5_hasher_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c index b1a3b495c..7592c20df 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.c +++ b/src/libstrongswan/plugins/md5/md5_plugin.c @@ -47,12 +47,12 @@ static void destroy(private_md5_plugin_t *this) plugin_t *plugin_create() { private_md5_plugin_t *this = malloc_thing(private_md5_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_hasher(lib->crypto, HASH_MD5, (hasher_constructor_t)md5_hasher_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/mysql/Makefile.am b/src/libstrongswan/plugins/mysql/Makefile.am index 0daf7655b..c64481fd5 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.am +++ b/src/libstrongswan/plugins/mysql/Makefile.am @@ -1,12 +1,12 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic $(MYSQLCFLAG) plugin_LTLIBRARIES = libstrongswan-mysql.la libstrongswan_mysql_la_SOURCES = mysql_plugin.h mysql_plugin.c \ mysql_database.h mysql_database.c libstrongswan_mysql_la_LDFLAGS = -module -avoid-version -libstrongswan_mysql_la_LIBADD = -lmysqlclient_r +libstrongswan_mysql_la_LIBADD = $(MYSQLLIB) diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 21fe61923..dc56940d2 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,21 +37,44 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/mysql DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_mysql_la_DEPENDENCIES = +am__DEPENDENCIES_1 = +libstrongswan_mysql_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_mysql_la_OBJECTS = mysql_plugin.lo mysql_database.lo libstrongswan_mysql_la_OBJECTS = $(am_libstrongswan_mysql_la_OBJECTS) libstrongswan_mysql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -58,6 +83,7 @@ libstrongswan_mysql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,16 +249,17 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic $(MYSQLCFLAG) plugin_LTLIBRARIES = libstrongswan-mysql.la libstrongswan_mysql_la_SOURCES = mysql_plugin.h mysql_plugin.c \ mysql_database.h mysql_database.c libstrongswan_mysql_la_LDFLAGS = -module -avoid-version -libstrongswan_mysql_la_LIBADD = -lmysqlclient_r +libstrongswan_mysql_la_LIBADD = $(MYSQLLIB) all: all-am .SUFFIXES: @@ -243,9 +273,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +293,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -304,21 +339,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -341,7 +376,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -349,29 +384,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -392,13 +432,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -429,6 +473,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -450,6 +495,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -458,18 +505,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -508,6 +565,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 341217dd4..2338428f2 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -15,13 +15,13 @@ #define _GNU_SOURCE #include -#include -#include +#include #include "mysql_database.h" #include -#include +#include +#include #include /* Older mysql.h headers do not define it, but we need it. It is not returned @@ -42,37 +42,37 @@ struct private_mysql_database_t { * public functions */ mysql_database_t public; - + /** * connection pool, contains conn_t */ linked_list_t *pool; - + /** * mutex to lock pool */ mutex_t *mutex; - + /** - * hostname to connect to - */ + * hostname to connect to + */ char *host; - + /** * username to use */ char *username; - + /** * password */ char *password; - + /** * database name */ char *database; - + /** * tcp port */ @@ -85,12 +85,12 @@ typedef struct conn_t conn_t; * connection pool entry */ struct conn_t { - + /** * MySQL database connection */ MYSQL *mysql; - + /** * connection in use? */ @@ -104,19 +104,20 @@ static void conn_release(conn_t *conn) { conn->in_use = FALSE; } + /** * thread specific initialization flag */ -pthread_key_t initialized; +thread_value_t *initialized; /** * Initialize a thread for mysql usage */ static void thread_initialize() { - if (pthread_getspecific(initialized) == NULL) + if (initialized->get(initialized) == NULL) { - pthread_setspecific(initialized, (void*)TRUE); + initialized->set(initialized, (void*)TRUE); mysql_thread_init(); } } @@ -130,11 +131,7 @@ bool mysql_database_init() { return FALSE; } - if (pthread_key_create(&initialized, (void*)mysql_thread_end)) - { - mysql_library_end(); - return FALSE; - } + initialized = thread_value_create((thread_cleanup_t)mysql_thread_end); return TRUE; } @@ -143,7 +140,7 @@ bool mysql_database_init() */ void mysql_database_deinit() { - pthread_key_delete(initialized); + initialized->destroy(initialized); mysql_thread_end(); /* mysql_library_end(); would be the clean way, however, it hangs... */ } @@ -164,9 +161,9 @@ static conn_t *conn_get(private_mysql_database_t *this) { conn_t *current, *found = NULL; enumerator_t *enumerator; - + thread_initialize(); - + while (TRUE) { this->mutex->lock(this->mutex); @@ -231,28 +228,28 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args) { MYSQL_STMT *stmt; int params; - + stmt = mysql_stmt_init(mysql); if (stmt == NULL) { - DBG1("creating MySQL statement failed: %s", mysql_error(mysql)); + DBG1("creating MySQL statement failed: %s", mysql_error(mysql)); return NULL; } if (mysql_stmt_prepare(stmt, sql, strlen(sql))) { - DBG1("preparing MySQL statement failed: %s", mysql_stmt_error(stmt)); - mysql_stmt_close(stmt); - return NULL; + DBG1("preparing MySQL statement failed: %s", mysql_stmt_error(stmt)); + mysql_stmt_close(stmt); + return NULL; } params = mysql_stmt_param_count(stmt); if (params > 0) { int i; MYSQL_BIND *bind; - + bind = alloca(sizeof(MYSQL_BIND) * params); memset(bind, 0, sizeof(MYSQL_BIND) * params); - + for (i = 0; i < params; i++) { switch (va_arg(*args, db_type_t)) @@ -285,7 +282,7 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args) break; } case DB_BLOB: - { + { chunk_t chunk = va_arg(*args, chunk_t); bind[i].buffer_type = MYSQL_TYPE_BLOB; bind[i].buffer = chunk.ptr; @@ -300,28 +297,28 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args) bind[i].buffer_length = sizeof(double); break; } - case DB_NULL: + case DB_NULL: { bind[i].buffer_type = MYSQL_TYPE_NULL; break; } default: - DBG1("invalid data type supplied"); - mysql_stmt_close(stmt); - return NULL; + DBG1("invalid data type supplied"); + mysql_stmt_close(stmt); + return NULL; } } if (mysql_stmt_bind_param(stmt, bind)) { - DBG1("binding MySQL param failed: %s", mysql_stmt_error(stmt)); - mysql_stmt_close(stmt); + DBG1("binding MySQL param failed: %s", mysql_stmt_error(stmt)); + mysql_stmt_close(stmt); return NULL; } } if (mysql_stmt_execute(stmt)) { - DBG1("executing MySQL statement failed: %s", mysql_stmt_error(stmt)); - mysql_stmt_close(stmt); + DBG1("executing MySQL statement failed: %s", mysql_stmt_error(stmt)); + mysql_stmt_close(stmt); return NULL; } return stmt; @@ -353,9 +350,9 @@ typedef struct { static void mysql_enumerator_destroy(mysql_enumerator_t *this) { int columns, i; - + columns = mysql_stmt_field_count(this->stmt); - + for (i = 0; i < columns; i++) { switch (this->bind[i].buffer_type) @@ -385,9 +382,9 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) { int i, columns; va_list args; - + columns = mysql_stmt_field_count(this->stmt); - + /* free/reset data set of previous call */ for (i = 0; i < columns; i++) { @@ -419,7 +416,7 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) DBG1("fetching MySQL row failed: %s", mysql_stmt_error(this->stmt)); return FALSE; } - + va_start(args, this); for (i = 0; i < columns; i++) { @@ -445,9 +442,9 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) this->bind[i].buffer = malloc(this->length[i]+1); this->bind[i].buffer_length = this->length[i]; *value = this->bind[i].buffer; - mysql_stmt_fetch_column(this->stmt, &this->bind[i], i, 0); - ((char*)this->bind[i].buffer)[this->length[i]] = '\0'; - break; + mysql_stmt_fetch_column(this->stmt, &this->bind[i], i, 0); + ((char*)this->bind[i].buffer)[this->length[i]] = '\0'; + break; } case MYSQL_TYPE_BLOB: { @@ -456,8 +453,8 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) this->bind[i].buffer_length = this->length[i]; value->ptr = this->bind[i].buffer; value->len = this->length[i]; - mysql_stmt_fetch_column(this->stmt, &this->bind[i], i, 0); - break; + mysql_stmt_fetch_column(this->stmt, &this->bind[i], i, 0); + break; } case MYSQL_TYPE_DOUBLE: { @@ -481,7 +478,7 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) va_list args; mysql_enumerator_t *enumerator = NULL; conn_t *conn; - + conn = conn_get(this); if (!conn) { @@ -493,7 +490,7 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) if (stmt) { int columns, i; - + enumerator = malloc_thing(mysql_enumerator_t); enumerator->public.enumerate = (void*)mysql_enumerator_enumerate; enumerator->public.destroy = (void*)mysql_enumerator_destroy; @@ -527,7 +524,7 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) break; } case DB_BLOB: - { + { enumerator->bind[i].buffer_type = MYSQL_TYPE_BLOB; enumerator->bind[i].length = &enumerator->length[i]; break; @@ -539,17 +536,17 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) break; } default: - DBG1("invalid result data type supplied"); - mysql_enumerator_destroy(enumerator); - va_end(args); - return NULL; + DBG1("invalid result data type supplied"); + mysql_enumerator_destroy(enumerator); + va_end(args); + return NULL; } } if (mysql_stmt_bind_result(stmt, enumerator->bind)) { DBG1("binding MySQL result failed: %s", mysql_stmt_error(stmt)); - mysql_enumerator_destroy(enumerator); - enumerator = NULL; + mysql_enumerator_destroy(enumerator); + enumerator = NULL; } } else @@ -569,7 +566,7 @@ static int execute(private_mysql_database_t *this, int *rowid, char *sql, ...) va_list args; conn_t *conn; int affected = -1; - + conn = conn_get(this); if (!conn) { @@ -590,7 +587,7 @@ static int execute(private_mysql_database_t *this, int *rowid, char *sql, ...) conn_release(conn); return affected; } - + /** * Implementation of database_t.get_driver */ @@ -646,7 +643,7 @@ static bool parse_uri(private_mysql_database_t *this, char *uri) { *pos = '\0'; database = pos + 1; - + this->host = strdup(host); this->username = strdup(username); this->password = strdup(password); @@ -668,19 +665,19 @@ mysql_database_t *mysql_database_create(char *uri) { conn_t *conn; private_mysql_database_t *this; - + if (!strneq(uri, "mysql://", 8)) { return NULL; } this = malloc_thing(private_mysql_database_t); - + this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; this->public.db.destroy = (void(*)(database_t*))destroy; - + if (!parse_uri(this, uri)) { free(this); @@ -688,13 +685,13 @@ mysql_database_t *mysql_database_create(char *uri) } this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); this->pool = linked_list_create(); - + /* check connectivity */ conn = conn_get(this); if (!conn) { - destroy(this); - return NULL; + destroy(this); + return NULL; } conn_release(conn); return &this->public; diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c index 92914ae6d..0e64bbc3d 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.c +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c @@ -49,16 +49,16 @@ static void destroy(private_mysql_plugin_t *this) plugin_t *plugin_create() { private_mysql_plugin_t *this; - + if (!mysql_database_init()) { DBG1("MySQL client library initialization failed"); return NULL; } - + this = malloc_thing(private_mysql_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->db->add_database(lib->db, (database_constructor_t)mysql_database_create); diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index e6d7b479b..aa8ecf06c 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/openssl DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_openssl_la_DEPENDENCIES = am_libstrongswan_openssl_la_OBJECTS = openssl_plugin.lo \ @@ -63,6 +87,7 @@ libstrongswan_openssl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -110,25 +135,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -140,11 +162,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -173,9 +198,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -198,7 +223,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -206,6 +231,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -214,10 +240,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -225,6 +253,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -256,9 +285,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -276,23 +305,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -325,21 +359,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -362,7 +396,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -370,29 +404,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -413,13 +452,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -450,6 +493,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -471,6 +515,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -479,18 +525,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -529,6 +585,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index 424fec60a..a8923ab56 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -23,17 +23,17 @@ typedef struct private_openssl_crypter_t private_openssl_crypter_t; * Private data of openssl_crypter_t */ struct private_openssl_crypter_t { - + /** * Public part of this class. */ openssl_crypter_t public; - + /* * the key */ chunk_t key; - + /* * the cipher to use */ @@ -49,17 +49,17 @@ typedef struct { * Identifier specified in IKEv2 */ int ikev2_id; - + /** * Name of the algorithm, as used in OpenSSL */ char *name; - + /** * Minimum valid key length in bytes */ size_t key_size_min; - + /** * Maximum valid key length in bytes */ @@ -91,7 +91,7 @@ static openssl_algorithm_t encryption_algs[] = { /** * Look up an OpenSSL algorithm name and validate its key size */ -static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, +static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, u_int16_t ikev2_algo, size_t *key_size) { while (openssl_algo->ikev2_id != END_OF_LIST) @@ -104,7 +104,7 @@ static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, { *key_size = openssl_algo->key_size_min; } - + /* validate key size */ if (*key_size < openssl_algo->key_size_min || *key_size > openssl_algo->key_size_max) @@ -123,7 +123,7 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data, { int len; u_char *out; - + out = data.ptr; if (dst) { @@ -144,7 +144,7 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data, /** * Implementation of crypter_t.decrypt. */ -static void decrypt(private_openssl_crypter_t *this, chunk_t data, +static void decrypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, data, iv, dst, 0); @@ -154,7 +154,7 @@ static void decrypt(private_openssl_crypter_t *this, chunk_t data, /** * Implementation of crypter_t.encrypt. */ -static void encrypt (private_openssl_crypter_t *this, chunk_t data, +static void encrypt (private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, data, iv, dst, 1); @@ -196,13 +196,13 @@ static void destroy (private_openssl_crypter_t *this) /* * Described in header */ -openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, +openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, size_t key_size) { private_openssl_crypter_t *this; - + this = malloc_thing(private_openssl_crypter_t); - + switch (algo) { case ENCR_NULL: @@ -218,7 +218,7 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, this->cipher = EVP_get_cipherbyname("aes192"); break; case 32: /* AES-256 */ - this->cipher = EVP_get_cipherbyname("aes256"); + this->cipher = EVP_get_cipherbyname("aes256"); break; default: free(this); @@ -235,7 +235,7 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, this->cipher = EVP_get_cipherbyname("camellia192"); break; case 32: /* CAMELLIA 256 */ - this->cipher = EVP_get_cipherbyname("camellia256"); + this->cipher = EVP_get_cipherbyname("camellia256"); break; default: free(this); @@ -258,22 +258,22 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, break; } } - + if (!this->cipher) { /* OpenSSL does not support the requested algo */ free(this); return NULL; } - + this->key = chunk_alloc(key_size); - + this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h index e5a899418..7e30ae03c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.h +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h @@ -29,7 +29,7 @@ typedef struct openssl_crypter_t openssl_crypter_t; * Implementation of crypters using OpenSSL. */ struct openssl_crypter_t { - + /** * The crypter_t interface. */ @@ -38,7 +38,7 @@ struct openssl_crypter_t { /** * Constructor to create openssl_crypter_t. - * + * * @param algo algorithm to implement * @param key_size key size in bytes * @return openssl_crypter_t, NULL if not supported diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index fe042efdc..80a1ee878 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -22,7 +22,7 @@ typedef struct modulus_entry_t modulus_entry_t; -/** +/** * Entry of the modulus list. */ struct modulus_entry_t { @@ -30,20 +30,20 @@ struct modulus_entry_t { * Group number as it is defined in file transform_substructure.h. */ diffie_hellman_group_t group; - + /** * Pointer to the function to get the modulus. */ BIGNUM *(*get_prime)(BIGNUM *bn); - - /* + + /* * Optimum length of exponent in bits. - */ + */ long opt_exponent_len; - - /* + + /* * Generator value. - */ + */ u_int16_t generator; }; @@ -71,27 +71,27 @@ struct private_openssl_diffie_hellman_t { * Public openssl_diffie_hellman_t interface. */ openssl_diffie_hellman_t public; - + /** * Diffie Hellman group number. */ u_int16_t group; - + /** * Diffie Hellman object */ DH *dh; - + /** * Other public value */ BIGNUM *pub_key; - + /** * Shared secret */ chunk_t shared_secret; - + /** * True if shared secret is computed */ @@ -123,7 +123,7 @@ static status_t get_shared_secret(private_openssl_diffie_hellman_t *this, /* shared secret should requires a len according the DH group */ *secret = chunk_alloc(DH_size(this->dh)); memset(secret->ptr, 0, secret->len); - memcpy(secret->ptr + secret->len - this->shared_secret.len, + memcpy(secret->ptr + secret->len - this->shared_secret.len, this->shared_secret.ptr, this->shared_secret.len); return SUCCESS; @@ -137,7 +137,7 @@ static void set_other_public_value(private_openssl_diffie_hellman_t *this, chunk_t value) { int len; - + BN_bin2bn(value.ptr, value.len, this->pub_key); chunk_clear(&this->shared_secret); this->shared_secret.ptr = malloc(DH_size(this->dh)); @@ -167,10 +167,10 @@ static status_t set_modulus(private_openssl_diffie_hellman_t *this) { int i; bool ansi_x9_42; - + ansi_x9_42 = lib->settings->get_bool(lib->settings, "libstrongswan.dh_exponent_ansi_x9_42", TRUE); - + for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++) { if (modulus_entries[i].group == this->group) @@ -205,32 +205,32 @@ static void destroy(private_openssl_diffie_hellman_t *this) openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group) { private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t); - + this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; - + this->dh = DH_new(); if (!this->dh) { free(this); return NULL; } - + this->group = group; this->computed = FALSE; this->pub_key = BN_new(); this->shared_secret = chunk_empty; - + /* find a modulus according to group */ if (set_modulus(this) != SUCCESS) { destroy(this); return NULL; } - + /* generate my public and private values */ if (!DH_generate_key(this->dh)) { @@ -238,6 +238,6 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g return NULL; } DBG2("size of DH secret exponent: %d bits", BN_num_bits(this->dh->priv_key)); - + return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h index bdc153812..6c4b4fe81 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h @@ -29,7 +29,7 @@ typedef struct openssl_diffie_hellman_t openssl_diffie_hellman_t; * Implementation of the Diffie-Hellman algorithm using OpenSSL. */ struct openssl_diffie_hellman_t { - + /** * Implements diffie_hellman_t interface. */ @@ -38,7 +38,7 @@ struct openssl_diffie_hellman_t { /** * Creates a new openssl_diffie_hellman_t object. - * + * * @param group Diffie Hellman group number to use * @return openssl_diffie_hellman_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 082aed9ca..671fa41e2 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -31,27 +31,27 @@ struct private_openssl_ec_diffie_hellman_t { * Public openssl_ec_diffie_hellman_t interface. */ openssl_ec_diffie_hellman_t public; - + /** * Diffie Hellman group number. */ u_int16_t group; - + /** * EC private (public) key */ EC_KEY *key; - + /** * EC group */ const EC_GROUP *ec_group; - + /** * Other public key */ EC_POINT *pub_key; - + /** * Shared secret */ @@ -72,13 +72,13 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point) BN_CTX *ctx; BIGNUM *x, *y; bool ret = FALSE; - + ctx = BN_CTX_new(); if (!ctx) { return FALSE; } - + BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); @@ -86,17 +86,17 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point) { goto error; } - + if (!openssl_bn_split(chunk, x, y)) { goto error; } - + if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) { goto error; } - + ret = TRUE; error: BN_CTX_end(ctx); @@ -114,13 +114,13 @@ static bool ecp2chunk(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx; BIGNUM *x, *y; bool ret = FALSE; - + ctx = BN_CTX_new(); if (!ctx) { return FALSE; } - + BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); @@ -128,12 +128,12 @@ static bool ecp2chunk(const EC_GROUP *group, const EC_POINT *point, { goto error; } - + if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) { goto error; } - + if (x_coordinate_only) { y = NULL; @@ -142,7 +142,7 @@ static bool ecp2chunk(const EC_GROUP *group, const EC_POINT *point, { goto error; } - + ret = TRUE; error: BN_CTX_end(ctx); @@ -152,7 +152,7 @@ error: /** * Compute the shared secret. - * + * * We cannot use the function ECDH_compute_key() because that returns only the * x coordinate of the shared secret point (which is defined, for instance, in * 'NIST SP 800-56A'). @@ -166,13 +166,13 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_ const BIGNUM *priv_key; EC_POINT *secret = NULL; bool x_coordinate_only, ret = FALSE; - + priv_key = EC_KEY_get0_private_key(this->key); if (!priv_key) { goto error; } - + secret = EC_POINT_new(this->ec_group); if (!secret) { @@ -183,7 +183,7 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_ { goto error; } - + /* * The default setting ecp_x_coordinate_only = TRUE * applies the following errata for RFC 4753: @@ -195,7 +195,7 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_ { goto error; } - + ret = TRUE; error: if (secret) @@ -215,14 +215,14 @@ static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, ch DBG1("ECDH public value is malformed"); return; } - + chunk_free(&this->shared_secret); - + if (!compute_shared_key(this, &this->shared_secret)) { DBG1("ECDH shared secret computation failed"); return; } - + this->computed = TRUE; } @@ -272,13 +272,13 @@ static void destroy(private_openssl_ec_diffie_hellman_t *this) openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group) { private_openssl_ec_diffie_hellman_t *this = malloc_thing(private_openssl_ec_diffie_hellman_t); - + this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; - + switch (group) { case ECP_192_BIT: @@ -300,34 +300,34 @@ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_gro this->key = NULL; break; } - + if (!this->key) { free(this); return NULL; } - + /* caching the EC group */ this->ec_group = EC_KEY_get0_group(this->key); - + this->pub_key = EC_POINT_new(this->ec_group); if (!this->pub_key) { free(this); return NULL; } - + /* generate an EC private (public) key */ if (!EC_KEY_generate_key(this->key)) { free(this); return NULL; } - + this->group = group; this->computed = FALSE; - + this->shared_secret = chunk_empty; - + return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h index 9d17aed57..fd60732b9 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h @@ -29,7 +29,7 @@ typedef struct openssl_ec_diffie_hellman_t openssl_ec_diffie_hellman_t; * Implementation of the EC Diffie-Hellman algorithm using OpenSSL. */ struct openssl_ec_diffie_hellman_t { - + /** * Implements diffie_hellman_t interface. */ @@ -38,7 +38,7 @@ struct openssl_ec_diffie_hellman_t { /** * Creates a new openssl_ec_diffie_hellman_t object. - * + * * @param group EC Diffie Hellman group number to use * @return openssl_ec_diffie_hellman_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index d6b442ae9..89ced5a9a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -21,6 +22,7 @@ #include #include +#include typedef struct private_openssl_ec_private_key_t private_openssl_ec_private_key_t; @@ -32,175 +34,138 @@ struct private_openssl_ec_private_key_t { * Public interface for this signer. */ openssl_ec_private_key_t public; - + /** * EC key object */ EC_KEY *ec; - /** - * Keyid formed as a SHA-1 hash of a privateKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a privateKeyInfo object - */ - identification_t* keyid_info; - /** * reference count */ - refcount_t ref; + refcount_t ref; }; -/** - * Mapping from the signature scheme defined in (RFC 4754) to the elliptic - * curve and the hash algorithm - */ -typedef struct { - /** - * Scheme specified in RFC 4754 - */ - int scheme; - - /** - * NID of the hash - */ - int hash; - - /** - * NID of the curve - */ - int curve; -} openssl_ecdsa_scheme_t; - -#define END_OF_LIST -1 +/* from ec public key */ +bool openssl_ec_fingerprint(EC_KEY *ec, key_encoding_type_t type, chunk_t *fp); /** - * Signature schemes + * Build a signature as in RFC 4754 */ -static openssl_ecdsa_scheme_t ecdsa_schemes[] = { - {SIGN_ECDSA_256, NID_sha256, NID_X9_62_prime256v1}, - {SIGN_ECDSA_384, NID_sha384, NID_secp384r1}, - {SIGN_ECDSA_521, NID_sha512, NID_secp521r1}, - {END_OF_LIST, 0, 0}, -}; - -/** - * Look up the hash and curve of a signature scheme - */ -static bool lookup_scheme(int scheme, int *hash, int *curve) +static bool build_signature(private_openssl_ec_private_key_t *this, + chunk_t hash, chunk_t *signature) { - openssl_ecdsa_scheme_t *ecdsa_scheme = ecdsa_schemes; - while (ecdsa_scheme->scheme != END_OF_LIST) + bool built = FALSE; + ECDSA_SIG *sig; + + sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec); + if (sig) { - if (scheme == ecdsa_scheme->scheme) - { - *hash = ecdsa_scheme->hash; - *curve = ecdsa_scheme->curve; - return TRUE; - } - ecdsa_scheme++; + /* concatenate BNs r/s to a signature chunk */ + built = openssl_bn_cat(EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)), + sig->r, sig->s, signature); + ECDSA_SIG_free(sig); } - return FALSE; -} - -/** - * shared functions, implemented in openssl_ec_public_key.c - */ -bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid, - identification_t **keyid_info); - -openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec); - - -/** - * Convert an ECDSA_SIG to a chunk by concatenating r and s. - * This function allocates memory for the chunk. - */ -static bool sig2chunk(const EC_GROUP *group, ECDSA_SIG *sig, chunk_t *chunk) -{ - return openssl_bn_cat(EC_FIELD_ELEMENT_LEN(group), sig->r, sig->s, chunk); + return built; } /** - * Build the signature + * Build a RFC 4754 signature for a specified curve and hash algorithm */ -static bool build_signature(private_openssl_ec_private_key_t *this, - chunk_t hash, chunk_t *signature) +static bool build_curve_signature(private_openssl_ec_private_key_t *this, + signature_scheme_t scheme, int nid_hash, + int nid_curve, chunk_t data, chunk_t *signature) { - ECDSA_SIG *sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec); - bool success; + const EC_GROUP *my_group; + EC_GROUP *req_group; + chunk_t hash; + bool built; - if (!sig) + req_group = EC_GROUP_new_by_curve_name(nid_curve); + if (!req_group) + { + DBG1("signature scheme %N not supported in EC (required curve " + "not supported)", signature_scheme_names, scheme); + return FALSE; + } + my_group = EC_KEY_get0_group(this->ec); + if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) + { + DBG1("signature scheme %N not supported by private key", + signature_scheme_names, scheme); + return FALSE; + } + EC_GROUP_free(req_group); + if (!openssl_hash_chunk(nid_hash, data, &hash)) { return FALSE; } - success = sig2chunk(EC_KEY_get0_group(this->ec), sig, signature); - ECDSA_SIG_free(sig); - return success; + built = build_signature(this, hash, signature); + chunk_free(&hash); + return built; } /** - * Implementation of private_key_t.get_type. + * Build a DER encoded signature as in RFC 3279 */ -static key_type_t get_type(private_openssl_ec_private_key_t *this) +static bool build_der_signature(private_openssl_ec_private_key_t *this, + int hash_nid, chunk_t data, chunk_t *signature) { - return KEY_ECDSA; + chunk_t hash, sig; + int siglen = 0; + bool built; + + if (!openssl_hash_chunk(hash_nid, data, &hash)) + { + return FALSE; + } + sig = chunk_alloc(ECDSA_size(this->ec)); + built = ECDSA_sign(0, hash.ptr, hash.len, sig.ptr, &siglen, this->ec) == 1; + sig.len = siglen; + if (built) + { + *signature = sig; + } + else + { + free(sig.ptr); + } + free(hash.ptr); + return built; } /** * Implementation of private_key_t.sign. */ -static bool sign(private_openssl_ec_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) +static bool sign(private_openssl_ec_private_key_t *this, + signature_scheme_t scheme, chunk_t data, chunk_t *signature) { - bool success; - - if (scheme == SIGN_ECDSA_WITH_NULL) + switch (scheme) { - success = build_signature(this, data, signature); - } - else - { - EC_GROUP *req_group; - const EC_GROUP *my_group; - chunk_t hash = chunk_empty; - int hash_type, curve; - - if (!lookup_scheme(scheme, &hash_type, &curve)) - { - DBG1("signature scheme %N not supported in EC", - signature_scheme_names, scheme); - return FALSE; - } - - req_group = EC_GROUP_new_by_curve_name(curve); - if (!req_group) - { - DBG1("signature scheme %N not supported in EC (required curve not supported)", - signature_scheme_names, scheme); - return FALSE; - } - - my_group = EC_KEY_get0_group(this->ec); - if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) - { - DBG1("signature scheme %N not supported by private key", - signature_scheme_names, scheme); - return FALSE; - } - EC_GROUP_free(req_group); - - if (!openssl_hash_chunk(hash_type, data, &hash)) - { + case SIGN_ECDSA_WITH_NULL: + return build_signature(this, data, signature); + case SIGN_ECDSA_WITH_SHA1_DER: + return build_der_signature(this, NID_sha1, data, signature); + case SIGN_ECDSA_WITH_SHA256_DER: + return build_der_signature(this, NID_sha256, data, signature); + case SIGN_ECDSA_WITH_SHA384_DER: + return build_der_signature(this, NID_sha384, data, signature); + case SIGN_ECDSA_WITH_SHA512_DER: + return build_der_signature(this, NID_sha512, data, signature); + case SIGN_ECDSA_256: + return build_curve_signature(this, scheme, NID_sha256, + NID_X9_62_prime256v1, data, signature); + case SIGN_ECDSA_384: + return build_curve_signature(this, scheme, NID_sha384, + NID_secp384r1, data, signature); + case SIGN_ECDSA_521: + return build_curve_signature(this, scheme, NID_sha512, + NID_secp521r1, data, signature); + default: + DBG1("signature scheme %N not supported", + signature_scheme_names, scheme); return FALSE; - } - success = build_signature(this, hash, signature); - chunk_free(&hash); - } - return success; + } } /** @@ -222,73 +187,70 @@ static size_t get_keysize(private_openssl_ec_private_key_t *this) } /** - * Implementation of private_key_t.get_id. + * Implementation of private_key_t.get_type. */ -static identification_t* get_id(private_openssl_ec_private_key_t *this, - id_type_t type) +static key_type_t get_type(private_openssl_ec_private_key_t *this) { - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } + return KEY_ECDSA; } /** * Implementation of private_key_t.get_public_key. */ -static openssl_ec_public_key_t* get_public_key(private_openssl_ec_private_key_t *this) +static public_key_t* get_public_key(private_openssl_ec_private_key_t *this) { - return openssl_ec_public_key_create_from_private_key(this->ec); + public_key_t *public; + chunk_t key; + u_char *p; + + key = chunk_alloc(i2d_EC_PUBKEY(this->ec, NULL)); + p = key.ptr; + i2d_EC_PUBKEY(this->ec, &p); + + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, + BUILD_BLOB_ASN1_DER, key, BUILD_END); + free(key.ptr); + return public; } /** - * Implementation of private_key_t.belongs_to. + * Implementation of private_key_t.get_fingerprint. */ -static bool belongs_to(private_openssl_ec_private_key_t *this, public_key_t *public) +static bool get_fingerprint(private_openssl_ec_private_key_t *this, + key_encoding_type_t type, chunk_t *fingerprint) { - identification_t *keyid; - - if (public->get_type(public) != KEY_ECDSA) - { - return FALSE; - } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return openssl_ec_fingerprint(this->ec, type, fingerprint); } /** * Implementation of private_key_t.get_encoding. */ -static chunk_t get_encoding(private_openssl_ec_private_key_t *this) +static bool get_encoding(private_openssl_ec_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - chunk_t enc = chunk_alloc(i2d_ECPrivateKey(this->ec, NULL)); - u_char *p = enc.ptr; - i2d_ECPrivateKey(this->ec, &p); - return enc; + u_char *p; + + switch (type) + { + case KEY_PRIV_ASN1_DER: + { + *encoding = chunk_alloc(i2d_ECPrivateKey(this->ec, NULL)); + p = encoding->ptr; + i2d_ECPrivateKey(this->ec, &p); + return TRUE; + } + default: + return FALSE; + } } /** * Implementation of private_key_t.get_ref. */ -static private_openssl_ec_private_key_t* get_ref(private_openssl_ec_private_key_t *this) +static private_key_t* get_ref(private_openssl_ec_private_key_t *this) { ref_get(&this->ref); - return this; - + return &this->public.interface; } /** @@ -300,10 +262,9 @@ static void destroy(private_openssl_ec_private_key_t *this) { if (this->ec) { + lib->encoding->clear_cache(lib->encoding, this->ec); EC_KEY_free(this->ec); } - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); free(this); } } @@ -311,133 +272,121 @@ static void destroy(private_openssl_ec_private_key_t *this) /** * Internal generic constructor */ -static private_openssl_ec_private_key_t *openssl_ec_private_key_create_empty(void) +static private_openssl_ec_private_key_t *create_empty(void) { private_openssl_ec_private_key_t *this = malloc_thing(private_openssl_ec_private_key_t); - + this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to; - this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding; + this->public.interface.equals = private_key_equals; + this->public.interface.belongs_to = private_key_belongs_to; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; this->public.interface.destroy = (void (*)(private_key_t *this))destroy; - + this->ec = NULL; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - + return this; } /** - * load private key from an ASN1 encoded blob + * See header. */ -static openssl_ec_private_key_t *load(chunk_t blob) +openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type, + va_list args) { - u_char *p = blob.ptr; - private_openssl_ec_private_key_t *this = openssl_ec_private_key_create_empty(); - - this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&p, blob.len); - - chunk_clear(&blob); + private_openssl_ec_private_key_t *this; + u_int key_size = 0; - if (!this->ec) + while (TRUE) { - destroy(this); - return NULL; + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; } - - if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info)) + if (!key_size) { - destroy(this); return NULL; } - - if (!EC_KEY_check_key(this->ec)) + this = create_empty(); + switch (key_size) + { + case 256: + this->ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + break; + case 384: + this->ec = EC_KEY_new_by_curve_name(NID_secp384r1); + break; + case 521: + this->ec = EC_KEY_new_by_curve_name(NID_secp521r1); + break; + default: + DBG1("EC private key size %d not supported", key_size); + destroy(this); + return NULL; + } + if (EC_KEY_generate_key(this->ec) != 1) { + DBG1("EC private key generation failed", key_size); destroy(this); return NULL; } - + /* encode as a named curve key (no parameters), uncompressed public key */ + EC_KEY_set_asn1_flag(this->ec, OPENSSL_EC_NAMED_CURVE); + EC_KEY_set_conv_form(this->ec, POINT_CONVERSION_UNCOMPRESSED); return &this->public; } -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded/generated private key */ - openssl_ec_private_key_t *key; -}; - /** - * Implementation of builder_t.build + * See header. */ -static openssl_ec_private_key_t *build(private_builder_t *this) +openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, + va_list args) { - openssl_ec_private_key_t *key = this->key; - - free(this); - return key; -} + private_openssl_ec_private_key_t *this; + chunk_t blob = chunk_empty; -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) + while (TRUE) { - va_list args; - chunk_t chunk; - - switch (part) + switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load(chunk_clone(chunk)); - va_end(args); - return; - } - default: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->key) + + this = create_empty(); + this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len); + if (!this->ec) { - destroy((private_openssl_ec_private_key_t*)this->key); + destroy(this); + return NULL; } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *openssl_ec_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_ECDSA) + if (!EC_KEY_check_key(this->ec)) { + destroy(this); return NULL; } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h index 6a6f7c867..720c63f90 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h @@ -21,6 +21,7 @@ #ifndef OPENSSL_EC_PRIVATE_KEY_H_ #define OPENSSL_EC_PRIVATE_KEY_H_ +#include #include typedef struct openssl_ec_private_key_t openssl_ec_private_key_t; @@ -37,11 +38,27 @@ struct openssl_ec_private_key_t { }; /** - * Create the builder for a private key. + * Generate a ECDSA private key using OpenSSL. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_ECDSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type, + va_list args); + +/** + * Load a ECDSA private key using OpenSSL. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. * * @param type type of the key, must be KEY_ECDSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *openssl_ec_private_key_builder(key_type_t type); +openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, + va_list args); #endif /** OPENSSL_EC_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index 635a106dd..f37c736b1 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -32,122 +33,96 @@ struct private_openssl_ec_public_key_t { * Public interface for this signer. */ openssl_ec_public_key_t public; - + /** * EC key object */ EC_KEY *ec; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t *keyid_info; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t *keyid; - + /** * reference counter */ refcount_t ref; }; -/** - * Convert a chunk to an ECDSA_SIG (which must already exist). r and s - * of the signature have to be concatenated in the chunk. - */ -static bool chunk2sig(const EC_GROUP *group, chunk_t chunk, ECDSA_SIG *sig) -{ - return openssl_bn_split(chunk, sig->r, sig->s); -} - /** * Verification of a signature as in RFC 4754 */ static bool verify_signature(private_openssl_ec_public_key_t *this, - int hash_type, chunk_t data, chunk_t signature) + chunk_t hash, chunk_t signature) { - chunk_t hash = chunk_empty; - ECDSA_SIG *sig; bool valid = FALSE; - - if (hash_type == NID_undef) - { - hash = data; - } - else + ECDSA_SIG *sig; + + sig = ECDSA_SIG_new(); + if (sig) { - if (!openssl_hash_chunk(hash_type, data, &hash)) + /* split the signature chunk in r and s */ + if (openssl_bn_split(signature, sig->r, sig->s)) { - return FALSE; + valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); } + ECDSA_SIG_free(sig); } - - sig = ECDSA_SIG_new(); - if (!sig) - { - goto error; - } - - if (!chunk2sig(EC_KEY_get0_group(this->ec), signature, sig)) + return valid; +} + +/** + * Verify a RFC 4754 signature for a specified curve and hash algorithm + */ +static bool verify_curve_signature(private_openssl_ec_public_key_t *this, + signature_scheme_t scheme, int nid_hash, + int nid_curve, chunk_t data, chunk_t signature) +{ + const EC_GROUP *my_group; + EC_GROUP *req_group; + chunk_t hash; + bool valid; + + req_group = EC_GROUP_new_by_curve_name(nid_curve); + if (!req_group) { - goto error; + DBG1("signature scheme %N not supported in EC (required curve " + "not supported)", signature_scheme_names, scheme); + return FALSE; } - valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); - -error: - if (sig) + my_group = EC_KEY_get0_group(this->ec); + if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) { - ECDSA_SIG_free(sig); + DBG1("signature scheme %N not supported by private key", + signature_scheme_names, scheme); + return FALSE; } - if (hash_type != NID_undef) + EC_GROUP_free(req_group); + if (!openssl_hash_chunk(nid_hash, data, &hash)) { - chunk_free(&hash); + return FALSE; } + valid = verify_signature(this, hash, signature); + chunk_free(&hash); return valid; } - /** - * Verification of the default signature using SHA-1 + * Verification of a DER encoded signature as in RFC 3279 */ -static bool verify_default_signature(private_openssl_ec_public_key_t *this, - chunk_t data, chunk_t signature) +static bool verify_der_signature(private_openssl_ec_public_key_t *this, + int nid_hash, chunk_t data, chunk_t signature) { + chunk_t hash; bool valid = FALSE; - chunk_t hash = chunk_empty; - u_char *p; - ECDSA_SIG *sig; - + /* remove any preceding 0-bytes from signature */ - while (signature.len && *(signature.ptr) == 0x00) - { - signature.len -= 1; - signature.ptr++; - } - - p = signature.ptr; - sig = d2i_ECDSA_SIG(NULL, (const u_char**)&p, signature.len); - if (!sig) - { - return FALSE; - } - - if (!openssl_hash_chunk(NID_sha1, data, &hash)) + while (signature.len && signature.ptr[0] == 0x00) { - goto error; + signature = chunk_skip(signature, 1); } - - valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); - -error: - if (sig) + if (openssl_hash_chunk(nid_hash, data, &hash)) { - ECDSA_SIG_free(sig); + valid = ECDSA_verify(0, hash.ptr, hash.len, + signature.ptr, signature.len, this->ec); + free(hash.ptr); } - chunk_free(&hash); return valid; } @@ -162,21 +137,30 @@ static key_type_t get_type(private_openssl_ec_public_key_t *this) /** * Implementation of public_key_t.verify. */ -static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t signature) +static bool verify(private_openssl_ec_public_key_t *this, + signature_scheme_t scheme, chunk_t data, chunk_t signature) { switch (scheme) { + case SIGN_ECDSA_WITH_SHA1_DER: + return verify_der_signature(this, NID_sha1, data, signature); + case SIGN_ECDSA_WITH_SHA256_DER: + return verify_der_signature(this, NID_sha256, data, signature); + case SIGN_ECDSA_WITH_SHA384_DER: + return verify_der_signature(this, NID_sha384, data, signature); + case SIGN_ECDSA_WITH_SHA512_DER: + return verify_der_signature(this, NID_sha512, data, signature); case SIGN_ECDSA_WITH_NULL: - return verify_signature(this, NID_undef, data, signature); - case SIGN_ECDSA_WITH_SHA1: - return verify_default_signature(this, data, signature); + return verify_signature(this, data, signature); case SIGN_ECDSA_256: - return verify_signature(this, NID_sha256, data, signature); + return verify_curve_signature(this, scheme, NID_sha256, + NID_X9_62_prime256v1, data, signature); case SIGN_ECDSA_384: - return verify_signature(this, NID_sha384, data, signature); + return verify_curve_signature(this, scheme, NID_sha384, + NID_secp384r1, data, signature); case SIGN_ECDSA_521: - return verify_signature(this, NID_sha512, data, signature); + return verify_curve_signature(this, scheme, NID_sha512, + NID_secp521r1, data, signature); default: DBG1("signature scheme %N not supported in EC", signature_scheme_names, scheme); @@ -187,7 +171,8 @@ static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t sch /** * Implementation of public_key_t.get_keysize. */ -static bool encrypt_(private_openssl_ec_public_key_t *this, chunk_t crypto, chunk_t *plain) +static bool encrypt_(private_openssl_ec_public_key_t *this, + chunk_t crypto, chunk_t *plain) { DBG1("EC public key encryption not implemented"); return FALSE; @@ -202,64 +187,85 @@ static size_t get_keysize(private_openssl_ec_public_key_t *this) } /** - * Implementation of public_key_t.get_id. + * Calculate fingerprint from a EC_KEY, also used in ec private key. */ -static identification_t *get_id(private_openssl_ec_public_key_t *this, - id_type_t type) +bool openssl_ec_fingerprint(EC_KEY *ec, key_encoding_type_t type, chunk_t *fp) { + hasher_t *hasher; + chunk_t key; + u_char *p; + + if (lib->encoding->get_cache(lib->encoding, type, ec, fp)) + { + return TRUE; + } switch (type) { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; + case KEY_ID_PUBKEY_SHA1: + key = chunk_alloc(i2o_ECPublicKey(ec, NULL)); + p = key.ptr; + i2o_ECPublicKey(ec, &p); + break; + case KEY_ID_PUBKEY_INFO_SHA1: + key = chunk_alloc(i2d_EC_PUBKEY(ec, NULL)); + p = key.ptr; + i2d_EC_PUBKEY(ec, &p); + break; default: - return NULL; + return FALSE; + } + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher) + { + DBG1("SHA1 hash algorithm not supported, fingerprinting failed"); + free(key.ptr); + return FALSE; } + hasher->allocate_hash(hasher, key, fp); + hasher->destroy(hasher); + free(key.ptr); + lib->encoding->cache(lib->encoding, type, ec, *fp); + return TRUE; } /** - * Encodes the public key - */ -static chunk_t get_encoding_raw(EC_KEY *ec) + * Implementation of private_key_t.get_fingerprint. + */ +static bool get_fingerprint(private_openssl_ec_public_key_t *this, + key_encoding_type_t type, chunk_t *fingerprint) { - /* since the points can be stored in three different forms this may not - * be correct for all cases */ - const EC_GROUP *group = EC_KEY_get0_group(ec); - const EC_POINT *pub = EC_KEY_get0_public_key(ec); - chunk_t enc = chunk_alloc(EC_POINT_point2oct(group, pub, - POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL)); - EC_POINT_point2oct(group, pub, POINT_CONVERSION_UNCOMPRESSED, - enc.ptr, enc.len, NULL); - return enc; + return openssl_ec_fingerprint(this->ec, type, fingerprint); } /** - * Encodes the public key info (public key with ec parameters) - */ -static chunk_t get_encoding_full(EC_KEY *ec) -{ - chunk_t enc = chunk_alloc(i2d_EC_PUBKEY(ec, NULL)); - u_char *p = enc.ptr; - i2d_EC_PUBKEY(ec, &p); - return enc; -} - -/* - * Implementation of public_key_t.get_encoding. + * Implementation of private_key_t.get_encoding. */ -static chunk_t get_encoding(private_openssl_ec_public_key_t *this) +static bool get_encoding(private_openssl_ec_public_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - return get_encoding_full(this->ec); + u_char *p; + + switch (type) + { + case KEY_PUB_SPKI_ASN1_DER: + { + *encoding = chunk_alloc(i2d_EC_PUBKEY(this->ec, NULL)); + p = encoding->ptr; + i2d_EC_PUBKEY(this->ec, &p); + return TRUE; + } + default: + return FALSE; + } } /** * Implementation of public_key_t.get_ref. */ -static private_openssl_ec_public_key_t* get_ref(private_openssl_ec_public_key_t *this) +static public_key_t* get_ref(private_openssl_ec_public_key_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface; } /** @@ -271,10 +277,9 @@ static void destroy(private_openssl_ec_public_key_t *this) { if (this->ec) { + lib->encoding->clear_cache(lib->encoding, this->ec); EC_KEY_free(this->ec); } - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); free(this); } } @@ -282,168 +287,62 @@ static void destroy(private_openssl_ec_public_key_t *this) /** * Generic private constructor */ -static private_openssl_ec_public_key_t *openssl_ec_public_key_create_empty() +static private_openssl_ec_public_key_t *create_empty() { private_openssl_ec_public_key_t *this = malloc_thing(private_openssl_ec_public_key_t); - + this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id; - this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding; + this->public.interface.equals = public_key_equals; + this->public.interface.get_fingerprint = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - + this->ec = NULL; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - + return this; } /** - * Build key identifier from the public key using SHA1 hashed publicKey(Info). - * Also used in openssl_ec_private_key.c. + * See header. */ -bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid, - identification_t **keyid_info) +openssl_ec_public_key_t *openssl_ec_public_key_load(key_type_t type, + va_list args) { - chunk_t publicKeyInfo, publicKey, hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - DBG1("SHA1 hash algorithm not supported, unable to use EC"); - return FALSE; - } - - publicKey = get_encoding_raw(ec); - - hasher->allocate_hash(hasher, publicKey, &hash); - *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = get_encoding_full(ec); - - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - chunk_free(&publicKey); - - return TRUE; -} + private_openssl_ec_public_key_t *this; + chunk_t blob = chunk_empty; -/** - * Load a public key from an ASN1 encoded blob - */ -static openssl_ec_public_key_t *load(chunk_t blob) -{ - u_char *p = blob.ptr; - private_openssl_ec_public_key_t *this = openssl_ec_public_key_create_empty(); - - this->ec = d2i_EC_PUBKEY(NULL, (const u_char**)&p, blob.len); - - chunk_clear(&blob); - - if (!this->ec) + if (type != KEY_ECDSA) { - destroy(this); return NULL; } - - if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} - -/** - * Create a public key from BIGNUM values, used in openssl_ec_private_key.c - */ -openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec) -{ - return (openssl_ec_public_key_t*)load(get_encoding_full(ec)); -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - openssl_ec_public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static openssl_ec_public_key_t *build(private_builder_t *this) -{ - openssl_ec_public_key_t *key = this->key; - - free(this); - return key; -} -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) + while (TRUE) { - va_list args; - chunk_t chunk; - - switch (part) + switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load(chunk_clone(chunk)); - va_end(args); - return; - } - default: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->key) - { - destroy((private_openssl_ec_public_key_t*)this->key); - } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *openssl_ec_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_ECDSA) + this = create_empty(); + this->ec = d2i_EC_PUBKEY(NULL, (const u_char**)&blob.ptr, blob.len); + if (!this->ec) { + destroy(this); return NULL; } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h index bdbb2fe6e..29d607d38 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h @@ -23,6 +23,7 @@ typedef struct openssl_ec_public_key_t openssl_ec_public_key_t; +#include #include /** @@ -37,11 +38,15 @@ struct openssl_ec_public_key_t { }; /** - * Create the builder for a public key. + * Load a ECDSA public key using OpenSSL. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. * * @param type type of the key, must be KEY_ECDSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *openssl_ec_public_key_builder(key_type_t type); +openssl_ec_public_key_t *openssl_ec_public_key_load(key_type_t type, + va_list args); #endif /** OPENSSL_EC_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c index 90a5229d5..7556bc594 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.c +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -23,19 +23,19 @@ typedef struct private_openssl_hasher_t private_openssl_hasher_t; * Private data of openssl_hasher_t */ struct private_openssl_hasher_t { - + /** * Public part of this class. */ openssl_hasher_t public; - + /** * the hasher to use */ const EVP_MD *hasher; - + /** - * the current digest context + * the current digest context */ EVP_MD_CTX *ctx; }; @@ -49,7 +49,7 @@ typedef struct { * Identifier specified in IKEv2 */ int ikev2_id; - + /** * Name of the algorithm, as used in OpenSSL */ @@ -76,7 +76,7 @@ static openssl_algorithm_t integrity_algs[] = { /** * Look up an OpenSSL algorithm name */ -static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, +static char* lookup_algorithm(openssl_algorithm_t *openssl_algo, u_int16_t ikev2_algo) { while (openssl_algo->ikev2_id != END_OF_LIST) @@ -133,7 +133,7 @@ static void allocate_hash(private_openssl_hasher_t *this, chunk_t chunk, } else { - get_hash(this, chunk, NULL); + get_hash(this, chunk, NULL); } } @@ -152,7 +152,7 @@ static void destroy (private_openssl_hasher_t *this) openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) { private_openssl_hasher_t *this; - + char* name = lookup_algorithm(integrity_algs, algo); if (!name) { @@ -161,7 +161,7 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) } this = malloc_thing(private_openssl_hasher_t); - + this->hasher = EVP_get_digestbyname(name); if (!this->hasher) { @@ -169,17 +169,17 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) free(this); return NULL; } - + this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + this->ctx = EVP_MD_CTX_create(); - + /* initialization */ reset(this); - + return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h index aec5bc7dd..fd7a043d1 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.h +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h @@ -29,7 +29,7 @@ typedef struct openssl_hasher_t openssl_hasher_t; * Implementation of hashers using OpenSSL. */ struct openssl_hasher_t { - + /** * The hasher_t interface. */ @@ -38,7 +38,7 @@ struct openssl_hasher_t { /** * Constructor to create openssl_hasher_t. - * + * * @param algo algorithm * @return openssl_hasher_t, NULL if not supported */ diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index ce6716f5a..548a76bb4 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -18,12 +18,13 @@ #include #include #include -#include #include "openssl_plugin.h" #include -#include +#include +#include +#include "openssl_util.h" #include "openssl_crypter.h" #include "openssl_hasher.h" #include "openssl_diffie_hellman.h" @@ -82,7 +83,7 @@ struct CRYPTO_dynlock_value { static struct CRYPTO_dynlock_value *create_function(const char *file, int line) { struct CRYPTO_dynlock_value *lock; - + lock = malloc_thing(struct CRYPTO_dynlock_value); lock->mutex = mutex_create(MUTEX_TYPE_DEFAULT); return lock; @@ -119,7 +120,7 @@ static void destroy_function(struct CRYPTO_dynlock_value *lock, */ static unsigned long id_function(void) { - return (unsigned long)pthread_self(); + return (unsigned long)thread_current_id(); } /** @@ -130,12 +131,12 @@ static void threading_init() int i, num_locks; CRYPTO_set_id_callback(id_function); - CRYPTO_set_locking_callback(locking_function); - + CRYPTO_set_locking_callback(locking_function); + CRYPTO_set_dynlock_create_callback(create_function); CRYPTO_set_dynlock_lock_callback(lock_function); CRYPTO_set_dynlock_destroy_callback(destroy_function); - + num_locks = CRYPTO_num_locks(); mutex = malloc(sizeof(mutex_t*) * num_locks); for (i = 0; i < num_locks; i++) @@ -150,7 +151,7 @@ static void threading_init() static void threading_cleanup() { int i, num_locks; - + num_locks = CRYPTO_num_locks(); for (i = 0; i < num_locks; i++) { @@ -169,25 +170,31 @@ static void destroy(private_openssl_plugin_t *this) (crypter_constructor_t)openssl_crypter_create); lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)openssl_hasher_create); - lib->crypto->remove_dh(lib->crypto, + lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->remove_dh(lib->crypto, + lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)openssl_rsa_private_key_builder); + (builder_function_t)openssl_rsa_private_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)openssl_rsa_private_key_gen); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)openssl_rsa_public_key_builder); + (builder_function_t)openssl_rsa_private_key_connect); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)openssl_ec_private_key_builder); + (builder_function_t)openssl_rsa_public_key_load); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)openssl_ec_public_key_builder); - + (builder_function_t)openssl_ec_private_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)openssl_ec_private_key_gen); + lib->creds->remove_builder(lib->creds, + (builder_function_t)openssl_ec_public_key_load); + ENGINE_cleanup(); EVP_cleanup(); CONF_modules_free(); - + threading_cleanup(); - + free(this); } @@ -197,18 +204,18 @@ static void destroy(private_openssl_plugin_t *this) plugin_t *plugin_create() { private_openssl_plugin_t *this = malloc_thing(private_openssl_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + threading_init(); - + OPENSSL_config(NULL); OpenSSL_add_all_algorithms(); - + /* activate support for hardware accelerators */ ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); - + /* crypter */ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, (crypter_constructor_t)openssl_crypter_create); @@ -230,7 +237,7 @@ plugin_t *plugin_create() (crypter_constructor_t)openssl_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_NULL, (crypter_constructor_t)openssl_crypter_create); - + /* hasher */ lib->crypto->add_hasher(lib->crypto, HASH_SHA1, (hasher_constructor_t)openssl_hasher_create); @@ -248,48 +255,53 @@ plugin_t *plugin_create() (hasher_constructor_t)openssl_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, (hasher_constructor_t)openssl_hasher_create); - - /* ec diffie hellman */ - lib->crypto->add_dh(lib->crypto, ECP_192_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_224_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); + + /* (ec) diffie hellman */ + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_256_BIT, (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_384_BIT, (dh_constructor_t)openssl_ec_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_521_BIT, (dh_constructor_t)openssl_ec_diffie_hellman_create); - - /* diffie hellman */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + lib->crypto->add_dh(lib->crypto, ECP_224_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_192_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)openssl_diffie_hellman_create); - + /* rsa */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - (builder_constructor_t)openssl_rsa_private_key_builder); + (builder_function_t)openssl_rsa_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)openssl_rsa_private_key_gen); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)openssl_rsa_private_key_connect); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - (builder_constructor_t)openssl_rsa_public_key_builder); - + (builder_function_t)openssl_rsa_public_key_load); + /* ec */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, - (builder_constructor_t)openssl_ec_private_key_builder); + (builder_function_t)openssl_ec_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + (builder_function_t)openssl_ec_private_key_gen); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, - (builder_constructor_t)openssl_ec_public_key_builder); - + (builder_function_t)openssl_ec_public_key_load); + return &this->public.plugin; } + diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 95c0ffdc8..078f889a6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -37,42 +38,25 @@ struct private_openssl_rsa_private_key_t { * Public interface for this signer. */ openssl_rsa_private_key_t public; - + /** * RSA object from OpenSSL */ RSA *rsa; - + /** * TRUE if the key is from an OpenSSL ENGINE and might not be readable */ bool engine; - /** - * Keyid formed as a SHA-1 hash of a privateKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a privateKeyInfo object - */ - identification_t* keyid_info; - /** * reference count */ - refcount_t ref; + refcount_t ref; }; -/** - * shared functions, implemented in openssl_rsa_public_key.c - */ -bool openssl_rsa_public_key_build_id(RSA *rsa, identification_t **keyid, - identification_t **keyid_info); - - -openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGNUM *e); - +/* implemented in rsa public key */ +bool openssl_rsa_fingerprint(RSA *rsa, key_encoding_type_t type, chunk_t *fp); /** * Build an EMPSA PKCS1 signature described in PKCS#1 @@ -104,7 +88,7 @@ static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, { return FALSE; } - + ctx = EVP_MD_CTX_create(); key = EVP_PKEY_new(); if (!ctx || !key) @@ -127,7 +111,7 @@ static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, { success = TRUE; } - + error: if (key) { @@ -156,7 +140,7 @@ static key_type_t get_type(private_openssl_rsa_private_key_t *this) /** * Implementation of openssl_rsa_private_key.sign. */ -static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme, +static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { switch (scheme) @@ -200,96 +184,57 @@ static size_t get_keysize(private_openssl_rsa_private_key_t *this) return RSA_size(this->rsa); } -/** - * Implementation of openssl_rsa_private_key.get_id. - */ -static identification_t* get_id(private_openssl_rsa_private_key_t *this, - id_type_t type) -{ - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } -} - /** * Implementation of openssl_rsa_private_key.get_public_key. */ -static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_t *this) +static public_key_t* get_public_key(private_openssl_rsa_private_key_t *this) { - return openssl_rsa_public_key_create_from_n_e(this->rsa->n, this->rsa->e); + chunk_t enc; + public_key_t *key; + u_char *p; + + enc = chunk_alloc(i2d_RSAPublicKey(this->rsa, NULL)); + p = enc.ptr; + i2d_RSAPublicKey(this->rsa, &p); + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_BLOB_ASN1_DER, enc, BUILD_END); + free(enc.ptr); + return key; } /** - * Implementation of openssl_rsa_private_key.equals. + * Implementation of public_key_t.get_fingerprint. */ -static bool equals(private_openssl_rsa_private_key_t *this, private_key_t *other) +static bool get_fingerprint(private_openssl_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *fingerprint) { - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return openssl_rsa_fingerprint(this->rsa, type, fingerprint); } -/** - * Implementation of openssl_rsa_private_key.belongs_to. +/* + * Implementation of public_key_t.get_encoding. */ -static bool belongs_to(private_openssl_rsa_private_key_t *this, public_key_t *public) +static bool get_encoding(private_openssl_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - identification_t *keyid; + u_char *p; - if (public->get_type(public) != KEY_RSA) + if (this->engine) { return FALSE; } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; -} - -/** - * Implementation of private_key_t.get_encoding. - */ -static chunk_t get_encoding(private_openssl_rsa_private_key_t *this) -{ - chunk_t enc = chunk_empty; - if (!this->engine) + switch (type) { - enc = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL)); - u_char *p = enc.ptr; - i2d_RSAPrivateKey(this->rsa, &p); + case KEY_PRIV_ASN1_DER: + { + *encoding = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL)); + p = encoding->ptr; + i2d_RSAPrivateKey(this->rsa, &p); + return TRUE; + } + default: + return FALSE; } - return enc; } /** @@ -299,7 +244,6 @@ static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_ke { ref_get(&this->ref); return this; - } /** @@ -311,10 +255,9 @@ static void destroy(private_openssl_rsa_private_key_t *this) { if (this->rsa) { + lib->encoding->clear_cache(lib->encoding, this->rsa); RSA_free(this->rsa); } - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); free(this); } } @@ -322,238 +265,215 @@ static void destroy(private_openssl_rsa_private_key_t *this) /** * Internal generic constructor */ -static private_openssl_rsa_private_key_t *openssl_rsa_private_key_create_empty(void) +static private_openssl_rsa_private_key_t *create_empty(void) { private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t); - + this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type; this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign; this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t*, id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key; - this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals; - this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to; - this->public.interface.get_encoding = (chunk_t(*) (private_key_t*))get_encoding; + this->public.interface.equals = private_key_equals; + this->public.interface.belongs_to = private_key_belongs_to; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref; this->public.interface.destroy = (void (*) (private_key_t*))destroy; - + this->engine = FALSE; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - + return this; } /** - * Generate an RSA key of specified key size + * See header. */ -static openssl_rsa_private_key_t *generate(size_t key_size) +openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, + va_list args) { - private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty(); - - this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL); - - if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) + private_openssl_rsa_private_key_t *this; + u_int key_size = 0; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!key_size) { - destroy(this); return NULL; } - + this = create_empty(); + this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL); + return &this->public; } /** - * load private key from an ASN1 encoded blob + * See header */ -static openssl_rsa_private_key_t *load(chunk_t blob) +openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, + va_list args) { - u_char *p = blob.ptr; - private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty(); - - this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&p, blob.len); - - chunk_clear(&blob); - - if (!this->rsa) + private_openssl_rsa_private_key_t *this; + chunk_t blob, n, e, d, p, q, exp1, exp2, coeff; + + blob = n = e = d = p = q = exp1 = exp2 = coeff = chunk_empty; + while (TRUE) { - destroy(this); - return NULL; + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIV_EXP: + d = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME1: + p = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME2: + q = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP1: + exp1 = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP2: + exp2 = va_arg(args, chunk_t); + continue; + case BUILD_RSA_COEFF: + coeff = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; } - - if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) + + this = create_empty(); + if (blob.ptr) { - destroy(this); - return NULL; + this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len); + if (this->rsa && RSA_check_key(this->rsa)) + { + return &this->public; + } } - - if (!RSA_check_key(this->rsa)) + else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr) { - destroy(this); - return NULL; + this->rsa = RSA_new(); + this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); + this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); + this->rsa->d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL); + this->rsa->p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); + this->rsa->q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); + if (exp1.ptr) + { + this->rsa->dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL); + } + if (exp2.ptr) + { + this->rsa->dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL); + } + this->rsa->iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); + if (RSA_check_key(this->rsa)) + { + return &this->public; + } } - - return &this->public; + destroy(this); + return NULL; } /** - * load private key from a smart card + * See header. */ -static openssl_rsa_private_key_t *load_from_smartcard(char *keyid, char *pin) +openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, + va_list args) { - private_openssl_rsa_private_key_t *this = NULL; + private_openssl_rsa_private_key_t *this; + char *keyid = NULL, *pin = NULL; EVP_PKEY *key; - char *engine_id = lib->settings->get_str(lib->settings, + char *engine_id; + ENGINE *engine; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_SMARTCARD_KEYID: + keyid = va_arg(args, char*); + continue; + case BUILD_SMARTCARD_PIN: + pin = va_arg(args, char*); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!keyid || !pin) + { + return NULL; + } + + engine_id = lib->settings->get_str(lib->settings, "library.plugins.openssl.engine_id", "pkcs11"); - - ENGINE *engine = ENGINE_by_id(engine_id); + engine = ENGINE_by_id(engine_id); if (!engine) { DBG1("engine '%s' is not available", engine_id); return NULL; } - if (!ENGINE_init(engine)) { DBG1("failed to initialize engine '%s'", engine_id); - goto error; + ENGINE_free(engine); + return NULL; } - if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0)) { DBG1("failed to set PIN on engine '%s'", engine_id); - goto error; + ENGINE_free(engine); + return NULL; } - + key = ENGINE_load_private_key(engine, keyid, NULL, NULL); - if (!key) { - DBG1("failed to load private key with ID '%s' from engine '%s'", keyid, - engine_id); - goto error; - } - ENGINE_free(engine); - - this = openssl_rsa_private_key_create_empty(); - this->rsa = EVP_PKEY_get1_RSA(key); - this->engine = TRUE; - - if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) - { - destroy(this); + DBG1("failed to load private key with ID '%s' from engine '%s'", + keyid, engine_id); + ENGINE_free(engine); return NULL; } - return &this->public; - -error: ENGINE_free(engine); - return NULL; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded/generated private key */ - openssl_rsa_private_key_t *key; - /** temporary stored smartcard key ID */ - char *keyid; - /** temporary stored smartcard pin */ - char *pin; -}; -/** - * Implementation of builder_t.build - */ -static openssl_rsa_private_key_t *build(private_builder_t *this) -{ - openssl_rsa_private_key_t *key = this->key; - - if (this->keyid && this->pin) - { - key = load_from_smartcard(this->keyid, this->pin); - } - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - chunk_t chunk; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load(chunk_clone(chunk)); - va_end(args); - return; - } - case BUILD_KEY_SIZE: - { - va_start(args, part); - this->key = generate(va_arg(args, u_int)); - va_end(args); - return; - } - case BUILD_SMARTCARD_KEYID: - { - va_start(args, part); - this->keyid = va_arg(args, char*); - va_end(args); - return; - } - case BUILD_SMARTCARD_PIN: - { - va_start(args, part); - this->pin = va_arg(args, char*); - va_end(args); - return; - } - default: - break; - } - } - if (this->key) - { - destroy((private_openssl_rsa_private_key_t*)this->key); - } - builder_cancel(&this->public); -} + this = create_empty(); + this->rsa = EVP_PKEY_get1_RSA(key); + this->engine = TRUE; -/** - * Builder construction function - */ -builder_t *openssl_rsa_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - this->keyid = NULL; - this->pin = NULL; - return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h index 53ec44b28..079dfa46a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h @@ -21,6 +21,7 @@ #ifndef OPENSSL_RSA_PRIVATE_KEY_H_ #define OPENSSL_RSA_PRIVATE_KEY_H_ +#include #include typedef struct openssl_rsa_private_key_t openssl_rsa_private_key_t; @@ -37,11 +38,40 @@ struct openssl_rsa_private_key_t { }; /** - * Create the builder for a private key. + * Generate a RSA private key using OpenSSL. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, + va_list args); + +/** + * Load a RSA private key using OpenSSL. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, + va_list args); + +/** + * Connect to a RSA private key on a smartcard. + * + * Accepts the BUILD_SMARTCARD_KEYID and the BUILD_SMARTCARD_PIN + * arguments. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *openssl_rsa_private_key_builder(key_type_t type); +openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, + va_list args); #endif /** OPENSSL_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index bc1ba35b6..422262b19 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -31,22 +32,12 @@ struct private_openssl_rsa_public_key_t { * Public interface for this signer. */ openssl_rsa_public_key_t public; - + /** * RSA object from OpenSSL */ RSA *rsa; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t *keyid_info; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t *keyid; - + /** * reference counter */ @@ -109,7 +100,7 @@ static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this, goto error; } valid = (EVP_VerifyFinal(ctx, signature.ptr, signature.len, key) == 1); - + error: if (key) { @@ -134,7 +125,7 @@ static key_type_t get_type(private_openssl_rsa_public_key_t *this) /** * Implementation of public_key_t.verify. */ -static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t scheme, +static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature) { switch (scheme) @@ -163,40 +154,13 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc /** * Implementation of public_key_t.get_keysize. */ -static bool encrypt_(private_openssl_rsa_public_key_t *this, chunk_t crypto, chunk_t *plain) +static bool encrypt_(private_openssl_rsa_public_key_t *this, + chunk_t crypto, chunk_t *plain) { DBG1("RSA public key encryption not implemented"); return FALSE; } -/** - * Implementation of public_key_t.equals. - */ -static bool equals(private_openssl_rsa_public_key_t *this, public_key_t *other) -{ - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; -} - /** * Implementation of public_key_t.get_keysize. */ @@ -206,79 +170,92 @@ static size_t get_keysize(private_openssl_rsa_public_key_t *this) } /** - * Implementation of public_key_t.get_id. + * Calculate fingerprint from a RSA key, also used in rsa private key. */ -static identification_t *get_id(private_openssl_rsa_public_key_t *this, - id_type_t type) +bool openssl_rsa_fingerprint(RSA *rsa, key_encoding_type_t type, chunk_t *fp) { + hasher_t *hasher; + chunk_t key; + u_char *p; + + if (lib->encoding->get_cache(lib->encoding, type, rsa, fp)) + { + return TRUE; + } switch (type) { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; + case KEY_ID_PUBKEY_SHA1: + key = chunk_alloc(i2d_RSAPublicKey(rsa, NULL)); + p = key.ptr; + i2d_RSAPublicKey(rsa, &p); + break; + case KEY_ID_PUBKEY_INFO_SHA1: + key = chunk_alloc(i2d_RSA_PUBKEY(rsa, NULL)); + p = key.ptr; + i2d_RSA_PUBKEY(rsa, &p); + break; default: - return NULL; + return FALSE; } + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher) + { + DBG1("SHA1 hash algorithm not supported, fingerprinting failed"); + free(key.ptr); + return FALSE; + } + hasher->allocate_hash(hasher, key, fp); + free(key.ptr); + hasher->destroy(hasher); + lib->encoding->cache(lib->encoding, type, rsa, *fp); + return TRUE; } /** - * Encodes the public key - */ -static chunk_t get_encoding_raw(RSA *rsa) -{ - chunk_t enc = chunk_alloc(i2d_RSAPublicKey(rsa, NULL)); - u_char *p = enc.ptr; - i2d_RSAPublicKey(rsa, &p); - return enc; -} - -/** - * Encodes the public key with the algorithm used + * Implementation of public_key_t.get_fingerprint. */ -static chunk_t get_encoding_with_algo(RSA *rsa) +static bool get_fingerprint(private_openssl_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *fingerprint) { - u_char *p; - chunk_t enc; - X509_PUBKEY *pubkey = X509_PUBKEY_new(); - - ASN1_OBJECT_free(pubkey->algor->algorithm); - pubkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); - - if (pubkey->algor->parameter == NULL || - pubkey->algor->parameter->type != V_ASN1_NULL) - { - ASN1_TYPE_free(pubkey->algor->parameter); - pubkey->algor->parameter = ASN1_TYPE_new(); - pubkey->algor->parameter->type = V_ASN1_NULL; - } - - enc = get_encoding_raw(rsa); - M_ASN1_BIT_STRING_set(pubkey->public_key, enc.ptr, enc.len); - chunk_free(&enc); - - enc = chunk_alloc(i2d_X509_PUBKEY(pubkey, NULL)); - p = enc.ptr; - i2d_X509_PUBKEY(pubkey, &p); - X509_PUBKEY_free(pubkey); - return enc; + return openssl_rsa_fingerprint(this->rsa, type, fingerprint); } /* * Implementation of public_key_t.get_encoding. */ -static chunk_t get_encoding(private_openssl_rsa_public_key_t *this) +static bool get_encoding(private_openssl_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - return get_encoding_raw(this->rsa); + u_char *p; + + switch (type) + { + case KEY_PUB_SPKI_ASN1_DER: + { + *encoding = chunk_alloc(i2d_RSA_PUBKEY(this->rsa, NULL)); + p = encoding->ptr; + i2d_RSA_PUBKEY(this->rsa, &p); + return TRUE; + } + case KEY_PUB_ASN1_DER: + { + *encoding = chunk_alloc(i2d_RSAPublicKey(this->rsa, NULL)); + p = encoding->ptr; + i2d_RSAPublicKey(this->rsa, &p); + return TRUE; + } + default: + return FALSE; + } } /** * Implementation of public_key_t.get_ref. */ -static private_openssl_rsa_public_key_t* get_ref(private_openssl_rsa_public_key_t *this) +static public_key_t* get_ref(private_openssl_rsa_public_key_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface; } /** @@ -290,10 +267,9 @@ static void destroy(private_openssl_rsa_public_key_t *this) { if (this->rsa) { + lib->encoding->clear_cache(lib->encoding, this->rsa); RSA_free(this->rsa); } - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); free(this); } } @@ -301,179 +277,75 @@ static void destroy(private_openssl_rsa_public_key_t *this) /** * Generic private constructor */ -static private_openssl_rsa_public_key_t *openssl_rsa_public_key_create_empty() +static private_openssl_rsa_public_key_t *create_empty() { private_openssl_rsa_public_key_t *this = malloc_thing(private_openssl_rsa_public_key_t); - + this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; - this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; + this->public.interface.equals = public_key_equals; this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id; - this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding; + this->public.interface.get_fingerprint = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - - this->keyid = NULL; - this->keyid_info = NULL; - this->ref = 1; - - return this; -} - -/** - * Build the RSA key identifier from n and e using SHA1 hashed publicKey(Info). - * Also used in openssl_rsa_private_key.c. - */ -bool openssl_rsa_public_key_build_id(RSA *rsa, identification_t **keyid, - identification_t **keyid_info) -{ - chunk_t publicKeyInfo, publicKey, hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - DBG1("SHA1 hash algorithm not supported, unable to use RSA"); - return FALSE; - } - - publicKey = get_encoding_raw(rsa); - - hasher->allocate_hash(hasher, publicKey, &hash); - *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = get_encoding_with_algo(rsa); - - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - chunk_free(&publicKey); - - return TRUE; -} - -/** - * Create a public key from BIGNUM values, used in openssl_rsa_private_key.c - */ -openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGNUM *e) -{ - private_openssl_rsa_public_key_t *this = openssl_rsa_public_key_create_empty(); - - this->rsa = RSA_new(); - this->rsa->n = BN_dup(n); - this->rsa->e = BN_dup(e); - - if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} -/** - * Load a public key from an ASN1 encoded blob - */ -static openssl_rsa_public_key_t *load(chunk_t blob) -{ - u_char *p = blob.ptr; - private_openssl_rsa_public_key_t *this = openssl_rsa_public_key_create_empty(); - - this->rsa = d2i_RSAPublicKey(NULL, (const u_char**)&p, blob.len); - - chunk_clear(&blob); - - if (!this->rsa) - { - destroy(this); - return NULL; - } + this->rsa = NULL; + this->ref = 1; - if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; + return this; } -typedef struct private_builder_t private_builder_t; /** - * Builder implementation for key loading + * See header. */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - openssl_rsa_public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static openssl_rsa_public_key_t *build(private_builder_t *this) +openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type, + va_list args) { - openssl_rsa_public_key_t *key = this->key; - - free(this); - return key; -} + private_openssl_rsa_public_key_t *this; + chunk_t blob, n, e; -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) + n = e = blob = chunk_empty; + while (TRUE) { - va_list args; - chunk_t chunk; - - switch (part) + switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->key = load(chunk_clone(chunk)); - va_end(args); - return; - } - default: + blob = va_arg(args, chunk_t); + continue; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->key) + + this = create_empty(); + if (blob.ptr) { - destroy((private_openssl_rsa_public_key_t*)this->key); + this->rsa = d2i_RSAPublicKey(NULL, (const u_char**)&blob.ptr, blob.len); + if (this->rsa) + { + return &this->public; + } } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *openssl_rsa_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) + else if (n.ptr && e.ptr) { - return NULL; + this->rsa = RSA_new(); + this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); + this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); + return &this->public; } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; + destroy(this); + return NULL; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h index ff99ddbc5..620aa51ce 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h @@ -37,11 +37,15 @@ struct openssl_rsa_public_key_t { }; /** - * Create the builder for a public key. + * Load a RSA public key using OpenSSL. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *openssl_rsa_public_key_builder(key_type_t type); +openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type, + va_list args); #endif /** OPENSSL_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c index c8c453f64..55b18a524 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.c +++ b/src/libstrongswan/plugins/openssl/openssl_util.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -18,6 +19,7 @@ #include #include +#include /** * Described in header. @@ -31,30 +33,30 @@ bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash) { return FALSE; } - - ctx = EVP_MD_CTX_create(); + + ctx = EVP_MD_CTX_create(); if (!ctx) { goto error; } - + if (!EVP_DigestInit_ex(ctx, hasher, NULL)) { goto error; } - + if (!EVP_DigestUpdate(ctx, data.ptr, data.len)) { goto error; } - + *hash = chunk_alloc(hasher->md_size); if (!EVP_DigestFinal_ex(ctx, hash->ptr, NULL)) { chunk_free(hash); goto error; } - + ret = TRUE; error: if (ctx) @@ -70,18 +72,18 @@ error: bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk) { int offset; - + chunk->len = len + (b ? len : 0); chunk->ptr = malloc(chunk->len); memset(chunk->ptr, 0, chunk->len); - + /* convert a */ offset = len - BN_num_bytes(a); if (!BN_bn2bin(a, chunk->ptr + offset)) { goto error; } - + /* optionally convert and concatenate b */ if (b) { @@ -90,8 +92,8 @@ bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk) { goto error; } - } - + } + return TRUE; error: chunk_free(chunk); @@ -105,19 +107,20 @@ error: bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b) { int len; - + if ((chunk.len % 2) != 0) { return FALSE; } - + len = chunk.len / 2; - + if (!BN_bin2bn(chunk.ptr, len, a) || !BN_bin2bn(chunk.ptr + len, len, b)) { return FALSE; } - + return TRUE; } + diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index 6ba1ff07b..538008f2c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -31,9 +31,9 @@ /** * Creates a hash of a given type of a chunk of data. - * + * * Note: this function allocates memory for the hash - * + * * @param hash_type NID of the hash * @param data the chunk of data to hash * @param hash chunk that contains the hash @@ -44,9 +44,9 @@ bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash); /** * Concatenates two bignums into a chunk, thereby enfocing the length of * a single BIGNUM, if necessary, by pre-pending it with zeros. - * + * * Note: this function allocates memory for the chunk - * + * * @param len the length of a single BIGNUM * @param a first BIGNUM * @param b second BIGNUM @@ -57,7 +57,7 @@ bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk); /** * Splits a chunk into two bignums of equal binary length. - * + * * @param chunk a chunk that contains the two BIGNUMs * @param a first BIGNUM * @param b second BIGNUM diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 44f533744..59ea98799 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/padlock DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_padlock_la_LIBADD = am_libstrongswan_padlock_la_OBJECTS = padlock_plugin.lo \ @@ -60,6 +84,7 @@ libstrongswan_padlock_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -246,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -266,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -309,21 +343,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -346,7 +380,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -354,29 +388,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -397,13 +436,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -434,6 +477,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -455,6 +499,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -463,18 +509,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -513,6 +569,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c index afdd85b79..9edea4bd3 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2008 Thomas Kallenberg * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -26,12 +26,12 @@ typedef struct private_padlock_aes_crypter_t private_padlock_aes_crypter_t; * Private data of padlock_aes_crypter_t */ struct private_padlock_aes_crypter_t { - + /** * Public part of this class. */ padlock_aes_crypter_t public; - + /* * the key */ @@ -56,7 +56,7 @@ typedef struct { /** * Invoke the actual de/encryption */ -static void padlock_crypt(void *key, void *ctrl, void *src, void *dst, +static void padlock_crypt(void *key, void *ctrl, void *src, void *dst, int count, void *iv) { asm volatile( @@ -81,7 +81,7 @@ static void padlock_crypt(void *key, void *ctrl, void *src, void *dst, /* * Implementation of crypter_t.crypt */ -static void crypt(private_padlock_aes_crypter_t *this, char *iv, +static void crypt(private_padlock_aes_crypter_t *this, char *iv, chunk_t src, chunk_t *dst, bool enc) { cword cword PADLOCK_ALIGN; @@ -110,7 +110,7 @@ static void crypt(private_padlock_aes_crypter_t *this, char *iv, /** * Implementation of crypter_t.decrypt. */ -static void decrypt(private_padlock_aes_crypter_t *this, chunk_t data, +static void decrypt(private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, iv.ptr, data, dst, TRUE); @@ -120,7 +120,7 @@ static void decrypt(private_padlock_aes_crypter_t *this, chunk_t data, /** * Implementation of crypter_t.encrypt. */ -static void encrypt (private_padlock_aes_crypter_t *this, chunk_t data, +static void encrypt (private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { crypt(this, iv.ptr, data, dst, FALSE); @@ -162,18 +162,18 @@ static void destroy (private_padlock_aes_crypter_t *this) /* * Described in header */ -padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo, +padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo, size_t key_size) { private_padlock_aes_crypter_t *this; - + if (algo != ENCR_AES_CBC) { return NULL; } - + this = malloc_thing(private_padlock_aes_crypter_t); - + switch (key_size) { case 16: /* AES 128 */ @@ -185,15 +185,15 @@ padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo, free(this); return NULL; } - + this->key = chunk_alloc(key_size); - + this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt; this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h index d8ac9c2a0..d4c7a7577 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h @@ -30,7 +30,7 @@ typedef struct padlock_aes_crypter_t padlock_aes_crypter_t; * Implementation of AES-128 using VIA Padlock. */ struct padlock_aes_crypter_t { - + /** * The crypter_t interface. */ @@ -39,7 +39,7 @@ struct padlock_aes_crypter_t { /** * Constructor to create padlock_aes_crypter_t. - * + * * @param key_size key size in bytes, currently supports only 16. * @param algo algorithm to implement, must be ENCR_AES_CBC * @return padlock_aes_crypter_t, NULL if not supported diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c index e241b59be..32b18ec4b 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.c +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c @@ -55,7 +55,7 @@ struct private_padlock_plugin_t { * public functions */ padlock_plugin_t public; - + /** * features supported by Padlock */ @@ -81,11 +81,11 @@ static padlock_feature_t get_padlock_features() { char vendor[3 * sizeof(int) + 1]; int a, b, c, d; - + cpuid(0, a, b, c, d); /* VendorID string is in b-d-c (yes, in this order) */ snprintf(vendor, sizeof(vendor), "%.4s%.4s%.4s", &b, &d, &c); - + /* check if we have a VIA chip */ if (streq(vendor, "CentaurHauls")) { @@ -134,9 +134,9 @@ static void destroy(private_padlock_plugin_t *this) plugin_t *plugin_create() { private_padlock_plugin_t *this = malloc_thing(private_padlock_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + this->features = get_padlock_features(); if (!this->features) { @@ -154,7 +154,7 @@ plugin_t *plugin_create() this->features & PADLOCK_ACE2_ENABLED ? " ACE2" : "", this->features & PADLOCK_PHE_ENABLED ? " PHE" : "", this->features & PADLOCK_PMM_ENABLED ? " PMM" : ""); - + if (this->features & PADLOCK_RNG_ENABLED) { lib->crypto->add_rng(lib->crypto, RNG_TRUE, diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c index 8a04dccfc..8ff46081b 100644 --- a/src/libstrongswan/plugins/padlock/padlock_rng.c +++ b/src/libstrongswan/plugins/padlock/padlock_rng.c @@ -36,12 +36,12 @@ enum padlock_quality_factor_t { * Private data of an padlock_rng_t object. */ struct private_padlock_rng_t { - + /** * Public padlock_rng_t interface. */ padlock_rng_t public; - + /** * Padlock quality factor */ @@ -56,14 +56,14 @@ static void rng(char *buf, int len, int quality) while (len > 0) { int status; - + /* run XSTORE until we have all bytes needed. We do not use REP, as * this should not be performance critical and it's easier this way. */ asm volatile ( ".byte 0x0F,0xA7,0xC0 \n\t" : "=D"(buf), "=a"(status) : "d"(quality), "D"(buf)); - + /* bits[0..4] of status word contains the number of bytes read */ len -= status & 0x1F; } @@ -78,7 +78,7 @@ static void allocate_bytes(private_padlock_rng_t *this, size_t bytes, chunk->len = bytes; /* padlock requires some additional bytes */ chunk->ptr = malloc(bytes + 7); - + rng(chunk->ptr, chunk->len, this->quality); } @@ -89,7 +89,7 @@ static void get_bytes(private_padlock_rng_t *this, size_t bytes, u_int8_t *buffer) { chunk_t chunk; - + /* Padlock needs a larger buffer than "bytes", we need a new buffer */ allocate_bytes(this, bytes, &chunk); memcpy(buffer, chunk.ptr, bytes); @@ -110,11 +110,11 @@ static void destroy(private_padlock_rng_t *this) padlock_rng_t *padlock_rng_create(rng_quality_t quality) { private_padlock_rng_t *this = malloc_thing(private_padlock_rng_t); - + this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; this->public.rng.destroy = (void (*) (rng_t *))destroy; - + /* map RNG quality to Padlock quality factor */ switch (quality) { @@ -128,7 +128,7 @@ padlock_rng_t *padlock_rng_create(rng_quality_t quality) this->quality = PADLOCK_QF3; break; } - + return &this->public; } diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.h b/src/libstrongswan/plugins/padlock/padlock_rng.h index 237d8fbe2..776be8937 100644 --- a/src/libstrongswan/plugins/padlock/padlock_rng.h +++ b/src/libstrongswan/plugins/padlock/padlock_rng.h @@ -29,7 +29,7 @@ typedef struct padlock_rng_t padlock_rng_t; * Hardware-RNG based on via Padlock. */ struct padlock_rng_t { - + /** * Implements rng_t interface. */ @@ -44,4 +44,4 @@ struct padlock_rng_t { */ padlock_rng_t *padlock_rng_create(rng_quality_t quality); -#endif /** PADLOCK_RNG_ @}*/ +#endif /** PADLOCK_RNG_H_ @}*/ diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c index b5a6abc64..60b516675 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c @@ -32,7 +32,7 @@ struct private_padlock_sha1_hasher_t { * Public interface for this hasher. */ padlock_sha1_hasher_t public; - + /** * data collected to hash */ @@ -45,8 +45,8 @@ struct private_padlock_sha1_hasher_t { static void padlock_sha1(int len, u_char *in, u_char *out) { /* rep xsha1 */ - asm volatile ( - ".byte 0xf3, 0x0f, 0xa6, 0xc8" + asm volatile ( + ".byte 0xf3, 0x0f, 0xa6, 0xc8" : "+S"(in), "+D"(out) : "c"(len), "a"(0)); } @@ -57,7 +57,7 @@ static void padlock_sha1(int len, u_char *in, u_char *out) static void sha1(chunk_t data, u_int32_t *digest) { u_int32_t hash[128] PADLOCK_ALIGN; - + hash[0] = 0x67452301; hash[1] = 0xefcdab89; hash[2] = 0x98badcfe; @@ -105,14 +105,14 @@ static void get_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk, sha1(this->data, (u_int32_t*)hash); } else - { /* hash directly if no previous data found */ + { /* hash directly if no previous data found */ sha1(chunk, (u_int32_t*)hash); } reset(this); } else { - append_data(this, chunk); + append_data(this, chunk); } } @@ -129,10 +129,10 @@ static void allocate_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk, } else { - get_hash(this, chunk, NULL); + get_hash(this, chunk, NULL); } } - + /** * Implementation of hasher_t.get_hash_size. */ @@ -156,20 +156,20 @@ static void destroy(private_padlock_sha1_hasher_t *this) padlock_sha1_hasher_t *padlock_sha1_hasher_create(hash_algorithm_t algo) { private_padlock_sha1_hasher_t *this; - + if (algo != HASH_SHA1) { return NULL; } - + this = malloc_thing(private_padlock_sha1_hasher_t); this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + this->data = chunk_empty; - + return &(this->public); } diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h index afa1e046d..740bdfe98 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h @@ -30,7 +30,7 @@ typedef struct padlock_sha1_hasher_t padlock_sha1_hasher_t; * Implementation of hasher_t interface using the SHA1 algorithm. */ struct padlock_sha1_hasher_t { - + /** * Implements hasher_t interface. */ diff --git a/src/libstrongswan/plugins/pem/Makefile.am b/src/libstrongswan/plugins/pem/Makefile.am new file mode 100644 index 000000000..98f356aaf --- /dev/null +++ b/src/libstrongswan/plugins/pem/Makefile.am @@ -0,0 +1,12 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-pem.la + +libstrongswan_pem_la_SOURCES = pem_plugin.h pem_plugin.c \ + pem_builder.c pem_builder.h + +libstrongswan_pem_la_LDFLAGS = -module -avoid-version + diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in new file mode 100644 index 000000000..e81b4f78f --- /dev/null +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -0,0 +1,569 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/pem +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_pem_la_LIBADD = +am_libstrongswan_pem_la_OBJECTS = pem_plugin.lo pem_builder.lo +libstrongswan_pem_la_OBJECTS = $(am_libstrongswan_pem_la_OBJECTS) +libstrongswan_pem_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_pem_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_pem_la_SOURCES) +DIST_SOURCES = $(libstrongswan_pem_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-pem.la +libstrongswan_pem_la_SOURCES = pem_plugin.h pem_plugin.c \ + pem_builder.c pem_builder.h + +libstrongswan_pem_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pem/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/pem/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-pem.la: $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_DEPENDENCIES) + $(libstrongswan_pem_la_LINK) -rpath $(plugindir) $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_builder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c new file mode 100644 index 000000000..2f285e9bc --- /dev/null +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -0,0 +1,566 @@ +/* + * Copyright (C) 2009 Martin Willi + * Copyright (C) 2001-2008 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pem_builder.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#define PKCS5_SALT_LEN 8 /* bytes */ + +/** + * check the presence of a pattern in a character string, skip if found + */ +static bool present(char* pattern, chunk_t* ch) +{ + u_int len = strlen(pattern); + + if (ch->len >= len && strneq(ch->ptr, pattern, len)) + { + *ch = chunk_skip(*ch, len); + return TRUE; + } + return FALSE; +} + +/** + * find a boundary of the form -----tag name----- + */ +static bool find_boundary(char* tag, chunk_t *line) +{ + chunk_t name = chunk_empty; + + if (!present("-----", line) || + !present(tag, line) || + *line->ptr != ' ') + { + return FALSE; + } + *line = chunk_skip(*line, 1); + + /* extract name */ + name.ptr = line->ptr; + while (line->len > 0) + { + if (present("-----", line)) + { + DBG2(" -----%s %.*s-----", tag, (int)name.len, name.ptr); + return TRUE; + } + line->ptr++; line->len--; name.len++; + } + return FALSE; +} + +/* + * decrypts a passphrase protected encrypted data block + */ +static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, + size_t key_size, chunk_t iv, chunk_t passphrase) +{ + hasher_t *hasher; + crypter_t *crypter; + chunk_t salt = { iv.ptr, PKCS5_SALT_LEN }; + chunk_t hash; + chunk_t decrypted; + chunk_t key = {alloca(key_size), key_size}; + u_int8_t padding, *last_padding_pos, *first_padding_pos; + + /* build key from passphrase and IV */ + hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); + if (hasher == NULL) + { + DBG1(" MD5 hash algorithm not available"); + return NOT_SUPPORTED; + } + hash.len = hasher->get_hash_size(hasher); + hash.ptr = alloca(hash.len); + hasher->get_hash(hasher, passphrase, NULL); + hasher->get_hash(hasher, salt, hash.ptr); + memcpy(key.ptr, hash.ptr, hash.len); + + if (key.len > hash.len) + { + hasher->get_hash(hasher, hash, NULL); + hasher->get_hash(hasher, passphrase, NULL); + hasher->get_hash(hasher, salt, hash.ptr); + memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len); + } + hasher->destroy(hasher); + + /* decrypt blob */ + crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size); + if (crypter == NULL) + { + DBG1(" %N encryption algorithm not available", + encryption_algorithm_names, alg); + return NOT_SUPPORTED; + } + crypter->set_key(crypter, key); + + if (iv.len != crypter->get_block_size(crypter) || + blob->len % iv.len) + { + crypter->destroy(crypter); + DBG1(" data size is not multiple of block size"); + return PARSE_ERROR; + } + crypter->decrypt(crypter, *blob, iv, &decrypted); + crypter->destroy(crypter); + memcpy(blob->ptr, decrypted.ptr, blob->len); + chunk_free(&decrypted); + + /* determine amount of padding */ + last_padding_pos = blob->ptr + blob->len - 1; + padding = *last_padding_pos; + if (padding > blob->len) + { + first_padding_pos = blob->ptr; + } + else + { + first_padding_pos = last_padding_pos - padding; + } + /* check the padding pattern */ + while (--last_padding_pos > first_padding_pos) + { + if (*last_padding_pos != padding) + { + DBG1(" invalid passphrase"); + return INVALID_ARG; + } + } + /* remove padding */ + blob->len -= padding; + return SUCCESS; +} + +/** + * Converts a PEM encoded file into its binary form (RFC 1421, RFC 934) + */ +static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data, + bool *pgp) +{ + typedef enum { + PEM_PRE = 0, + PEM_MSG = 1, + PEM_HEADER = 2, + PEM_BODY = 3, + PEM_POST = 4, + PEM_ABORT = 5 + } state_t; + + encryption_algorithm_t alg = ENCR_UNDEFINED; + size_t key_size = 0; + bool encrypted = FALSE; + state_t state = PEM_PRE; + chunk_t src = *blob; + chunk_t dst = *blob; + chunk_t line = chunk_empty; + chunk_t iv = chunk_empty; + chunk_t passphrase; + int try = 0; + u_char iv_buf[HASH_SIZE_MD5]; + + dst.len = 0; + iv.ptr = iv_buf; + iv.len = 0; + + while (fetchline(&src, &line)) + { + if (state == PEM_PRE) + { + if (find_boundary("BEGIN", &line)) + { + state = PEM_MSG; + } + continue; + } + else + { + if (find_boundary("END", &line)) + { + state = PEM_POST; + break; + } + if (state == PEM_MSG) + { + state = PEM_HEADER; + if (memchr(line.ptr, ':', line.len) == NULL) + { + state = PEM_BODY; + } + } + if (state == PEM_HEADER) + { + err_t ugh = NULL; + chunk_t name = chunk_empty; + chunk_t value = chunk_empty; + + /* an empty line separates HEADER and BODY */ + if (line.len == 0) + { + state = PEM_BODY; + continue; + } + + /* we are looking for a parameter: value pair */ + DBG2(" %.*s", (int)line.len, line.ptr); + ugh = extract_parameter_value(&name, &value, &line); + if (ugh != NULL) + { + continue; + } + if (match("Proc-Type", &name) && *value.ptr == '4') + { + encrypted = TRUE; + } + else if (match("DEK-Info", &name)) + { + chunk_t dek; + + if (!extract_token(&dek, ',', &value)) + { + dek = value; + } + if (match("DES-EDE3-CBC", &dek)) + { + alg = ENCR_3DES; + key_size = 24; + } + else if (match("AES-128-CBC", &dek)) + { + alg = ENCR_AES_CBC; + key_size = 16; + } + else if (match("AES-192-CBC", &dek)) + { + alg = ENCR_AES_CBC; + key_size = 24; + } + else if (match("AES-256-CBC", &dek)) + { + alg = ENCR_AES_CBC; + key_size = 32; + } + else + { + DBG1(" encryption algorithm '%.*s' not supported", + dek.len, dek.ptr); + return NOT_SUPPORTED; + } + eat_whitespace(&value); + iv = chunk_from_hex(value, iv.ptr); + } + } + else /* state is PEM_BODY */ + { + chunk_t data; + + /* remove any trailing whitespace */ + if (!extract_token(&data ,' ', &line)) + { + data = line; + } + + /* check for PGP armor checksum */ + if (*data.ptr == '=') + { + *pgp = TRUE; + data.ptr++; + data.len--; + DBG2(" armor checksum: %.*s", (int)data.len, data.ptr); + continue; + } + + if (blob->len - dst.len < data.len / 4 * 3) + { + state = PEM_ABORT; + } + data = chunk_from_base64(data, dst.ptr); + + dst.ptr += data.len; + dst.len += data.len; + } + } + } + /* set length to size of binary blob */ + blob->len = dst.len; + + if (state != PEM_POST) + { + DBG1(" file coded in unknown format, discarded"); + return PARSE_ERROR; + } + if (!encrypted) + { + return SUCCESS; + } + if (!cb) + { + DBG1(" missing passphrase"); + return INVALID_ARG; + } + while (TRUE) + { + passphrase = cb(cb_data, ++try); + if (!passphrase.len || !passphrase.ptr) + { + return INVALID_ARG; + } + switch (pem_decrypt(blob, alg, key_size, iv, passphrase)) + { + case INVALID_ARG: + /* bad passphrase, retry */ + continue; + case SUCCESS: + return SUCCESS; + default: + return FAILED; + } + } +} + +/** + * load the credential from a blob + */ +static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype, + chunk_t(*cb)(void*,int), void *cb_data, + x509_flag_t flags) +{ + void *cred = NULL; + bool pgp = FALSE; + + blob = chunk_clone(blob); + if (!is_asn1(blob)) + { + if (pem_to_bin(&blob, cb, cb_data, &pgp) != SUCCESS) + { + chunk_clear(&blob); + return NULL; + } + if (pgp && type == CRED_PRIVATE_KEY) + { + /* PGP encoded keys are parsed with a KEY_ANY key type, as it + * can contain any type of key. However, ipsec.secrets uses + * RSA for PGP keys, which is actually wrong. */ + subtype = KEY_ANY; + } + } + /* if CERT_ANY is given, ASN1 encoded blob is handled as X509 */ + if (type == CRED_CERTIFICATE && subtype == CERT_ANY) + { + subtype = pgp ? CERT_GPG : CERT_X509; + } + cred = lib->creds->create(lib->creds, type, subtype, + pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob, + flags ? BUILD_X509_FLAG : BUILD_END, + flags, BUILD_END); + chunk_clear(&blob); + return cred; +} + +/** + * load the credential from a file + */ +static void *load_from_file(char *file, credential_type_t type, int subtype, + chunk_t(*cb)(void*,int), void *cb_data, + x509_flag_t flags) +{ + void *cred = NULL; + struct stat sb; + void *addr; + int fd; + + fd = open(file, O_RDONLY); + if (fd == -1) + { + DBG1(" opening '%s' failed: %s", file, strerror(errno)); + return NULL; + } + + if (fstat(fd, &sb) == -1) + { + DBG1(" getting file size of '%s' failed: %s", file, strerror(errno)); + close(fd); + return NULL; + } + + addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (addr == MAP_FAILED) + { + DBG1(" mapping '%s' failed: %s", file, strerror(errno)); + close(fd); + return NULL; + } + + cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, + cb, cb_data, flags); + + munmap(addr, sb.st_size); + close(fd); + return cred; +} + +/** + * load the credential from a file descriptor + */ +static void *load_from_fd(int fd, credential_type_t type, int subtype, + chunk_t(*cb)(void*,int), void *cb_data, + x509_flag_t flags) +{ + char buf[8096]; + char *pos = buf; + ssize_t len, total = 0; + + while (TRUE) + { + len = read(fd, pos, buf + sizeof(buf) - pos); + if (len < 0) + { + DBG1("reading from file descriptor failed: %s", strerror(errno)); + return NULL; + } + if (len == 0) + { + break; + } + total += len; + if (total == sizeof(buf)) + { + DBG1("buffer too small to read from file descriptor"); + return NULL; + } + } + return load_from_blob(chunk_create(buf, total), type, subtype, + cb, cb_data, flags); +} + +/** + * passphrase callback to use if passphrase given + */ +static chunk_t given_passphrase_cb(chunk_t *passphrase, int try) +{ + if (try > 1) + { /* try only once for given passphrases */ + return chunk_empty; + } + return *passphrase; +} + +/** + * Load all kind of PEM encoded credentials. + */ +static void *pem_load(credential_type_t type, int subtype, va_list args) +{ + char *file = NULL; + int fd = -1; + chunk_t pem = chunk_empty, passphrase = chunk_empty; + chunk_t (*cb)(void *data, int try) = NULL; + void *cb_data = NULL; + int flags = 0; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_FROM_FILE: + file = va_arg(args, char*); + continue; + case BUILD_FROM_FD: + fd = va_arg(args, int); + continue; + case BUILD_BLOB_PEM: + pem = va_arg(args, chunk_t); + continue; + case BUILD_PASSPHRASE: + passphrase = va_arg(args, chunk_t); + if (passphrase.len && passphrase.ptr) + { + cb = (void*)given_passphrase_cb; + cb_data = &passphrase; + } + continue; + case BUILD_PASSPHRASE_CALLBACK: + cb = va_arg(args, chunk_t(*)(void*,int)); + cb_data = va_arg(args, void*); + continue; + case BUILD_X509_FLAG: + flags = va_arg(args, int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (pem.ptr) + { + return load_from_blob(pem, type, subtype, cb, cb_data, flags); + } + if (file) + { + return load_from_file(file, type, subtype, cb, cb_data, flags); + } + if (fd != -1) + { + return load_from_fd(fd, type, subtype, cb, cb_data, flags); + } + return NULL; +} + +/** + * Private key PEM loader. + */ +private_key_t *pem_private_key_load(key_type_t type, va_list args) +{ + return pem_load(CRED_PRIVATE_KEY, type, args); +} + +/** + * Public key PEM loader. + */ +public_key_t *pem_public_key_load(key_type_t type, va_list args) +{ + return pem_load(CRED_PUBLIC_KEY, type, args); +} + +/** + * Certificate PEM loader. + */ +certificate_t *pem_certificate_load(certificate_type_t type, va_list args) +{ + return pem_load(CRED_CERTIFICATE, type, args); +} + diff --git a/src/libstrongswan/plugins/pem/pem_builder.h b/src/libstrongswan/plugins/pem/pem_builder.h new file mode 100644 index 000000000..189a5430f --- /dev/null +++ b/src/libstrongswan/plugins/pem/pem_builder.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pem_builder pem_builder + * @{ @ingroup pem_p + */ + +#ifndef PEM_PRIVATE_KEY_H_ +#define PEM_PRIVATE_KEY_H_ + +#include +#include +#include +#include + +/** + * Load PEM encoded private keys. + * + * @param type type of the key + * @param args builder_part_t argument list + * @return private key, NULL if failed + */ +private_key_t *pem_private_key_load(key_type_t type, va_list args); + +/** + * Load PEM encoded public keys. + * + * @param type type of the key + * @param args builder_part_t argument list + * @return public key, NULL if failed + */ +public_key_t *pem_public_key_load(key_type_t type, va_list args); + +/** + * Build PEM encoded certificates. + * + * @param type type of the certificate + * @param args builder_part_t argument list + * @return certificate, NULL if failed + */ +certificate_t *pem_certificate_load(certificate_type_t type, va_list args); + +#endif /** PEM_PRIVATE_KEY_H_ @}*/ + diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c new file mode 100644 index 000000000..5a5149ca8 --- /dev/null +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -0,0 +1,105 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pem_plugin.h" + +#include +#include "pem_builder.h" + +typedef struct private_pem_plugin_t private_pem_plugin_t; + +/** + * private data of pem_plugin + */ +struct private_pem_plugin_t { + + /** + * public functions + */ + pem_plugin_t public; +}; + +/** + * Implementation of pem_plugin_t.pemtroy + */ +static void destroy(private_pem_plugin_t *this) +{ + lib->creds->remove_builder(lib->creds, + (builder_function_t)pem_private_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)pem_public_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)pem_certificate_load); + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + private_pem_plugin_t *this = malloc_thing(private_pem_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + /* register private key PEM decoding builders */ + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + (builder_function_t)pem_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)pem_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + (builder_function_t)pem_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_DSA, + (builder_function_t)pem_private_key_load); + + /* register public key PEM decoding builders */ + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + (builder_function_t)pem_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + (builder_function_t)pem_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, + (builder_function_t)pem_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_DSA, + (builder_function_t)pem_public_key_load); + + /* register certificate PEM decoding builders */ + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_ANY, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, + (builder_function_t)pem_certificate_load); + + /* register pluto specific certificate formats */ + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, + (builder_function_t)pem_certificate_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, + (builder_function_t)pem_certificate_load); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/pem/pem_plugin.h b/src/libstrongswan/plugins/pem/pem_plugin.h new file mode 100644 index 000000000..75616c496 --- /dev/null +++ b/src/libstrongswan/plugins/pem/pem_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pem_p pem + * @ingroup plugins + * + * @defgroup pem_plugin pem_plugin + * @{ @ingroup pem_p + */ + +#ifndef PEM_PLUGIN_H_ +#define PEM_PLUGIN_H_ + +#include + +typedef struct pem_plugin_t pem_plugin_t; + +/** + * Plugin providing support to load credentials in PEM format + */ +struct pem_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a pem_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** PEM_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/Makefile.am b/src/libstrongswan/plugins/pgp/Makefile.am new file mode 100644 index 000000000..c232971bb --- /dev/null +++ b/src/libstrongswan/plugins/pgp/Makefile.am @@ -0,0 +1,15 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-pgp.la + +libstrongswan_pgp_la_SOURCES = pgp_plugin.h pgp_plugin.c \ + pgp_utils.h pgp_utils.c \ + pgp_cert.h pgp_cert.c \ + pgp_encoder.h pgp_encoder.c \ + pgp_builder.h pgp_builder.c + +libstrongswan_pgp_la_LDFLAGS = -module -avoid-version + diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in new file mode 100644 index 000000000..70840c400 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -0,0 +1,576 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/pgp +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_pgp_la_LIBADD = +am_libstrongswan_pgp_la_OBJECTS = pgp_plugin.lo pgp_utils.lo \ + pgp_cert.lo pgp_encoder.lo pgp_builder.lo +libstrongswan_pgp_la_OBJECTS = $(am_libstrongswan_pgp_la_OBJECTS) +libstrongswan_pgp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_pgp_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_pgp_la_SOURCES) +DIST_SOURCES = $(libstrongswan_pgp_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-pgp.la +libstrongswan_pgp_la_SOURCES = pgp_plugin.h pgp_plugin.c \ + pgp_utils.h pgp_utils.c \ + pgp_cert.h pgp_cert.c \ + pgp_encoder.h pgp_encoder.c \ + pgp_builder.h pgp_builder.c + +libstrongswan_pgp_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pgp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/pgp/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-pgp.la: $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_DEPENDENCIES) + $(libstrongswan_pgp_la_LINK) -rpath $(plugindir) $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp_builder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp_cert.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp_encoder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp_utils.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c new file mode 100644 index 000000000..d262d18ff --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_builder.c @@ -0,0 +1,275 @@ +/* + * Copyright (C) 2009 Martin Willi + * Copyright (C) 2002-2009 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pgp_builder.h" +#include "pgp_utils.h" + +#include +#include +#include + +/** + * Load a generic public key from a PGP packet + */ +static public_key_t *parse_public_key(chunk_t blob) +{ + u_int32_t alg; + public_key_t *key; + + if (!pgp_read_scalar(&blob, 1, &alg)) + { + return NULL; + } + switch (alg) + { + case PGP_PUBKEY_ALG_RSA: + case PGP_PUBKEY_ALG_RSA_SIGN_ONLY: + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_BLOB_PGP, blob, BUILD_END); + break; + default: + DBG1("PGP public key algorithm %N not supported", + pgp_pubkey_alg_names, alg); + return NULL; + } + return key; +} + +/** + * Load a RSA public key from a PGP packet + */ +static public_key_t *parse_rsa_public_key(chunk_t blob) +{ + chunk_t mpi[2]; + int i; + + for (i = 0; i < 2; i++) + { + if (!pgp_read_mpi(&blob, &mpi[i])) + { + return NULL; + } + } + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, mpi[0], BUILD_RSA_PUB_EXP, mpi[1], + BUILD_END); +} + +/** + * Load a RSA private key from a PGP packet + */ +static private_key_t *parse_rsa_private_key(chunk_t blob) +{ + chunk_t mpi[6]; + u_int32_t s2k; + int i; + + for (i = 0; i < 2; i++) + { + if (!pgp_read_mpi(&blob, &mpi[i])) + { + return NULL; + } + } + if (!pgp_read_scalar(&blob, 1, &s2k)) + { + return NULL; + } + if (s2k == 255 || s2k == 254) + { + DBG1("string-to-key specifiers not supported"); + return NULL; + } + if (s2k != PGP_SYM_ALG_PLAIN) + { + DBG1("%N private key encryption not supported", pgp_sym_alg_names, s2k); + return NULL; + } + + for (i = 2; i < 6; i++) + { + if (!pgp_read_mpi(&blob, &mpi[i])) + { + return NULL; + } + } + + /* PGP has uses p < q, but we use p > q */ + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_RSA_MODULUS, mpi[0], BUILD_RSA_PUB_EXP, mpi[1], + BUILD_RSA_PRIV_EXP, mpi[2], BUILD_RSA_PRIME2, mpi[3], + BUILD_RSA_PRIME1, mpi[4], BUILD_RSA_COEFF, mpi[5], + BUILD_END); +} + +/** + * Implementation of private_key_t.sign for encryption-only keys + */ +static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *signature) +{ + DBG1("signing failed - decryption only key"); + return FALSE; +} + +/** + * Implementation of private_key_t.decrypt for signature-only keys + */ +static bool decrypt_not_allowed(private_key_t *this, + chunk_t crypto, chunk_t *plain) +{ + DBG1("decryption failed - signature only key"); + return FALSE; +} + +/** + * Load a generic private key from a PGP packet + */ +static private_key_t *parse_private_key(chunk_t blob) +{ + chunk_t packet; + pgp_packet_tag_t tag; + u_int32_t version, created, days, alg; + private_key_t *key; + + if (!pgp_read_packet(&blob, &packet, &tag)) + { + return NULL; + } + if (!pgp_read_scalar(&packet, 1, &version)) + { + return FALSE; + } + switch (version) + { + case 3: + if (!pgp_read_scalar(&packet, 2, &days)) + { + return NULL; + } + break; + case 4: + break; + default: + DBG1("PGP packet version V%d not supported", version); + return FALSE; + } + if (!pgp_read_scalar(&packet, 4, &created)) + { + return NULL; + } + if (!pgp_read_scalar(&packet, 1, &alg)) + { + return NULL; + } + switch (alg) + { + case PGP_PUBKEY_ALG_RSA: + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_BLOB_PGP, packet, BUILD_END); + case PGP_PUBKEY_ALG_RSA_ENC_ONLY: + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_BLOB_PGP, packet, BUILD_END); + if (key) + { + key->sign = sign_not_allowed; + } + return key; + case PGP_PUBKEY_ALG_RSA_SIGN_ONLY: + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_BLOB_PGP, packet, BUILD_END); + if (key) + { + key->decrypt = decrypt_not_allowed; + } + return key; + case PGP_PUBKEY_ALG_ECDSA: + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + BUILD_BLOB_PGP, packet, BUILD_END); + case PGP_PUBKEY_ALG_ELGAMAL_ENC_ONLY: + case PGP_PUBKEY_ALG_DSA: + case PGP_PUBKEY_ALG_ECC: + case PGP_PUBKEY_ALG_ELGAMAL: + case PGP_PUBKEY_ALG_DIFFIE_HELLMAN: + default: + return NULL; + } +} + +/** + * See header. + */ +public_key_t *pgp_public_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_PGP: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + switch (type) + { + case KEY_ANY: + return parse_public_key(blob); + case KEY_RSA: + return parse_rsa_public_key(blob); + default: + return NULL; + } +} + +/** + * See header. + */ +private_key_t *pgp_private_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_PGP: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + switch (type) + { + case KEY_ANY: + return parse_private_key(blob); + case KEY_RSA: + return parse_rsa_private_key(blob); + default: + return NULL; + } +} + diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.h b/src/libstrongswan/plugins/pgp/pgp_builder.h new file mode 100644 index 000000000..1168babd6 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_builder.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pgp_public_key pgp_public_key + * @{ @ingroup pgp + */ + +#ifndef PGP_BUILDER_H_ +#define PGP_BUILDER_H_ + +#include +#include + +/** + * Load a generic or an RSA public key using PGP decoding. + * + * @param type type of the key, either KEY_ANY or KEY_RSA + * @param args builder_part_t argument list + * @return private key, NULL if failed + */ +public_key_t *pgp_public_key_load(key_type_t type, va_list args); + +/** + * Load a generic or RSA private key using PGP decoding. + * + * @param type type of the key, either KEY_ANY or KEY_RSA + * @param args builder_part_t argument list + * @return builder instance + */ +private_key_t *pgp_private_key_load(key_type_t type, va_list args); + +#endif /** PGP_BUILDER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c new file mode 100644 index 000000000..fa2612285 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_cert.c @@ -0,0 +1,501 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pgp_cert.h" +#include "pgp_utils.h" + +#include + +#include + +typedef struct private_pgp_cert_t private_pgp_cert_t; + +/** + * Private data of an pgp_cert_t object. + */ +struct private_pgp_cert_t { + + /** + * Implements pgp_cert_t interface. + */ + pgp_cert_t public; + + /** + * Public key of the certificate + */ + public_key_t *key; + + /** + * version of the public key + */ + u_int32_t version; + + /** + * creation time + */ + u_int32_t created; + + /** + * days the certificate is valid + */ + u_int32_t valid; + + /** + * userid of the certificate + */ + identification_t *user_id; + + /** + * v3 or v4 fingerprint of the PGP public key + */ + chunk_t fingerprint; + + /** + * full PGP encoding + */ + chunk_t encoding; + + /** + * reference counter + */ + refcount_t ref; +}; + + +/** + * Implementation of certificate_t.get_type + */ +static certificate_type_t get_type(private_pgp_cert_t *this) +{ + return CERT_GPG; +} + +/** + * Implementation of certificate_t.get_subject + */ +static identification_t* get_subject(private_pgp_cert_t *this) +{ + return this->user_id; +} + +/** + * Implementation of certificate_t.get_issuer + */ +static identification_t* get_issuer(private_pgp_cert_t *this) +{ + return this->user_id; +} + +/** + * Implementation of certificate_t.has_subject. + */ +static id_match_t has_subject(private_pgp_cert_t *this, + identification_t *subject) +{ + id_match_t match_user_id; + + match_user_id = this->user_id->matches(this->user_id, subject); + if (match_user_id == ID_MATCH_NONE && + subject->get_type(subject) == ID_KEY_ID && + chunk_equals(this->fingerprint, subject->get_encoding(subject))) + { + return ID_MATCH_PERFECT; + } + return match_user_id; +} + +/** + * Implementation of certificate_t.has_subject. + */ +static id_match_t has_issuer(private_pgp_cert_t *this, identification_t *issuer) +{ + return ID_MATCH_NONE; +} + +/** + * Implementation of certificate_t.issued_by + */ +static bool issued_by(private_pgp_cert_t *this, certificate_t *issuer) +{ + /* TODO: check signature blobs for a valid signature */ + return FALSE; +} + +/** + * Implementation of certificate_t.get_public_key + */ +static public_key_t* get_public_key(private_pgp_cert_t *this) +{ + this->key->get_ref(this->key); + return this->key; +} + +/** + * Implementation of certificate_t.get_ref + */ +static private_pgp_cert_t* get_ref(private_pgp_cert_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of certificate_t.get_validity. + */ +static bool get_validity(private_pgp_cert_t *this, time_t *when, + time_t *not_before, time_t *not_after) +{ + time_t t, until; + + if (when) + { + t = *when; + } + else + { + t = time(NULL); + } + if (not_before) + { + *not_before = this->created; + } + if (this->valid) + { + until = this->valid + this->created * 24 * 60 * 60; + } + else + { + /* Jan 19 03:14:07 UTC 2038 */ + until = TIME_32_BIT_SIGNED_MAX; + } + if (not_after) + { + *not_after = until; + } + return (t >= this->valid && t <= until); +} + +/** + * Implementation of certificate_t.is_newer. + */ +static bool is_newer(certificate_t *this, certificate_t *that) +{ + time_t this_update, that_update, now = time(NULL); + bool new; + + this->get_validity(this, &now, &this_update, NULL); + that->get_validity(that, &now, &that_update, NULL); + new = this_update > that_update; + DBG1(" certificate from %T is %s - existing certificate from %T %s", + &this_update, FALSE, new ? "newer":"not newer", + &that_update, FALSE, new ? "replaced":"retained"); + return new; +} + +/** + * Implementation of certificate_t.get_encoding. + */ +static chunk_t get_encoding(private_pgp_cert_t *this) +{ + return chunk_clone(this->encoding); +} + +/** + * Implementation of certificate_t.equals. + */ +static bool equals(private_pgp_cert_t *this, certificate_t *other) +{ + chunk_t encoding; + bool equal; + + if (this == (private_pgp_cert_t*)other) + { + return TRUE; + } + if (other->get_type(other) != CERT_X509) + { + return FALSE; + } + if (other->equals == (void*)equals) + { /* skip allocation if we have the same implementation */ + return chunk_equals(this->encoding, ((private_pgp_cert_t*)other)->encoding); + } + encoding = other->get_encoding(other); + equal = chunk_equals(this->encoding, encoding); + free(encoding.ptr); + return equal; +} + +/** + * Implementation of pgp_cert_t.destroy. + */ +static void destroy(private_pgp_cert_t *this) +{ + if (ref_put(&this->ref)) + { + DESTROY_IF(this->key); + DESTROY_IF(this->user_id); + free(this->fingerprint.ptr); + free(this->encoding.ptr); + free(this); + } +} + +/** + * Implementation of pgp_certificate_t.get_fingerprint. + */ +static chunk_t get_fingerprint(private_pgp_cert_t *this) +{ + return this->fingerprint; +} + +/** + * See header + */ +private_pgp_cert_t *create_empty() +{ + private_pgp_cert_t *this = malloc_thing(private_pgp_cert_t); + + this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; + this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; + this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer; + this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; + this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer; + this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; + this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; + this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; + this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer; + this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding; + this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; + this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; + this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; + this->public.interface.get_fingerprint = (chunk_t (*)(pgp_certificate_t*))get_fingerprint; + + this->key = NULL; + this->version = 0; + this->created = 0; + this->valid = 0; + this->user_id = NULL; + this->fingerprint = chunk_empty; + this->encoding = chunk_empty; + this->ref = 1; + + return this; +} + +/** + * Parse the public key packet of a PGP certificate + */ +static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) +{ + chunk_t pubkey_packet = packet; + + if (!pgp_read_scalar(&packet, 1, &this->version)) + { + return FALSE; + } + switch (this->version) + { + case 3: + if (!pgp_read_scalar(&packet, 4, &this->created) || + !pgp_read_scalar(&packet, 2, &this->valid)) + { + return FALSE; + } + break; + case 4: + if (!pgp_read_scalar(&packet, 4, &this->created)) + { + return FALSE; + } + break; + default: + DBG1("PGP packet version V%d not supported", this->version); + return FALSE; + } + if (this->valid) + { + DBG2("L2 - created %T, valid %d days", &this->created, FALSE, this->valid); + } + else + { + DBG2("L2 - created %T, never expires", &this->created, FALSE); + } + DESTROY_IF(this->key); + this->key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + BUILD_BLOB_PGP, packet, BUILD_END); + if (this->key == NULL) + { + return FALSE; + } + + /* compute V4 or V3 fingerprint according to section 12.2 of RFC 4880 */ + if (this->version == 4) + { + chunk_t pubkey_packet_header = chunk_from_chars( + 0x99, pubkey_packet.len / 256, pubkey_packet.len % 256 + ); + hasher_t *hasher; + + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (hasher == NULL) + { + DBG1("no SHA-1 hasher available"); + return FALSE; + } + hasher->allocate_hash(hasher, pubkey_packet_header, NULL); + hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint); + hasher->destroy(hasher); + DBG2("L2 - v4 fingerprint %#B", &this->fingerprint); + } + else + { + /* V3 fingerprint is computed by public_key_t class */ + if (!this->key->get_fingerprint(this->key, KEY_ID_PGPV3, + &this->fingerprint)) + { + return FALSE; + } + this->fingerprint = chunk_clone(this->fingerprint); + DBG2("L2 - v3 fingerprint %#B", &this->fingerprint); + } + return TRUE; +} + +/** + * Parse the signature packet of a PGP certificate + */ +static bool parse_signature(private_pgp_cert_t *this, chunk_t packet) +{ + u_int32_t version, len, type, created; + + if (!pgp_read_scalar(&packet, 1, &version)) + { + return FALSE; + } + + /* we parse only v3 or v4 signature packets */ + if (version != 3 && version != 4) + { + DBG2("L2 - v%d signature ignored", version); + return TRUE; + } + if (version == 4) + { + if (!pgp_read_scalar(&packet, 1, &type)) + { + return FALSE; + } + DBG2("L2 - v%d signature of type 0x%02x", version, type); + } + else + { + if (!pgp_read_scalar(&packet, 1, &len) || len != 5) + { + return FALSE; + } + if (!pgp_read_scalar(&packet, 1, &type) || + !pgp_read_scalar(&packet, 4, &created)) + { + return FALSE; + } + DBG2("L2 - v3 signature of type 0x%02x, created %T", type, + &created, FALSE); + } + /* TODO: parse and save signature to a list */ + return TRUE; +} + +/** + * Parse the userid packet of a PGP certificate + */ +static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet) +{ + DESTROY_IF(this->user_id); + this->user_id = identification_create_from_encoding(ID_KEY_ID, packet); + DBG2("L2 - '%Y'", this->user_id); + return TRUE; +} + +/** + * See header. + */ +pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args) +{ + chunk_t packet, blob = chunk_empty; + pgp_packet_tag_t tag; + private_pgp_cert_t *this; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_PGP: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + this = create_empty(); + this->encoding = chunk_clone(blob); + while (blob.len) + { + if (!pgp_read_packet(&blob, &packet, &tag)) + { + destroy(this); + return NULL; + } + switch (tag) + { + case PGP_PKT_PUBLIC_KEY: + if (!parse_public_key(this, packet)) + { + destroy(this); + return NULL; + } + break; + case PGP_PKT_SIGNATURE: + if (!parse_signature(this, packet)) + { + destroy(this); + return FALSE; + } + break; + case PGP_PKT_USER_ID: + if (!parse_user_id(this, packet)) + { + destroy(this); + return FALSE; + } + break; + default: + DBG1("ignoring %N packet in PGP certificate", + pgp_packet_tag_names, tag); + break; + } + } + if (this->key) + { + return &this->public; + } + destroy(this); + return NULL; +} + diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.h b/src/libstrongswan/plugins/pgp/pgp_cert.h new file mode 100644 index 000000000..4db795ddc --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_cert.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pgp_cert pgp_cert + * @{ @ingroup pgp + */ + +#ifndef PGP_CERT_H_ +#define PGP_CERT_H_ + +#include + +typedef struct pgp_cert_t pgp_cert_t; + +/** + * PGP certificate implementation. + */ +struct pgp_cert_t { + + /** + * Implements pgp_certificate_t. + */ + pgp_certificate_t interface; +}; + +/** + * Load a PGP certificate. + * + * @param type type of the certificate, CERT_GPG + * @param args builder_part_t argument list + * @return builder instance + */ +pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args); + +#endif /** PGP_CERT_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c new file mode 100644 index 000000000..56acac597 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pgp_encoder.h" + +#include + +/** + * Build a PGPv3 fingerprint + */ +static bool build_v3_fingerprint(chunk_t *encoding, va_list args) +{ + hasher_t *hasher; + chunk_t n, e; + + if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n, + KEY_PART_RSA_PUB_EXP, &e, KEY_PART_END)) + { + hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); + if (!hasher) + { + DBG1("MD5 hash algorithm not supported, PGP fingerprinting failed"); + return FALSE; + } + /* remove leading zero bytes before hashing modulus and exponent */ + while (n.len > 0 && n.ptr[0] == 0x00) + { + n = chunk_skip(n, 1); + } + while (e.len > 0 && e.ptr[0] == 0x00) + { + e = chunk_skip(e, 1); + } + hasher->allocate_hash(hasher, n, NULL); + hasher->allocate_hash(hasher, e, encoding); + hasher->destroy(hasher); + return TRUE; + } + return FALSE; +} + +/** + * See header. + */ +bool pgp_encoder_encode(key_encoding_type_t type, chunk_t *encoding, + va_list args) +{ + switch (type) + { + case KEY_ID_PGPV3: + return build_v3_fingerprint(encoding, args); + default: + return FALSE; + } +} + diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.h b/src/libstrongswan/plugins/pgp/pgp_encoder.h new file mode 100644 index 000000000..9df143399 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_encoder.h @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pgp_encoder pgp_encoder + * @{ @ingroup pgp + */ + +#ifndef PGP_ENCODER_H_ +#define PGP_ENCODER_H_ + +#include + +/** + * Encoding function for PGP fingerprints. + */ +bool pgp_encoder_encode(key_encoding_type_t type, chunk_t *encoding, + va_list args); + +#endif /** PGP_ENCODER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c new file mode 100644 index 000000000..eabb3695f --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pgp_plugin.h" + +#include +#include "pgp_builder.h" +#include "pgp_encoder.h" +#include "pgp_cert.h" + +typedef struct private_pgp_plugin_t private_pgp_plugin_t; + +/** + * private data of pgp_plugin + */ +struct private_pgp_plugin_t { + + /** + * public functions + */ + pgp_plugin_t public; +}; + +/** + * Implementation of pgp_plugin_t.pgptroy + */ +static void destroy(private_pgp_plugin_t *this) +{ + lib->creds->remove_builder(lib->creds, + (builder_function_t)pgp_public_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)pgp_private_key_load); + + lib->creds->remove_builder(lib->creds, + (builder_function_t)pgp_cert_load); + + lib->encoding->remove_encoder(lib->encoding, pgp_encoder_encode); + + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + private_pgp_plugin_t *this = malloc_thing(private_pgp_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + (builder_function_t)pgp_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + (builder_function_t)pgp_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + (builder_function_t)pgp_private_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)pgp_private_key_load); + + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, + (builder_function_t)pgp_cert_load); + + lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.h b/src/libstrongswan/plugins/pgp/pgp_plugin.h new file mode 100644 index 000000000..95765cd76 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pgp pgp + * @ingroup plugins + * + * @defgroup pgp_plugin pgp_plugin + * @{ @ingroup pgp + */ + +#ifndef PGP_PLUGIN_H_ +#define PGP_PLUGIN_H_ + +#include + +typedef struct pgp_plugin_t pgp_plugin_t; + +/** + * Plugin providing PKCS#1 private/public key decoding functions + */ +struct pgp_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a pgp_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** PGP_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c new file mode 100644 index 000000000..1658f3232 --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_utils.c @@ -0,0 +1,180 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pgp_utils.h" + +#include + +ENUM_BEGIN(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_RSA, PGP_PUBKEY_ALG_RSA_SIGN_ONLY, + "RSA", + "RSA_ENC_ONLY", + "RSA_SIGN_ONLY" +); +ENUM_NEXT(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_ELGAMAL_ENC_ONLY, PGP_PUBKEY_ALG_DIFFIE_HELLMAN, PGP_PUBKEY_ALG_RSA_SIGN_ONLY, + "ELGAMAL_ENC_ONLY", + "DSA", + "ECC", + "ECDSA", + "ELGAMAL", + "DIFFIE_HELLMAN" +); +ENUM_END(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_DIFFIE_HELLMAN); + +ENUM(pgp_sym_alg_names, PGP_SYM_ALG_PLAIN, PGP_SYM_ALG_TWOFISH, + "PLAINTEXT", + "IDEA", + "3DES", + "CAST5", + "BLOWFISH", + "SAFER", + "DES", + "AES_128", + "AES_192", + "AES_256", + "TWOFISH" +); + +ENUM_BEGIN(pgp_packet_tag_names, PGP_PKT_RESERVED, PGP_PKT_PUBLIC_SUBKEY, + "Reserved", + "Public-Key Encrypted Session Key Packet", + "Signature Packet", + "Symmetric-Key Encrypted Session Key Packet", + "One-Pass Signature Packet", + "Secret Key Packet", + "Public Key Packet", + "Secret Subkey Packet", + "Compressed Data Packet", + "Symmetrically Encrypted Data Packet", + "Marker Packet", + "Literal Data Packet", + "Trust Packet", + "User ID Packet", + "Public Subkey Packet" +); +ENUM_NEXT(pgp_packet_tag_names, PGP_PKT_USER_ATTRIBUTE, PGP_PKT_MOD_DETECT_CODE, PGP_PKT_PUBLIC_SUBKEY, + "User Attribute Packet", + "Sym. Encrypted and Integrity Protected Data Packet", + "Modification Detection Code Packet" +); +ENUM_END(pgp_packet_tag_names, PGP_PKT_MOD_DETECT_CODE); + +/** + * Read a PGP scalar of bytes length, advance blob + */ +bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar) +{ + u_int32_t res = 0; + + if (bytes > blob->len) + { + DBG1("PGP data too short to read %d byte scalar", bytes); + return FALSE; + } + while (bytes-- > 0) + { + res = 256 * res + blob->ptr[0]; + *blob = chunk_skip(*blob, 1); + } + *scalar = res; + return TRUE; +} + +/** + * Read a PGP MPI, advance blob + */ +bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi) +{ + u_int32_t bits, bytes; + + if (!pgp_read_scalar(blob, 2, &bits)) + { + DBG1("PGP data too short to read MPI length"); + return FALSE; + } + bytes = (bits + 7) / 8; + if (bytes > blob->len) + { + DBG1("PGP data too short to read %d byte MPI", bytes); + return FALSE; + } + *mpi = chunk_create(blob->ptr, bytes); + *blob = chunk_skip(*blob, bytes); + return TRUE; +} + +/** + * Read length of an PGP old packet length encoding + */ +static bool pgp_old_packet_length(chunk_t *blob, u_int32_t *length) +{ + /* bits 0 and 1 define the packet length type */ + u_char type; + + if (!blob->len) + { + return FALSE; + } + type = 0x03 & blob->ptr[0]; + *blob = chunk_skip(*blob, 1); + + if (type > 2) + { + return FALSE; + } + return pgp_read_scalar(blob, type == 0 ? 1 : type * 2, length); +} + +/** + * See header. + */ +bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag) +{ + u_int32_t len; + u_char t; + + if (!blob->len) + { + DBG1("missing input"); + return FALSE; + } + t = blob->ptr[0]; + + /* bit 7 must be set */ + if (!(t & 0x80)) + { + DBG1("invalid packet tag"); + return FALSE; + } + /* bit 6 set defines new packet format */ + if (t & 0x40) + { + DBG1("new PGP packet format not supported"); + return FALSE; + } + + t = (t & 0x3C) >> 2; + if (!pgp_old_packet_length(blob, &len) || len > blob->len) + { + DBG1("invalid packet length"); + return FALSE; + } + *data = chunk_create(blob->ptr, len); + *blob = chunk_skip(*blob, len); + *tag = t; + DBG2("L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len); + DBG3("%B", data); + return TRUE; +} + diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.h b/src/libstrongswan/plugins/pgp/pgp_utils.h new file mode 100644 index 000000000..203a0a85d --- /dev/null +++ b/src/libstrongswan/plugins/pgp/pgp_utils.h @@ -0,0 +1,130 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pgp_utils pgp_utils + * @{ @ingroup pgp + */ + +#ifndef PGP_UTILS_H_ +#define PGP_UTILS_H_ + +#include + +typedef enum pgp_pubkey_alg_t pgp_pubkey_alg_t; +typedef enum pgp_sym_alg_t pgp_sym_alg_t; +typedef enum pgp_packet_tag_t pgp_packet_tag_t; + +/** + * OpenPGP public key algorithms as defined in section 9.1 of RFC 4880 + */ +enum pgp_pubkey_alg_t { + PGP_PUBKEY_ALG_RSA = 1, + PGP_PUBKEY_ALG_RSA_ENC_ONLY = 2, + PGP_PUBKEY_ALG_RSA_SIGN_ONLY = 3, + PGP_PUBKEY_ALG_ELGAMAL_ENC_ONLY = 16, + PGP_PUBKEY_ALG_DSA = 17, + PGP_PUBKEY_ALG_ECC = 18, + PGP_PUBKEY_ALG_ECDSA = 19, + PGP_PUBKEY_ALG_ELGAMAL = 20, + PGP_PUBKEY_ALG_DIFFIE_HELLMAN = 21, +}; + +/** + * Enum names of pgp_pubkey_alg_t + */ +extern enum_name_t *pgp_pubkey_alg_names; + +/** + * OpenPGP symmetric key algorithms as defined in section 9.2 of RFC 4880 + */ +enum pgp_sym_alg_t { + PGP_SYM_ALG_PLAIN = 0, + PGP_SYM_ALG_IDEA = 1, + PGP_SYM_ALG_3DES = 2, + PGP_SYM_ALG_CAST5 = 3, + PGP_SYM_ALG_BLOWFISH = 4, + PGP_SYM_ALG_SAFER = 5, + PGP_SYM_ALG_DES = 6, + PGP_SYM_ALG_AES_128 = 7, + PGP_SYM_ALG_AES_192 = 8, + PGP_SYM_ALG_AES_256 = 9, + PGP_SYM_ALG_TWOFISH = 10 +}; + +/** + * Enum names of pgp_sym_alg_t + */ +extern enum_name_t *pgp_sym_alg_names; + +/** + * OpenPGP packet tags as defined in section 4.3 of RFC 4880 + */ +enum pgp_packet_tag_t { + PGP_PKT_RESERVED = 0, + PGP_PKT_PUBKEY_ENC_SESSION_KEY = 1, + PGP_PKT_SIGNATURE = 2, + PGP_PKT_SYMKEY_ENC_SESSION_KEY = 3, + PGP_PKT_ONE_PASS_SIGNATURE_PKT = 4, + PGP_PKT_SECRET_KEY = 5, + PGP_PKT_PUBLIC_KEY = 6, + PGP_PKT_SECRET_SUBKEY = 7, + PGP_PKT_COMPRESSED_DATA = 8, + PGP_PKT_SYMKEY_ENC_DATA = 9, + PGP_PKT_MARKER = 10, + PGP_PKT_LITERAL_DATA = 11, + PGP_PKT_TRUST = 12, + PGP_PKT_USER_ID = 13, + PGP_PKT_PUBLIC_SUBKEY = 14, + PGP_PKT_USER_ATTRIBUTE = 17, + PGP_PKT_SYM_ENC_INT_PROT_DATA = 18, + PGP_PKT_MOD_DETECT_CODE = 19 +}; + +/** + * Enum names of pgp_packet_tag_t + */ +extern enum_name_t *pgp_packet_tag_names; + +/** + * Parse a PGP encoded MPI. + * + * @param blob blob to read from, gets advanced + * @param mpi parsed MPI value + * @return TRUE if MPI parsed successfully + */ +bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi); + +/** + * Parse a PGP encoded Scalar. + * + * @param blob blob to read from, gets advanced + * @param bytes number of bytes the scalar uses for encoding + * @param scalar resultin scalar + * @return TRUE if scalar parsed successfully + */ +bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar); + +/** + * Parse a PGP packet. + * + * @param blob blob to read from, gets advanced + * @param data contained packet data + * @param tag tag of the parsed PGP packet + * @return TRUE if packet parsed successfully + */ +bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag); + +#endif /** PGP_UTILS_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.am b/src/libstrongswan/plugins/pkcs1/Makefile.am new file mode 100644 index 000000000..88d25a26b --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/Makefile.am @@ -0,0 +1,13 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +plugin_LTLIBRARIES = libstrongswan-pkcs1.la + +libstrongswan_pkcs1_la_SOURCES = pkcs1_plugin.h pkcs1_plugin.c \ + pkcs1_encoder.h pkcs1_encoder.c \ + pkcs1_builder.h pkcs1_builder.c + +libstrongswan_pkcs1_la_LDFLAGS = -module -avoid-version + diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in new file mode 100644 index 000000000..4439cd60f --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -0,0 +1,572 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/pkcs1 +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(plugin_LTLIBRARIES) +libstrongswan_pkcs1_la_LIBADD = +am_libstrongswan_pkcs1_la_OBJECTS = pkcs1_plugin.lo pkcs1_encoder.lo \ + pkcs1_builder.lo +libstrongswan_pkcs1_la_OBJECTS = $(am_libstrongswan_pkcs1_la_OBJECTS) +libstrongswan_pkcs1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_pkcs1_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_pkcs1_la_SOURCES) +DIST_SOURCES = $(libstrongswan_pkcs1_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +plugin_LTLIBRARIES = libstrongswan-pkcs1.la +libstrongswan_pkcs1_la_SOURCES = pkcs1_plugin.h pkcs1_plugin.c \ + pkcs1_encoder.h pkcs1_encoder.c \ + pkcs1_builder.h pkcs1_builder.c + +libstrongswan_pkcs1_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs1/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs1/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-pkcs1.la: $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_DEPENDENCIES) + $(libstrongswan_pkcs1_la_LINK) -rpath $(plugindir) $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs1_builder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs1_encoder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs1_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pluginLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c new file mode 100644 index 000000000..fbd35e830 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -0,0 +1,299 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2000-2008 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs1_builder.h" + +#include +#include +#include +#include +#include + +/** + * ASN.1 definition of a subjectPublicKeyInfo structure + */ +static const asn1Object_t pkinfoObjects[] = { + { 0, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "algorithm", ASN1_EOC, ASN1_RAW }, /* 1 */ + { 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_BODY }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM 1 +#define PKINFO_SUBJECT_PUBLIC_KEY 2 + +/** + * Load a generic public key from an ASN.1 encoded blob + */ +static public_key_t *parse_public_key(chunk_t blob) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + public_key_t *key = NULL; + key_type_t type = KEY_ANY; + + parser = asn1_parser_create(pkinfoObjects, blob); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM: + { + int oid = asn1_parse_algorithmIdentifier(object, + parser->get_level(parser)+1, NULL); + + if (oid == OID_RSA_ENCRYPTION) + { + type = KEY_RSA; + } + else if (oid == OID_EC_PUBLICKEY) + { + /* we need the whole subjectPublicKeyInfo for EC public keys */ + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, + KEY_ECDSA, BUILD_BLOB_ASN1_DER, blob, BUILD_END); + goto end; + } + else + { + /* key type not supported */ + goto end; + } + break; + } + case PKINFO_SUBJECT_PUBLIC_KEY: + if (object.len > 0 && *object.ptr == 0x00) + { + /* skip initial bit string octet defining 0 unused bits */ + object = chunk_skip(object, 1); + } + DBG2("-- > --"); + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, type, + BUILD_BLOB_ASN1_DER, object, BUILD_END); + DBG2("-- < --"); + break; + } + } + +end: + parser->destroy(parser); + return key; +} + +/** + * ASN.1 definition of RSApublicKey + */ +static const asn1Object_t pubkeyObjects[] = { + { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ + { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */ + { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PUB_KEY_RSA_PUBLIC_KEY 0 +#define PUB_KEY_MODULUS 1 +#define PUB_KEY_EXPONENT 2 + +/** + * Load a RSA public key from an ASN.1 encoded blob. + */ +static public_key_t *parse_rsa_public_key(chunk_t blob) +{ + chunk_t n, e; + asn1_parser_t *parser; + chunk_t object; + int objectID; + bool success = FALSE; + + parser = asn1_parser_create(pubkeyObjects, blob); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PUB_KEY_MODULUS: + n = object; + break; + case PUB_KEY_EXPONENT: + e = object; + break; + } + } + success = parser->success(parser); + parser->destroy(parser); + + if (!success) + { + return NULL; + } + return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); +} + +/** + * ASN.1 definition of a PKCS#1 RSA private key + */ +static const asn1Object_t privkeyObjects[] = { + { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ + { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */ + { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */ + { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */ + { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */ + { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */ + { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */ + { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */ + { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT | + ASN1_LOOP }, /* 10 */ + { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */ + { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */ + { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */ + { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */ + { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PRIV_KEY_VERSION 1 +#define PRIV_KEY_MODULUS 2 +#define PRIV_KEY_PUB_EXP 3 +#define PRIV_KEY_PRIV_EXP 4 +#define PRIV_KEY_PRIME1 5 +#define PRIV_KEY_PRIME2 6 +#define PRIV_KEY_EXP1 7 +#define PRIV_KEY_EXP2 8 +#define PRIV_KEY_COEFF 9 + +/** + * Load a RSA private key from a ASN1 encoded blob. + */ +static private_key_t *parse_rsa_private_key(chunk_t blob) +{ + chunk_t n, e, d, p, q, exp1, exp2, coeff; + asn1_parser_t *parser; + chunk_t object; + int objectID ; + bool success = FALSE; + + parser = asn1_parser_create(privkeyObjects, blob); + parser->set_flags(parser, FALSE, TRUE); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PRIV_KEY_VERSION: + if (object.len > 0 && *object.ptr != 0) + { + DBG1("PKCS#1 private key format is not version 1"); + goto end; + } + break; + case PRIV_KEY_MODULUS: + n = object; + break; + case PRIV_KEY_PUB_EXP: + e = object; + break; + case PRIV_KEY_PRIV_EXP: + d = object; + break; + case PRIV_KEY_PRIME1: + p = object; + break; + case PRIV_KEY_PRIME2: + q = object; + break; + case PRIV_KEY_EXP1: + exp1 = object; + break; + case PRIV_KEY_EXP2: + exp2 = object; + break; + case PRIV_KEY_COEFF: + coeff = object; + break; + } + } + success = parser->success(parser); + +end: + parser->destroy(parser); + if (!success) + { + return NULL; + } + return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_RSA_PRIV_EXP, d, + BUILD_RSA_PRIME1, p, BUILD_RSA_PRIME2, q, BUILD_RSA_EXP1, exp1, + BUILD_RSA_EXP2, exp2, BUILD_RSA_COEFF, coeff, BUILD_END); +} + +/** + * See header. + */ +public_key_t *pkcs1_public_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + switch (type) + { + case KEY_ANY: + return parse_public_key(blob); + case KEY_RSA: + return parse_rsa_public_key(blob); + default: + return NULL; + } +} + +/** + * See header. + */ +private_key_t *pkcs1_private_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + return parse_rsa_private_key(blob); +} + diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h new file mode 100644 index 000000000..62ca9f351 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs1_public_key pkcs1_public_key + * @{ @ingroup pkcs1 + */ + +#ifndef PKCS1_BUILDER_H_ +#define PKCS1_BUILDER_H_ + +#include +#include + +/** + * Load a generic or an RSA public key from PKCS#1 data. + * + * @param type type of the key, either KEY_ANY or KEY_RSA + * @param args builder_part_t argument list + * @return public key, NULL on failure + */ +public_key_t *pkcs1_public_key_load(key_type_t type, va_list args); + +/** + * Load a RSA public key from PKCS#1 data. + * + * @param type type of the key, KEY_RSA + * @param args builder_part_t argument list + * @return private key, NULL on failure + */ +private_key_t *pkcs1_private_key_load(key_type_t type, va_list args); + +#endif /** PKCS1_BUILDER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c new file mode 100644 index 000000000..0a8da815a --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c @@ -0,0 +1,160 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs1_encoder.h" + +#include +#include +#include + +/** + * Encode a public key in PKCS#1/ASN.1 DER + */ +bool build_pub(chunk_t *encoding, va_list args) +{ + chunk_t n, e; + + if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n, + KEY_PART_RSA_PUB_EXP, &e, KEY_PART_END)) + { + *encoding = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_INTEGER, "c", n), + asn1_wrap(ASN1_INTEGER, "c", e)); + return TRUE; + } + return FALSE; +} + +/** + * Encode a public key in PKCS#1/ASN.1 DER, contained in subjectPublicKeyInfo + */ +bool build_pub_info(chunk_t *encoding, va_list args) +{ + chunk_t n, e; + + if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n, + KEY_PART_RSA_PUB_EXP, &e, KEY_PART_END)) + { + *encoding = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), + asn1_bitstring("m", + asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_INTEGER, "c", n), + asn1_wrap(ASN1_INTEGER, "c", e)))); + return TRUE; + } + return FALSE; +} + +/** + * Encode a private key in PKCS#1/ASN.1 DER + */ +bool build_priv(chunk_t *encoding, va_list args) +{ + chunk_t n, e, d, p, q, exp1, exp2, coeff; + + if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n, + KEY_PART_RSA_PUB_EXP, &e, KEY_PART_RSA_PRIV_EXP, &d, + KEY_PART_RSA_PRIME1, &p, KEY_PART_RSA_PRIME2, &q, + KEY_PART_RSA_EXP1, &exp1, KEY_PART_RSA_EXP2, &exp2, + KEY_PART_RSA_COEFF, &coeff, KEY_PART_END)) + { + *encoding = asn1_wrap(ASN1_SEQUENCE, "cmmssssss", + ASN1_INTEGER_0, + asn1_wrap(ASN1_INTEGER, "c", n), + asn1_wrap(ASN1_INTEGER, "c", e), + asn1_wrap(ASN1_INTEGER, "c", d), + asn1_wrap(ASN1_INTEGER, "c", p), + asn1_wrap(ASN1_INTEGER, "c", q), + asn1_wrap(ASN1_INTEGER, "c", exp1), + asn1_wrap(ASN1_INTEGER, "c", exp2), + asn1_wrap(ASN1_INTEGER, "c", coeff)); + return TRUE; + } + return FALSE; +} + +/** + * Build the SHA1 hash of pubkey(info) ASN.1 data + */ +static bool hash_pubkey(chunk_t pubkey, chunk_t *hash) +{ + hasher_t *hasher; + + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (hasher == NULL) + { + chunk_free(&pubkey); + DBG1("SHA1 hash algorithm not supported, fingerprinting failed"); + return FALSE; + } + hasher->allocate_hash(hasher, pubkey, hash); + hasher->destroy(hasher); + chunk_free(&pubkey); + return TRUE; +} + +/** + * build the fingerprint of the subjectPublicKeyInfo object + */ +static bool build_info_sha1(chunk_t *encoding, va_list args) +{ + chunk_t pubkey; + + if (build_pub_info(&pubkey, args)) + { + return hash_pubkey(pubkey, encoding); + } + return FALSE; +} + +/** + * build the fingerprint of the subjectPublicKey object + */ +static bool build_sha1(chunk_t *encoding, va_list args) +{ + chunk_t pubkey; + + if (build_pub(&pubkey, args)) + { + return hash_pubkey(pubkey, encoding); + } + return FALSE; +} + +/** + * See header. + */ +bool pkcs1_encoder_encode(key_encoding_type_t type, chunk_t *encoding, + va_list args) +{ + switch (type) + { + case KEY_ID_PUBKEY_INFO_SHA1: + return build_info_sha1(encoding, args); + case KEY_ID_PUBKEY_SHA1: + return build_sha1(encoding, args); + case KEY_PUB_ASN1_DER: + return build_pub(encoding, args); + case KEY_PUB_SPKI_ASN1_DER: + return build_pub_info(encoding, args); + case KEY_PRIV_ASN1_DER: + return build_priv(encoding, args); + default: + return FALSE; + } +} + + diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h new file mode 100644 index 000000000..11d9f27f2 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs1_encoder pkcs1_encoder + * @{ @ingroup pkcs1 + */ + +#ifndef PKCS1_ENCODER_H_ +#define PKCS1_ENCODER_H_ + +#include + +/** + * Encoding function for PKCS#1/ASN.1 fingerprints/key formats. + */ +bool pkcs1_encoder_encode(key_encoding_type_t type, chunk_t *encoding, + va_list args); + +#endif /** PKCS1_ENCODER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c new file mode 100644 index 000000000..9d71e1388 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs1_plugin.h" + +#include +#include "pkcs1_builder.h" +#include "pkcs1_encoder.h" + +typedef struct private_pkcs1_plugin_t private_pkcs1_plugin_t; + +/** + * private data of pkcs1_plugin + */ +struct private_pkcs1_plugin_t { + + /** + * public functions + */ + pkcs1_plugin_t public; +}; + +/** + * Implementation of pkcs1_plugin_t.pkcs1troy + */ +static void destroy(private_pkcs1_plugin_t *this) +{ + lib->creds->remove_builder(lib->creds, + (builder_function_t)pkcs1_public_key_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)pkcs1_private_key_load); + + lib->encoding->remove_encoder(lib->encoding, pkcs1_encoder_encode); + + free(this); +} + +/* + * see header file + */ +plugin_t *plugin_create() +{ + private_pkcs1_plugin_t *this = malloc_thing(private_pkcs1_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + (builder_function_t)pkcs1_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + (builder_function_t)pkcs1_public_key_load); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)pkcs1_private_key_load); + + lib->encoding->add_encoder(lib->encoding, pkcs1_encoder_encode); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h new file mode 100644 index 000000000..465c7ef2c --- /dev/null +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs1 pkcs1 + * @ingroup plugins + * + * @defgroup pkcs1_plugin pkcs1_plugin + * @{ @ingroup pkcs1 + */ + +#ifndef PKCS1_PLUGIN_H_ +#define PKCS1_PLUGIN_H_ + +#include + +typedef struct pkcs1_plugin_t pkcs1_plugin_t; + +/** + * Plugin providing PKCS#1 private/public key decoding functions + */ +struct pkcs1_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +/** + * Create a pkcs1_plugin instance. + */ +plugin_t *plugin_create(); + +#endif /** PKCS1_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h index 6ca71540c..28c800c0c 100644 --- a/src/libstrongswan/plugins/plugin.h +++ b/src/libstrongswan/plugins/plugin.h @@ -27,11 +27,11 @@ typedef struct plugin_t plugin_t; * Interface definition of a plugin. */ struct plugin_t { - + /** - * Destroy a plugin instance. - */ - void (*destroy)(plugin_t *this); + * Destroy a plugin instance. + */ + void (*destroy)(plugin_t *this); }; diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 459ba9ba9..d4513f25a 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -37,12 +37,12 @@ struct private_plugin_loader_t { * public functions */ plugin_loader_t public; - + /** * list of loaded plugins */ linked_list_t *plugins; - + /** * names of loaded plugins */ @@ -59,9 +59,9 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, void *handle; plugin_t *plugin; plugin_constructor_t constructor; - + snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name); - + if (lib->integrity) { if (!lib->integrity->check_file(lib->integrity, name, file)) @@ -101,7 +101,7 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, return NULL; } DBG2("plugin '%s': loaded successfully", name); - + /* we do not store or free dlopen() handles, leak_detective requires * the modules to keep loaded until leak report */ return plugin; @@ -110,26 +110,50 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, /** * Implementation of plugin_loader_t.load_plugins. */ -static int load(private_plugin_loader_t *this, char *path, char *list) +static bool load(private_plugin_loader_t *this, char *path, char *list) { - plugin_t *plugin; enumerator_t *enumerator; char *token; - int count = 0; - + bool critical_failed = FALSE; + + if (path == NULL) + { + path = PLUGINDIR; + } + enumerator = enumerator_create_token(list, " ", " "); - while (enumerator->enumerate(enumerator, &token)) + while (!critical_failed && enumerator->enumerate(enumerator, &token)) { + plugin_t *plugin; + bool critical = FALSE; + int len; + + token = strdup(token); + len = strlen(token); + if (token[len-1] == '!') + { + critical = TRUE; + token[len-1] = '\0'; + } plugin = load_plugin(this, path, token); if (plugin) - { /* insert in front to destroy them in reverse order */ + { + /* insert in front to destroy them in reverse order */ this->plugins->insert_last(this->plugins, plugin); - this->names->insert_last(this->names, strdup(token)); - count++; + this->names->insert_last(this->names, token); + } + else + { + if (critical) + { + critical_failed = TRUE; + DBG1("loading critical plugin '%s' failed", token); + } + free(token); } } enumerator->destroy(enumerator); - return count; + return !critical_failed; } /** @@ -139,7 +163,7 @@ static void unload(private_plugin_loader_t *this) { plugin_t *plugin; char *name; - + while (this->plugins->remove_first(this->plugins, (void**)&plugin) == SUCCESS) { @@ -157,7 +181,7 @@ static void unload(private_plugin_loader_t *this) static enumerator_t* create_plugin_enumerator(private_plugin_loader_t *this) { return this->names->create_enumerator(this->names); -} +} /** * Implementation of plugin_loader_t.destroy @@ -175,15 +199,15 @@ static void destroy(private_plugin_loader_t *this) plugin_loader_t *plugin_loader_create() { private_plugin_loader_t *this = malloc_thing(private_plugin_loader_t); - - this->public.load = (int(*)(plugin_loader_t*, char *path, char *prefix))load; + + this->public.load = (bool(*)(plugin_loader_t*, char *path, char *prefix))load; this->public.unload = (void(*)(plugin_loader_t*))unload; this->public.create_plugin_enumerator = (enumerator_t*(*)(plugin_loader_t*))create_plugin_enumerator; this->public.destroy = (void(*)(plugin_loader_t*))destroy; - + this->plugins = linked_list_create(); this->names = linked_list_create(); - + return &this->public; } diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index 6230f9d68..f72c91c60 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -28,33 +28,37 @@ typedef struct plugin_loader_t plugin_loader_t; /** * The plugin_loader loads plugins from a directory and initializes them */ -struct plugin_loader_t { - +struct plugin_loader_t { + /** * Load a list of plugins from a directory. * - * @param path path containing loadable plugins + * Each plugin in list may have a ending exclamation mark (!) to mark it + * as a critical plugin. If loading a critical plugin fails, plugin loading + * is aborted and FALSE is returned. + * + * @param path path containing loadable plugins, NULL for default * @param list space separated list of plugins to load - * @return number of successfully loaded plugins + * @return TRUE if all critical plugins loaded successfully */ - int (*load)(plugin_loader_t *this, char *path, char *list); - + bool (*load)(plugin_loader_t *this, char *path, char *list); + /** * Unload all loaded plugins. */ void (*unload)(plugin_loader_t *this); - + /** * Create an enumerator over all loaded plugin names. * * @return enumerator over char* */ enumerator_t* (*create_plugin_enumerator)(plugin_loader_t *this); - + /** - * Unload loaded plugins, destroy plugin_loader instance. - */ - void (*destroy)(plugin_loader_t *this); + * Unload loaded plugins, destroy plugin_loader instance. + */ + void (*destroy)(plugin_loader_t *this); }; /** diff --git a/src/libstrongswan/plugins/pubkey/Makefile.am b/src/libstrongswan/plugins/pubkey/Makefile.am index 9423e6689..770d77325 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.am +++ b/src/libstrongswan/plugins/pubkey/Makefile.am @@ -6,8 +6,7 @@ AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-pubkey.la libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \ - pubkey_cert.h pubkey_cert.c\ - pubkey_public_key.h pubkey_public_key.c + pubkey_cert.h pubkey_cert.c libstrongswan_pubkey_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index a672e2ea8..f95e7b357 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,23 +37,44 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pubkey DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_pubkey_la_LIBADD = -am_libstrongswan_pubkey_la_OBJECTS = pubkey_plugin.lo pubkey_cert.lo \ - pubkey_public_key.lo +am_libstrongswan_pubkey_la_OBJECTS = pubkey_plugin.lo pubkey_cert.lo libstrongswan_pubkey_la_OBJECTS = \ $(am_libstrongswan_pubkey_la_OBJECTS) libstrongswan_pubkey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -60,6 +83,7 @@ libstrongswan_pubkey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,14 +249,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-pubkey.la libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \ - pubkey_cert.h pubkey_cert.c\ - pubkey_public_key.h pubkey_public_key.c + pubkey_cert.h pubkey_cert.c libstrongswan_pubkey_la_LDFLAGS = -module -avoid-version all: all-am @@ -245,9 +272,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -265,23 +292,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -303,25 +335,24 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_cert.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_plugin.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_public_key.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -344,7 +375,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -352,29 +383,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -395,13 +431,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -432,6 +472,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -453,6 +494,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -461,18 +504,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -511,6 +564,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c index 863a8a1d4..f149f6379 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c @@ -17,11 +17,6 @@ #include -/** - * defined in pubkey_public_key.c - */ -extern public_key_t *pubkey_public_key_load(chunk_t blob); - typedef struct private_pubkey_cert_t private_pubkey_cert_t; /** @@ -33,17 +28,22 @@ struct private_pubkey_cert_t { * public functions */ pubkey_cert_t public; - + /** * wrapped public key */ public_key_t *key; - + /** * dummy issuer id, ID_ANY */ identification_t *issuer; - + + /** + * subject, ID_KEY_ID of the public key + */ + identification_t *subject; + /** * reference count */ @@ -63,7 +63,7 @@ static certificate_type_t get_type(private_pubkey_cert_t *this) */ static identification_t* get_subject(private_pubkey_cert_t *this) { - return this->key->get_id(this->key, ID_PUBKEY_INFO_SHA1); + return this->subject; } /** @@ -80,14 +80,21 @@ static identification_t* get_issuer(private_pubkey_cert_t *this) static id_match_t has_subject(private_pubkey_cert_t *this, identification_t *subject) { - identification_t *id; - - id = this->key->get_id(this->key, subject->get_type(subject)); - if (id) + if (subject->get_type(subject) == ID_KEY_ID) { - return id->matches(id, subject); + key_encoding_type_t type; + chunk_t fingerprint; + + for (type = 0; type < KEY_ENCODING_MAX; type++) + { + if (this->key->get_fingerprint(this->key, type, &fingerprint) && + chunk_equals(fingerprint, subject->get_encoding(subject))) + { + return ID_MATCH_PERFECT; + } + } } - return ID_MATCH_NONE; + return ID_MATCH_NONE; } /** @@ -104,15 +111,19 @@ static id_match_t has_issuer(private_pubkey_cert_t *this, */ static bool equals(private_pubkey_cert_t *this, certificate_t *other) { - if (this == (private_pubkey_cert_t*)other) - { - return TRUE; - } - if (other->get_type(other) != CERT_TRUSTED_PUBKEY) + public_key_t *other_key; + + other_key = other->get_public_key(other); + if (other_key) { - return FALSE; + if (public_key_equals(this->key, other_key)) + { + other_key->destroy(other_key); + return TRUE; + } + other_key->destroy(other_key); } - return other->has_subject(other, this->key->get_id(this->key, ID_PUBKEY_INFO_SHA1)); + return FALSE; } /** @@ -131,6 +142,7 @@ static public_key_t* get_public_key(private_pubkey_cert_t *this) this->key->get_ref(this->key); return this->key; } + /** * Implementation of certificate_t.get_validity. */ @@ -155,13 +167,19 @@ static bool is_newer(certificate_t *this, certificate_t *that) { return FALSE; } - + /** * Implementation of certificate_t.get_encoding. */ static chunk_t get_encoding(private_pubkey_cert_t *this) { - return this->key->get_encoding(this->key); + chunk_t encoding; + + if (this->key->get_encoding(this->key, KEY_PUB_ASN1_DER, &encoding)) + { + return encoding; + } + return chunk_empty; } /** @@ -180,6 +198,7 @@ static void destroy(private_pubkey_cert_t *this) { if (ref_put(&this->ref)) { + this->subject->destroy(this->subject); this->issuer->destroy(this->issuer); this->key->destroy(this->key); free(this); @@ -192,7 +211,8 @@ static void destroy(private_pubkey_cert_t *this) static pubkey_cert_t *pubkey_cert_create(public_key_t *key) { private_pubkey_cert_t *this = malloc_thing(private_pubkey_cert_t); - + chunk_t fingerprint; + this->public.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject; this->public.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; @@ -206,97 +226,60 @@ static pubkey_cert_t *pubkey_cert_create(public_key_t *key) this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals; this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; this->public.interface.destroy = (void (*)(certificate_t *this))destroy; - + this->ref = 1; this->key = key; this->issuer = identification_create_from_encoding(ID_ANY, chunk_empty); - - return &this->public; -} - -static pubkey_cert_t *pubkey_cert_create_from_chunk(chunk_t blob) -{ - public_key_t *key = pubkey_public_key_load(chunk_clone(blob)); + if (key->get_fingerprint(key, KEY_ID_PUBKEY_INFO_SHA1, &fingerprint)) + { + this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint); + } + else + { + this->subject = identification_create_from_encoding(ID_ANY, chunk_empty); + } - return (key)? pubkey_cert_create(key) : NULL; + return &this->public; } -typedef struct private_builder_t private_builder_t; /** - * Builder implementation for key loading + * See header. */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - pubkey_cert_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static pubkey_cert_t *build(private_builder_t *this) +pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args) { - pubkey_cert_t *key = this->key; - - free(this); - return key; -} + public_key_t *key = NULL; + chunk_t blob = chunk_empty; -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) + while (TRUE) { - va_list args; - - switch (part) + switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - this->key = pubkey_cert_create_from_chunk(va_arg(args, chunk_t)); - va_end(args); - return; - } + blob = va_arg(args, chunk_t); + continue; case BUILD_PUBLIC_KEY: - { - va_start(args, part); - this->key = pubkey_cert_create(va_arg(args, public_key_t*)); - va_end(args); - return; - } - default: + key = va_arg(args, public_key_t*); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->key) + if (key) { - destroy((private_pubkey_cert_t*)this->key); + key->get_ref(key); } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *pubkey_cert_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_TRUSTED_PUBKEY) + else if (blob.ptr) { - return NULL; + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + BUILD_BLOB_ASN1_DER, blob, BUILD_END); } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; + if (key) + { + return pubkey_cert_create(key); + } + return NULL; } diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.h b/src/libstrongswan/plugins/pubkey/pubkey_cert.h index 394fc8b98..a2d735342 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.h +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.h @@ -21,6 +21,7 @@ #ifndef PUBKEY_CERT_H_ #define PUBKEY_CERT_H_ +#include #include typedef struct pubkey_cert_t pubkey_cert_t; @@ -37,13 +38,14 @@ struct pubkey_cert_t { }; /** - * Create the builder for a trusted public key. + * Create a trusted public key cert using a public key. * - * The builders add() function takes BUILD_PUBLIC_KEY to enwrap. + * The build accepts a BUILD_PUBLIC_KEY or a BUILD_BLOB_ASN1_DER part. * * @param type type of the certificate, must be CERT_pubkey_cert - * @return builder instance + * @param args builder_part_t argument list + * @return pubkey_cert_t, NULL on failure */ -builder_t *pubkey_cert_builder(certificate_type_t type); +pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args); #endif /** PUBKEY_CERT_H_ @}*/ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c index 7672e8dc1..ad84eed99 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c @@ -17,7 +17,6 @@ #include #include "pubkey_cert.h" -#include "pubkey_public_key.h" typedef struct private_pubkey_plugin_t private_pubkey_plugin_t; @@ -38,9 +37,7 @@ struct private_pubkey_plugin_t { static void destroy(private_pubkey_plugin_t *this) { lib->creds->remove_builder(lib->creds, - (builder_constructor_t)pubkey_cert_builder); - lib->creds->remove_builder(lib->creds, - (builder_constructor_t)pubkey_public_key_builder); + (builder_function_t)pubkey_cert_wrap); free(this); } @@ -50,13 +47,11 @@ static void destroy(private_pubkey_plugin_t *this) plugin_t *plugin_create() { private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, - (builder_constructor_t)pubkey_cert_builder); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, - (builder_constructor_t)pubkey_public_key_builder); + (builder_function_t)pubkey_cert_wrap); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/pubkey/pubkey_public_key.c b/src/libstrongswan/plugins/pubkey/pubkey_public_key.c deleted file mode 100644 index 6d3ae66ab..000000000 --- a/src/libstrongswan/plugins/pubkey/pubkey_public_key.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright (C) 2008 Tobias Brunner - * Copyright (C) 2008 Martin Willi - * Copyright (C) 2000-2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "pubkey_public_key.h" - -#include -#include -#include -#include -#include - -/** - * ASN.1 definition of a subjectPublicKeyInfo structure - */ -static const asn1Object_t pkinfoObjects[] = { - { 0, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "algorithm", ASN1_EOC, ASN1_RAW }, /* 1 */ - { 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_BODY }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM 1 -#define PKINFO_SUBJECT_PUBLIC_KEY 2 - - -/** - * Load a public key from an ASN.1 encoded blob - * Also used by pubkey_cert.c - */ -public_key_t *pubkey_public_key_load(chunk_t blob) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - public_key_t *key = NULL; - key_type_t type = KEY_ANY; - - parser = asn1_parser_create(pkinfoObjects, blob); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM: - { - int oid = asn1_parse_algorithmIdentifier(object, - parser->get_level(parser)+1, NULL); - - if (oid == OID_RSA_ENCRYPTION) - { - type = KEY_RSA; - } - else if (oid == OID_EC_PUBLICKEY) - { - /* we need the whole subjectPublicKeyInfo for EC public keys */ - key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, - KEY_ECDSA, BUILD_BLOB_ASN1_DER, blob, BUILD_END); - goto end; - } - else - { - /* key type not supported */ - goto end; - } - break; - } - case PKINFO_SUBJECT_PUBLIC_KEY: - if (object.len > 0 && *object.ptr == 0x00) - { - /* skip initial bit string octet defining 0 unused bits */ - object = chunk_skip(object, 1); - } - key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, type, - BUILD_BLOB_ASN1_DER, object, BUILD_END); - break; - } - } - -end: - parser->destroy(parser); - free(blob.ptr); - return key; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static public_key_t *build(private_builder_t *this) -{ - public_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - chunk_t blob; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - blob = va_arg(args, chunk_t); - this->key = pubkey_public_key_load(chunk_clone(blob)); - va_end(args); - return; - } - case BUILD_BLOB_ASN1_PEM: - { - bool pgp; - char *pem; - - va_start(args, part); - pem = va_arg(args, char *); - blob = chunk_clone(chunk_create(pem, strlen(pem))); - if (pem_to_bin(&blob, chunk_empty, &pgp) == SUCCESS) - { - this->key = pubkey_public_key_load(chunk_clone(blob)); - } - free(blob.ptr); - va_end(args); - return; - } - default: - break; - } - } - DESTROY_IF(this->key); - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *pubkey_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_ANY) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; -} - diff --git a/src/libstrongswan/plugins/pubkey/pubkey_public_key.h b/src/libstrongswan/plugins/pubkey/pubkey_public_key.h deleted file mode 100644 index d3198fab2..000000000 --- a/src/libstrongswan/plugins/pubkey/pubkey_public_key.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup pubkey_public_key pubkey_public_key - * @{ @ingroup pubkey_p - */ - -#ifndef PUBKEY_PUBLIC_KEY_H_ -#define PUBKEY_PUBLIC_KEY_H_ - -#include - -/** - * Create the builder for a generic public key. - * - * @param type type of the key, must be KEY_ANY - * @return builder instance - */ -builder_t *pubkey_public_key_builder(key_type_t type); - -#endif /** PUBKEY_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/random/Makefile.am b/src/libstrongswan/plugins/random/Makefile.am index 9a11b8567..7c2283ae7 100644 --- a/src/libstrongswan/plugins/random/Makefile.am +++ b/src/libstrongswan/plugins/random/Makefile.am @@ -1,7 +1,9 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic \ +-DDEV_RANDOM=\"${random_device}\" \ +-DDEV_URANDOM=\"${urandom_device}\" plugin_LTLIBRARIES = libstrongswan-random.la diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index a2869fb51..355ab14bc 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/random DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_random_la_LIBADD = am_libstrongswan_random_la_OBJECTS = random_plugin.lo random_rng.lo @@ -59,6 +83,7 @@ libstrongswan_random_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,10 +249,14 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic \ +-DDEV_RANDOM=\"${random_device}\" \ +-DDEV_URANDOM=\"${urandom_device}\" + plugin_LTLIBRARIES = libstrongswan-random.la libstrongswan_random_la_SOURCES = random_plugin.h random_plugin.c \ random_rng.c random_rng.h @@ -243,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -304,21 +341,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -341,7 +378,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -349,29 +386,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -392,13 +434,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -429,6 +475,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -450,6 +497,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -458,18 +507,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -508,6 +567,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c index 5f04f1d79..df0a8f556 100644 --- a/src/libstrongswan/plugins/random/random_plugin.c +++ b/src/libstrongswan/plugins/random/random_plugin.c @@ -47,14 +47,14 @@ static void destroy(private_random_plugin_t *this) plugin_t *plugin_create() { private_random_plugin_t *this = malloc_thing(private_random_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_rng(lib->crypto, RNG_STRONG, + + lib->crypto->add_rng(lib->crypto, RNG_STRONG, (rng_constructor_t)random_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, + lib->crypto->add_rng(lib->crypto, RNG_TRUE, (rng_constructor_t)random_rng_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h index 8145c7875..6ce0f71be 100644 --- a/src/libstrongswan/plugins/random/random_plugin.h +++ b/src/libstrongswan/plugins/random/random_plugin.h @@ -16,7 +16,7 @@ /** * @defgroup random_p random * @ingroup plugins - * + * * @defgroup random_plugin random_plugin * @{ @ingroup random_p */ diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index 22d21574e..34f300296 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -43,12 +43,12 @@ struct private_random_rng_t { * Public random_rng_t interface. */ random_rng_t public; - + /** * random device, depends on quality */ int dev; - + /** * file we read random bytes from */ @@ -63,9 +63,9 @@ static void get_bytes(private_random_rng_t *this, size_t bytes, { size_t done; ssize_t got; - + done = 0; - + while (done < bytes) { got = read(this->dev, buffer + done, bytes - done); @@ -120,7 +120,7 @@ random_rng_t *random_rng_create(rng_quality_t quality) { this->file = DEV_URANDOM; } - + this->dev = open(this->file, 0); if (this->dev < 0) { diff --git a/src/libstrongswan/plugins/random/random_rng.h b/src/libstrongswan/plugins/random/random_rng.h index bcb9cb204..4e6f3afb2 100644 --- a/src/libstrongswan/plugins/random/random_rng.h +++ b/src/libstrongswan/plugins/random/random_rng.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup random_rng random_rng * @{ @ingroup random_p @@ -29,7 +29,7 @@ typedef struct random_rng_t random_rng_t; * rng_t implementation on top of /dev/[u]random */ struct random_rng_t { - + /** * Implements rng_t. */ @@ -38,7 +38,7 @@ struct random_rng_t { /** * Creates an random_rng_t instance. - * + * * @param quality required quality of randomness * @return created random_rng_t */ diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index f1f5807ab..4f08b882c 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sha1 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_sha1_la_LIBADD = am_libstrongswan_sha1_la_OBJECTS = sha1_plugin.lo sha1_hasher.lo \ @@ -59,6 +83,7 @@ libstrongswan_sha1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -243,9 +272,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +292,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -305,21 +339,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -342,7 +376,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -350,29 +384,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -393,13 +432,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -430,6 +473,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -451,6 +495,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -459,18 +505,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -509,6 +565,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c index ba3dd9592..85bc89f37 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.c +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c @@ -2,7 +2,7 @@ * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil - * + * * Ported from Steve Reid's implementation * "SHA1 in C" found in strongSwan. * @@ -24,7 +24,7 @@ /* * ugly macro stuff - */ + */ #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) #if BYTE_ORDER == LITTLE_ENDIAN @@ -54,64 +54,64 @@ struct private_sha1_hasher_t { * Public interface for this hasher. */ sha1_hasher_t public; - + /* * State of the hasher. Shared with sha1_prf.c, do not change it!!! */ u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + u_int32_t count[2]; + u_int8_t buffer[64]; }; -/* +/* * Hash a single 512-bit block. This is the core of the algorithm. * */ static void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64]) { u_int32_t a, b, c, d, e; typedef union { - u_int8_t c[64]; - u_int32_t l[16]; + u_int8_t c[64]; + u_int32_t l[16]; } CHAR64LONG16; CHAR64LONG16 block[1]; /* use array to appear as a pointer */ - memcpy(block, buffer, 64); + memcpy(block, buffer, 64); - /* Copy context->state[] to working vars */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - /* Wipe variables */ - a = b = c = d = e = 0; - memset(block, '\0', sizeof(block)); + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; + memset(block, '\0', sizeof(block)); } /** @@ -122,33 +122,33 @@ void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len) u_int32_t i; u_int32_t j; - j = this->count[0]; - if ((this->count[0] += len << 3) < j) - { + j = this->count[0]; + if ((this->count[0] += len << 3) < j) + { this->count[1]++; - } - this->count[1] += (len>>29); - j = (j >> 3) & 63; - if ((j + len) > 63) - { - memcpy(&this->buffer[j], data, (i = 64-j)); - SHA1Transform(this->state, this->buffer); - for ( ; i + 63 < len; i += 64) - { - SHA1Transform(this->state, &data[i]); - } - j = 0; - } - else - { - i = 0; - } - memcpy(&this->buffer[j], &data[i], len - i); + } + this->count[1] += (len>>29); + j = (j >> 3) & 63; + if ((j + len) > 63) + { + memcpy(&this->buffer[j], data, (i = 64-j)); + SHA1Transform(this->state, this->buffer); + for ( ; i + 63 < len; i += 64) + { + SHA1Transform(this->state, &data[i]); + } + j = 0; + } + else + { + i = 0; + } + memcpy(&this->buffer[j], &data[i], len - i); } -/* - * Add padding and return the message digest. +/* + * Add padding and return the message digest. */ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) { @@ -156,23 +156,23 @@ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) u_int8_t finalcount[8]; u_int8_t c; - for (i = 0; i < 8; i++) - { - finalcount[i] = (u_int8_t)((this->count[(i >= 4 ? 0 : 1)] - >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ - } - c = 0200; - SHA1Update(this, &c, 1); - while ((this->count[0] & 504) != 448) - { + for (i = 0; i < 8; i++) + { + finalcount[i] = (u_int8_t)((this->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + c = 0200; + SHA1Update(this, &c, 1); + while ((this->count[0] & 504) != 448) + { c = 0000; - SHA1Update(this, &c, 1); - } - SHA1Update(this, finalcount, 8); /* Should cause a SHA1Transform() */ - for (i = 0; i < 20; i++) - { - digest[i] = (u_int8_t)((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); - } + SHA1Update(this, &c, 1); + } + SHA1Update(this, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) + { + digest[i] = (u_int8_t)((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } } /** @@ -181,12 +181,12 @@ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) static void reset(private_sha1_hasher_t *this) { this->state[0] = 0x67452301; - this->state[1] = 0xEFCDAB89; - this->state[2] = 0x98BADCFE; - this->state[3] = 0x10325476; - this->state[4] = 0xC3D2E1F0; - this->count[0] = 0; - this->count[1] = 0; + this->state[1] = 0xEFCDAB89; + this->state[2] = 0x98BADCFE; + this->state[3] = 0x10325476; + this->state[4] = 0xC3D2E1F0; + this->count[0] = 0; + this->count[1] = 0; } /** @@ -209,15 +209,15 @@ static void allocate_hash(private_sha1_hasher_t *this, chunk_t chunk, chunk_t *h { SHA1Update(this, chunk.ptr, chunk.len); if (hash != NULL) - { + { hash->ptr = malloc(HASH_SIZE_SHA1); hash->len = HASH_SIZE_SHA1; - + SHA1Final(this, hash->ptr); reset(this); } } - + /** * Implementation of hasher_t.get_hash_size. */ @@ -250,10 +250,10 @@ sha1_hasher_t *sha1_hasher_create(hash_algorithm_t algo) this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + /* initialize */ reset(this); - + return &(this->public); } diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.h b/src/libstrongswan/plugins/sha1/sha1_hasher.h index b9bfe1c86..7fa6f1bc0 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.h +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.h @@ -30,7 +30,7 @@ typedef struct sha1_hasher_t sha1_hasher_t; * Implementation of hasher_t interface using the SHA1 algorithm. */ struct sha1_hasher_t { - + /** * Implements hasher_t interface. */ diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c index b9eb62ac5..a038228da 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.c +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c @@ -50,14 +50,14 @@ static void destroy(private_sha1_plugin_t *this) plugin_t *plugin_create() { private_sha1_plugin_t *this = malloc_thing(private_sha1_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, (hasher_constructor_t)sha1_hasher_create); lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, (prf_constructor_t)sha1_prf_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c index 4a5f7c293..a68779d37 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.c +++ b/src/libstrongswan/plugins/sha1/sha1_prf.c @@ -29,13 +29,13 @@ struct private_sha1_hasher_t { * Public interface for this hasher. */ sha1_hasher_t public; - + /* * State of the hasher. From sha1_hasher.c, do not change it! */ u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + u_int32_t count[2]; + u_int8_t buffer[64]; }; /** @@ -107,7 +107,7 @@ static void set_key(private_sha1_prf_t *this, chunk_t key) { int i, rounds; u_int32_t *iv = (u_int32_t*)key.ptr; - + this->hasher->public.hasher_interface.reset(&this->hasher->public.hasher_interface); rounds = min(key.len/sizeof(u_int32_t), sizeof(this->hasher->state)); for (i = 0; i < rounds; i++) @@ -142,9 +142,9 @@ sha1_prf_t *sha1_prf_create(pseudo_random_function_t algo) this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; - + this->hasher = (private_sha1_hasher_t*)sha1_hasher_create(HASH_SHA1); - + return &this->public; } diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.h b/src/libstrongswan/plugins/sha1/sha1_prf.h index b6cd2f9d0..1ab4cbc24 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.h +++ b/src/libstrongswan/plugins/sha1/sha1_prf.h @@ -29,7 +29,7 @@ typedef struct sha1_prf_t sha1_prf_t; * Implementation of prf_t interface using keyed SHA1 algorithm (used for EAP-AKA). */ struct sha1_prf_t { - + /** * Implements prf_t interface. */ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index b34286813..e4ea58094 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sha2 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_sha2_la_LIBADD = am_libstrongswan_sha2_la_OBJECTS = sha2_plugin.lo sha2_hasher.lo @@ -58,6 +82,7 @@ libstrongswan_sha2_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,25 +130,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -135,11 +157,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -168,9 +193,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -193,7 +218,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -201,6 +226,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -209,10 +235,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -220,6 +248,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -240,9 +269,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,23 +289,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -301,21 +335,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +372,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +380,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +428,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -426,6 +469,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -447,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -455,18 +501,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -505,6 +561,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c index 645f4d786..d407fad1b 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.c +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c @@ -31,7 +31,7 @@ struct private_sha512_hasher_t { * Public interface for this hasher. */ sha2_hasher_t public; - + unsigned char sha_out[128]; /* results are here, bytes 0..47/0..63 */ u_int64_t sha_H[8]; u_int64_t sha_blocks; @@ -50,7 +50,7 @@ struct private_sha256_hasher_t { * Public interface for this hasher. */ sha2_hasher_t public; - + unsigned char sha_out[64]; /* results are here, bytes 0...31 */ u_int32_t sha_H[8]; u_int64_t sha_blocks; @@ -60,7 +60,7 @@ struct private_sha256_hasher_t { static const u_int32_t sha224_hashInit[8] = { 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, - 0x64f98fa7, 0xbefa4fa4 + 0x64f98fa7, 0xbefa4fa4 }; static const u_int32_t sha256_hashInit[8] = { @@ -139,7 +139,7 @@ static const u_int64_t sha512_K[80] = { /** * Single block SHA256 transformation */ -static void sha256_transform(private_sha256_hasher_t *ctx, +static void sha256_transform(private_sha256_hasher_t *ctx, const unsigned char *datap) { register int j; @@ -168,7 +168,7 @@ static void sha256_transform(private_sha256_hasher_t *ctx, j = 0; do { - if(j >= 16) + if(j >= 16) { Wm2 = W[j - 2]; Wm15 = W[j - 15]; @@ -198,7 +198,7 @@ static void sha256_transform(private_sha256_hasher_t *ctx, /** * Update SHA256 hash */ -static void sha256_write(private_sha256_hasher_t *ctx, +static void sha256_write(private_sha256_hasher_t *ctx, const unsigned char *datap, int length) { while(length > 0) @@ -243,7 +243,7 @@ static void sha256_final(private_sha256_hasher_t *ctx) { sha256_write(ctx, &padByte, 1); } - + /* write bit length, big endian byte order */ ctx->sha_out[56] = bitLength >> 56; ctx->sha_out[57] = bitLength >> 48; @@ -254,7 +254,7 @@ static void sha256_final(private_sha256_hasher_t *ctx) ctx->sha_out[62] = bitLength >> 8; ctx->sha_out[63] = bitLength; sha256_transform(ctx, &ctx->sha_out[0]); - + /* return results in ctx->sha_out[0...31] */ datap = &ctx->sha_out[0]; j = 0; @@ -283,7 +283,7 @@ static void sha256_final(private_sha256_hasher_t *ctx) /** * Single block SHA384/SHA512 transformation */ -static void sha512_transform(private_sha512_hasher_t *ctx, +static void sha512_transform(private_sha512_hasher_t *ctx, const unsigned char *datap) { register int j; @@ -343,14 +343,14 @@ static void sha512_transform(private_sha512_hasher_t *ctx, /** * Update a SHA384/SHA512 hash */ -static void sha512_write(private_sha512_hasher_t *ctx, +static void sha512_write(private_sha512_hasher_t *ctx, const unsigned char *datap, int length) { - while(length > 0) + while(length > 0) { - if(!ctx->sha_bufCnt) + if(!ctx->sha_bufCnt) { - while(length >= sizeof(ctx->sha_out)) + while(length >= sizeof(ctx->sha_out)) { sha512_transform(ctx, datap); datap += sizeof(ctx->sha_out); @@ -360,7 +360,7 @@ static void sha512_write(private_sha512_hasher_t *ctx, } ctx->sha_out[ctx->sha_bufCnt] = *datap++; length--; - if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) + if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) { sha512_transform(ctx, &ctx->sha_out[0]); ctx->sha_bufCnt = 0; @@ -385,7 +385,7 @@ static void sha512_final(private_sha512_hasher_t *ctx) /* pad extra space with zeroes */ padByte = 0; - while(ctx->sha_bufCnt != 112) + while(ctx->sha_bufCnt != 112) { sha512_write(ctx, &padByte, 1); } @@ -408,7 +408,7 @@ static void sha512_final(private_sha512_hasher_t *ctx) ctx->sha_out[126] = bitLength >> 8; ctx->sha_out[127] = bitLength; sha512_transform(ctx, &ctx->sha_out[0]); - + /* return results in ctx->sha_out[0...63] */ datap = &ctx->sha_out[0]; j = 0; @@ -429,7 +429,7 @@ static void sha512_final(private_sha512_hasher_t *ctx) /** * Implementation of hasher_t.get_hash for SHA224. */ -static void get_hash224(private_sha256_hasher_t *this, +static void get_hash224(private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); @@ -444,7 +444,7 @@ static void get_hash224(private_sha256_hasher_t *this, /** * Implementation of hasher_t.get_hash for SHA256. */ -static void get_hash256(private_sha256_hasher_t *this, +static void get_hash256(private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); @@ -489,11 +489,11 @@ static void get_hash512(private_sha512_hasher_t *this, /** * Implementation of hasher_t.allocate_hash for SHA224. */ -static void allocate_hash224(private_sha256_hasher_t *this, +static void allocate_hash224(private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + sha256_write(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -508,11 +508,11 @@ static void allocate_hash224(private_sha256_hasher_t *this, /** * Implementation of hasher_t.allocate_hash for SHA256. */ -static void allocate_hash256(private_sha256_hasher_t *this, +static void allocate_hash256(private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + sha256_write(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -527,11 +527,11 @@ static void allocate_hash256(private_sha256_hasher_t *this, /** * Implementation of hasher_t.allocate_hash for SHA384. */ -static void allocate_hash384(private_sha512_hasher_t *this, +static void allocate_hash384(private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + sha512_write(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -546,11 +546,11 @@ static void allocate_hash384(private_sha512_hasher_t *this, /** * Implementation of hasher_t.allocate_hash for SHA512. */ -static void allocate_hash512(private_sha512_hasher_t *this, +static void allocate_hash512(private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; - + sha512_write(this, chunk.ptr, chunk.len); if (hash != NULL) { @@ -577,7 +577,7 @@ static size_t get_hash_size256(private_sha256_hasher_t *this) { return HASH_SIZE_SHA256; } - + /** * Implementation of hasher_t.get_hash_size for SHA384. */ @@ -585,7 +585,7 @@ static size_t get_hash_size384(private_sha512_hasher_t *this) { return HASH_SIZE_SHA384; } - + /** * Implementation of hasher_t.get_hash_size for SHA512. */ @@ -650,7 +650,7 @@ static void destroy(sha2_hasher_t *this) sha2_hasher_t *sha2_hasher_create(hash_algorithm_t algorithm) { sha2_hasher_t *this; - + switch (algorithm) { case HASH_SHA224: @@ -686,9 +686,9 @@ sha2_hasher_t *sha2_hasher_create(hash_algorithm_t algorithm) return NULL; } this->hasher_interface.destroy = (void(*)(hasher_t*))destroy; - + /* initialize */ this->hasher_interface.reset(&this->hasher_interface); - + return this; } diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.h b/src/libstrongswan/plugins/sha2/sha2_hasher.h index 11f4fac26..ed57ae0bd 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.h +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.h @@ -32,7 +32,7 @@ typedef struct sha2_hasher_t sha2_hasher_t; * the SHA hash algorithm. */ struct sha2_hasher_t { - + /** * Generic hasher_t interface for this hasher. */ @@ -41,7 +41,7 @@ struct sha2_hasher_t { /** * Creates a new sha2_hasher_t. - * + * * @param algorithm HASH_SHA256, HASH_SHA384 or HASH_SHA512 * @return sha2_hasher_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c index 0743f7b1a..90f7cec77 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.c +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c @@ -47,9 +47,9 @@ static void destroy(private_sha2_plugin_t *this) plugin_t *plugin_create() { private_sha2_plugin_t *this = malloc_thing(private_sha2_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, (hasher_constructor_t)sha2_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA256, @@ -58,7 +58,7 @@ plugin_t *plugin_create() (hasher_constructor_t)sha2_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, (hasher_constructor_t)sha2_hasher_create); - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index b59a1c343..831408c9e 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sqlite DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_sqlite_la_DEPENDENCIES = am_libstrongswan_sqlite_la_OBJECTS = sqlite_plugin.lo \ @@ -60,6 +84,7 @@ libstrongswan_sqlite_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -245,9 +274,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -265,23 +294,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index 6e4951f2d..721f1a126 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -19,7 +19,7 @@ #include #include #include -#include +#include typedef struct private_sqlite_database_t private_sqlite_database_t; @@ -32,12 +32,12 @@ struct private_sqlite_database_t { * public functions */ sqlite_database_t public; - + /** * sqlite database connection */ sqlite3 *db; - + /** * mutex used to lock execute() */ @@ -220,12 +220,12 @@ static enumerator_t* query(private_sqlite_database_t *this, char *sql, ...) va_list args; sqlite_enumerator_t *enumerator = NULL; int i; - + #if SQLITE_VERSION_NUMBER < 3005000 /* sqlite connections prior to 3.5 may be used by a single thread only, */ this->mutex->lock(this->mutex); #endif - + va_start(args, sql); stmt = run(this, sql, &args); if (stmt) @@ -254,7 +254,7 @@ static int execute(private_sqlite_database_t *this, int *rowid, char *sql, ...) sqlite3_stmt *stmt; int affected = -1; va_list args; - + /* we need a lock to get our rowid/changes correctly */ this->mutex->lock(this->mutex); va_start(args, sql); @@ -316,7 +316,7 @@ sqlite_database_t *sqlite_database_create(char *uri) { char *file; private_sqlite_database_t *this; - + /** * parse sqlite:///path/to/file.db uri */ @@ -325,16 +325,16 @@ sqlite_database_t *sqlite_database_create(char *uri) return NULL; } file = uri + 9; - + this = malloc_thing(private_sqlite_database_t); - + this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; this->public.db.destroy = (void(*)(database_t*))destroy; - + this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - + if (sqlite3_open(file, &this->db) != SQLITE_OK) { DBG1("opening SQLite database '%s' failed: %s", @@ -342,9 +342,9 @@ sqlite_database_t *sqlite_database_create(char *uri) destroy(this); return NULL; } - + sqlite3_busy_handler(this->db, (void*)busy_handler, this); - + return &this->public; } diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c index bedf91e0f..955402bf9 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c @@ -47,9 +47,9 @@ static void destroy(private_sqlite_plugin_t *this) plugin_t *plugin_create() { private_sqlite_plugin_t *this = malloc_thing(private_sqlite_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + lib->db->add_database(lib->db, (database_constructor_t)sqlite_database_create); diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 0e408ba7e..a8674d282 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/test_vectors DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_test_vectors_la_LIBADD = am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \ @@ -64,6 +88,7 @@ libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -111,25 +136,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -141,11 +163,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -174,9 +199,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -199,7 +224,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -207,6 +232,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -215,10 +241,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -226,6 +254,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -270,9 +299,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -290,23 +319,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -352,178 +386,178 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< 3des_cbc.lo: test_vectors/3des_cbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT 3des_cbc.lo -MD -MP -MF $(DEPDIR)/3des_cbc.Tpo -c -o 3des_cbc.lo `test -f 'test_vectors/3des_cbc.c' || echo '$(srcdir)/'`test_vectors/3des_cbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/3des_cbc.Tpo $(DEPDIR)/3des_cbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT 3des_cbc.lo -MD -MP -MF $(DEPDIR)/3des_cbc.Tpo -c -o 3des_cbc.lo `test -f 'test_vectors/3des_cbc.c' || echo '$(srcdir)/'`test_vectors/3des_cbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/3des_cbc.Tpo $(DEPDIR)/3des_cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/3des_cbc.c' object='3des_cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o 3des_cbc.lo `test -f 'test_vectors/3des_cbc.c' || echo '$(srcdir)/'`test_vectors/3des_cbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o 3des_cbc.lo `test -f 'test_vectors/3des_cbc.c' || echo '$(srcdir)/'`test_vectors/3des_cbc.c aes_cbc.lo: test_vectors/aes_cbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_cbc.lo -MD -MP -MF $(DEPDIR)/aes_cbc.Tpo -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/aes_cbc.Tpo $(DEPDIR)/aes_cbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_cbc.lo -MD -MP -MF $(DEPDIR)/aes_cbc.Tpo -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_cbc.Tpo $(DEPDIR)/aes_cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_cbc.c' object='aes_cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c aes_xcbc.lo: test_vectors/aes_xcbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_xcbc.lo -MD -MP -MF $(DEPDIR)/aes_xcbc.Tpo -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/aes_xcbc.Tpo $(DEPDIR)/aes_xcbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_xcbc.lo -MD -MP -MF $(DEPDIR)/aes_xcbc.Tpo -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_xcbc.Tpo $(DEPDIR)/aes_xcbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_xcbc.c' object='aes_xcbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c blowfish.lo: test_vectors/blowfish.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT blowfish.lo -MD -MP -MF $(DEPDIR)/blowfish.Tpo -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/blowfish.Tpo $(DEPDIR)/blowfish.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT blowfish.lo -MD -MP -MF $(DEPDIR)/blowfish.Tpo -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/blowfish.Tpo $(DEPDIR)/blowfish.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/blowfish.c' object='blowfish.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c camellia_cbc.lo: test_vectors/camellia_cbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_cbc.lo -MD -MP -MF $(DEPDIR)/camellia_cbc.Tpo -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/camellia_cbc.Tpo $(DEPDIR)/camellia_cbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_cbc.lo -MD -MP -MF $(DEPDIR)/camellia_cbc.Tpo -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/camellia_cbc.Tpo $(DEPDIR)/camellia_cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/camellia_cbc.c' object='camellia_cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c cast.lo: test_vectors/cast.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cast.lo -MD -MP -MF $(DEPDIR)/cast.Tpo -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cast.Tpo $(DEPDIR)/cast.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cast.lo -MD -MP -MF $(DEPDIR)/cast.Tpo -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cast.Tpo $(DEPDIR)/cast.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/cast.c' object='cast.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c des.lo: test_vectors/des.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des.lo -MD -MP -MF $(DEPDIR)/des.Tpo -c -o des.lo `test -f 'test_vectors/des.c' || echo '$(srcdir)/'`test_vectors/des.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/des.Tpo $(DEPDIR)/des.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des.lo -MD -MP -MF $(DEPDIR)/des.Tpo -c -o des.lo `test -f 'test_vectors/des.c' || echo '$(srcdir)/'`test_vectors/des.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/des.Tpo $(DEPDIR)/des.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/des.c' object='des.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des.lo `test -f 'test_vectors/des.c' || echo '$(srcdir)/'`test_vectors/des.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des.lo `test -f 'test_vectors/des.c' || echo '$(srcdir)/'`test_vectors/des.c idea.lo: test_vectors/idea.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT idea.lo -MD -MP -MF $(DEPDIR)/idea.Tpo -c -o idea.lo `test -f 'test_vectors/idea.c' || echo '$(srcdir)/'`test_vectors/idea.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/idea.Tpo $(DEPDIR)/idea.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT idea.lo -MD -MP -MF $(DEPDIR)/idea.Tpo -c -o idea.lo `test -f 'test_vectors/idea.c' || echo '$(srcdir)/'`test_vectors/idea.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/idea.Tpo $(DEPDIR)/idea.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/idea.c' object='idea.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o idea.lo `test -f 'test_vectors/idea.c' || echo '$(srcdir)/'`test_vectors/idea.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o idea.lo `test -f 'test_vectors/idea.c' || echo '$(srcdir)/'`test_vectors/idea.c null.lo: test_vectors/null.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT null.lo -MD -MP -MF $(DEPDIR)/null.Tpo -c -o null.lo `test -f 'test_vectors/null.c' || echo '$(srcdir)/'`test_vectors/null.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/null.Tpo $(DEPDIR)/null.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT null.lo -MD -MP -MF $(DEPDIR)/null.Tpo -c -o null.lo `test -f 'test_vectors/null.c' || echo '$(srcdir)/'`test_vectors/null.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/null.Tpo $(DEPDIR)/null.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/null.c' object='null.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o null.lo `test -f 'test_vectors/null.c' || echo '$(srcdir)/'`test_vectors/null.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o null.lo `test -f 'test_vectors/null.c' || echo '$(srcdir)/'`test_vectors/null.c rc5.lo: test_vectors/rc5.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rc5.lo -MD -MP -MF $(DEPDIR)/rc5.Tpo -c -o rc5.lo `test -f 'test_vectors/rc5.c' || echo '$(srcdir)/'`test_vectors/rc5.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rc5.Tpo $(DEPDIR)/rc5.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rc5.lo -MD -MP -MF $(DEPDIR)/rc5.Tpo -c -o rc5.lo `test -f 'test_vectors/rc5.c' || echo '$(srcdir)/'`test_vectors/rc5.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rc5.Tpo $(DEPDIR)/rc5.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/rc5.c' object='rc5.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rc5.lo `test -f 'test_vectors/rc5.c' || echo '$(srcdir)/'`test_vectors/rc5.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rc5.lo `test -f 'test_vectors/rc5.c' || echo '$(srcdir)/'`test_vectors/rc5.c serpent_cbc.lo: test_vectors/serpent_cbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT serpent_cbc.lo -MD -MP -MF $(DEPDIR)/serpent_cbc.Tpo -c -o serpent_cbc.lo `test -f 'test_vectors/serpent_cbc.c' || echo '$(srcdir)/'`test_vectors/serpent_cbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/serpent_cbc.Tpo $(DEPDIR)/serpent_cbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT serpent_cbc.lo -MD -MP -MF $(DEPDIR)/serpent_cbc.Tpo -c -o serpent_cbc.lo `test -f 'test_vectors/serpent_cbc.c' || echo '$(srcdir)/'`test_vectors/serpent_cbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/serpent_cbc.Tpo $(DEPDIR)/serpent_cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/serpent_cbc.c' object='serpent_cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o serpent_cbc.lo `test -f 'test_vectors/serpent_cbc.c' || echo '$(srcdir)/'`test_vectors/serpent_cbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o serpent_cbc.lo `test -f 'test_vectors/serpent_cbc.c' || echo '$(srcdir)/'`test_vectors/serpent_cbc.c twofish_cbc.lo: test_vectors/twofish_cbc.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT twofish_cbc.lo -MD -MP -MF $(DEPDIR)/twofish_cbc.Tpo -c -o twofish_cbc.lo `test -f 'test_vectors/twofish_cbc.c' || echo '$(srcdir)/'`test_vectors/twofish_cbc.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/twofish_cbc.Tpo $(DEPDIR)/twofish_cbc.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT twofish_cbc.lo -MD -MP -MF $(DEPDIR)/twofish_cbc.Tpo -c -o twofish_cbc.lo `test -f 'test_vectors/twofish_cbc.c' || echo '$(srcdir)/'`test_vectors/twofish_cbc.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/twofish_cbc.Tpo $(DEPDIR)/twofish_cbc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/twofish_cbc.c' object='twofish_cbc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o twofish_cbc.lo `test -f 'test_vectors/twofish_cbc.c' || echo '$(srcdir)/'`test_vectors/twofish_cbc.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o twofish_cbc.lo `test -f 'test_vectors/twofish_cbc.c' || echo '$(srcdir)/'`test_vectors/twofish_cbc.c md2.lo: test_vectors/md2.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md2.lo -MD -MP -MF $(DEPDIR)/md2.Tpo -c -o md2.lo `test -f 'test_vectors/md2.c' || echo '$(srcdir)/'`test_vectors/md2.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md2.Tpo $(DEPDIR)/md2.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md2.lo -MD -MP -MF $(DEPDIR)/md2.Tpo -c -o md2.lo `test -f 'test_vectors/md2.c' || echo '$(srcdir)/'`test_vectors/md2.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/md2.Tpo $(DEPDIR)/md2.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md2.c' object='md2.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md2.lo `test -f 'test_vectors/md2.c' || echo '$(srcdir)/'`test_vectors/md2.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md2.lo `test -f 'test_vectors/md2.c' || echo '$(srcdir)/'`test_vectors/md2.c md4.lo: test_vectors/md4.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md4.lo -MD -MP -MF $(DEPDIR)/md4.Tpo -c -o md4.lo `test -f 'test_vectors/md4.c' || echo '$(srcdir)/'`test_vectors/md4.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md4.Tpo $(DEPDIR)/md4.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md4.lo -MD -MP -MF $(DEPDIR)/md4.Tpo -c -o md4.lo `test -f 'test_vectors/md4.c' || echo '$(srcdir)/'`test_vectors/md4.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/md4.Tpo $(DEPDIR)/md4.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md4.c' object='md4.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md4.lo `test -f 'test_vectors/md4.c' || echo '$(srcdir)/'`test_vectors/md4.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md4.lo `test -f 'test_vectors/md4.c' || echo '$(srcdir)/'`test_vectors/md4.c md5.lo: test_vectors/md5.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5.lo -MD -MP -MF $(DEPDIR)/md5.Tpo -c -o md5.lo `test -f 'test_vectors/md5.c' || echo '$(srcdir)/'`test_vectors/md5.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md5.Tpo $(DEPDIR)/md5.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5.lo -MD -MP -MF $(DEPDIR)/md5.Tpo -c -o md5.lo `test -f 'test_vectors/md5.c' || echo '$(srcdir)/'`test_vectors/md5.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/md5.Tpo $(DEPDIR)/md5.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md5.c' object='md5.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5.lo `test -f 'test_vectors/md5.c' || echo '$(srcdir)/'`test_vectors/md5.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5.lo `test -f 'test_vectors/md5.c' || echo '$(srcdir)/'`test_vectors/md5.c md5_hmac.lo: test_vectors/md5_hmac.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5_hmac.lo -MD -MP -MF $(DEPDIR)/md5_hmac.Tpo -c -o md5_hmac.lo `test -f 'test_vectors/md5_hmac.c' || echo '$(srcdir)/'`test_vectors/md5_hmac.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md5_hmac.Tpo $(DEPDIR)/md5_hmac.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5_hmac.lo -MD -MP -MF $(DEPDIR)/md5_hmac.Tpo -c -o md5_hmac.lo `test -f 'test_vectors/md5_hmac.c' || echo '$(srcdir)/'`test_vectors/md5_hmac.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/md5_hmac.Tpo $(DEPDIR)/md5_hmac.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md5_hmac.c' object='md5_hmac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5_hmac.lo `test -f 'test_vectors/md5_hmac.c' || echo '$(srcdir)/'`test_vectors/md5_hmac.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5_hmac.lo `test -f 'test_vectors/md5_hmac.c' || echo '$(srcdir)/'`test_vectors/md5_hmac.c sha1.lo: test_vectors/sha1.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1.lo -MD -MP -MF $(DEPDIR)/sha1.Tpo -c -o sha1.lo `test -f 'test_vectors/sha1.c' || echo '$(srcdir)/'`test_vectors/sha1.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha1.Tpo $(DEPDIR)/sha1.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1.lo -MD -MP -MF $(DEPDIR)/sha1.Tpo -c -o sha1.lo `test -f 'test_vectors/sha1.c' || echo '$(srcdir)/'`test_vectors/sha1.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sha1.Tpo $(DEPDIR)/sha1.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha1.c' object='sha1.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1.lo `test -f 'test_vectors/sha1.c' || echo '$(srcdir)/'`test_vectors/sha1.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1.lo `test -f 'test_vectors/sha1.c' || echo '$(srcdir)/'`test_vectors/sha1.c sha1_hmac.lo: test_vectors/sha1_hmac.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1_hmac.lo -MD -MP -MF $(DEPDIR)/sha1_hmac.Tpo -c -o sha1_hmac.lo `test -f 'test_vectors/sha1_hmac.c' || echo '$(srcdir)/'`test_vectors/sha1_hmac.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha1_hmac.Tpo $(DEPDIR)/sha1_hmac.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1_hmac.lo -MD -MP -MF $(DEPDIR)/sha1_hmac.Tpo -c -o sha1_hmac.lo `test -f 'test_vectors/sha1_hmac.c' || echo '$(srcdir)/'`test_vectors/sha1_hmac.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sha1_hmac.Tpo $(DEPDIR)/sha1_hmac.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha1_hmac.c' object='sha1_hmac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1_hmac.lo `test -f 'test_vectors/sha1_hmac.c' || echo '$(srcdir)/'`test_vectors/sha1_hmac.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1_hmac.lo `test -f 'test_vectors/sha1_hmac.c' || echo '$(srcdir)/'`test_vectors/sha1_hmac.c sha2.lo: test_vectors/sha2.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2.lo -MD -MP -MF $(DEPDIR)/sha2.Tpo -c -o sha2.lo `test -f 'test_vectors/sha2.c' || echo '$(srcdir)/'`test_vectors/sha2.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha2.Tpo $(DEPDIR)/sha2.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2.lo -MD -MP -MF $(DEPDIR)/sha2.Tpo -c -o sha2.lo `test -f 'test_vectors/sha2.c' || echo '$(srcdir)/'`test_vectors/sha2.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sha2.Tpo $(DEPDIR)/sha2.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha2.c' object='sha2.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2.lo `test -f 'test_vectors/sha2.c' || echo '$(srcdir)/'`test_vectors/sha2.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2.lo `test -f 'test_vectors/sha2.c' || echo '$(srcdir)/'`test_vectors/sha2.c sha2_hmac.lo: test_vectors/sha2_hmac.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2_hmac.lo -MD -MP -MF $(DEPDIR)/sha2_hmac.Tpo -c -o sha2_hmac.lo `test -f 'test_vectors/sha2_hmac.c' || echo '$(srcdir)/'`test_vectors/sha2_hmac.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha2_hmac.Tpo $(DEPDIR)/sha2_hmac.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2_hmac.lo -MD -MP -MF $(DEPDIR)/sha2_hmac.Tpo -c -o sha2_hmac.lo `test -f 'test_vectors/sha2_hmac.c' || echo '$(srcdir)/'`test_vectors/sha2_hmac.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sha2_hmac.Tpo $(DEPDIR)/sha2_hmac.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha2_hmac.c' object='sha2_hmac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2_hmac.lo `test -f 'test_vectors/sha2_hmac.c' || echo '$(srcdir)/'`test_vectors/sha2_hmac.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2_hmac.lo `test -f 'test_vectors/sha2_hmac.c' || echo '$(srcdir)/'`test_vectors/sha2_hmac.c fips_prf.lo: test_vectors/fips_prf.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_prf.lo -MD -MP -MF $(DEPDIR)/fips_prf.Tpo -c -o fips_prf.lo `test -f 'test_vectors/fips_prf.c' || echo '$(srcdir)/'`test_vectors/fips_prf.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fips_prf.Tpo $(DEPDIR)/fips_prf.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_prf.lo -MD -MP -MF $(DEPDIR)/fips_prf.Tpo -c -o fips_prf.lo `test -f 'test_vectors/fips_prf.c' || echo '$(srcdir)/'`test_vectors/fips_prf.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/fips_prf.Tpo $(DEPDIR)/fips_prf.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/fips_prf.c' object='fips_prf.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_prf.lo `test -f 'test_vectors/fips_prf.c' || echo '$(srcdir)/'`test_vectors/fips_prf.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_prf.lo `test -f 'test_vectors/fips_prf.c' || echo '$(srcdir)/'`test_vectors/fips_prf.c rng.lo: test_vectors/rng.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rng.lo -MD -MP -MF $(DEPDIR)/rng.Tpo -c -o rng.lo `test -f 'test_vectors/rng.c' || echo '$(srcdir)/'`test_vectors/rng.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rng.Tpo $(DEPDIR)/rng.Plo +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rng.lo -MD -MP -MF $(DEPDIR)/rng.Tpo -c -o rng.lo `test -f 'test_vectors/rng.c' || echo '$(srcdir)/'`test_vectors/rng.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rng.Tpo $(DEPDIR)/rng.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/rng.c' object='rng.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rng.lo `test -f 'test_vectors/rng.c' || echo '$(srcdir)/'`test_vectors/rng.c +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rng.lo `test -f 'test_vectors/rng.c' || echo '$(srcdir)/'`test_vectors/rng.c mostlyclean-libtool: -rm -f *.lo @@ -543,7 +577,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -551,29 +585,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -594,13 +633,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -631,6 +674,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -652,6 +696,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -660,18 +706,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -710,6 +766,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c b/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c index 63bbb1261..a4e06180a 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c @@ -30,7 +30,7 @@ crypter_test_vector_t blowfish1 = { }; /** - * Test vector by Chilkat Software + * Test vector by Chilkat Software * (www.chilkatsoft.com/p/php_blowfish.asp) */ crypter_test_vector_t blowfish2 = { diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c index 8502df7ad..4dc1cc174 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c @@ -33,7 +33,7 @@ monobit_t monobit_all = { static bool test_monobit(monobit_t *param, chunk_t data) { int i, j, bits = 0; - + for (i = 0; i < data.len; i++) { for (j = 0; j < 8; j++) @@ -87,15 +87,15 @@ static bool test_poker(poker_t *param, chunk_t data) { int i, counter[16]; double sum = 0.0; - + memset(counter, 0, sizeof(counter)); - + for (i = 0; i < data.len; i++) { counter[data.ptr[i] & 0x0F]++; counter[(data.ptr[i] & 0xF0) >> 4]++; } - + for (i = 0; i < countof(counter); i++) { sum += (counter[i] * counter[i]) / 5000.0 * 16.0; @@ -145,10 +145,10 @@ runs_t runs_all = { static bool test_runs(runs_t *param, chunk_t data) { int i, j, zero_runs[7], one_runs[7], zero = 0, one = 0, longrun = 0; - + memset(one_runs, 0, sizeof(zero_runs)); memset(zero_runs, 0, sizeof(one_runs)); - + for (i = 0; i < data.len; i++) { for (j = 0; j < 8; j++) @@ -189,7 +189,7 @@ static bool test_runs(runs_t *param, chunk_t data) } } } - + DBG2(" Runs: zero: %d/%d/%d/%d/%d/%d, one: %d/%d/%d/%d/%d/%d, " "longruns: %d", zero_runs[1], zero_runs[2], zero_runs[3], @@ -197,12 +197,12 @@ static bool test_runs(runs_t *param, chunk_t data) one_runs[1], one_runs[2], one_runs[3], one_runs[4], one_runs[5], one_runs[6], longrun); - + if (longrun) { return FALSE; } - + for (i = 1; i < countof(zero_runs); i++) { if (zero_runs[i] <= param->lower[i] || diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index b96dc0c9a..7ad8c3c73 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -108,9 +108,9 @@ plugin_t *plugin_create() { private_test_vectors_plugin_t *this = malloc_thing(private_test_vectors_plugin_t); int i; - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + for (i = 0; i < countof(crypter); i++) { lib->crypto->add_test_vector(lib->crypto, @@ -136,7 +136,7 @@ plugin_t *plugin_create() lib->crypto->add_test_vector(lib->crypto, RANDOM_NUMBER_GENERATOR, rng[i]); } - + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/x509/Makefile.am b/src/libstrongswan/plugins/x509/Makefile.am index e9668b4e4..853b1cebc 100644 --- a/src/libstrongswan/plugins/x509/Makefile.am +++ b/src/libstrongswan/plugins/x509/Makefile.am @@ -9,8 +9,8 @@ libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \ x509_cert.h x509_cert.c \ x509_crl.h x509_crl.c \ x509_ac.h x509_ac.c \ + x509_pkcs10.h x509_pkcs10.c \ x509_ocsp_request.h x509_ocsp_request.c \ - x509_ocsp_response.h x509_ocsp_response.c \ - ietf_attr_list.h ietf_attr_list.c + x509_ocsp_response.h x509_ocsp_response.c libstrongswan_x509_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 56cb04769..428643254 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,24 +37,46 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/x509 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_x509_la_LIBADD = am_libstrongswan_x509_la_OBJECTS = x509_plugin.lo x509_cert.lo \ - x509_crl.lo x509_ac.lo x509_ocsp_request.lo \ - x509_ocsp_response.lo ietf_attr_list.lo + x509_crl.lo x509_ac.lo x509_pkcs10.lo x509_ocsp_request.lo \ + x509_ocsp_response.lo libstrongswan_x509_la_OBJECTS = $(am_libstrongswan_x509_la_OBJECTS) libstrongswan_x509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -60,6 +84,7 @@ libstrongswan_x509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -107,25 +132,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -137,11 +159,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -170,9 +195,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -195,7 +220,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -203,6 +228,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -211,10 +237,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -222,6 +250,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -231,9 +260,9 @@ libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \ x509_cert.h x509_cert.c \ x509_crl.h x509_crl.c \ x509_ac.h x509_ac.c \ + x509_pkcs10.h x509_pkcs10.c \ x509_ocsp_request.h x509_ocsp_request.c \ - x509_ocsp_response.h x509_ocsp_response.c \ - ietf_attr_list.h ietf_attr_list.c + x509_ocsp_response.h x509_ocsp_response.c libstrongswan_x509_la_LDFLAGS = -module -avoid-version all: all-am @@ -249,9 +278,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -269,23 +298,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -305,31 +339,31 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ietf_attr_list.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_ac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_cert.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_crl.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_ocsp_request.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_ocsp_response.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_pkcs10.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_plugin.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -352,7 +386,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -360,29 +394,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -403,13 +442,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -440,6 +483,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -461,6 +505,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -469,18 +515,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -519,6 +575,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.c b/src/libstrongswan/plugins/x509/ietf_attr_list.c deleted file mode 100644 index 17f6949b2..000000000 --- a/src/libstrongswan/plugins/x509/ietf_attr_list.c +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright (C) 2007 Andreas Steffen, Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include -#include - -#include -#include - -#include -#include -#include -#include - -#include "ietf_attr_list.h" - -/** - * Private definition of ietfAttribute kinds - */ -typedef enum { - IETF_ATTRIBUTE_OCTETS = 0, - IETF_ATTRIBUTE_OID = 1, - IETF_ATTRIBUTE_STRING = 2 -} ietfAttribute_t; - -typedef struct ietfAttr_t ietfAttr_t; - -/** - * Private definition of an ietfAttribute - */ -struct ietfAttr_t { - /** - * IETF attribute kind - */ - ietfAttribute_t kind; - - /** - * IETF attribute valuse - */ - chunk_t value; - - /** - * Compares two ietfAttributes - * - * return -1 if this is earlier in the alphabet than other - * return 0 if this equals other - * return +1 if this is later in the alphabet than other - * - * @param this calling object - * @param other other object - */ - int (*compare) (const ietfAttr_t *this ,const ietfAttr_t *other); - - /** - * Destroys the ietfAttr_t object. - * - * @param this ietfAttr_t to destroy - */ - void (*destroy) (ietfAttr_t *this); -}; - -/** - * Implements ietfAttr_t.compare. - */ -static int ietfAttr_compare(const ietfAttr_t *this ,const ietfAttr_t *other) -{ - int cmp_len, len, cmp_value; - - /* OID attributes are appended after STRING and OCTETS attributes */ - if (this->kind != IETF_ATTRIBUTE_OID && other->kind == IETF_ATTRIBUTE_OID) - { - return -1; - } - if (this->kind == IETF_ATTRIBUTE_OID && other->kind != IETF_ATTRIBUTE_OID) - { - return 1; - } - - cmp_len = this->value.len - other->value.len; - len = (cmp_len < 0)? this->value.len : other->value.len; - cmp_value = memcmp(this->value.ptr, other->value.ptr, len); - - return (cmp_value == 0)? cmp_len : cmp_value; -} - -/** - * Implements ietfAttr_t.destroy. - */ -static void ietfAttr_destroy(ietfAttr_t *this) -{ - free(this->value.ptr); - free(this); -} - -/** - * Creates an ietfAttr_t object. - */ -static ietfAttr_t *ietfAttr_create(ietfAttribute_t kind, chunk_t value) -{ - ietfAttr_t *this = malloc_thing(ietfAttr_t); - - /* initialize */ - this->kind = kind; - this->value = chunk_clone(value); - - /* function */ - this->compare = ietfAttr_compare; - this->destroy = ietfAttr_destroy; - - return this; -} - -/** - * Adds an ietfAttr_t object to a sorted linked list - */ -static void ietfAttr_add(linked_list_t *list, ietfAttr_t *attr) -{ - iterator_t *iterator = list->create_iterator(list, TRUE); - ietfAttr_t *current_attr; - bool found = FALSE; - - while (iterator->iterate(iterator, (void **)¤t_attr)) - { - int cmp = attr->compare(attr, current_attr); - - if (cmp > 0) - { - continue; - } - if (cmp == 0) - { - attr->destroy(attr); - } - else - { - iterator->insert_before(iterator, attr); - } - found = TRUE; - break; - } - iterator->destroy(iterator); - if (!found) - { - list->insert_last(list, attr); - } -} - -/* - * Described in header. - */ -bool ietfAttr_list_equals(linked_list_t *list_a, linked_list_t *list_b) -{ - bool result = TRUE; - - /* lists must have the same number of attributes */ - if (list_a->get_count(list_a) != list_b->get_count(list_b)) - { - return FALSE; - } - /* empty lists - no attributes */ - if (list_a->get_count(list_a) == 0) - { - return TRUE; - } - - /* compare two alphabetically-sorted lists */ - { - iterator_t *iterator_a = list_a->create_iterator(list_a, TRUE); - iterator_t *iterator_b = list_b->create_iterator(list_b, TRUE); - ietfAttr_t *attr_a, *attr_b; - - while (iterator_a->iterate(iterator_a, (void **)&attr_a) && - iterator_b->iterate(iterator_b, (void **)&attr_b)) - { - if (attr_a->compare(attr_a, attr_b) != 0) - { - /* we have a mismatch */ - result = FALSE; - break; - } - } - iterator_a->destroy(iterator_a); - iterator_b->destroy(iterator_b); - } - return result; -} - -/* - * Described in header. - */ -void ietfAttr_list_list(linked_list_t *list, FILE *out) -{ - iterator_t *iterator = list->create_iterator(list, TRUE); - ietfAttr_t *attr; - bool first = TRUE; - - while (iterator->iterate(iterator, (void **)&attr)) - { - if (first) - { - first = FALSE; - } - else - { - fprintf(out, ", "); - } - - switch (attr->kind) - { - case IETF_ATTRIBUTE_OCTETS: - case IETF_ATTRIBUTE_STRING: - fprintf(out, "%.*s", (int)attr->value.len, attr->value.ptr); - break; - case IETF_ATTRIBUTE_OID: - { - int oid = asn1_known_oid(attr->value); - - if (oid == OID_UNKNOWN) - { - fprintf(out, "0x#B", &attr->value); - } - else - { - fprintf(out, "%s", oid_names[oid]); - } - } - break; - default: - break; - } - } - iterator->destroy(iterator); -} - -/* - * Described in header. - */ -void ietfAttr_list_create_from_string(char *msg, linked_list_t *list) -{ - chunk_t line = { msg, strlen(msg) }; - - while (eat_whitespace(&line)) - { - chunk_t group; - - /* extract the next comma-separated group attribute */ - if (!extract_token(&group, ',', &line)) - { - group = line; - line.len = 0; - } - - /* remove any trailing spaces */ - while (group.len > 0 && *(group.ptr + group.len - 1) == ' ') - { - group.len--; - } - - /* add the group attribute to the list */ - if (group.len > 0) - { - ietfAttr_t *attr = ietfAttr_create(IETF_ATTRIBUTE_STRING, group); - - ietfAttr_add(list, attr); - } - } -} - -/** - * ASN.1 definition of ietfAttrSyntax - */ -static const asn1Object_t ietfAttrSyntaxObjects[] = -{ - { 0, "ietfAttrSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "policyAuthority", ASN1_CONTEXT_C_0, ASN1_OPT | - ASN1_BODY }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ - { 1, "values", ASN1_SEQUENCE, ASN1_LOOP }, /* 3 */ - { 2, "octets", ASN1_OCTET_STRING, ASN1_OPT | - ASN1_BODY }, /* 4 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 5 */ - { 2, "oid", ASN1_OID, ASN1_OPT | - ASN1_BODY }, /* 6 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 2, "string", ASN1_UTF8STRING, ASN1_OPT | - ASN1_BODY }, /* 8 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */ - { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define IETF_ATTR_OCTETS 4 -#define IETF_ATTR_OID 6 -#define IETF_ATTR_STRING 8 - -/* - * Described in header. - */ -void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int level0) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - - parser = asn1_parser_create(ietfAttrSyntaxObjects, chunk); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case IETF_ATTR_OCTETS: - case IETF_ATTR_OID: - case IETF_ATTR_STRING: - { - ietfAttribute_t kind = (objectID - IETF_ATTR_OCTETS) / 2; - ietfAttr_t *attr = ietfAttr_create(kind, object); - ietfAttr_add(list, attr); - } - break; - default: - break; - } - } - parser->destroy(parser); -} - -/* - * Described in header. - */ -chunk_t ietfAttr_list_encode(linked_list_t *list) -{ - chunk_t ietfAttributes; - size_t size = 0; - u_char *pos; - iterator_t *iterator = list->create_iterator(list, TRUE); - ietfAttr_t *attr; - - /* precalculate the total size of all values */ - while (iterator->iterate(iterator, (void **)&attr)) - { - size_t len = attr->value.len; - - size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len; - } - iterator->destroy(iterator); - - pos = asn1_build_object(&ietfAttributes, ASN1_SEQUENCE, size); - - iterator = list->create_iterator(list, TRUE); - while (iterator->iterate(iterator, (void **)&attr)) - { - chunk_t ietfAttribute; - asn1_t type = ASN1_NULL; - - switch (attr->kind) - { - case IETF_ATTRIBUTE_OCTETS: - type = ASN1_OCTET_STRING; - break; - case IETF_ATTRIBUTE_STRING: - type = ASN1_UTF8STRING; - break; - case IETF_ATTRIBUTE_OID: - type = ASN1_OID; - break; - } - ietfAttribute = asn1_simple_object(type, attr->value); - - /* copy ietfAttribute into ietfAttributes chunk */ - memcpy(pos, ietfAttribute.ptr, ietfAttribute.len); - pos += ietfAttribute.len; - free(ietfAttribute.ptr); - } - iterator->destroy(iterator); - - return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes); -} - -/* - * Described in header. - */ -void ietfAttr_list_destroy(linked_list_t *list) -{ - list->destroy_offset(list, offsetof(ietfAttr_t, destroy)); -} diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.h b/src/libstrongswan/plugins/x509/ietf_attr_list.h deleted file mode 100644 index 5807a899e..000000000 --- a/src/libstrongswan/plugins/x509/ietf_attr_list.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (C) 2007 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup ietf_attr_list ietf_attr_list - * @{ @ingroup x509_p - */ - -#ifndef IETF_ATTR_LIST_H_ -#define IETF_ATTR_LIST_H_ - -#include -#include - - -/** - * @brief Compare two linked lists of ietfAttr_t objects for equality - * - * @param list_a first alphabetically-sorted list - * @param list_b second alphabetically-sorted list - * @return TRUE if equal - */ -bool ietfAttr_list_equals(linked_list_t *list_a, linked_list_t *list_b); - -/** - * @brief Lists a linked list of ietfAttr_t objects - * - * @param list alphabetically-sorted linked list of attributes - * @param out output file - */ -void ietfAttr_list_list(linked_list_t *list, FILE *out); - -/** - * @brief Create a linked list of ietfAttr_t objects from a string - * - * @param msg string with comma-separated group names - * @param list alphabetically-sorted linked list of attributes - */ -void ietfAttr_list_create_from_string(char *msg, linked_list_t *list); - -/** - * @brief Create a linked list of ietfAttr_t objects from an ASN.1-coded chunk - * - * @param chunk chunk containing ASN.1-coded attributes - * @param list alphabetically-sorted linked list of attributes - * @param level0 parsing level - */ -void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int level0); - -/** - * @brief Encode a linked list of ietfAttr_t objects into an ASN.1-coded chunk - * - * @param list alphabetically-sorted linked list of attributes - * @return chunk containing ASN.1-coded attributes - */ -chunk_t ietfAttr_list_encode(linked_list_t *list); - -/** - * @brief Destroys a linked list of ietfAttr_t objects - * - * @param list list to be destroyed - */ -void ietfAttr_list_destroy(linked_list_t *list); - -#endif /** IETF_ATTR_LIST_H_ @}*/ - diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 638f96b44..79ff80933 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -1,9 +1,10 @@ /* * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler * Copyright (C) 2003 Martin Berner, Lukas Suter - * Copyright (C) 2002-2008 Andreas Steffen + * Copyright (C) 2002-2009 Andreas Steffen + * Copyright (C) 2009 Martin Willi * - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -17,7 +18,6 @@ */ #include "x509_ac.h" -#include "ietf_attr_list.h" #include @@ -26,14 +26,14 @@ #include #include #include -#include #include #include #include +#include #include -extern identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, - int level0, chunk_t *authKeySerialNumber); +extern chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, + int level0, chunk_t *authKeySerialNumber); typedef struct private_x509_ac_t private_x509_ac_t; @@ -46,7 +46,7 @@ struct private_x509_ac_t { * public functions */ x509_ac_t public; - + /** * X.509 attribute certificate encoding in ASN.1 DER format */ @@ -81,7 +81,7 @@ struct private_x509_ac_t { * ID representing the holder */ identification_t *entityName; - + /** * ID representing the attribute certificate issuer */ @@ -100,17 +100,17 @@ struct private_x509_ac_t { /** * List of charging attributes */ - linked_list_t *charging; + ietf_attributes_t *charging; /** * List of groub attributes */ - linked_list_t *groups; + ietf_attributes_t *groups; /** * Authority Key Identifier */ - identification_t *authKeyIdentifier; + chunk_t authKeyIdentifier; /** * Authority Key Serial Number @@ -132,19 +132,19 @@ struct private_x509_ac_t { */ chunk_t signature; - /** - * Holder certificate - */ + /** + * Holder certificate + */ certificate_t *holderCert; - /** - * Signer certificate - */ + /** + * Signer certificate + */ certificate_t *signerCert; - /** - * Signer private key; - */ + /** + * Signer private key; + */ private_key_t *signerKey; /** @@ -153,30 +153,13 @@ struct private_x509_ac_t { refcount_t ref; }; -static u_char ASN1_group_oid_str[] = { - 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04 -}; - -static const chunk_t ASN1_group_oid = chunk_from_buf(ASN1_group_oid_str); - -static u_char ASN1_authorityKeyIdentifier_oid_str[] = { - 0x06, 0x03, - 0x55, 0x1d, 0x23 -}; - -static const chunk_t ASN1_authorityKeyIdentifier_oid = - chunk_from_buf(ASN1_authorityKeyIdentifier_oid_str); - -static u_char ASN1_noRevAvail_ext_str[] = { +static chunk_t ASN1_noRevAvail_ext = chunk_from_chars( 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x38, 0x04, 0x02, 0x05, 0x00 -}; - -static const chunk_t ASN1_noRevAvail_ext = chunk_from_buf(ASN1_noRevAvail_ext_str); +); /** * declaration of function implemented in x509_cert.c @@ -294,7 +277,7 @@ static const asn1Object_t acObjects[] = { 3, "baseCertificateID", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 21 */ { 4, "issuerSerial", ASN1_SEQUENCE, ASN1_NONE }, /* 22 */ { 5, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 23 */ - { 5, "serial", ASN1_INTEGER, ASN1_BODY }, /* 24 */ + { 5, "serial", ASN1_INTEGER, ASN1_BODY }, /* 24 */ { 5, "issuerUID", ASN1_BIT_STRING, ASN1_OPT | ASN1_BODY }, /* 25 */ { 5, "end opt", ASN1_EOC, ASN1_END }, /* 26 */ @@ -302,7 +285,7 @@ static const asn1Object_t acObjects[] = { 3, "objectDigestInfo", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 28 */ { 4, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 29 */ { 5, "digestedObjectType", ASN1_ENUMERATED, ASN1_BODY }, /* 30 */ - { 5, "otherObjectTypeID", ASN1_OID, ASN1_OPT | + { 5, "otherObjectTypeID", ASN1_OID, ASN1_OPT | ASN1_BODY }, /* 31 */ { 5, "end opt", ASN1_EOC, ASN1_END }, /* 32 */ { 5, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 33 */ @@ -430,10 +413,14 @@ static bool parse_certificate(private_x509_ac_t *this) DBG2(" need to parse accessIdentity"); break; case OID_CHARGING_IDENTITY: - ietfAttr_list_create_from_chunk(object, this->charging, level); + DBG2("-- > --"); + this->charging = ietf_attributes_create_from_encoding(object); + DBG2("-- < --"); break; case OID_GROUP: - ietfAttr_list_create_from_chunk(object, this->groups, level); + DBG2("-- > --"); + this->groups = ietf_attributes_create_from_encoding(object); + DBG2("-- < --"); break; case OID_ROLE: parse_roleSyntax(object, level); @@ -459,7 +446,7 @@ static bool parse_certificate(private_x509_ac_t *this) break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, - level, &this->authKeySerialNumber); + level, &this->authKeySerialNumber); break; case OID_TARGET_INFORMATION: DBG2(" need to parse targetInformation"); @@ -547,10 +534,10 @@ static chunk_t build_attr_cert_validity(private_x509_ac_t *this) /** * build attribute type */ -static chunk_t build_attribute_type(const chunk_t type, chunk_t content) +static chunk_t build_attribute_type(int type, chunk_t content) { - return asn1_wrap(ASN1_SEQUENCE, "cm", - type, + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(type), asn1_wrap(ASN1_SET, "m", content)); } @@ -560,7 +547,7 @@ static chunk_t build_attribute_type(const chunk_t type, chunk_t content) static chunk_t build_attributes(private_x509_ac_t *this) { return asn1_wrap(ASN1_SEQUENCE, "m", - build_attribute_type(ASN1_group_oid, ietfAttr_list_encode(this->groups))); + build_attribute_type(OID_GROUP, this->groups->get_encoding(this->groups))); } /** @@ -568,31 +555,30 @@ static chunk_t build_attributes(private_x509_ac_t *this) */ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this) { - chunk_t keyIdentifier; + chunk_t keyIdentifier = chunk_empty; chunk_t authorityCertIssuer; chunk_t authorityCertSerialNumber; - x509_t *x509 = (x509_t*)this->signerCert; - identification_t *issuer = this->signerCert->get_issuer(this->signerCert); - public_key_t *public = this->signerCert->get_public_key(this->signerCert); + identification_t *issuer; + public_key_t *public; + x509_t *x509; + x509 = (x509_t*)this->signerCert; + issuer = this->signerCert->get_issuer(this->signerCert); + public = this->signerCert->get_public_key(this->signerCert); if (public) { - identification_t *keyid = public->get_id(public, ID_PUBKEY_SHA1); - - this->authKeyIdentifier = keyid = keyid->clone(keyid); - keyIdentifier = keyid->get_encoding(keyid); + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &keyIdentifier)) + { + this->authKeyIdentifier = chunk_clone(keyIdentifier); + } public->destroy(public); } - else - { - keyIdentifier = chunk_empty; - } authorityCertIssuer = build_directoryName(ASN1_CONTEXT_C_1, - issuer->get_encoding(issuer)); + issuer->get_encoding(issuer)); authorityCertSerialNumber = asn1_simple_object(ASN1_CONTEXT_S_2, - x509->get_serial(x509)); - return asn1_wrap(ASN1_SEQUENCE, "cm", - ASN1_authorityKeyIdentifier_oid, + x509->get_serial(x509)); + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_AUTHORITY_KEY_ID), asn1_wrap(ASN1_OCTET_STRING, "m", asn1_wrap(ASN1_SEQUENCE, "cmm", keyIdentifier, @@ -618,7 +604,7 @@ static chunk_t build_extensions(private_x509_ac_t *this) */ static chunk_t build_attr_cert_info(private_x509_ac_t *this) { - return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm", + return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmm", ASN1_INTEGER_1, build_holder(this), build_v2_form(this), @@ -636,14 +622,14 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this) static chunk_t build_ac(private_x509_ac_t *this) { chunk_t signatureValue; - chunk_t attributeCertificateInfo; + chunk_t attributeCertificateInfo; attributeCertificateInfo = build_attr_cert_info(this); this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1, attributeCertificateInfo, &signatureValue); - return asn1_wrap(ASN1_SEQUENCE, "mcm", + return asn1_wrap(ASN1_SEQUENCE, "mmm", attributeCertificateInfo, asn1_algorithmIdentifier(OID_SHA1_WITH_RSA), asn1_bitstring("m", signatureValue)); @@ -676,11 +662,19 @@ static identification_t* get_holderIssuer(private_x509_ac_t *this) /** * Implementation of ac_t.get_authKeyIdentifier. */ -static identification_t* get_authKeyIdentifier(private_x509_ac_t *this) +static chunk_t get_authKeyIdentifier(private_x509_ac_t *this) { return this->authKeyIdentifier; } +/** + * Implementation of certificate_t.get_groups. + */ +static ietf_attributes_t* get_groups(private_x509_ac_t *this) +{ + return this->groups ? this->groups->get_ref(this->groups) : NULL; +} + /** * Implementation of certificate_t.get_type */ @@ -710,7 +704,7 @@ static identification_t* get_issuer(private_x509_ac_t *this) */ static id_match_t has_subject(private_x509_ac_t *this, identification_t *subject) { - return ID_MATCH_NONE; + return ID_MATCH_NONE; } /** @@ -718,24 +712,12 @@ static id_match_t has_subject(private_x509_ac_t *this, identification_t *subject */ static id_match_t has_issuer(private_x509_ac_t *this, identification_t *issuer) { - id_match_t match; - - if (issuer->get_type(issuer) == ID_PUBKEY_SHA1) - { - if (this->authKeyIdentifier) - { - match = issuer->matches(issuer, this->authKeyIdentifier); - } - else - { - match = ID_MATCH_NONE; - } - } - else + if (issuer->get_type(issuer) == ID_KEY_ID && this->authKeyIdentifier.ptr && + chunk_equals(this->authKeyIdentifier, issuer->get_encoding(issuer))) { - match = this->issuerName->matches(this->issuerName, issuer); + return ID_MATCH_PERFECT; } - return match; + return this->issuerName->matches(this->issuerName, issuer); } /** @@ -747,7 +729,7 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer) signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; - + /* check if issuer is an X.509 AA certificate */ if (issuer->get_type(issuer) != CERT_X509) { @@ -762,19 +744,20 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer) key = issuer->get_public_key(issuer); /* compare keyIdentifiers if available, otherwise use DNs */ - if (this->authKeyIdentifier && key) + if (this->authKeyIdentifier.ptr && key) { - identification_t *subjectKeyIdentifier = key->get_id(key, ID_PUBKEY_SHA1); + chunk_t fingerprint; - if (!subjectKeyIdentifier->equals(subjectKeyIdentifier, - this->authKeyIdentifier)) + if (!key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &fingerprint) || + !chunk_equals(fingerprint, this->authKeyIdentifier)) { return FALSE; } } - else + else { - if (!this->issuerName->equals(this->issuerName, issuer->get_subject(issuer))) + if (!this->issuerName->equals(this->issuerName, + issuer->get_subject(issuer))) { return FALSE; } @@ -815,16 +798,8 @@ static private_x509_ac_t* get_ref(private_x509_ac_t *this) static bool get_validity(private_x509_ac_t *this, time_t *when, time_t *not_before, time_t *not_after) { - time_t t; - - if (when) - { - t = *when; - } - else - { - t = time(NULL); - } + time_t t = when ? *when : time(NULL); + if (not_before) { *not_before = this->notBefore; @@ -849,12 +824,12 @@ static bool is_newer(private_x509_ac_t *this, ac_t *that) this_cert->get_validity(this_cert, &now, &this_update, NULL); that_cert->get_validity(that_cert, &now, &that_update, NULL); new = this_update > that_update; - DBG1(" attr cert from %T is %s - existing attr_cert from %T %s", + DBG1(" attr cert from %T is %s - existing attr cert from %T %s", &this_update, FALSE, new ? "newer":"not newer", &that_update, FALSE, new ? "replaced":"retained"); return new; } - + /** * Implementation of certificate_t.get_encoding. */ @@ -870,14 +845,14 @@ static bool equals(private_x509_ac_t *this, certificate_t *other) { chunk_t encoding; bool equal; - + if ((certificate_t*)this == other) { return TRUE; } if (other->equals == (void*)equals) { /* skip allocation if we have the same implementation */ - return chunk_equals(this->encoding, ((private_x509_ac_t*)other)->encoding); + return chunk_equals(this->encoding, ((private_x509_ac_t*)other)->encoding); } encoding = other->get_encoding(other); equal = chunk_equals(this->encoding, encoding); @@ -895,14 +870,13 @@ static void destroy(private_x509_ac_t *this) DESTROY_IF(this->holderIssuer); DESTROY_IF(this->entityName); DESTROY_IF(this->issuerName); - DESTROY_IF(this->authKeyIdentifier); DESTROY_IF(this->holderCert); DESTROY_IF(this->signerCert); DESTROY_IF(this->signerKey); - - ietfAttr_list_destroy(this->charging); - ietfAttr_list_destroy(this->groups); + DESTROY_IF(this->charging); + DESTROY_IF(this->groups); free(this->serialNumber.ptr); + free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); free(this); } @@ -914,12 +888,13 @@ static void destroy(private_x509_ac_t *this) static private_x509_ac_t *create_empty(void) { private_x509_ac_t *this = malloc_thing(private_x509_ac_t); - + /* public functions */ this->public.interface.get_serial = (chunk_t (*)(ac_t*))get_serial; this->public.interface.get_holderSerial = (chunk_t (*)(ac_t*))get_holderSerial; this->public.interface.get_holderIssuer = (identification_t* (*)(ac_t*))get_holderIssuer; - this->public.interface.get_authKeyIdentifier = (identification_t* (*)(ac_t*))get_authKeyIdentifier; + this->public.interface.get_authKeyIdentifier = (chunk_t (*)(ac_t*))get_authKeyIdentifier; + this->public.interface.get_groups = (ietf_attributes_t* (*)(ac_t*))get_groups; this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_subject; this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; @@ -938,187 +913,108 @@ static private_x509_ac_t *create_empty(void) this->encoding = chunk_empty; this->serialNumber = chunk_empty; this->holderSerial = chunk_empty; + this->authKeyIdentifier = chunk_empty; this->holderIssuer = NULL; this->entityName = NULL; this->issuerName = NULL; - this->authKeyIdentifier = NULL; this->holderCert = NULL; this->signerCert = NULL; this->signerKey = NULL; - this->charging = linked_list_create(); - this->groups = linked_list_create(); + this->charging = NULL; + this->groups = NULL; this->ref = 1; return this; } /** - * create X.509 attribute certificate from a chunk + * See header. */ -static private_x509_ac_t* create_from_chunk(chunk_t chunk) +x509_ac_t *x509_ac_load(certificate_type_t type, va_list args) { - private_x509_ac_t *this = create_empty(); - - this->encoding = chunk; - if (!parse_certificate(this)) - { - destroy(this); - return NULL; - } - return this; -} + chunk_t blob = chunk_empty; -/** - * create X.509 crl from a file - */ -static private_x509_ac_t* create_from_file(char *path) -{ - bool pgp = FALSE; - chunk_t chunk; - private_x509_ac_t *this; - - if (!pem_asn1_load_file(path, NULL, &chunk, &pgp)) + while (TRUE) { - return NULL; + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; } - - this = create_from_chunk(chunk); - - if (this == NULL) + if (blob.ptr) { - DBG1(" could not parse loaded attribute certificate file '%s'", path); - return NULL; - } - DBG1(" loaded attribute certificate file '%s'", path); - return this; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for certificate loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** X.509 attribute certificate to build */ - private_x509_ac_t *ac; -}; + private_x509_ac_t *ac = create_empty(); -/** - * Implementation of builder_t.build - */ -static private_x509_ac_t* build(private_builder_t *this) -{ - private_x509_ac_t *ac = this->ac; - - free(this); - - /* synthesis if encoding does not exist */ - if (ac && ac->encoding.ptr == NULL) - { - if (ac->holderCert && ac->signerCert && ac->signerKey) + ac->encoding = chunk_clone(blob); + if (parse_certificate(ac)) { - ac->encoding = build_ac(ac); - return ac; + return &ac->public; } destroy(ac); - return NULL; - } - else - { - return ac; } + return NULL; } /** - * Implementation of builder_t.add + * See header. */ -static void add(private_builder_t *this, builder_part_t part, ...) +x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args) { - va_list args; - certificate_t *cert; - chunk_t chunk; + private_x509_ac_t *ac; - va_start(args, part); - switch (part) + ac = create_empty(); + while (TRUE) { - case BUILD_FROM_FILE: - if (this->ac) - { - destroy(this->ac); - } - this->ac = create_from_file(va_arg(args, char*)); - break; - case BUILD_BLOB_ASN1_DER: - if (this->ac) - { - destroy(this->ac); - } - chunk = va_arg(args, chunk_t); - this->ac = create_from_chunk(chunk_clone(chunk)); - break; - case BUILD_NOT_BEFORE_TIME: - this->ac->notBefore = va_arg(args, time_t); - break; - case BUILD_NOT_AFTER_TIME: - this->ac->notAfter = va_arg(args, time_t); - break; - case BUILD_SERIAL: - chunk = va_arg(args, chunk_t); - this->ac->serialNumber = chunk_clone(chunk); - break; - case BUILD_IETF_GROUP_ATTR: - ietfAttr_list_create_from_string(va_arg(args, char*), - this->ac->groups); - break; - case BUILD_CERT: - cert = va_arg(args, certificate_t*); - if (cert->get_type(cert) == CERT_X509) - { - this->ac->holderCert = cert->get_ref(cert); - } - break; - case BUILD_SIGNING_CERT: - cert = va_arg(args, certificate_t*); - if (cert->get_type(cert) == CERT_X509) - { - this->ac->signerCert = cert->get_ref(cert); - } - break; - case BUILD_SIGNING_KEY: - this->ac->signerKey = va_arg(args, private_key_t*); - this->ac->signerKey->get_ref(this->ac->signerKey); - break; - default: - /* abort if unsupported option */ - if (this->ac) - { - destroy(this->ac); - } - builder_cancel(&this->public); - break; + switch (va_arg(args, builder_part_t)) + { + case BUILD_NOT_BEFORE_TIME: + ac->notBefore = va_arg(args, time_t); + continue; + case BUILD_NOT_AFTER_TIME: + ac->notAfter = va_arg(args, time_t); + continue; + case BUILD_SERIAL: + ac->serialNumber = chunk_clone(va_arg(args, chunk_t)); + continue; + case BUILD_IETF_GROUP_ATTR: + ac->groups = ietf_attributes_create_from_string(va_arg(args, char*)); + continue; + case BUILD_CERT: + ac->holderCert = va_arg(args, certificate_t*); + ac->holderCert->get_ref(ac->holderCert); + continue; + case BUILD_SIGNING_CERT: + ac->signerCert = va_arg(args, certificate_t*); + ac->signerCert->get_ref(ac->signerCert); + continue; + case BUILD_SIGNING_KEY: + ac->signerKey = va_arg(args, private_key_t*); + ac->signerKey->get_ref(ac->signerKey); + continue; + case BUILD_END: + break; + default: + destroy(ac); + return NULL; + } + break; } - va_end(args); -} -/** - * Builder construction function - */ -builder_t *x509_ac_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_X509_AC) + if (ac->signerKey && ac->holderCert && ac->signerCert && + ac->holderCert->get_type(ac->holderCert) == CERT_X509 && + ac->signerCert->get_type(ac->signerCert) == CERT_X509) { - return NULL; + ac->encoding = build_ac(ac); + return &ac->public; } - - this = malloc_thing(private_builder_t); - - this->ac = create_empty(); - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; + destroy(ac); + return NULL; } diff --git a/src/libstrongswan/plugins/x509/x509_ac.h b/src/libstrongswan/plugins/x509/x509_ac.h index 958d5c57a..da0988c6e 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.h +++ b/src/libstrongswan/plugins/x509/x509_ac.h @@ -2,6 +2,7 @@ * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler * Copyright (C) 2003 Martin Berner, Lukas Suter * Copyright (C) 2002-2008 Andreas Steffen + * Copyright (C) 2009 Martin Willi * * Hochschule fuer Technik Rapperswil * @@ -24,6 +25,7 @@ #ifndef X509_AC_H_ #define X509_AC_H_ +#include #include typedef struct x509_ac_t x509_ac_t; @@ -40,18 +42,28 @@ struct x509_ac_t { }; /** - * Create the building facility for X.509 attribute certificates. + * Load a X.509 attribute certificate. * - * The resulting builder accepts: - * BUILD_USER_CERT: user certificate, exactly one - * BUILD_SIGNER_CERT: signer certificate, exactly one - * BUILD_SIGNER_KEY: signer private key, exactly one - * BUILD_SERIAL: serial number, exactly one - * BUILD_GROUP_ATTR: group attribute, optional, several possible + * @param type certificate type, CERT_X509_AC only + * @param args builder_part_t argument list + * @return X.509 Attribute certificate, NULL on failure + */ +x509_ac_t *x509_ac_load(certificate_type_t type, va_list args); + +/** + * Generate a X.509 attribute certificate. + * + * Accepted build parts: + * BUILD_USER_CERT: user certificate + * BUILD_SIGNER_CERT: signer certificate + * BUILD_SIGNER_KEY: signer private key + * BUILD_SERIAL: serial number + * BUILD_GROUP_ATTR: group attribute, several possible * * @param type certificate type, CERT_X509_AC only - * @return builder instance to build X.509 attribute certificates + * @param args builder_part_t argument list + * @return X.509 Attribute certificate, NULL on failure */ -builder_t *x509_ac_builder(certificate_type_t type); +x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args); #endif /** X509_AC_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 6fe1809c2..3b729236e 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -3,7 +3,7 @@ * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss * Copyright (C) 2002 Mario Strasser * Copyright (C) 2000-2006 Andreas Steffen - * Copyright (C) 2006-2008 Martin Willi + * Copyright (C) 2006-2009 Martin Willi * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * @@ -33,11 +33,11 @@ #include #include #include -#include #include #include #include #include +#include /** * Different kinds of generalNames @@ -65,17 +65,17 @@ struct private_x509_cert_t { * Public interface for this certificate. */ x509_cert_t public; - + /** * X.509 certificate encoding in ASN.1 DER format */ chunk_t encoding; - + /** * SHA1 hash of the DER encoding of this X.509 certificate */ chunk_t encoding_hash; - + /** * X.509 certificate body over which signature is computed */ @@ -85,100 +85,109 @@ struct private_x509_cert_t { * Version of the X.509 certificate */ u_int version; - + /** * Serial number of the X.509 certificate */ chunk_t serialNumber; - + /** * ID representing the certificate issuer */ identification_t *issuer; - + /** * Start time of certificate validity */ time_t notBefore; - + /** * End time of certificate validity */ time_t notAfter; - + /** * ID representing the certificate subject */ identification_t *subject; - + /** * List of subjectAltNames as identification_t */ linked_list_t *subjectAltNames; - + /** * List of crlDistributionPoints as allocated char* */ linked_list_t *crl_uris; - + /** - * List ocspAccessLocations as identification_t + * List of ocspAccessLocations as allocated char* */ linked_list_t *ocsp_uris; - + /** - * certificates embedded public key + * List of ipAddrBlocks as traffic_selector_t + */ + linked_list_t *ipAddrBlocks; + + /** + * certificate's embedded public key */ public_key_t *public_key; - + /** * Subject Key Identifier */ - chunk_t subjectKeyID; - + chunk_t subjectKeyIdentifier; + /** * Authority Key Identifier */ - identification_t *authKeyIdentifier; - + chunk_t authKeyIdentifier; + /** * Authority Key Serial Number */ chunk_t authKeySerialNumber; - + + /** + * Path Length Constraint + */ + int pathLenConstraint; + /** * x509 constraints and other flags */ x509_flag_t flags; - + /** * Signature algorithm */ int algorithm; - + /** * Signature */ chunk_t signature; - + /** * Certificate parsed from blob/file? */ bool parsed; - + /** * reference count */ refcount_t ref; }; -static u_char ASN1_sAN_oid_buf[] = { +static const chunk_t ASN1_subjectAltName_oid = chunk_from_chars( 0x06, 0x03, 0x55, 0x1D, 0x11 -}; -static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_sAN_oid_buf); +); /** - * ASN.1 definition of a basicConstraints extension + * ASN.1 definition of a basicConstraints extension */ static const asn1Object_t basicConstraintsObjects[] = { { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ @@ -187,12 +196,14 @@ static const asn1Object_t basicConstraintsObjects[] = { { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -#define BASIC_CONSTRAINTS_CA 1 +#define BASIC_CONSTRAINTS_CA 1 +#define BASIC_CONSTRAINTS_PATH_LEN 2 /** * Extracts the basicConstraints extension */ -static bool parse_basicConstraints(chunk_t blob, int level0) +static void parse_basicConstraints(chunk_t blob, int level0, + private_x509_cert_t *this) { asn1_parser_t *parser; chunk_t object; @@ -204,19 +215,39 @@ static bool parse_basicConstraints(chunk_t blob, int level0) while (parser->iterate(parser, &objectID, &object)) { - if (objectID == BASIC_CONSTRAINTS_CA) + switch (objectID) { - isCA = object.len && *object.ptr; - DBG2(" %s", isCA ? "TRUE" : "FALSE"); + case BASIC_CONSTRAINTS_CA: + isCA = object.len && *object.ptr; + DBG2(" %s", isCA ? "TRUE" : "FALSE"); + if (isCA) + { + this->flags |= X509_CA; + } + break; + case BASIC_CONSTRAINTS_PATH_LEN: + if (isCA) + { + if (object.len == 0) + { + this->pathLenConstraint = 0; + } + else if (object.len == 1) + { + this->pathLenConstraint = *object.ptr; + } + /* we ignore path length constraints > 127 */ + } + break; + default: + break; } } parser->destroy(parser); - - return isCA; } /** - * ASN.1 definition of otherName + * ASN.1 definition of otherName */ static const asn1Object_t otherNameObjects[] = { {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */ @@ -262,14 +293,14 @@ static bool parse_otherName(chunk_t blob, int level0) } } success = parser->success(parser); - + end: parser->destroy(parser); return success; } /** - * ASN.1 definition of generalName + * ASN.1 definition of generalName */ static const asn1Object_t generalNameObjects[] = { { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */ @@ -292,10 +323,10 @@ static const asn1Object_t generalNameObjects[] = { { 0, "end choice", ASN1_EOC, ASN1_END }, /* 17 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -#define GN_OBJ_OTHER_NAME 0 -#define GN_OBJ_RFC822_NAME 2 -#define GN_OBJ_DNS_NAME 4 -#define GN_OBJ_X400_ADDRESS 6 +#define GN_OBJ_OTHER_NAME 0 +#define GN_OBJ_RFC822_NAME 2 +#define GN_OBJ_DNS_NAME 4 +#define GN_OBJ_X400_ADDRESS 6 #define GN_OBJ_DIRECTORY_NAME 8 #define GN_OBJ_EDI_PARTY_NAME 10 #define GN_OBJ_URI 12 @@ -310,16 +341,16 @@ static identification_t *parse_generalName(chunk_t blob, int level0) asn1_parser_t *parser; chunk_t object; int objectID ; - + identification_t *gn = NULL; - + parser = asn1_parser_create(generalNameObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { id_type_t id_type = ID_ANY; - + switch (objectID) { case GN_OBJ_RFC822_NAME: @@ -356,14 +387,14 @@ static identification_t *parse_generalName(chunk_t blob, int level0) goto end; } } - + end: parser->destroy(parser); return gn; } /** - * ASN.1 definition of generalNames + * ASN.1 definition of generalNames */ static const asn1Object_t generalNamesObjects[] = { { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ @@ -381,18 +412,18 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis asn1_parser_t *parser; chunk_t object; int objectID; - + parser = asn1_parser_create(generalNamesObjects, blob); parser->set_top_level(parser, level0); parser->set_flags(parser, implicit, FALSE); - + while (parser->iterate(parser, &objectID, &object)) { if (objectID == GENERAL_NAMES_GN) { identification_t *gn = parse_generalName(object, parser->get_level(parser)+1); - + if (gn) { list->insert_last(list, (void *)gn); @@ -403,7 +434,7 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis } /** - * ASN.1 definition of a authorityKeyIdentifier extension + * ASN.1 definition of a authorityKeyIdentifier extension */ static const asn1Object_t authKeyIdentifierObjects[] = { { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ @@ -422,26 +453,25 @@ static const asn1Object_t authKeyIdentifierObjects[] = { /** * Extracts an authoritykeyIdentifier */ -identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, +chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeySerialNumber) { asn1_parser_t *parser; chunk_t object; int objectID; - identification_t *authKeyIdentifier = NULL; - + chunk_t authKeyIdentifier = chunk_empty; + *authKeySerialNumber = chunk_empty; - + parser = asn1_parser_create(authKeyIdentifierObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { - switch (objectID) + switch (objectID) { case AUTH_KEY_ID_KEY_ID: - authKeyIdentifier = identification_create_from_encoding( - ID_PUBKEY_SHA1, object); + authKeyIdentifier = chunk_clone(object); break; case AUTH_KEY_ID_CERT_ISSUER: /* TODO: x509_parse_generalNames(object, level+1, TRUE); */ @@ -458,7 +488,7 @@ identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, } /** - * ASN.1 definition of a authorityInfoAccess extension + * ASN.1 definition of a authorityInfoAccess extension */ static const asn1Object_t authInfoAccessObjects[] = { { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ @@ -481,13 +511,13 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, chunk_t object; int objectID; int accessMethod = OID_UNKNOWN; - + parser = asn1_parser_create(authInfoAccessObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { - switch (objectID) + switch (objectID) { case AUTH_INFO_ACCESS_METHOD: accessMethod = asn1_known_oid(object); @@ -501,7 +531,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, { identification_t *id; char *uri; - + id = parse_generalName(object, parser->get_level(parser)+1); if (id == NULL) @@ -528,7 +558,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, break; } } - + end: parser->destroy(parser); } @@ -547,26 +577,37 @@ static const asn1Object_t extendedKeyUsageObjects[] = { /** * Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned */ -static bool parse_extendedKeyUsage(chunk_t blob, int level0) +static void parse_extendedKeyUsage(chunk_t blob, int level0, + private_x509_cert_t *this) { asn1_parser_t *parser; chunk_t object; int objectID; - bool ocsp_signing = FALSE; - + parser = asn1_parser_create(extendedKeyUsageObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { - if (objectID == EXT_KEY_USAGE_PURPOSE_ID && - asn1_known_oid(object) == OID_OCSP_SIGNING) + if (objectID == EXT_KEY_USAGE_PURPOSE_ID) { - ocsp_signing = TRUE; + switch (asn1_known_oid(object)) + { + case OID_SERVER_AUTH: + this->flags |= X509_SERVER_AUTH; + break; + case OID_CLIENT_AUTH: + this->flags |= X509_CLIENT_AUTH; + break; + case OID_OCSP_SIGNING: + this->flags |= X509_OCSP_SIGNER; + break; + default: + break; + } } } parser->destroy(parser); - return ocsp_signing; } /** @@ -600,24 +641,24 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0, chunk_t object; int objectID; linked_list_t *list = linked_list_create(); - + parser = asn1_parser_create(crlDistributionPointsObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { if (objectID == CRL_DIST_POINTS_FULLNAME) { identification_t *id; - + /* append extracted generalNames to existing chained list */ x509_parse_generalNames(object, parser->get_level(parser)+1, TRUE, list); - + while (list->remove_last(list, (void**)&id) == SUCCESS) { char *uri; - + if (asprintf(&uri, "%Y", id) > 0) { this->crl_uris->insert_last(this->crl_uris, uri); @@ -630,6 +671,147 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0, list->destroy(list); } +/** + * ASN.1 definition of ipAddrBlocks according to RFC 3779 + */ +static const asn1Object_t ipAddrBlocksObjects[] = { + { 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ + { 2, "inherit", ASN1_NULL, ASN1_OPT|ASN1_NONE }, /* 3 */ + { 2, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ + { 2, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 5 */ + { 3, "addressPrefix", ASN1_BIT_STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ + { 3, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ + { 3, "addressRange", ASN1_SEQUENCE, ASN1_OPT|ASN1_NONE }, /* 8 */ + { 4, "min", ASN1_BIT_STRING, ASN1_BODY }, /* 9 */ + { 4, "max", ASN1_BIT_STRING, ASN1_BODY }, /* 10 */ + { 3, "end choice", ASN1_EOC, ASN1_END }, /* 11 */ + { 2, "end choice/loop", ASN1_EOC, ASN1_END }, /* 12 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define IP_ADDR_BLOCKS_FAMILY 2 +#define IP_ADDR_BLOCKS_INHERIT 3 +#define IP_ADDR_BLOCKS_PREFIX 6 +#define IP_ADDR_BLOCKS_MIN 9 +#define IP_ADDR_BLOCKS_MAX 10 + +static bool check_address_object(ts_type_t ts_type, chunk_t object) +{ + switch (ts_type) + { + case TS_IPV4_ADDR_RANGE: + if (object.len > 5) + { + DBG1("IPv4 address object is larger than 5 octets"); + return FALSE; + } + break; + case TS_IPV6_ADDR_RANGE: + if (object.len > 17) + { + DBG1("IPv6 address object is larger than 17 octets"); + return FALSE; + } + break; + default: + DBG1("unknown address family"); + return FALSE; + } + if (object.len == 0) + { + DBG1("An ASN.1 bit string must contain at least the initial octet"); + return FALSE; + } + if (object.len == 1 && object.ptr[0] != 0) + { + DBG1("An empty ASN.1 bit string must contain a zero initial octet"); + return FALSE; + } + if (object.ptr[0] > 7) + { + DBG1("number of unused bits is too large"); + return FALSE; + } + return TRUE; +} + +static void parse_ipAddrBlocks(chunk_t blob, int level0, + private_x509_cert_t *this) +{ + asn1_parser_t *parser; + chunk_t object, min_object; + ts_type_t ts_type = 0; + traffic_selector_t *ts; + int objectID; + + parser = asn1_parser_create(ipAddrBlocksObjects, blob); + parser->set_top_level(parser, level0); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case IP_ADDR_BLOCKS_FAMILY: + ts_type = 0; + if (object.len == 2 && object.ptr[0] == 0) + { + if (object.ptr[1] == 1) + { + ts_type = TS_IPV4_ADDR_RANGE; + } + else if (object.ptr[1] == 2) + { + ts_type = TS_IPV6_ADDR_RANGE; + } + else + { + break; + } + DBG2(" %N", ts_type_name, ts_type); + } + break; + case IP_ADDR_BLOCKS_INHERIT: + DBG1("inherit choice is not supported"); + break; + case IP_ADDR_BLOCKS_PREFIX: + if (!check_address_object(ts_type, object)) + { + goto end; + } + ts = traffic_selector_create_from_rfc3779_format(ts_type, + object, object); + DBG2(" %R", ts); + this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts); + break; + case IP_ADDR_BLOCKS_MIN: + if (!check_address_object(ts_type, object)) + { + goto end; + } + min_object = object; + break; + case IP_ADDR_BLOCKS_MAX: + if (!check_address_object(ts_type, object)) + { + goto end; + } + ts = traffic_selector_create_from_rfc3779_format(ts_type, + min_object, object); + DBG2(" %R", ts); + this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts); + break; + default: + break; + } + } + this->flags |= X509_IP_ADDR_BLOCKS; + +end: + parser->destroy(parser); +} + /** * ASN.1 definition of an X.509v3 x509_cert */ @@ -671,12 +853,18 @@ static const asn1Object_t certObjects[] = { #define X509_OBJ_NOT_AFTER 9 #define X509_OBJ_SUBJECT 10 #define X509_OBJ_SUBJECT_PUBLIC_KEY_INFO 11 +#define X509_OBJ_OPTIONAL_EXTENSIONS 16 #define X509_OBJ_EXTN_ID 19 #define X509_OBJ_CRITICAL 20 #define X509_OBJ_EXTN_VALUE 21 #define X509_OBJ_ALGORITHM 24 #define X509_OBJ_SIGNATURE 25 +/** + * forward declaration + */ +static bool issued_by(private_x509_cert_t *this, certificate_t *issuer); + /** * Parses an X.509v3 certificate */ @@ -688,14 +876,14 @@ static bool parse_certificate(private_x509_cert_t *this) int extn_oid = OID_UNKNOWN; int sig_alg = OID_UNKNOWN; bool success = FALSE; - bool critical; - + bool critical = FALSE; + parser = asn1_parser_create(certObjects, this->encoding); - + while (parser->iterate(parser, &objectID, &object)) { u_int level = parser->get_level(parser)+1; - + switch (objectID) { case X509_OBJ_TBS_CERTIFICATE: @@ -703,7 +891,15 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_VERSION: this->version = (object.len) ? (1+(u_int)*object.ptr) : 1; - DBG2(" v%d", this->version); + if (this->version < 1 || this->version > 3) + { + DBG1("X.509v%d not supported", this->version); + goto end; + } + else + { + DBG2(" X.509v%d", this->version); + } break; case X509_OBJ_SERIAL_NUMBER: this->serialNumber = object; @@ -726,13 +922,22 @@ static bool parse_certificate(private_x509_cert_t *this) DBG2(" '%Y'", this->subject); break; case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO: + DBG2("-- > --"); this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END); + DBG2("-- < --"); if (this->public_key == NULL) { goto end; } break; + case X509_OBJ_OPTIONAL_EXTENSIONS: + if (this->version != 3) + { + DBG1("Only X.509v3 certificates have extensions"); + goto end; + } + break; case X509_OBJ_EXTN_ID: extn_oid = asn1_known_oid(object); break; @@ -750,45 +955,50 @@ static bool parse_certificate(private_x509_cert_t *this) { goto end; } - this->subjectKeyID = object; + this->subjectKeyIdentifier = object; break; case OID_SUBJECT_ALT_NAME: x509_parse_generalNames(object, level, FALSE, this->subjectAltNames); break; case OID_BASIC_CONSTRAINTS: - if (parse_basicConstraints(object, level)) - { - this->flags |= X509_CA; - } + parse_basicConstraints(object, level, this); break; case OID_CRL_DISTRIBUTION_POINTS: parse_crlDistributionPoints(object, level, this); break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, - level, &this->authKeySerialNumber); + level, &this->authKeySerialNumber); break; case OID_AUTHORITY_INFO_ACCESS: parse_authorityInfoAccess(object, level, this); break; case OID_EXTENDED_KEY_USAGE: - if (parse_extendedKeyUsage(object, level)) - { - this->flags |= X509_OCSP_SIGNER; - } + parse_extendedKeyUsage(object, level, this); + break; + case OID_IP_ADDR_BLOCKS: + parse_ipAddrBlocks(object, level, this); break; case OID_NS_REVOCATION_URL: case OID_NS_CA_REVOCATION_URL: case OID_NS_CA_POLICY_URL: case OID_NS_COMMENT: - if (!asn1_parse_simple_object(&object, ASN1_IA5STRING, + if (!asn1_parse_simple_object(&object, ASN1_IA5STRING, level, oid_names[extn_oid].name)) { goto end; } break; default: + if (critical && lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.x509.enforce_critical", FALSE)) + { + DBG1("critical %s extension not supported", + (extn_oid == OID_UNKNOWN) ? "unknown" : + (char*)oid_names[extn_oid].name); + goto end; + } break; } break; @@ -809,9 +1019,28 @@ static bool parse_certificate(private_x509_cert_t *this) } } success = parser->success(parser); - + end: parser->destroy(parser); + if (success) + { + hasher_t *hasher; + + /* check if the certificate is self-signed */ + if (issued_by(this, &this->public.interface.interface)) + { + this->flags |= X509_SELF_SIGNED; + } + /* create certificate hash */ + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (hasher == NULL) + { + DBG1(" unable to create hash of certificate, SHA1 not supported"); + return NULL; + } + hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash); + hasher->destroy(hasher); + } return success; } @@ -847,13 +1076,15 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje identification_t *current; enumerator_t *enumerator; id_match_t match, best; - - if (this->encoding_hash.ptr && subject->get_type(subject) == ID_CERT_DER_SHA1 && - chunk_equals(this->encoding_hash, subject->get_encoding(subject))) + + if (this->encoding_hash.ptr && subject->get_type(subject) == ID_KEY_ID) { - return ID_MATCH_PERFECT; + if (chunk_equals(this->encoding_hash, subject->get_encoding(subject))) + { + return ID_MATCH_PERFECT; + } } - + best = this->subject->matches(this->subject, subject); enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames); while (enumerator->enumerate(enumerator, ¤t)) @@ -861,15 +1092,15 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje match = current->matches(current, subject); if (match > best) { - best = match; + best = match; } } enumerator->destroy(enumerator); - return best; + return best; } /** - * Implementation of certificate_t.has_subject. + * Implementation of certificate_t.has_issuer. */ static id_match_t has_issuer(private_x509_cert_t *this, identification_t *issuer) { @@ -878,7 +1109,7 @@ static id_match_t has_issuer(private_x509_cert_t *this, identification_t *issuer } /** - * Implementation of certificate_t.issued_by + * Implementation of certificate_t.issued_by. */ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) { @@ -886,7 +1117,7 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; - + if (&this->public.interface.interface == issuer) { if (this->flags & X509_SELF_SIGNED) @@ -910,17 +1141,18 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) return FALSE; } - /* get the public key of the issuer */ - key = issuer->get_public_key(issuer); - /* determine signature scheme */ scheme = signature_scheme_from_oid(this->algorithm); - - if (scheme == SIGN_UNKNOWN || key == NULL) + if (scheme == SIGN_UNKNOWN) + { + return FALSE; + } + /* get the public key of the issuer */ + key = issuer->get_public_key(issuer); + if (!key) { return FALSE; } - /* TODO: add a lightweight check option (comparing auth/subject keyids only) */ valid = key->verify(key, scheme, this->tbsCertificate, this->signature); key->destroy(key); return valid; @@ -936,7 +1168,7 @@ static public_key_t* get_public_key(private_x509_cert_t *this) } /** - * Implementation of certificate_t.asdf + * Implementation of certificate_t.get_ref */ static private_x509_cert_t* get_ref(private_x509_cert_t *this) { @@ -958,16 +1190,8 @@ static x509_flag_t get_flags(private_x509_cert_t *this) static bool get_validity(private_x509_cert_t *this, time_t *when, time_t *not_before, time_t *not_after) { - time_t t; - - if (when) - { - t = *when; - } - else - { - t = time(NULL); - } + time_t t = when ? *when : time(NULL); + if (not_before) { *not_before = this->notBefore; @@ -986,7 +1210,7 @@ static bool is_newer(certificate_t *this, certificate_t *that) { time_t this_update, that_update, now = time(NULL); bool new; - + this->get_validity(this, &now, &this_update, NULL); that->get_validity(that, &now, &that_update, NULL); new = this_update > that_update; @@ -995,7 +1219,7 @@ static bool is_newer(certificate_t *this, certificate_t *that) &that_update, FALSE, new ? "replaced":"retained"); return new; } - + /** * Implementation of certificate_t.get_encoding. */ @@ -1011,7 +1235,7 @@ static bool equals(private_x509_cert_t *this, certificate_t *other) { chunk_t encoding; bool equal; - + if (this == (private_x509_cert_t*)other) { return TRUE; @@ -1022,7 +1246,7 @@ static bool equals(private_x509_cert_t *this, certificate_t *other) } if (other->equals == (void*)equals) { /* skip allocation if we have the same implementation */ - return chunk_equals(this->encoding, ((private_x509_cert_t*)other)->encoding); + return chunk_equals(this->encoding, ((private_x509_cert_t*)other)->encoding); } encoding = other->get_encoding(other); equal = chunk_equals(this->encoding, encoding); @@ -1038,14 +1262,47 @@ static chunk_t get_serial(private_x509_cert_t *this) return this->serialNumber; } +/** + * Implementation of x509_t.get_subjectKeyIdentifier. + */ +static chunk_t get_subjectKeyIdentifier(private_x509_cert_t *this) +{ + if (this->subjectKeyIdentifier.ptr) + { + return this->subjectKeyIdentifier; + } + else + { + chunk_t fingerprint; + + if (this->public_key->get_fingerprint(this->public_key, + KEY_ID_PUBKEY_SHA1, &fingerprint)) + { + return fingerprint; + } + else + { + return chunk_empty; + } + } +} + /** * Implementation of x509_t.get_authKeyIdentifier. */ -static identification_t *get_authKeyIdentifier(private_x509_cert_t *this) +static chunk_t get_authKeyIdentifier(private_x509_cert_t *this) { return this->authKeyIdentifier; } +/** + * Implementation of x509_t.get_pathLenConstraint. + */ +static int get_pathLenConstraint(private_x509_cert_t *this) +{ + return this->pathLenConstraint; +} + /** * Implementation of x509_cert_t.create_subjectAltName_enumerator. */ @@ -1071,7 +1328,15 @@ static enumerator_t* create_crl_uri_enumerator(private_x509_cert_t *this) } /** - * Implementation of certificate_t.asdf + * Implementation of x509_cert_t.create_ipAddrBlock_enumerator. + */ +static enumerator_t* create_ipAddrBlock_enumerator(private_x509_cert_t *this) +{ + return this->ipAddrBlocks->create_enumerator(this->ipAddrBlocks); +} + +/** + * Implementation of certificate_t.destroy. */ static void destroy(private_x509_cert_t *this) { @@ -1081,10 +1346,11 @@ static void destroy(private_x509_cert_t *this) offsetof(identification_t, destroy)); this->crl_uris->destroy_function(this->crl_uris, free); this->ocsp_uris->destroy_function(this->ocsp_uris, free); + this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, offsetof(traffic_selector_t, destroy)); DESTROY_IF(this->issuer); DESTROY_IF(this->subject); DESTROY_IF(this->public_key); - DESTROY_IF(this->authKeyIdentifier); + chunk_free(&this->authKeyIdentifier); chunk_free(&this->encoding); chunk_free(&this->encoding_hash); if (!this->parsed) @@ -1103,7 +1369,7 @@ static void destroy(private_x509_cert_t *this) static private_x509_cert_t* create_empty(void) { private_x509_cert_t *this = malloc_thing(private_x509_cert_t); - + this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer; @@ -1119,16 +1385,19 @@ static private_x509_cert_t* create_empty(void) this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags; this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial; - this->public.interface.get_authKeyIdentifier = (identification_t* (*)(x509_t*))get_authKeyIdentifier; + this->public.interface.get_subjectKeyIdentifier = (chunk_t (*)(x509_t*))get_subjectKeyIdentifier; + this->public.interface.get_authKeyIdentifier = (chunk_t (*)(x509_t*))get_authKeyIdentifier; + this->public.interface.get_pathLenConstraint = (int (*)(x509_t*))get_pathLenConstraint; this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(x509_t*))create_subjectAltName_enumerator; this->public.interface.create_crl_uri_enumerator = (enumerator_t* (*)(x509_t*))create_crl_uri_enumerator; this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator; - + this->public.interface.create_ipAddrBlock_enumerator = (enumerator_t* (*)(x509_t*))create_ipAddrBlock_enumerator; + this->encoding = chunk_empty; this->encoding_hash = chunk_empty; this->tbsCertificate = chunk_empty; - this->version = 3; - this->serialNumber = chunk_empty; + this->version = 1; + this->serialNumber = chunk_empty; this->notBefore = 0; this->notAfter = 0; this->public_key = NULL; @@ -1137,111 +1406,96 @@ static private_x509_cert_t* create_empty(void) this->subjectAltNames = linked_list_create(); this->crl_uris = linked_list_create(); this->ocsp_uris = linked_list_create(); - this->subjectKeyID = chunk_empty; - this->authKeyIdentifier = NULL; + this->ipAddrBlocks = linked_list_create(); + this->subjectKeyIdentifier = chunk_empty; + this->authKeyIdentifier = chunk_empty; this->authKeySerialNumber = chunk_empty; + this->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; this->algorithm = 0; this->signature = chunk_empty; this->flags = 0; this->ref = 1; this->parsed = FALSE; - - return this; -} -/** - * create an X.509 certificate from a chunk - */ -static private_x509_cert_t *create_from_chunk(chunk_t chunk) -{ - hasher_t *hasher; - private_x509_cert_t *this = create_empty(); - - this->encoding = chunk; - this->parsed = TRUE; - if (!parse_certificate(this)) - { - destroy(this); - return NULL; - } - - /* check if the certificate is self-signed */ - if (issued_by(this, &this->public.interface.interface)) - { - this->flags |= X509_SELF_SIGNED; - } - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - DBG1(" unable to create hash of certificate, SHA1 not supported"); - destroy(this); - return NULL; - } - hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash); - hasher->destroy(hasher); - return this; } /** - * create an X.509 certificate from a file + * Encode a linked list of subjectAltNames */ -static private_x509_cert_t *create_from_file(char *path) +chunk_t x509_build_subjectAltNames(linked_list_t *list) { - bool pgp = FALSE; - chunk_t chunk; - private_x509_cert_t *this; - - if (!pem_asn1_load_file(path, NULL, &chunk, &pgp)) + chunk_t subjectAltNames = chunk_empty; + enumerator_t *enumerator; + identification_t *id; + + if (list->get_count(list) == 0) { - return NULL; + return chunk_empty; } - this = create_from_chunk(chunk); - - if (this == NULL) + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &id)) { - DBG1(" could not parse loaded certificate file '%s'",path); - return NULL; + int context; + chunk_t name; + + switch (id->get_type(id)) + { + case ID_RFC822_ADDR: + context = ASN1_CONTEXT_S_1; + break; + case ID_FQDN: + context = ASN1_CONTEXT_S_2; + break; + case ID_IPV4_ADDR: + case ID_IPV6_ADDR: + context = ASN1_CONTEXT_S_7; + break; + default: + DBG1("encoding %N as subjectAltName not supported", + id_type_names, id->get_type(id)); + enumerator->destroy(enumerator); + free(subjectAltNames.ptr); + return chunk_empty; + } + name = asn1_wrap(context, "c", id->get_encoding(id)); + subjectAltNames = chunk_cat("mm", subjectAltNames, name); } - DBG1(" loaded certificate file '%s'", path); - return this; -} + enumerator->destroy(enumerator); -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for certificate loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded certificate */ - private_x509_cert_t *cert; - /** additional flags to enforce */ - x509_flag_t flags; - /** certificate to sign, if we generate a new cert */ - certificate_t *sign_cert; - /** private key to sign, if we generate a new cert */ - private_key_t *sign_key; -}; + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_SUBJECT_ALT_NAME), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", subjectAltNames) + ) + ); +} /** * Generate and sign a new certificate */ -static bool generate(private_builder_t *this) +static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, + private_key_t *sign_key, int digest_alg) { - chunk_t extensions = chunk_empty; + chunk_t extensions = chunk_empty, extendedKeyUsage = chunk_empty; + chunk_t serverAuth = chunk_empty, clientAuth = chunk_empty; + chunk_t ocspSigning = chunk_empty; + chunk_t basicConstraints = chunk_empty, subjectAltNames = chunk_empty; + chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; + chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; identification_t *issuer, *subject; - chunk_t key_info, key; + chunk_t key_info; signature_scheme_t scheme; hasher_t *hasher; - - subject = this->cert->subject; - if (this->sign_cert) + enumerator_t *enumerator; + char *uri; + + subject = cert->subject; + if (sign_cert) { - issuer = this->sign_cert->get_subject(this->sign_cert); - if (!this->cert->public_key) + issuer = sign_cert->get_subject(sign_cert); + if (!cert->public_key) { return FALSE; } @@ -1249,216 +1503,355 @@ static bool generate(private_builder_t *this) else { /* self signed */ issuer = subject; - if (!this->cert->public_key) + if (!cert->public_key) { - this->cert->public_key = this->sign_key->get_public_key(this->sign_key); + cert->public_key = sign_key->get_public_key(sign_key); } - this->flags |= X509_SELF_SIGNED; + cert->flags |= X509_SELF_SIGNED; } - this->cert->issuer = issuer->clone(issuer); - if (!this->cert->notBefore) + cert->issuer = issuer->clone(issuer); + if (!cert->notBefore) { - this->cert->notBefore = time(NULL); + cert->notBefore = time(NULL); } - if (!this->cert->notAfter) - { /* defaults to 1 years from now on */ - this->cert->notAfter = this->cert->notBefore + 60 * 60 * 24 * 365; + if (!cert->notAfter) + { /* defaults to 1 year from now */ + cert->notAfter = cert->notBefore + 60 * 60 * 24 * 365; } - this->cert->flags = this->flags; - - switch (this->sign_key->get_type(this->sign_key)) + + /* select signature scheme */ + cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg, + sign_key->get_type(sign_key)); + if (cert->algorithm == OID_UNKNOWN) { - case KEY_RSA: - this->cert->algorithm = OID_SHA1_WITH_RSA; - scheme = SIGN_RSA_EMSA_PKCS1_SHA1; - break; - default: - return FALSE; + return FALSE; } - - switch (this->cert->public_key->get_type(this->cert->public_key)) + scheme = signature_scheme_from_oid(cert->algorithm); + + if (!cert->public_key->get_encoding(cert->public_key, + KEY_PUB_SPKI_ASN1_DER, &key_info)) { - case KEY_RSA: - key = this->cert->public_key->get_encoding(this->cert->public_key); - key_info = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", key)); - break; - default: - return FALSE; + return FALSE; + } + + /* encode subjectAltNames */ + subjectAltNames = x509_build_subjectAltNames(cert->subjectAltNames); + + /* encode CRL distribution points extension */ + enumerator = cert->crl_uris->create_enumerator(cert->crl_uris); + while (enumerator->enumerate(enumerator, &uri)) + { + chunk_t distributionPoint; + + distributionPoint = asn1_wrap(ASN1_SEQUENCE, "m", + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_CONTEXT_S_6, "c", + chunk_create(uri, strlen(uri)))))); + + crlDistributionPoints = chunk_cat("mm", crlDistributionPoints, + distributionPoint); + } + enumerator->destroy(enumerator); + if (crlDistributionPoints.ptr) + { + crlDistributionPoints = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_CRL_DISTRIBUTION_POINTS), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", crlDistributionPoints))); + } + + /* encode OCSP URIs in authorityInfoAccess extension */ + enumerator = cert->ocsp_uris->create_enumerator(cert->ocsp_uris); + while (enumerator->enumerate(enumerator, &uri)) + { + chunk_t accessDescription; + + accessDescription = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_OCSP), + asn1_wrap(ASN1_CONTEXT_S_6, "c", + chunk_create(uri, strlen(uri)))); + authorityInfoAccess = chunk_cat("mm", authorityInfoAccess, + accessDescription); + } + enumerator->destroy(enumerator); + if (authorityInfoAccess.ptr) + { + authorityInfoAccess = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_AUTHORITY_INFO_ACCESS), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", authorityInfoAccess))); + } + + /* build CA basicConstraint for CA certificates */ + if (cert->flags & X509_CA) + { + chunk_t pathLenConstraint = chunk_empty; + + if (cert->pathLenConstraint != X509_NO_PATH_LEN_CONSTRAINT) + { + char pathlen = (char)cert->pathLenConstraint; + + pathLenConstraint = asn1_integer("c", chunk_from_thing(pathlen)); + } + basicConstraints = asn1_wrap(ASN1_SEQUENCE, "mmm", + asn1_build_known_oid(OID_BASIC_CONSTRAINTS), + asn1_wrap(ASN1_BOOLEAN, "c", + chunk_from_chars(0xFF)), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_BOOLEAN, "c", + chunk_from_chars(0xFF)), + pathLenConstraint))); + } + + /* add serverAuth extendedKeyUsage flag */ + if (cert->flags & X509_SERVER_AUTH) + { + serverAuth = asn1_build_known_oid(OID_SERVER_AUTH); + } + if (cert->flags & X509_CLIENT_AUTH) + { + clientAuth = asn1_build_known_oid(OID_CLIENT_AUTH); + } + + /* add ocspSigning extendedKeyUsage flag */ + if (cert->flags & X509_OCSP_SIGNER) + { + ocspSigning = asn1_build_known_oid(OID_OCSP_SIGNING); + } + + if (serverAuth.ptr || clientAuth.ptr || ocspSigning.ptr) + { + extendedKeyUsage = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_EXTENDED_KEY_USAGE), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "mmm", + serverAuth, clientAuth, ocspSigning))); + } + + /* add subjectKeyIdentifier to CA and OCSP signer certificates */ + if (cert->flags & (X509_CA | X509_OCSP_SIGNER)) + { + chunk_t keyid; + + if (cert->public_key->get_fingerprint(cert->public_key, + KEY_ID_PUBKEY_SHA1, &keyid)) + { + subjectKeyIdentifier = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_SUBJECT_KEY_ID), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_OCTET_STRING, "c", keyid))); + } + } + + /* add the keyid authKeyIdentifier for non self-signed certificates */ + if (sign_key) + { + chunk_t keyid; + + if (sign_key->get_fingerprint(sign_key, KEY_ID_PUBKEY_SHA1, &keyid)) + { + authKeyIdentifier = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_AUTHORITY_KEY_ID), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", + asn1_wrap(ASN1_CONTEXT_S_0, "c", keyid)))); + } } - - if (this->cert->subjectAltNames->get_count(this->cert->subjectAltNames)) + if (basicConstraints.ptr || subjectAltNames.ptr || authKeyIdentifier.ptr || + crlDistributionPoints.ptr) { - /* TODO: encode subjectAltNames */ + extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m", + asn1_wrap(ASN1_SEQUENCE, "mmmmmmm", + basicConstraints, subjectKeyIdentifier, + authKeyIdentifier, subjectAltNames, + extendedKeyUsage, crlDistributionPoints, + authorityInfoAccess)); } - - this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmccmcmm", + + cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm", asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2), - asn1_integer("c", this->cert->serialNumber), - asn1_algorithmIdentifier(this->cert->algorithm), + asn1_integer("c", cert->serialNumber), + asn1_algorithmIdentifier(cert->algorithm), issuer->get_encoding(issuer), asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_from_time(&this->cert->notBefore, ASN1_UTCTIME), - asn1_from_time(&this->cert->notAfter, ASN1_UTCTIME)), + asn1_from_time(&cert->notBefore, ASN1_UTCTIME), + asn1_from_time(&cert->notAfter, ASN1_UTCTIME)), subject->get_encoding(subject), key_info, extensions); - - if (!this->sign_key->sign(this->sign_key, scheme, - this->cert->tbsCertificate, &this->cert->signature)) + + if (!sign_key->sign(sign_key, scheme, cert->tbsCertificate, &cert->signature)) { return FALSE; } - this->cert->encoding = asn1_wrap(ASN1_SEQUENCE, "ccm", - this->cert->tbsCertificate, - asn1_algorithmIdentifier(this->cert->algorithm), - asn1_bitstring("c", this->cert->signature)); - + cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm", cert->tbsCertificate, + asn1_algorithmIdentifier(cert->algorithm), + asn1_bitstring("c", cert->signature)); + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) { return FALSE; } - hasher->allocate_hash(hasher, this->cert->encoding, - &this->cert->encoding_hash); + hasher->allocate_hash(hasher, cert->encoding, &cert->encoding_hash); hasher->destroy(hasher); return TRUE; } /** - * Implementation of builder_t.build + * See header. */ -static private_x509_cert_t *build(private_builder_t *this) +x509_cert_t *x509_cert_load(certificate_type_t type, va_list args) { - private_x509_cert_t *cert; - - if (this->cert) + x509_flag_t flags = 0; + chunk_t blob = chunk_empty; + + while (TRUE) { - this->cert->flags |= this->flags; - if (!this->cert->encoding.ptr) - { /* generate a new certificate */ - if (!this->sign_key || !generate(this)) - { - destroy(this->cert); - free(this); + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_X509_FLAG: + flags |= va_arg(args, x509_flag_t); + continue; + case BUILD_END: + break; + default: return NULL; - } } + break; + } + + if (blob.ptr) + { + private_x509_cert_t *cert = create_empty(); + + cert->encoding = chunk_clone(blob); + cert->parsed = TRUE; + if (parse_certificate(cert)) + { + cert->flags |= flags; + return &cert->public; + } + destroy(cert); } - cert = this->cert; - free(this); - return cert; + return NULL; } /** - * Implementation of builder_t.add + * See header. */ -static void add(private_builder_t *this, builder_part_t part, ...) +x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) { - va_list args; - chunk_t chunk; - bool handled = TRUE; - - va_start(args, part); - switch (part) + private_x509_cert_t *cert; + certificate_t *sign_cert = NULL; + private_key_t *sign_key = NULL; + hash_algorithm_t digest_alg = HASH_SHA1; + + cert = create_empty(); + while (TRUE) { - case BUILD_FROM_FILE: - this->cert = create_from_file(va_arg(args, char*)); - break; - case BUILD_BLOB_ASN1_DER: - chunk = va_arg(args, chunk_t); - this->cert = create_from_chunk(chunk_clone(chunk)); - break; - case BUILD_X509_FLAG: - this->flags = va_arg(args, x509_flag_t); - break; - case BUILD_SIGNING_KEY: - this->sign_key = va_arg(args, private_key_t*); - break; - case BUILD_SIGNING_CERT: - this->sign_cert = va_arg(args, certificate_t*); - break; - default: - /* all other parts need an empty cert */ - if (!this->cert) + switch (va_arg(args, builder_part_t)) + { + case BUILD_X509_FLAG: + cert->flags |= va_arg(args, x509_flag_t); + continue; + case BUILD_SIGNING_KEY: + sign_key = va_arg(args, private_key_t*); + continue; + case BUILD_SIGNING_CERT: + sign_cert = va_arg(args, certificate_t*); + continue; + case BUILD_PUBLIC_KEY: + cert->public_key = va_arg(args, public_key_t*); + cert->public_key->get_ref(cert->public_key); + continue; + case BUILD_SUBJECT: + cert->subject = va_arg(args, identification_t*); + cert->subject = cert->subject->clone(cert->subject); + continue; + case BUILD_SUBJECT_ALTNAMES: { - this->cert = create_empty(); + enumerator_t *enumerator; + identification_t *id; + linked_list_t *list; + + list = va_arg(args, linked_list_t*); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &id)) + { + cert->subjectAltNames->insert_last(cert->subjectAltNames, + id->clone(id)); + } + enumerator->destroy(enumerator); + continue; } - handled = FALSE; - break; - } - if (handled) - { - va_end(args); - return; - } - - switch (part) - { - case BUILD_PUBLIC_KEY: - { - public_key_t *key = va_arg(args, public_key_t*); - this->cert->public_key = key->get_ref(key); - break; - } - case BUILD_SUBJECT: - { - identification_t *id = va_arg(args, identification_t*); - this->cert->subject = id->clone(id); - break; - } - case BUILD_SUBJECT_ALTNAME: - { - identification_t *id = va_arg(args, identification_t*); - this->cert->subjectAltNames->insert_last( - this->cert->subjectAltNames, id->clone(id)); - break; - } - case BUILD_NOT_BEFORE_TIME: - this->cert->notBefore = va_arg(args, time_t); - break; - case BUILD_NOT_AFTER_TIME: - this->cert->notAfter = va_arg(args, time_t); - break; - case BUILD_SERIAL: - { - chunk_t serial = va_arg(args, chunk_t); - this->cert->serialNumber = chunk_clone(serial); - break; - } - default: - /* abort if unsupported option */ - if (this->cert) + case BUILD_CRL_DISTRIBUTION_POINTS: { - destroy(this->cert); + enumerator_t *enumerator; + linked_list_t *list; + char *uri; + + list = va_arg(args, linked_list_t*); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &uri)) + { + cert->crl_uris->insert_last(cert->crl_uris, strdup(uri)); + } + enumerator->destroy(enumerator); + continue; } - builder_cancel(&this->public); - break; + case BUILD_OCSP_ACCESS_LOCATIONS: + { + enumerator_t *enumerator; + linked_list_t *list; + char *uri; + + list = va_arg(args, linked_list_t*); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &uri)) + { + cert->ocsp_uris->insert_last(cert->ocsp_uris, strdup(uri)); + } + enumerator->destroy(enumerator); + continue; + } + case BUILD_PATHLEN: + cert->pathLenConstraint = va_arg(args, int); + if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127) + { + cert->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; + } + continue; + case BUILD_NOT_BEFORE_TIME: + cert->notBefore = va_arg(args, time_t); + continue; + case BUILD_NOT_AFTER_TIME: + cert->notAfter = va_arg(args, time_t); + continue; + case BUILD_SERIAL: + cert->serialNumber = chunk_clone(va_arg(args, chunk_t)); + continue; + case BUILD_DIGEST_ALG: + digest_alg = va_arg(args, int); + continue; + case BUILD_END: + break; + default: + destroy(cert); + return NULL; + } + break; } - va_end(args); -} -/** - * Builder construction function - */ -builder_t *x509_cert_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_X509) + if (sign_key && generate(cert, sign_cert, sign_key, digest_alg)) { - return NULL; + return &cert->public; } - - this = malloc_thing(private_builder_t); - - this->cert = NULL; - this->flags = 0; - this->sign_cert = NULL; - this->sign_key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; + destroy(cert); + return NULL; } diff --git a/src/libstrongswan/plugins/x509/x509_cert.h b/src/libstrongswan/plugins/x509/x509_cert.h index 5ebe1567d..772117f1c 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.h +++ b/src/libstrongswan/plugins/x509/x509_cert.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -23,6 +23,7 @@ typedef struct x509_cert_t x509_cert_t; +#include #include /** @@ -37,11 +38,29 @@ struct x509_cert_t { }; /** - * Create the building facility for x509 certificates + * Load a X.509 certificate. + * + * This function takes a BUILD_BLOB_ASN1_DER. + * + * @param type certificate type, CERT_X509 only + * @param args builder_part_t argument list + * @return X.509 certificate, NULL on failure + */ +x509_cert_t *x509_cert_load(certificate_type_t type, va_list args); + +/** + * Generate a X.509 certificate. + * + * To issue a self-signed certificate, the function takes: + * BUILD_SUBJECT, BUILD_SUBJECT_ALTNAMES, BUILD_SIGNING_KEY, BUILD_X509_FLAG, + * BUILD_NOT_BEFORE_TIME, BUILD_NOT_AFTER_TIME, BUILD_SERIAL, BUILD_DIGEST_ALG. + * To issue certificates from a CA, additionally pass: + * BUILD_SIGNING_CERT and BUILD_PUBLIC_KEY. * * @param type certificate type, CERT_X509 only - * @return builder instance to build certificate + * @param args builder_part_t argument list + * @return X.509 certificate, NULL on failure */ -builder_t *x509_cert_builder(certificate_type_t type); +x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args); #endif /** X509_CERT_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index f502668cb..b9ef3218b 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ typedef struct revoked_t revoked_t; #include #include #include -#include #include #include @@ -37,12 +36,12 @@ struct revoked_t { * serial of the revoked certificate */ chunk_t serial; - + /** * date of revocation */ time_t date; - + /** * reason for revocation */ @@ -58,7 +57,7 @@ struct private_x509_crl_t { * public functions */ x509_crl_t public; - + /** * X.509 crl encoding in ASN.1 DER format */ @@ -73,12 +72,12 @@ struct private_x509_crl_t { * Version of the X.509 crl */ u_int version; - + /** * ID representing the crl issuer */ identification_t *issuer; - + /** * CRL number */ @@ -98,27 +97,27 @@ struct private_x509_crl_t { * list of revoked certificates as revoked_t */ linked_list_t *revoked; - + /** * Authority Key Identifier */ - identification_t *authKeyIdentifier; + chunk_t authKeyIdentifier; /** * Authority Key Serial Number */ chunk_t authKeySerialNumber; - + /** * Signature algorithm */ int algorithm; - + /** * Signature */ chunk_t signature; - + /** * reference counter */ @@ -128,8 +127,8 @@ struct private_x509_crl_t { /** * from x509_cert */ -extern identification_t* x509_parse_authorityKeyIdentifier( - chunk_t blob, int level0, +extern chunk_t x509_parse_authorityKeyIdentifier( + chunk_t blob, int level0, chunk_t *authKeySerialNumber); /** @@ -141,7 +140,7 @@ static const asn1Object_t crlObjects[] = { { 2, "version", ASN1_INTEGER, ASN1_OPT | ASN1_BODY }, /* 2 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 4 */ + { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 4 */ { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 5 */ { 2, "thisUpdate", ASN1_EOC, ASN1_RAW }, /* 6 */ { 2, "nextUpdate", ASN1_EOC, ASN1_RAW }, /* 7 */ @@ -151,7 +150,7 @@ static const asn1Object_t crlObjects[] = { { 4, "userCertificate", ASN1_INTEGER, ASN1_BODY }, /* 10 */ { 4, "revocationDate", ASN1_EOC, ASN1_RAW }, /* 11 */ { 4, "crlEntryExtensions", ASN1_SEQUENCE, ASN1_OPT | - ASN1_LOOP }, /* 12 */ + ASN1_LOOP }, /* 12 */ { 5, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */ { 6, "extnID", ASN1_OID, ASN1_BODY }, /* 14 */ { 6, "critical", ASN1_BOOLEAN, ASN1_DEF | @@ -239,7 +238,7 @@ static bool parse(private_x509_crl_t *this) revoked = malloc_thing(revoked_t); revoked->serial = userCertificate; revoked->date = asn1_parse_time(object, level); - revoked->reason = CRL_UNSPECIFIED; + revoked->reason = CRL_REASON_UNSPECIFIED; this->revoked->insert_last(this->revoked, (void *)revoked); break; case CRL_OBJ_CRL_ENTRY_EXTN_ID: @@ -269,7 +268,7 @@ static bool parse(private_x509_crl_t *this) { this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, - level, &this->authKeySerialNumber); + level, &this->authKeySerialNumber); } else if (extn_oid == OID_CRL_NUMBER) { @@ -338,17 +337,18 @@ static chunk_t get_serial(private_x509_crl_t *this) /** * Implementation of crl_t.get_authKeyIdentifier. */ -static identification_t* get_authKeyIdentifier(private_x509_crl_t *this) +static chunk_t get_authKeyIdentifier(private_x509_crl_t *this) { return this->authKeyIdentifier; } + /** * Implementation of crl_t.create_enumerator. */ static enumerator_t* create_enumerator(private_x509_crl_t *this) { return enumerator_create_filter( - this->revoked->create_enumerator(this->revoked), + this->revoked->create_enumerator(this->revoked), (void*)filter, NULL, NULL); } @@ -373,24 +373,12 @@ static identification_t* get_issuer(private_x509_crl_t *this) */ static id_match_t has_issuer(private_x509_crl_t *this, identification_t *issuer) { - id_match_t match; - - if (issuer->get_type(issuer) == ID_PUBKEY_SHA1) - { - if (this->authKeyIdentifier) - { - match = issuer->matches(issuer, this->authKeyIdentifier); - } - else - { - match = ID_MATCH_NONE; - } - } - else + if (issuer->get_type(issuer) == ID_KEY_ID && this->authKeyIdentifier.ptr && + chunk_equals(this->authKeyIdentifier, issuer->get_encoding(issuer))) { - match = this->issuer->matches(this->issuer, issuer); + return ID_MATCH_PERFECT; } - return match; + return this->issuer->matches(this->issuer, issuer); } /** @@ -402,7 +390,7 @@ static bool issued_by(private_x509_crl_t *this, certificate_t *issuer) signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; - + /* check if issuer is an X.509 CA certificate */ if (issuer->get_type(issuer) != CERT_X509) { @@ -417,17 +405,17 @@ static bool issued_by(private_x509_crl_t *this, certificate_t *issuer) key = issuer->get_public_key(issuer); /* compare keyIdentifiers if available, otherwise use DNs */ - if (this->authKeyIdentifier && key) + if (this->authKeyIdentifier.ptr && key) { - identification_t *subjectKeyIdentifier = key->get_id(key, ID_PUBKEY_SHA1); + chunk_t fingerprint; - if (!subjectKeyIdentifier->equals(subjectKeyIdentifier, - this->authKeyIdentifier)) + if (!key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &fingerprint) || + !chunk_equals(fingerprint, this->authKeyIdentifier)) { return FALSE; } } - else + else { if (!this->issuer->equals(this->issuer, issuer->get_subject(issuer))) { @@ -470,16 +458,8 @@ static private_x509_crl_t* get_ref(private_x509_crl_t *this) static bool get_validity(private_x509_crl_t *this, time_t *when, time_t *not_before, time_t *not_after) { - time_t t; - - if (when) - { - t = *when; - } - else - { - t = time(NULL); - } + time_t t = when ? *when : time(NULL); + if (not_before) { *not_before = this->thisUpdate; @@ -498,7 +478,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that) { chunk_t that_crlNumber = that->get_serial(that); bool new; - + /* compare crlNumbers if available - otherwise use thisUpdate */ if (this->crlNumber.ptr != NULL && that_crlNumber.ptr != NULL) { @@ -507,7 +487,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that) &this->crlNumber, new ? "newer":"not newer", &that_crlNumber, new ? "replaced":"retained"); } - else + else { certificate_t *this_cert = &this->public.crl.certificate; certificate_t *that_cert = &that->certificate; @@ -523,7 +503,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that) } return new; } - + /** * Implementation of certificate_t.get_encoding. */ @@ -539,14 +519,14 @@ static bool equals(private_x509_crl_t *this, certificate_t *other) { chunk_t encoding; bool equal; - + if ((certificate_t*)this == other) { return TRUE; } if (other->equals == (void*)equals) { /* skip allocation if we have the same implementation */ - return chunk_equals(this->encoding, ((private_x509_crl_t*)other)->encoding); + return chunk_equals(this->encoding, ((private_x509_crl_t*)other)->encoding); } encoding = other->get_encoding(other); equal = chunk_equals(this->encoding, encoding); @@ -563,7 +543,7 @@ static void destroy(private_x509_crl_t *this) { this->revoked->destroy_function(this->revoked, free); DESTROY_IF(this->issuer); - DESTROY_IF(this->authKeyIdentifier); + free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); free(this); } @@ -575,9 +555,9 @@ static void destroy(private_x509_crl_t *this) static private_x509_crl_t* create_empty(void) { private_x509_crl_t *this = malloc_thing(private_x509_crl_t); - + this->public.crl.get_serial = (chunk_t (*)(crl_t*))get_serial; - this->public.crl.get_authKeyIdentifier = (identification_t* (*)(crl_t*))get_authKeyIdentifier; + this->public.crl.get_authKeyIdentifier = (chunk_t (*)(crl_t*))get_authKeyIdentifier; this->public.crl.create_enumerator = (enumerator_t* (*)(crl_t*))create_enumerator; this->public.crl.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.crl.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_issuer; @@ -592,138 +572,51 @@ static private_x509_crl_t* create_empty(void) this->public.crl.certificate.equals = (bool (*)(certificate_t*, certificate_t *other))equals; this->public.crl.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; this->public.crl.certificate.destroy = (void (*)(certificate_t *this))destroy; - + this->encoding = chunk_empty; this->tbsCertList = chunk_empty; this->issuer = NULL; this->crlNumber = chunk_empty; this->revoked = linked_list_create(); - this->authKeyIdentifier = NULL; + this->authKeyIdentifier = chunk_empty; this->authKeySerialNumber = chunk_empty; this->ref = 1; - - return this; -} -/** - * create an X.509 crl from a chunk - */ -static private_x509_crl_t* create_from_chunk(chunk_t chunk) -{ - private_x509_crl_t *this = create_empty(); - - this->encoding = chunk; - if (!parse(this)) - { - destroy(this); - return NULL; - } return this; } /** - * create an X.509 crl from a file + * See header. */ -static private_x509_crl_t* create_from_file(char *path) +x509_crl_t *x509_crl_load(certificate_type_t type, va_list args) { - bool pgp = FALSE; - chunk_t chunk; - private_x509_crl_t *this; - - if (!pem_asn1_load_file(path, NULL, &chunk, &pgp)) - { - return NULL; - } - - this = create_from_chunk(chunk); - - if (this == NULL) - { - DBG1(" could not parse loaded crl file '%s'",path); - return NULL; - } - DBG1(" loaded crl file '%s'", path); - return this; -} + chunk_t blob = chunk_empty; -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for certificate loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded CRL */ - private_x509_crl_t *crl; -}; - -/** - * Implementation of builder_t.build - */ -static private_x509_crl_t *build(private_builder_t *this) -{ - private_x509_crl_t *crl = this->crl; - - free(this); - return crl; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->crl) + while (TRUE) { - va_list args; - chunk_t chunk; - - switch (part) + switch (va_arg(args, builder_part_t)) { - case BUILD_FROM_FILE: - { - va_start(args, part); - this->crl = create_from_file(va_arg(args, char*)); - va_end(args); - return; - } case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->crl = create_from_chunk(chunk_clone(chunk)); - va_end(args); - return; - } - default: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->crl) + if (blob.ptr) { - destroy(this->crl); - } - builder_cancel(&this->public); -} + private_x509_crl_t *crl = create_empty(); -/** - * Builder construction function - */ -builder_t *x509_crl_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_X509_CRL) - { - return NULL; + crl->encoding = chunk_clone(blob); + if (parse(crl)) + { + return &crl->public; + } + destroy(crl); } - - this = malloc_thing(private_builder_t); - - this->crl = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; -} + return NULL; +}; diff --git a/src/libstrongswan/plugins/x509/x509_crl.h b/src/libstrongswan/plugins/x509/x509_crl.h index daa8e4846..890650162 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.h +++ b/src/libstrongswan/plugins/x509/x509_crl.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -23,6 +23,7 @@ typedef struct x509_crl_t x509_crl_t; +#include #include /** @@ -36,13 +37,13 @@ struct x509_crl_t { crl_t crl; }; - /** - * Create the building facility for x509 certificate revocation lists. + * Load a X.509 CRL. * * @param type certificate type, CERT_X509_CRL only - * @return builder instance to build certificate + * @param args builder_part_t argument list + * @return X.509 CRL, NULL on failure */ -builder_t *x509_crl_builder(certificate_type_t type); +x509_crl_t *x509_crl_load(certificate_type_t type, va_list args); #endif /** X509_CRL_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index 4020d8d95..f86f87751 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Copyright (C) 2007 Andreas Steffen * Hochschule fuer Technik Rapperswil * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen @@ -39,12 +39,12 @@ struct private_x509_ocsp_request_t { * public functions */ x509_ocsp_request_t public; - + /** * CA the candidates belong to */ x509_t *ca; - + /** * Requestor name, subject of cert used if not set */ @@ -54,56 +54,50 @@ struct private_x509_ocsp_request_t { * Requestor certificate, included in request */ certificate_t *cert; - + /** * Requestor private key to sign request */ private_key_t *key; - + /** * list of certificates to check, x509_t */ linked_list_t *candidates; - + /** * nonce used in request */ chunk_t nonce; - + /** * encoded OCSP request */ chunk_t encoding; - + /** * reference count */ refcount_t ref; }; -static u_char ASN1_nonce_oid_str[] = { +static const chunk_t ASN1_nonce_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02 -}; - -static u_char ASN1_response_oid_str[] = { +); +static const chunk_t ASN1_response_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04 -}; - -static u_char ASN1_response_content_str[] = { +); +static const chunk_t ASN1_response_content = chunk_from_chars( 0x04, 0x0D, 0x30, 0x0B, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01 -}; - -static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str); -static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str); -static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str); +); /** * build requestorName @@ -120,7 +114,7 @@ static chunk_t build_requestorName(private_x509_ocsp_request_t *this) return asn1_wrap(ASN1_CONTEXT_C_1, "m", asn1_simple_object(ASN1_CONTEXT_C_4, this->requestor->get_encoding(this->requestor))); - + } return chunk_empty; } @@ -133,7 +127,7 @@ static chunk_t build_Request(private_x509_ocsp_request_t *this, chunk_t serialNumber) { return asn1_wrap(ASN1_SEQUENCE, "m", - asn1_wrap(ASN1_SEQUENCE, "cmmm", + asn1_wrap(ASN1_SEQUENCE, "mmmm", asn1_algorithmIdentifier(OID_SHA1), asn1_simple_object(ASN1_OCTET_STRING, issuerNameHash), asn1_simple_object(ASN1_OCTET_STRING, issuerKeyHash), @@ -151,7 +145,7 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this) certificate_t *cert; chunk_t list = chunk_empty; public_key_t *public; - + cert = (certificate_t*)this->ca; public = cert->get_public_key(cert); if (public) @@ -159,23 +153,21 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this) hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher) { - identification_t *keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid) + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, + &issuerKeyHash)) { enumerator_t *enumerator; - - issuerKeyHash = keyid->get_encoding(keyid); - + issuer = cert->get_subject(cert); hasher->allocate_hash(hasher, issuer->get_encoding(issuer), &issuerNameHash); hasher->destroy(hasher); - + enumerator = this->candidates->create_enumerator(this->candidates); while (enumerator->enumerate(enumerator, &x509)) { chunk_t request, serialNumber; - + serialNumber = x509->get_serial(x509); request = build_Request(this, issuerNameHash, issuerKeyHash, serialNumber); @@ -204,7 +196,7 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this) static chunk_t build_nonce(private_x509_ocsp_request_t *this) { rng_t *rng; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (rng) { @@ -232,7 +224,7 @@ static chunk_t build_acceptableResponses(private_x509_ocsp_request_t *this) */ static chunk_t build_requestExtensions(private_x509_ocsp_request_t *this) { - return asn1_wrap(ASN1_CONTEXT_C_2, "m", + return asn1_wrap(ASN1_CONTEXT_C_2, "m", asn1_wrap(ASN1_SEQUENCE, "mm", build_nonce(this), build_acceptableResponses(this))); @@ -258,7 +250,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, int oid; signature_scheme_t scheme; chunk_t certs, signature; - + switch (this->key->get_type(this->key)) { /* TODO: use a generic mapping function */ @@ -268,14 +260,14 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, break; case KEY_ECDSA: oid = OID_ECDSA_WITH_SHA1; - scheme = SIGN_ECDSA_WITH_SHA1; + scheme = SIGN_ECDSA_WITH_SHA1_DER; break; default: DBG1("unable to sign OCSP request, %N signature not supported", key_type_names, this->key->get_type(this->key)); return chunk_empty; } - + if (!this->key->sign(this->key, scheme, tbsRequest, &signature)) { DBG1("creating OCSP signature failed, skipped"); @@ -288,7 +280,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, this->cert->get_encoding(this->cert))); } return asn1_wrap(ASN1_CONTEXT_C_0, "m", - asn1_wrap(ASN1_SEQUENCE, "cmm", + asn1_wrap(ASN1_SEQUENCE, "cmm", asn1_algorithmIdentifier(oid), asn1_bitstring("m", signature), certs)); @@ -301,7 +293,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, static chunk_t build_OCSPRequest(private_x509_ocsp_request_t *this) { chunk_t tbsRequest, optionalSignature = chunk_empty; - + tbsRequest = build_tbsRequest(this); if (this->key) { @@ -325,7 +317,7 @@ static certificate_type_t get_type(private_x509_ocsp_request_t *this) static identification_t* get_subject(private_x509_ocsp_request_t *this) { certificate_t *ca = (certificate_t*)this->ca; - + if (this->requestor) { return this->requestor; @@ -343,7 +335,7 @@ static identification_t* get_subject(private_x509_ocsp_request_t *this) static identification_t* get_issuer(private_x509_ocsp_request_t *this) { certificate_t *ca = (certificate_t*)this->ca; - + return ca->get_subject(ca); } @@ -363,11 +355,11 @@ static id_match_t has_subject(private_x509_ocsp_request_t *this, match = current->has_subject(current, subject); if (match > best) { - best = match; + best = match; } } enumerator->destroy(enumerator); - return best; + return best; } /** @@ -416,7 +408,7 @@ static bool get_validity(private_x509_ocsp_request_t *this, time_t *when, } return cert->get_validity(cert, when, not_before, not_after); } - + /** * Implementation of certificate_t.get_encoding. */ @@ -432,7 +424,7 @@ static bool equals(private_x509_ocsp_request_t *this, certificate_t *other) { chunk_t encoding; bool equal; - + if (this == (private_x509_ocsp_request_t*)other) { return TRUE; @@ -443,7 +435,7 @@ static bool equals(private_x509_ocsp_request_t *this, certificate_t *other) } if (other->equals == (void*)equals) { /* skip allocation if we have the same implementation */ - return chunk_equals(this->encoding, ((private_x509_ocsp_request_t*)other)->encoding); + return chunk_equals(this->encoding, ((private_x509_ocsp_request_t*)other)->encoding); } encoding = other->get_encoding(other); equal = chunk_equals(this->encoding, encoding); @@ -484,7 +476,7 @@ static void destroy(private_x509_ocsp_request_t *this) static private_x509_ocsp_request_t *create_empty() { private_x509_ocsp_request_t *this = malloc_thing(private_x509_ocsp_request_t); - + this->public.interface.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.interface.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject; this->public.interface.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; @@ -497,7 +489,7 @@ static private_x509_ocsp_request_t *create_empty() this->public.interface.interface.equals = (bool(*)(certificate_t*, certificate_t *other))equals; this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy; - + this->ca = NULL; this->requestor = NULL; this->cert = NULL; @@ -506,30 +498,60 @@ static private_x509_ocsp_request_t *create_empty() this->encoding = chunk_empty; this->candidates = linked_list_create(); this->ref = 1; - + return this; } -typedef struct private_builder_t private_builder_t; /** - * Builder implementation for certificate loading + * See header. */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** OCSP request to build */ - private_x509_ocsp_request_t *req; -}; - -/** - * Implementation of builder_t.build - */ -static x509_ocsp_request_t *build(private_builder_t *this) +x509_ocsp_request_t *x509_ocsp_request_gen(certificate_type_t type, va_list args) { private_x509_ocsp_request_t *req; - - req = this->req; - free(this); + certificate_t *cert; + private_key_t *private; + identification_t *subject; + + req = create_empty(); + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_CA_CERT: + cert = va_arg(args, certificate_t*); + if (cert->get_type(cert) == CERT_X509) + { + req->ca = (x509_t*)cert->get_ref(cert); + } + continue; + case BUILD_CERT: + cert = va_arg(args, certificate_t*); + if (cert->get_type(cert) == CERT_X509) + { + req->candidates->insert_last(req->candidates, + cert->get_ref(cert)); + } + continue; + case BUILD_SIGNING_CERT: + cert = va_arg(args, certificate_t*); + req->cert = cert->get_ref(cert); + continue; + case BUILD_SIGNING_KEY: + private = va_arg(args, private_key_t*); + req->key = private->get_ref(private); + continue; + case BUILD_SUBJECT: + subject = va_arg(args, identification_t*); + req->requestor = subject->clone(subject); + continue; + case BUILD_END: + break; + default: + destroy(req); + return NULL; + } + break; + } if (req->ca) { req->encoding = build_OCSPRequest(req); @@ -539,76 +561,3 @@ static x509_ocsp_request_t *build(private_builder_t *this) return NULL; } -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - va_list args; - certificate_t *cert; - identification_t *subject; - private_key_t *private; - - va_start(args, part); - switch (part) - { - case BUILD_CA_CERT: - cert = va_arg(args, certificate_t*); - if (cert->get_type(cert) == CERT_X509) - { - this->req->ca = (x509_t*)cert->get_ref(cert); - } - break; - case BUILD_CERT: - cert = va_arg(args, certificate_t*); - if (cert->get_type(cert) == CERT_X509) - { - this->req->candidates->insert_last(this->req->candidates, - cert->get_ref(cert)); - } - break; - case BUILD_SIGNING_CERT: - cert = va_arg(args, certificate_t*); - this->req->cert = cert->get_ref(cert); - break; - case BUILD_SIGNING_KEY: - private = va_arg(args, private_key_t*); - this->req->key = private->get_ref(private); - break; - case BUILD_SUBJECT: - subject = va_arg(args, identification_t*); - this->req->requestor = subject->clone(subject); - break; - default: - /* cancel if option not supported */ - if (this->req) - { - destroy(this->req); - } - builder_cancel(&this->public); - break; - } - va_end(args); -} - -/** - * Builder construction function - */ -builder_t *x509_ocsp_request_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_X509_OCSP_REQUEST) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->req = create_empty(); - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; -} - diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.h b/src/libstrongswan/plugins/x509/x509_ocsp_request.h index ffaa3c634..4c0e4b8f2 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.h +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ #ifndef X509_OCSP_REQUEST_H_ #define X509_OCSP_REQUEST_H_ +#include #include typedef struct x509_ocsp_request_t x509_ocsp_request_t; @@ -37,7 +38,7 @@ struct x509_ocsp_request_t { }; /** - * Create the building facility for OCSP requests. + * Generate a X.509 OCSP request. * * The resulting builder accepts: * BUILD_CA_CERT: CA of the checked certificates, exactly one @@ -46,9 +47,10 @@ struct x509_ocsp_request_t { * BUILD_SIGNING_CERT: certificate to create requestor signature, optional * BUILD_SIGNING_KEY: private key to create requestor signature, optional * - * @param type certificate type, CERT_X509_OCSP_REQUEST only - * @return builder instance to build OCSP requests + * @param type certificate type, CERT_X509_OCSP_REQUEST only + * @param args builder_part_t argument list + * @return OCSP request, NULL on failure */ -builder_t *x509_ocsp_request_builder(certificate_type_t type); +x509_ocsp_request_t *x509_ocsp_request_gen(certificate_type_t type, va_list args); #endif /** X509_OCSP_REQUEST_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 1b3187258..948d7ad85 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -1,5 +1,5 @@ /** - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Copyright (C) 2007 Andreas Steffen * Hochschule fuer Technik Rapperswil * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen @@ -45,42 +45,42 @@ struct private_x509_ocsp_response_t { * Public interface for this ocsp object. */ x509_ocsp_response_t public; - + /** * complete encoded OCSP response */ chunk_t encoding; - + /** * data for signature verficiation */ chunk_t tbsResponseData; - + /** * signature algorithm (OID) */ int signatureAlgorithm; - + /** * signature */ chunk_t signature; - + /** * name or keyid of the responder */ identification_t *responderId; - + /** * time of response production */ time_t producedAt; - + /** * latest nextUpdate in this OCSP response */ time_t usableUntil; - + /** * list of included certificates */ @@ -95,7 +95,7 @@ struct private_x509_ocsp_response_t { * Nonce required for ocsp request and response */ chunk_t nonce; - + /** * reference counter */ @@ -130,29 +130,23 @@ typedef struct { #define OCSP_BASIC_RESPONSE_VERSION 1 /* some OCSP specific prefabricated ASN.1 constants */ -static u_char ASN1_nonce_oid_str[] = { +static const chunk_t ASN1_nonce_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02 -}; - -static u_char ASN1_response_oid_str[] = { +); +static const chunk_t ASN1_response_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04 -}; - -static u_char ASN1_response_content_str[] = { +); +static const chunk_t ASN1_response_content = chunk_from_chars( 0x04, 0x0D, 0x30, 0x0B, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01 -}; - -static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str); -static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str); -static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str); +); /** * Implementaiton of ocsp_response_t.get_status @@ -167,14 +161,15 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this, single_response_t *response; cert_validation_t status = VALIDATION_FAILED; certificate_t *issuercert = &issuer->interface; - + enumerator = this->responses->create_enumerator(this->responses); while (enumerator->enumerate(enumerator, &response)) { hasher_t *hasher; identification_t *id; - chunk_t hash; - + key_encoding_type_t type; + chunk_t hash, fingerprint; + /* check serial first, is cheaper */ if (!chunk_equals(subject->get_serial(subject), response->serialNumber)) { @@ -184,22 +179,23 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this, if (response->issuerKeyHash.ptr) { public_key_t *public; - + public = issuercert->get_public_key(issuercert); if (!public) { continue; } switch (response->hashAlgorithm) - { /* TODO: generic mapper function */ + { case OID_SHA1: - id = public->get_id(public, ID_PUBKEY_SHA1); + type = KEY_ID_PUBKEY_SHA1; break; default: public->destroy(public); continue; } - if (!chunk_equals(response->issuerKeyHash, id->get_encoding(id))) + if (!public->get_fingerprint(public, type, &fingerprint) || + !chunk_equals(response->issuerKeyHash, fingerprint)) { public->destroy(public); continue; @@ -209,7 +205,7 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this, /* check issuerNameHash, if available */ else if (response->issuerNameHash.ptr) { - hasher = lib->crypto->create_hasher(lib->crypto, + hasher = lib->crypto->create_hasher(lib->crypto, hasher_algorithm_from_oid(response->hashAlgorithm)); if (!hasher) { @@ -233,7 +229,7 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this, *revocation_reason = response->revocationReason; *this_update = response->thisUpdate; *next_update = response->nextUpdate; - + break; } enumerator->destroy(enumerator); @@ -310,7 +306,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, bool success = FALSE; single_response_t *response; - + response = malloc_thing(single_response_t); response->hashAlgorithm = OID_UNKNOWN; response->issuerNameHash = chunk_empty; @@ -318,7 +314,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, response->serialNumber = chunk_empty; response->status = VALIDATION_FAILED; response->revocationTime = 0; - response->revocationReason = CRL_UNSPECIFIED; + response->revocationReason = CRL_REASON_UNSPECIFIED; response->thisUpdate = UNDEFINED_TIME; /* if nextUpdate is missing, we give it a short lifetime */ response->nextUpdate = this->producedAt + OCSP_DEFAULT_LIFETIME; @@ -357,7 +353,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, { response->revocationReason = *object.ptr; } - break; + break; case SINGLE_RESPONSE_CERT_STATUS_UNKNOWN: response->status = VALIDATION_FAILED; break; @@ -370,7 +366,7 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, { this->usableUntil = response->nextUpdate; } - break; + break; } } success = parser->success(parser); @@ -400,14 +396,14 @@ static const asn1Object_t responsesObjects[] = { /** * Parse all responses */ -static bool parse_responses(private_x509_ocsp_response_t *this, +static bool parse_responses(private_x509_ocsp_response_t *this, chunk_t blob, int level0) { asn1_parser_t *parser; chunk_t object; int objectID; bool success = FALSE; - + parser = asn1_parser_create(responsesObjects, blob); parser->set_top_level(parser, level0); @@ -484,7 +480,7 @@ static const asn1Object_t basicResponseObjects[] = { /** * Parse a basicOCSPResponse */ -static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, +static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, chunk_t blob, int level0) { asn1_parser_t *parser; @@ -496,7 +492,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, certificate_t *cert; bool success = FALSE; bool critical; - + parser = asn1_parser_create(basicResponseObjects, blob); parser->set_top_level(parser, level0); @@ -525,7 +521,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, break; case BASIC_RESPONSE_ID_BY_KEY: this->responderId = identification_create_from_encoding( - ID_PUBKEY_INFO_SHA1, object); + ID_KEY_ID, object); DBG2(" '%Y'", this->responderId); break; case BASIC_RESPONSE_PRODUCED_AT: @@ -622,15 +618,15 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this) case OCSP_RESPONSE_STATUS: status = (ocsp_status_t)*object.ptr; switch (status) - { - case OCSP_SUCCESSFUL: + { + case OCSP_SUCCESSFUL: break; default: DBG1(" ocsp response status: %N", ocsp_status_names, status); goto end; } - break; + break; case OCSP_RESPONSE_TYPE: responseType = asn1_known_oid(object); break; @@ -689,35 +685,33 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer) signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; - + if (issuer->get_type(issuer) != CERT_X509) { return FALSE; } - if (this->responderId->get_type(this->responderId) == ID_DER_ASN1_DN) + if (this->responderId->get_type(this->responderId) == ID_KEY_ID) { - if (!this->responderId->equals(this->responderId, - issuer->get_subject(issuer))) + chunk_t fingerprint; + + key = issuer->get_public_key(issuer); + if (!key || + !key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &fingerprint) || + !chunk_equals(fingerprint, + this->responderId->get_encoding(this->responderId))) { + DESTROY_IF(key); return FALSE; } + key->destroy(key); } else { - bool equal; - public_key_t *public = issuer->get_public_key(issuer); - - if (public == NULL) + if (!this->responderId->equals(this->responderId, + issuer->get_subject(issuer))) { return FALSE; } - equal = this->responderId->equals(this->responderId, - public->get_id(public, ID_PUBKEY_SHA1)); - public->destroy(public); - if (!equal) - { - return FALSE; - } } if (!(x509->get_flags(x509) & X509_OCSP_SIGNER) && !(x509->get_flags(x509) & X509_CA)) @@ -754,16 +748,8 @@ static public_key_t* get_public_key(private_x509_ocsp_response_t *this) static bool get_validity(private_x509_ocsp_response_t *this, time_t *when, time_t *not_before, time_t *not_after) { - time_t t; + time_t t = when ? *when : time(NULL); - if (when == NULL) - { - t = time(NULL); - } - else - { - t = *when; - } if (not_before) { *not_before = this->producedAt; @@ -791,7 +777,7 @@ static bool is_newer(certificate_t *this, certificate_t *that) &that_update, FALSE, new ? "replaced":"retained"); return new; } - + /** * Implementation of certificate_t.get_encoding. */ @@ -807,7 +793,7 @@ static bool equals(private_x509_ocsp_response_t *this, certificate_t *other) { chunk_t encoding; bool equal; - + if (this == (private_x509_ocsp_response_t*)other) { return TRUE; @@ -818,7 +804,7 @@ static bool equals(private_x509_ocsp_response_t *this, certificate_t *other) } if (other->equals == (void*)equals) { /* skip allocation if we have the same implementation */ - return chunk_equals(this->encoding, ((private_x509_ocsp_response_t*)other)->encoding); + return chunk_equals(this->encoding, ((private_x509_ocsp_response_t*)other)->encoding); } encoding = other->get_encoding(other); equal = chunk_equals(this->encoding, encoding); @@ -853,12 +839,12 @@ static void destroy(private_x509_ocsp_response_t *this) /** * load an OCSP response */ -static x509_ocsp_response_t *load(chunk_t data) +static x509_ocsp_response_t *load(chunk_t blob) { private_x509_ocsp_response_t *this; - + this = malloc_thing(private_x509_ocsp_response_t); - + this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_issuer; this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; @@ -874,9 +860,9 @@ static x509_ocsp_response_t *load(chunk_t data) this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy; this->public.interface.get_status = (cert_validation_t(*)(ocsp_response_t*, x509_t *subject, x509_t *issuer, time_t *revocation_time,crl_reason_t *revocation_reason,time_t *this_update, time_t *next_update))get_status; this->public.interface.create_cert_enumerator = (enumerator_t*(*)(ocsp_response_t*))create_cert_enumerator; - + this->ref = 1; - this->encoding = data; + this->encoding = chunk_clone(blob); this->tbsResponseData = chunk_empty; this->responderId = NULL; this->producedAt = UNDEFINED_TIME; @@ -895,78 +881,32 @@ static x509_ocsp_response_t *load(chunk_t data) return &this->public; } - -typedef struct private_builder_t private_builder_t; /** - * Builder implementation for certificate loading + * See header. */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded response */ - x509_ocsp_response_t *res; -}; - -/** - * Implementation of builder_t.build - */ -static x509_ocsp_response_t *build(private_builder_t *this) +x509_ocsp_response_t *x509_ocsp_response_load(certificate_type_t type, + va_list args) { - x509_ocsp_response_t *res = this->res; - - free(this); - return res; -} + chunk_t blob = chunk_empty; -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->res) + while (TRUE) { - va_list args; - chunk_t chunk; - - switch (part) + switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - chunk = va_arg(args, chunk_t); - this->res = load(chunk_clone(chunk)); - va_end(args); - return; - } - default: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - if (this->res) + if (blob.ptr) { - destroy((private_x509_ocsp_response_t*)this->res); + return load(blob); } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *x509_ocsp_response_builder(certificate_type_t type) -{ - private_builder_t *this; - - if (type != CERT_X509_OCSP_RESPONSE) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->res = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - - return &this->public; + return NULL; } diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.h b/src/libstrongswan/plugins/x509/x509_ocsp_response.h index 06a9fd3c7..7a525626e 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.h +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ #ifndef X509_OCSP_RESPONSE_H_ #define X509_OCSP_RESPONSE_H_ +#include #include typedef struct x509_ocsp_response_t x509_ocsp_response_t; @@ -37,11 +38,13 @@ struct x509_ocsp_response_t { }; /** - * Create the building facility for OCSP responses. + * Load a X.509 OCSP response. * * @param type certificate type, CERT_X509_OCSP_RESPONSE only - * @return builder instance to build OCSP responses + * @param args builder_part_t argument list + * @return OCSP response, NULL on failure */ -builder_t *x509_ocsp_response_builder(certificate_type_t type); +x509_ocsp_response_t *x509_ocsp_response_load(certificate_type_t type, + va_list args); #endif /** X509_OCSP_RESPONSE_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c new file mode 100644 index 000000000..6d750c98c --- /dev/null +++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c @@ -0,0 +1,707 @@ +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Copyright (C) 2009 Andreas Steffen + * + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "x509_pkcs10.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +typedef struct private_x509_pkcs10_t private_x509_pkcs10_t; + +/** + * Private data of a x509_pkcs10_t object. + */ +struct private_x509_pkcs10_t { + /** + * Public interface for this certificate. + */ + x509_pkcs10_t public; + + /** + * PKCS#10 certificate request encoding in ASN.1 DER format + */ + chunk_t encoding; + + /** + * PKCS#10 request body over which signature is computed + */ + chunk_t certificationRequestInfo; + + /** + * Version of the PKCS#10 certificate request + */ + u_int version; + + /** + * ID representing the certificate subject + */ + identification_t *subject; + + /** + * List of subjectAltNames as identification_t + */ + linked_list_t *subjectAltNames; + + /** + * certificate's embedded public key + */ + public_key_t *public_key; + + /** + * challenge password + */ + chunk_t challengePassword; + + /** + * Signature algorithm + */ + int algorithm; + + /** + * Signature + */ + chunk_t signature; + + /** + * Is the certificate request self-signed? + */ + bool self_signed; + + /** + * Certificate request parsed from blob/file? + */ + bool parsed; + + /** + * reference count + */ + refcount_t ref; +}; + +/** + * Imported from x509_cert.c + */ +extern void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list); +extern chunk_t x509_build_subjectAltNames(linked_list_t *list); + +/** + * Implementation of certificate_t.get_type. + */ +static certificate_type_t get_type(private_x509_pkcs10_t *this) +{ + return CERT_PKCS10_REQUEST; +} + +/** + * Implementation of certificate_t.get_subject and get_issuer. + */ +static identification_t* get_subject(private_x509_pkcs10_t *this) +{ + return this->subject; +} + +/** + * Implementation of certificate_t.has_subject and has_issuer. + */ +static id_match_t has_subject(private_x509_pkcs10_t *this, identification_t *subject) +{ + return this->subject->matches(this->subject, subject); +} + +/** + * Implementation of certificate_t.issued_by. + */ +static bool issued_by(private_x509_pkcs10_t *this, certificate_t *issuer) +{ + public_key_t *key; + signature_scheme_t scheme; + + if (&this->public.interface.interface != issuer) + { + return FALSE; + } + if (this->self_signed) + { + return TRUE; + } + + /* determine signature scheme */ + scheme = signature_scheme_from_oid(this->algorithm); + if (scheme == SIGN_UNKNOWN) + { + return FALSE; + } + + /* get the public key contained in the certificate request */ + key = this->public_key; + if (!key) + { + return FALSE; + } + return key->verify(key, scheme, this->certificationRequestInfo, + this->signature); +} + +/** + * Implementation of certificate_t.get_public_key. + */ +static public_key_t* get_public_key(private_x509_pkcs10_t *this) +{ + this->public_key->get_ref(this->public_key); + return this->public_key; +} + +/** + * Implementation of certificate_t.get_validity. + */ +static bool get_validity(private_x509_pkcs10_t *this, time_t *when, + time_t *not_before, time_t *not_after) +{ + if (not_before) + { + *not_before = 0; + } + if (not_after) + { + *not_after = ~0; + } + return TRUE; +} + +/** + * Implementation of certificate_t.is_newer. + */ +static bool is_newer(certificate_t *this, certificate_t *that) +{ + return FALSE; +} + +/** + * Implementation of certificate_t.get_encoding. + */ +static chunk_t get_encoding(private_x509_pkcs10_t *this) +{ + return chunk_clone(this->encoding); +} + +/** + * Implementation of certificate_t.equals. + */ +static bool equals(private_x509_pkcs10_t *this, certificate_t *other) +{ + chunk_t encoding; + bool equal; + + if (this == (private_x509_pkcs10_t*)other) + { + return TRUE; + } + if (other->get_type(other) != CERT_PKCS10_REQUEST) + { + return FALSE; + } + if (other->equals == (void*)equals) + { /* skip allocation if we have the same implementation */ + return chunk_equals(this->encoding, ((private_x509_pkcs10_t*)other)->encoding); + } + encoding = other->get_encoding(other); + equal = chunk_equals(this->encoding, encoding); + free(encoding.ptr); + return equal; +} + +/** + * Implementation of certificate_t.get_ref + */ +static private_x509_pkcs10_t* get_ref(private_x509_pkcs10_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of certificate_t.get_challengePassword. + */ +static chunk_t get_challengePassword(private_x509_pkcs10_t *this) +{ + return this->challengePassword; +} + +/** + * Implementation of pkcs10_t.create_subjectAltName_enumerator. + */ +static enumerator_t* create_subjectAltName_enumerator(private_x509_pkcs10_t *this) +{ + return this->subjectAltNames->create_enumerator(this->subjectAltNames); +} + +/** + * ASN.1 definition of a PKCS#10 extension request + */ +static const asn1Object_t extensionRequestObjects[] = { + { 0, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "extnID", ASN1_OID, ASN1_BODY }, /* 2 */ + { 2, "critical", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 3 */ + { 2, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 4 */ + { 1, "end loop", ASN1_EOC, ASN1_END }, /* 5 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PKCS10_EXTN_ID 2 +#define PKCS10_EXTN_CRITICAL 3 +#define PKCS10_EXTN_VALUE 4 + +/** + * Parses a PKCS#10 extension request + */ +static bool parse_extension_request(private_x509_pkcs10_t *this, chunk_t blob, int level0) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + int extn_oid = OID_UNKNOWN; + bool success = FALSE; + bool critical; + + parser = asn1_parser_create(extensionRequestObjects, blob); + parser->set_top_level(parser, level0); + + while (parser->iterate(parser, &objectID, &object)) + { + u_int level = parser->get_level(parser)+1; + + switch (objectID) + { + case PKCS10_EXTN_ID: + extn_oid = asn1_known_oid(object); + break; + case PKCS10_EXTN_CRITICAL: + critical = object.len && *object.ptr; + DBG2(" %s", critical ? "TRUE" : "FALSE"); + break; + case PKCS10_EXTN_VALUE: + { + switch (extn_oid) + { + case OID_SUBJECT_ALT_NAME: + x509_parse_generalNames(object, level, FALSE, + this->subjectAltNames); + break; + default: + break; + } + break; + } + default: + break; + } + } + success = parser->success(parser); + parser->destroy(parser); + return success; +} + +/** + * Parses a PKCS#10 challenge password + */ +static bool parse_challengePassword(private_x509_pkcs10_t *this, chunk_t blob, int level) +{ + char tag; + + if (blob.len < 2) + { + DBG1("L%d - challengePassword: ASN.1 object smaller than 2 octets", + level); + return FALSE; + } + tag = *blob.ptr; + if (tag < ASN1_UTF8STRING || tag > ASN1_IA5STRING) + { + DBG1("L%d - challengePassword: ASN.1 object is not a character string", + level); + return FALSE; + } + if (asn1_length(&blob) == ASN1_INVALID_LENGTH) + { + DBG1("L%d - challengePassword: ASN.1 object has an invalid length", + level); + return FALSE; + } + DBG2("L%d - challengePassword:", level); + DBG4(" '%.*s'", blob.len, blob.ptr); + return TRUE; +} + +/** + * ASN.1 definition of a PKCS#10 certificate request + */ +static const asn1Object_t certificationRequestObjects[] = { + { 0, "certificationRequest", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ + { 1, "certificationRequestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */ + { 2, "version", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 3 */ + { 2, "subjectPublicKeyInfo", ASN1_SEQUENCE, ASN1_RAW }, /* 4 */ + { 2, "attributes", ASN1_CONTEXT_C_0, ASN1_LOOP }, /* 5 */ + { 3, "attribute", ASN1_SEQUENCE, ASN1_NONE }, /* 6 */ + { 4, "type", ASN1_OID, ASN1_BODY }, /* 7 */ + { 4, "values", ASN1_SET, ASN1_LOOP }, /* 8 */ + { 5, "value", ASN1_EOC, ASN1_RAW }, /* 9 */ + { 4, "end loop", ASN1_EOC, ASN1_END }, /* 10 */ + { 2, "end loop", ASN1_EOC, ASN1_END }, /* 11 */ + { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 12 */ + { 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 13 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PKCS10_CERT_REQUEST_INFO 1 +#define PKCS10_VERSION 2 +#define PKCS10_SUBJECT 3 +#define PKCS10_SUBJECT_PUBLIC_KEY_INFO 4 +#define PKCS10_ATTR_TYPE 7 +#define PKCS10_ATTR_VALUE 9 +#define PKCS10_ALGORITHM 12 +#define PKCS10_SIGNATURE 13 + +/** + * Parses a PKCS#10 certificate request + */ +static bool parse_certificate_request(private_x509_pkcs10_t *this) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + int attr_oid = OID_UNKNOWN; + bool success = FALSE; + + parser = asn1_parser_create(certificationRequestObjects, this->encoding); + + while (parser->iterate(parser, &objectID, &object)) + { + u_int level = parser->get_level(parser)+1; + + switch (objectID) + { + case PKCS10_CERT_REQUEST_INFO: + this->certificationRequestInfo = object; + break; + case PKCS10_VERSION: + if (object.len > 0 && *object.ptr != 0) + { + DBG1("PKCS#10 certificate request format is not version 1"); + goto end; + } + break; + case PKCS10_SUBJECT: + this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object); + DBG2(" '%Y'", this->subject); + break; + case PKCS10_SUBJECT_PUBLIC_KEY_INFO: + this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, + KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END); + if (this->public_key == NULL) + { + goto end; + } + break; + case PKCS10_ATTR_TYPE: + attr_oid = asn1_known_oid(object); + break; + case PKCS10_ATTR_VALUE: + switch (attr_oid) + { + case OID_EXTENSION_REQUEST: + if (!parse_extension_request(this, object, level)) + { + goto end; + } + break; + case OID_CHALLENGE_PASSWORD: + if (!parse_challengePassword(this, object, level)) + { + goto end; + } + break; + default: + break; + } + break; + case PKCS10_ALGORITHM: + this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); + break; + case PKCS10_SIGNATURE: + this->signature = object; + break; + default: + break; + } + } + success = parser->success(parser); + +end: + parser->destroy(parser); + if (success) + { + /* check if the certificate request is self-signed */ + if (issued_by(this, &this->public.interface.interface)) + { + this->self_signed = TRUE; + } + else + { + DBG1("certificate request is not self-signed"); + success = FALSE; + } + } + return success; +} + +/** + * Implementation of certificate_t.destroy + */ +static void destroy(private_x509_pkcs10_t *this) +{ + if (ref_put(&this->ref)) + { + this->subjectAltNames->destroy_offset(this->subjectAltNames, + offsetof(identification_t, destroy)); + DESTROY_IF(this->subject); + DESTROY_IF(this->public_key); + chunk_free(&this->encoding); + if (!this->parsed) + { /* only parsed certificate requests point these fields to "encoded" */ + chunk_free(&this->certificationRequestInfo); + chunk_free(&this->challengePassword); + chunk_free(&this->signature); + } + free(this); + } +} + +/** + * create an empty but initialized PKCS#10 certificate request + */ +static private_x509_pkcs10_t* create_empty(void) +{ + private_x509_pkcs10_t *this = malloc_thing(private_x509_pkcs10_t); + + this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; + this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; + this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_subject; + this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; + this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_subject; + this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; + this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; + this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; + this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer; + this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding; + this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; + this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; + this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; + this->public.interface.get_challengePassword = (chunk_t (*)(pkcs10_t*))get_challengePassword; + this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(pkcs10_t*))create_subjectAltName_enumerator; + + this->encoding = chunk_empty; + this->certificationRequestInfo = chunk_empty; + this->subject = NULL; + this->public_key = NULL; + this->subjectAltNames = linked_list_create(); + this->challengePassword = chunk_empty; + this->signature = chunk_empty; + this->ref = 1; + this->self_signed = FALSE; + this->parsed = FALSE; + + return this; +} + +/** + * Generate and sign a new certificate request + */ +static bool generate(private_x509_pkcs10_t *cert, private_key_t *sign_key, + int digest_alg) +{ + chunk_t key_info, subjectAltNames, attributes; + chunk_t extensionRequest = chunk_empty; + chunk_t challengePassword = chunk_empty; + signature_scheme_t scheme; + identification_t *subject; + + subject = cert->subject; + cert->public_key = sign_key->get_public_key(sign_key); + + /* select signature scheme */ + cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg, + sign_key->get_type(sign_key)); + if (cert->algorithm == OID_UNKNOWN) + { + return FALSE; + } + scheme = signature_scheme_from_oid(cert->algorithm); + + if (!cert->public_key->get_encoding(cert->public_key, + KEY_PUB_SPKI_ASN1_DER, &key_info)) + { + return FALSE; + } + + /* encode subjectAltNames */ + subjectAltNames = x509_build_subjectAltNames(cert->subjectAltNames); + + if (subjectAltNames.ptr) + { + extensionRequest = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_EXTENSION_REQUEST), + asn1_wrap(ASN1_SET, "m", + asn1_wrap(ASN1_SEQUENCE, "m", subjectAltNames) + )); + } + if (cert->challengePassword.len > 0) + { + asn1_t type = asn1_is_printablestring(cert->challengePassword) ? + ASN1_PRINTABLESTRING : ASN1_T61STRING; + + challengePassword = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_CHALLENGE_PASSWORD), + asn1_wrap(ASN1_SET, "m", + asn1_simple_object(type, cert->challengePassword) + ) + ); + } + attributes = asn1_wrap(ASN1_CONTEXT_C_0, "mm", extensionRequest, + challengePassword); + + cert->certificationRequestInfo = asn1_wrap(ASN1_SEQUENCE, "ccmm", + ASN1_INTEGER_0, + subject->get_encoding(subject), + key_info, + attributes); + + if (!sign_key->sign(sign_key, scheme, cert->certificationRequestInfo, + &cert->signature)) + { + return FALSE; + } + + cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm", + cert->certificationRequestInfo, + asn1_algorithmIdentifier(cert->algorithm), + asn1_bitstring("c", cert->signature)); + return TRUE; +} + +/** + * See header. + */ +x509_pkcs10_t *x509_pkcs10_load(certificate_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (blob.ptr) + { + private_x509_pkcs10_t *cert = create_empty(); + + cert->encoding = chunk_clone(blob); + cert->parsed = TRUE; + if (parse_certificate_request(cert)) + { + return &cert->public; + } + destroy(cert); + } + return NULL; +} + +/** + * See header. + */ +x509_pkcs10_t *x509_pkcs10_gen(certificate_type_t type, va_list args) +{ + private_x509_pkcs10_t *cert; + private_key_t *sign_key = NULL; + hash_algorithm_t digest_alg = HASH_SHA1; + + cert = create_empty(); + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_SIGNING_KEY: + sign_key = va_arg(args, private_key_t*); + continue; + case BUILD_SUBJECT: + cert->subject = va_arg(args, identification_t*); + cert->subject = cert->subject->clone(cert->subject); + continue; + case BUILD_SUBJECT_ALTNAMES: + { + enumerator_t *enumerator; + identification_t *id; + linked_list_t *list; + + list = va_arg(args, linked_list_t*); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &id)) + { + cert->subjectAltNames->insert_last(cert->subjectAltNames, + id->clone(id)); + } + enumerator->destroy(enumerator); + continue; + } + case BUILD_PASSPHRASE: + cert->challengePassword = chunk_clone(va_arg(args, chunk_t)); + continue; + case BUILD_DIGEST_ALG: + digest_alg = va_arg(args, int); + continue; + case BUILD_END: + break; + default: + destroy(cert); + return NULL; + } + break; + } + + if (sign_key && generate(cert, sign_key, digest_alg)) + { + return &cert->public; + } + destroy(cert); + return NULL; +} + diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.h b/src/libstrongswan/plugins/x509/x509_pkcs10.h new file mode 100644 index 000000000..f9490b1dc --- /dev/null +++ b/src/libstrongswan/plugins/x509/x509_pkcs10.h @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Copyright (C) 2009 Andreas Steffen + * + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup x509_pkcs10 x509_pkcs10 + * @{ @ingroup x509_p + */ + +#ifndef X509_PKCS10_H_ +#define X509_PKCS10_H_ + +typedef struct x509_pkcs10_t x509_pkcs10_t; + +#include +#include + +/** + * Implementation of pkcs10_t/certificate_t using own ASN.1 parser. + */ +struct x509_pkcs10_t { + + /** + * Implements the pkcs10_t interface + */ + pkcs10_t interface; +}; + +/** + * Load a PKCS#10 certificate. + * + * This function takes a BUILD_BLOB_ASN1_DER. + * + * @param type certificate type, CERT_PKCS10_REQUEST only + * @param args builder_part_t argument list + * @return PKCS#10 certificate request, NULL on failure + */ +x509_pkcs10_t *x509_pkcs10_load(certificate_type_t type, va_list args); + +/** + * Generate a PKCS#10 certificate request. + * + * To issue a self-signed certificate request, the function takes: + * BUILD_SUBJECT, BUILD_SUBJECT_ALTNAMES, BUILD_SIGNING_KEY, BUILD_DIGEST_ALG. + * + * @param type certificate type, CERT_PKCS10_REQUEST only + * @param args builder_part_t argument list + * @return PKCS#10 certificate request, NULL on failure + */ +x509_pkcs10_t *x509_pkcs10_gen(certificate_type_t type, va_list args); + +#endif /** X509_PKCS10_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index 9ed7f95bd..94c49b1e1 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ #include "x509_crl.h" #include "x509_ocsp_request.h" #include "x509_ocsp_response.h" +#include "x509_pkcs10.h" typedef struct private_x509_plugin_t private_x509_plugin_t; @@ -41,15 +42,23 @@ struct private_x509_plugin_t { static void destroy(private_x509_plugin_t *this) { lib->creds->remove_builder(lib->creds, - (builder_constructor_t)x509_cert_builder); + (builder_function_t)x509_cert_gen); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)x509_ac_builder); + (builder_function_t)x509_cert_load); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)x509_crl_builder); + (builder_function_t)x509_ac_gen); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)x509_ocsp_request_builder); + (builder_function_t)x509_ac_load); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)x509_ocsp_response_builder); + (builder_function_t)x509_crl_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)x509_ocsp_request_gen); + lib->creds->remove_builder(lib->creds, + (builder_function_t)x509_ocsp_response_load); + lib->creds->remove_builder(lib->creds, + (builder_function_t)x509_pkcs10_gen); + lib->creds->remove_builder(lib->creds, + (builder_function_t)x509_pkcs10_load); free(this); } @@ -59,19 +68,27 @@ static void destroy(private_x509_plugin_t *this) plugin_t *plugin_create() { private_x509_plugin_t *this = malloc_thing(private_x509_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, - (builder_constructor_t)x509_cert_builder); + (builder_function_t)x509_cert_gen); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, + (builder_function_t)x509_cert_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, + (builder_function_t)x509_ac_gen); lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, - (builder_constructor_t)x509_ac_builder); + (builder_function_t)x509_ac_load); lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, - (builder_constructor_t)x509_crl_builder); + (builder_function_t)x509_crl_load); lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, - (builder_constructor_t)x509_ocsp_request_builder); + (builder_function_t)x509_ocsp_request_gen); lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, - (builder_constructor_t)x509_ocsp_response_builder); + (builder_function_t)x509_ocsp_response_load); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, + (builder_function_t)x509_pkcs10_gen); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, + (builder_function_t)x509_pkcs10_load); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 1d4e39586..3720aeaeb 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,19 +37,41 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/xcbc DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) libstrongswan_xcbc_la_LIBADD = am_libstrongswan_xcbc_la_OBJECTS = xcbc_plugin.lo xcbc.lo xcbc_prf.lo \ @@ -59,6 +83,7 @@ libstrongswan_xcbc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -106,25 +131,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -136,11 +158,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -169,9 +194,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -194,7 +219,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -202,6 +227,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -210,10 +236,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -221,6 +249,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -243,9 +272,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -263,23 +292,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -306,21 +340,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -343,7 +377,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -351,29 +385,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -394,13 +433,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -431,6 +474,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -452,6 +496,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -460,18 +506,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -510,6 +566,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c index dd63af005..b9f03eeac 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.c +++ b/src/libstrongswan/plugins/xcbc/xcbc.c @@ -23,7 +23,7 @@ typedef struct private_xcbc_t private_xcbc_t; /** * Private data of a xcbc_t object. - * + * * The variable names are the same as in the RFC. */ struct private_xcbc_t { @@ -31,42 +31,42 @@ struct private_xcbc_t { * Public xcbc_t interface. */ xcbc_t xcbc; - + /** * Block size, in bytes */ u_int8_t b; - + /** * crypter using k1 */ crypter_t *k1; - + /** * k2 */ u_int8_t *k2; - + /** * k3 */ u_int8_t *k3; - + /** * E */ u_int8_t *e; - + /** * remaining, unprocessed bytes in append mode */ u_int8_t *remaining; - + /** * number of bytes in remaining */ int remaining_bytes; - + /** * TRUE if we have zero bytes to xcbc in final() */ @@ -79,34 +79,34 @@ struct private_xcbc_t { static void update(private_xcbc_t *this, chunk_t data) { chunk_t iv; - + if (data.len) { this->zero = FALSE; } - + if (this->remaining_bytes + data.len <= this->b) { /* no complete block, just copy into remaining */ memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len); this->remaining_bytes += data.len; return; } - + iv = chunk_alloca(this->b); memset(iv.ptr, 0, iv.len); - + /* (3) For each block M[i], where i = 1 ... n-1: * XOR M[i] with E[i-1], then encrypt the result with Key K1, * yielding E[i]. */ - + /* append data to remaining bytes, process block M[1] */ memcpy(this->remaining + this->remaining_bytes, data.ptr, this->b - this->remaining_bytes); data = chunk_skip(data, this->b - this->remaining_bytes); memxor(this->e, this->remaining, this->b); this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL); - + /* process blocks M[2] ... M[n-1] */ while (data.len > this->b) { @@ -115,7 +115,7 @@ static void update(private_xcbc_t *this, chunk_t data) memxor(this->e, this->remaining, this->b); this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL); } - + /* store remaining bytes of block M[n] */ memcpy(this->remaining, data.ptr, data.len); this->remaining_bytes = data.len; @@ -127,10 +127,10 @@ static void update(private_xcbc_t *this, chunk_t data) static void final(private_xcbc_t *this, u_int8_t *out) { chunk_t iv; - + iv = chunk_alloca(this->b); memset(iv.ptr, 0, iv.len); - + /* (4) For block M[n]: */ if (this->remaining_bytes == this->b && !this->zero) { @@ -165,9 +165,9 @@ static void final(private_xcbc_t *this, u_int8_t *out) memxor(this->e, this->k3, this->b); this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL); } - + memcpy(out, this->e, this->b); - + /* (2) Define E[0] = 0x00000000000000000000000000000000 */ memset(this->e, 0, this->b); this->remaining_bytes = 0; @@ -181,13 +181,13 @@ static void get_mac(private_xcbc_t *this, chunk_t data, u_int8_t *out) { /* update E, do not process last block */ update(this, data); - + if (out) { /* if not in append mode, process last block and output result */ final(this, out); } } - + /** * Implementation of xcbc_t.get_block_size. */ @@ -225,8 +225,8 @@ static void set_key(private_xcbc_t *this, chunk_t key) k1 = chunk_alloca(this->b); iv = chunk_alloca(this->b); memset(iv.ptr, 0, iv.len); - - /* + + /* * (1) Derive 3 128-bit keys (K1, K2 and K3) from the 128-bit secret * key K, as follows: * K1 = 0x01010101010101010101010101010101 encrypted with Key K @@ -263,7 +263,7 @@ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size) { private_xcbc_t *this; crypter_t *crypter; - + crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size); if (!crypter) { @@ -275,13 +275,13 @@ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size) crypter->destroy(crypter); return NULL; } - + this = malloc_thing(private_xcbc_t); this->xcbc.get_mac = (void (*)(xcbc_t *,chunk_t,u_int8_t*))get_mac; this->xcbc.get_block_size = (size_t (*)(xcbc_t *))get_block_size; this->xcbc.set_key = (void (*)(xcbc_t *,chunk_t))set_key; this->xcbc.destroy = (void (*)(xcbc_t *))destroy; - + this->b = crypter->get_block_size(crypter); this->k1 = crypter; this->k2 = malloc(this->b); diff --git a/src/libstrongswan/plugins/xcbc/xcbc.h b/src/libstrongswan/plugins/xcbc/xcbc.h index a334c675b..f28e0b8e0 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.h +++ b/src/libstrongswan/plugins/xcbc/xcbc.h @@ -32,34 +32,34 @@ typedef struct xcbc_t xcbc_t; * described in RFC3566. */ struct xcbc_t { - + /** * Generate message authentication code. - * + * * If buffer is NULL, no result is given back. A next call will - * append the data to already supplied data. If buffer is not NULL, + * append the data to already supplied data. If buffer is not NULL, * the mac of all apended data is calculated, returned and the * state of the xcbc_t is reseted. - * + * * @param data chunk of data to authenticate * @param buffer pointer where the generated bytes will be written */ void (*get_mac) (xcbc_t *this, chunk_t data, u_int8_t *buffer); - + /** * Get the block size of this xcbc_t object. - * + * * @return block size in bytes */ size_t (*get_block_size) (xcbc_t *this); - + /** * Set the key for this xcbc_t object. - * + * * @param key key to set */ void (*set_key) (xcbc_t *this, chunk_t key); - + /** * Destroys a xcbc_t object. */ @@ -68,7 +68,7 @@ struct xcbc_t { /** * Creates a new xcbc_t object. - * + * * @param algo underlying crypto algorithm * @param key_size key size to use, if required for algorithm * @return xcbc_t object, NULL if not supported diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c index 25f59c650..3eb7f0927 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c @@ -50,12 +50,12 @@ static void destroy(private_xcbc_plugin_t *this) plugin_t *plugin_create() { private_xcbc_plugin_t *this = malloc_thing(private_xcbc_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, + + lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, + lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, (signer_constructor_t)xcbc_signer_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.c b/src/libstrongswan/plugins/xcbc/xcbc_prf.c index a90f2d44f..2459dc616 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_prf.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.c @@ -27,8 +27,8 @@ struct private_xcbc_prf_t { /** * Public xcbc_prf_t interface. */ - xcbc_prf_t public; - + xcbc_prf_t public; + /** * xcbc to use for generation. */ @@ -100,7 +100,7 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo) { private_xcbc_prf_t *this; xcbc_t *xcbc; - + switch (algo) { case PRF_AES128_XCBC: @@ -113,17 +113,17 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo) { return NULL; } - + this = malloc_thing(private_xcbc_prf_t); this->xcbc = xcbc; - + this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.h b/src/libstrongswan/plugins/xcbc/xcbc_prf.h index bbf5b972a..d2db9af41 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_prf.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.h @@ -27,12 +27,12 @@ typedef struct xcbc_prf_t xcbc_prf_t; /** * Implementation of prf_t on CBC block cipher using XCBC, RFC3664/RFC4434. - * + * * This simply wraps a xcbc_t in a prf_t. More a question of * interface matching. */ struct xcbc_prf_t { - + /** * Generic prf_t interface for this xcbc_prf_t class. */ @@ -41,7 +41,7 @@ struct xcbc_prf_t { /** * Creates a new xcbc_prf_t object. - * + * * @param algo algorithm to implement * @return xcbc_prf_t object, NULL if hash not supported */ diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.c b/src/libstrongswan/plugins/xcbc/xcbc_signer.c index b394bb251..1c98d39d7 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_signer.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.c @@ -29,12 +29,12 @@ struct private_xcbc_signer_t { * Public interface of xcbc_signer_t. */ xcbc_signer_t public; - + /** * Assigned xcbc function. */ xcbc_t *xcbc; - + /** * Block size (truncation of XCBC MAC) */ @@ -54,7 +54,7 @@ static void get_signature(private_xcbc_signer_t *this, else { u_int8_t mac[this->xcbc->get_block_size(this->xcbc)]; - + this->xcbc->get_mac(this->xcbc, data, mac); memcpy(buffer, mac, this->block_size); } @@ -73,12 +73,12 @@ static void allocate_signature (private_xcbc_signer_t *this, else { u_int8_t mac[this->xcbc->get_block_size(this->xcbc)]; - + this->xcbc->get_mac(this->xcbc, data, mac); chunk->ptr = malloc(this->block_size); chunk->len = this->block_size; - + memcpy(chunk->ptr, mac, this->block_size); } } @@ -90,12 +90,12 @@ static bool verify_signature(private_xcbc_signer_t *this, chunk_t data, chunk_t signature) { u_int8_t mac[this->xcbc->get_block_size(this->xcbc)]; - + if (signature.len != this->block_size) { return FALSE; } - + this->xcbc->get_mac(this->xcbc, data, mac); return memeq(signature.ptr, mac, this->block_size); } @@ -142,7 +142,7 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo) private_xcbc_signer_t *this; size_t trunc; xcbc_t *xcbc; - + switch (algo) { case AUTH_AES_XCBC_96: @@ -156,11 +156,11 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo) { return NULL; } - + this = malloc_thing(private_xcbc_signer_t); this->xcbc = xcbc; this->block_size = min(trunc, xcbc->get_block_size(xcbc)); - + /* interface functions */ this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature; this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature; @@ -169,7 +169,7 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo) this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size; this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key; this->public.signer_interface.destroy = (void (*) (signer_t*))destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.h b/src/libstrongswan/plugins/xcbc/xcbc_signer.h index dc0087392..181cfe299 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_signer.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.h @@ -29,7 +29,7 @@ typedef struct xcbc_signer_t xcbc_signer_t; * Implementation of signer_t based on CBC symmetric cypher. XCBC, RFC3566. */ struct xcbc_signer_t { - + /** * generic signer_t interface for this signer */ diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c index 692ad9cf8..0b516c99e 100644 --- a/src/libstrongswan/printf_hook.c +++ b/src/libstrongswan/printf_hook.c @@ -44,17 +44,17 @@ struct private_printf_hook_t { * struct with information about a registered handler */ struct printf_hook_handler_t { - + /** * callback function */ printf_hook_function_t hook; - + /** * number of arguments */ int numargs; - + /** * types of the arguments */ @@ -75,7 +75,8 @@ static printf_hook_handler_t *printf_hooks[NUM_HANDLERS]; #define SPEC_TO_INDEX(spec) ((int)(spec) - (int)'A') #define IS_VALID_SPEC(spec) (SPEC_TO_INDEX(spec) > -1 && SPEC_TO_INDEX(spec) < NUM_HANDLERS) -#if defined(HAVE_PRINTF_HOOKS) && !defined(USE_VSTR) +#if !defined(USE_VSTR) && \ + (defined(HAVE_PRINTF_FUNCTION) || defined(HAVE_PRINTF_SPECIFIER)) /** * Printf hook print function. This is actually of type "printf_function", @@ -89,11 +90,11 @@ static int custom_print(FILE *stream, const struct printf_info *info, char buf[PRINTF_BUF_LEN]; printf_hook_spec_t spec; printf_hook_handler_t *handler = printf_hooks[SPEC_TO_INDEX(info->spec)]; - + spec.hash = info->alt; spec.minus = info->left; spec.width = info->width; - + written = handler->hook(buf, sizeof(buf), &spec, args); if (written > 0) { @@ -104,13 +105,17 @@ static int custom_print(FILE *stream, const struct printf_info *info, /** * Printf hook arginfo function, which is actually of type - * "printf_arginfo_function". + * "printf_arginfo_[size_]function". */ -static int custom_arginfo(const struct printf_info *info, size_t n, int *argtypes) +static int custom_arginfo(const struct printf_info *info, size_t n, int *argtypes +#ifdef HAVE_PRINTF_SPECIFIER + , int *size +#endif + ) { int i; printf_hook_handler_t *handler = printf_hooks[SPEC_TO_INDEX(info->spec)]; - + if (handler->numargs <= n) { for (i = 0; i < handler->numargs; ++i) @@ -118,6 +123,7 @@ static int custom_arginfo(const struct printf_info *info, size_t n, int *argtype argtypes[i] = handler->argtypes[i]; } } + /* we never set "size", as we have no user defined types */ return handler->numargs; } @@ -136,7 +142,7 @@ static int custom_fmt_cb(Vstr_base *base, size_t pos, Vstr_fmt_spec *fmt_spec) const void *args[ARGS_MAX]; printf_hook_spec_t spec; printf_hook_handler_t *handler = printf_hooks[SPEC_TO_INDEX(fmt_spec->name[0])]; - + for (i = 0; i < handler->numargs; i++) { switch(handler->argtypes[i]) @@ -149,11 +155,11 @@ static int custom_fmt_cb(Vstr_base *base, size_t pos, Vstr_fmt_spec *fmt_spec) break; } } - + spec.hash = fmt_spec->fmt_hash; spec.minus = fmt_spec->fmt_minus; spec.width = fmt_spec->fmt_field_width; - + written = handler->hook(buf, sizeof(buf), &spec, args); if (written > 0) { @@ -185,15 +191,9 @@ static void vstr_fmt_add_handler(Vstr_conf *conf, printf_hook_handler_t *handler /** * Management of thread-specific Vstr_conf objects */ -#include - -static pthread_key_t vstr_conf_key; -static pthread_once_t vstr_conf_key_once = PTHREAD_ONCE_INIT; +#include -static void init_vstr_conf_key(void) -{ - pthread_key_create(&vstr_conf_key, (void*)vstr_free_conf); -} +static thread_value_t *vstr_conf; static Vstr_conf *create_vstr_conf() { @@ -217,12 +217,11 @@ static Vstr_conf *create_vstr_conf() static inline Vstr_conf *get_vstr_conf() { Vstr_conf *conf; - pthread_once(&vstr_conf_key_once, init_vstr_conf_key); - conf = (Vstr_conf*)pthread_getspecific(vstr_conf_key); + conf = (Vstr_conf*)vstr_conf->get(vstr_conf); if (!conf) { conf = create_vstr_conf(); - pthread_setspecific(vstr_conf_key, conf); + vstr_conf->set(vstr_conf, conf); } return conf; } @@ -331,16 +330,16 @@ static void add_handler(private_printf_hook_t *this, char spec, printf_hook_handler_t *handler; printf_hook_argtype_t argtype; va_list args; - + if (!IS_VALID_SPEC(spec)) { DBG1("'%c' is not a valid printf hook specifier, not registered!", spec); return; } - + handler = malloc_thing(printf_hook_handler_t); handler->hook = hook; - + va_start(args, hook); while ((argtype = va_arg(args, printf_hook_argtype_t)) != PRINTF_HOOK_ARGTYPE_END) { @@ -354,13 +353,18 @@ static void add_handler(private_printf_hook_t *this, char spec, handler->argtypes[i] = argtype; } va_end(args); - + handler->numargs = i + 1; - + if (handler->numargs > 0) { -#if defined(HAVE_PRINTF_HOOKS) && !defined(USE_VSTR) +#if !defined(USE_VSTR) && \ + (defined(HAVE_PRINTF_FUNCTION) || defined(HAVE_PRINTF_SPECIFIER)) +# ifdef HAVE_PRINTF_SPECIFIER + register_printf_specifier(spec, custom_print, custom_arginfo); +# else register_printf_function(spec, custom_print, custom_arginfo); +# endif #else Vstr_conf *conf = get_vstr_conf(); handler->name = malloc(2); @@ -385,7 +389,7 @@ static void destroy(private_printf_hook_t *this) #ifdef USE_VSTR Vstr_conf *conf = get_vstr_conf(); #endif - + for (i = 0; i < NUM_HANDLERS; ++i) { printf_hook_handler_t *handler = printf_hooks[i]; @@ -398,10 +402,10 @@ static void destroy(private_printf_hook_t *this) free(handler); } } - + #ifdef USE_VSTR /* freeing the Vstr_conf of the main thread */ - pthread_key_delete(vstr_conf_key); + vstr_conf->destroy(vstr_conf); vstr_free_conf(conf); vstr_exit(); #endif @@ -414,12 +418,12 @@ static void destroy(private_printf_hook_t *this) printf_hook_t *printf_hook_create() { private_printf_hook_t *this = malloc_thing(private_printf_hook_t); - + this->public.add_handler = (void(*)(printf_hook_t*, char, printf_hook_function_t, ...))add_handler; this->public.destroy = (void(*)(printf_hook_t*))destroy; - + memset(printf_hooks, 0, sizeof(printf_hooks)); - + #ifdef USE_VSTR if (!vstr_init()) { @@ -427,8 +431,9 @@ printf_hook_t *printf_hook_create() free(this); return NULL; } + vstr_conf = thread_value_create((thread_cleanup_t)vstr_free_conf); #endif - + return &this->public; } diff --git a/src/libstrongswan/printf_hook.h b/src/libstrongswan/printf_hook.h index 02c973580..ce7e10b24 100644 --- a/src/libstrongswan/printf_hook.h +++ b/src/libstrongswan/printf_hook.h @@ -26,7 +26,8 @@ typedef struct printf_hook_t printf_hook_t; typedef struct printf_hook_spec_t printf_hook_spec_t; typedef enum printf_hook_argtype_t printf_hook_argtype_t; -#if defined(HAVE_PRINTF_HOOKS) && !defined(USE_VSTR) +#if !defined(USE_VSTR) && \ + (defined(HAVE_PRINTF_FUNCTION) || defined(HAVE_PRINTF_SPECIFIER)) #include #include @@ -77,7 +78,7 @@ int vstr_wrapper_vsnprintf(char *str, size_t size, const char *format, va_list a /** * Callback function type for printf hooks. - * + * * @param dst destination buffer * @param len length of the buffer * @param spec format specifier @@ -111,12 +112,12 @@ struct printf_hook_spec_t { * TRUE if a '#' was used in the format specifier */ int hash; - + /** * TRUE if a '-' was used in the format specifier */ int minus; - + /** * The width as given in the format specifier. */ @@ -127,7 +128,7 @@ struct printf_hook_spec_t { * Printf handler management. */ struct printf_hook_t { - + /** * Register a printf handler. * @@ -137,11 +138,11 @@ struct printf_hook_t { */ void (*add_handler)(printf_hook_t *this, char spec, printf_hook_function_t hook, ...); - + /** - * Destroy a printf_hook instance. - */ - void (*destroy)(printf_hook_t *this); + * Destroy a printf_hook instance. + */ + void (*destroy)(printf_hook_t *this); }; /** diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c new file mode 100644 index 000000000..68bbbe2fd --- /dev/null +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -0,0 +1,916 @@ +/* + * Copyright (C) 2007-2009 Tobias Brunner + * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include +#include +#include + +#include "traffic_selector.h" + +#include +#include + +#define NON_SUBNET_ADDRESS_RANGE 255 + +ENUM(ts_type_name, TS_IPV4_ADDR_RANGE, TS_IPV6_ADDR_RANGE, + "TS_IPV4_ADDR_RANGE", + "TS_IPV6_ADDR_RANGE", +); + +typedef struct private_traffic_selector_t private_traffic_selector_t; + +/** + * Private data of an traffic_selector_t object + */ +struct private_traffic_selector_t { + + /** + * Public part + */ + traffic_selector_t public; + + /** + * Type of address + */ + ts_type_t type; + + /** + * IP protocol (UDP, TCP, ICMP, ...) + */ + u_int8_t protocol; + + /** + * narrow this traffic selector to hosts external ip + * if set, from and to have no meaning until set_address() is called + */ + bool dynamic; + + /** + * subnet size in CIDR notation, 255 means a non-subnet address range + */ + u_int8_t netbits; + + /** + * begin of address range, network order + */ + union { + /** dummy char for common address manipulation */ + char from[0]; + /** IPv4 address */ + u_int32_t from4[1]; + /** IPv6 address */ + u_int32_t from6[4]; + }; + + /** + * end of address range, network order + */ + union { + /** dummy char for common address manipulation */ + char to[0]; + /** IPv4 address */ + u_int32_t to4[1]; + /** IPv6 address */ + u_int32_t to6[4]; + }; + + /** + * begin of port range + */ + u_int16_t from_port; + + /** + * end of port range + */ + u_int16_t to_port; +}; + +/** + * calculate the "to"-address for the "from" address and a subnet size + */ +static void calc_range(private_traffic_selector_t *this, u_int8_t netbits) +{ + size_t len; + int bytes, bits; + u_int8_t mask; + + this->netbits = netbits; + + len = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; + bytes = (netbits + 7)/8; + bits = (bytes * 8) - netbits; + mask = bits ? (1 << bits) - 1 : 0; + + memcpy(this->to, this->from, bytes); + memset(this->from + bytes, 0x00, len - bytes); + memset(this->to + bytes, 0xff, len - bytes); + this->from[bytes-1] &= ~mask; + this->to[bytes-1] |= mask; +} + +/** + * calculate the subnet size from the "to" and "from" addresses + */ +static u_int8_t calc_netbits(private_traffic_selector_t *this) +{ + int byte, bit; + u_int8_t netbits; + size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; + bool prefix = TRUE; + + /* a perfect match results in a single address with a /32 or /128 netmask */ + netbits = (size * 8); + this->netbits = netbits; + + /* go through all bits of the addresses, beginning in the front. + * as long as they are equal, the subnet gets larger + */ + for (byte = 0; byte < size; byte++) + { + for (bit = 7; bit >= 0; bit--) + { + u_int8_t bitmask = 1 << bit; + + if (prefix) + { + if ((bitmask & this->from[byte]) != (bitmask & this->to[byte])) + { + /* store the common prefix which might be a true subnet */ + netbits = (7 - bit) + (byte * 8); + this->netbits = netbits; + prefix = FALSE; + } + } + else + { + if ((bitmask & this->from[byte]) || !(bitmask & this->to[byte])) + { + this->netbits = NON_SUBNET_ADDRESS_RANGE; + return netbits; /* return a pseudo subnet */ + + } + } + } + } + return netbits; /* return a true subnet */ +} + +/** + * internal generic constructor + */ +static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port); + +/** + * Described in header. + */ +int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, + const void *const *args) +{ + private_traffic_selector_t *this = *((private_traffic_selector_t**)(args[0])); + linked_list_t *list = *((linked_list_t**)(args[0])); + iterator_t *iterator; + char from_str[INET6_ADDRSTRLEN] = ""; + char to_str[INET6_ADDRSTRLEN] = ""; + char *serv_proto = NULL; + bool has_proto; + bool has_ports; + size_t written = 0; + u_int32_t from[4], to[4]; + + if (this == NULL) + { + return print_in_hook(dst, len, "(null)"); + } + + if (spec->hash) + { + iterator = list->create_iterator(list, TRUE); + while (iterator->iterate(iterator, (void**)&this)) + { + /* call recursivly */ + written += print_in_hook(dst, len, "%R ", this); + } + iterator->destroy(iterator); + return written; + } + + memset(from, 0, sizeof(from)); + memset(to, 0xFF, sizeof(to)); + if (this->dynamic && + memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) && + memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16)) + { + written += print_in_hook(dst, len, "dynamic"); + } + else + { + if (this->type == TS_IPV4_ADDR_RANGE) + { + inet_ntop(AF_INET, &this->from4, from_str, sizeof(from_str)); + } + else + { + inet_ntop(AF_INET6, &this->from6, from_str, sizeof(from_str)); + } + if (this->netbits == NON_SUBNET_ADDRESS_RANGE) + { + if (this->type == TS_IPV4_ADDR_RANGE) + { + inet_ntop(AF_INET, &this->to4, to_str, sizeof(to_str)); + } + else + { + inet_ntop(AF_INET6, &this->to6, to_str, sizeof(to_str)); + } + written += print_in_hook(dst, len, "%s..%s", from_str, to_str); + } + else + { + written += print_in_hook(dst, len, "%s/%d", from_str, this->netbits); + } + } + + /* check if we have protocol and/or port selectors */ + has_proto = this->protocol != 0; + has_ports = !(this->from_port == 0 && this->to_port == 0xFFFF); + + if (!has_proto && !has_ports) + { + return written; + } + + written += print_in_hook(dst, len, "["); + + /* build protocol string */ + if (has_proto) + { + struct protoent *proto = getprotobynumber(this->protocol); + + if (proto) + { + written += print_in_hook(dst, len, "%s", proto->p_name); + serv_proto = proto->p_name; + } + else + { + written += print_in_hook(dst, len, "%d", this->protocol); + } + } + + if (has_proto && has_ports) + { + written += print_in_hook(dst, len, "/"); + } + + /* build port string */ + if (has_ports) + { + if (this->from_port == this->to_port) + { + struct servent *serv = getservbyport(htons(this->from_port), serv_proto); + + if (serv) + { + written += print_in_hook(dst, len, "%s", serv->s_name); + } + else + { + written += print_in_hook(dst, len, "%d", this->from_port); + } + } + else + { + written += print_in_hook(dst, len, "%d-%d", this->from_port, this->to_port); + } + } + + written += print_in_hook(dst, len, "]"); + + return written; +} + +/** + * implements traffic_selector_t.get_subset + */ +static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_traffic_selector_t *other) +{ + if (this->type == other->type && (this->protocol == other->protocol || + this->protocol == 0 || other->protocol == 0)) + { + u_int16_t from_port, to_port; + u_char *from, *to; + u_int8_t protocol; + size_t size; + private_traffic_selector_t *new_ts; + + /* calculate the maximum port range allowed for both */ + from_port = max(this->from_port, other->from_port); + to_port = min(this->to_port, other->to_port); + if (from_port > to_port) + { + return NULL; + } + /* select protocol, which is not zero */ + protocol = max(this->protocol, other->protocol); + + switch (this->type) + { + case TS_IPV4_ADDR_RANGE: + size = sizeof(this->from4); + break; + case TS_IPV6_ADDR_RANGE: + size = sizeof(this->from6); + break; + default: + return NULL; + } + + /* get higher from-address */ + if (memcmp(this->from, other->from, size) > 0) + { + from = this->from; + } + else + { + from = other->from; + } + /* get lower to-address */ + if (memcmp(this->to, other->to, size) > 0) + { + to = other->to; + } + else + { + to = this->to; + } + /* if "from" > "to", we don't have a match */ + if (memcmp(from, to, size) > 0) + { + return NULL; + } + + /* we have a match in protocol, port, and address: return it... */ + new_ts = traffic_selector_create(protocol, this->type, from_port, to_port); + new_ts->dynamic = this->dynamic || other->dynamic; + memcpy(new_ts->from, from, size); + memcpy(new_ts->to, to, size); + calc_netbits(new_ts); + return &new_ts->public; + } + return NULL; +} + +/** + * implements traffic_selector_t.equals + */ +static bool equals(private_traffic_selector_t *this, private_traffic_selector_t *other) +{ + if (this->type != other->type) + { + return FALSE; + } + if (!(this->from_port == other->from_port && + this->to_port == other->to_port && + this->protocol == other->protocol)) + { + return FALSE; + } + switch (this->type) + { + case TS_IPV4_ADDR_RANGE: + if (memeq(this->from4, other->from4, sizeof(this->from4))) + { + return TRUE; + } + break; + case TS_IPV6_ADDR_RANGE: + if (memeq(this->from6, other->from6, sizeof(this->from6))) + { + return TRUE; + } + break; + default: + break; + } + return FALSE; +} + +/** + * Implements traffic_selector_t.get_from_address. + */ +static chunk_t get_from_address(private_traffic_selector_t *this) +{ + switch (this->type) + { + case TS_IPV4_ADDR_RANGE: + return chunk_create(this->from, sizeof(this->from4)); + case TS_IPV6_ADDR_RANGE: + return chunk_create(this->from, sizeof(this->from6)); + default: + return chunk_empty; + } +} + +/** + * Implements traffic_selector_t.get_to_address. + */ +static chunk_t get_to_address(private_traffic_selector_t *this) +{ + switch (this->type) + { + case TS_IPV4_ADDR_RANGE: + return chunk_create(this->to, sizeof(this->to4)); + case TS_IPV6_ADDR_RANGE: + return chunk_create(this->to, sizeof(this->to6)); + default: + return chunk_empty; + } +} + +/** + * Implements traffic_selector_t.get_from_port. + */ +static u_int16_t get_from_port(private_traffic_selector_t *this) +{ + return this->from_port; +} + +/** + * Implements traffic_selector_t.get_to_port. + */ +static u_int16_t get_to_port(private_traffic_selector_t *this) +{ + return this->to_port; +} + +/** + * Implements traffic_selector_t.get_type. + */ +static ts_type_t get_type(private_traffic_selector_t *this) +{ + return this->type; +} + +/** + * Implements traffic_selector_t.get_protocol. + */ +static u_int8_t get_protocol(private_traffic_selector_t *this) +{ + return this->protocol; +} + +/** + * Implements traffic_selector_t.is_host. + */ +static bool is_host(private_traffic_selector_t *this, host_t *host) +{ + if (host) + { + chunk_t addr; + int family = host->get_family(host); + + if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) || + (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE)) + { + addr = host->get_address(host); + if (memeq(addr.ptr, this->from, addr.len) && + memeq(addr.ptr, this->to, addr.len)) + { + return TRUE; + } + } + } + else + { + size_t length = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; + + if (this->dynamic) + { + return TRUE; + } + + if (memeq(this->from, this->to, length)) + { + return TRUE; + } + } + return FALSE; +} + +/** + * Implementation of traffic_selector_t.is_dynamic + */ +static bool is_dynamic(private_traffic_selector_t *this) +{ + return this->dynamic; +} + +/** + * Implements traffic_selector_t.set_address. + */ +static void set_address(private_traffic_selector_t *this, host_t *host) +{ + if (this->dynamic) + { + this->type = host->get_family(host) == AF_INET ? + TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE; + + if (host->is_anyaddr(host)) + { + memset(this->from6, 0x00, sizeof(this->from6)); + memset(this->to6, 0xFF, sizeof(this->to6)); + this->netbits = 0; + } + else + { + chunk_t from = host->get_address(host); + memcpy(this->from, from.ptr, from.len); + memcpy(this->to, from.ptr, from.len); + this->netbits = from.len * 8; + } + } +} + +/** + * Implements traffic_selector_t.is_contained_in. + */ +static bool is_contained_in(private_traffic_selector_t *this, + private_traffic_selector_t *other) +{ + private_traffic_selector_t *subset; + bool contained_in = FALSE; + + subset = (private_traffic_selector_t*)get_subset(this, other); + + if (subset) + { + if (equals(subset, this)) + { + contained_in = TRUE; + } + free(subset); + } + return contained_in; +} + +/** + * Implements traffic_selector_t.includes. + */ +static bool includes(private_traffic_selector_t *this, host_t *host) +{ + chunk_t addr; + int family = host->get_family(host); + + if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) || + (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE)) + { + addr = host->get_address(host); + + return memcmp(this->from, addr.ptr, addr.len) <= 0 && + memcmp(this->to, addr.ptr, addr.len) >= 0; + } + + return FALSE; +} + +/** + * Implements traffic_selector_t.to_subnet. + */ +static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *mask) +{ + /* there is no way to do this cleanly, as the address range may + * be anything else but a subnet. We use from_addr as subnet + * and try to calculate a usable subnet mask. + */ + int family, byte; + u_int16_t port = 0; + chunk_t net_chunk; + + *mask = (this->netbits == NON_SUBNET_ADDRESS_RANGE) ? calc_netbits(this) + : this->netbits; + + switch (this->type) + { + case TS_IPV4_ADDR_RANGE: + family = AF_INET; + net_chunk.len = sizeof(this->from4); + break; + case TS_IPV6_ADDR_RANGE: + family = AF_INET6; + net_chunk.len = sizeof(this->from6); + break; + default: + /* unreachable */ + return; + } + + net_chunk.ptr = malloc(net_chunk.len); + memcpy(net_chunk.ptr, this->from, net_chunk.len); + + for (byte = net_chunk.len - 1; byte >= (*mask / 8); --byte) + { + int shift = (byte + 1) * 8 - *mask; + net_chunk.ptr[byte] = net_chunk.ptr[byte] & (0xFF << shift); + } + + if (this->to_port == this->from_port) + { + port = this->to_port; + } + + *net = host_create_from_chunk(family, net_chunk, port); + chunk_free(&net_chunk); +} + +/** + * Implements traffic_selector_t.clone. + */ +static traffic_selector_t *clone_(private_traffic_selector_t *this) +{ + private_traffic_selector_t *clone; + + clone = traffic_selector_create(this->protocol, this->type, + this->from_port, this->to_port); + clone->netbits = this->netbits; + clone->dynamic = this->dynamic; + + switch (clone->type) + { + case TS_IPV4_ADDR_RANGE: + memcpy(clone->from4, this->from4, sizeof(this->from4)); + memcpy(clone->to4, this->to4, sizeof(this->to4)); + return &clone->public; + case TS_IPV6_ADDR_RANGE: + memcpy(clone->from6, this->from6, sizeof(this->from6)); + memcpy(clone->to6, this->to6, sizeof(this->to6)); + return &clone->public; + default: + /* unreachable */ + return &clone->public; + } +} + +/** + * Implements traffic_selector_t.destroy. + */ +static void destroy(private_traffic_selector_t *this) +{ + free(this); +} + +/* + * see header + */ +traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, + ts_type_t type, + chunk_t from, u_int16_t from_port, + chunk_t to, u_int16_t to_port) +{ + private_traffic_selector_t *this = traffic_selector_create(protocol, type, + from_port, to_port); + + switch (type) + { + case TS_IPV4_ADDR_RANGE: + if (from.len != 4 || to.len != 4) + { + free(this); + return NULL; + } + memcpy(this->from4, from.ptr, from.len); + memcpy(this->to4, to.ptr, to.len); + break; + case TS_IPV6_ADDR_RANGE: + if (from.len != 16 || to.len != 16) + { + free(this); + return NULL; + } + memcpy(this->from6, from.ptr, from.len); + memcpy(this->to6, to.ptr, to.len); + break; + default: + free(this); + return NULL; + } + calc_netbits(this); + return (&this->public); +} + +/* + * see header + */ +traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type, + chunk_t from, chunk_t to) +{ + size_t len; + private_traffic_selector_t *this = traffic_selector_create(0, type, 0, 65535); + + switch (type) + { + case TS_IPV4_ADDR_RANGE: + len = 4; + break; + case TS_IPV6_ADDR_RANGE: + len = 16; + break; + default: + free(this); + return NULL; + } + memset(this->from, 0x00, len); + memset(this->to , 0xff, len); + + if (from.len > 1) + { + memcpy(this->from, from.ptr+1, from.len-1); + } + if (to.len > 1) + { + u_int8_t mask = to.ptr[0] ? (1 << to.ptr[0]) - 1 : 0; + + memcpy(this->to, to.ptr+1, to.len-1); + this->to[to.len-2] |= mask; + } + this->netbits = chunk_equals(from, to) ? (from.len-1)*8 - from.ptr[0] + : NON_SUBNET_ADDRESS_RANGE; + return (&this->public); +} + +/* + * see header + */ +traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, + u_int8_t netbits, u_int8_t protocol, u_int16_t port) +{ + private_traffic_selector_t *this = traffic_selector_create(protocol, 0, 0, 65535); + + switch (net->get_family(net)) + { + case AF_INET: + { + chunk_t from; + + this->type = TS_IPV4_ADDR_RANGE; + from = net->get_address(net); + memcpy(this->from, from.ptr, from.len); + if (this->from4[0] == 0) + { + /* use /0 for 0.0.0.0 */ + this->to4[0] = ~0; + this->netbits = 0; + } + else + { + calc_range(this, netbits); + } + break; + } + case AF_INET6: + { + chunk_t from; + + this->type = TS_IPV6_ADDR_RANGE; + from = net->get_address(net); + memcpy(this->from, from.ptr, from.len); + if (this->from6[0] == 0 && this->from6[1] == 0 && + this->from6[2] == 0 && this->from6[3] == 0) + { + /* use /0 for ::0 */ + this->to6[0] = ~0; + this->to6[1] = ~0; + this->to6[2] = ~0; + this->to6[3] = ~0; + this->netbits = 0; + } + else + { + calc_range(this, netbits); + } + break; + } + default: + { + net->destroy(net); + free(this); + return NULL; + } + } + if (port) + { + this->from_port = port; + this->to_port = port; + } + net->destroy(net); + return (&this->public); +} + +/* + * see header + */ +traffic_selector_t *traffic_selector_create_from_string( + u_int8_t protocol, ts_type_t type, + char *from_addr, u_int16_t from_port, + char *to_addr, u_int16_t to_port) +{ + private_traffic_selector_t *this = traffic_selector_create(protocol, type, + from_port, to_port); + + switch (type) + { + case TS_IPV4_ADDR_RANGE: + if (inet_pton(AF_INET, from_addr, (struct in_addr*)this->from4) < 0) + { + free(this); + return NULL; + } + if (inet_pton(AF_INET, to_addr, (struct in_addr*)this->to4) < 0) + { + free(this); + return NULL; + } + break; + case TS_IPV6_ADDR_RANGE: + if (inet_pton(AF_INET6, from_addr, (struct in6_addr*)this->from6) < 0) + { + free(this); + return NULL; + } + if (inet_pton(AF_INET6, to_addr, (struct in6_addr*)this->to6) < 0) + { + free(this); + return NULL; + } + break; + } + calc_netbits(this); + return (&this->public); +} + +/* + * see header + */ +traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, + u_int16_t from_port, u_int16_t to_port) +{ + private_traffic_selector_t *this = traffic_selector_create( + protocol, TS_IPV4_ADDR_RANGE, from_port, to_port); + + memset(this->from6, 0, sizeof(this->from6)); + memset(this->to6, 0xFF, sizeof(this->to6)); + this->netbits = 0; + this->dynamic = TRUE; + + return &this->public; +} + +/* + * see declaration + */ +static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, + ts_type_t type, u_int16_t from_port, u_int16_t to_port) +{ + private_traffic_selector_t *this = malloc_thing(private_traffic_selector_t); + + /* public functions */ + this->public.get_subset = (traffic_selector_t*(*)(traffic_selector_t*,traffic_selector_t*))get_subset; + this->public.equals = (bool(*)(traffic_selector_t*,traffic_selector_t*))equals; + this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address; + this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address; + this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port; + this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port; + this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type; + this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol; + this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host; + this->public.is_dynamic = (bool(*)(traffic_selector_t*))is_dynamic; + this->public.is_contained_in = (bool(*)(traffic_selector_t*,traffic_selector_t*))is_contained_in; + this->public.includes = (bool(*)(traffic_selector_t*,host_t*))includes; + this->public.set_address = (void(*)(traffic_selector_t*,host_t*))set_address; + this->public.to_subnet = (void(*)(traffic_selector_t*,host_t**,u_int8_t*))to_subnet; + this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_; + this->public.destroy = (void(*)(traffic_selector_t*))destroy; + + this->from_port = from_port; + this->to_port = to_port; + this->protocol = protocol; + this->type = type; + this->dynamic = FALSE; + + return this; +} + diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h new file mode 100644 index 000000000..b5964b541 --- /dev/null +++ b/src/libstrongswan/selectors/traffic_selector.h @@ -0,0 +1,315 @@ +/* + * Copyright (C) 2007 Tobias Brunner + * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup traffic_selector traffic_selector + * @{ @ingroup config + */ + +#ifndef TRAFFIC_SELECTOR_H_ +#define TRAFFIC_SELECTOR_H_ + +typedef enum ts_type_t ts_type_t; +typedef struct traffic_selector_t traffic_selector_t; + +#include +#include + +/** + * Traffic selector types. + */ +enum ts_type_t { + + /** + * A range of IPv4 addresses, represented by two four (4) octet + * values. The first value is the beginning IPv4 address + * (inclusive) and the second value is the ending IPv4 address + * (inclusive). All addresses falling between the two specified + * addresses are considered to be within the list. + */ + TS_IPV4_ADDR_RANGE = 7, + + /** + * A range of IPv6 addresses, represented by two sixteen (16) + * octet values. The first value is the beginning IPv6 address + * (inclusive) and the second value is the ending IPv6 address + * (inclusive). All addresses falling between the two specified + * addresses are considered to be within the list. + */ + TS_IPV6_ADDR_RANGE = 8 +}; + +/** + * enum names for ts_type_t + */ +extern enum_name_t *ts_type_name; + +/** + * Object representing a traffic selector entry. + * + * A traffic selector defines an range of addresses + * and a range of ports. IPv6 is not fully supported yet. + */ +struct traffic_selector_t { + + /** + * Compare two traffic selectors, and create a new one + * which is the largest subset of both (subnet & port). + * + * Resulting traffic_selector is newly created and must be destroyed. + * + * @param other traffic selector to compare + * @return + * - created subset of them + * - or NULL if no match between this and other + */ + traffic_selector_t *(*get_subset) (traffic_selector_t *this, + traffic_selector_t *other); + + /** + * Clone a traffic selector. + * + * @return clone of it + */ + traffic_selector_t *(*clone) (traffic_selector_t *this); + + /** + * Get starting address of this ts as a chunk. + * + * Chunk is in network order and points to internal data. + * + * @return chunk containing the address + */ + chunk_t (*get_from_address) (traffic_selector_t *this); + + /** + * Get ending address of this ts as a chunk. + * + * Chunk is in network order and points to internal data. + * + * @return chunk containing the address + */ + chunk_t (*get_to_address) (traffic_selector_t *this); + + /** + * Get starting port of this ts. + * + * Port is in host order, since the parser converts it. + * Size depends on protocol. + * + * @return port + */ + u_int16_t (*get_from_port) (traffic_selector_t *this); + + /** + * Get ending port of this ts. + * + * Port is in host order, since the parser converts it. + * Size depends on protocol. + * + * @return port + */ + u_int16_t (*get_to_port) (traffic_selector_t *this); + + /** + * Get the type of the traffic selector. + * + * @return ts_type_t specifying the type + */ + ts_type_t (*get_type) (traffic_selector_t *this); + + /** + * Get the protocol id of this ts. + * + * @return protocol id + */ + u_int8_t (*get_protocol) (traffic_selector_t *this); + + /** + * Check if the traffic selector is for a single host. + * + * Traffic selector may describe the end of *-to-host tunnel. In this + * case, the address range is a single address equal to the hosts + * peer address. + * If host is NULL, the traffic selector is checked if it is a single host, + * but not a specific one. + * + * @param host host_t specifying the address range + */ + bool (*is_host) (traffic_selector_t *this, host_t* host); + + /** + * Check if a traffic selector has been created by create_dynamic(). + * + * @return TRUE if TS is dynamic + */ + bool (*is_dynamic)(traffic_selector_t *this); + + /** + * Update the address of a traffic selector. + * + * Update the address range of a traffic selector, if it is + * constructed with the traffic_selector_create_dynamic(). + * + * @param host host_t specifying the address + */ + void (*set_address) (traffic_selector_t *this, host_t* host); + + /** + * Compare two traffic selectors for equality. + * + * @param other ts to compare with this + * @return TRUE if equal, FALSE otherwise + */ + bool (*equals) (traffic_selector_t *this, traffic_selector_t *other); + + /** + * Check if a traffic selector is contained completly in another. + * + * contains() allows to check if multiple traffic selectors are redundant. + * + * @param other ts that contains this + * @return TRUE if other contains this completly, FALSE otherwise + */ + bool (*is_contained_in) (traffic_selector_t *this, traffic_selector_t *other); + + /** + * Check if a specific host is included in the address range of + * this traffic selector. + * + * @param host the host to check + */ + bool (*includes) (traffic_selector_t *this, host_t *host); + + /** + * Convert a traffic selector address range to a subnet + * and its net mask. + * If from and to ports of this traffic selector are equal, + * the port of the returned host_t is set to that port. + * + * @param net converted subnet (has to be freed) + * @param mask converted net mask + */ + void (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask); + + /** + * Destroys the ts object + */ + void (*destroy) (traffic_selector_t *this); +}; + +/** + * Create a new traffic selector using human readable params. + * + * @param protocol protocol for this ts, such as TCP or UDP + * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE + * @param from_addr start of address range as string + * @param from_port port number in host order + * @param to_addr end of address range as string + * @param to_port port number in host order + * @return + * - traffic_selector_t object + * - NULL if invalid address strings/protocol + */ +traffic_selector_t *traffic_selector_create_from_string( + u_int8_t protocol, ts_type_t type, + char *from_addr, u_int16_t from_port, + char *to_addr, u_int16_t to_port); + +/** + * Create a new traffic selector using data read from the net. + * + * There exists a mix of network and host order in the params. + * But the parser gives us this data in this format, so we + * don't have to convert twice. + * + * @param protocol protocol for this ts, such as TCP or UDP + * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE + * @param from_addr start of address range, network order + * @param from_port port number, host order + * @param to_addr end of address range, network order + * @param to_port port number, host order + * @return traffic_selector_t object + */ +traffic_selector_t *traffic_selector_create_from_bytes( + u_int8_t protocol, ts_type_t type, + chunk_t from_address, u_int16_t from_port, + chunk_t to_address, u_int16_t to_port); + +/** + * Create a new traffic selector using the RFC 3779 ASN.1 min/max address format + * + * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE + * @param from_addr start of address range in RFC 3779 ASN.1 BIT STRING format + * @param to_addr end of address range in RFC 3779 ASN.1 BIT STRING format + * @return traffic_selector_t object + */ +traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type, + chunk_t from_addr, chunk_t to_addr); + +/** + * Create a new traffic selector defining a whole subnet. + * + * In most cases, definition of a traffic selector for full subnets + * is sufficient. This constructor creates a traffic selector for + * all protocols, all ports and the address range specified by the + * subnet. + * Additionally, a protocol and a port may be specified. Port ranges + * are not supported via this constructor. + * + * @param net subnet to use + * @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation + * @param protocol protocol for this ts, such as TCP or UDP + * @param port port number, host order + * @return + * - traffic_selector_t object + * - NULL if address family of net not supported + */ +traffic_selector_t *traffic_selector_create_from_subnet( + host_t *net, u_int8_t netbits, + u_int8_t protocol, u_int16_t port); + +/** + * Create a traffic selector for host-to-host cases. + * + * For host2host or virtual IP setups, the traffic selectors gets + * created at runtime using the external/virtual IP. Using this constructor, + * a call to set_address() sets this traffic selector to the supplied host. + * + * + * @param protocol upper layer protocl to allow + * @param from_port start of allowed port range + * @param to_port end of range + * @return + * - traffic_selector_t object + * - NULL if type not supported + */ +traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, + u_int16_t from_port, u_int16_t to_port); + +/** + * printf hook function for traffic_selector_t. + * + * Arguments are: + * traffic_selector_t *ts + * With the #-specifier, arguments are: + * linked_list_t *list containing traffic_selector_t* + */ +int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, + const void *const *args); + +#endif /** TRAFFIC_SELECTOR_H_ @}*/ diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c index 64ac09299..4a822bcbf 100644 --- a/src/libstrongswan/settings.c +++ b/src/libstrongswan/settings.c @@ -38,12 +38,12 @@ struct private_settings_t { * public functions */ settings_t public; - + /** * top level section */ section_t *top; - + /** * allocated file text */ @@ -64,7 +64,7 @@ struct section_t { * subsections, as section_t */ linked_list_t *sections; - + /** * key value pairs, as kv_t */ @@ -77,10 +77,10 @@ struct section_t { struct kv_t { /** - * key string, relative - */ + * key string, relative + */ char *key; - + /** * value as string */ @@ -95,7 +95,7 @@ static section_t *find_section(section_t *section, char *key, va_list args) char name[512], *pos; enumerator_t *enumerator; section_t *current, *found = NULL; - + if (section == NULL) { return NULL; @@ -104,7 +104,7 @@ static section_t *find_section(section_t *section, char *key, va_list args) { return NULL; } - + pos = strchr(name, '.'); if (pos) { @@ -134,17 +134,17 @@ static char *find_value(section_t *section, char *key, va_list args) enumerator_t *enumerator; kv_t *kv; section_t *current, *found = NULL; - + if (section == NULL) { return NULL; } - + if (vsnprintf(name, sizeof(name), key, args) >= sizeof(name)) { return NULL; } - + pos = strchr(name, '.'); if (pos) { @@ -188,7 +188,7 @@ static char* get_str(private_settings_t *this, char *key, char *def, ...) { char *value; va_list args; - + va_start(args, def); value = find_value(this->top, key, args); va_end(args); @@ -206,7 +206,7 @@ static bool get_bool(private_settings_t *this, char *key, bool def, ...) { char *value; va_list args; - + va_start(args, def); value = find_value(this->top, key, args); va_end(args); @@ -238,7 +238,7 @@ static int get_int(private_settings_t *this, char *key, int def, ...) char *value; int intval; va_list args; - + va_start(args, def); value = find_value(this->top, key, args); va_end(args); @@ -254,6 +254,30 @@ static int get_int(private_settings_t *this, char *key, int def, ...) return def; } +/** + * Implementation of settings_t.get_double. + */ +static double get_double(private_settings_t *this, char *key, double def, ...) +{ + char *value; + double dval; + va_list args; + + va_start(args, def); + value = find_value(this->top, key, args); + va_end(args); + if (value) + { + errno = 0; + dval = strtod(value, NULL); + if (errno == 0) + { + return dval; + } + } + return def; +} + /** * Implementation of settings_t.get_time. */ @@ -262,7 +286,7 @@ static u_int32_t get_time(private_settings_t *this, char *key, u_int32_t def, .. char *value, *endptr; u_int32_t timeval; va_list args; - + va_start(args, def); value = find_value(this->top, key, args); va_end(args); @@ -310,13 +334,13 @@ static enumerator_t* create_section_enumerator(private_settings_t *this, { section_t *section; va_list args; - + va_start(args, key); section = find_section(this->top, key, args); va_end(args); - + if (!section) - { + { return enumerator_create_empty(); } return enumerator_create_filter( @@ -324,6 +348,39 @@ static enumerator_t* create_section_enumerator(private_settings_t *this, (void*)section_filter, NULL, NULL); } +/** + * Enumerate key and values, not kv_t entries + */ +static bool kv_filter(void *null, kv_t **in, char **key, + void *none, char **value) +{ + *key = (*in)->key; + *value = (*in)->value; + return TRUE; +} + +/** + * Implementation of settings_t.create_key_value_enumerator + */ +static enumerator_t* create_key_value_enumerator(private_settings_t *this, + char *key, ...) +{ + section_t *section; + va_list args; + + va_start(args, key); + section = find_section(this->top, key, args); + va_end(args); + + if (!section) + { + return enumerator_create_empty(); + } + return enumerator_create_filter( + section->kv->create_enumerator(section->kv), + (void*)kv_filter, NULL, NULL); +} + /** * destroy a section */ @@ -331,7 +388,7 @@ static void section_destroy(section_t *this) { this->kv->destroy_function(this->kv, free); this->sections->destroy_function(this->sections, (void*)section_destroy); - + free(this); } @@ -362,7 +419,7 @@ static char parse(char **text, char *skip, char *term, char *br, char **token) { char *pos = *text; int level = 1; - + /* find terminator */ while (*pos) { @@ -417,15 +474,15 @@ static section_t* parse_section(char **text, char *name) section_t *sub, *section; bool finished = FALSE; char *key, *value, *inner; - + static int lev = 0; lev++; - + section = malloc_thing(section_t); section->name = name; section->sections = linked_list_create(); section->kv = linked_list_create(); - + while (!finished) { switch (parse(text, "\t\n ", "{=#", NULL, &key)) @@ -484,51 +541,53 @@ static void destroy(private_settings_t *this) */ settings_t *settings_create(char *file) { - private_settings_t *this = malloc_thing(private_settings_t); - + private_settings_t *this; + char *pos; + FILE *fd; + int len; + + this = malloc_thing(private_settings_t); this->public.get_str = (char*(*)(settings_t*, char *key, char* def, ...))get_str; this->public.get_int = (int(*)(settings_t*, char *key, int def, ...))get_int; + this->public.get_double = (double(*)(settings_t*, char *key, double def, ...))get_double; this->public.get_time = (u_int32_t(*)(settings_t*, char *key, u_int32_t def, ...))get_time; this->public.get_bool = (bool(*)(settings_t*, char *key, bool def, ...))get_bool; this->public.create_section_enumerator = (enumerator_t*(*)(settings_t*,char *section, ...))create_section_enumerator; + this->public.create_key_value_enumerator = (enumerator_t*(*)(settings_t*, char *key, ...))create_key_value_enumerator; this->public.destroy = (void(*)(settings_t*))destroy; - + this->top = NULL; this->text = NULL; - - if (file) + + if (file == NULL) { - FILE *fd; - int len; - char *pos; - - fd = fopen(file, "r"); - if (fd == NULL) - { - DBG1("'%s' does not exist or is not readable", file); - return &this->public; - } - fseek(fd, 0, SEEK_END); - len = ftell(fd); - rewind(fd); - this->text = malloc(len + 1); - this->text[len] = '\0'; - if (fread(this->text, 1, len, fd) != len) - { - free(this->text); - this->text = NULL; - return &this->public; - } - fclose(fd); + file = STRONGSWAN_CONF; + } + fd = fopen(file, "r"); + if (fd == NULL) + { + DBG1("'%s' does not exist or is not readable", file); + return &this->public; + } + fseek(fd, 0, SEEK_END); + len = ftell(fd); + rewind(fd); + this->text = malloc(len + 1); + this->text[len] = '\0'; + if (fread(this->text, 1, len, fd) != len) + { + free(this->text); + this->text = NULL; + return &this->public; + } + fclose(fd); - pos = this->text; - this->top = parse_section(&pos, NULL); - if (this->top == NULL) - { - free(this->text); - this->text = NULL; - return &this->public; - } + pos = this->text; + this->top = parse_section(&pos, NULL); + if (this->top == NULL) + { + free(this->text); + this->text = NULL; } return &this->public; } diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h index 1816787ae..9e8d75cc0 100644 --- a/src/libstrongswan/settings.h +++ b/src/libstrongswan/settings.h @@ -37,17 +37,17 @@ typedef struct settings_t settings_t; * * E.g.: * @code - a = b - section-one { - somevalue = asdf - subsection { - othervalue = xxx - } - yetanother = zz - } - section-two { - } - @endcode + a = b + section-one { + somevalue = asdf + subsection { + othervalue = xxx + } + yetanother = zz + } + section-two { + } + @endcode * * The values are accesses using the get() functions using dotted keys, e.g. * section-one.subsection.othervalue @@ -63,7 +63,7 @@ struct settings_t { * @return value pointing to internal string */ char* (*get_str)(settings_t *this, char *key, char *def, ...); - + /** * Get a boolean yes|no, true|false value. * @@ -73,7 +73,7 @@ struct settings_t { * @return value of the key */ bool (*get_bool)(settings_t *this, char *key, bool def, ...); - + /** * Get an integer value. * @@ -83,7 +83,17 @@ struct settings_t { * @return value of the key */ int (*get_int)(settings_t *this, char *key, int def, ...); - + + /** + * Get an double value. + * + * @param key key including sections, printf style format + * @param def value returned if key not found + * @param ... argument list for key + * @return value of the key + */ + double (*get_double)(settings_t *this, char *key, double def, ...); + /** * Get a time value. * @@ -93,7 +103,7 @@ struct settings_t { * @return value of the key */ u_int32_t (*get_time)(settings_t *this, char *key, u_int32_t def, ...); - + /** * Create an enumerator over subsection names of a section. * @@ -103,6 +113,17 @@ struct settings_t { */ enumerator_t* (*create_section_enumerator)(settings_t *this, char *section, ...); + + /** + * Create an enumerator over key/value pairs in a section. + * + * @param section section name to list key/value pairs of, printf style + * @param ... argmuent list for section + * @return enumerator over (char *key, char *value) + */ + enumerator_t* (*create_key_value_enumerator)(settings_t *this, + char *section, ...); + /** * Destroy a settings instance. */ @@ -110,7 +131,10 @@ struct settings_t { }; /** - * Load setings from a file. + * Load settings from a file. + * + * @param file file to read settings from, NULL for default + * @return settings object */ settings_t *settings_create(char *file); diff --git a/src/libstrongswan/threading/condvar.h b/src/libstrongswan/threading/condvar.h new file mode 100644 index 000000000..48c949c7c --- /dev/null +++ b/src/libstrongswan/threading/condvar.h @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2008-2009 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup condvar condvar + * @{ @ingroup threading + */ + +#ifndef THREADING_CONDVAR_H_ +#define THREADING_CONDVAR_H_ + +typedef struct condvar_t condvar_t; +typedef enum condvar_type_t condvar_type_t; + +#include "mutex.h" + +/** + * Type of condvar. + */ +enum condvar_type_t { + /** default condvar */ + CONDVAR_TYPE_DEFAULT = 0, +}; + +/** + * Condvar wrapper to use in conjunction with mutex_t. + */ +struct condvar_t { + + /** + * Wait on a condvar until it gets signalized. + * + * @param mutex mutex to release while waiting + */ + void (*wait)(condvar_t *this, mutex_t *mutex); + + /** + * Wait on a condvar until it gets signalized, or times out. + * + * @param mutex mutex to release while waiting + * @param timeout timeout im ms + * @return TRUE if timed out, FALSE otherwise + */ + bool (*timed_wait)(condvar_t *this, mutex_t *mutex, u_int timeout); + + /** + * Wait on a condvar until it gets signalized, or times out. + * + * The passed timeval should be calculated based on the time_monotonic() + * function. + * + * @param mutex mutex to release while waiting + * @param tv absolute time until timeout + * @return TRUE if timed out, FALSE otherwise + */ + bool (*timed_wait_abs)(condvar_t *this, mutex_t *mutex, timeval_t tv); + + /** + * Wake up a single thread in a condvar. + */ + void (*signal)(condvar_t *this); + + /** + * Wake up all threads in a condvar. + */ + void (*broadcast)(condvar_t *this); + + /** + * Destroy a condvar and free its resources. + */ + void (*destroy)(condvar_t *this); +}; + +/** + * Create a condvar instance. + * + * @param type type of condvar to create + * @return condvar instance + */ +condvar_t *condvar_create(condvar_type_t type); + +#endif /** THREADING_CONDVAR_H_ @} */ + diff --git a/src/libstrongswan/threading/lock_profiler.h b/src/libstrongswan/threading/lock_profiler.h new file mode 100644 index 000000000..b64453ba1 --- /dev/null +++ b/src/libstrongswan/threading/lock_profiler.h @@ -0,0 +1,102 @@ +/* + * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef THREADING_LOCK_PROFILER_H_ +#define THREADING_LOCK_PROFILER_H_ + +#ifdef LOCK_PROFILER + +#include + +/** + * Do not report mutexes with an overall waiting time smaller than this (in us) + */ +#define PROFILE_WAIT_TRESHHOLD 10000 + +/** + * Do not report mutexes with an overall lock count smaller than this + */ +#define PROFILE_LOCK_TRESHHOLD 1000 + +#include + +typedef struct lock_profile_t lock_profile_t; + +struct lock_profile_t { + /** + * how long threads have waited for the lock in this mutex so far + */ + timeval_t waited; + + /** + * How many times the lock has been invoked + */ + u_int locked; + + /** + * backtrace where mutex has been created + */ + backtrace_t *backtrace; +}; + +/** + * Print and cleanup mutex profiler + */ +static inline void profiler_cleanup(lock_profile_t *profile) +{ + if (profile->waited.tv_sec > 0 || + profile->waited.tv_usec > PROFILE_WAIT_TRESHHOLD || + profile->locked > PROFILE_LOCK_TRESHHOLD) + { + fprintf(stderr, "%d.%03ds / %d times in lock created at:", + profile->waited.tv_sec, profile->waited.tv_usec, profile->locked); + profile->backtrace->log(profile->backtrace, stderr); + } + profile->backtrace->destroy(profile->backtrace); +} + +/** + * Initialize mutex profiler + */ +static inline void profiler_init(lock_profile_t *profile) +{ + profile->backtrace = backtrace_create(2); + timerclear(&profile->waited); + profile->locked = 0; +} + +#define profiler_start(profile) { \ + struct timeval _start, _end, _diff; \ + (profile)->locked++; \ + time_monotonic(&_start); + +#define profiler_end(profile) \ + time_monotonic(&_end); \ + timersub(&_end, &_start, &_diff); \ + timeradd(&(profile)->waited, &_diff, &(profile)->waited); } + +#else /* !LOCK_PROFILER */ + +#define lock_profile_t struct {} +#define profiler_cleanup(...) {} +#define profiler_init(...) {} +#define profiler_start(...) {} +#define profiler_end(...) {} + +#endif /* LOCK_PROFILER */ + +#endif /* THREADING_LOCK_PROFILER_H_ */ + diff --git a/src/libstrongswan/threading/mutex.c b/src/libstrongswan/threading/mutex.c new file mode 100644 index 000000000..a35695624 --- /dev/null +++ b/src/libstrongswan/threading/mutex.c @@ -0,0 +1,375 @@ +/* + * Copyright (C) 2008-2009 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include +#include +#include +#include + +#include +#include + +#include "condvar.h" +#include "mutex.h" +#include "lock_profiler.h" + +typedef struct private_mutex_t private_mutex_t; +typedef struct private_r_mutex_t private_r_mutex_t; +typedef struct private_condvar_t private_condvar_t; + +/** + * private data of mutex + */ +struct private_mutex_t { + + /** + * public functions + */ + mutex_t public; + + /** + * wrapped pthread mutex + */ + pthread_mutex_t mutex; + + /** + * is this a recursiv emutex, implementing private_r_mutex_t? + */ + bool recursive; + + /** + * profiling info, if enabled + */ + lock_profile_t profile; +}; + +/** + * private data of mutex, extended by recursive locking information + */ +struct private_r_mutex_t { + + /** + * Extends private_mutex_t + */ + private_mutex_t generic; + + /** + * thread which currently owns mutex + */ + pthread_t thread; + + /** + * times we have locked the lock, stored per thread + */ + pthread_key_t times; +}; + +/** + * private data of condvar + */ +struct private_condvar_t { + + /** + * public functions + */ + condvar_t public; + + /** + * wrapped pthread condvar + */ + pthread_cond_t condvar; + +}; + + + +/** + * Implementation of mutex_t.lock. + */ +static void lock(private_mutex_t *this) +{ + int err; + + profiler_start(&this->profile); + err = pthread_mutex_lock(&this->mutex); + if (err) + { + DBG1("!!! MUTEX LOCK ERROR: %s !!!", strerror(err)); + } + profiler_end(&this->profile); +} + +/** + * Implementation of mutex_t.unlock. + */ +static void unlock(private_mutex_t *this) +{ + int err; + + err = pthread_mutex_unlock(&this->mutex); + if (err) + { + DBG1("!!! MUTEX UNLOCK ERROR: %s !!!", strerror(err)); + } +} + +/** + * Implementation of mutex_t.lock. + */ +static void lock_r(private_r_mutex_t *this) +{ + pthread_t self = pthread_self(); + + if (this->thread == self) + { + uintptr_t times; + + /* times++ */ + times = (uintptr_t)pthread_getspecific(this->times); + pthread_setspecific(this->times, (void*)times + 1); + } + else + { + lock(&this->generic); + this->thread = self; + /* times = 1 */ + pthread_setspecific(this->times, (void*)1); + } +} + +/** + * Implementation of mutex_t.unlock. + */ +static void unlock_r(private_r_mutex_t *this) +{ + uintptr_t times; + + /* times-- */ + times = (uintptr_t)pthread_getspecific(this->times); + pthread_setspecific(this->times, (void*)--times); + + if (times == 0) + { + this->thread = 0; + unlock(&this->generic); + } +} + +/** + * Implementation of mutex_t.destroy + */ +static void mutex_destroy(private_mutex_t *this) +{ + profiler_cleanup(&this->profile); + pthread_mutex_destroy(&this->mutex); + free(this); +} + +/** + * Implementation of mutex_t.destroy for recursive mutex' + */ +static void mutex_destroy_r(private_r_mutex_t *this) +{ + profiler_cleanup(&this->generic.profile); + pthread_mutex_destroy(&this->generic.mutex); + pthread_key_delete(this->times); + free(this); +} + +/* + * see header file + */ +mutex_t *mutex_create(mutex_type_t type) +{ + switch (type) + { + case MUTEX_TYPE_RECURSIVE: + { + private_r_mutex_t *this = malloc_thing(private_r_mutex_t); + + this->generic.public.lock = (void(*)(mutex_t*))lock_r; + this->generic.public.unlock = (void(*)(mutex_t*))unlock_r; + this->generic.public.destroy = (void(*)(mutex_t*))mutex_destroy_r; + + pthread_mutex_init(&this->generic.mutex, NULL); + pthread_key_create(&this->times, NULL); + this->generic.recursive = TRUE; + profiler_init(&this->generic.profile); + this->thread = 0; + + return &this->generic.public; + } + case MUTEX_TYPE_DEFAULT: + default: + { + private_mutex_t *this = malloc_thing(private_mutex_t); + + this->public.lock = (void(*)(mutex_t*))lock; + this->public.unlock = (void(*)(mutex_t*))unlock; + this->public.destroy = (void(*)(mutex_t*))mutex_destroy; + + pthread_mutex_init(&this->mutex, NULL); + this->recursive = FALSE; + profiler_init(&this->profile); + + return &this->public; + } + } +} + + + +/** + * Implementation of condvar_t.wait. + */ +static void _wait(private_condvar_t *this, private_mutex_t *mutex) +{ + if (mutex->recursive) + { + private_r_mutex_t* recursive = (private_r_mutex_t*)mutex; + + /* mutex owner gets cleared during condvar wait */ + recursive->thread = 0; + pthread_cond_wait(&this->condvar, &mutex->mutex); + recursive->thread = pthread_self(); + } + else + { + pthread_cond_wait(&this->condvar, &mutex->mutex); + } +} + +/* use the monotonic clock based version of this function if available */ +#ifdef HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC +#define pthread_cond_timedwait pthread_cond_timedwait_monotonic +#endif + +/** + * Implementation of condvar_t.timed_wait_abs. + */ +static bool timed_wait_abs(private_condvar_t *this, private_mutex_t *mutex, + timeval_t time) +{ + struct timespec ts; + bool timed_out; + + ts.tv_sec = time.tv_sec; + ts.tv_nsec = time.tv_usec * 1000; + + if (mutex->recursive) + { + private_r_mutex_t* recursive = (private_r_mutex_t*)mutex; + + recursive->thread = 0; + timed_out = pthread_cond_timedwait(&this->condvar, &mutex->mutex, + &ts) == ETIMEDOUT; + recursive->thread = pthread_self(); + } + else + { + timed_out = pthread_cond_timedwait(&this->condvar, &mutex->mutex, + &ts) == ETIMEDOUT; + } + return timed_out; +} + +/** + * Implementation of condvar_t.timed_wait. + */ +static bool timed_wait(private_condvar_t *this, private_mutex_t *mutex, + u_int timeout) +{ + timeval_t tv; + u_int s, ms; + + time_monotonic(&tv); + + s = timeout / 1000; + ms = timeout % 1000; + + tv.tv_sec += s; + tv.tv_usec += ms * 1000; + + if (tv.tv_usec > 1000000 /* 1s */) + { + tv.tv_usec -= 1000000; + tv.tv_sec++; + } + return timed_wait_abs(this, mutex, tv); +} + +/** + * Implementation of condvar_t.signal. + */ +static void _signal(private_condvar_t *this) +{ + pthread_cond_signal(&this->condvar); +} + +/** + * Implementation of condvar_t.broadcast. + */ +static void broadcast(private_condvar_t *this) +{ + pthread_cond_broadcast(&this->condvar); +} + +/** + * Implementation of condvar_t.destroy + */ +static void condvar_destroy(private_condvar_t *this) +{ + pthread_cond_destroy(&this->condvar); + free(this); +} + +/* + * see header file + */ +condvar_t *condvar_create(condvar_type_t type) +{ + switch (type) + { + case CONDVAR_TYPE_DEFAULT: + default: + { + private_condvar_t *this = malloc_thing(private_condvar_t); + + this->public.wait = (void(*)(condvar_t*, mutex_t *mutex))_wait; + this->public.timed_wait = (bool(*)(condvar_t*, mutex_t *mutex, u_int timeout))timed_wait; + this->public.timed_wait_abs = (bool(*)(condvar_t*, mutex_t *mutex, timeval_t time))timed_wait_abs; + this->public.signal = (void(*)(condvar_t*))_signal; + this->public.broadcast = (void(*)(condvar_t*))broadcast; + this->public.destroy = (void(*)(condvar_t*))condvar_destroy; + +#ifdef HAVE_PTHREAD_CONDATTR_INIT + { + pthread_condattr_t condattr; + pthread_condattr_init(&condattr); +#ifdef HAVE_CONDATTR_CLOCK_MONOTONIC + pthread_condattr_setclock(&condattr, CLOCK_MONOTONIC); +#endif + pthread_cond_init(&this->condvar, &condattr); + pthread_condattr_destroy(&condattr); + } +#endif + + return &this->public; + } + } +} + diff --git a/src/libstrongswan/threading/mutex.h b/src/libstrongswan/threading/mutex.h new file mode 100644 index 000000000..ac36b6a25 --- /dev/null +++ b/src/libstrongswan/threading/mutex.h @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2008-2009 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup mutex mutex + * @{ @ingroup threading + */ + +#ifndef THREADING_MUTEX_H_ +#define THREADING_MUTEX_H_ + +typedef struct mutex_t mutex_t; +typedef enum mutex_type_t mutex_type_t; + +/** + * Type of mutex. + */ +enum mutex_type_t { + /** default mutex */ + MUTEX_TYPE_DEFAULT = 0, + /** allow recursive locking of the mutex */ + MUTEX_TYPE_RECURSIVE = 1, +}; + +/** + * Mutex wrapper implements simple, portable and advanced mutex functions. + */ +struct mutex_t { + + /** + * Acquire the lock to the mutex. + */ + void (*lock)(mutex_t *this); + + /** + * Release the lock on the mutex. + */ + void (*unlock)(mutex_t *this); + + /** + * Destroy a mutex instance. + */ + void (*destroy)(mutex_t *this); +}; + +/** + * Create a mutex instance. + * + * @param type type of mutex to create + * @return unlocked mutex instance + */ +mutex_t *mutex_create(mutex_type_t type); + +#endif /** THREADING_MUTEX_H_ @} */ + diff --git a/src/libstrongswan/threading/rwlock.c b/src/libstrongswan/threading/rwlock.c new file mode 100644 index 000000000..ee9fb10be --- /dev/null +++ b/src/libstrongswan/threading/rwlock.c @@ -0,0 +1,327 @@ +/* + * Copyright (C) 2008-2009 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include + +#include +#include + +#include "rwlock.h" +#include "condvar.h" +#include "mutex.h" +#include "lock_profiler.h" + +typedef struct private_rwlock_t private_rwlock_t; + +/** + * private data of rwlock + */ +struct private_rwlock_t { + + /** + * public functions + */ + rwlock_t public; + +#ifdef HAVE_PTHREAD_RWLOCK_INIT + + /** + * wrapped pthread rwlock + */ + pthread_rwlock_t rwlock; + +#else + + /** + * mutex to emulate a native rwlock + */ + mutex_t *mutex; + + /** + * condvar to handle writers + */ + condvar_t *writers; + + /** + * condvar to handle readers + */ + condvar_t *readers; + + /** + * number of waiting writers + */ + u_int waiting_writers; + + /** + * number of readers holding the lock + */ + u_int reader_count; + + /** + * current writer thread, if any + */ + pthread_t writer; + +#endif /* HAVE_PTHREAD_RWLOCK_INIT */ + + /** + * profiling info, if enabled + */ + lock_profile_t profile; +}; + + +#ifdef HAVE_PTHREAD_RWLOCK_INIT + +/** + * Implementation of rwlock_t.read_lock + */ +static void read_lock(private_rwlock_t *this) +{ + int err; + + profiler_start(&this->profile); + err = pthread_rwlock_rdlock(&this->rwlock); + if (err != 0) + { + DBG1("!!! RWLOCK READ LOCK ERROR: %s !!!", strerror(err)); + } + profiler_end(&this->profile); +} + +/** + * Implementation of rwlock_t.write_lock + */ +static void write_lock(private_rwlock_t *this) +{ + int err; + + profiler_start(&this->profile); + err = pthread_rwlock_wrlock(&this->rwlock); + if (err != 0) + { + DBG1("!!! RWLOCK WRITE LOCK ERROR: %s !!!", strerror(err)); + } + profiler_end(&this->profile); +} + +/** + * Implementation of rwlock_t.try_write_lock + */ +static bool try_write_lock(private_rwlock_t *this) +{ + return pthread_rwlock_trywrlock(&this->rwlock) == 0; +} + +/** + * Implementation of rwlock_t.unlock + */ +static void rw_unlock(private_rwlock_t *this) +{ + int err; + + err = pthread_rwlock_unlock(&this->rwlock); + if (err != 0) + { + DBG1("!!! RWLOCK UNLOCK ERROR: %s !!!", strerror(err)); + } +} + +/** + * Implementation of rwlock_t.destroy + */ +static void rw_destroy(private_rwlock_t *this) +{ + pthread_rwlock_destroy(&this->rwlock); + profiler_cleanup(&this->profile); + free(this); +} + +/* + * see header file + */ +rwlock_t *rwlock_create(rwlock_type_t type) +{ + switch (type) + { + case RWLOCK_TYPE_DEFAULT: + default: + { + private_rwlock_t *this = malloc_thing(private_rwlock_t); + + this->public.read_lock = (void(*)(rwlock_t*))read_lock; + this->public.write_lock = (void(*)(rwlock_t*))write_lock; + this->public.try_write_lock = (bool(*)(rwlock_t*))try_write_lock; + this->public.unlock = (void(*)(rwlock_t*))rw_unlock; + this->public.destroy = (void(*)(rwlock_t*))rw_destroy; + + pthread_rwlock_init(&this->rwlock, NULL); + profiler_init(&this->profile); + + return &this->public; + } + } +} + +#else /* HAVE_PTHREAD_RWLOCK_INIT */ + +/** + * This implementation of the rwlock_t interface uses mutex_t and condvar_t + * primitives, if the pthread_rwlock_* group of functions is not available. + * + * The following constraints are enforced: + * - Multiple readers can hold the lock at the same time. + * - Only a single writer can hold the lock at any given time. + * - A writer must block until all readers have released the lock before + * obtaining the lock exclusively. + * - Readers that arrive while a writer is waiting to acquire the lock will + * block until after the writer has obtained and released the lock. + * These constraints allow for read sharing, prevent write sharing, prevent + * read-write sharing and prevent starvation of writers by a steady stream + * of incoming readers. Reader starvation is not prevented (this could happen + * if there are more writers than readers). + * + * The implementation does not support recursive locking and readers must not + * acquire the lock exclusively at the same time and vice-versa (this is not + * checked or enforced so behave yourself to prevent deadlocks). + */ + +/** + * Implementation of rwlock_t.read_lock + */ +static void read_lock(private_rwlock_t *this) +{ + profiler_start(&this->profile); + this->mutex->lock(this->mutex); + while (this->writer || this->waiting_writers) + { + this->readers->wait(this->readers, this->mutex); + } + this->reader_count++; + profiler_end(&this->profile); + this->mutex->unlock(this->mutex); +} + +/** + * Implementation of rwlock_t.write_lock + */ +static void write_lock(private_rwlock_t *this) +{ + profiler_start(&this->profile); + this->mutex->lock(this->mutex); + this->waiting_writers++; + while (this->writer || this->reader_count) + { + this->writers->wait(this->writers, this->mutex); + } + this->waiting_writers--; + this->writer = pthread_self(); + profiler_end(&this->profile); + this->mutex->unlock(this->mutex); +} + +/** + * Implementation of rwlock_t.try_write_lock + */ +static bool try_write_lock(private_rwlock_t *this) +{ + bool res = FALSE; + this->mutex->lock(this->mutex); + if (!this->writer && !this->reader_count) + { + res = TRUE; + this->writer = pthread_self(); + } + this->mutex->unlock(this->mutex); + return res; +} + +/** + * Implementation of rwlock_t.unlock + */ +static void rw_unlock(private_rwlock_t *this) +{ + this->mutex->lock(this->mutex); + if (this->writer == pthread_self()) + { + this->writer = 0; + if (this->waiting_writers) + { + this->writers->signal(this->writers); + } + else + { + this->readers->broadcast(this->readers); + } + } + else + { + this->reader_count--; + if (!this->reader_count) + { + this->writers->signal(this->writers); + } + } + this->mutex->unlock(this->mutex); +} + +/** + * Implementation of rwlock_t.destroy + */ +static void rw_destroy(private_rwlock_t *this) +{ + this->mutex->destroy(this->mutex); + this->writers->destroy(this->writers); + this->readers->destroy(this->readers); + profiler_cleanup(&this->profile); + free(this); +} + +/* + * see header file + */ +rwlock_t *rwlock_create(rwlock_type_t type) +{ + switch (type) + { + case RWLOCK_TYPE_DEFAULT: + default: + { + private_rwlock_t *this = malloc_thing(private_rwlock_t); + + this->public.read_lock = (void(*)(rwlock_t*))read_lock; + this->public.write_lock = (void(*)(rwlock_t*))write_lock; + this->public.try_write_lock = (bool(*)(rwlock_t*))try_write_lock; + this->public.unlock = (void(*)(rwlock_t*))rw_unlock; + this->public.destroy = (void(*)(rwlock_t*))rw_destroy; + + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + this->writers = condvar_create(CONDVAR_TYPE_DEFAULT); + this->readers = condvar_create(CONDVAR_TYPE_DEFAULT); + this->waiting_writers = 0; + this->reader_count = 0; + this->writer = 0; + + profiler_init(&this->profile); + + return &this->public; + } + } +} + +#endif /* HAVE_PTHREAD_RWLOCK_INIT */ + diff --git a/src/libstrongswan/threading/rwlock.h b/src/libstrongswan/threading/rwlock.h new file mode 100644 index 000000000..a86a241c5 --- /dev/null +++ b/src/libstrongswan/threading/rwlock.h @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2008-2009 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup rwlock rwlock + * @{ @ingroup threading + */ + +#ifndef THREADING_RWLOCK_H_ +#define THREADING_RWLOCK_H_ + +typedef struct rwlock_t rwlock_t; +typedef enum rwlock_type_t rwlock_type_t; + +/** + * Type of read-write lock. + */ +enum rwlock_type_t { + /** default condvar */ + RWLOCK_TYPE_DEFAULT = 0, +}; + +/** + * Read-Write lock wrapper. + */ +struct rwlock_t { + + /** + * Acquire the read lock. + */ + void (*read_lock)(rwlock_t *this); + + /** + * Acquire the write lock. + */ + void (*write_lock)(rwlock_t *this); + + /** + * Try to acquire the write lock. + * + * Never blocks, but returns FALSE if the lock was already occupied. + * + * @return TRUE if lock acquired + */ + bool (*try_write_lock)(rwlock_t *this); + + /** + * Release any acquired lock. + */ + void (*unlock)(rwlock_t *this); + + /** + * Destroy the read-write lock. + */ + void (*destroy)(rwlock_t *this); +}; + +/** + * Create a read-write lock instance. + * + * @param type type of rwlock to create + * @return unlocked rwlock instance + */ +rwlock_t *rwlock_create(rwlock_type_t type); + +#endif /** THREADING_RWLOCK_H_ @} */ + diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c new file mode 100644 index 000000000..bbfb2c2c6 --- /dev/null +++ b/src/libstrongswan/threading/thread.c @@ -0,0 +1,440 @@ +/* + * Copyright (C) 2009 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include +#include +#include + +#include +#include + +#include +#include +#include + +#include "thread.h" + +typedef struct private_thread_t private_thread_t; + +struct private_thread_t { + /** + * Public interface. + */ + thread_t public; + + /** + * Human-readable ID of this thread. + */ + u_int id; + + /** + * ID of the underlying thread. + */ + pthread_t thread_id; + + /** + * Main function of this thread (NULL for the main thread). + */ + thread_main_t main; + + /** + * Argument for the main function. + */ + void *arg; + + /** + * Stack of cleanup handlers. + */ + linked_list_t *cleanup_handlers; + + /** + * Mutex to make modifying thread properties safe. + */ + mutex_t *mutex; + + /** + * Semaphore used to sync the creation/start of the thread. + */ + sem_t created; + + /** + * TRUE if this thread has been detached or joined, i.e. can be cleaned + * up after terminating. + */ + bool detached_or_joined; + + /** + * TRUE if the threads has terminated (cancelled, via thread_exit or + * returned from the main function) + */ + bool terminated; + +}; + +typedef struct { + /** + * Cleanup callback function. + */ + thread_cleanup_t cleanup; + + /** + * Argument provided to the cleanup function. + */ + void *arg; + +} cleanup_handler_t; + + +/** + * Next thread ID. + */ +static u_int next_id = 1; + +/** + * Mutex to safely access the next thread ID. + */ +static mutex_t *id_mutex; + +/** + * Store the thread object in a thread-specific value. + */ +static thread_value_t *current_thread; + +#ifndef HAVE_PTHREAD_CANCEL +/* if pthread_cancel is not available, we emulate it using a signal */ +#define SIG_CANCEL (SIGRTMIN+7) + +/* the signal handler for SIG_CANCEL uses pthread_exit to terminate the + * "cancelled" thread */ +static void cancel_signal_handler(int sig) +{ + pthread_exit(NULL); +} +#endif + + +/** + * Destroy an internal thread object. + * + * @note The mutex of this thread object has to be locked, it gets unlocked + * automatically. + */ +static void thread_destroy(private_thread_t *this) +{ + if (!this->terminated || !this->detached_or_joined) + { + this->mutex->unlock(this->mutex); + return; + } + this->cleanup_handlers->destroy(this->cleanup_handlers); + this->mutex->unlock(this->mutex); + this->mutex->destroy(this->mutex); + sem_destroy(&this->created); + free(this); +} + +/** + * Implementation of thread_t.cancel. + */ +static void cancel(private_thread_t *this) +{ + this->mutex->lock(this->mutex); + if (pthread_equal(this->thread_id, pthread_self())) + { + this->mutex->unlock(this->mutex); + DBG1("!!! CANNOT CANCEL CURRENT THREAD !!!"); + return; + } +#ifdef HAVE_PTHREAD_CANCEL + pthread_cancel(this->thread_id); +#else + pthread_kill(this->thread_id, SIG_CANCEL); +#endif /* HAVE_PTHREAD_CANCEL */ + this->mutex->unlock(this->mutex); +} + +/** + * Implementation of thread_t.kill. + */ +static void _kill(private_thread_t *this, int sig) +{ + this->mutex->lock(this->mutex); + if (pthread_equal(this->thread_id, pthread_self())) + { + /* it might actually be possible to send a signal to pthread_self (there + * is an example in raise(3) describing that), the problem is though, + * that the thread only returns here after the signal handler has + * returned, so depending on the signal, the lock might not get + * unlocked. */ + this->mutex->unlock(this->mutex); + DBG1("!!! CANNOT SEND SIGNAL TO CURRENT THREAD !!!"); + return; + } + pthread_kill(this->thread_id, sig); + this->mutex->unlock(this->mutex); +} + +/** + * Implementation of thread_t.detach. + */ +static void detach(private_thread_t *this) +{ + this->mutex->lock(this->mutex); + pthread_detach(this->thread_id); + this->detached_or_joined = TRUE; + thread_destroy(this); +} + +/** + * Implementation of thread_t.join. + */ +static void *join(private_thread_t *this) +{ + pthread_t thread_id; + void *val; + this->mutex->lock(this->mutex); + if (pthread_equal(this->thread_id, pthread_self())) + { + this->mutex->unlock(this->mutex); + DBG1("!!! CANNOT JOIN CURRENT THREAD !!!"); + return NULL; + } + if (this->detached_or_joined) + { + this->mutex->unlock(this->mutex); + DBG1("!!! CANNOT JOIN DETACHED THREAD !!!"); + return NULL; + } + thread_id = this->thread_id; + this->detached_or_joined = TRUE; + if (this->terminated) + { + /* thread has terminated before the call to join */ + thread_destroy(this); + } + else + { + /* thread_destroy is called when the thread terminates normally */ + this->mutex->unlock(this->mutex); + } + pthread_join(thread_id, &val); + return val; +} + +/** + * Create an internal thread object. + */ +static private_thread_t *thread_create_internal() +{ + private_thread_t *this = malloc_thing(private_thread_t); + this->public.cancel = (void(*)(thread_t*))cancel; + this->public.kill = (void(*)(thread_t*,int))_kill; + this->public.detach = (void(*)(thread_t*))detach; + this->public.join = (void*(*)(thread_t*))join; + + this->id = 0; + this->thread_id = 0; + this->main = NULL; + this->arg = NULL; + this->cleanup_handlers = linked_list_create(); + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + sem_init(&this->created, FALSE, 0); + this->detached_or_joined = FALSE; + this->terminated = FALSE; + + return this; +} + +/** + * Main cleanup function for threads. + */ +static void thread_cleanup(private_thread_t *this) +{ + cleanup_handler_t *handler; + this->mutex->lock(this->mutex); + while (this->cleanup_handlers->remove_last(this->cleanup_handlers, + (void**)&handler) == SUCCESS) + { + handler->cleanup(handler->arg); + free(handler); + } + this->terminated = TRUE; + thread_destroy(this); +} + +/** + * Main function wrapper for threads. + */ +static void *thread_main(private_thread_t *this) +{ + void *res; + sem_wait(&this->created); + current_thread->set(current_thread, this); + pthread_cleanup_push((thread_cleanup_t)thread_cleanup, this); + res = this->main(this->arg); + pthread_cleanup_pop(TRUE); + return res; +} + +/** + * Described in header. + */ +thread_t *thread_create(thread_main_t main, void *arg) +{ + private_thread_t *this = thread_create_internal(); + this->main = main; + this->arg = arg; + if (pthread_create(&this->thread_id, NULL, (void*)thread_main, this) != 0) + { + DBG1("failed to create thread!"); + thread_destroy(this); + return NULL; + } + id_mutex->lock(id_mutex); + this->id = next_id++; + id_mutex->unlock(id_mutex); + sem_post(&this->created); + return &this->public; +} + +/** + * Described in header. + */ +thread_t *thread_current() +{ + return current_thread->get(current_thread); +} + +/** + * Described in header. + */ +u_int thread_current_id() +{ + private_thread_t *this = (private_thread_t*)thread_current(); + return this->id; +} + +/** + * Described in header. + */ +void thread_cleanup_push(thread_cleanup_t cleanup, void *arg) +{ + private_thread_t *this = (private_thread_t*)thread_current(); + cleanup_handler_t *handler; + this->mutex->lock(this->mutex); + handler = malloc_thing(cleanup_handler_t); + handler->cleanup = cleanup; + handler->arg = arg; + this->cleanup_handlers->insert_last(this->cleanup_handlers, handler); + this->mutex->unlock(this->mutex); +} + +/** + * Described in header. + */ +void thread_cleanup_pop(bool execute) +{ + private_thread_t *this = (private_thread_t*)thread_current(); + cleanup_handler_t *handler; + this->mutex->lock(this->mutex); + if (this->cleanup_handlers->remove_last(this->cleanup_handlers, + (void**)&handler) != SUCCESS) + { + this->mutex->unlock(this->mutex); + DBG1("!!! THREAD CLEANUP ERROR !!!"); + return; + } + this->mutex->unlock(this->mutex); + + if (execute) + { + handler->cleanup(handler->arg); + } + free(handler); +} + +/** + * Described in header. + */ +bool thread_cancelability(bool enable) +{ +#ifdef HAVE_PTHREAD_CANCEL + int old; + pthread_setcancelstate(enable ? PTHREAD_CANCEL_ENABLE + : PTHREAD_CANCEL_DISABLE, &old); + return old == PTHREAD_CANCEL_ENABLE; +#else + sigset_t new, old; + sigemptyset(&new); + sigaddset(&new, SIG_CANCEL); + pthread_sigmask(enable ? SIG_UNBLOCK : SIG_BLOCK, &new, &old); + return sigismember(&old, SIG_CANCEL) == 0; +#endif /* HAVE_PTHREAD_CANCEL */ +} + +/** + * Described in header. + */ +void thread_cancellation_point() +{ + bool old = thread_cancelability(TRUE); +#ifdef HAVE_PTHREAD_CANCEL + pthread_testcancel(); +#endif /* HAVE_PTHREAD_CANCEL */ + thread_cancelability(old); +} + +/** + * Described in header. + */ +void thread_exit(void *val) +{ + pthread_exit(val); +} + +/** + * Described in header. + */ +void threads_init() +{ + private_thread_t *main_thread = thread_create_internal(); + main_thread->id = 0; + main_thread->thread_id = pthread_self(); + current_thread = thread_value_create(NULL); + current_thread->set(current_thread, (void*)main_thread); + id_mutex = mutex_create(MUTEX_TYPE_DEFAULT); + +#ifndef HAVE_PTHREAD_CANCEL + { /* install a signal handler for our custom SIG_CANCEL */ + struct sigaction action = { + .sa_handler = cancel_signal_handler + }; + sigaction(SIG_CANCEL, &action, NULL); + } +#endif /* HAVE_PTHREAD_CANCEL */ +} + +/** + * Described in header. + */ +void threads_deinit() +{ + private_thread_t *main_thread = (private_thread_t*)thread_current(); + thread_destroy(main_thread); + current_thread->destroy(current_thread); + id_mutex->destroy(id_mutex); +} + diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h new file mode 100644 index 000000000..6bf8fac79 --- /dev/null +++ b/src/libstrongswan/threading/thread.h @@ -0,0 +1,187 @@ +/* + * Copyright (C) 2009 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup thread thread + * @{ @ingroup threading + */ + +#ifndef THREADING_THREAD_H_ +#define THREADING_THREAD_H_ + +typedef struct thread_t thread_t; + +#ifdef __APPLE__ +/* on Mac OS X 10.5 several system calls we use are no cancellation points. + * fortunately, select isn't one of them, so we wrap some of the others with + * calls to select(2). + */ +#include +#include + +#define WRAP_WITH_SELECT(func, socket, ...)\ + fd_set rfds; FD_ZERO(&rfds); FD_SET(socket, &rfds);\ + if (select(socket + 1, &rfds, NULL, NULL, NULL) <= 0) { return -1; }\ + return func(socket, __VA_ARGS__) + +static inline int cancellable_accept(int socket, struct sockaddr *address, + socklen_t *address_len) +{ + WRAP_WITH_SELECT(accept, socket, address, address_len); +} +#define accept cancellable_accept +static inline int cancellable_recvfrom(int socket, void *buffer, size_t length, + int flags, struct sockaddr *address, socklen_t *address_len) +{ + WRAP_WITH_SELECT(recvfrom, socket, buffer, length, flags, address, address_len); +} +#define recvfrom cancellable_recvfrom +#endif /* __APPLE__ */ + +/** + * Main function of a thread. + * + * @param arg argument provided to constructor + * @return value provided to threads joining the terminating thread + */ +typedef void *(*thread_main_t)(void *arg); + +/** + * Cleanup callback function for a thread. + * + * @param arg argument provided to thread_cleanup_push + */ +typedef void (*thread_cleanup_t)(void *arg); + + +/** + * Thread wrapper implements simple, portable and advanced thread functions. + * + * @note All threads other than the main thread need either to be joined or + * detached by calling the corresponding method. + */ +struct thread_t { + + /** + * Cancel this thread. + */ + void (*cancel)(thread_t *this); + + /** + * Send a signal to this thread. + * + * @param sig the signal to be sent to this thread + */ + void (*kill)(thread_t *this, int sig); + + /** + * Detach this thread, this automatically destroys the thread object after + * the thread returned from its main function. + * + * @note Calling detach is like calling destroy on other objects. + */ + void (*detach)(thread_t *this); + + /** + * Join this thread, this automatically destroys the thread object + * afterwards. + * + * @note Calling join is like calling destroy on other objects. + * + * @return the value returned from the thread's main function or + * a call to exit. + */ + void *(*join)(thread_t *this); + +}; + + +/** + * Create a new thread instance. + * + * @param main thread main function + * @param arg argument provided to the main function + * @return thread instance + */ +thread_t *thread_create(thread_main_t main, void *arg); + +/** + * Get a thread object for the current thread. + * + * @return thread instance + */ +thread_t *thread_current(); + +/** + * Get the human-readable ID of the current thread. + * + * The IDs are assigned incrementally starting from 1. + * + * @return human-readable ID + */ +u_int thread_current_id(); + +/** + * Push a function onto the current thread's cleanup handler stack. + * The callback function is called whenever the thread is cancelled, exits or + * thread_cleanup_pop is called with TRUE as execute argument. + * + * @param cleanup function called on thread exit + * @param arg argument provided to the callback + */ +void thread_cleanup_push(thread_cleanup_t cleanup, void *arg); + +/** + * Remove the top function from the current thread's cleanup handler stack + * and optionally execute it. + * + * @param execute TRUE to execute the function + */ +void thread_cleanup_pop(bool execute); + +/** + * Enable or disable the cancelability of the current thread. The current + * value is returned. + * + * @param enable TRUE to enable cancelability + * @return the current state of the cancelability + */ +bool thread_cancelability(bool enable); + +/** + * Force creation of a cancellation point in the calling thread. + */ +void thread_cancellation_point(); + +/** + * Exit the current thread. + * + * @param val value provided to threads joining the current thread + */ +void thread_exit(void *val); + +/** + * Called by the main thread to initialize the thread management. + */ +void threads_init(); + +/** + * Called by the main thread to deinitialize the thread management. + */ +void threads_deinit(); + + +#endif /** THREADING_THREAD_H_ @} */ + diff --git a/src/libstrongswan/threading/thread_value.c b/src/libstrongswan/threading/thread_value.c new file mode 100644 index 000000000..8f2a8846c --- /dev/null +++ b/src/libstrongswan/threading/thread_value.c @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2009 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include + +#include + +#include "thread_value.h" + +typedef struct private_thread_value_t private_thread_value_t; + +struct private_thread_value_t { + /** + * Public interface. + */ + thread_value_t public; + + /** + * Key to access thread-specific values. + */ + pthread_key_t key; + +}; + + +/** + * Implementation of thread_value_t.set. + */ +static void set(private_thread_value_t *this, void *val) +{ + pthread_setspecific(this->key, val); +} + +/** + * Implementation of thread_value_t.get. + */ +static void *get(private_thread_value_t *this) +{ + return pthread_getspecific(this->key); +} + +/** + * Implementation of thread_value_t.destroy. + */ +static void destroy(private_thread_value_t *this) +{ + pthread_key_delete(this->key); + free(this); +} + + +/** + * Described in header. + */ +thread_value_t *thread_value_create(thread_cleanup_t destructor) +{ + private_thread_value_t *this = malloc_thing(private_thread_value_t); + this->public.set = (void(*)(thread_value_t*,void*))set; + this->public.get = (void*(*)(thread_value_t*))get; + this->public.destroy = (void(*)(thread_value_t*))destroy; + + pthread_key_create(&this->key, destructor); + return &this->public; +} + diff --git a/src/libstrongswan/threading/thread_value.h b/src/libstrongswan/threading/thread_value.h new file mode 100644 index 000000000..48f5f7d6b --- /dev/null +++ b/src/libstrongswan/threading/thread_value.h @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2009 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup thread_value thread_value + * @{ @ingroup threading + */ + +#ifndef THREADING_THREAD_VALUE_H_ +#define THREADING_THREAD_VALUE_H_ + +#include + +typedef struct thread_value_t thread_value_t; + +/** + * Wrapper for thread-specific values. + */ +struct thread_value_t { + + /** + * Set a thread-specific value. + * + * @param val thread specific value + */ + void (*set)(thread_value_t *this, void *val); + + /** + * Get a thread-specific value. + * + * @return the value specific to the current thread + */ + void *(*get)(thread_value_t *this); + + /** + * Destroys this thread specific value wrapper. There is no check for + * non-NULL values which are currently assigned to the calling thread, no + * destructor is called. + */ + void (*destroy)(thread_value_t *this); + +}; + +/** + * Create a new thread-specific value wrapper. + * + * The optional destructor is called whenever a thread terminates, with the + * assigned value as argument. It is not called if that value is NULL. + * + * @param destructor destructor + * @return thread-specific value wrapper + */ +thread_value_t *thread_value_create(thread_cleanup_t destructor); + +#endif /** THREADING_THREAD_VALUE_H_ @} */ + diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c index 305841172..e331ac0d0 100644 --- a/src/libstrongswan/utils.c +++ b/src/libstrongswan/utils.c @@ -50,9 +50,9 @@ void *clalloc(void * pointer, size_t size) { void *data; data = malloc(size); - + memcpy(data, pointer, size); - + return (data); } @@ -62,9 +62,9 @@ void *clalloc(void * pointer, size_t size) void memxor(u_int8_t dst[], u_int8_t src[], size_t n) { int m, i; - + /* byte wise XOR until dst aligned */ - for (i = 0; (uintptr_t)&dst[i] % sizeof(long); i++) + for (i = 0; (uintptr_t)&dst[i] % sizeof(long) && i < n; i++) { dst[i] ^= src[i]; } @@ -162,6 +162,44 @@ bool mkdir_p(const char *path, mode_t mode) return TRUE; } +/** + * Return monotonic time + */ +time_t time_monotonic(timeval_t *tv) +{ +#if defined(HAVE_CLOCK_GETTIME) && \ + (defined(HAVE_CONDATTR_CLOCK_MONOTONIC) || \ + defined(HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC)) + /* as we use time_monotonic() for condvar operations, we use the + * monotonic time source only if it is also supported by pthread. */ + timespec_t ts; + + if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) + { + if (tv) + { + tv->tv_sec = ts.tv_sec; + tv->tv_usec = ts.tv_nsec / 1000; + } + return ts.tv_sec; + } +#endif /* HAVE_CLOCK_GETTIME && (...) */ + /* Fallback to non-monotonic timestamps: + * On MAC OS X, creating monotonic timestamps is rather difficult. We + * could use mach_absolute_time() and catch sleep/wakeup notifications. + * We stick to the simpler (non-monotonic) gettimeofday() for now. + * But keep in mind: we need the same time source here as in condvar! */ + if (!tv) + { + return time(NULL); + } + if (gettimeofday(tv, NULL) != 0) + { /* should actually never fail if passed pointers are valid */ + return -1; + } + return tv->tv_sec; +} + /** * return null */ @@ -197,7 +235,7 @@ void nop() #include /** - * We use a single mutex for all refcount variables. + * We use a single mutex for all refcount variables. */ static pthread_mutex_t ref_mutex = PTHREAD_MUTEX_INITIALIZER; @@ -217,7 +255,7 @@ void ref_get(refcount_t *ref) bool ref_put(refcount_t *ref) { bool more_refs; - + pthread_mutex_lock(&ref_mutex); more_refs = --(*ref); pthread_mutex_unlock(&ref_mutex); @@ -238,7 +276,7 @@ int time_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, time_t *time = *((time_t**)(args[0])); bool utc = *((bool*)(args[1]));; struct tm t; - + if (time == UNDEFINED_TIME) { return print_in_hook(dst, len, "--- -- --:--:--%s----", @@ -267,7 +305,7 @@ int time_delta_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, time_t *arg1 = *((time_t**)(args[0])); time_t *arg2 = *((time_t**)(args[1])); time_t delta = abs(*arg1 - *arg2); - + if (delta > 2 * 60 * 60 * 24) { delta /= 60 * 60 * 24; @@ -301,7 +339,7 @@ int mem_printf_hook(char *dst, size_t dstlen, { char *bytes = *((void**)(args[0])); int len = *((size_t*)(args[1])); - + char buffer[BYTES_PER_LINE * 3]; char ascii_buffer[BYTES_PER_LINE + 1]; char *buffer_pos = buffer; @@ -310,9 +348,9 @@ int mem_printf_hook(char *dst, size_t dstlen, int line_start = 0; int i = 0; int written = 0; - + written += print_in_hook(dst, dstlen, "=> %d bytes @ %p", len, bytes); - + while (bytes_pos < bytes_roof) { *buffer_pos++ = hexdig_upper[(*bytes_pos >> 4) & 0xF]; @@ -321,20 +359,20 @@ int mem_printf_hook(char *dst, size_t dstlen, ascii_buffer[i++] = (*bytes_pos > 31 && *bytes_pos < 127) ? *bytes_pos : '.'; - if (++bytes_pos == bytes_roof || i == BYTES_PER_LINE) + if (++bytes_pos == bytes_roof || i == BYTES_PER_LINE) { int padding = 3 * (BYTES_PER_LINE - i); - + while (padding--) { *buffer_pos++ = ' '; } *buffer_pos++ = '\0'; ascii_buffer[i] = '\0'; - + written += print_in_hook(dst, dstlen, "\n%4d: %s %s", - line_start, buffer, ascii_buffer); - + line_start, buffer, ascii_buffer); + buffer_pos = buffer; line_start += BYTES_PER_LINE; i = 0; diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index 5d273d272..964cbd1d2 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -25,6 +25,9 @@ #include #include #include +#include +#include +#include #include @@ -71,12 +74,19 @@ /** * Macro gives back larger of two values. */ -#define max(x,y) ((x) > (y) ? (x):(y)) +#define max(x,y) ({ \ + typeof(x) _x = (x); \ + typeof(y) _y = (y); \ + _x > _y ? _x : _y; }) + /** * Macro gives back smaller of two values. */ -#define min(x,y) ((x) < (y) ? (x):(y)) +#define min(x,y) ({ \ + typeof(x) _x = (x); \ + typeof(y) _y = (y); \ + _x < _y ? _x : _y; }) /** * Call destructor of an object, if object != NULL @@ -98,6 +108,35 @@ */ #define POS printf("%s, line %d\n", __FILE__, __LINE__) +/** + * Object allocation/initialization macro, using designated initializer. + */ +#define INIT(this, ...) { (this) = malloc(sizeof(*this)); \ + *(this) = (typeof(*this)){ __VA_ARGS__ }; } + +/** + * Method declaration/definition macro, providing private and public interface. + * + * Defines a method name with this as first parameter and a return value ret, + * and an alias for this method with a _ prefix, having the this argument + * safely casted to the public interface iface. + * _name is provided a function pointer, but will get optimized out by GCC. + */ +#define METHOD(iface, name, ret, this, ...) \ + static ret name(union {iface *_public; this;} \ + __attribute__((transparent_union)), ##__VA_ARGS__); \ + const static typeof(name) *_##name = (const typeof(name)*)name; \ + static ret name(this, ##__VA_ARGS__) + +/** + * Same as METHOD(), but is defined for two public interfaces. + */ +#define METHOD2(iface1, iface2, name, ret, this, ...) \ + static ret name(union {iface1 *_public1; iface2 *_public2; this;} \ + __attribute__((transparent_union)), ##__VA_ARGS__); \ + const static typeof(name) *_##name = (const typeof(name)*)name; \ + static ret name(this, ##__VA_ARGS__) + /** * Macro to allocate a sized type. */ @@ -123,6 +162,11 @@ */ #define UNDEFINED_TIME 0 +/** + * Maximum time since epoch causing wrap-around on Jan 19 03:14:07 UTC 2038 + */ +#define TIME_32_BIT_SIGNED_MAX 0x7fffffff + /** * General purpose boolean type. */ @@ -167,57 +211,57 @@ enum status_t { * Call succeeded. */ SUCCESS, - + /** * Call failed. */ FAILED, - + /** * Out of resources. */ OUT_OF_RES, - + /** * The suggested operation is already done */ ALREADY_DONE, - + /** * Not supported. */ NOT_SUPPORTED, - + /** * One of the arguments is invalid. */ INVALID_ARG, - + /** * Something could not be found. */ NOT_FOUND, - + /** * Error while parsing. */ PARSE_ERROR, - + /** * Error while verifying. */ VERIFY_ERROR, - + /** * Object in invalid state. */ INVALID_STATE, - + /** * Destroy object which called method belongs to. */ DESTROY_ME, - + /** * Another call to the method is required. */ @@ -267,14 +311,26 @@ void memxor(u_int8_t dest[], u_int8_t src[], size_t n); void *memstr(const void *haystack, const char *needle, size_t n); /** - * Creates a directory and all required parent directories. + * Creates a directory and all required parent directories. * - * @param path path to the new directory - * @param mode permissions of the new directory/directories + * @param path path to the new directory + * @param mode permissions of the new directory/directories * @return TRUE on success */ bool mkdir_p(const char *path, mode_t mode); +/** + * Get a timestamp from a monotonic time source. + * + * While the time()/gettimeofday() functions are affected by leap seconds + * and system time changes, this function returns ever increasing monotonic + * time stamps. + * + * @param tv timeval struct receiving monotonic timestamps, or NULL + * @return monotonic timestamp in seconds + */ +time_t time_monotonic(timeval_t *tv); + /** * returns null */ @@ -295,6 +351,64 @@ bool return_true(); */ bool return_false(); +/** + * Write a 16-bit host order value in network order to an unaligned address. + * + * @param host host order 16-bit value + * @param network unaligned address to write network order value to + */ +static inline void htoun16(void *network, u_int16_t host) +{ + char *unaligned = (char*)network; + + host = htons(host); + memcpy(unaligned, &host, sizeof(host)); +} + +/** + * Write a 32-bit host order value in network order to an unaligned address. + * + * @param host host order 32-bit value + * @param network unaligned address to write network order value to + */ +static inline void htoun32(void *network, u_int32_t host) +{ + char *unaligned = (char*)network; + + host = htonl(host); + memcpy((char*)unaligned, &host, sizeof(host)); +} + +/** + * Read a 16-bit value in network order from an unaligned address to host order. + * + * @param network unaligned address to read network order value from + * @return host order value + */ +static inline u_int16_t untoh16(void *network) +{ + char *unaligned = (char*)network; + u_int16_t tmp; + + memcpy(&tmp, unaligned, sizeof(tmp)); + return ntohs(tmp); +} + +/** + * Read a 32-bit value in network order from an unaligned address to host order. + * + * @param network unaligned address to read network order value from + * @return host order value + */ +static inline u_int32_t untoh32(void *network) +{ + char *unaligned = (char*)network; + u_int32_t tmp; + + memcpy(&tmp, unaligned, sizeof(tmp)); + return ntohl(tmp); +} + /** * Special type to count references */ @@ -320,7 +434,7 @@ void ref_get(refcount_t *ref); /** * Put back a unused reference. * - * Decrements the reference counter atomic and + * Decrements the reference counter atomic and * says if more references available. * * @param ref pointer to ref counter @@ -333,8 +447,8 @@ bool ref_put(refcount_t *ref); /** * printf hook for time_t. * - * Arguments are: - * time_t* time, bool utc + * Arguments are: + * time_t* time, bool utc */ int time_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); @@ -342,8 +456,8 @@ int time_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, /** * printf hook for time_t deltas. * - * Arguments are: - * time_t* begin, time_t* end + * Arguments are: + * time_t* begin, time_t* end */ int time_delta_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); @@ -351,8 +465,8 @@ int time_delta_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, /** * printf hook for memory areas. * - * Arguments are: - * u_char *ptr, int len + * Arguments are: + * u_char *ptr, int len */ int mem_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index f110521af..5bba8ec21 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -33,17 +33,17 @@ typedef struct private_backtrace_t private_backtrace_t; * Private data of an backtrace_t object. */ struct private_backtrace_t { - + /** * Public backtrace_t interface. */ backtrace_t public; - + /** * Number of stacks frames obtained in stack_frames */ int frame_count; - + /** * Recorded stack frames. */ @@ -58,7 +58,7 @@ static void log_(private_backtrace_t *this, FILE *file) #ifdef HAVE_BACKTRACE size_t i; char **strings; - + strings = backtrace_symbols(this->frames, this->frame_count); fprintf(file, " dumping %d stack frame addresses:\n", this->frame_count); @@ -66,14 +66,14 @@ static void log_(private_backtrace_t *this, FILE *file) { #ifdef HAVE_DLADDR Dl_info info; - + if (dladdr(this->frames[i], &info)) { char cmd[1024]; FILE *output; - char c; + int c; void *ptr = this->frames[i]; - + if (strstr(info.dli_fname, ".so")) { ptr = (void*)(this->frames[i] - info.dli_fbase); @@ -136,7 +136,7 @@ static bool contains_function(private_backtrace_t *this, char *function) for (i = 0; i< this->frame_count; i++) { Dl_info info; - + if (dladdr(this->frames[i], &info) && info.dli_sname) { if (streq(info.dli_sname, function)) @@ -165,7 +165,7 @@ backtrace_t *backtrace_create(int skip) private_backtrace_t *this; void *frames[50]; int frame_count = 0; - + #ifdef HAVE_BACKTRACE frame_count = backtrace(frames, countof(frames)); #endif /* HAVE_BACKTRACE */ @@ -173,11 +173,11 @@ backtrace_t *backtrace_create(int skip) this = malloc(sizeof(private_backtrace_t) + frame_count * sizeof(void*)); memcpy(this->frames, frames + skip, frame_count * sizeof(void*)); this->frame_count = frame_count; - + this->public.log = (void(*)(backtrace_t*,FILE*))log_; this->public.contains_function = (bool(*)(backtrace_t*, char *function))contains_function; this->public.destroy = (void(*)(backtrace_t*))destroy; - + return &this->public; } diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h index 061d9f356..c4d4284d1 100644 --- a/src/libstrongswan/utils/backtrace.h +++ b/src/libstrongswan/utils/backtrace.h @@ -31,12 +31,12 @@ typedef struct backtrace_t backtrace_t; * A backtrace registers the frames on the stack during creation. */ struct backtrace_t { - + /** * Log the backtrace to a FILE stream. */ void (*log)(backtrace_t *this, FILE *file); - + /** * Check if the backtrace contains a frame in a specific function. * @@ -44,7 +44,7 @@ struct backtrace_t { * @return TRUE if function is in the stack */ bool (*contains_function)(backtrace_t *this, char *function); - + /** * Destroy a backtrace instance. */ diff --git a/src/libstrongswan/utils/enumerator.c b/src/libstrongswan/utils/enumerator.c index 08522b8d5..7efdd883e 100644 --- a/src/libstrongswan/utils/enumerator.c +++ b/src/libstrongswan/utils/enumerator.c @@ -77,7 +77,7 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative, { struct dirent *entry = readdir(this->dir); size_t len, remaining; - + if (!entry) { return FALSE; @@ -91,7 +91,7 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative, *relative = entry->d_name; } if (absolute || st) - { + { remaining = sizeof(this->full) - (this->full_end - this->full); len = snprintf(this->full_end, remaining, "%s", entry->d_name); if (len < 0 || len >= remaining) @@ -124,7 +124,7 @@ enumerator_t* enumerator_create_directory(char *path) dir_enum_t *this = malloc_thing(dir_enum_t); this->public.enumerate = (void*)enumerate_dir_enum; this->public.destroy = (void*)destroy_dir_enum; - + if (*path == '\0') { path = "./"; @@ -132,7 +132,7 @@ enumerator_t* enumerator_create_directory(char *path) len = snprintf(this->full, sizeof(this->full)-1, "%s", path); if (len < 0 || len >= sizeof(this->full)-1) { - DBG1("path string %s too long", path); + DBG1("path string '%s' too long", path); free(this); return NULL; } @@ -143,11 +143,11 @@ enumerator_t* enumerator_create_directory(char *path) this->full[len] = '\0'; } this->full_end = &this->full[len]; - + this->dir = opendir(path); if (this->dir == NULL) { - DBG1("opening directory %s failed: %s", path, strerror(errno)); + DBG1("opening directory '%s' failed: %s", path, strerror(errno)); free(this); return NULL; } @@ -186,7 +186,7 @@ static bool enumerate_token_enum(token_enum_t *this, char **token) { char *pos = NULL, *tmp, *sep, *trim; bool last = FALSE; - + /* trim leading characters/separators */ while (*this->pos) { @@ -215,7 +215,7 @@ static bool enumerate_token_enum(token_enum_t *this, char **token) break; } } - + switch (*this->pos) { case '"': @@ -259,7 +259,7 @@ static bool enumerate_token_enum(token_enum_t *this, char **token) break; } } - + /* trim trailing characters/separators */ pos--; while (pos >= *token) @@ -289,7 +289,7 @@ static bool enumerate_token_enum(token_enum_t *this, char **token) break; } } - + if (!last || pos >= *token) { return TRUE; @@ -303,14 +303,14 @@ static bool enumerate_token_enum(token_enum_t *this, char **token) enumerator_t* enumerator_create_token(char *string, char *sep, char *trim) { token_enum_t *enumerator = malloc_thing(token_enum_t); - + enumerator->public.enumerate = (void*)enumerate_token_enum; enumerator->public.destroy = (void*)destroy_token_enum; enumerator->string = strdup(string); enumerator->pos = enumerator->string; enumerator->sep = sep; enumerator->trim = trim; - + return &enumerator->public; } @@ -342,9 +342,9 @@ static bool enumerate_nested(nested_enumerator_t *this, void *v1, void *v2, while (TRUE) { while (this->inner == NULL) - { + { void *outer; - + if (!this->outer->enumerate(this->outer, &outer)) { return FALSE; @@ -382,7 +382,7 @@ enumerator_t *enumerator_create_nested(enumerator_t *outer, void *data, void (*destroy_data)(void *data)) { nested_enumerator_t *enumerator = malloc_thing(nested_enumerator_t); - + enumerator->public.enumerate = (void*)enumerate_nested; enumerator->public.destroy = (void*)destroy_nested; enumerator->outer = outer; @@ -390,7 +390,7 @@ enumerator_t *enumerator_create_nested(enumerator_t *outer, enumerator->create_inner = (void*)inner_constructor; enumerator->data = data; enumerator->destroy_data = destroy_data; - + return &enumerator->public; } @@ -444,14 +444,14 @@ enumerator_t *enumerator_create_filter(enumerator_t *unfiltered, void *data, void (*destructor)(void *data)) { filter_enumerator_t *this = malloc_thing(filter_enumerator_t); - + this->public.enumerate = (void*)enumerate_filter; this->public.destroy = (void*)destroy_filter; this->unfiltered = unfiltered; this->filter = filter; this->data = data; this->destructor = destructor; - + return &this->public; } @@ -491,13 +491,13 @@ enumerator_t *enumerator_create_cleaner(enumerator_t *wrapped, void (*cleanup)(void *data), void *data) { cleaner_enumerator_t *this = malloc_thing(cleaner_enumerator_t); - + this->public.enumerate = (void*)enumerate_cleaner; this->public.destroy = (void*)destroy_cleaner; this->wrapped = wrapped; this->cleanup = cleanup; this->data = data; - + return &this->public; } @@ -543,13 +543,13 @@ static bool enumerate_single(single_enumerator_t *this, void **item) enumerator_t *enumerator_create_single(void *item, void (*cleanup)(void *item)) { single_enumerator_t *this = malloc_thing(single_enumerator_t); - + this->public.enumerate = (void*)enumerate_single; this->public.destroy = (void*)destroy_single; this->item = item; this->cleanup = cleanup; this->done = FALSE; - + return &this->public; } diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h index 4367d0836..3056498b1 100644 --- a/src/libstrongswan/utils/enumerator.h +++ b/src/libstrongswan/utils/enumerator.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup enumerator enumerator * @{ @ingroup utils @@ -33,18 +33,18 @@ struct enumerator_t { /** * Enumerate collection. * - * The enumerate function takes a variable argument list containing + * The enumerate function takes a variable argument list containing * pointers where the enumerated values get written. * * @param ... variable list of enumerated items, implementation dependant * @return TRUE if pointers returned */ bool (*enumerate)(enumerator_t *this, ...); - + /** - * Destroy a enumerator instance. - */ - void (*destroy)(enumerator_t *this); + * Destroy a enumerator instance. + */ + void (*destroy)(enumerator_t *this); }; /** @@ -75,7 +75,7 @@ enumerator_t *enumerator_create_single(void *item, void (*cleanup)(void *item)); char *rel, *abs; struct stat st; enumerator_t *e; - + e = enumerator_create_directory("/tmp"); if (e) { @@ -110,7 +110,7 @@ enumerator_t* enumerator_create_token(char *string, char *sep, char *trim); /** * Creates an enumerator which enumerates over enumerated enumerators :-). - * + * * The variable argument list of enumeration values is limit to 5. * * @param outer outer enumerator diff --git a/src/libstrongswan/utils/hashtable.c b/src/libstrongswan/utils/hashtable.c index 6d33d023b..02c225833 100644 --- a/src/libstrongswan/utils/hashtable.c +++ b/src/libstrongswan/utils/hashtable.c @@ -30,12 +30,12 @@ struct pair_t { * Key of a hash table item. */ void *key; - + /** * Value of a hash table item. */ void *value; - + /** * Cached hash (used in case of a resize). */ @@ -48,11 +48,11 @@ struct pair_t { pair_t *pair_create(void *key, void *value, u_int hash) { pair_t *this = malloc_thing(pair_t); - + this->key = key; this->value = value; this->hash = hash; - + return this; } @@ -67,37 +67,37 @@ struct private_hashtable_t { * Public part of hash table. */ hashtable_t public; - + /** - * The number of items in the hash table. + * The number of items in the hash table. */ u_int count; - + /** * The current capacity of the hash table (always a power of 2). */ u_int capacity; - + /** - * The current mask to calculate the row index (capacity - 1). + * The current mask to calculate the row index (capacity - 1). */ u_int mask; - + /** * The load factor. */ float load_factor; - + /** * The actual table. */ linked_list_t **table; - + /** * The hashing function. */ hashtable_hash_t hash; - + /** * The equality function. */ @@ -115,17 +115,17 @@ struct private_enumerator_t { * implements enumerator interface */ enumerator_t enumerator; - + /** * associated hash table */ private_hashtable_t *table; - + /** * current row index */ u_int row; - + /** * enumerator for the current row */ @@ -149,6 +149,7 @@ static inline bool pair_equals(pair_t *pair, private_hashtable_t *this, void *ke static u_int get_nearest_powerof2(u_int n) { u_int i; + --n; for (i = 1; i < sizeof(u_int) * 8; i <<= 1) { @@ -166,7 +167,7 @@ static void init_hashtable(private_hashtable_t *this, u_int capacity) this->capacity = get_nearest_powerof2(capacity); this->mask = this->capacity - 1; this->load_factor = 0.75; - + this->table = calloc(this->capacity, sizeof(linked_list_t*)); } @@ -175,30 +176,37 @@ static void init_hashtable(private_hashtable_t *this, u_int capacity) */ static void rehash(private_hashtable_t *this) { - u_int row; - u_int old_capacity = this->capacity; - linked_list_t **old_table = this->table; - - if (old_capacity >= MAX_CAPACITY) + linked_list_t **old_table; + u_int row, old_capacity; + + if (this->capacity < MAX_CAPACITY) { return; } - + + old_capacity = this->capacity; + old_table = this->table; + init_hashtable(this, old_capacity << 1); - - for (row = 0; row < old_capacity; ++row) + + for (row = 0; row < old_capacity; row++) { - linked_list_t *list; - if ((list = old_table[row]) != NULL) + enumerator_t *enumerator; + linked_list_t *list, *new_list; + pair_t *pair; + u_int new_row; + + list = old_table[row]; + if (list) { - pair_t *pair; - enumerator_t *enumerator = list->create_enumerator(list); + enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &pair)) { - linked_list_t *new_list; - u_int new_row = pair->hash & this->mask; + new_row = pair->hash & this->mask; + list->remove_at(list, enumerator); - if ((new_list = this->table[new_row]) == NULL) + new_list = this->table[new_row]; + if (!new_list) { new_list = this->table[new_row] = linked_list_create(); } @@ -216,15 +224,20 @@ static void rehash(private_hashtable_t *this) */ static void *put(private_hashtable_t *this, void *key, void *value) { - linked_list_t *list; void *old_value = NULL; - u_int hash = this->hash(key); - u_int row = hash & this->mask; - - if ((list = this->table[row]) != NULL) + linked_list_t *list; + u_int hash; + u_int row; + + hash = this->hash(key); + row = hash & this->mask; + list = this->table[row]; + if (list) { + enumerator_t *enumerator; pair_t *pair; - enumerator_t *enumerator = list->create_enumerator(list); + + enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &pair)) { if (pair_equals(pair, this, key)) @@ -240,43 +253,39 @@ static void *put(private_hashtable_t *this, void *key, void *value) { list = this->table[row] = linked_list_create(); } - if (!old_value) { list->insert_last(list, pair_create(key, value, hash)); this->count++; } - if (this->count >= this->capacity * this->load_factor) { rehash(this); } - return old_value; } - + /** - * Implementation of hashtable_t.get + * Implementation of hashtable_t.get */ static void *get(private_hashtable_t *this, void *key) { void *value = NULL; linked_list_t *list; - u_int row = this->hash(key) & this->mask; - - if ((list = this->table[row]) != NULL) + pair_t *pair; + + list = this->table[this->hash(key) & this->mask]; + if (list) { - pair_t *pair; if (list->find_first(list, (linked_list_match_t)pair_equals, - (void**)&pair, this, key) == SUCCESS) + (void**)&pair, this, key) == SUCCESS) { value = pair->value; } } - return value; } - + /** * Implementation of hashtable_t.remove */ @@ -284,12 +293,14 @@ static void *remove_(private_hashtable_t *this, void *key) { void *value = NULL; linked_list_t *list; - u_int row = this->hash(key) & this->mask; - - if ((list = this->table[row]) != NULL) + + list = this->table[this->hash(key) & this->mask]; + if (list) { + enumerator_t *enumerator; pair_t *pair; - enumerator_t *enumerator = list->create_enumerator(list); + + enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &pair)) { if (pair_equals(pair, this, key)) @@ -303,10 +314,9 @@ static void *remove_(private_hashtable_t *this, void *key) } enumerator->destroy(enumerator); } - return value; } - + /** * Implementation of hashtable_t.get_count */ @@ -325,7 +335,7 @@ static bool enumerate(private_enumerator_t *this, void **key, void **value) if (this->current) { pair_t *pair; - + if (this->current->enumerate(this->current, &pair)) { if (key) @@ -344,8 +354,9 @@ static bool enumerate(private_enumerator_t *this, void **key, void **value) else { linked_list_t *list; - - if ((list = this->table->table[this->row]) != NULL) + + list = this->table->table[this->row]; + if (list) { this->current = list->create_enumerator(list); continue; @@ -374,26 +385,28 @@ static void enumerator_destroy(private_enumerator_t *this) static enumerator_t* create_enumerator(private_hashtable_t *this) { private_enumerator_t *enumerator = malloc_thing(private_enumerator_t); - + enumerator->enumerator.enumerate = (void*)enumerate; enumerator->enumerator.destroy = (void*)enumerator_destroy; enumerator->table = this; enumerator->row = 0; enumerator->current = NULL; - + return &enumerator->enumerator; } - + /** * Implementation of hashtable_t.destroy */ static void destroy(private_hashtable_t *this) { + linked_list_t *list; u_int row; - for (row = 0; row < this->capacity; ++row) + + for (row = 0; row < this->capacity; row++) { - linked_list_t *list; - if ((list = this->table[row]) != NULL) + list = this->table[row]; + if (list) { list->destroy_function(list, free); } @@ -411,12 +424,12 @@ hashtable_t *hashtable_create(hashtable_hash_t hash, hashtable_equals_t equals, private_hashtable_t *this = malloc_thing(private_hashtable_t); this->public.put = (void*(*)(hashtable_t*,void*,void*))put; - this->public.get = (void*(*)(hashtable_t*,void*))get; + this->public.get = (void*(*)(hashtable_t*,void*))get; this->public.remove = (void*(*)(hashtable_t*,void*))remove_; this->public.get_count = (u_int(*)(hashtable_t*))get_count; this->public.create_enumerator = (enumerator_t*(*)(hashtable_t*))create_enumerator; this->public.destroy = (void(*)(hashtable_t*))destroy; - + this->count = 0; this->capacity = 0; this->mask = 0; @@ -424,8 +437,9 @@ hashtable_t *hashtable_create(hashtable_hash_t hash, hashtable_equals_t equals, this->table = NULL; this->hash = hash; this->equals = equals; - + init_hashtable(this, capacity); - + return &this->public; } + diff --git a/src/libstrongswan/utils/hashtable.h b/src/libstrongswan/utils/hashtable.h index cbe51f557..142ea6329 100644 --- a/src/libstrongswan/utils/hashtable.h +++ b/src/libstrongswan/utils/hashtable.h @@ -48,61 +48,61 @@ typedef bool (*hashtable_equals_t)(void *key, void *other_key); * General purpose hash table. This hash table is not synchronized. */ struct hashtable_t { - + /** * Create an enumerator over the hash table key/value pairs. - * + * * @return enumerator over (void *key, void *value) */ enumerator_t *(*create_enumerator) (hashtable_t *this); - + /** * Adds the given value with the given key to the hash table, if there * exists no entry with that key. NULL is returned in this case. * Otherwise the existing value is replaced and the function returns the * old value. - * + * * @param key the key to store * @param value the value to store * @return NULL if no item was replaced, the old value otherwise */ void *(*put) (hashtable_t *this, void *key, void *value); - + /** * Returns the value with the given key, if the hash table contains such an * entry, otherwise NULL is returned. - * + * * @param key the key of the requested value - * @return the value, NULL if not found + * @return the value, NULL if not found */ void *(*get) (hashtable_t *this, void *key); - + /** * Removes the value with the given key from the hash table and returns the * removed value (or NULL if no such value existed). - * + * * @param key the key of the value to remove * @return the removed value, NULL if not found */ void *(*remove) (hashtable_t *this, void *key); - + /** * Gets the number of items in the hash table. - * + * * @return number of items */ u_int (*get_count) (hashtable_t *this); - + /** * Destroys a hash table object. */ void (*destroy) (hashtable_t *this); - + }; /** * Creates an empty hash table object. - * + * * @param hash hash function * @param equals equals function * @param capacity initial capacity diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c index 661bec315..a610b3a4d 100644 --- a/src/libstrongswan/utils/host.c +++ b/src/libstrongswan/utils/host.c @@ -38,7 +38,7 @@ struct private_host_t { * Public data */ host_t public; - + /** * low-lewel structure, wich stores the address */ @@ -111,7 +111,7 @@ int host_printf_hook(char *dst, size_t dstlen, printf_hook_spec_t *spec, { private_host_t *this = *((private_host_t**)(args[0])); char buffer[INET6_ADDRSTRLEN + 16]; - + if (this == NULL) { snprintf(buffer, sizeof(buffer), "(null)"); @@ -126,10 +126,10 @@ int host_printf_hook(char *dst, size_t dstlen, printf_hook_spec_t *spec, void *address; u_int16_t port; int len; - + address = &this->address6.sin6_addr; port = this->address6.sin6_port; - + switch (this->address.sa_family) { case AF_INET: @@ -137,7 +137,7 @@ int host_printf_hook(char *dst, size_t dstlen, printf_hook_spec_t *spec, port = this->address4.sin_port; /* fall */ case AF_INET6: - + if (inet_ntop(this->address.sa_family, address, buffer, sizeof(buffer)) == NULL) { @@ -169,7 +169,7 @@ int host_printf_hook(char *dst, size_t dstlen, printf_hook_spec_t *spec, static chunk_t get_address(private_host_t *this) { chunk_t address = chunk_empty; - + switch (this->address.sa_family) { case AF_INET: @@ -252,7 +252,7 @@ static void set_port(private_host_t *this, u_int16_t port) static private_host_t *clone_(private_host_t *this) { private_host_t *new = malloc_thing(private_host_t); - + memcpy(new, this, sizeof(private_host_t)); return new; } @@ -267,7 +267,7 @@ static bool ip_equals(private_host_t *this, private_host_t *other) /* 0.0.0.0 and 0::0 are equal */ return (is_anyaddr(this) && is_anyaddr(other)); } - + switch (this->address.sa_family) { case AF_INET: @@ -292,7 +292,7 @@ static bool ip_equals(private_host_t *this, private_host_t *other) static host_diff_t get_differences(host_t *this, host_t *other) { host_diff_t ret = HOST_DIFF_NONE; - + if (!this->ip_equals(this, other)) { ret |= HOST_DIFF_ADDR; @@ -302,7 +302,7 @@ static host_diff_t get_differences(host_t *this, host_t *other) { ret |= HOST_DIFF_PORT; } - + return ret; } @@ -315,7 +315,7 @@ static bool equals(private_host_t *this, private_host_t *other) { return FALSE; } - + switch (this->address.sa_family) { case AF_INET: @@ -346,7 +346,7 @@ static void destroy(private_host_t *this) static private_host_t *host_create_empty(void) { private_host_t *this = malloc_thing(private_host_t); - + this->public.get_sockaddr = (sockaddr_t* (*) (host_t*))get_sockaddr; this->public.get_sockaddr_len = (socklen_t*(*) (host_t*))get_sockaddr_len; this->public.clone = (host_t* (*) (host_t*))clone_; @@ -359,7 +359,7 @@ static private_host_t *host_create_empty(void) this->public.equals = (bool (*) (host_t *,host_t *)) equals; this->public.is_anyaddr = (bool (*) (host_t *)) is_anyaddr; this->public.destroy = (void (*) (host_t*))destroy; - + return this; } @@ -369,7 +369,7 @@ static private_host_t *host_create_empty(void) static host_t *host_create_any_port(int family, u_int16_t port) { host_t *this; - + this = host_create_any(family); this->set_port(this, port); return this; @@ -381,7 +381,7 @@ static host_t *host_create_any_port(int family, u_int16_t port) host_t *host_create_from_string(char *string, u_int16_t port) { private_host_t *this; - + if (streq(string, "%any")) { return host_create_any_port(AF_INET, port); @@ -390,7 +390,7 @@ host_t *host_create_from_string(char *string, u_int16_t port) { return host_create_any_port(AF_INET6, port); } - + this = host_create_empty(); if (strchr(string, '.')) { @@ -437,7 +437,7 @@ host_t *host_create_from_string(char *string, u_int16_t port) host_t *host_create_from_sockaddr(sockaddr_t *sockaddr) { private_host_t *this = host_create_empty(); - + switch (sockaddr->sa_family) { case AF_INET: @@ -467,7 +467,7 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) private_host_t *this; struct addrinfo hints, *result; int error; - + if (streq(string, "%any")) { return host_create_any_port(af ? af : AF_INET, port); @@ -476,7 +476,7 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) { return host_create_any_port(af ? af : AF_INET6, port); } - + memset(&hints, 0, sizeof(hints)); hints.ai_family = af; error = getaddrinfo(string, NULL, &hints, &result); @@ -510,7 +510,7 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port) { private_host_t *this; - + switch (family) { case AF_INET: @@ -567,10 +567,10 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port) host_t *host_create_any(int family) { private_host_t *this = host_create_empty(); - + memset(&this->address_max, 0, sizeof(struct sockaddr_storage)); this->address.sa_family = family; - + switch (family) { case AF_INET: diff --git a/src/libstrongswan/utils/host.h b/src/libstrongswan/utils/host.h index 0a2541d96..f5796154c 100644 --- a/src/libstrongswan/utils/host.h +++ b/src/libstrongswan/utils/host.h @@ -34,7 +34,7 @@ typedef struct host_t host_t; #include #include -#include +#include /** * Differences between two hosts. They differ in @@ -48,103 +48,103 @@ enum host_diff_t { /** * Representates a Host - * - * Host object, identifies a address:port pair and defines some + * + * Host object, identifies a address:port pair and defines some * useful functions on it. */ struct host_t { - - /** + + /** * Build a clone of this host object. - * + * * @return cloned host */ host_t *(*clone) (host_t *this); - - /** + + /** * Get a pointer to the internal sockaddr struct. - * + * * This is used for sending and receiving via sockets. - * + * * @return pointer to the internal sockaddr structure */ sockaddr_t *(*get_sockaddr) (host_t *this); - - /** + + /** * Get the length of the sockaddr struct. - * + * * Depending on the family, the length of the sockaddr struct * is different. Use this function to get the length of the sockaddr * struct returned by get_sock_addr. - * + * * This is used for sending and receiving via sockets. - * + * * @return length of the sockaddr struct */ socklen_t *(*get_sockaddr_len) (host_t *this); - + /** * Gets the family of the address - * + * * @return family */ int (*get_family) (host_t *this); - - /** + + /** * Checks if the ip address of host is set to default route. - * + * * @return TRUE if host is 0.0.0.0 or 0::0, FALSE otherwise */ bool (*is_anyaddr) (host_t *this); - - /** + + /** * Get the address of this host as chunk_t - * + * * Returned chunk points to internal data. - * - * @return address string, + * + * @return address string, */ chunk_t (*get_address) (host_t *this); - - /** + + /** * Get the port of this host - * + * * @return port number */ u_int16_t (*get_port) (host_t *this); - /** + /** * Set the port of this host * * @param port port numer */ void (*set_port) (host_t *this, u_int16_t port); - - /** + + /** * Compare the ips of two hosts hosts. - * + * * @param other the other to compare * @return TRUE if addresses are equal. */ bool (*ip_equals) (host_t *this, host_t *other); - - /** + + /** * Compare two hosts, with port. - * + * * @param other the other to compare * @return TRUE if addresses and ports are equal. */ bool (*equals) (host_t *this, host_t *other); - /** + /** * Compare two hosts and return the differences. * * @param other the other to compare * @return differences in a combination of host_diff_t's */ host_diff_t (*get_differences) (host_t *this, host_t *other); - - /** + + /** * Destroy this host object. */ void (*destroy) (host_t *this); @@ -200,8 +200,8 @@ host_t *host_create_any(int family); /** * printf hook function for host_t. * - * Arguments are: - * host_t *host + * Arguments are: + * host_t *host * Use #-modifier to include port number */ int host_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 10daf4679..b0da340bc 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -26,6 +26,7 @@ #include #include +#include ENUM_BEGIN(id_match_names, ID_MATCH_NONE, ID_MATCH_MAX_WILDCARDS, "MATCH_NONE", @@ -48,15 +49,14 @@ ENUM_BEGIN(id_type_names, ID_ANY, ID_KEY_ID, "ID_DER_ASN1_DN", "ID_DER_ASN1_GN", "ID_KEY_ID"); -ENUM_NEXT(id_type_names, ID_DER_ASN1_GN_URI, ID_CERT_DER_SHA1, ID_KEY_ID, - "ID_DER_ASN1_GN_URI", - "ID_PUBKEY_INFO_SHA1", - "ID_PUBKEY_SHA1", - "ID_CERT_DER_SHA1"); -ENUM_END(id_type_names, ID_CERT_DER_SHA1); +ENUM_NEXT(id_type_names, ID_DER_ASN1_GN_URI, ID_MYID, ID_KEY_ID, + "ID_DER_ASN1_GN_URI" + "ID_IETF_ATTR_STRING" + "ID_MYID"); +ENUM_END(id_type_names, ID_MYID); /** - * coding of X.501 distinguished name + * coding of X.501 distinguished name */ typedef struct { const u_char *name; @@ -109,12 +109,12 @@ struct private_identification_t { * Public interface. */ identification_t public; - + /** * Encoded representation of this ID. */ chunk_t encoded; - + /** * Type of this ID. */ @@ -133,14 +133,11 @@ typedef struct { chunk_t seqs; } rdn_enumerator_t; -/** - * Implementation of rdn_enumerator_t.enumerate - */ -static bool rdn_enumerate(rdn_enumerator_t *this, chunk_t *oid, - u_char *type, chunk_t *data) +METHOD(enumerator_t, rdn_enumerate, bool, + rdn_enumerator_t *this, chunk_t *oid, u_char *type, chunk_t *data) { chunk_t rdn; - + /* a DN contains one or more SET, each containing one or more SEQUENCES, * each containing a OID/value RDN */ if (!this->seqs.len) @@ -155,7 +152,7 @@ static bool rdn_enumerate(rdn_enumerator_t *this, chunk_t *oid, asn1_unwrap(&rdn, oid) == ASN1_OID) { int t = asn1_unwrap(&rdn, data); - + if (t != ASN1_INVALID) { *type = t; @@ -170,11 +167,15 @@ static bool rdn_enumerate(rdn_enumerator_t *this, chunk_t *oid, */ static enumerator_t* create_rdn_enumerator(chunk_t dn) { - rdn_enumerator_t *e = malloc_thing(rdn_enumerator_t); - - e->public.enumerate = (void*)rdn_enumerate; - e->public.destroy = (void*)free; - + rdn_enumerator_t *e; + + INIT(e, + .public = { + .enumerate = (void*)_rdn_enumerate, + .destroy = (void*)free, + }, + ); + /* a DN is a SEQUENCE, get the first SET of it */ if (asn1_unwrap(&dn, &e->sets) == ASN1_SEQUENCE) { @@ -195,11 +196,8 @@ typedef struct { enumerator_t *inner; } rdn_part_enumerator_t; -/** - * Implementation of rdn_part_enumerator_t.enumerate(). - */ -static bool rdn_part_enumerate(rdn_part_enumerator_t *this, - id_part_t *type, chunk_t *data) +METHOD(enumerator_t, rdn_part_enumerate, bool, + rdn_part_enumerator_t *this, id_part_t *type, chunk_t *data) { int i, known_oid, strtype; chunk_t oid, inner_data; @@ -224,7 +222,7 @@ static bool rdn_part_enumerate(rdn_part_enumerator_t *this, {OID_EMAIL_ADDRESS, ID_PART_RDN_E}, {OID_EMPLOYEE_NUMBER, ID_PART_RDN_EN}, }; - + while (this->inner->enumerate(this->inner, &oid, &strtype, &inner_data)) { known_oid = asn1_known_oid(oid); @@ -241,30 +239,29 @@ static bool rdn_part_enumerate(rdn_part_enumerator_t *this, return FALSE; } -/** - * Implementation of rdn_part_enumerator_t.destroy(). - */ -static void rdn_part_enumerator_destroy(rdn_part_enumerator_t *this) +METHOD(enumerator_t, rdn_part_enumerator_destroy, void, + rdn_part_enumerator_t *this) { this->inner->destroy(this->inner); free(this); } -/** - * Implementation of identification_t.create_part_enumerator - */ -static enumerator_t* create_part_enumerator(private_identification_t *this) +METHOD(identification_t, create_part_enumerator, enumerator_t*, + private_identification_t *this) { switch (this->type) { case ID_DER_ASN1_DN: { - rdn_part_enumerator_t *e = malloc_thing(rdn_part_enumerator_t); - - e->inner = create_rdn_enumerator(this->encoded); - e->public.enumerate = (void*)rdn_part_enumerate; - e->public.destroy = (void*)rdn_part_enumerator_destroy; - + rdn_part_enumerator_t *e; + + INIT(e, + .inner = create_rdn_enumerator(this->encoded), + .public = { + .enumerate = (void*)_rdn_part_enumerate, + .destroy = _rdn_part_enumerator_destroy, + }, + ); return &e->public; } case ID_RFC822_ADDR: @@ -282,16 +279,16 @@ static enumerator_t* create_part_enumerator(private_identification_t *this) static void dntoa(chunk_t dn, char *buf, size_t len) { enumerator_t *e; - chunk_t oid_data, data; + chunk_t oid_data, data, printable; u_char type; int oid, written; bool finished = FALSE; - + e = create_rdn_enumerator(dn); while (e->enumerate(e, &oid_data, &type, &data)) { oid = asn1_known_oid(oid_data); - + if (oid == OID_UNKNOWN) { written = snprintf(buf, len, "%#B=", &oid_data); @@ -302,18 +299,13 @@ static void dntoa(chunk_t dn, char *buf, size_t len) } buf += written; len -= written; - - if (chunk_printable(data, NULL, '?')) - { - written = snprintf(buf, len, "%.*s", data.len, data.ptr); - } - else - { - written = snprintf(buf, len, "%#B", &data); - } + + chunk_printable(data, &printable, '?'); + written = snprintf(buf, len, "%.*s", printable.len, printable.ptr); + chunk_free(&printable); buf += written; len -= written; - + if (data.ptr + data.len != dn.ptr + dn.len) { written = snprintf(buf, len, ", "); @@ -347,7 +339,7 @@ static status_t atodn(char *src, chunk_t *dn) READ_NAME = 3, UNKNOWN_OID = 4 } state_t; - + chunk_t oid = chunk_empty; chunk_t name = chunk_empty; chunk_t rdns[RDN_MAX]; @@ -358,7 +350,7 @@ static status_t atodn(char *src, chunk_t *dn) asn1_t rdn_type; state_t state = SEARCH_OID; status_t status = SUCCESS; - + do { switch (state) @@ -379,7 +371,7 @@ static status_t atodn(char *src, chunk_t *dn) else { bool found = FALSE; - + for (i = 0; i < countof(x501rdns); i++) { if (strlen(x501rdns[i].name) == oid.len && @@ -424,15 +416,15 @@ static status_t atodn(char *src, chunk_t *dn) rdn_type = (x501rdns[i].type == ASN1_PRINTABLESTRING && !asn1_is_printablestring(name)) ? ASN1_T61STRING : x501rdns[i].type; - + if (rdn_count < RDN_MAX) { chunk_t rdn_oid; - + rdn_oid = asn1_build_known_oid(x501rdns[i].oid); if (rdn_oid.len) { - rdns[rdn_count] = + rdns[rdn_count] = asn1_wrap(ASN1_SET, "m", asn1_wrap(ASN1_SEQUENCE, "mm", rdn_oid, @@ -459,20 +451,20 @@ static status_t atodn(char *src, chunk_t *dn) break; } } while (*src++ != '\0'); - + /* build the distinguished name sequence */ { int i; u_char *pos = asn1_build_object(dn, ASN1_SEQUENCE, dn_len); - + for (i = 0; i < rdn_count; i++) { - memcpy(pos, rdns[i].ptr, rdns[i].len); + memcpy(pos, rdns[i].ptr, rdns[i].len); pos += rdns[i].len; free(rdns[i].ptr); } } - + if (status != SUCCESS) { free(dn->ptr); @@ -481,32 +473,26 @@ static status_t atodn(char *src, chunk_t *dn) return status; } -/** - * Implementation of identification_t.get_encoding. - */ -static chunk_t get_encoding(private_identification_t *this) +METHOD(identification_t, get_encoding, chunk_t, + private_identification_t *this) { return this->encoded; } -/** - * Implementation of identification_t.get_type. - */ -static id_type_t get_type(private_identification_t *this) +METHOD(identification_t, get_type, id_type_t, + private_identification_t *this) { return this->type; } -/** - * Implementation of identification_t.contains_wildcards for ID_DER_ASN1_DN. - */ -static bool contains_wildcards_dn(private_identification_t *this) +METHOD(identification_t, contains_wildcards_dn, bool, + private_identification_t *this) { enumerator_t *enumerator; bool contains = FALSE; id_part_t type; chunk_t data; - + enumerator = create_part_enumerator(this); while (enumerator->enumerate(enumerator, &type, &data)) { @@ -520,27 +506,22 @@ static bool contains_wildcards_dn(private_identification_t *this) return contains; } -/** - * Implementation of identification_t.contains_wildcards using memchr(*). - */ -static bool contains_wildcards_memchr(private_identification_t *this) +METHOD(identification_t, contains_wildcards_memchr, bool, + private_identification_t *this) { return memchr(this->encoded.ptr, '*', this->encoded.len) != NULL; } -/** - * Default implementation of identification_t.equals. - * compares encoded chunk for equality. - */ -static bool equals_binary(private_identification_t *this, private_identification_t *other) +METHOD(identification_t, equals_binary, bool, + private_identification_t *this, identification_t *other) { - if (this->type == other->type) + if (this->type == other->get_type(other)) { if (this->type == ID_ANY) { return TRUE; } - return chunk_equals(this->encoded, other->encoded); + return chunk_equals(this->encoded, other->get_encoding(other)); } return FALSE; } @@ -554,7 +535,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc) chunk_t t_oid, o_oid, t_data, o_data; u_char t_type, o_type; bool t_next, o_next, finished = FALSE; - + if (wc) { *wc = 0; @@ -571,14 +552,14 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc) { return TRUE; } - + t = create_rdn_enumerator(t_dn); o = create_rdn_enumerator(o_dn); while (TRUE) { t_next = t->enumerate(t, &t_oid, &t_type, &t_data); o_next = o->enumerate(o, &o_oid, &o_type, &o_data); - + if (!o_next && !t_next) { break; @@ -605,8 +586,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc) if (t_type == o_type && (t_type == ASN1_PRINTABLESTRING || (t_type == ASN1_IA5STRING && - (asn1_known_oid(t_oid) == OID_PKCS9_EMAIL || - asn1_known_oid(t_oid) == OID_EMAIL_ADDRESS)))) + asn1_known_oid(t_oid) == OID_EMAIL_ADDRESS))) { /* ignore case for printableStrings and email RDNs */ if (strncasecmp(t_data.ptr, o_data.ptr, t_data.len) != 0) { @@ -634,65 +614,55 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc) return finished; } -/** - * Special implementation of identification_t.equals for ID_DER_ASN1_DN. - */ -static bool equals_dn(private_identification_t *this, - private_identification_t *other) +METHOD(identification_t, equals_dn, bool, + private_identification_t *this, identification_t *other) { - return compare_dn(this->encoded, other->encoded, NULL); + return compare_dn(this->encoded, other->get_encoding(other), NULL); } -/** - * Special implementation of identification_t.equals for RFC822 and FQDN. - */ -static bool equals_strcasecmp(private_identification_t *this, - private_identification_t *other) +METHOD(identification_t, equals_strcasecmp, bool, + private_identification_t *this, identification_t *other) { - /* we do some extra sanity checks to check for invalid IDs with a + chunk_t encoded = other->get_encoding(other); + + /* we do some extra sanity checks to check for invalid IDs with a * terminating null in it. */ - if (this->encoded.len == other->encoded.len && + if (this->encoded.len == encoded.len && memchr(this->encoded.ptr, 0, this->encoded.len) == NULL && - memchr(other->encoded.ptr, 0, other->encoded.len) == NULL && - strncasecmp(this->encoded.ptr, other->encoded.ptr, this->encoded.len) == 0) + memchr(encoded.ptr, 0, encoded.len) == NULL && + strncasecmp(this->encoded.ptr, encoded.ptr, this->encoded.len) == 0) { return TRUE; } return FALSE; } -/** - * Default implementation of identification_t.matches. - */ -static id_match_t matches_binary(private_identification_t *this, - private_identification_t *other) +METHOD(identification_t, matches_binary, id_match_t, + private_identification_t *this, identification_t *other) { - if (other->type == ID_ANY) + if (other->get_type(other) == ID_ANY) { return ID_MATCH_ANY; } - if (this->type == other->type && - chunk_equals(this->encoded, other->encoded)) + if (this->type == other->get_type(other) && + chunk_equals(this->encoded, other->get_encoding(other))) { return ID_MATCH_PERFECT; } return ID_MATCH_NONE; } -/** - * Special implementation of identification_t.matches for ID_RFC822_ADDR/ID_FQDN. - * Checks for a wildcard in other-string, and compares it against this-string. - */ -static id_match_t matches_string(private_identification_t *this, - private_identification_t *other) +METHOD(identification_t, matches_string, id_match_t, + private_identification_t *this, identification_t *other) { - u_int len = other->encoded.len; - - if (other->type == ID_ANY) + chunk_t encoded = other->get_encoding(other); + u_int len = encoded.len; + + if (other->get_type(other) == ID_ANY) { return ID_MATCH_ANY; } - if (this->type != other->type) + if (this->type != other->get_type(other)) { return ID_MATCH_NONE; } @@ -707,15 +677,15 @@ static id_match_t matches_string(private_identification_t *this, } /* check for single wildcard at the head of the string */ - if (*other->encoded.ptr == '*') + if (*encoded.ptr == '*') { /* single asterisk matches any string */ if (len-- == 1) { /* not better than ID_ANY */ return ID_MATCH_ANY; } - if (strncasecmp(this->encoded.ptr + this->encoded.len - len, - other->encoded.ptr + 1, len) == 0) + if (strncasecmp(this->encoded.ptr + this->encoded.len - len, + encoded.ptr + 1, len) == 0) { return ID_MATCH_ONE_WILDCARD; } @@ -723,36 +693,29 @@ static id_match_t matches_string(private_identification_t *this, return ID_MATCH_NONE; } -/** - * Special implementation of identification_t.matches for ID_ANY. - * ANY matches only another ANY, but nothing other - */ -static id_match_t matches_any(private_identification_t *this, - private_identification_t *other) +METHOD(identification_t, matches_any, id_match_t, + private_identification_t *this, identification_t *other) { - if (other->type == ID_ANY) + if (other->get_type(other) == ID_ANY) { return ID_MATCH_ANY; } return ID_MATCH_NONE; } -/** - * Special implementation of identification_t.matches for ID_DER_ASN1_DN - */ -static id_match_t matches_dn(private_identification_t *this, - private_identification_t *other) +METHOD(identification_t, matches_dn, id_match_t, + private_identification_t *this, identification_t *other) { int wc; - - if (other->type == ID_ANY) + + if (other->get_type(other) == ID_ANY) { return ID_MATCH_ANY; } - - if (this->type == other->type) + + if (this->type == other->get_type(other)) { - if (compare_dn(this->encoded, other->encoded, &wc)) + if (compare_dn(this->encoded, other->get_encoding(other), &wc)) { wc = min(wc, ID_MATCH_ONE_WILDCARD - ID_MATCH_MAX_WILDCARDS); return ID_MATCH_PERFECT - wc; @@ -770,12 +733,12 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, private_identification_t *this = *((private_identification_t**)(args[0])); chunk_t proper; char buf[512]; - + if (this == NULL) { return print_in_hook(dst, len, "%*s", spec->width, "(null)"); } - + switch (this->type) { case ID_ANY: @@ -810,7 +773,8 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, snprintf(buf, sizeof(buf), "(ASN.1 general Name"); break; case ID_KEY_ID: - if (chunk_printable(this->encoded, NULL, '?')) + if (chunk_printable(this->encoded, NULL, '?') && + this->encoded.len != HASH_SIZE_SHA1) { /* fully printable, use ascii version */ snprintf(buf, sizeof(buf), "%.*s", this->encoded.len, this->encoded.ptr); @@ -820,10 +784,8 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, snprintf(buf, sizeof(buf), "%#B", &this->encoded); } break; - case ID_PUBKEY_INFO_SHA1: - case ID_PUBKEY_SHA1: - case ID_CERT_DER_SHA1: - snprintf(buf, sizeof(buf), "%#B", &this->encoded); + case ID_MYID: + snprintf(buf, sizeof(buf), "%%myid"); break; default: snprintf(buf, sizeof(buf), "(unknown ID type: %d)", this->type); @@ -835,13 +797,12 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, } return print_in_hook(dst, len, "%*s", spec->width, buf); } -/** - * Implementation of identification_t.clone. - */ -static identification_t *clone_(private_identification_t *this) + +METHOD(identification_t, clone, identification_t*, + private_identification_t *this) { private_identification_t *clone = malloc_thing(private_identification_t); - + memcpy(clone, this, sizeof(private_identification_t)); if (this->encoded.len) { @@ -850,10 +811,8 @@ static identification_t *clone_(private_identification_t *this) return &clone->public; } -/** - * Implementation of identification_t.destroy. - */ -static void destroy(private_identification_t *this) +METHOD(identification_t, destroy, void, + private_identification_t *this) { chunk_free(&this->encoded); free(this); @@ -864,42 +823,43 @@ static void destroy(private_identification_t *this) */ static private_identification_t *identification_create(id_type_t type) { - private_identification_t *this = malloc_thing(private_identification_t); - - this->public.get_encoding = (chunk_t (*) (identification_t*))get_encoding; - this->public.get_type = (id_type_t (*) (identification_t*))get_type; - this->public.create_part_enumerator = (enumerator_t*(*)(identification_t*))create_part_enumerator; - this->public.clone = (identification_t* (*) (identification_t*))clone_; - this->public.destroy = (void (*) (identification_t*))destroy; - + private_identification_t *this; + + INIT(this, + .public = { + .get_encoding = _get_encoding, + .get_type = _get_type, + .create_part_enumerator = _create_part_enumerator, + .clone = _clone, + .destroy = _destroy, + }, + .type = type, + ); + switch (type) { case ID_ANY: - this->public.matches = (id_match_t (*)(identification_t*,identification_t*))matches_any; - this->public.equals = (bool (*) (identification_t*,identification_t*))equals_binary; - this->public.contains_wildcards = (bool (*) (identification_t *this))return_true; + this->public.matches = _matches_any; + this->public.equals = _equals_binary; + this->public.contains_wildcards = return_true; break; case ID_FQDN: case ID_RFC822_ADDR: - this->public.matches = (id_match_t (*)(identification_t*,identification_t*))matches_string; - this->public.equals = (bool (*)(identification_t*,identification_t*))equals_strcasecmp; - this->public.contains_wildcards = (bool (*) (identification_t *this))contains_wildcards_memchr; + this->public.matches = _matches_string; + this->public.equals = _equals_strcasecmp; + this->public.contains_wildcards = _contains_wildcards_memchr; break; case ID_DER_ASN1_DN: - this->public.equals = (bool (*)(identification_t*,identification_t*))equals_dn; - this->public.matches = (id_match_t (*)(identification_t*,identification_t*))matches_dn; - this->public.contains_wildcards = (bool (*) (identification_t *this))contains_wildcards_dn; + this->public.equals = _equals_dn; + this->public.matches = _matches_dn; + this->public.contains_wildcards = _contains_wildcards_dn; break; default: - this->public.equals = (bool (*) (identification_t*,identification_t*))equals_binary; - this->public.matches = (id_match_t (*) (identification_t*,identification_t*))matches_binary; - this->public.contains_wildcards = (bool (*) (identification_t *this))return_false; + this->public.equals = _equals_binary; + this->public.matches = _matches_binary; + this->public.contains_wildcards = return_false; break; } - - this->type = type; - this->encoded = chunk_empty; - return this; } @@ -910,7 +870,7 @@ identification_t *identification_create_from_string(char *string) { private_identification_t *this; chunk_t encoded; - + if (string == NULL) { string = "%any"; @@ -951,7 +911,7 @@ identification_t *identification_create_from_string(char *string) { struct in_addr address; chunk_t chunk = {(void*)&address, sizeof(address)}; - + if (inet_pton(AF_INET, string, &address) > 0) { /* is IPv4 */ this = identification_create(ID_IPV4_ADDR); @@ -968,7 +928,7 @@ identification_t *identification_create_from_string(char *string) { struct in6_addr address; chunk_t chunk = {(void*)&address, sizeof(address)}; - + if (inet_pton(AF_INET6, string, &address) > 0) { /* is IPv6 */ this = identification_create(ID_IPV6_ADDR); @@ -1012,6 +972,18 @@ identification_t *identification_create_from_string(char *string) } } +/* + * Described in header. + */ +identification_t * identification_create_from_data(chunk_t data) +{ + char buf[data.len + 1]; + + /* use string constructor */ + snprintf(buf, sizeof(buf), "%.*s", data.len, data.ptr); + return identification_create_from_string(buf); +} + /* * Described in header. */ @@ -1019,7 +991,7 @@ identification_t *identification_create_from_encoding(id_type_t type, chunk_t encoded) { private_identification_t *this = identification_create(type); - + /* apply encoded chunk */ if (type != ID_ANY) { @@ -1028,3 +1000,33 @@ identification_t *identification_create_from_encoding(id_type_t type, return &(this->public); } +/* + * Described in header. + */ +identification_t *identification_create_from_sockaddr(sockaddr_t *sockaddr) +{ + switch (sockaddr->sa_family) + { + case AF_INET: + { + struct in_addr *addr = &(((struct sockaddr_in*)sockaddr)->sin_addr); + + return identification_create_from_encoding(ID_IPV4_ADDR, + chunk_create((u_char*)addr, sizeof(struct in_addr))); + } + case AF_INET6: + { + struct in6_addr *addr = &(((struct sockaddr_in6*)sockaddr)->sin6_addr); + + return identification_create_from_encoding(ID_IPV6_ADDR, + chunk_create((u_char*)addr, sizeof(struct in6_addr))); + } + default: + { + private_identification_t *this = identification_create(ID_ANY); + + return &(this->public); + } + } +} + diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h index dc0aec18e..fe5c7d0fd 100644 --- a/src/libstrongswan/utils/identification.h +++ b/src/libstrongswan/utils/identification.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup identification identification * @{ @ingroup utils @@ -29,9 +29,10 @@ typedef struct identification_t identification_t; typedef enum id_match_t id_match_t; typedef enum id_part_t id_part_t; -#include +#include +#include -/** +/** * Matches returned from identification_t.match */ enum id_match_t { @@ -79,8 +80,8 @@ enum id_type_t { * An example of an ID_RFC822_ADDR is "jsmith@example.com". * The string MUST NOT contain any terminators. */ - ID_USER_FQDN = 3, /* IKEv1 only */ - ID_RFC822_ADDR = 3, /* IKEv2 only */ + ID_USER_FQDN = 3, /* IKEv1 only */ + ID_RFC822_ADDR = 3, /* IKEv2 only */ /** * ID data is an IPv4 subnet (IKEv1 only) @@ -128,31 +129,16 @@ enum id_type_t { * private type which represents a GeneralName of type URI */ ID_DER_ASN1_GN_URI = 201, - - /** - * SHA1 hash over PKCS#1 subjectPublicKeyInfo - */ - ID_PUBKEY_INFO_SHA1 = 202, - - /** - * SHA1 hash over PKCS#1 subjectPublicKey - */ - ID_PUBKEY_SHA1 = 203, - - /** - * SHA1 hash of the binary DER encoding of a certificate - */ - ID_CERT_DER_SHA1 = 204, /** * IETF Attribute Syntax String (RFC 3281) */ - ID_IETF_ATTR_STRING = 205, + ID_IETF_ATTR_STRING = 202, /** * Private ID used by the pluto daemon for opportunistic encryption */ - ID_MYID = 206, + ID_MYID = 203, }; /** @@ -168,14 +154,14 @@ enum id_part_t { ID_PART_USERNAME, /** Domain part of an RFC822_ADDR */ ID_PART_DOMAIN, - + /** Top-Level domain of a FQDN */ ID_PART_TLD, /** Second-Level domain of a FQDN */ ID_PART_SLD, /** Another Level domain of a FQDN */ ID_PART_ALD, - + /** Country RDN of a DN */ ID_PART_RDN_C, /** CommonName RDN of a DN */ @@ -212,40 +198,40 @@ enum id_part_t { /** * Generic identification, such as used in ID payload. - * + * * @todo Support for ID_DER_ASN1_GN is minimal right now. Comparison * between them and ID_IPV4_ADDR/RFC822_ADDR would be nice. */ struct identification_t { - + /** * Get the encoding of this id, to send over * the network. - * + * * Result points to internal data, do not free. - * + * * @return a chunk containing the encoded bytes */ chunk_t (*get_encoding) (identification_t *this); - + /** * Get the type of this identification. - * + * * @return id_type_t */ id_type_t (*get_type) (identification_t *this); - + /** * Check if two identification_t objects are equal. - * + * * @param other other identification_t object * @return TRUE if the IDs are equal */ bool (*equals) (identification_t *this, identification_t *other); - + /** * Check if an ID matches a wildcard ID. - * + * * An identification_t may contain wildcards, such as * *.strongswan.org. This call checks if a given ID * (e.g. tester.strongswan.org) belongs to a such wildcard @@ -256,24 +242,24 @@ struct identification_t { * * The larger the return value is, the better is the match. Zero means * no match at all, 1 means a bad match, and 2 a slightly better match. - * + * * @param other the ID containing one or more wildcards * @param wildcards returns the number of wildcards, may be NULL * @return match value as described above */ id_match_t (*matches) (identification_t *this, identification_t *other); - + /** * Check if an ID is a wildcard ID. * * If the ID represents multiple IDs (with wildcards, or * as the type ID_ANY), TRUE is returned. If it is unique, * FALSE is returned. - * + * * @return TRUE if ID contains wildcards */ bool (*contains_wildcards) (identification_t *this); - + /** * Create an enumerator over subparts of an identity. * @@ -286,10 +272,10 @@ struct identification_t { * @return an enumerator over (id_part_t type, chunk_t data) */ enumerator_t* (*create_part_enumerator)(identification_t *this); - + /** * Clone a identification_t instance. - * + * * @return clone of this */ identification_t *(*clone) (identification_t *this); @@ -314,34 +300,50 @@ struct identification_t { * pluto resolves domainnames without an @ to IPv4 addresses. Since * we use a seperate host_t class for addresses, this doesn't * make sense for us. - * + * * A distinguished name may contain one or more of the following RDNs: * ND, UID, DC, CN, S, SN, serialNumber, C, L, ST, O, OU, T, D, - * N, G, I, ID, EN, EmployeeNumber, E, Email, emailAddress, UN, + * N, G, I, ID, EN, EmployeeNumber, E, Email, emailAddress, UN, * unstructuredName, TCGID. - * + * * This constructor never returns NULL. If it does not find a suitable * conversion function, it will copy the string to an ID_KEY_ID. - * + * * @param string input string, which will be converted * @return identification_t */ identification_t * identification_create_from_string(char *string); +/** + * Creates an identification from a chunk of data, guessing its type. + * + * @param data identification data + * @return identification_t + */ +identification_t * identification_create_from_data(chunk_t data); + /** * Creates an identification_t object from an encoded chunk. - * + * * @param type type of this id, such as ID_IPV4_ADDR * @param encoded encoded bytes, such as from identification_t.get_encoding * @return identification_t */ identification_t * identification_create_from_encoding(id_type_t type, chunk_t encoded); +/** + * Creates an identification_t object from a sockaddr struct + * + * @param sockaddr sockaddr struct which contains family and address + * @return identification_t + */ +identification_t * identification_create_from_sockaddr(sockaddr_t *sockaddr); + /** * printf hook function for identification_t. * - * Arguments are: - * identification_t *identification + * Arguments are: + * identification_t *identification */ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); diff --git a/src/libstrongswan/utils/iterator.h b/src/libstrongswan/utils/iterator.h index 1dbf01539..9be65b229 100644 --- a/src/libstrongswan/utils/iterator.h +++ b/src/libstrongswan/utils/iterator.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup iterator iterator * @{ @ingroup utils @@ -39,45 +39,45 @@ struct iterator_t { /** * Return number of list items. - * + * * @return number of list items */ int (*get_count) (iterator_t *this); - + /** * Iterate over all items. - * + * * The easy way to iterate over items. - * + * * @param value item * @return TRUE, if there was an element available, FALSE otherwise */ bool (*iterate) (iterator_t *this, void** value); - + /** * Inserts a new item before the given iterator position. - * + * * The iterator position is not changed after inserting - * + * * @param item value to insert in list */ void (*insert_before) (iterator_t *this, void *item); /** * Inserts a new item after the given iterator position. - * + * * The iterator position is not changed after inserting. - * + * * @param this calling iterator * @param item value to insert in list */ void (*insert_after) (iterator_t *this, void *item); - + /** * Replace the current item at current iterator position. - * + * * The iterator position is not changed after replacing. - * + * * @param this calling iterator * @param old old value will be written here(can be NULL) * @param new new value @@ -87,18 +87,18 @@ struct iterator_t { /** * Removes an element from list at the given iterator position. - * + * * The iterator is set the the following position: * - to the item before, if available * - it gets reseted, otherwise - * + * * @return SUCCESS, FAILED if iterator is on an invalid position */ status_t (*remove) (iterator_t *this); - + /** * Resets the iterator position. - * + * * After reset, the iterator_t objects doesn't point to an element. * A call to iterator_t.has_next is necessary to do any other operations * with the resetted iterator. diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 2cac3b458..2c2a36af3 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -12,14 +12,14 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #define _GNU_SOURCE #include #include #include #include #include -#include +#include #include #include #include @@ -90,32 +90,32 @@ typedef struct memory_tail_t memory_tail_t; * Header which is prepended to each allocated memory block */ struct memory_header_t { - + /** * Number of bytes following after the header */ u_int bytes; - + /** * Pointer to previous entry in linked list */ memory_header_t *previous; - + /** * Pointer to next entry in linked list */ memory_header_t *next; - + /** * backtrace taken during (re-)allocation */ backtrace_t *backtrace; - + /** * magic bytes to detect bad free or heap underflow, MEMORY_HEADER_MAGIC */ u_int32_t magic; - + }__attribute__((__packed__)); /** @@ -127,11 +127,11 @@ struct memory_tail_t { * Magic bytes to detect heap overflow, MEMORY_TAIL_MAGIC */ u_int32_t magic; - + }__attribute__((__packed__)); /** - * first mem header is just a dummy to chain + * first mem header is just a dummy to chain * the others on it... */ static memory_header_t first_header = { @@ -143,7 +143,7 @@ static memory_header_t first_header = { }; /** - * are the hooks currently installed? + * are the hooks currently installed? */ static bool installed = FALSE; @@ -151,7 +151,7 @@ static bool installed = FALSE; * Leak report white list * * List of functions using static allocation buffers or should be suppressed - * otherwise on leak report. + * otherwise on leak report. */ char *whitelist[] = { /* backtraces, including own */ @@ -170,11 +170,14 @@ char *whitelist[] = { "getprotobynumber", "getservbyport", "getservbyname", + "gethostbyname2", "gethostbyname_r", "gethostbyname2_r", + "getnetbyname", "getpwnam_r", "getgrnam_r", "register_printf_function", + "register_printf_specifier", "syslog", "vsyslog", "getaddrinfo", @@ -193,6 +196,8 @@ char *whitelist[] = { "xmlInitCharEncodingHandlers", "xmlInitParser", "xmlInitParserCtxt", + /* libcurl */ + "Curl_client_write", /* ClearSilver */ "nerr_init", /* OpenSSL */ @@ -200,6 +205,7 @@ char *whitelist[] = { "DH_new_method", "ENGINE_load_builtin_engines", "OPENSSL_config", + "ecdsa_check", /* libgcrypt */ "gcry_control", "gcry_check_version", @@ -230,7 +236,7 @@ void report_leaks() { memory_header_t *hdr; int leaks = 0, whitelisted = 0; - + for (hdr = first_header.next; hdr != NULL; hdr = hdr->next) { if (is_whitelisted(hdr->backtrace)) @@ -245,7 +251,7 @@ void report_leaks() leaks++; } } - + switch (leaks) { case 0: @@ -300,14 +306,14 @@ void *malloc_hook(size_t bytes, const void *caller) memory_header_t *hdr; memory_tail_t *tail; pthread_t thread_id = pthread_self(); - int oldpolicy; - struct sched_param oldparams, params; - - pthread_getschedparam(thread_id, &oldpolicy, &oldparams); - - params.__sched_priority = sched_get_priority_max(SCHED_FIFO); + int oldpolicy; + struct sched_param oldparams, params; + + pthread_getschedparam(thread_id, &oldpolicy, &oldparams); + + params.__sched_priority = sched_get_priority_max(SCHED_FIFO); pthread_setschedparam(thread_id, SCHED_FIFO, ¶ms); - + count_malloc++; uninstall_hooks(); hdr = malloc(sizeof(memory_header_t) + bytes + sizeof(memory_tail_t)); @@ -315,13 +321,13 @@ void *malloc_hook(size_t bytes, const void *caller) /* set to something which causes crashes */ memset(hdr, MEMORY_ALLOC_PATTERN, sizeof(memory_header_t) + bytes + sizeof(memory_tail_t)); - + hdr->magic = MEMORY_HEADER_MAGIC; hdr->bytes = bytes; hdr->backtrace = backtrace_create(3); tail->magic = MEMORY_TAIL_MAGIC; install_hooks(); - + /* insert at the beginning of the list */ hdr->next = first_header.next; if (hdr->next) @@ -330,9 +336,9 @@ void *malloc_hook(size_t bytes, const void *caller) } hdr->previous = &first_header; first_header.next = hdr; - + pthread_setschedparam(thread_id, oldpolicy, &oldparams); - + return hdr + 1; } @@ -341,13 +347,14 @@ void *malloc_hook(size_t bytes, const void *caller) */ void free_hook(void *ptr, const void *caller) { - memory_header_t *hdr; + memory_header_t *hdr, *current; memory_tail_t *tail; - backtrace_t *backtrace; + backtrace_t *backtrace; pthread_t thread_id = pthread_self(); - int oldpolicy; - struct sched_param oldparams, params; - + int oldpolicy; + struct sched_param oldparams, params; + bool found = FALSE; + /* allow freeing of NULL */ if (ptr == NULL) { @@ -355,20 +362,37 @@ void free_hook(void *ptr, const void *caller) } hdr = ptr - sizeof(memory_header_t); tail = ptr + hdr->bytes; - + pthread_getschedparam(thread_id, &oldpolicy, &oldparams); - - params.__sched_priority = sched_get_priority_max(SCHED_FIFO); + + params.__sched_priority = sched_get_priority_max(SCHED_FIFO); pthread_setschedparam(thread_id, SCHED_FIFO, ¶ms); - + count_free++; uninstall_hooks(); if (hdr->magic != MEMORY_HEADER_MAGIC || tail->magic != MEMORY_TAIL_MAGIC) { - fprintf(stderr, "freeing invalid memory (%p): " - "header magic 0x%x, tail magic 0x%x:\n", - ptr, hdr->magic, tail->magic); + for (current = &first_header; current != NULL; current = current->next) + { + if (current == hdr) + { + found = TRUE; + break; + } + } + if (found) + { + /* memory was allocated by our hooks but is corrupted */ + fprintf(stderr, "freeing corrupted memory (%p): " + "header magic 0x%x, tail magic 0x%x:\n", + ptr, hdr->magic, tail->magic); + } + else + { + /* memory was not allocated by our hooks */ + fprintf(stderr, "freeing invalid memory (%p)", ptr); + } backtrace = backtrace_create(3); backtrace->log(backtrace, stderr); backtrace->destroy(backtrace); @@ -382,13 +406,14 @@ void free_hook(void *ptr, const void *caller) } hdr->previous->next = hdr->next; hdr->backtrace->destroy(hdr->backtrace); - + /* clear MAGIC, set mem to something remarkable */ - memset(hdr, MEMORY_FREE_PATTERN, hdr->bytes + sizeof(memory_header_t)); - + memset(hdr, MEMORY_FREE_PATTERN, + sizeof(memory_header_t) + hdr->bytes + sizeof(memory_tail_t)); + free(hdr); } - + install_hooks(); pthread_setschedparam(thread_id, oldpolicy, &oldparams); } @@ -402,23 +427,23 @@ void *realloc_hook(void *old, size_t bytes, const void *caller) memory_tail_t *tail; backtrace_t *backtrace; pthread_t thread_id = pthread_self(); - int oldpolicy; - struct sched_param oldparams, params; - + int oldpolicy; + struct sched_param oldparams, params; + /* allow reallocation of NULL */ if (old == NULL) { return malloc_hook(bytes, caller); } - + hdr = old - sizeof(memory_header_t); tail = old + hdr->bytes; - + pthread_getschedparam(thread_id, &oldpolicy, &oldparams); - + params.__sched_priority = sched_get_priority_max(SCHED_FIFO); pthread_setschedparam(thread_id, SCHED_FIFO, ¶ms); - + count_realloc++; uninstall_hooks(); if (hdr->magic != MEMORY_HEADER_MAGIC || @@ -472,21 +497,21 @@ static void destroy(private_leak_detective_t *this) leak_detective_t *leak_detective_create() { private_leak_detective_t *this = malloc_thing(private_leak_detective_t); - + this->public.destroy = (void(*)(leak_detective_t*))destroy; - + if (getenv("LEAK_DETECTIVE_DISABLE") == NULL) { cpu_set_t mask; - + CPU_ZERO(&mask); CPU_SET(0, &mask); - + if (sched_setaffinity(0, sizeof(cpu_set_t), &mask) != 0) { fprintf(stderr, "setting CPU affinity failed: %m"); } - + lib->leak_detective = TRUE; install_hooks(); } diff --git a/src/libstrongswan/utils/leak_detective.h b/src/libstrongswan/utils/leak_detective.h index cd30dcd5f..181f8f3db 100644 --- a/src/libstrongswan/utils/leak_detective.h +++ b/src/libstrongswan/utils/leak_detective.h @@ -32,11 +32,11 @@ typedef struct leak_detective_t leak_detective_t; * and dynamic whitelisting. */ struct leak_detective_t { - + /** - * Destroy a leak_detective instance. - */ - void (*destroy)(leak_detective_t *this); + * Destroy a leak_detective instance. + */ + void (*destroy)(leak_detective_t *this); }; /** diff --git a/src/libstrongswan/utils/lexparser.c b/src/libstrongswan/utils/lexparser.c index 2472f6751..b0aced180 100644 --- a/src/libstrongswan/utils/lexparser.c +++ b/src/libstrongswan/utils/lexparser.c @@ -40,31 +40,31 @@ bool match(const char *pattern, const chunk_t *ch) bool extract_token(chunk_t *token, const char termination, chunk_t *src) { u_char *eot = memchr(src->ptr, termination, src->len); - + if (termination == ' ') { u_char *eot_tab = memchr(src->ptr, '\t', src->len); - + /* check if a tab instead of a space terminates the token */ eot = ( eot_tab == NULL || (eot && eot < eot_tab) ) ? eot : eot_tab; } - + /* initialize empty token */ *token = chunk_empty; - + if (eot == NULL) /* termination symbol not found */ { return FALSE; } - + /* extract token */ token->ptr = src->ptr; token->len = (u_int)(eot - src->ptr); - + /* advance src pointer after termination symbol */ src->ptr = eot + 1; src->len -= (token->len + 1); - + return TRUE; } @@ -75,23 +75,23 @@ bool extract_token_str(chunk_t *token, const char *termination, chunk_t *src) { u_char *eot = memstr(src->ptr, termination, src->len); size_t l = strlen(termination); - + /* initialize empty token */ *token = chunk_empty; - + if (eot == NULL) /* termination string not found */ { return FALSE; } - + /* extract token */ token->ptr = src->ptr; token->len = (u_int)(eot - src->ptr); - + /* advance src pointer after termination string */ src->ptr = eot + l; src->len -= (token->len + l); - + return TRUE; } diff --git a/src/libstrongswan/utils/lexparser.h b/src/libstrongswan/utils/lexparser.h index 7e2edb278..7eb68069b 100644 --- a/src/libstrongswan/utils/lexparser.h +++ b/src/libstrongswan/utils/lexparser.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup lexparser lexparser * @{ @ingroup utils diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c index a45468cca..4aa8ea6ca 100644 --- a/src/libstrongswan/utils/linked_list.c +++ b/src/libstrongswan/utils/linked_list.c @@ -33,14 +33,14 @@ struct element_t { /** * Previous list element. - * + * * NULL if first element in list. */ element_t *previous; - + /** * Next list element. - * + * * NULL if last element in list. */ element_t *next; @@ -52,11 +52,11 @@ struct element_t { element_t *element_create(void *value) { element_t *this = malloc_thing(element_t); - + this->previous = NULL; this->next = NULL; this->value = value; - + return (this); } @@ -83,7 +83,7 @@ struct private_linked_list_t { * NULL if no elements in list. */ element_t *first; - + /** * Last element in list. * NULL if no elements in list. @@ -130,12 +130,12 @@ struct private_enumerator_t { * implements enumerator interface */ enumerator_t enumerator; - + /** * associated linked list */ private_linked_list_t *list; - + /** * current item */ @@ -173,12 +173,12 @@ static bool enumerate(private_enumerator_t *this, void **item) static enumerator_t* create_enumerator(private_linked_list_t *this) { private_enumerator_t *enumerator = malloc_thing(private_enumerator_t); - + enumerator->enumerator.enumerate = (void*)enumerate; enumerator->enumerator.destroy = (void*)free; enumerator->list = this; enumerator->current = NULL; - + return &enumerator->enumerator; } @@ -273,7 +273,7 @@ static status_t iterator_remove(private_iterator_t *this) this->current->previous->next = this->current->next; this->current->next->previous = this->current->previous; } - + this->list->count--; free(this->current); /* set the new iterator position */ @@ -290,7 +290,7 @@ static void insert_before(private_iterator_t * iterator, void *item) { iterator->list->public.insert_first(&(iterator->list->public), item); } - + element_t *element = element_create(item); if (iterator->current->previous == NULL) { @@ -322,7 +322,7 @@ static status_t replace(private_iterator_t *this, void **old_item, void *new_ite *old_item = this->current->value; } this->current->value = new_item; - + return SUCCESS; } @@ -336,7 +336,7 @@ static void insert_after(private_iterator_t *iterator, void *item) iterator->list->public.insert_first(&(iterator->list->public),item); return; } - + element_t *element = element_create(item); if (iterator->current->next == NULL) { @@ -376,7 +376,7 @@ static int get_count(private_linked_list_t *this) static void insert_first(private_linked_list_t *this, void *item) { element_t *element; - + element = element_create(item); if (this->count == 0) { @@ -407,7 +407,7 @@ static element_t* remove_element(private_linked_list_t *this, element_t *element next = element->next; previous = element->previous; free(element); - if (next) + if (next) { next->previous = previous; } @@ -463,7 +463,7 @@ static status_t remove_first(private_linked_list_t *this, void **item) static void insert_last(private_linked_list_t *this, void *item) { element_t *element = element_create(item); - + if (this->count == 0) { /* first entry in list */ @@ -508,7 +508,7 @@ static status_t remove_last(private_linked_list_t *this, void **item) } return NOT_FOUND; } - + /** * Implementation of linked_list_t.remove. */ @@ -517,7 +517,7 @@ static int remove_(private_linked_list_t *this, void *item, { element_t *current = this->first; int removed = 0; - + while (current) { if ((compare && compare(current->value, item)) || @@ -556,7 +556,7 @@ static status_t find_first(private_linked_list_t *this, linked_list_match_t matc void **item, void *d1, void *d2, void *d3, void *d4, void *d5) { element_t *current = this->first; - + while (current) { if ((match && match(current->value, d1, d2, d3, d4, d5)) || @@ -580,7 +580,7 @@ static status_t find_last(private_linked_list_t *this, linked_list_match_t match void **item, void *d1, void *d2, void *d3, void *d4, void *d5) { element_t *current = this->last; - + while (current) { if ((match && match(current->value, d1, d2, d3, d4, d5)) || @@ -604,7 +604,7 @@ static void invoke_offset(private_linked_list_t *this, size_t offset, void *d1, void *d2, void *d3, void *d4, void *d5) { element_t *current = this->first; - + while (current) { linked_list_invoke_t *method = current->value + offset; @@ -620,7 +620,7 @@ static void invoke_function(private_linked_list_t *this, linked_list_invoke_t fn void *d1, void *d2, void *d3, void *d4, void *d5) { element_t *current = this->first; - + while (current) { fn(current->value, d1, d2, d3, d4, d5); @@ -635,14 +635,14 @@ static linked_list_t *clone_offset(private_linked_list_t *this, size_t offset) { linked_list_t *clone = linked_list_create(); element_t *current = this->first; - + while (current) { void* (**method)(void*) = current->value + offset; clone->insert_last(clone, (*method)(current->value)); current = current->next; } - + return clone; } @@ -653,13 +653,13 @@ static linked_list_t *clone_function(private_linked_list_t *this, void* (*fn)(vo { linked_list_t *clone = linked_list_create(); element_t *current = this->first; - + while (current) { clone->insert_last(clone, fn(current->value)); current = current->next; } - + return clone; } @@ -684,7 +684,7 @@ static void destroy(private_linked_list_t *this) static void destroy_offset(private_linked_list_t *this, size_t offset) { element_t *current = this->first, *next; - + while (current) { void (**method)(void*) = current->value + offset; @@ -702,7 +702,7 @@ static void destroy_offset(private_linked_list_t *this, size_t offset) static void destroy_function(private_linked_list_t *this, void (*fn)(void*)) { element_t *current = this->first, *next; - + while (current) { fn(current->value); @@ -719,7 +719,7 @@ static void destroy_function(private_linked_list_t *this, void (*fn)(void*)) static iterator_t *create_iterator(private_linked_list_t *linked_list, bool forward) { private_iterator_t *this = malloc_thing(private_iterator_t); - + this->public.get_count = (int (*) (iterator_t*)) get_list_count; this->public.iterate = (bool (*) (iterator_t*, void **value)) iterate; this->public.insert_before = (void (*) (iterator_t*, void *item)) insert_before; @@ -728,11 +728,11 @@ static iterator_t *create_iterator(private_linked_list_t *linked_list, bool forw this->public.remove = (status_t (*) (iterator_t*)) iterator_remove; this->public.reset = (void (*) (iterator_t*)) iterator_reset; this->public.destroy = (void (*) (iterator_t*)) iterator_destroy; - + this->forward = forward; this->current = NULL; this->list = linked_list; - + return &this->public; } diff --git a/src/libstrongswan/utils/linked_list.h b/src/libstrongswan/utils/linked_list.h index 8b2de9083..ba5f28f6a 100644 --- a/src/libstrongswan/utils/linked_list.h +++ b/src/libstrongswan/utils/linked_list.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup linked_list linked_list * @{ @ingroup utils @@ -56,24 +56,24 @@ struct linked_list_t { /** * Gets the count of items in the list. - * + * * @return number of items in list */ int (*get_count) (linked_list_t *this); - + /** * Creates a iterator for the given list. - * + * * @warning Created iterator_t object has to get destroyed by the caller. * * @deprecated Iterator is obsolete and will disappear, it is too * complicated to implement. Use enumerator instead. - * + * * @param forward iterator direction (TRUE: front to end) * @return new iterator_t object */ iterator_t *(*create_iterator) (linked_list_t *this, bool forward); - + /** * Create an enumerator over the list. * @@ -83,7 +83,7 @@ struct linked_list_t { * @return enumerator over list items */ enumerator_t* (*create_enumerator)(linked_list_t *this); - + /** * Inserts a new item at the beginning of the list. * @@ -93,22 +93,22 @@ struct linked_list_t { /** * Removes the first item in the list and returns its value. - * + * * @param item returned value of first item, or NULL * @return SUCCESS, or NOT_FOUND if list is empty */ status_t (*remove_first) (linked_list_t *this, void **item); - + /** * Remove an item from the list where the enumerator points to. * * @param enumerator enumerator with position */ void (*remove_at)(linked_list_t *this, enumerator_t *enumerator); - + /** * Remove items from the list matching item. - * + * * If a compare function is given, it is called for each item, where * the first parameter is the current list item and the second parameter * is the supplied item parameter. @@ -119,11 +119,11 @@ struct linked_list_t { * @return number of removed items */ int (*remove)(linked_list_t *this, void *item, bool (*compare)(void *,void*)); - + /** * Returns the value of the first list item without removing it. - * - * @param this calling object + * + * @param this calling object * @param item returned value of first item * @return SUCCESS, NOT_FOUND if list is empty */ @@ -131,15 +131,15 @@ struct linked_list_t { /** * Inserts a new item at the end of the list. - * + * * @param item value to insert into list */ void (*insert_last) (linked_list_t *this, void *item); /** * Removes the last item in the list and returns its value. - * - * @param this calling object + * + * @param this calling object * @param item returned value of last item, or NULL * @return SUCCESS, NOT_FOUND if list is empty */ @@ -147,15 +147,15 @@ struct linked_list_t { /** * Returns the value of the last list item without removing it. - * + * * @param this calling object * @param item returned value of last item * @return SUCCESS, NOT_FOUND if list is empty */ status_t (*get_last) (linked_list_t *this, void **item); - + /** Find the first matching element in the list. - * + * * The first object passed to the match function is the current list item, * followed by the user supplied data. * If the supplied function returns TRUE this function returns SUCCESS, and @@ -163,7 +163,7 @@ struct linked_list_t { * the next item is checked. * * If match is NULL, *item and the current object are compared. - * + * * @warning Only use pointers as user supplied data. * * @param match comparison function to call on each object, or NULL @@ -173,17 +173,17 @@ struct linked_list_t { */ status_t (*find_first) (linked_list_t *this, linked_list_match_t match, void **item, ...); - + /** Find the last matching element in the list. - * + * * The first object passed to the match function is the current list item, * followed by the user supplied data. * If the supplied function returns TRUE this function returns SUCCESS, and * the current object is returned in the third parameter, otherwise, * the next item is checked. - * + * * If match is NULL, *item and the current object are compared. - * + * * @warning Only use pointers as user supplied data. * * @param match comparison function to call on each object, or NULL @@ -193,7 +193,7 @@ struct linked_list_t { */ status_t (*find_last) (linked_list_t *this, linked_list_match_t match, void **item, ...); - + /** * Invoke a method on all of the contained objects. * @@ -202,41 +202,41 @@ struct linked_list_t { * method is specified by an offset of the function pointer, * which can be evalutated at compile time using the offsetof * macro, e.g.: list->invoke(list, offsetof(object_t, method)); - * + * * @param offset offset of the method to invoke on objects * @param ... user data to supply to called function (limited to 5 arguments) */ void (*invoke_offset) (linked_list_t *this, size_t offset, ...); - + /** * Invoke a function on all of the contained objects. - * + * * @param function offset of the method to invoke on objects * @param ... user data to supply to called function (limited to 5 arguments) */ void (*invoke_function) (linked_list_t *this, linked_list_invoke_t function, ...); - + /** * Clones a list and its objects using the objects' clone method. - * + * * @param offset offset ot the objects clone function * @return cloned list */ linked_list_t *(*clone_offset) (linked_list_t *this, size_t offset); - + /** * Clones a list and its objects using a given function. - * + * * @param function function that clones an object * @return cloned list */ linked_list_t *(*clone_function) (linked_list_t *this, void*(*)(void*)); - + /** * Destroys a linked_list object. */ void (*destroy) (linked_list_t *this); - + /** * Destroys a list and its objects using the destructor. * @@ -248,10 +248,10 @@ struct linked_list_t { * @param offset offset of the objects destructor */ void (*destroy_offset) (linked_list_t *this, size_t offset); - + /** * Destroys a list and its contents using a a cleanup function. - * + * * If a linked list and its contents should get destroyed using a specific * cleanup function, use destroy_function. This is useful when the * list contains malloc()-ed blocks which should get freed, @@ -264,7 +264,7 @@ struct linked_list_t { /** * Creates an empty linked list object. - * + * * @return linked_list_t object. */ linked_list_t *linked_list_create(void); diff --git a/src/libstrongswan/utils/mutex.c b/src/libstrongswan/utils/mutex.c deleted file mode 100644 index a6c39e94c..000000000 --- a/src/libstrongswan/utils/mutex.c +++ /dev/null @@ -1,509 +0,0 @@ -/* - * Copyright (C) 2008 Tobias Brunner - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#define _GNU_SOURCE -#include -#include -#include -#include -#include - -#include "mutex.h" - -#include -#include - -typedef struct private_mutex_t private_mutex_t; -typedef struct private_r_mutex_t private_r_mutex_t; -typedef struct private_condvar_t private_condvar_t; -typedef struct private_rwlock_t private_rwlock_t; - -#ifdef LOCK_PROFILER - -/** - * Do not report mutexes with an overall waiting time smaller than this (in us) - */ -#define PROFILE_TRESHHOLD 1000 - -#include - -typedef struct lock_profile_t lock_profile_t; - -struct lock_profile_t { - - /** - * how long threads have waited for the lock in this mutex so far - */ - struct timeval waited; - - /** - * backtrace where mutex has been created - */ - backtrace_t *backtrace; -}; - -/** - * Print and cleanup mutex profiler - */ -static void profiler_cleanup(lock_profile_t *profile) -{ - if (profile->waited.tv_sec > 0 || - profile->waited.tv_usec > PROFILE_TRESHHOLD) - { - fprintf(stderr, "%d.%06ds in lock created at:", - profile->waited.tv_sec, profile->waited.tv_usec); - profile->backtrace->log(profile->backtrace, stderr); - } - profile->backtrace->destroy(profile->backtrace); -} - -/** - * Initialize mutex profiler - */ -static void profiler_init(lock_profile_t *profile) -{ - profile->backtrace = backtrace_create(2); - timerclear(&profile->waited); -} - -#define profiler_start(profile) { \ - struct timeval _start, _end, _diff; \ - gettimeofday(&_start, NULL); - -#define profiler_end(profile) \ - gettimeofday(&_end, NULL); \ - timersub(&_end, &_start, &_diff); \ - timeradd(&(profile)->waited, &_diff, &(profile)->waited); } - -#else /* !LOCK_PROFILER */ - -#define lock_profile_t struct {} -#define profiler_cleanup(...) {} -#define profiler_init(...) {} -#define profiler_start(...) {} -#define profiler_end(...) {} - -#endif /* LOCK_PROFILER */ - -/** - * private data of mutex - */ -struct private_mutex_t { - - /** - * public functions - */ - mutex_t public; - - /** - * wrapped pthread mutex - */ - pthread_mutex_t mutex; - - /** - * is this a recursiv emutex, implementing private_r_mutex_t? - */ - bool recursive; - - /** - * profiling info, if enabled - */ - lock_profile_t profile; -}; - -/** - * private data of mutex, extended by recursive locking information - */ -struct private_r_mutex_t { - - /** - * Extends private_mutex_t - */ - private_mutex_t generic; - - /** - * thread which currently owns mutex - */ - pthread_t thread; - - /** - * times we have locked the lock, stored per thread - */ - pthread_key_t times; -}; - -/** - * private data of condvar - */ -struct private_condvar_t { - - /** - * public functions - */ - condvar_t public; - - /** - * wrapped pthread condvar - */ - pthread_cond_t condvar; -}; - -/** - * private data of rwlock - */ -struct private_rwlock_t { - - /** - * public functions - */ - rwlock_t public; - - /** - * wrapped pthread rwlock - */ - pthread_rwlock_t rwlock; - - /** - * profiling info, if enabled - */ - lock_profile_t profile; -}; - -/** - * Implementation of mutex_t.lock. - */ -static void lock(private_mutex_t *this) -{ - profiler_start(&this->profile); - if (pthread_mutex_lock(&this->mutex)) - { - DBG1("!!!! MUTEX %sLOCK ERROR, your code is buggy !!!", ""); - } - profiler_end(&this->profile); -} - -/** - * Implementation of mutex_t.unlock. - */ -static void unlock(private_mutex_t *this) -{ - if (pthread_mutex_unlock(&this->mutex)) - { - DBG1("!!!! MUTEX %sLOCK ERROR, your code is buggy !!!", "UN"); - } -} - -/** - * Implementation of mutex_t.lock. - */ -static void lock_r(private_r_mutex_t *this) -{ - pthread_t self = pthread_self(); - - if (this->thread == self) - { - uintptr_t times; - - /* times++ */ - times = (uintptr_t)pthread_getspecific(this->times); - pthread_setspecific(this->times, (void*)times + 1); - } - else - { - lock(&this->generic); - this->thread = self; - /* times = 1 */ - pthread_setspecific(this->times, (void*)1); - } -} - -/** - * Implementation of mutex_t.unlock. - */ -static void unlock_r(private_r_mutex_t *this) -{ - uintptr_t times; - - /* times-- */ - times = (uintptr_t)pthread_getspecific(this->times); - pthread_setspecific(this->times, (void*)--times); - - if (times == 0) - { - this->thread = 0; - unlock(&this->generic); - } -} - -/** - * Implementation of mutex_t.destroy - */ -static void mutex_destroy(private_mutex_t *this) -{ - profiler_cleanup(&this->profile); - pthread_mutex_destroy(&this->mutex); - free(this); -} - -/** - * Implementation of mutex_t.destroy for recursive mutex' - */ -static void mutex_destroy_r(private_r_mutex_t *this) -{ - profiler_cleanup(&this->generic.profile); - pthread_mutex_destroy(&this->generic.mutex); - pthread_key_delete(this->times); - free(this); -} - -/* - * see header file - */ -mutex_t *mutex_create(mutex_type_t type) -{ - switch (type) - { - case MUTEX_TYPE_RECURSIVE: - { - private_r_mutex_t *this = malloc_thing(private_r_mutex_t); - - this->generic.public.lock = (void(*)(mutex_t*))lock_r; - this->generic.public.unlock = (void(*)(mutex_t*))unlock_r; - this->generic.public.destroy = (void(*)(mutex_t*))mutex_destroy_r; - - pthread_mutex_init(&this->generic.mutex, NULL); - pthread_key_create(&this->times, NULL); - this->generic.recursive = TRUE; - profiler_init(&this->generic.profile); - this->thread = 0; - - return &this->generic.public; - } - case MUTEX_TYPE_DEFAULT: - default: - { - private_mutex_t *this = malloc_thing(private_mutex_t); - - this->public.lock = (void(*)(mutex_t*))lock; - this->public.unlock = (void(*)(mutex_t*))unlock; - this->public.destroy = (void(*)(mutex_t*))mutex_destroy; - - pthread_mutex_init(&this->mutex, NULL); - this->recursive = FALSE; - profiler_init(&this->profile); - - return &this->public; - } - } -} - -/** - * Implementation of condvar_t.wait. - */ -static void _wait(private_condvar_t *this, private_mutex_t *mutex) -{ - if (mutex->recursive) - { - private_r_mutex_t* recursive = (private_r_mutex_t*)mutex; - - /* mutex owner gets cleared during condvar wait */ - recursive->thread = 0; - pthread_cond_wait(&this->condvar, &mutex->mutex); - recursive->thread = pthread_self(); - } - else - { - pthread_cond_wait(&this->condvar, &mutex->mutex); - } -} - -/** - * Implementation of condvar_t.timed_wait_abs. - */ -static bool timed_wait_abs(private_condvar_t *this, private_mutex_t *mutex, - timeval_t time) -{ - struct timespec ts; - bool timed_out; - - ts.tv_sec = time.tv_sec; - ts.tv_nsec = time.tv_usec * 1000; - - if (mutex->recursive) - { - private_r_mutex_t* recursive = (private_r_mutex_t*)mutex; - - recursive->thread = 0; - timed_out = pthread_cond_timedwait(&this->condvar, &mutex->mutex, - &ts) == ETIMEDOUT; - recursive->thread = pthread_self(); - } - else - { - timed_out = pthread_cond_timedwait(&this->condvar, &mutex->mutex, - &ts) == ETIMEDOUT; - } - return timed_out; -} - -/** - * Implementation of condvar_t.timed_wait. - */ -static bool timed_wait(private_condvar_t *this, private_mutex_t *mutex, - u_int timeout) -{ - timeval_t tv; - u_int s, ms; - - gettimeofday(&tv, NULL); - - s = timeout / 1000; - ms = timeout % 1000; - - tv.tv_sec += s; - tv.tv_usec += ms * 1000; - - if (tv.tv_usec > 1000000 /* 1s */) - { - tv.tv_usec -= 1000000; - tv.tv_sec++; - } - return timed_wait_abs(this, mutex, tv); -} - -/** - * Implementation of condvar_t.signal. - */ -static void _signal(private_condvar_t *this) -{ - pthread_cond_signal(&this->condvar); -} - -/** - * Implementation of condvar_t.broadcast. - */ -static void broadcast(private_condvar_t *this) -{ - pthread_cond_broadcast(&this->condvar); -} - -/** - * Implementation of condvar_t.destroy - */ -static void condvar_destroy(private_condvar_t *this) -{ - pthread_cond_destroy(&this->condvar); - free(this); -} - -/* - * see header file - */ -condvar_t *condvar_create(condvar_type_t type) -{ - switch (type) - { - case CONDVAR_TYPE_DEFAULT: - default: - { - private_condvar_t *this = malloc_thing(private_condvar_t); - - this->public.wait = (void(*)(condvar_t*, mutex_t *mutex))_wait; - this->public.timed_wait = (bool(*)(condvar_t*, mutex_t *mutex, u_int timeout))timed_wait; - this->public.timed_wait_abs = (bool(*)(condvar_t*, mutex_t *mutex, timeval_t time))timed_wait_abs; - this->public.signal = (void(*)(condvar_t*))_signal; - this->public.broadcast = (void(*)(condvar_t*))broadcast; - this->public.destroy = (void(*)(condvar_t*))condvar_destroy; - - pthread_cond_init(&this->condvar, NULL); - - return &this->public; - } - } -} - -/** - * Implementation of rwlock_t.read_lock - */ -static void read_lock(private_rwlock_t *this) -{ - profiler_start(&this->profile); - pthread_rwlock_rdlock(&this->rwlock); - profiler_end(&this->profile); -} - -/** - * Implementation of rwlock_t.write_lock - */ -static void write_lock(private_rwlock_t *this) -{ - profiler_start(&this->profile); - pthread_rwlock_wrlock(&this->rwlock); - profiler_end(&this->profile); -} - -/** - * Implementation of rwlock_t.try_write_lock - */ -static bool try_write_lock(private_rwlock_t *this) -{ - return pthread_rwlock_trywrlock(&this->rwlock) == 0; -} - -/** - * Implementation of rwlock_t.unlock - */ -static void rw_unlock(private_rwlock_t *this) -{ - pthread_rwlock_unlock(&this->rwlock); -} - -/** - * Implementation of rwlock_t.destroy - */ -static void rw_destroy(private_rwlock_t *this) -{ - pthread_rwlock_destroy(&this->rwlock); - profiler_cleanup(&this->profile); - free(this); -} - -/* - * see header file - */ -rwlock_t *rwlock_create(rwlock_type_t type) -{ - switch (type) - { - case RWLOCK_TYPE_DEFAULT: - default: - { - private_rwlock_t *this = malloc_thing(private_rwlock_t); - - this->public.read_lock = (void(*)(rwlock_t*))read_lock; - this->public.write_lock = (void(*)(rwlock_t*))write_lock; - this->public.try_write_lock = (bool(*)(rwlock_t*))try_write_lock; - this->public.unlock = (void(*)(rwlock_t*))rw_unlock; - this->public.destroy = (void(*)(rwlock_t*))rw_destroy; - - pthread_rwlock_init(&this->rwlock, NULL); - profiler_init(&this->profile); - - return &this->public; - } - } -} - diff --git a/src/libstrongswan/utils/mutex.h b/src/libstrongswan/utils/mutex.h deleted file mode 100644 index 273f56b47..000000000 --- a/src/libstrongswan/utils/mutex.h +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright (C) 2008 Tobias Brunner - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup mutex mutex - * @{ @ingroup utils - */ - -#ifndef MUTEX_H_ -#define MUTEX_H_ - -typedef struct mutex_t mutex_t; -typedef struct condvar_t condvar_t; -typedef struct rwlock_t rwlock_t; -typedef enum mutex_type_t mutex_type_t; -typedef enum condvar_type_t condvar_type_t; -typedef enum rwlock_type_t rwlock_type_t; - -#include - -#ifdef __APPLE__ -/* on Mac OS X 10.5 several system calls we use are no cancellation points. - * fortunately, select isn't one of them, so we wrap some of the others with - * calls to select(2). - */ -#include -#include - -#define WRAP_WITH_SELECT(func, socket, ...)\ - fd_set rfds; FD_ZERO(&rfds); FD_SET(socket, &rfds);\ - if (select(socket + 1, &rfds, NULL, NULL, NULL) <= 0) { return -1; }\ - return func(socket, __VA_ARGS__) - -static inline int cancellable_accept(int socket, struct sockaddr *address, - socklen_t *address_len) -{ - WRAP_WITH_SELECT(accept, socket, address, address_len); -} -#define accept cancellable_accept -static inline int cancellable_recvfrom(int socket, void *buffer, size_t length, - int flags, struct sockaddr *address, socklen_t *address_len) -{ - WRAP_WITH_SELECT(recvfrom, socket, buffer, length, flags, address, address_len); -} -#define recvfrom cancellable_recvfrom -#endif /* __APPLE__ */ - -/** - * Type of mutex. - */ -enum mutex_type_t { - /** default mutex */ - MUTEX_TYPE_DEFAULT = 0, - /** allow recursive locking of the mutex */ - MUTEX_TYPE_RECURSIVE = 1, -}; - -/** - * Type of condvar. - */ -enum condvar_type_t { - /** default condvar */ - CONDVAR_TYPE_DEFAULT = 0, -}; - -/** - * Type of read-write lock. - */ -enum rwlock_type_t { - /** default condvar */ - RWLOCK_TYPE_DEFAULT = 0, -}; - -/** - * Mutex wrapper implements simple, portable and advanced mutex functions. - */ -struct mutex_t { - - /** - * Acquire the lock to the mutex. - */ - void (*lock)(mutex_t *this); - - /** - * Release the lock on the mutex. - */ - void (*unlock)(mutex_t *this); - - /** - * Destroy a mutex instance. - */ - void (*destroy)(mutex_t *this); -}; - -/** - * Condvar wrapper to use in conjunction with mutex_t. - */ -struct condvar_t { - - /** - * Wait on a condvar until it gets signalized. - * - * @param mutex mutex to release while waiting - */ - void (*wait)(condvar_t *this, mutex_t *mutex); - - /** - * Wait on a condvar until it gets signalized, or times out. - * - * @param mutex mutex to release while waiting - * @param timeout timeout im ms - * @return TRUE if timed out, FALSE otherwise - */ - bool (*timed_wait)(condvar_t *this, mutex_t *mutex, u_int timeout); - - /** - * Wait on a condvar until it gets signalized, or times out. - * - * @param mutex mutex to release while waiting - * @param time absolute time until timeout - * @return TRUE if timed out, FALSE otherwise - */ - bool (*timed_wait_abs)(condvar_t *this, mutex_t *mutex, timeval_t timeout); - - /** - * Wake up a single thread in a condvar. - */ - void (*signal)(condvar_t *this); - - /** - * Wake up all threads in a condvar. - */ - void (*broadcast)(condvar_t *this); - - /** - * Destroy a condvar and free its resources. - */ - void (*destroy)(condvar_t *this); -}; - -/** - * Read-Write lock wrapper. - */ -struct rwlock_t { - - /** - * Acquire the read lock. - */ - void (*read_lock)(rwlock_t *this); - - /** - * Acquire the write lock. - */ - void (*write_lock)(rwlock_t *this); - - /** - * Try to acquire the write lock. - * - * Never blocks, but returns FALSE if the lock was already occupied. - * - * @return TRUE if lock acquired - */ - bool (*try_write_lock)(rwlock_t *this); - - /** - * Release any acquired lock. - */ - void (*unlock)(rwlock_t *this); - - /** - * Destroy the read-write lock. - */ - void (*destroy)(rwlock_t *this); -}; - -/** - * Create a mutex instance. - * - * @param type type of mutex to create - * @return unlocked mutex instance - */ -mutex_t *mutex_create(mutex_type_t type); - -/** - * Create a condvar instance. - * - * @param type type of condvar to create - * @return condvar instance - */ -condvar_t *condvar_create(condvar_type_t type); - -/** - * Create a read-write lock instance. - * - * @param type type of rwlock to create - * @return unlocked rwlock instance - */ -rwlock_t *rwlock_create(rwlock_type_t type); - -#endif /** MUTEX_H_ @}*/ diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c index bf47e6b98..bf528caa0 100644 --- a/src/libstrongswan/utils/optionsfrom.c +++ b/src/libstrongswan/utils/optionsfrom.c @@ -6,7 +6,7 @@ * under the terms of the GNU Library General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . - * + * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public @@ -83,7 +83,7 @@ bool from(private_options_t *this, char *filename, int *argcp, char **argvp[], DBG1("optionsfrom called %d times by \"%s\" - looping?", this->nuses + 1, (*argvp)[0]); return FALSE; } - + fd = fopen(filename, "r"); if (fd == NULL) { diff --git a/src/libstrongswan/utils/optionsfrom.h b/src/libstrongswan/utils/optionsfrom.h index 05269f4f5..b0a9d0096 100644 --- a/src/libstrongswan/utils/optionsfrom.h +++ b/src/libstrongswan/utils/optionsfrom.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup optionsfrom optionsfrom * @{ @ingroup utils @@ -28,7 +28,7 @@ typedef struct options_t options_t; * Reads additional command line arguments from a file */ struct options_t { - + /** * Check if the PKCS#7 contentType is data * diff --git a/src/manager/Makefile.am b/src/manager/Makefile.am index 6c50f1563..e6c31e9b4 100644 --- a/src/manager/Makefile.am +++ b/src/manager/Makefile.am @@ -14,10 +14,8 @@ manager_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la ${xml_LIBS} INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast ${xml_CFLAGS} AM_CFLAGS = -rdynamic \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ -DIPSECDIR=\"${ipsecdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\"\ -DPLUGINS=\""${libstrongswan_plugins}\"" # Don't forget to add templates to EXTRA_DIST !!! How to automate? diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index 2252f57ec..20438acc3 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -17,8 +18,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -37,11 +39,19 @@ manager_PROGRAMS = manager.fcgi$(EXEEXT) subdir = src/manager DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(managerdir)" \ "$(DESTDIR)$(manager_templatesdir)" \ "$(DESTDIR)$(manager_templates_authdir)" \ @@ -50,7 +60,6 @@ am__installdirs = "$(DESTDIR)$(managerdir)" \ "$(DESTDIR)$(manager_templates_gatewaydir)" \ "$(DESTDIR)$(manager_templates_ikesadir)" \ "$(DESTDIR)$(manager_templates_staticdir)" -managerPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(manager_PROGRAMS) am_manager_fcgi_OBJECTS = main.$(OBJEXT) manager.$(OBJEXT) \ gateway.$(OBJEXT) storage.$(OBJEXT) xml.$(OBJEXT) \ @@ -64,6 +73,7 @@ manager_fcgi_DEPENDENCIES = $(top_builddir)/src/libfast/libfast.la \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -80,14 +90,22 @@ am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -manager_templatesDATA_INSTALL = $(INSTALL_DATA) -manager_templates_authDATA_INSTALL = $(INSTALL_DATA) -manager_templates_configDATA_INSTALL = $(INSTALL_DATA) -manager_templates_controlDATA_INSTALL = $(INSTALL_DATA) -manager_templates_gatewayDATA_INSTALL = $(INSTALL_DATA) -manager_templates_ikesaDATA_INSTALL = $(INSTALL_DATA) -manager_templates_staticDATA_INSTALL = $(INSTALL_DATA) +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' DATA = $(manager_templates_DATA) $(manager_templates_auth_DATA) \ $(manager_templates_config_DATA) \ $(manager_templates_control_DATA) \ @@ -130,25 +148,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -160,11 +175,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -193,9 +211,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -218,7 +236,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -226,6 +244,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -234,10 +253,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -245,6 +266,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ managerdir = ${ipsecdir}/manager @@ -259,10 +281,8 @@ controller/gateway_controller.c controller/gateway_controller.h manager_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la ${xml_LIBS} INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast ${xml_CFLAGS} AM_CFLAGS = -rdynamic \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ -DIPSECDIR=\"${ipsecdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\"\ -DPLUGINS=\""${libstrongswan_plugins}\"" @@ -312,9 +332,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/manager/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/manager/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/manager/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/manager/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -332,34 +352,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-managerPROGRAMS: $(manager_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(managerdir)" || $(MKDIR_P) "$(DESTDIR)$(managerdir)" - @list='$(manager_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(managerPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(managerdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(managerPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(managerdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(manager_PROGRAMS)'; test -n "$(managerdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(managerdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(managerdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-managerPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(manager_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(managerdir)/$$f'"; \ - rm -f "$(DESTDIR)$(managerdir)/$$f"; \ - done + @list='$(manager_PROGRAMS)'; test -n "$(managerdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(managerdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(managerdir)" && rm -f $$files clean-managerPROGRAMS: - @list='$(manager_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(manager_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list manager.fcgi$(EXEEXT): $(manager_fcgi_OBJECTS) $(manager_fcgi_DEPENDENCIES) @rm -f manager.fcgi$(EXEEXT) $(LINK) $(manager_fcgi_OBJECTS) $(manager_fcgi_LDADD) $(LIBS) @@ -383,91 +419,91 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< auth_controller.o: controller/auth_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_controller.o -MD -MP -MF $(DEPDIR)/auth_controller.Tpo -c -o auth_controller.o `test -f 'controller/auth_controller.c' || echo '$(srcdir)/'`controller/auth_controller.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/auth_controller.Tpo $(DEPDIR)/auth_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_controller.Tpo $(DEPDIR)/auth_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/auth_controller.c' object='auth_controller.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_controller.o `test -f 'controller/auth_controller.c' || echo '$(srcdir)/'`controller/auth_controller.c auth_controller.obj: controller/auth_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_controller.obj -MD -MP -MF $(DEPDIR)/auth_controller.Tpo -c -o auth_controller.obj `if test -f 'controller/auth_controller.c'; then $(CYGPATH_W) 'controller/auth_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/auth_controller.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/auth_controller.Tpo $(DEPDIR)/auth_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_controller.Tpo $(DEPDIR)/auth_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/auth_controller.c' object='auth_controller.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_controller.obj `if test -f 'controller/auth_controller.c'; then $(CYGPATH_W) 'controller/auth_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/auth_controller.c'; fi` ikesa_controller.o: controller/ikesa_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ikesa_controller.o -MD -MP -MF $(DEPDIR)/ikesa_controller.Tpo -c -o ikesa_controller.o `test -f 'controller/ikesa_controller.c' || echo '$(srcdir)/'`controller/ikesa_controller.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ikesa_controller.Tpo $(DEPDIR)/ikesa_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ikesa_controller.Tpo $(DEPDIR)/ikesa_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/ikesa_controller.c' object='ikesa_controller.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ikesa_controller.o `test -f 'controller/ikesa_controller.c' || echo '$(srcdir)/'`controller/ikesa_controller.c ikesa_controller.obj: controller/ikesa_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ikesa_controller.obj -MD -MP -MF $(DEPDIR)/ikesa_controller.Tpo -c -o ikesa_controller.obj `if test -f 'controller/ikesa_controller.c'; then $(CYGPATH_W) 'controller/ikesa_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/ikesa_controller.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ikesa_controller.Tpo $(DEPDIR)/ikesa_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ikesa_controller.Tpo $(DEPDIR)/ikesa_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/ikesa_controller.c' object='ikesa_controller.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ikesa_controller.obj `if test -f 'controller/ikesa_controller.c'; then $(CYGPATH_W) 'controller/ikesa_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/ikesa_controller.c'; fi` control_controller.o: controller/control_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT control_controller.o -MD -MP -MF $(DEPDIR)/control_controller.Tpo -c -o control_controller.o `test -f 'controller/control_controller.c' || echo '$(srcdir)/'`controller/control_controller.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/control_controller.Tpo $(DEPDIR)/control_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/control_controller.Tpo $(DEPDIR)/control_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/control_controller.c' object='control_controller.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o control_controller.o `test -f 'controller/control_controller.c' || echo '$(srcdir)/'`controller/control_controller.c control_controller.obj: controller/control_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT control_controller.obj -MD -MP -MF $(DEPDIR)/control_controller.Tpo -c -o control_controller.obj `if test -f 'controller/control_controller.c'; then $(CYGPATH_W) 'controller/control_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/control_controller.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/control_controller.Tpo $(DEPDIR)/control_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/control_controller.Tpo $(DEPDIR)/control_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/control_controller.c' object='control_controller.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o control_controller.obj `if test -f 'controller/control_controller.c'; then $(CYGPATH_W) 'controller/control_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/control_controller.c'; fi` config_controller.o: controller/config_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT config_controller.o -MD -MP -MF $(DEPDIR)/config_controller.Tpo -c -o config_controller.o `test -f 'controller/config_controller.c' || echo '$(srcdir)/'`controller/config_controller.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/config_controller.Tpo $(DEPDIR)/config_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/config_controller.Tpo $(DEPDIR)/config_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/config_controller.c' object='config_controller.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o config_controller.o `test -f 'controller/config_controller.c' || echo '$(srcdir)/'`controller/config_controller.c config_controller.obj: controller/config_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT config_controller.obj -MD -MP -MF $(DEPDIR)/config_controller.Tpo -c -o config_controller.obj `if test -f 'controller/config_controller.c'; then $(CYGPATH_W) 'controller/config_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/config_controller.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/config_controller.Tpo $(DEPDIR)/config_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/config_controller.Tpo $(DEPDIR)/config_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/config_controller.c' object='config_controller.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o config_controller.obj `if test -f 'controller/config_controller.c'; then $(CYGPATH_W) 'controller/config_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/config_controller.c'; fi` gateway_controller.o: controller/gateway_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gateway_controller.o -MD -MP -MF $(DEPDIR)/gateway_controller.Tpo -c -o gateway_controller.o `test -f 'controller/gateway_controller.c' || echo '$(srcdir)/'`controller/gateway_controller.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/gateway_controller.Tpo $(DEPDIR)/gateway_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gateway_controller.Tpo $(DEPDIR)/gateway_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/gateway_controller.c' object='gateway_controller.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gateway_controller.o `test -f 'controller/gateway_controller.c' || echo '$(srcdir)/'`controller/gateway_controller.c gateway_controller.obj: controller/gateway_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gateway_controller.obj -MD -MP -MF $(DEPDIR)/gateway_controller.Tpo -c -o gateway_controller.obj `if test -f 'controller/gateway_controller.c'; then $(CYGPATH_W) 'controller/gateway_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/gateway_controller.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/gateway_controller.Tpo $(DEPDIR)/gateway_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gateway_controller.Tpo $(DEPDIR)/gateway_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/gateway_controller.c' object='gateway_controller.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gateway_controller.obj `if test -f 'controller/gateway_controller.c'; then $(CYGPATH_W) 'controller/gateway_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/gateway_controller.c'; fi` @@ -480,122 +516,143 @@ clean-libtool: install-manager_templatesDATA: $(manager_templates_DATA) @$(NORMAL_INSTALL) test -z "$(manager_templatesdir)" || $(MKDIR_P) "$(DESTDIR)$(manager_templatesdir)" - @list='$(manager_templates_DATA)'; for p in $$list; do \ + @list='$(manager_templates_DATA)'; test -n "$(manager_templatesdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(manager_templatesDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(manager_templatesdir)/$$f'"; \ - $(manager_templatesDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(manager_templatesdir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(manager_templatesdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(manager_templatesdir)" || exit $$?; \ done uninstall-manager_templatesDATA: @$(NORMAL_UNINSTALL) - @list='$(manager_templates_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(manager_templatesdir)/$$f'"; \ - rm -f "$(DESTDIR)$(manager_templatesdir)/$$f"; \ - done + @list='$(manager_templates_DATA)'; test -n "$(manager_templatesdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(manager_templatesdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(manager_templatesdir)" && rm -f $$files install-manager_templates_authDATA: $(manager_templates_auth_DATA) @$(NORMAL_INSTALL) test -z "$(manager_templates_authdir)" || $(MKDIR_P) "$(DESTDIR)$(manager_templates_authdir)" - @list='$(manager_templates_auth_DATA)'; for p in $$list; do \ + @list='$(manager_templates_auth_DATA)'; test -n "$(manager_templates_authdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(manager_templates_authDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(manager_templates_authdir)/$$f'"; \ - $(manager_templates_authDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(manager_templates_authdir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(manager_templates_authdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(manager_templates_authdir)" || exit $$?; \ done uninstall-manager_templates_authDATA: @$(NORMAL_UNINSTALL) - @list='$(manager_templates_auth_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(manager_templates_authdir)/$$f'"; \ - rm -f "$(DESTDIR)$(manager_templates_authdir)/$$f"; \ - done + @list='$(manager_templates_auth_DATA)'; test -n "$(manager_templates_authdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(manager_templates_authdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(manager_templates_authdir)" && rm -f $$files install-manager_templates_configDATA: $(manager_templates_config_DATA) @$(NORMAL_INSTALL) test -z "$(manager_templates_configdir)" || $(MKDIR_P) "$(DESTDIR)$(manager_templates_configdir)" - @list='$(manager_templates_config_DATA)'; for p in $$list; do \ + @list='$(manager_templates_config_DATA)'; test -n "$(manager_templates_configdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(manager_templates_configDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(manager_templates_configdir)/$$f'"; \ - $(manager_templates_configDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(manager_templates_configdir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(manager_templates_configdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(manager_templates_configdir)" || exit $$?; \ done uninstall-manager_templates_configDATA: @$(NORMAL_UNINSTALL) - @list='$(manager_templates_config_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(manager_templates_configdir)/$$f'"; \ - rm -f "$(DESTDIR)$(manager_templates_configdir)/$$f"; \ - done + @list='$(manager_templates_config_DATA)'; test -n "$(manager_templates_configdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(manager_templates_configdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(manager_templates_configdir)" && rm -f $$files install-manager_templates_controlDATA: $(manager_templates_control_DATA) @$(NORMAL_INSTALL) test -z "$(manager_templates_controldir)" || $(MKDIR_P) "$(DESTDIR)$(manager_templates_controldir)" - @list='$(manager_templates_control_DATA)'; for p in $$list; do \ + @list='$(manager_templates_control_DATA)'; test -n "$(manager_templates_controldir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(manager_templates_controlDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(manager_templates_controldir)/$$f'"; \ - $(manager_templates_controlDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(manager_templates_controldir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(manager_templates_controldir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(manager_templates_controldir)" || exit $$?; \ done uninstall-manager_templates_controlDATA: @$(NORMAL_UNINSTALL) - @list='$(manager_templates_control_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(manager_templates_controldir)/$$f'"; \ - rm -f "$(DESTDIR)$(manager_templates_controldir)/$$f"; \ - done + @list='$(manager_templates_control_DATA)'; test -n "$(manager_templates_controldir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(manager_templates_controldir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(manager_templates_controldir)" && rm -f $$files install-manager_templates_gatewayDATA: $(manager_templates_gateway_DATA) @$(NORMAL_INSTALL) test -z "$(manager_templates_gatewaydir)" || $(MKDIR_P) "$(DESTDIR)$(manager_templates_gatewaydir)" - @list='$(manager_templates_gateway_DATA)'; for p in $$list; do \ + @list='$(manager_templates_gateway_DATA)'; test -n "$(manager_templates_gatewaydir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(manager_templates_gatewayDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(manager_templates_gatewaydir)/$$f'"; \ - $(manager_templates_gatewayDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(manager_templates_gatewaydir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(manager_templates_gatewaydir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(manager_templates_gatewaydir)" || exit $$?; \ done uninstall-manager_templates_gatewayDATA: @$(NORMAL_UNINSTALL) - @list='$(manager_templates_gateway_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(manager_templates_gatewaydir)/$$f'"; \ - rm -f "$(DESTDIR)$(manager_templates_gatewaydir)/$$f"; \ - done + @list='$(manager_templates_gateway_DATA)'; test -n "$(manager_templates_gatewaydir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(manager_templates_gatewaydir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(manager_templates_gatewaydir)" && rm -f $$files install-manager_templates_ikesaDATA: $(manager_templates_ikesa_DATA) @$(NORMAL_INSTALL) test -z "$(manager_templates_ikesadir)" || $(MKDIR_P) "$(DESTDIR)$(manager_templates_ikesadir)" - @list='$(manager_templates_ikesa_DATA)'; for p in $$list; do \ + @list='$(manager_templates_ikesa_DATA)'; test -n "$(manager_templates_ikesadir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(manager_templates_ikesaDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(manager_templates_ikesadir)/$$f'"; \ - $(manager_templates_ikesaDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(manager_templates_ikesadir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(manager_templates_ikesadir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(manager_templates_ikesadir)" || exit $$?; \ done uninstall-manager_templates_ikesaDATA: @$(NORMAL_UNINSTALL) - @list='$(manager_templates_ikesa_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(manager_templates_ikesadir)/$$f'"; \ - rm -f "$(DESTDIR)$(manager_templates_ikesadir)/$$f"; \ - done + @list='$(manager_templates_ikesa_DATA)'; test -n "$(manager_templates_ikesadir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(manager_templates_ikesadir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(manager_templates_ikesadir)" && rm -f $$files install-manager_templates_staticDATA: $(manager_templates_static_DATA) @$(NORMAL_INSTALL) test -z "$(manager_templates_staticdir)" || $(MKDIR_P) "$(DESTDIR)$(manager_templates_staticdir)" - @list='$(manager_templates_static_DATA)'; for p in $$list; do \ + @list='$(manager_templates_static_DATA)'; test -n "$(manager_templates_staticdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(manager_templates_staticDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(manager_templates_staticdir)/$$f'"; \ - $(manager_templates_staticDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(manager_templates_staticdir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(manager_templates_staticdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(manager_templates_staticdir)" || exit $$?; \ done uninstall-manager_templates_staticDATA: @$(NORMAL_UNINSTALL) - @list='$(manager_templates_static_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(manager_templates_staticdir)/$$f'"; \ - rm -f "$(DESTDIR)$(manager_templates_staticdir)/$$f"; \ - done + @list='$(manager_templates_static_DATA)'; test -n "$(manager_templates_staticdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(manager_templates_staticdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(manager_templates_staticdir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -609,7 +666,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -617,29 +674,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -660,13 +722,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -697,6 +763,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -718,6 +785,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -732,18 +801,28 @@ install-data-am: install-managerPROGRAMS install-manager_templatesDATA \ install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -802,6 +881,7 @@ uninstall-am: uninstall-managerPROGRAMS \ uninstall-manager_templates_ikesaDATA \ uninstall-manager_templates_staticDATA + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/manager/controller/auth_controller.c b/src/manager/controller/auth_controller.c index 5f9c3b623..dd469cee4 100644 --- a/src/manager/controller/auth_controller.c +++ b/src/manager/controller/auth_controller.c @@ -30,7 +30,7 @@ struct private_auth_controller_t { * public functions */ auth_controller_t public; - + /** * manager instance */ @@ -47,7 +47,7 @@ static void login(private_auth_controller_t *this, request_t *request) static void check(private_auth_controller_t *this, request_t *request) { char *username, *password; - + username = request->get_query_data(request, "username"); password = request->get_query_data(request, "password"); if (username && password && @@ -87,11 +87,11 @@ static void handle(private_auth_controller_t *this, { return login(this, request); } - else if (streq(action, "check")) + else if (streq(action, "check")) { return check(this, request); } - else if (streq(action, "logout")) + else if (streq(action, "logout")) { return logout(this, request); } @@ -117,9 +117,9 @@ controller_t *auth_controller_create(context_t *context, void *param) this->public.controller.get_name = (char*(*)(controller_t*))get_name; this->public.controller.handle = (void(*)(controller_t*,request_t*,char*,char*,char*,char*,char*))handle; this->public.controller.destroy = (void(*)(controller_t*))destroy; - + this->manager = (manager_t*)context; - + return &this->public.controller; } diff --git a/src/manager/controller/config_controller.c b/src/manager/controller/config_controller.c index dda2938a1..828a4ac97 100644 --- a/src/manager/controller/config_controller.c +++ b/src/manager/controller/config_controller.c @@ -33,7 +33,7 @@ struct private_config_controller_t { * public functions */ config_controller_t public; - + /** * manager instance */ @@ -54,7 +54,7 @@ static void process_peerconfig(private_config_controller_t *this, { if (streq(name, "name")) { - config = value; + config = value; } else if (streq(name, "ikeconfig")) { @@ -80,7 +80,7 @@ static void process_peerconfig(private_config_controller_t *this, if (streq(name, "childconfig")) { int num = 0; - + e2 = xml->children(xml); while (e2->enumerate(e2, &xml, &name, &value)) { @@ -199,9 +199,9 @@ controller_t *config_controller_create(context_t *context, void *param) this->public.controller.get_name = (char*(*)(controller_t*))get_name; this->public.controller.handle = (void(*)(controller_t*,request_t*,char*,char*,char*,char*,char*))handle; this->public.controller.destroy = (void(*)(controller_t*))destroy; - + this->manager = (manager_t*)context; - + return &this->public.controller; } diff --git a/src/manager/controller/control_controller.c b/src/manager/controller/control_controller.c index c22591182..fdf66bf14 100644 --- a/src/manager/controller/control_controller.c +++ b/src/manager/controller/control_controller.c @@ -33,7 +33,7 @@ struct private_control_controller_t { * public functions */ control_controller_t public; - + /** * manager instance */ @@ -50,7 +50,7 @@ static void handle_result(private_control_controller_t *this, request_t *r, xml_t *xml; char *name, *value; int num = 0; - + if (e) { while (e->enumerate(e, &xml, &name, &value)) @@ -113,7 +113,7 @@ static void terminate(private_control_controller_t *this, request_t *r, { gateway_t *gateway; enumerator_t *e; - + r->setf(r, "title=Terminate %s SA %d", ike ? "IKE" : "CHILD", id); gateway = this->manager->select_gateway(this->manager, 0); e = gateway->terminate(gateway, ike, id); @@ -145,7 +145,7 @@ static void handle(private_control_controller_t *this, if (action) { u_int32_t id; - + if (streq(action, "terminateike")) { if (str && (id = atoi(str))) @@ -196,9 +196,9 @@ controller_t *control_controller_create(context_t *context, void *param) this->public.controller.get_name = (char*(*)(controller_t*))get_name; this->public.controller.handle = (void(*)(controller_t*,request_t*,char*,char*,char*,char*,char*))handle; this->public.controller.destroy = (void(*)(controller_t*))destroy; - + this->manager = (manager_t*)context; - + return &this->public.controller; } diff --git a/src/manager/controller/gateway_controller.c b/src/manager/controller/gateway_controller.c index 164bf5921..9fca220e9 100644 --- a/src/manager/controller/gateway_controller.c +++ b/src/manager/controller/gateway_controller.c @@ -31,12 +31,12 @@ struct private_gateway_controller_t { * public functions */ gateway_controller_t public; - + /** * manager instance */ manager_t *manager; - + }; static void list(private_gateway_controller_t *this, request_t *request) @@ -44,7 +44,7 @@ static void list(private_gateway_controller_t *this, request_t *request) enumerator_t *enumerator; char *name, *address; int id, port; - + enumerator = this->manager->create_gateway_enumerator(this->manager); while (enumerator->enumerate(enumerator, &id, &name, &port, &address)) { @@ -69,7 +69,7 @@ static void list(private_gateway_controller_t *this, request_t *request) static void _select(private_gateway_controller_t *this, request_t *request) { char *id; - + id = request->get_query_data(request, "gateway"); if (id) { @@ -106,7 +106,7 @@ static void handle(private_gateway_controller_t *this, { return list(this, request); } - else if (streq(action, "select")) + else if (streq(action, "select")) { return _select(this, request); } @@ -133,9 +133,9 @@ controller_t *gateway_controller_create(context_t *context, void *param) this->public.controller.get_name = (char*(*)(controller_t*))get_name; this->public.controller.handle = (void(*)(controller_t*,request_t*,char*,char*,char*,char*,char*))handle; this->public.controller.destroy = (void(*)(controller_t*))destroy; - + this->manager = (manager_t*)context; - + return &this->public.controller; } diff --git a/src/manager/controller/ikesa_controller.c b/src/manager/controller/ikesa_controller.c index c35ff42e6..afa4a67f8 100644 --- a/src/manager/controller/ikesa_controller.c +++ b/src/manager/controller/ikesa_controller.c @@ -33,7 +33,7 @@ struct private_ikesa_controller_t { * public functions */ ikesa_controller_t public; - + /** * manager instance */ @@ -50,7 +50,7 @@ static void process_childsa(private_ikesa_controller_t *this, char *id, enumerator_t *e1, *e2; char *name, *value, *reqid = "", *section = ""; int num = 0; - + while (e->enumerate(e, &xml, &name, &value)) { if (streq(name, "reqid")) @@ -106,7 +106,7 @@ static void process_ikesa(private_ikesa_controller_t *this, { if (streq(name, "id")) { - id = value; + id = value; } else if (streq(name, "local") || streq(name, "remote")) { @@ -223,9 +223,9 @@ controller_t *ikesa_controller_create(context_t *context, void *param) this->public.controller.get_name = (char*(*)(controller_t*))get_name; this->public.controller.handle = (void(*)(controller_t*,request_t*,char*,char*,char*,char*,char*))handle; this->public.controller.destroy = (void(*)(controller_t*))destroy; - + this->manager = (manager_t*)context; - + return &this->public.controller; } diff --git a/src/manager/gateway.c b/src/manager/gateway.c index f0d557c71..fd462afa7 100644 --- a/src/manager/gateway.c +++ b/src/manager/gateway.c @@ -35,22 +35,22 @@ struct private_gateway_t { * public functions */ gateway_t public; - + /** * name of the gateway */ char *name; - + /** * host to connect using tcp */ host_t *host; - + /** * socket file descriptor, > 0 if connected */ int fd; - + /** * unique id assigned to each xml message */ @@ -83,7 +83,7 @@ static bool connect_(private_gateway_t *this) addr = (struct sockaddr*)&unix_addr; len = sizeof(unix_addr); } - + this->fd = socket(family, SOCK_STREAM, 0); if (this->fd < 0) { @@ -115,7 +115,7 @@ static char* request(private_gateway_t *this, char *xml, ...) char buf[8096]; ssize_t len; va_list args; - + va_start(args, xml); len = vsnprintf(buf, sizeof(buf), xml, args); va_end(args); @@ -153,7 +153,7 @@ static enumerator_t* query_ikesalist(private_gateway_t *this) char *str, *name, *value; xml_t *xml; enumerator_t *e1, *e2, *e3, *e4 = NULL; - + str = request(this, "" "" "" @@ -168,7 +168,7 @@ static enumerator_t* query_ikesalist(private_gateway_t *this) { return NULL; } - + e1 = xml->children(xml); free(str); while (e1->enumerate(e1, &xml, &name, &value)) @@ -202,7 +202,7 @@ static enumerator_t* query_ikesalist(private_gateway_t *this) return NULL; } - + /** * Implementation of gateway_t.query_configlist. */ @@ -211,7 +211,7 @@ static enumerator_t* query_configlist(private_gateway_t *this) char *str, *name, *value; xml_t *xml; enumerator_t *e1, *e2, *e3, *e4 = NULL; - + str = request(this, "" "" "" @@ -226,7 +226,7 @@ static enumerator_t* query_configlist(private_gateway_t *this) { return NULL; } - + e1 = xml->children(xml); free(str); while (e1->enumerate(e1, &xml, &name, &value)) @@ -308,7 +308,7 @@ static enumerator_t* read_result(private_gateway_t *this, char *res) static enumerator_t* initiate(private_gateway_t *this, bool ike, char *name) { char *str, *kind; - + if (ike) { kind = "ike"; @@ -331,7 +331,7 @@ static enumerator_t* initiate(private_gateway_t *this, bool ike, char *name) static enumerator_t* terminate(private_gateway_t *this, bool ike, u_int32_t id) { char *str, *kind; - + if (ike) { kind = "ike"; @@ -368,19 +368,19 @@ static void destroy(private_gateway_t *this) static private_gateway_t *gateway_create(char *name) { private_gateway_t *this = malloc_thing(private_gateway_t); - + this->public.request = (char*(*)(gateway_t*, char *xml))request; this->public.query_ikesalist = (enumerator_t*(*)(gateway_t*))query_ikesalist; this->public.query_configlist = (enumerator_t*(*)(gateway_t*))query_configlist; this->public.initiate = (enumerator_t*(*)(gateway_t*, bool ike, char *name))initiate; this->public.terminate = (enumerator_t*(*)(gateway_t*, bool ike, u_int32_t id))terminate; this->public.destroy = (void(*)(gateway_t*))destroy; - + this->name = strdup(name); this->host = NULL; this->fd = -1; this->xmlid = 1; - + return this; } @@ -390,9 +390,9 @@ static private_gateway_t *gateway_create(char *name) gateway_t *gateway_create_tcp(char *name, host_t *host) { private_gateway_t *this = gateway_create(name); - + this->host = host; - + return &this->public; } @@ -402,7 +402,7 @@ gateway_t *gateway_create_tcp(char *name, host_t *host) gateway_t *gateway_create_unix(char *name) { private_gateway_t *this = gateway_create(name); - + return &this->public; } diff --git a/src/manager/gateway.h b/src/manager/gateway.h index 7c76fa474..54aade7b1 100644 --- a/src/manager/gateway.h +++ b/src/manager/gateway.h @@ -30,7 +30,7 @@ typedef struct gateway_t gateway_t; * A connection to a gateway. */ struct gateway_t { - + /** * Send an XML request to the gateway. * @@ -38,21 +38,21 @@ struct gateway_t { * @return allocated xml response string */ char* (*request)(gateway_t *this, char *xml); - + /** * Query the list of IKE_SAs and all its children. * * @return enumerator over ikesa XML elements */ enumerator_t* (*query_ikesalist)(gateway_t *this); - + /** * Query the list of peer configs and its subconfigs. * * @return enumerator over peerconfig XML elements */ enumerator_t* (*query_configlist)(gateway_t *this); - + /** * Terminate an IKE or a CHILD SA. * @@ -61,7 +61,7 @@ struct gateway_t { * @return enumerator over control response XML children */ enumerator_t* (*terminate)(gateway_t *this, bool ike, u_int32_t id); - + /** * Initiate an IKE or a CHILD SA. * @@ -70,7 +70,7 @@ struct gateway_t { * @return enumerator over control response XML children */ enumerator_t* (*initiate)(gateway_t *this, bool ike, char *name); - + /** * Destroy a gateway instance. */ diff --git a/src/manager/main.c b/src/manager/main.c index 6fef0bf3e..1f5c45113 100644 --- a/src/manager/main.c +++ b/src/manager/main.c @@ -34,10 +34,13 @@ int main (int arc, char *argv[]) bool debug; int threads, timeout; - library_init(STRONGSWAN_CONF); - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, - lib->settings->get_str(lib->settings, "manager.load", PLUGINS)); - + library_init(NULL); + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "manager.load", PLUGINS))) + { + return 1; + } + socket = lib->settings->get_str(lib->settings, "manager.socket", NULL); debug = lib->settings->get_bool(lib->settings, "manager.debug", FALSE); timeout = lib->settings->get_time(lib->settings, "manager.timeout", 900); @@ -48,13 +51,13 @@ int main (int arc, char *argv[]) DBG1("database URI undefined, set manager.database in strongswan.conf"); return 1; } - + storage = storage_create(database); if (storage == NULL) { return 1; } - + dispatcher = dispatcher_create(socket, debug, timeout, (context_constructor_t)manager_create, storage); dispatcher->add_controller(dispatcher, ikesa_controller_create, NULL); @@ -62,16 +65,16 @@ int main (int arc, char *argv[]) dispatcher->add_controller(dispatcher, auth_controller_create, NULL); dispatcher->add_controller(dispatcher, control_controller_create, NULL); dispatcher->add_controller(dispatcher, config_controller_create, NULL); - + dispatcher->run(dispatcher, threads); - + dispatcher->waitsignal(dispatcher); - + dispatcher->destroy(dispatcher); storage->destroy(storage); - + library_deinit(); - return 0; + return 0; } diff --git a/src/manager/manager.c b/src/manager/manager.c index 72f402a48..fb89c6b72 100644 --- a/src/manager/manager.c +++ b/src/manager/manager.c @@ -30,23 +30,23 @@ struct private_manager_t { * public functions */ manager_t public; - + /** * underlying storage database */ storage_t *store; - + /** * user id, if we are logged in */ int user; - + /** * selected gateway */ gateway_t *gateway; -}; - +}; + /** * Implementation of manager_t.create_gateway_enumerator. */ @@ -66,10 +66,10 @@ static gateway_t* select_gateway(private_manager_t *this, int select_id) int id, port; char *name, *address; host_t *host; - + if (this->gateway) this->gateway->destroy(this->gateway); this->gateway = NULL; - + enumerator = this->store->create_gateway_enumerator(this->store, this->user); while (enumerator->enumerate(enumerator, &id, &name, &port, &address)) { @@ -143,18 +143,18 @@ static void destroy(private_manager_t *this) manager_t *manager_create(storage_t *storage) { private_manager_t *this = malloc_thing(private_manager_t); - + this->public.login = (bool(*)(manager_t*, char *username, char *password))login; this->public.logged_in = (bool(*)(manager_t*))logged_in; this->public.logout = (void(*)(manager_t*))logout; this->public.create_gateway_enumerator = (enumerator_t*(*)(manager_t*))create_gateway_enumerator; this->public.select_gateway = (gateway_t*(*)(manager_t*, int id))select_gateway; this->public.context.destroy = (void(*)(context_t*))destroy; - + this->user = 0; this->store = storage; this->gateway = NULL; - + return &this->public; } diff --git a/src/manager/manager.h b/src/manager/manager.h index dc5fc1831..231b0f5f3 100644 --- a/src/manager/manager.h +++ b/src/manager/manager.h @@ -44,7 +44,7 @@ struct manager_t { * implements context_t interface */ context_t context; - + /** * Create an iterator over all configured gateways. * @@ -54,7 +54,7 @@ struct manager_t { * @return enumerator */ enumerator_t* (*create_gateway_enumerator)(manager_t *this); - + /** * Select a gateway. * @@ -65,7 +65,7 @@ struct manager_t { * @return selected gateway, or NULL */ gateway_t* (*select_gateway)(manager_t *this, int id); - + /** * Try to log in. * @@ -74,14 +74,14 @@ struct manager_t { * @return TRUE if login successful */ bool (*login)(manager_t *this, char *username, char *password); - + /** * Check if user logged in. * * @return TRUE if logged in */ bool (*logged_in)(manager_t *this); - + /** * Log out. */ diff --git a/src/manager/storage.c b/src/manager/storage.c index 00e688e08..f7635ea71 100644 --- a/src/manager/storage.c +++ b/src/manager/storage.c @@ -30,7 +30,7 @@ struct private_storage_t { * public functions */ storage_t public; - + /** * database connection */ @@ -47,7 +47,7 @@ static int login(private_storage_t *this, char *username, char *password) size_t username_len, password_len; int uid = 0; enumerator_t *enumerator; - + /* hash = SHA1( username | password ) */ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) @@ -63,8 +63,8 @@ static int login(private_storage_t *this, char *username, char *password) hasher->get_hash(hasher, data, hash.ptr); hasher->destroy(hasher); hex_str = chunk_to_hex(hash, NULL, FALSE); - - enumerator = this->db->query(this->db, + + enumerator = this->db->query(this->db, "SELECT oid FROM users WHERE username = ? AND password = ?;", DB_TEXT, username, DB_TEXT, hex_str.ptr, DB_INT); @@ -83,8 +83,8 @@ static int login(private_storage_t *this, char *username, char *password) static enumerator_t* create_gateway_enumerator(private_storage_t *this, int user) { enumerator_t *enumerator; - - enumerator = this->db->query(this->db, + + enumerator = this->db->query(this->db, "SELECT gateways.oid AS gid, name, port, address FROM " "gateways, user_gateway AS ug ON gid = ug.gateway WHERE ug.user = ?;", DB_INT, user, @@ -111,11 +111,11 @@ static void destroy(private_storage_t *this) storage_t *storage_create(char *uri) { private_storage_t *this = malloc_thing(private_storage_t); - + this->public.login = (int(*)(storage_t*, char *username, char *password))login; this->public.create_gateway_enumerator = (enumerator_t*(*)(storage_t*,int))create_gateway_enumerator; this->public.destroy = (void(*)(storage_t*))destroy; - + this->db = lib->db->create(lib->db, uri); if (this->db == NULL) { diff --git a/src/manager/storage.h b/src/manager/storage.h index 2495b3a26..d8e8b7479 100644 --- a/src/manager/storage.h +++ b/src/manager/storage.h @@ -39,7 +39,7 @@ struct storage_t { * @return user ID if login good, 0 otherwise */ int (*login)(storage_t *this, char *username, char *password); - + /** * Create an iterator over the gateways. * @@ -49,12 +49,12 @@ struct storage_t { * @param user user Id * @return enumerator */ - enumerator_t* (*create_gateway_enumerator)(storage_t *this, int user); + enumerator_t* (*create_gateway_enumerator)(storage_t *this, int user); /** - * Destroy a storage instance. - */ - void (*destroy)(storage_t *this); + * Destroy a storage instance. + */ + void (*destroy)(storage_t *this); }; /** diff --git a/src/manager/xml.c b/src/manager/xml.c index 5aa2e3e1e..a9ef60c24 100644 --- a/src/manager/xml.c +++ b/src/manager/xml.c @@ -32,22 +32,22 @@ struct private_xml_t { * public functions */ xml_t public; - + /** * root node of this xml (part) */ xmlNode *node; - + /** * document, only for root xml_t */ xmlDoc *doc; - + /** * Root xml_t* */ private_xml_t *root; - + /** * number of enumerator instances */ @@ -79,10 +79,10 @@ static bool child_enumerate(child_enum_t *e, private_xml_t **child, if (e->node) { xmlNode *text; - + text = e->node->children; *value = NULL; - + while (text && text->type != XML_TEXT_NODE) { text = text->next; @@ -109,7 +109,7 @@ static char* get_attribute(private_xml_t *this, char *name) } /** - * destroy enumerator, and complete tree if this was the last enumerator + * destroy enumerator, and complete tree if this was the last enumerator */ static void child_destroy(child_enum_t *this) { @@ -145,10 +145,10 @@ static enumerator_t* children(private_xml_t *this) xml_t *xml_create(char *xml) { private_xml_t *this = malloc_thing(private_xml_t); - + this->public.get_attribute = (char*(*)(xml_t*,char*))get_attribute; this->public.children = (enumerator_t*(*)(xml_t*))children; - + this->doc = xmlReadMemory(xml, strlen(xml), NULL, NULL, 0); if (this->doc == NULL) { @@ -158,7 +158,7 @@ xml_t *xml_create(char *xml) this->node = xmlDocGetRootElement(this->doc); this->root = this; this->enums = 0; - + return &this->public; } diff --git a/src/manager/xml.h b/src/manager/xml.h index 230e0f925..0c362fed1 100644 --- a/src/manager/xml.h +++ b/src/manager/xml.h @@ -43,7 +43,7 @@ struct xml_t { * @return enumerator over (xml_t* child, char *name, char *value) */ enumerator_t* (*children)(xml_t *this); - + /** * Get an attribute value by its name. * diff --git a/src/medsrv/Makefile.am b/src/medsrv/Makefile.am index 8da1cfcc4..9f5c9e2f7 100644 --- a/src/medsrv/Makefile.am +++ b/src/medsrv/Makefile.am @@ -11,10 +11,8 @@ medsrv_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast AM_CFLAGS = -rdynamic \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ -DIPSECDIR=\"${ipsecdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\"\ -DPLUGINS=\""${libstrongswan_plugins}\"" # Don't forget to add templates to EXTRA_DIST !!! How to automate? @@ -24,10 +22,10 @@ medsrv_templates_DATA = templates/header.cs templates/footer.cs medsrv_templates_userdir = ${medsrv_templatesdir}/user medsrv_templates_user_DATA = templates/user/add.cs templates/user/edit.cs \ templates/user/login.cs templates/user/help.cs - + medsrv_templates_peerdir = ${medsrv_templatesdir}/peer medsrv_templates_peer_DATA = templates/peer/add.cs templates/peer/edit.cs \ -templates/peer/list.cs +templates/peer/list.cs medsrv_templates_staticdir = ${medsrv_templatesdir}/static medsrv_templates_static_DATA = templates/header.cs templates/footer.cs \ diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index 239923c40..8f602930d 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -17,8 +18,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -37,17 +39,24 @@ medsrv_PROGRAMS = medsrv.fcgi$(EXEEXT) subdir = src/medsrv DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(medsrvdir)" \ "$(DESTDIR)$(medsrv_templatesdir)" \ "$(DESTDIR)$(medsrv_templates_peerdir)" \ "$(DESTDIR)$(medsrv_templates_staticdir)" \ "$(DESTDIR)$(medsrv_templates_userdir)" -medsrvPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(medsrv_PROGRAMS) am_medsrv_fcgi_OBJECTS = user.$(OBJEXT) main.$(OBJEXT) \ auth_filter.$(OBJEXT) user_controller.$(OBJEXT) \ @@ -57,6 +66,7 @@ medsrv_fcgi_DEPENDENCIES = $(top_builddir)/src/libfast/libfast.la DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -73,11 +83,22 @@ am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -medsrv_templatesDATA_INSTALL = $(INSTALL_DATA) -medsrv_templates_peerDATA_INSTALL = $(INSTALL_DATA) -medsrv_templates_staticDATA_INSTALL = $(INSTALL_DATA) -medsrv_templates_userDATA_INSTALL = $(INSTALL_DATA) +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' DATA = $(medsrv_templates_DATA) $(medsrv_templates_peer_DATA) \ $(medsrv_templates_static_DATA) $(medsrv_templates_user_DATA) ETAGS = etags @@ -116,25 +137,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -146,11 +164,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -179,9 +200,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -204,7 +225,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -212,6 +233,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -220,10 +242,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -231,6 +255,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ medsrvdir = ${ipsecdir}/medsrv @@ -242,10 +267,8 @@ controller/peer_controller.c controller/peer_controller.h medsrv_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast AM_CFLAGS = -rdynamic \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ -DIPSECDIR=\"${ipsecdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\"\ -DPLUGINS=\""${libstrongswan_plugins}\"" @@ -258,7 +281,7 @@ templates/user/login.cs templates/user/help.cs medsrv_templates_peerdir = ${medsrv_templatesdir}/peer medsrv_templates_peer_DATA = templates/peer/add.cs templates/peer/edit.cs \ -templates/peer/list.cs +templates/peer/list.cs medsrv_templates_staticdir = ${medsrv_templatesdir}/static medsrv_templates_static_DATA = templates/header.cs templates/footer.cs \ @@ -285,9 +308,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/medsrv/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/medsrv/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/medsrv/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/medsrv/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -305,34 +328,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-medsrvPROGRAMS: $(medsrv_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(medsrvdir)" || $(MKDIR_P) "$(DESTDIR)$(medsrvdir)" - @list='$(medsrv_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(medsrvPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(medsrvdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(medsrvPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(medsrvdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(medsrv_PROGRAMS)'; test -n "$(medsrvdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(medsrvdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(medsrvdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-medsrvPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(medsrv_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(medsrvdir)/$$f'"; \ - rm -f "$(DESTDIR)$(medsrvdir)/$$f"; \ - done + @list='$(medsrv_PROGRAMS)'; test -n "$(medsrvdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(medsrvdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(medsrvdir)" && rm -f $$files clean-medsrvPROGRAMS: - @list='$(medsrv_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(medsrv_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list medsrv.fcgi$(EXEEXT): $(medsrv_fcgi_OBJECTS) $(medsrv_fcgi_DEPENDENCIES) @rm -f medsrv.fcgi$(EXEEXT) $(LINK) $(medsrv_fcgi_OBJECTS) $(medsrv_fcgi_LDADD) $(LIBS) @@ -351,63 +390,63 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< auth_filter.o: filter/auth_filter.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_filter.o -MD -MP -MF $(DEPDIR)/auth_filter.Tpo -c -o auth_filter.o `test -f 'filter/auth_filter.c' || echo '$(srcdir)/'`filter/auth_filter.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/auth_filter.Tpo $(DEPDIR)/auth_filter.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_filter.Tpo $(DEPDIR)/auth_filter.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='filter/auth_filter.c' object='auth_filter.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_filter.o `test -f 'filter/auth_filter.c' || echo '$(srcdir)/'`filter/auth_filter.c auth_filter.obj: filter/auth_filter.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_filter.obj -MD -MP -MF $(DEPDIR)/auth_filter.Tpo -c -o auth_filter.obj `if test -f 'filter/auth_filter.c'; then $(CYGPATH_W) 'filter/auth_filter.c'; else $(CYGPATH_W) '$(srcdir)/filter/auth_filter.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/auth_filter.Tpo $(DEPDIR)/auth_filter.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_filter.Tpo $(DEPDIR)/auth_filter.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='filter/auth_filter.c' object='auth_filter.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_filter.obj `if test -f 'filter/auth_filter.c'; then $(CYGPATH_W) 'filter/auth_filter.c'; else $(CYGPATH_W) '$(srcdir)/filter/auth_filter.c'; fi` user_controller.o: controller/user_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT user_controller.o -MD -MP -MF $(DEPDIR)/user_controller.Tpo -c -o user_controller.o `test -f 'controller/user_controller.c' || echo '$(srcdir)/'`controller/user_controller.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/user_controller.Tpo $(DEPDIR)/user_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/user_controller.Tpo $(DEPDIR)/user_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/user_controller.c' object='user_controller.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o user_controller.o `test -f 'controller/user_controller.c' || echo '$(srcdir)/'`controller/user_controller.c user_controller.obj: controller/user_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT user_controller.obj -MD -MP -MF $(DEPDIR)/user_controller.Tpo -c -o user_controller.obj `if test -f 'controller/user_controller.c'; then $(CYGPATH_W) 'controller/user_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/user_controller.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/user_controller.Tpo $(DEPDIR)/user_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/user_controller.Tpo $(DEPDIR)/user_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/user_controller.c' object='user_controller.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o user_controller.obj `if test -f 'controller/user_controller.c'; then $(CYGPATH_W) 'controller/user_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/user_controller.c'; fi` peer_controller.o: controller/peer_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_controller.o -MD -MP -MF $(DEPDIR)/peer_controller.Tpo -c -o peer_controller.o `test -f 'controller/peer_controller.c' || echo '$(srcdir)/'`controller/peer_controller.c -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/peer_controller.Tpo $(DEPDIR)/peer_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/peer_controller.Tpo $(DEPDIR)/peer_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/peer_controller.c' object='peer_controller.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_controller.o `test -f 'controller/peer_controller.c' || echo '$(srcdir)/'`controller/peer_controller.c peer_controller.obj: controller/peer_controller.c @am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_controller.obj -MD -MP -MF $(DEPDIR)/peer_controller.Tpo -c -o peer_controller.obj `if test -f 'controller/peer_controller.c'; then $(CYGPATH_W) 'controller/peer_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/peer_controller.c'; fi` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/peer_controller.Tpo $(DEPDIR)/peer_controller.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/peer_controller.Tpo $(DEPDIR)/peer_controller.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='controller/peer_controller.c' object='peer_controller.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_controller.obj `if test -f 'controller/peer_controller.c'; then $(CYGPATH_W) 'controller/peer_controller.c'; else $(CYGPATH_W) '$(srcdir)/controller/peer_controller.c'; fi` @@ -420,71 +459,83 @@ clean-libtool: install-medsrv_templatesDATA: $(medsrv_templates_DATA) @$(NORMAL_INSTALL) test -z "$(medsrv_templatesdir)" || $(MKDIR_P) "$(DESTDIR)$(medsrv_templatesdir)" - @list='$(medsrv_templates_DATA)'; for p in $$list; do \ + @list='$(medsrv_templates_DATA)'; test -n "$(medsrv_templatesdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(medsrv_templatesDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(medsrv_templatesdir)/$$f'"; \ - $(medsrv_templatesDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(medsrv_templatesdir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(medsrv_templatesdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(medsrv_templatesdir)" || exit $$?; \ done uninstall-medsrv_templatesDATA: @$(NORMAL_UNINSTALL) - @list='$(medsrv_templates_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(medsrv_templatesdir)/$$f'"; \ - rm -f "$(DESTDIR)$(medsrv_templatesdir)/$$f"; \ - done + @list='$(medsrv_templates_DATA)'; test -n "$(medsrv_templatesdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(medsrv_templatesdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(medsrv_templatesdir)" && rm -f $$files install-medsrv_templates_peerDATA: $(medsrv_templates_peer_DATA) @$(NORMAL_INSTALL) test -z "$(medsrv_templates_peerdir)" || $(MKDIR_P) "$(DESTDIR)$(medsrv_templates_peerdir)" - @list='$(medsrv_templates_peer_DATA)'; for p in $$list; do \ + @list='$(medsrv_templates_peer_DATA)'; test -n "$(medsrv_templates_peerdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(medsrv_templates_peerDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(medsrv_templates_peerdir)/$$f'"; \ - $(medsrv_templates_peerDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(medsrv_templates_peerdir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(medsrv_templates_peerdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(medsrv_templates_peerdir)" || exit $$?; \ done uninstall-medsrv_templates_peerDATA: @$(NORMAL_UNINSTALL) - @list='$(medsrv_templates_peer_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(medsrv_templates_peerdir)/$$f'"; \ - rm -f "$(DESTDIR)$(medsrv_templates_peerdir)/$$f"; \ - done + @list='$(medsrv_templates_peer_DATA)'; test -n "$(medsrv_templates_peerdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(medsrv_templates_peerdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(medsrv_templates_peerdir)" && rm -f $$files install-medsrv_templates_staticDATA: $(medsrv_templates_static_DATA) @$(NORMAL_INSTALL) test -z "$(medsrv_templates_staticdir)" || $(MKDIR_P) "$(DESTDIR)$(medsrv_templates_staticdir)" - @list='$(medsrv_templates_static_DATA)'; for p in $$list; do \ + @list='$(medsrv_templates_static_DATA)'; test -n "$(medsrv_templates_staticdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(medsrv_templates_staticDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(medsrv_templates_staticdir)/$$f'"; \ - $(medsrv_templates_staticDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(medsrv_templates_staticdir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(medsrv_templates_staticdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(medsrv_templates_staticdir)" || exit $$?; \ done uninstall-medsrv_templates_staticDATA: @$(NORMAL_UNINSTALL) - @list='$(medsrv_templates_static_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(medsrv_templates_staticdir)/$$f'"; \ - rm -f "$(DESTDIR)$(medsrv_templates_staticdir)/$$f"; \ - done + @list='$(medsrv_templates_static_DATA)'; test -n "$(medsrv_templates_staticdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(medsrv_templates_staticdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(medsrv_templates_staticdir)" && rm -f $$files install-medsrv_templates_userDATA: $(medsrv_templates_user_DATA) @$(NORMAL_INSTALL) test -z "$(medsrv_templates_userdir)" || $(MKDIR_P) "$(DESTDIR)$(medsrv_templates_userdir)" - @list='$(medsrv_templates_user_DATA)'; for p in $$list; do \ + @list='$(medsrv_templates_user_DATA)'; test -n "$(medsrv_templates_userdir)" || list=; \ + for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(medsrv_templates_userDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(medsrv_templates_userdir)/$$f'"; \ - $(medsrv_templates_userDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(medsrv_templates_userdir)/$$f"; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(medsrv_templates_userdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(medsrv_templates_userdir)" || exit $$?; \ done uninstall-medsrv_templates_userDATA: @$(NORMAL_UNINSTALL) - @list='$(medsrv_templates_user_DATA)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(medsrv_templates_userdir)/$$f'"; \ - rm -f "$(DESTDIR)$(medsrv_templates_userdir)/$$f"; \ - done + @list='$(medsrv_templates_user_DATA)'; test -n "$(medsrv_templates_userdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + test -n "$$files" || exit 0; \ + echo " ( cd '$(DESTDIR)$(medsrv_templates_userdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(medsrv_templates_userdir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -498,7 +549,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -506,29 +557,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -549,13 +605,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -586,6 +646,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -607,6 +668,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -618,18 +681,28 @@ install-data-am: install-medsrvPROGRAMS install-medsrv_templatesDATA \ install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -678,6 +751,7 @@ uninstall-am: uninstall-medsrvPROGRAMS uninstall-medsrv_templatesDATA \ uninstall-medsrv_templates_staticDATA \ uninstall-medsrv_templates_userDATA + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/medsrv/controller/peer_controller.c b/src/medsrv/controller/peer_controller.c index 01ba0c8cc..e1e4661e0 100755 --- a/src/medsrv/controller/peer_controller.c +++ b/src/medsrv/controller/peer_controller.c @@ -42,8 +42,8 @@ struct private_peer_controller_t { * active user session */ user_t *user; - - /** + + /** * underlying database */ database_t *db; @@ -55,19 +55,19 @@ struct private_peer_controller_t { static void list(private_peer_controller_t *this, request_t *request) { enumerator_t *query; - + query = this->db->query(this->db, "SELECT id, alias, keyid FROM peer WHERE user = ? ORDER BY alias", DB_UINT, this->user->get_user(this->user), DB_UINT, DB_TEXT, DB_BLOB); - + if (query) { u_int id; char *alias; chunk_t keyid; identification_t *identifier; - + while (query->enumerate(query, &id, &alias, &keyid)) { request->setf(request, "peers.%d.alias=%s", id, alias); @@ -89,7 +89,7 @@ static bool verify_alias(private_peer_controller_t *this, request_t *request, if (!alias || *alias == '\0') { request->setf(request, "error=Alias is missing."); - return FALSE; + return FALSE; } while (*alias != '\0') { @@ -121,27 +121,31 @@ static bool parse_public_key(private_peer_controller_t *this, chunk_t *encoding, chunk_t *keyid) { public_key_t *public; - identification_t *id; - + chunk_t blob, id; + if (!public_key || *public_key == '\0') { request->setf(request, "error=Public key is missing."); return FALSE; } + blob = chunk_clone(chunk_create(public_key, strlen(public_key))); public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, - BUILD_BLOB_ASN1_PEM, public_key, + BUILD_BLOB_PEM, blob, BUILD_END); + chunk_free(&blob); if (!public) { request->setf(request, "error=Parsing public key failed."); return FALSE; } /* TODO: use get_encoding() with an encoding type */ - *encoding = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", public->get_encoding(public))); - id = public->get_id(public, ID_PUBKEY_SHA1); - *keyid = chunk_clone(id->get_encoding(id)); + if (!public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &id) || + !public->get_encoding(public, KEY_PUB_SPKI_ASN1_DER, encoding)) + { + request->setf(request, "error=Encoding public key failed."); + return FALSE; + } + *keyid = chunk_clone(id); public->destroy(public); return TRUE; } @@ -152,7 +156,7 @@ static bool parse_public_key(private_peer_controller_t *this, static void add(private_peer_controller_t *this, request_t *request) { char *alias = "", *public_key = ""; - + if (request->get_query_data(request, "back")) { return request->redirect(request, "peer/list"); @@ -160,10 +164,10 @@ static void add(private_peer_controller_t *this, request_t *request) while (request->get_query_data(request, "add")) { chunk_t encoding, keyid; - + alias = request->get_query_data(request, "alias"); public_key = request->get_query_data(request, "public_key"); - + if (!verify_alias(this, request, alias)) { break; @@ -190,7 +194,7 @@ static void add(private_peer_controller_t *this, request_t *request) } request->set(request, "alias", alias); request->set(request, "public_key", public_key); - + return request->render(request, "templates/peer/add.cs"); } @@ -205,7 +209,7 @@ char* pem_encode(chunk_t der) char *pem; chunk_t base64; int i = 0; - + base64 = chunk_to_base64(der, NULL); len = strlen(begin) + base64.len + base64.len/64 + strlen(end) + 2; pem = malloc(len + 1); @@ -219,7 +223,7 @@ char* pem_encode(chunk_t der) } while (i < base64.len - 2); strcat(pem, end); - + free(base64.ptr); return pem; } @@ -231,7 +235,7 @@ static void edit(private_peer_controller_t *this, request_t *request, int id) { char *alias = "", *public_key = "", *pem; chunk_t encoding, keyid; - + if (request->get_query_data(request, "back")) { return request->redirect(request, "peer/list"); @@ -249,7 +253,7 @@ static void edit(private_peer_controller_t *this, request_t *request, int id) { alias = request->get_query_data(request, "alias"); public_key = request->get_query_data(request, "public_key"); - + if (!verify_alias(this, request, alias)) { break; @@ -329,7 +333,7 @@ static void handle(private_peer_controller_t *this, request_t *request, { id = atoi(idstr); } - + if (streq(action, "list")) { return list(this, request); diff --git a/src/medsrv/controller/user_controller.c b/src/medsrv/controller/user_controller.c index bc4717e32..0f25799d8 100755 --- a/src/medsrv/controller/user_controller.c +++ b/src/medsrv/controller/user_controller.c @@ -37,12 +37,12 @@ struct private_user_controller_t { * database connection */ database_t *db; - + /** * user session */ user_t *user; - + /** * minimum required password lenght */ @@ -56,7 +56,7 @@ static chunk_t hash_password(char *login, char *password) { hasher_t *hasher; chunk_t hash, data; - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) { @@ -77,16 +77,16 @@ static void login(private_user_controller_t *this, request_t *request) if (request->get_query_data(request, "submit")) { char *login, *password; - + login = request->get_query_data(request, "login"); password = request->get_query_data(request, "password"); - + if (login && password) { enumerator_t *query; u_int id = 0; chunk_t hash; - + hash = hash_password(login, password); query = this->db->query(this->db, "SELECT id FROM user WHERE login = ? AND password = ?", @@ -126,7 +126,7 @@ static bool verify_login(private_user_controller_t *this, request_t *request, if (!login || *login == '\0') { request->setf(request, "error=Username is missing."); - return FALSE; + return FALSE; } while (*login != '\0') { @@ -190,13 +190,13 @@ static void add(private_user_controller_t *this, request_t *request) login = request->get_query_data(request, "new_login"); password = request->get_query_data(request, "new_password"); confirm = request->get_query_data(request, "confirm_password"); - + if (!verify_login(this, request, login) || !verify_password(this, request, password, confirm)) { break; } - + hash = hash_password(login, password); if (!hash.ptr || this->db->execute(this->db, &id, "INSERT INTO user (login, password) VALUES (?, ?)", @@ -222,7 +222,7 @@ static void edit(private_user_controller_t *this, request_t *request) { enumerator_t *query; char *old_login; - + /* lookup old login */ query = this->db->query(this->db, "SELECT login FROM user WHERE id = ?", DB_INT, this->user->get_user(this->user), @@ -256,12 +256,12 @@ static void edit(private_user_controller_t *this, request_t *request) { char *new_login, *old_pass, *new_pass, *confirm; chunk_t old_hash, new_hash; - + new_login = request->get_query_data(request, "old_login"); old_pass = request->get_query_data(request, "old_password"); new_pass = request->get_query_data(request, "new_password"); confirm = request->get_query_data(request, "confirm_password"); - + if (!verify_login(this, request, new_login) || !verify_password(this, request, new_pass, confirm)) { @@ -270,7 +270,7 @@ static void edit(private_user_controller_t *this, request_t *request) } old_hash = hash_password(old_login, old_pass); new_hash = hash_password(new_login, new_pass); - + if (this->db->execute(this->db, NULL, "UPDATE user SET login = ?, password = ? " "WHERE id = ? AND password = ?", diff --git a/src/medsrv/filter/auth_filter.c b/src/medsrv/filter/auth_filter.c index 76114a347..9ed356042 100755 --- a/src/medsrv/filter/auth_filter.c +++ b/src/medsrv/filter/auth_filter.c @@ -33,7 +33,7 @@ struct private_auth_filter_t { * user session */ user_t *user; - + /** * database connection */ @@ -50,7 +50,7 @@ static bool run(private_auth_filter_t *this, request_t *request, { enumerator_t *query; char *login; - + query = this->db->query(this->db, "SELECT login FROM user WHERE id = ?", DB_INT, this->user->get_user(this->user), DB_TEXT); diff --git a/src/medsrv/main.c b/src/medsrv/main.c index 20dec9d37..1f43a7e17 100644 --- a/src/medsrv/main.c +++ b/src/medsrv/main.c @@ -32,11 +32,14 @@ int main(int arc, char *argv[]) bool debug; char *uri; int timeout, threads; - - library_init(STRONGSWAN_CONF); - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, - lib->settings->get_str(lib->settings, "medsrv.load", PLUGINS)); - + + library_init(NULL); + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "medsrv.load", PLUGINS))) + { + return 1; + } + socket = lib->settings->get_str(lib->settings, "medsrv.socket", NULL); debug = lib->settings->get_bool(lib->settings, "medsrv.debug", FALSE); timeout = lib->settings->get_time(lib->settings, "medsrv.timeout", 900); @@ -47,14 +50,14 @@ int main(int arc, char *argv[]) fprintf(stderr, "database URI medsrv.database not defined.\n"); return 1; } - + db = lib->db->create(lib->db, uri); if (db == NULL) { fprintf(stderr, "opening database failed.\n"); return 1; } - + dispatcher = dispatcher_create(socket, debug, timeout, (context_constructor_t)user_create, db); dispatcher->add_filter(dispatcher, @@ -63,13 +66,13 @@ int main(int arc, char *argv[]) (controller_constructor_t)user_controller_create, db); dispatcher->add_controller(dispatcher, (controller_constructor_t)peer_controller_create, db); - + dispatcher->run(dispatcher, threads); - + dispatcher->waitsignal(dispatcher); dispatcher->destroy(dispatcher); db->destroy(db); - + library_deinit(); return 0; } diff --git a/src/medsrv/user.h b/src/medsrv/user.h index 2d1c738ca..f14650f03 100644 --- a/src/medsrv/user.h +++ b/src/medsrv/user.h @@ -25,17 +25,17 @@ typedef struct user_t user_t; * Per session context. Contains user user state and data. */ struct user_t { - + /** * implements context_t interface */ context_t context; - + /** * Set the user ID of the logged in user. */ void (*set_user)(user_t *this, u_int id); - + /** * Get the user ID of the logged in user. */ diff --git a/src/openac/Makefile.am b/src/openac/Makefile.am index 005486779..ca6238258 100644 --- a/src/openac/Makefile.am +++ b/src/openac/Makefile.am @@ -4,9 +4,7 @@ dist_man_MANS = openac.8 INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -DIPSEC_CONFDIR=\"${confdir}\" \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\" \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DPLUGINS=\""${libstrongswan_plugins}\"" -openac_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lgmp +openac_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in index d8d590eb2..08f621395 100644 --- a/src/openac/Makefile.in +++ b/src/openac/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -37,13 +39,20 @@ subdir = src/openac DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(ipsec_PROGRAMS) am_openac_OBJECTS = openac.$(OBJEXT) openac_OBJECTS = $(am_openac_OBJECTS) @@ -52,6 +61,7 @@ openac_DEPENDENCIES = \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -63,6 +73,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(openac_SOURCES) DIST_SOURCES = $(openac_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man8dir = $(mandir)/man8 NROFF = nroff MANS = $(dist_man_MANS) @@ -102,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -132,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -165,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -190,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -198,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -206,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -217,18 +251,17 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ openac_SOURCES = openac.c dist_man_MANS = openac.8 INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ - -DIPSEC_CONFDIR=\"${confdir}\" \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\" \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DPLUGINS=\""${libstrongswan_plugins}\"" -openac_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lgmp +openac_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la all: all-am .SUFFIXES: @@ -242,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/openac/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/openac/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/openac/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/openac/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -262,34 +295,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list openac$(EXEEXT): $(openac_OBJECTS) $(openac_DEPENDENCIES) @rm -f openac$(EXEEXT) $(LINK) $(openac_OBJECTS) $(openac_LDADD) $(LIBS) @@ -304,21 +353,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -328,51 +377,44 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(dist_man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -386,7 +428,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -394,34 +436,52 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -437,13 +497,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -474,6 +538,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -495,6 +560,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -503,18 +570,28 @@ install-data-am: install-ipsecPROGRAMS install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -556,6 +633,7 @@ uninstall-man: uninstall-man8 tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ uninstall-man uninstall-man8 + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/openac/openac.c b/src/openac/openac.c index a8f75e093..2b9270ff9 100755 --- a/src/openac/openac.c +++ b/src/openac/openac.c @@ -1,8 +1,8 @@ /** * @file openac.c - * + * * @brief Generation of X.509 attribute certificates. - * + * */ /* @@ -29,12 +29,10 @@ #include #include #include -#include #include #include #include -#include #include #include #include @@ -79,55 +77,29 @@ static void usage(const char *message) ); } - -/** - * convert a chunk into a multi-precision integer - */ -static void chunk_to_mpz(chunk_t chunk, mpz_t number) -{ - mpz_import(number, chunk.len, 1, 1, 1, 0, chunk.ptr); -} - -/** - * convert a multi-precision integer into a chunk - */ -static chunk_t mpz_to_chunk(mpz_t number) -{ - chunk_t chunk; - - chunk.len = 1 + mpz_sizeinbase(number, 2)/BITS_PER_BYTE; - chunk.ptr = mpz_export(NULL, NULL, 1, chunk.len, 1, 0, number); - if (chunk.ptr == NULL) - { - chunk.len = 0; - } - return chunk; -} - /** * read the last serial number from file */ static chunk_t read_serial(void) { - mpz_t number; - - char buf[BUF_LEN], buf1[BUF_LEN]; - chunk_t hex_serial = { buf, BUF_LEN }; - chunk_t last_serial = { buf1, BUF_LEN }; - chunk_t serial; - - FILE *fd = fopen(OPENAC_SERIAL, "r"); - - /* last serial number defaults to 0 */ - *last_serial.ptr = 0x00; - last_serial.len = 1; + chunk_t hex, serial = chunk_empty; + char one[] = {0x01}; + FILE *fd; + fd = fopen(OPENAC_SERIAL, "r"); if (fd) { - if (fscanf(fd, "%s", hex_serial.ptr)) + hex = chunk_alloca(64); + hex.len = fread(hex.ptr, 1, hex.len, fd); + if (hex.len) { - hex_serial.len = strlen(hex_serial.ptr); - last_serial = chunk_from_hex(hex_serial, last_serial.ptr); + /* remove any terminating newline character */ + if (hex.ptr[hex.len-1] == '\n') + { + hex.len--; + } + serial = chunk_alloca((hex.len / 2) + (hex.len % 2)); + serial = chunk_from_hex(hex, serial.ptr); } fclose(fd); } @@ -135,19 +107,15 @@ static chunk_t read_serial(void) { DBG1(" file '%s' does not exist yet - serial number set to 01", OPENAC_SERIAL); } - - /** - * conversion of read serial number to a multiprecision integer - * and incrementing it by one - * and representing it as a two's complement octet string - */ - mpz_init(number); - chunk_to_mpz(last_serial, number); - mpz_add_ui(number, number, 0x01); - serial = mpz_to_chunk(number); - mpz_clear(number); - - return serial; + if (!serial.len) + { + return chunk_clone(chunk_create(one, 1)); + } + if (chunk_increment(serial)) + { /* overflow, prepend 0x01 */ + return chunk_cat("cc", chunk_create(one, 1), serial); + } + return chunk_clone(serial); } /** @@ -173,32 +141,6 @@ static void write_serial(chunk_t serial) } } -/** - * Load and parse a private key file - */ -static private_key_t* private_key_create_from_file(char *path, chunk_t *secret) -{ - bool pgp = FALSE; - chunk_t chunk = chunk_empty; - private_key_t *key = NULL; - - if (!pem_asn1_load_file(path, secret, &chunk, &pgp)) - { - DBG1(" could not load private key file '%s'", path); - return NULL; - } - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, chunk, BUILD_END); - free(chunk.ptr); - if (key == NULL) - { - DBG1(" could not parse loaded private key file '%s'", path); - return NULL; - } - DBG1(" loaded private key file '%s'", path); - return key; -} - /** * global variables accessible by both main() and build.c */ @@ -215,7 +157,7 @@ static void openac_dbg(int level, char *fmt, ...) char buffer[8192]; char *current = buffer, *next; va_list args; - + if (level <= debug_level) { if (!stderr_quiet) @@ -274,7 +216,7 @@ int main(int argc, char **argv) chunk_t attr_chunk = chunk_empty; int status = 1; - + /* enable openac debugging hook */ dbg = openac_dbg; @@ -283,20 +225,22 @@ int main(int argc, char **argv) openlog("openac", 0, LOG_AUTHPRIV); /* initialize library */ - if (!library_init(STRONGSWAN_CONF)) + atexit(library_deinit); + if (!library_init(NULL)) { - library_deinit(); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } if (lib->integrity && !lib->integrity->check_file(lib->integrity, "openac", argv[0])) { fprintf(stderr, "integrity check of openac failed\n"); - library_deinit(); exit(SS_RC_DAEMON_INTEGRITY); } - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, - lib->settings->get_str(lib->settings, "openac.load", PLUGINS)); + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "openac.load", PLUGINS))) + { + exit(SS_RC_INITIALIZATION_FAILED); + } /* initialize optionsfrom */ options_t *options = options_create(); @@ -323,7 +267,7 @@ int main(int argc, char **argv) { "debug", required_argument, NULL, 'd' }, { 0,0,0,0 } }; - + int c = getopt_long(argc, argv, "hv+:qc:k:p;u:g:D:H:S:E:o:d:", long_opts, NULL); /* Note: "breaking" from case terminates loop */ @@ -333,7 +277,7 @@ int main(int argc, char **argv) break; case 0: /* long option already handled */ - continue; + continue; case ':': /* diagnostic already printed by getopt_long */ case '?': /* diagnostic already printed by getopt_long */ @@ -353,18 +297,18 @@ int main(int argc, char **argv) if (*optarg == '/') /* absolute pathname */ { - strncpy(path, optarg, BUF_LEN); + strncpy(path, optarg, BUF_LEN); } else /* relative pathname */ { - snprintf(path, BUF_LEN, "%s/%s", OPENAC_PATH, optarg); + snprintf(path, BUF_LEN, "%s/%s", OPENAC_PATH, optarg); } if (!options->from(options, path, &argc, &argv, optind)) { status = 1; goto end; } - } + } continue; case 'q': /* --quiet */ @@ -492,12 +436,15 @@ int main(int argc, char **argv) /* load the signer's RSA private key */ if (keyfile != NULL) { - signerKey = private_key_create_from_file(keyfile, &passphrase); - + signerKey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_FROM_FILE, keyfile, + BUILD_PASSPHRASE, passphrase, + BUILD_END); if (signerKey == NULL) { goto end; } + DBG1(" loaded private key file '%s'", keyfile); } /* load the signer's X.509 certificate */ @@ -506,7 +453,6 @@ int main(int argc, char **argv) signerCert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, certfile, - BUILD_X509_FLAG, 0, BUILD_END); if (signerCert == NULL) { @@ -520,7 +466,6 @@ int main(int argc, char **argv) userCert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, usercertfile, - BUILD_X509_FLAG, 0, BUILD_END); if (userCert == NULL) { @@ -553,7 +498,7 @@ int main(int argc, char **argv) { goto end; } - + /* write the attribute certificate to file */ attr_chunk = attr_cert->get_encoding(attr_cert); if (chunk_write(attr_chunk, outfile, "attribute cert", 0022, TRUE)) @@ -579,6 +524,5 @@ end: closelog(); dbg = dbg_default; options->destroy(options); - library_deinit(); exit(status); } diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am new file mode 100644 index 000000000..a471b6477 --- /dev/null +++ b/src/pki/Makefile.am @@ -0,0 +1,15 @@ +ipsec_PROGRAMS = pki + +pki_SOURCES = pki.c pki.h command.c command.h \ + commands/gen.c \ + commands/issue.c \ + commands/keyid.c \ + commands/pub.c \ + commands/req.c \ + commands/self.c \ + commands/verify.c + +pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = \ + -DPLUGINS=\""${libstrongswan_plugins}\"" diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in new file mode 100644 index 000000000..1261d7fa8 --- /dev/null +++ b/src/pki/Makefile.in @@ -0,0 +1,673 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +ipsec_PROGRAMS = pki$(EXEEXT) +subdir = src/pki +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(ipsecdir)" +PROGRAMS = $(ipsec_PROGRAMS) +am_pki_OBJECTS = pki.$(OBJEXT) command.$(OBJEXT) gen.$(OBJEXT) \ + issue.$(OBJEXT) keyid.$(OBJEXT) pub.$(OBJEXT) req.$(OBJEXT) \ + self.$(OBJEXT) verify.$(OBJEXT) +pki_OBJECTS = $(am_pki_OBJECTS) +pki_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(pki_SOURCES) +DIST_SOURCES = $(pki_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +pki_SOURCES = pki.c pki.h command.c command.h \ + commands/gen.c \ + commands/issue.c \ + commands/keyid.c \ + commands/pub.c \ + commands/req.c \ + commands/self.c \ + commands/verify.c + +pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = \ + -DPLUGINS=\""${libstrongswan_plugins}\"" + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pki/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/pki/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-ipsecPROGRAMS: $(ipsec_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-ipsecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files + +clean-ipsecPROGRAMS: + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +pki$(EXEEXT): $(pki_OBJECTS) $(pki_DEPENDENCIES) + @rm -f pki$(EXEEXT) + $(LINK) $(pki_OBJECTS) $(pki_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/issue.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyid.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pki.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pub.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/req.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/self.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +gen.o: commands/gen.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gen.o -MD -MP -MF $(DEPDIR)/gen.Tpo -c -o gen.o `test -f 'commands/gen.c' || echo '$(srcdir)/'`commands/gen.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gen.Tpo $(DEPDIR)/gen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/gen.c' object='gen.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gen.o `test -f 'commands/gen.c' || echo '$(srcdir)/'`commands/gen.c + +gen.obj: commands/gen.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gen.obj -MD -MP -MF $(DEPDIR)/gen.Tpo -c -o gen.obj `if test -f 'commands/gen.c'; then $(CYGPATH_W) 'commands/gen.c'; else $(CYGPATH_W) '$(srcdir)/commands/gen.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/gen.Tpo $(DEPDIR)/gen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/gen.c' object='gen.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gen.obj `if test -f 'commands/gen.c'; then $(CYGPATH_W) 'commands/gen.c'; else $(CYGPATH_W) '$(srcdir)/commands/gen.c'; fi` + +issue.o: commands/issue.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT issue.o -MD -MP -MF $(DEPDIR)/issue.Tpo -c -o issue.o `test -f 'commands/issue.c' || echo '$(srcdir)/'`commands/issue.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/issue.Tpo $(DEPDIR)/issue.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/issue.c' object='issue.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o issue.o `test -f 'commands/issue.c' || echo '$(srcdir)/'`commands/issue.c + +issue.obj: commands/issue.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT issue.obj -MD -MP -MF $(DEPDIR)/issue.Tpo -c -o issue.obj `if test -f 'commands/issue.c'; then $(CYGPATH_W) 'commands/issue.c'; else $(CYGPATH_W) '$(srcdir)/commands/issue.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/issue.Tpo $(DEPDIR)/issue.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/issue.c' object='issue.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o issue.obj `if test -f 'commands/issue.c'; then $(CYGPATH_W) 'commands/issue.c'; else $(CYGPATH_W) '$(srcdir)/commands/issue.c'; fi` + +keyid.o: commands/keyid.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keyid.o -MD -MP -MF $(DEPDIR)/keyid.Tpo -c -o keyid.o `test -f 'commands/keyid.c' || echo '$(srcdir)/'`commands/keyid.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/keyid.Tpo $(DEPDIR)/keyid.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/keyid.c' object='keyid.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keyid.o `test -f 'commands/keyid.c' || echo '$(srcdir)/'`commands/keyid.c + +keyid.obj: commands/keyid.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keyid.obj -MD -MP -MF $(DEPDIR)/keyid.Tpo -c -o keyid.obj `if test -f 'commands/keyid.c'; then $(CYGPATH_W) 'commands/keyid.c'; else $(CYGPATH_W) '$(srcdir)/commands/keyid.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/keyid.Tpo $(DEPDIR)/keyid.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/keyid.c' object='keyid.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keyid.obj `if test -f 'commands/keyid.c'; then $(CYGPATH_W) 'commands/keyid.c'; else $(CYGPATH_W) '$(srcdir)/commands/keyid.c'; fi` + +pub.o: commands/pub.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pub.o -MD -MP -MF $(DEPDIR)/pub.Tpo -c -o pub.o `test -f 'commands/pub.c' || echo '$(srcdir)/'`commands/pub.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pub.Tpo $(DEPDIR)/pub.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/pub.c' object='pub.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pub.o `test -f 'commands/pub.c' || echo '$(srcdir)/'`commands/pub.c + +pub.obj: commands/pub.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pub.obj -MD -MP -MF $(DEPDIR)/pub.Tpo -c -o pub.obj `if test -f 'commands/pub.c'; then $(CYGPATH_W) 'commands/pub.c'; else $(CYGPATH_W) '$(srcdir)/commands/pub.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pub.Tpo $(DEPDIR)/pub.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/pub.c' object='pub.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pub.obj `if test -f 'commands/pub.c'; then $(CYGPATH_W) 'commands/pub.c'; else $(CYGPATH_W) '$(srcdir)/commands/pub.c'; fi` + +req.o: commands/req.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT req.o -MD -MP -MF $(DEPDIR)/req.Tpo -c -o req.o `test -f 'commands/req.c' || echo '$(srcdir)/'`commands/req.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/req.Tpo $(DEPDIR)/req.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/req.c' object='req.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o req.o `test -f 'commands/req.c' || echo '$(srcdir)/'`commands/req.c + +req.obj: commands/req.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT req.obj -MD -MP -MF $(DEPDIR)/req.Tpo -c -o req.obj `if test -f 'commands/req.c'; then $(CYGPATH_W) 'commands/req.c'; else $(CYGPATH_W) '$(srcdir)/commands/req.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/req.Tpo $(DEPDIR)/req.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/req.c' object='req.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o req.obj `if test -f 'commands/req.c'; then $(CYGPATH_W) 'commands/req.c'; else $(CYGPATH_W) '$(srcdir)/commands/req.c'; fi` + +self.o: commands/self.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT self.o -MD -MP -MF $(DEPDIR)/self.Tpo -c -o self.o `test -f 'commands/self.c' || echo '$(srcdir)/'`commands/self.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/self.Tpo $(DEPDIR)/self.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/self.c' object='self.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o self.o `test -f 'commands/self.c' || echo '$(srcdir)/'`commands/self.c + +self.obj: commands/self.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT self.obj -MD -MP -MF $(DEPDIR)/self.Tpo -c -o self.obj `if test -f 'commands/self.c'; then $(CYGPATH_W) 'commands/self.c'; else $(CYGPATH_W) '$(srcdir)/commands/self.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/self.Tpo $(DEPDIR)/self.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/self.c' object='self.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o self.obj `if test -f 'commands/self.c'; then $(CYGPATH_W) 'commands/self.c'; else $(CYGPATH_W) '$(srcdir)/commands/self.c'; fi` + +verify.o: commands/verify.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT verify.o -MD -MP -MF $(DEPDIR)/verify.Tpo -c -o verify.o `test -f 'commands/verify.c' || echo '$(srcdir)/'`commands/verify.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/verify.Tpo $(DEPDIR)/verify.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/verify.c' object='verify.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o verify.o `test -f 'commands/verify.c' || echo '$(srcdir)/'`commands/verify.c + +verify.obj: commands/verify.c +@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT verify.obj -MD -MP -MF $(DEPDIR)/verify.Tpo -c -o verify.obj `if test -f 'commands/verify.c'; then $(CYGPATH_W) 'commands/verify.c'; else $(CYGPATH_W) '$(srcdir)/commands/verify.c'; fi` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/verify.Tpo $(DEPDIR)/verify.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='commands/verify.c' object='verify.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o verify.obj `if test -f 'commands/verify.c'; then $(CYGPATH_W) 'commands/verify.c'; else $(CYGPATH_W) '$(srcdir)/commands/verify.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(ipsecdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-ipsecPROGRAMS + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-ipsecPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-ipsecPROGRAMS clean-libtool ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-ipsecPROGRAMS install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-ipsecPROGRAMS + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/pki/command.c b/src/pki/command.c new file mode 100644 index 000000000..8f53817f0 --- /dev/null +++ b/src/pki/command.c @@ -0,0 +1,256 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "command.h" +#include "pki.h" + +#define _GNU_SOURCE +#include +#include +#include +#include + +#include +#include +#include + +/** + * Registered commands. + */ +command_t cmds[MAX_COMMANDS]; + +/** + * active command. + */ +static int active = 0; + +/** + * number of registered commands + */ +static int registered = 0; + +/** + * help command index + */ +static int help_idx; + +static int argc; + +static char **argv; + +static options_t *options; + +/** + * Global options used by all subcommands + */ +static struct option command_opts[MAX_COMMANDS > MAX_OPTIONS ?: MAX_OPTIONS]; + +/** + * Global optstring used by all subcommands + */ +static char command_optstring[(MAX_COMMANDS > MAX_OPTIONS ?: MAX_OPTIONS) * 3]; + +/** + * Build command_opts/command_optstr for the active command + */ +static void build_opts() +{ + int i, pos = 0; + + memset(command_opts, 0, sizeof(command_opts)); + memset(command_optstring, 0, sizeof(command_optstring)); + if (active == help_idx) + { + for (i = 0; cmds[i].cmd; i++) + { + command_opts[i].name = cmds[i].cmd; + command_opts[i].val = cmds[i].op; + command_optstring[i] = cmds[i].op; + } + } + else + { + for (i = 0; cmds[active].options[i].name; i++) + { + command_opts[i].name = cmds[active].options[i].name; + command_opts[i].has_arg = cmds[active].options[i].arg; + command_opts[i].val = cmds[active].options[i].op; + command_optstring[pos++] = cmds[active].options[i].op; + switch (cmds[active].options[i].arg) + { + case optional_argument: + command_optstring[pos++] = ':'; + /* FALL */ + case required_argument: + command_optstring[pos++] = ':'; + /* FALL */ + case no_argument: + default: + break; + } + } + } +} + +/** + * getopt_long wrapper + */ +int command_getopt(char **arg) +{ + int op; + + while (TRUE) + { + op = getopt_long(argc, argv, command_optstring, command_opts, NULL); + switch (op) + { + case '+': + if (!options->from(options, optarg, &argc, &argv, optind)) + { + /* a error value */ + return 255; + } + continue; + case 'v': + dbg_default_set_level(atoi(optarg)); + continue; + default: + *arg = optarg; + return op; + } + } +} + +/** + * Register a command + */ +void command_register(command_t command) +{ + int i; + + cmds[registered] = command; + /* append default options, but not to --help */ + if (!active) + { + for (i = 0; i < countof(cmds[registered].options); i++) + { + if (cmds[registered].options[i].name) + { + continue; + } + cmds[registered].options[i++] = (command_option_t) { + "debug", 'v', 1, "set debug level, default: 1" + }; + cmds[registered].options[i++] = (command_option_t) { + "options", '+', 1, "read command line options from file" + }; + break; + } + } + registered++; +} + +/** + * Print usage text, with an optional error + */ +int command_usage(char *error) +{ + FILE *out = stdout; + int i; + + if (error) + { + out = stderr; + fprintf(out, "Error: %s\n", error); + } + fprintf(out, "strongSwan %s PKI tool\n", VERSION); + fprintf(out, "usage:\n"); + if (active == help_idx) + { + for (i = 0; cmds[i].cmd; i++) + { + fprintf(out, " pki --%-6s (-%c) %s\n", + cmds[i].cmd, cmds[i].op, cmds[i].description); + } + } + else + { + for (i = 0; cmds[active].line[i]; i++) + { + if (i == 0) + { + fprintf(out, " pki --%s %s\n", + cmds[active].cmd, cmds[active].line[i]); + } + else + { + fprintf(out, " %s\n", cmds[active].line[i]); + } + } + for (i = 0; cmds[active].options[i].name; i++) + { + fprintf(out, " --%-8s (-%c) %s\n", + cmds[active].options[i].name, cmds[active].options[i].op, + cmds[active].options[i].desc); + } + } + return error != NULL; +} + + +/** + * Show usage information + */ +static int help(int argc, char *argv[]) +{ + return command_usage(NULL); +} + +/** + * Dispatch cleanup hook + */ +static void cleanup() +{ + options->destroy(options); +} + +/** + * Dispatch commands. + */ +int command_dispatch(int c, char *v[]) +{ + int op, i; + + options = options_create(); + atexit(cleanup); + active = help_idx = registered; + argc = c; + argv = v; + command_register((command_t){help, 'h', "help", "show usage information"}); + + build_opts(); + op = getopt_long(c, v, command_optstring, command_opts, NULL); + for (i = 0; cmds[i].cmd; i++) + { + if (cmds[i].op == op) + { + active = i; + build_opts(); + return cmds[i].call(); + } + } + return command_usage("invalid operation"); +} + diff --git a/src/pki/command.h b/src/pki/command.h new file mode 100644 index 000000000..fad598c0b --- /dev/null +++ b/src/pki/command.h @@ -0,0 +1,95 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup command command + * @{ @ingroup pki + */ + +#ifndef COMMAND_H_ +#define COMMAND_H_ + +/** + * Maximum number of commands. + */ +#define MAX_COMMANDS 10 + +/** + * Maximum number of options in a command (+1) + */ +#define MAX_OPTIONS 20 + +/** + * Maximum number of usage summary lines (+1) + */ +#define MAX_LINES 10 + +typedef struct command_t command_t; +typedef struct command_option_t command_option_t; +typedef enum command_type_t command_type_t; + +/** + * Option specification + */ +struct command_option_t { + /** long option string of the option */ + char *name; + /** short option character of the option */ + char op; + /** expected argument to option, no/req/opt_argument */ + int arg; + /** description of the option */ + char *desc; +}; + +/** + * Command specification. + */ +struct command_t { + /** Function implementing the command */ + int (*call)(); + /** short option character */ + char op; + /** long option string */ + char *cmd; + /** description of the command */ + char *description; + /** usage summary of the command */ + char *line[MAX_LINES]; + /** list of options the command accepts */ + command_option_t options[MAX_OPTIONS]; +}; + +/** + * Get the next option, as with getopt. + */ +int command_getopt(char **arg); + +/** + * Register a command. + */ +void command_register(command_t command); + +/** + * Dispatch commands. + */ +int command_dispatch(int argc, char *argv[]); + +/** + * Show usage information of active command. + */ +int command_usage(char *error); + +#endif /* COMMAND_H_ @}*/ diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c new file mode 100644 index 000000000..16d8d48d4 --- /dev/null +++ b/src/pki/commands/gen.c @@ -0,0 +1,125 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pki.h" + +/** + * Generate a private key + */ +static int gen() +{ + key_encoding_type_t form = KEY_PRIV_ASN1_DER; + key_type_t type = KEY_RSA; + u_int size = 0; + private_key_t *key; + chunk_t encoding; + char *arg; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 't': + if (streq(arg, "rsa")) + { + type = KEY_RSA; + } + else if (streq(arg, "ecdsa")) + { + type = KEY_ECDSA; + } + else + { + return command_usage("invalid key type"); + } + continue; + case 'o': + if (!get_form(arg, &form, FALSE)) + { + return command_usage("invalid key output format"); + } + continue; + case 's': + size = atoi(arg); + if (!size) + { + return command_usage("invalid key size"); + } + continue; + case EOF: + break; + default: + return command_usage("invalid --gen option"); + } + break; + } + /* default key sizes */ + if (!size) + { + switch (type) + { + case KEY_RSA: + size = 2048; + break; + case KEY_ECDSA: + size = 384; + break; + default: + break; + } + } + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_KEY_SIZE, size, BUILD_END); + if (!key) + { + fprintf(stderr, "private key generation failed\n"); + return 1; + } + if (!key->get_encoding(key, form, &encoding)) + { + fprintf(stderr, "private key encoding failed\n"); + key->destroy(key); + return 1; + } + key->destroy(key); + if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) + { + fprintf(stderr, "writing private key failed\n"); + free(encoding.ptr); + return 1; + } + free(encoding.ptr); + return 0; +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) { + gen, 'g', "gen", "generate a new private key", + {"[--type rsa|ecdsa] [--size bits] [--outform der|pem|pgp]"}, + { + {"help", 'h', 0, "show usage information"}, + {"type", 't', 1, "type of key, default: rsa"}, + {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"}, + {"outform", 'f', 1, "encoding of generated private key"}, + } + }); +} + diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c new file mode 100644 index 000000000..07ab9066a --- /dev/null +++ b/src/pki/commands/issue.c @@ -0,0 +1,370 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "pki.h" + +#include +#include +#include +#include +#include + +/** + * Issue a certificate using a CA certificate and key + */ +static int issue() +{ + hash_algorithm_t digest = HASH_SHA1; + certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL; + private_key_t *private = NULL; + public_key_t *public = NULL; + bool pkcs10 = FALSE; + char *file = NULL, *dn = NULL, *hex = NULL, *cacert = NULL, *cakey = NULL; + char *error = NULL; + identification_t *id = NULL; + linked_list_t *san, *cdps, *ocsp; + int lifetime = 1080; + int pathlen = X509_NO_PATH_LEN_CONSTRAINT; + chunk_t serial = chunk_empty; + chunk_t encoding = chunk_empty; + time_t not_before, not_after; + x509_flag_t flags = 0; + x509_t *x509; + char *arg; + + san = linked_list_create(); + cdps = linked_list_create(); + ocsp = linked_list_create(); + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + goto usage; + case 't': + if (streq(arg, "pkcs10")) + { + pkcs10 = TRUE; + } + else if (!streq(arg, "pub")) + { + error = "invalid input type"; + goto usage; + } + continue; + case 'g': + digest = get_digest(arg); + if (digest == HASH_UNKNOWN) + { + error = "invalid --digest type"; + goto usage; + } + continue; + case 'i': + file = arg; + continue; + case 'c': + cacert = arg; + continue; + case 'k': + cakey = arg; + continue; + case 'd': + dn = arg; + continue; + case 'a': + san->insert_last(san, identification_create_from_string(arg)); + continue; + case 'l': + lifetime = atoi(arg); + if (!lifetime) + { + error = "invalid --lifetime value"; + goto usage; + } + continue; + case 's': + hex = arg; + continue; + case 'b': + flags |= X509_CA; + continue; + case 'p': + pathlen = atoi(arg); + continue; + case 'f': + if (streq(arg, "serverAuth")) + { + flags |= X509_SERVER_AUTH; + } + else if (streq(arg, "clientAuth")) + { + flags |= X509_CLIENT_AUTH; + } + else if (streq(arg, "ocspSigning")) + { + flags |= X509_OCSP_SIGNER; + } + continue; + case 'u': + cdps->insert_last(cdps, arg); + continue; + case 'o': + ocsp->insert_last(ocsp, arg); + continue; + case EOF: + break; + default: + error = "invalid --issue option"; + goto usage; + } + break; + } + + if (!pkcs10 && !dn) + { + error = "--dn is required"; + goto usage; + } + if (!cacert) + { + error = "--cacert is required"; + goto usage; + } + if (!cakey) + { + error = "--cakey is required"; + goto usage; + } + if (dn) + { + id = identification_create_from_string(dn); + if (id->get_type(id) != ID_DER_ASN1_DN) + { + error = "supplied --dn is not a distinguished name"; + goto end; + } + } + + DBG2("Reading ca certificate:"); + ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, cacert, BUILD_END); + if (!ca) + { + error = "parsing CA certificate failed"; + goto end; + } + x509 = (x509_t*)ca; + if (!(x509->get_flags(x509) & X509_CA)) + { + error = "CA certificate misses CA basicConstraint"; + goto end; + } + public = ca->get_public_key(ca); + if (!public) + { + error = "extracting CA certificate public key failed"; + goto end; + } + + DBG2("Reading ca private key:"); + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, + public->get_type(public), + BUILD_FROM_FILE, cakey, BUILD_END); + if (!private) + { + error = "parsing CA private key failed"; + goto end; + } + if (!private->belongs_to(private, public)) + { + error = "CA private key does not match CA certificate"; + goto end; + } + public->destroy(public); + + if (hex) + { + serial = chunk_from_hex(chunk_create(hex, strlen(hex)), NULL); + } + else + { + rng_t *rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + + if (!rng) + { + error = "no random number generator found"; + goto end; + } + rng->allocate_bytes(rng, 8, &serial); + rng->destroy(rng); + } + + if (pkcs10) + { + enumerator_t *enumerator; + identification_t *subjectAltName; + pkcs10_t *req; + + DBG2("Reading certificate request"); + if (file) + { + cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_PKCS10_REQUEST, + BUILD_FROM_FILE, file, BUILD_END); + } + else + { + cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_PKCS10_REQUEST, + BUILD_FROM_FD, 0, BUILD_END); + } + if (!cert_req) + { + error = "parsing certificate request failed"; + goto end; + } + + /* If not set yet use subject from PKCS#10 certificate request as DN */ + if (!id) + { + id = cert_req->get_subject(cert_req); + id = id->clone(id); + } + + /* Add subjectAltNames from PKCS#10 certificate request */ + req = (pkcs10_t*)cert_req; + enumerator = req->create_subjectAltName_enumerator(req); + while (enumerator->enumerate(enumerator, &subjectAltName)) + { + san->insert_last(san, subjectAltName->clone(subjectAltName)); + } + enumerator->destroy(enumerator); + + /* Use public key from PKCS#10 certificate request */ + public = cert_req->get_public_key(cert_req); + } + else + { + DBG2("Reading public key:"); + if (file) + { + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + BUILD_FROM_FILE, file, BUILD_END); + } + else + { + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, + BUILD_FROM_FD, 0, BUILD_END); + } + } + if (!public) + { + error = "parsing public key failed"; + goto end; + } + + not_before = time(NULL); + not_after = not_before + lifetime * 24 * 60 * 60; + + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca, + BUILD_PUBLIC_KEY, public, BUILD_SUBJECT, id, + BUILD_NOT_BEFORE_TIME, not_before, BUILD_DIGEST_ALG, digest, + BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial, + BUILD_SUBJECT_ALTNAMES, san, BUILD_X509_FLAG, flags, + BUILD_PATHLEN, pathlen, + BUILD_CRL_DISTRIBUTION_POINTS, cdps, + BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END); + if (!cert) + { + error = "generating certificate failed"; + goto end; + } + encoding = cert->get_encoding(cert); + if (!encoding.ptr) + { + error = "encoding certificate failed"; + goto end; + } + if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) + { + error = "writing certificate key failed"; + goto end; + } + +end: + DESTROY_IF(id); + DESTROY_IF(cert_req); + DESTROY_IF(cert); + DESTROY_IF(ca); + DESTROY_IF(public); + DESTROY_IF(private); + san->destroy_offset(san, offsetof(identification_t, destroy)); + cdps->destroy(cdps); + ocsp->destroy(ocsp); + free(encoding.ptr); + free(serial.ptr); + + if (error) + { + fprintf(stderr, "%s\n", error); + return 1; + } + return 0; + +usage: + san->destroy_offset(san, offsetof(identification_t, destroy)); + cdps->destroy(cdps); + ocsp->destroy(ocsp); + return command_usage(error); +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) { + issue, 'i', "issue", + "issue a certificate using a CA certificate and key", + {"[--in file] [--type pub|pkcs10]", + " --cacert file --cakey file --dn subject-dn [--san subjectAltName]+", + "[--lifetime days] [--serial hex] [--crl uri]+ [--ocsp uri]+", + "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|ocspSigning]+", + "[--digest md5|sha1|sha224|sha256|sha384|sha512]"}, + { + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "public key/request file to issue, default: stdin"}, + {"type", 't', 1, "type of input, default: pub"}, + {"cacert", 'c', 1, "CA certificate file"}, + {"cakey", 'k', 1, "CA private key file"}, + {"dn", 'd', 1, "distinguished name to include as subject"}, + {"san", 'a', 1, "subjectAltName to include in certificate"}, + {"lifetime",'l', 1, "days the certificate is valid, default: 1080"}, + {"serial", 's', 1, "serial number in hex, default: random"}, + {"ca", 'b', 0, "include CA basicConstraint, default: no"}, + {"pathlen", 'p', 1, "set path length constraint"}, + {"flag", 'f', 1, "include extendedKeyUsage flag"}, + {"crl", 'u', 1, "CRL distribution point URI to include"}, + {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, + {"digest", 'g', 1, "digest for signature creation, default: sha1"}, + } + }); +} + diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c new file mode 100644 index 000000000..c15c1193e --- /dev/null +++ b/src/pki/commands/keyid.c @@ -0,0 +1,164 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pki.h" + +#include +#include + +/** + * Calculate the keyid of a key/certificate + */ +static int keyid() +{ + credential_type_t type = CRED_PRIVATE_KEY; + int subtype = KEY_RSA; + certificate_t *cert; + private_key_t *private; + public_key_t *public; + char *file = NULL; + void *cred; + chunk_t id; + char *arg; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 't': + if (streq(arg, "rsa-priv")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_RSA; + } + else if (streq(arg, "ecdsa-priv")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_ECDSA; + } + else if (streq(arg, "pub")) + { + type = CRED_PUBLIC_KEY; + subtype = KEY_ANY; + } + else if (streq(arg, "pkcs10")) + { + type = CRED_CERTIFICATE; + subtype = CERT_PKCS10_REQUEST; + } + else if (streq(arg, "x509")) + { + type = CRED_CERTIFICATE; + subtype = CERT_X509; + } + else + { + return command_usage( "invalid input type"); + } + continue; + case 'i': + file = arg; + continue; + case EOF: + break; + default: + return command_usage("invalid --keyid option"); + } + break; + } + if (file) + { + cred = lib->creds->create(lib->creds, type, subtype, + BUILD_FROM_FILE, file, BUILD_END); + } + else + { + cred = lib->creds->create(lib->creds, type, subtype, + BUILD_FROM_FD, 0, BUILD_END); + } + if (!cred) + { + fprintf(stderr, "parsing input failed\n"); + return 1; + } + + if (type == CRED_PRIVATE_KEY) + { + private = cred; + if (private->get_fingerprint(private, KEY_ID_PUBKEY_SHA1, &id)) + { + printf("subjectKeyIdentifier: %#B\n", &id); + } + if (private->get_fingerprint(private, KEY_ID_PUBKEY_INFO_SHA1, &id)) + { + printf("subjectPublicKeyInfo hash: %#B\n", &id); + } + private->destroy(private); + } + else if (type == CRED_PUBLIC_KEY) + { + public = cred; + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &id)) + { + printf("subjectKeyIdentifier: %#B\n", &id); + } + if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &id)) + { + printf("subjectPublicKeyInfo hash: %#B\n", &id); + } + public->destroy(public); + } + else + { + cert = cred; + public = cert->get_public_key(cert); + if (!public) + { + fprintf(stderr, "extracting public key from certificate failed"); + return 1; + } + if (public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &id)) + { + printf("subjectKeyIdentifier: %#B\n", &id); + } + if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &id)) + { + printf("subjectPublicKeyInfo hash: %#B\n", &id); + } + public->destroy(public); + cert->destroy(cert); + } + return 0; +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) + { keyid, 'k', "keyid", + "calculate key identifiers of a key/certificate", + {"[--in file] [--type rsa-priv|ecdsa-priv|pub|pkcs10|x509]"}, + { + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "input file, default: stdin"}, + {"type", 't', 1, "type of key, default: rsa-priv"}, + } + }); +} + diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c new file mode 100644 index 000000000..de0444c1a --- /dev/null +++ b/src/pki/commands/pub.c @@ -0,0 +1,157 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pki.h" + +#include +#include + +/** + * Extract a public key from a private key/certificate + */ +static int pub() +{ + key_encoding_type_t form = KEY_PUB_SPKI_ASN1_DER; + credential_type_t type = CRED_PRIVATE_KEY; + int subtype = KEY_RSA; + certificate_t *cert; + private_key_t *private; + public_key_t *public; + chunk_t encoding; + char *file = NULL; + void *cred; + char *arg; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 't': + if (streq(arg, "rsa")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_RSA; + } + else if (streq(arg, "ecdsa")) + { + type = CRED_PRIVATE_KEY; + subtype = KEY_ECDSA; + } + else if (streq(arg, "pkcs10")) + { + type = CRED_CERTIFICATE; + subtype = CERT_PKCS10_REQUEST; + } + else if (streq(arg, "x509")) + { + type = CRED_CERTIFICATE; + subtype = CERT_X509; + } + else + { + return command_usage("invalid input type"); + } + continue; + case 'f': + if (!get_form(arg, &form, TRUE)) + { + return command_usage("invalid output format"); + } + continue; + case 'i': + file = arg; + continue; + case EOF: + break; + default: + return command_usage("invalid --pub option"); + } + break; + } + if (file) + { + cred = lib->creds->create(lib->creds, type, subtype, + BUILD_FROM_FILE, file, BUILD_END); + } + else + { + cred = lib->creds->create(lib->creds, type, subtype, + BUILD_FROM_FD, 0, BUILD_END); + } + + if (type == CRED_PRIVATE_KEY) + { + private = cred; + if (!private) + { + fprintf(stderr, "parsing private key failed\n"); + return 1; + } + public = private->get_public_key(private); + private->destroy(private); + } + else + { + cert = cred; + if (!cert) + { + fprintf(stderr, "parsing certificate failed\n"); + return 1; + } + public = cert->get_public_key(cert); + cert->destroy(cert); + } + if (!public) + { + fprintf(stderr, "extracting public key failed\n"); + return 1; + } + if (!public->get_encoding(public, form, &encoding)) + { + fprintf(stderr, "public key encoding failed\n"); + public->destroy(public); + return 1; + } + public->destroy(public); + if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) + { + fprintf(stderr, "writing public key failed\n"); + free(encoding.ptr); + return 1; + } + free(encoding.ptr); + return 0; +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) { + pub, 'p', "pub", + "extract the public key from a private key/certificate", + {"[--in file] [--type rsa|ecdsa|pkcs10|x509] [--outform der|pem|pgp]"}, + { + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "input file, default: stdin"}, + {"type", 't', 1, "type of credential, default: rsa"}, + {"outform", 'f', 1, "encoding of extracted public key"}, + } + }); +} + diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c new file mode 100644 index 000000000..8335f2595 --- /dev/null +++ b/src/pki/commands/req.c @@ -0,0 +1,184 @@ +/* + * Copyright (C) 2009 Martin Willi + * Copyright (C) 2009 Andreas Steffen + * + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "pki.h" + +#include +#include + +/** + * Create a self-signed PKCS#10 certificate requesst. + */ +static int req() +{ + key_type_t type = KEY_RSA; + hash_algorithm_t digest = HASH_SHA1; + certificate_t *cert = NULL; + private_key_t *private = NULL; + char *file = NULL, *dn = NULL, *error = NULL; + identification_t *id = NULL; + linked_list_t *san; + chunk_t encoding = chunk_empty; + chunk_t challenge_password = chunk_empty; + char *arg; + + san = linked_list_create(); + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + goto usage; + case 't': + if (streq(arg, "rsa")) + { + type = KEY_RSA; + } + else if (streq(arg, "ecdsa")) + { + type = KEY_ECDSA; + } + else + { + error = "invalid input type"; + goto usage; + } + continue; + case 'g': + digest = get_digest(arg); + if (digest == HASH_UNKNOWN) + { + error = "invalid --digest type"; + goto usage; + } + continue; + case 'i': + file = arg; + continue; + case 'd': + dn = arg; + continue; + case 'a': + san->insert_last(san, identification_create_from_string(arg)); + continue; + case 'p': + challenge_password = chunk_create(arg, strlen(arg)); + continue; + case EOF: + break; + default: + error = "invalid --req option"; + goto usage; + } + break; + } + + if (!dn) + { + error = "--dn is required"; + goto usage; + } + id = identification_create_from_string(dn); + if (id->get_type(id) != ID_DER_ASN1_DN) + { + error = "supplied --dn is not a distinguished name"; + goto end; + } + if (file) + { + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_FROM_FILE, file, BUILD_END); + } + else + { + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_FROM_FD, 0, BUILD_END); + } + if (!private) + { + error = "parsing private key failed"; + goto end; + } + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, + BUILD_SIGNING_KEY, private, + BUILD_SUBJECT, id, + BUILD_SUBJECT_ALTNAMES, san, + BUILD_PASSPHRASE, challenge_password, + BUILD_DIGEST_ALG, digest, + BUILD_END); + if (!cert) + { + error = "generating certificate request failed"; + goto end; + } + encoding = cert->get_encoding(cert); + if (!encoding.ptr) + { + error = "encoding certificate request failed"; + goto end; + } + if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) + { + error = "writing certificate request failed"; + goto end; + } + +end: + DESTROY_IF(id); + DESTROY_IF(cert); + DESTROY_IF(private); + san->destroy_offset(san, offsetof(identification_t, destroy)); + free(encoding.ptr); + + if (error) + { + fprintf(stderr, "%s\n", error); + return 1; + } + return 0; + +usage: + san->destroy_offset(san, offsetof(identification_t, destroy)); + return command_usage(error); +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) { + req, 'r', "req", + "create a PKCS#10 certificate request", + {"[--in file] [--type rsa|ecdsa]", + " --dn distinguished-name [--san subjectAltName]+", + "[--password challengePassword]", + "[--digest md5|sha1|sha224|sha256|sha384|sha512]"}, + { + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "private key input file, default: stdin"}, + {"type", 't', 1, "type of input key, default: rsa"}, + {"dn", 'd', 1, "subject distinguished name"}, + {"san", 'a', 1, "subjectAltName to include in cert request"}, + {"password",'p', 1, "challengePassword to include in cert request"}, + {"digest", 'g', 1, "digest for signature creation, default: sha1"}, + } + }); +} diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c new file mode 100644 index 000000000..30ae23be5 --- /dev/null +++ b/src/pki/commands/self.c @@ -0,0 +1,238 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "pki.h" + +#include +#include +#include + +/** + * Create a self signed certificate. + */ +static int self() +{ + key_type_t type = KEY_RSA; + hash_algorithm_t digest = HASH_SHA1; + certificate_t *cert = NULL; + private_key_t *private = NULL; + public_key_t *public = NULL; + char *file = NULL, *dn = NULL, *hex = NULL, *error = NULL; + identification_t *id = NULL; + linked_list_t *san, *ocsp; + int lifetime = 1080; + int pathlen = X509_NO_PATH_LEN_CONSTRAINT; + chunk_t serial = chunk_empty; + chunk_t encoding = chunk_empty; + time_t not_before, not_after; + x509_flag_t flags = 0; + char *arg; + + san = linked_list_create(); + ocsp = linked_list_create(); + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + goto usage; + case 't': + if (streq(arg, "rsa")) + { + type = KEY_RSA; + } + else if (streq(arg, "ecdsa")) + { + type = KEY_ECDSA; + } + else + { + error = "invalid input type"; + goto usage; + } + continue; + case 'g': + digest = get_digest(arg); + if (digest == HASH_UNKNOWN) + { + error = "invalid --digest type"; + goto usage; + } + continue; + case 'i': + file = arg; + continue; + case 'd': + dn = arg; + continue; + case 'a': + san->insert_last(san, identification_create_from_string(arg)); + continue; + case 'l': + lifetime = atoi(arg); + if (!lifetime) + { + error = "invalid --lifetime value"; + goto usage; + } + continue; + case 's': + hex = arg; + continue; + case 'b': + flags |= X509_CA; + continue; + case 'p': + pathlen = atoi(arg); + continue; + case 'o': + ocsp->insert_last(ocsp, arg); + continue; + case EOF: + break; + default: + error = "invalid --self option"; + goto usage; + } + break; + } + + if (!dn) + { + error = "--dn is required"; + goto usage; + } + id = identification_create_from_string(dn); + if (id->get_type(id) != ID_DER_ASN1_DN) + { + error = "supplied --dn is not a distinguished name"; + goto end; + } + if (file) + { + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_FROM_FILE, file, BUILD_END); + } + else + { + private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_FROM_FD, 0, BUILD_END); + } + if (!private) + { + error = "parsing private key failed"; + goto end; + } + public = private->get_public_key(private); + if (!public) + { + error = "extracting public key failed"; + goto end; + } + if (hex) + { + serial = chunk_from_hex(chunk_create(hex, strlen(hex)), NULL); + } + else + { + rng_t *rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + + if (!rng) + { + error = "no random number generator found"; + goto end; + } + rng->allocate_bytes(rng, 8, &serial); + rng->destroy(rng); + } + not_before = time(NULL); + not_after = not_before + lifetime * 24 * 60 * 60; + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_SIGNING_KEY, private, BUILD_PUBLIC_KEY, public, + BUILD_SUBJECT, id, BUILD_NOT_BEFORE_TIME, not_before, + BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial, + BUILD_DIGEST_ALG, digest, BUILD_X509_FLAG, flags, + BUILD_PATHLEN, pathlen, BUILD_SUBJECT_ALTNAMES, san, + BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END); + if (!cert) + { + error = "generating certificate failed"; + goto end; + } + encoding = cert->get_encoding(cert); + if (!encoding.ptr) + { + error = "encoding certificate failed"; + goto end; + } + if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) + { + error = "writing certificate key failed"; + goto end; + } + +end: + DESTROY_IF(id); + DESTROY_IF(cert); + DESTROY_IF(public); + DESTROY_IF(private); + san->destroy_offset(san, offsetof(identification_t, destroy)); + ocsp->destroy(ocsp); + free(encoding.ptr); + free(serial.ptr); + + if (error) + { + fprintf(stderr, "%s\n", error); + return 1; + } + return 0; + +usage: + san->destroy_offset(san, offsetof(identification_t, destroy)); + ocsp->destroy(ocsp); + return command_usage(error); +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) { + self, 's', "self", + "create a self signed certificate", + {"[--in file] [--type rsa|ecdsa]", + " --dn distinguished-name [--san subjectAltName]+", + "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+", + "[--digest md5|sha1|sha224|sha256|sha384|sha512]"}, + { + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "private key input file, default: stdin"}, + {"type", 't', 1, "type of input key, default: rsa"}, + {"dn", 'd', 1, "subject and issuer distinguished name"}, + {"san", 'a', 1, "subjectAltName to include in certificate"}, + {"lifetime",'l', 1, "days the certificate is valid, default: 1080"}, + {"serial", 's', 1, "serial number in hex, default: random"}, + {"ca", 'b', 0, "include CA basicConstraint, default: no"}, + {"pathlen", 'p', 1, "set path length constraint"}, + {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, + {"digest", 'g', 1, "digest for signature creation, default: sha1"}, + } + }); +} diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c new file mode 100644 index 000000000..bbcc53891 --- /dev/null +++ b/src/pki/commands/verify.c @@ -0,0 +1,136 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pki.h" + +#include +#include + +/** + * Verify a certificate signature + */ +static int verify() +{ + certificate_t *cert, *ca; + char *file = NULL, *cafile = NULL; + bool good = FALSE; + char *arg; + + while (TRUE) + { + switch (command_getopt(&arg)) + { + case 'h': + return command_usage(NULL); + case 'i': + file = arg; + continue; + case 'c': + cafile = arg; + continue; + case EOF: + break; + default: + return command_usage("invalid --verify option"); + } + break; + } + + if (file) + { + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, file, BUILD_END); + } + else + { + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FD, 0, BUILD_END); + } + if (!cert) + { + fprintf(stderr, "parsing certificate failed\n"); + return 1; + } + if (cafile) + { + ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, cafile, BUILD_END); + if (!ca) + { + fprintf(stderr, "parsing CA certificate failed\n"); + return 1; + } + } + else + { + ca = cert; + } + if (cert->issued_by(cert, ca)) + { + if (cert->get_validity(cert, NULL, NULL, NULL)) + { + if (cafile) + { + if (ca->get_validity(ca, NULL, NULL, NULL)) + { + printf("signature good, certificates valid\n"); + good = TRUE; + } + else + { + printf("signature good, CA certificates not valid now\n"); + } + } + else + { + printf("signature good, certificate valid\n"); + good = TRUE; + } + } + else + { + printf("certificate not valid now\n"); + } + } + else + { + printf("signature invalid\n"); + } + if (cafile) + { + ca->destroy(ca); + } + cert->destroy(cert); + + return good ? 0 : 2; +} + +/** + * Register the command. + */ +static void __attribute__ ((constructor))reg() +{ + command_register((command_t) { + verify, 'v', "verify", + "verify a certificate using the CA certificate", + {"[--in file] [--ca file]"}, + { + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "X.509 certificate to verify, default: stdin"}, + {"cacert", 'c', 1, "CA certificate, default: verify self signed"}, + } + }); +} + diff --git a/src/pki/pki.c b/src/pki/pki.c new file mode 100644 index 000000000..0912d5051 --- /dev/null +++ b/src/pki/pki.c @@ -0,0 +1,101 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "command.h" +#include "pki.h" + +#include + +/** + * Convert a form string to a encoding type + */ +bool get_form(char *form, key_encoding_type_t *type, bool pub) +{ + if (streq(form, "der")) + { + /* der encoded keys usually contain the complete SubjectPublicKeyInfo */ + *type = pub ? KEY_PUB_SPKI_ASN1_DER : KEY_PRIV_ASN1_DER; + } + else if (streq(form, "pem")) + { + *type = pub ? KEY_PUB_PEM : KEY_PRIV_PEM; + } + else if (streq(form, "pgp")) + { + *type = pub ? KEY_PUB_PGP : KEY_PRIV_PGP; + } + else + { + return FALSE; + } + return TRUE; +} + +/** + * Convert a digest string to a hash algorithm + */ +hash_algorithm_t get_digest(char *name) +{ + if (streq(name, "md5")) + { + return HASH_MD5; + } + if (streq(name, "sha1")) + { + return HASH_SHA1; + } + if (streq(name, "sha224")) + { + return HASH_SHA224; + } + if (streq(name, "sha256")) + { + return HASH_SHA256; + } + if (streq(name, "sha384")) + { + return HASH_SHA384; + } + if (streq(name, "sha512")) + { + return HASH_SHA512; + } + return HASH_UNKNOWN; +} + +/** + * Library initialization and operation parsing + */ +int main(int argc, char *argv[]) +{ + atexit(library_deinit); + if (!library_init(NULL)) + { + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "pki", argv[0])) + { + fprintf(stderr, "integrity check of pki failed\n"); + exit(SS_RC_DAEMON_INTEGRITY); + } + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "pki.load", PLUGINS))) + { + exit(SS_RC_INITIALIZATION_FAILED); + } + return command_dispatch(argc, argv); +} + diff --git a/src/pki/pki.h b/src/pki/pki.h new file mode 100644 index 000000000..01b103c8f --- /dev/null +++ b/src/pki/pki.h @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pki pki + * @{ @ingroup pki + */ + +#ifndef PKI_H_ +#define PKI_H_ + +#include "command.h" + +#include +#include + +/** + * Convert a form string to a encoding type + */ +bool get_form(char *form, key_encoding_type_t *type, bool pub); + +/** + * Convert a digest string to a hash algorithm + */ +hash_algorithm_t get_digest(char *name); + +#endif /** PKI_H_ @}*/ diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am index c9cb6651f..b83e4be33 100644 --- a/src/pluto/Makefile.am +++ b/src/pluto/Makefile.am @@ -20,7 +20,6 @@ demux.c demux.h \ dnskey.c dnskey.h \ fetch.c fetch.h \ foodgroups.c foodgroups.h \ -id.c id.h \ ike_alg.c ike_alg.h \ ipsec_doi.c ipsec_doi.h \ kameipsec.h \ @@ -32,12 +31,11 @@ kernel_pfkey.c kernel_pfkey.h \ keys.c keys.h \ lex.c lex.h \ log.c log.h \ +myid.c myid.h \ modecfg.c modecfg.h \ nat_traversal.c nat_traversal.h \ ocsp.c ocsp.h \ packet.c packet.h \ -pem.c pem.h \ -pgpcert.c pgpcert.h \ pkcs7.c pkcs7.h \ plutomain.c \ rcv_whack.c rcv_whack.h \ @@ -50,6 +48,7 @@ vendor.c vendor.h \ virtual.c virtual.h \ xauth.c xauth.h \ x509.c x509.h \ +builder.c builder.h \ rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h _pluto_adns_SOURCES = adns.c adns.h @@ -58,26 +57,25 @@ LIBSTRONGSWANDIR=$(top_builddir)/src/libstrongswan LIBFREESWANDIR=$(top_builddir)/src/libfreeswan INCLUDES = \ --I${linuxdir} \ +-I${linux_headers} \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libfreeswan \ -I$(top_srcdir)/src/whack AM_CFLAGS = \ -DIPSEC_DIR=\"${ipsecdir}\" \ --DIPSEC_CONFDIR=\"${confdir}\" \ +-DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" \ --DSHARED_SECRETS_FILE=\"${confdir}/ipsec.secrets\" \ --DIPSEC_PLUGINDIR=\"${plugindir}\" \ +-DSHARED_SECRETS_FILE=\"${sysconfdir}/ipsec.secrets\" \ -DPLUGINS=\""${pluto_plugins}\"" \ --DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ +-DPKCS11_DEFAULT_LIB=\"${default_pkcs11}\" \ -DKERNEL26_SUPPORT -DKERNEL26_HAS_KAME_DUPLICATES \ -DPLUTO -DKLIPS -DDEBUG pluto_LDADD = \ $(LIBSTRONGSWANDIR)/libstrongswan.la \ $(LIBFREESWANDIR)/libfreeswan.a \ --lresolv -lpthread $(DLLIB) +-lresolv $(PTHREADLIB) $(DLLIB) _pluto_adns_LDADD = \ $(LIBFREESWANDIR)/libfreeswan.a \ diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in index 871f0c905..c93756c44 100644 --- a/src/pluto/Makefile.in +++ b/src/pluto/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -20,8 +21,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -58,14 +60,21 @@ subdir = src/pluto DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(ipsec_PROGRAMS) am__pluto_adns_OBJECTS = adns.$(OBJEXT) _pluto_adns_OBJECTS = $(am__pluto_adns_OBJECTS) @@ -77,23 +86,24 @@ am_pluto_OBJECTS = ac.$(OBJEXT) alg_info.$(OBJEXT) ca.$(OBJEXT) \ cookie.$(OBJEXT) crl.$(OBJEXT) crypto.$(OBJEXT) \ db_ops.$(OBJEXT) defs.$(OBJEXT) demux.$(OBJEXT) \ dnskey.$(OBJEXT) fetch.$(OBJEXT) foodgroups.$(OBJEXT) \ - id.$(OBJEXT) ike_alg.$(OBJEXT) ipsec_doi.$(OBJEXT) \ - kernel.$(OBJEXT) kernel_alg.$(OBJEXT) kernel_netlink.$(OBJEXT) \ + ike_alg.$(OBJEXT) ipsec_doi.$(OBJEXT) kernel.$(OBJEXT) \ + kernel_alg.$(OBJEXT) kernel_netlink.$(OBJEXT) \ kernel_noklips.$(OBJEXT) kernel_pfkey.$(OBJEXT) keys.$(OBJEXT) \ - lex.$(OBJEXT) log.$(OBJEXT) modecfg.$(OBJEXT) \ + lex.$(OBJEXT) log.$(OBJEXT) myid.$(OBJEXT) modecfg.$(OBJEXT) \ nat_traversal.$(OBJEXT) ocsp.$(OBJEXT) packet.$(OBJEXT) \ - pem.$(OBJEXT) pgpcert.$(OBJEXT) pkcs7.$(OBJEXT) \ - plutomain.$(OBJEXT) rcv_whack.$(OBJEXT) server.$(OBJEXT) \ - smartcard.$(OBJEXT) spdb.$(OBJEXT) state.$(OBJEXT) \ - timer.$(OBJEXT) vendor.$(OBJEXT) virtual.$(OBJEXT) \ - xauth.$(OBJEXT) x509.$(OBJEXT) + pkcs7.$(OBJEXT) plutomain.$(OBJEXT) rcv_whack.$(OBJEXT) \ + server.$(OBJEXT) smartcard.$(OBJEXT) spdb.$(OBJEXT) \ + state.$(OBJEXT) timer.$(OBJEXT) vendor.$(OBJEXT) \ + virtual.$(OBJEXT) xauth.$(OBJEXT) x509.$(OBJEXT) \ + builder.$(OBJEXT) pluto_OBJECTS = $(am_pluto_OBJECTS) pluto_DEPENDENCIES = $(LIBSTRONGSWANDIR)/libstrongswan.la \ $(LIBFREESWANDIR)/libfreeswan.a $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -105,6 +115,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(_pluto_adns_SOURCES) $(pluto_SOURCES) DIST_SOURCES = $(_pluto_adns_SOURCES) $(pluto_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff @@ -145,25 +176,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -175,11 +203,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -208,9 +239,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -233,7 +264,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -241,6 +272,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -249,10 +281,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -260,6 +294,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ pluto_SOURCES = \ @@ -278,7 +313,6 @@ demux.c demux.h \ dnskey.c dnskey.h \ fetch.c fetch.h \ foodgroups.c foodgroups.h \ -id.c id.h \ ike_alg.c ike_alg.h \ ipsec_doi.c ipsec_doi.h \ kameipsec.h \ @@ -290,12 +324,11 @@ kernel_pfkey.c kernel_pfkey.h \ keys.c keys.h \ lex.c lex.h \ log.c log.h \ +myid.c myid.h \ modecfg.c modecfg.h \ nat_traversal.c nat_traversal.h \ ocsp.c ocsp.h \ packet.c packet.h \ -pem.c pem.h \ -pgpcert.c pgpcert.h \ pkcs7.c pkcs7.h \ plutomain.c \ rcv_whack.c rcv_whack.h \ @@ -308,29 +341,29 @@ vendor.c vendor.h \ virtual.c virtual.h \ xauth.c xauth.h \ x509.c x509.h \ +builder.c builder.h \ rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h _pluto_adns_SOURCES = adns.c adns.h LIBSTRONGSWANDIR = $(top_builddir)/src/libstrongswan LIBFREESWANDIR = $(top_builddir)/src/libfreeswan INCLUDES = \ --I${linuxdir} \ +-I${linux_headers} \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libfreeswan \ -I$(top_srcdir)/src/whack -AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" \ - -DIPSEC_PIDDIR=\"${piddir}\" \ - -DSHARED_SECRETS_FILE=\"${confdir}/ipsec.secrets\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\" \ +AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \ + -DSHARED_SECRETS_FILE=\"${sysconfdir}/ipsec.secrets\" \ -DPLUGINS=\""${pluto_plugins}\"" \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" -DKERNEL26_SUPPORT \ + -DPKCS11_DEFAULT_LIB=\"${default_pkcs11}\" -DKERNEL26_SUPPORT \ -DKERNEL26_HAS_KAME_DUPLICATES -DPLUTO -DKLIPS -DDEBUG \ $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_4) $(am__append_5) $(am__append_7) pluto_LDADD = $(LIBSTRONGSWANDIR)/libstrongswan.la \ - $(LIBFREESWANDIR)/libfreeswan.a -lresolv -lpthread $(DLLIB) \ - $(am__append_6) + $(LIBFREESWANDIR)/libfreeswan.a -lresolv $(PTHREADLIB) \ + $(DLLIB) $(am__append_6) _pluto_adns_LDADD = \ $(LIBFREESWANDIR)/libfreeswan.a \ -lresolv $(DLLIB) @@ -349,9 +382,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pluto/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/pluto/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pluto/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/pluto/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -369,34 +402,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list _pluto_adns$(EXEEXT): $(_pluto_adns_OBJECTS) $(_pluto_adns_DEPENDENCIES) @rm -f _pluto_adns$(EXEEXT) $(LINK) $(_pluto_adns_OBJECTS) $(_pluto_adns_LDADD) $(LIBS) @@ -413,6 +462,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ac.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/adns.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alg_info.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/builder.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ca.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certs.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connections.Po@am__quote@ @@ -426,7 +476,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnskey.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fetch.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/foodgroups.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_alg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipsec_doi.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel.Po@am__quote@ @@ -438,11 +487,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lex.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/modecfg.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/myid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nat_traversal.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgpcert.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plutomain.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rcv_whack.Po@am__quote@ @@ -458,21 +506,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -482,96 +530,82 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man5: $(man5_MANS) $(man_MANS) +install-man5: $(dist_man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man5dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + uninstall-man5: @$(NORMAL_UNINSTALL) - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } +install-man8: $(dist_man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -585,7 +619,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -593,34 +627,52 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -636,13 +688,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -673,6 +729,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -694,6 +751,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -702,18 +761,28 @@ install-data-am: install-ipsecPROGRAMS install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man5 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -756,6 +825,7 @@ uninstall-man: uninstall-man5 uninstall-man8 uninstall-ipsecPROGRAMS uninstall-man uninstall-man5 \ uninstall-man8 + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/pluto/ac.c b/src/pluto/ac.c index 3b5df9738..d8b16112f 100644 --- a/src/pluto/ac.c +++ b/src/pluto/ac.c @@ -1,6 +1,7 @@ /* Support of X.509 attribute certificates * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler * Copyright (C) 2003 Martin Berner, Lukas Suter + * Copyright (C) 2009 Andreas Steffen * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -13,971 +14,284 @@ * for more details. */ -#include -#include -#include -#include -#include +#include #include -#include -#include - -#include -#include -#include -#include +#include +#include +#include +#include #include "ac.h" -#include "x509.h" -#include "crl.h" #include "ca.h" #include "certs.h" -#include "log.h" -#include "whack.h" #include "fetch.h" +#include "log.h" /** * Chained list of X.509 attribute certificates */ -static x509acert_t *x509acerts = NULL; - -/** - * Chained list of ietfAttributes - */ -static ietfAttrList_t *ietfAttributes = NULL; - -/** - * ASN.1 definition of ietfAttrSyntax - */ -static const asn1Object_t ietfAttrSyntaxObjects[] = -{ - { 0, "ietfAttrSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "policyAuthority", ASN1_CONTEXT_C_0, ASN1_OPT | - ASN1_BODY }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ - { 1, "values", ASN1_SEQUENCE, ASN1_LOOP }, /* 3 */ - { 2, "octets", ASN1_OCTET_STRING, ASN1_OPT | - ASN1_BODY }, /* 4 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 5 */ - { 2, "oid", ASN1_OID, ASN1_OPT | - ASN1_BODY }, /* 6 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 2, "string", ASN1_UTF8STRING, ASN1_OPT | - ASN1_BODY }, /* 8 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */ - { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; - -#define IETF_ATTR_OCTETS 4 -#define IETF_ATTR_OID 6 -#define IETF_ATTR_STRING 8 - -/** - * ASN.1 definition of roleSyntax - */ -static const asn1Object_t roleSyntaxObjects[] = -{ - { 0, "roleSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "roleAuthority", ASN1_CONTEXT_C_0, ASN1_OPT | - ASN1_OBJ }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ - { 1, "roleName", ASN1_CONTEXT_C_1, ASN1_OBJ }, /* 3 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; - -/** - * ASN.1 definition of an X509 attribute certificate - */ -static const asn1Object_t acObjects[] = -{ - { 0, "AttributeCertificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "AttributeCertificateInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */ - { 2, "version", ASN1_INTEGER, ASN1_DEF | - ASN1_BODY }, /* 2 */ - { 2, "holder", ASN1_SEQUENCE, ASN1_NONE }, /* 3 */ - { 3, "baseCertificateID", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 4 */ - { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 5 */ - { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 6 */ - { 4, "issuerUID", ASN1_BIT_STRING, ASN1_OPT | - ASN1_BODY }, /* 7 */ - { 4, "end opt", ASN1_EOC, ASN1_END }, /* 8 */ - { 3, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ - { 3, "entityName", ASN1_CONTEXT_C_1, ASN1_OPT | - ASN1_OBJ }, /* 10 */ - { 3, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ - { 3, "objectDigestInfo", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 12 */ - { 4, "digestedObjectType", ASN1_ENUMERATED, ASN1_BODY }, /* 13 */ - { 4, "otherObjectTypeID", ASN1_OID, ASN1_OPT | - ASN1_BODY }, /* 14 */ - { 4, "end opt", ASN1_EOC, ASN1_END }, /* 15 */ - { 4, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 16 */ - { 3, "end opt", ASN1_EOC, ASN1_END }, /* 17 */ - { 2, "v2Form", ASN1_CONTEXT_C_0, ASN1_NONE }, /* 18 */ - { 3, "issuerName", ASN1_SEQUENCE, ASN1_OPT | - ASN1_OBJ }, /* 19 */ - { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */ - { 3, "baseCertificateID", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 21 */ - { 4, "issuerSerial", ASN1_SEQUENCE, ASN1_NONE }, /* 22 */ - { 5, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 23 */ - { 5, "serial", ASN1_INTEGER, ASN1_BODY }, /* 24 */ - { 5, "issuerUID", ASN1_BIT_STRING, ASN1_OPT | - ASN1_BODY }, /* 25 */ - { 5, "end opt", ASN1_EOC, ASN1_END }, /* 26 */ - { 3, "end opt", ASN1_EOC, ASN1_END }, /* 27 */ - { 3, "objectDigestInfo", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 28 */ - { 4, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 29 */ - { 5, "digestedObjectType", ASN1_ENUMERATED, ASN1_BODY }, /* 30 */ - { 5, "otherObjectTypeID", ASN1_OID, ASN1_OPT | - ASN1_BODY }, /* 31 */ - { 5, "end opt", ASN1_EOC, ASN1_END }, /* 32 */ - { 5, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 33 */ - { 3, "end opt", ASN1_EOC, ASN1_END }, /* 34 */ - { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 35 */ - { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 36 */ - { 2, "attrCertValidityPeriod", ASN1_SEQUENCE, ASN1_NONE }, /* 37 */ - { 3, "notBeforeTime", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 38 */ - { 3, "notAfterTime", ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 39 */ - { 2, "attributes", ASN1_SEQUENCE, ASN1_LOOP }, /* 40 */ - { 3, "attribute", ASN1_SEQUENCE, ASN1_NONE }, /* 41 */ - { 4, "type", ASN1_OID, ASN1_BODY }, /* 42 */ - { 4, "values", ASN1_SET, ASN1_LOOP }, /* 43 */ - { 5, "value", ASN1_EOC, ASN1_RAW }, /* 44 */ - { 4, "end loop", ASN1_EOC, ASN1_END }, /* 45 */ - { 2, "end loop", ASN1_EOC, ASN1_END }, /* 46 */ - { 2, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 47 */ - { 3, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 48 */ - { 4, "extnID", ASN1_OID, ASN1_BODY }, /* 49 */ - { 4, "critical", ASN1_BOOLEAN, ASN1_DEF | - ASN1_BODY }, /* 50 */ - { 4, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 51 */ - { 2, "end loop", ASN1_EOC, ASN1_END }, /* 52 */ - { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 53 */ - { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 54 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; - -#define AC_OBJ_CERTIFICATE 0 -#define AC_OBJ_CERTIFICATE_INFO 1 -#define AC_OBJ_VERSION 2 -#define AC_OBJ_HOLDER_ISSUER 5 -#define AC_OBJ_HOLDER_SERIAL 6 -#define AC_OBJ_ENTITY_NAME 10 -#define AC_OBJ_ISSUER_NAME 19 -#define AC_OBJ_ISSUER 23 -#define AC_OBJ_SIG_ALG 35 -#define AC_OBJ_SERIAL_NUMBER 36 -#define AC_OBJ_NOT_BEFORE 38 -#define AC_OBJ_NOT_AFTER 39 -#define AC_OBJ_ATTRIBUTE_TYPE 42 -#define AC_OBJ_ATTRIBUTE_VALUE 44 -#define AC_OBJ_EXTN_ID 49 -#define AC_OBJ_CRITICAL 50 -#define AC_OBJ_EXTN_VALUE 51 -#define AC_OBJ_ALGORITHM 53 -#define AC_OBJ_SIGNATURE 54 - -const x509acert_t empty_ac = { - NULL , /* *next */ - 0 , /* installed */ - { NULL, 0 }, /* certificate */ - { NULL, 0 }, /* certificateInfo */ - 1 , /* version */ - /* holder */ - /* baseCertificateID */ - { NULL, 0 }, /* holderIssuer */ - { NULL, 0 }, /* holderSerial */ - /* entityName */ - { NULL, 0 }, /* generalNames */ - /* v2Form */ - { NULL, 0 }, /* issuerName */ - /* signature */ - OID_UNKNOWN, /* sigAlg */ - { NULL, 0 }, /* serialNumber */ - /* attrCertValidityPeriod */ - 0 , /* notBefore */ - 0 , /* notAfter */ - /* attributes */ - NULL , /* charging */ - NULL , /* groups */ - /* extensions */ - { NULL, 0 }, /* authKeyID */ - { NULL, 0 }, /* authKeySerialNumber */ - FALSE , /* noRevAvail */ - /* signatureAlgorithm */ - OID_UNKNOWN, /* algorithm */ - { NULL, 0 }, /* signature */ -}; - +static linked_list_t *acerts = NULL; /** - * compare two ietfAttributes, returns zero if a equals b - * negative/positive if a is earlier/later in the alphabet than b + * Initialize the linked list of attribute certificates */ -static int cmp_ietfAttr(ietfAttr_t *a,ietfAttr_t *b) +void ac_initialize(void) { - int cmp_len, len, cmp_value; - - /* cannot compare OID with STRING or OCTETS attributes */ - if (a->kind == IETF_ATTRIBUTE_OID && b->kind != IETF_ATTRIBUTE_OID) - return 1; - - cmp_len = a->value.len - b->value.len; - len = (cmp_len < 0)? a->value.len : b->value.len; - cmp_value = memcmp(a->value.ptr, b->value.ptr, len); - - return (cmp_value == 0)? cmp_len : cmp_value; + acerts = linked_list_create(); } /** - * add an ietfAttribute to the chained list + * Free the linked list of attribute certificates */ -static ietfAttr_t* add_ietfAttr(ietfAttr_t *attr) +void ac_finalize(void) { - ietfAttrList_t **listp = &ietfAttributes; - ietfAttrList_t *list = *listp; - int cmp = -1; - - while (list != NULL) - { - cmp = cmp_ietfAttr(attr, list->attr); - if (cmp <= 0) - break; - listp = &list->next; - list = *listp; - } - - if (cmp == 0) - { - /* attribute already exists, increase count */ - free(attr); - list->attr->count++; - return list->attr; - } - else + if (acerts) { - ietfAttrList_t *el = malloc_thing(ietfAttrList_t); - - /* new attribute, unshare value */ - attr->value = chunk_clone(attr->value); - attr->count = 1; - time(&attr->installed); - - el->attr = attr; - el->next = list; - *listp = el; - - return attr; + acerts->destroy_offset(acerts, offsetof(certificate_t, destroy)); } } /** - * decodes a comma separated list of group attributes + * Get a X.509 attribute certificate for a given holder */ -void decode_groups(char *groups, ietfAttrList_t **listp) +certificate_t* ac_get_cert(identification_t *issuer, chunk_t serial) { - if (groups == NULL) - return; + enumerator_t *enumerator; + certificate_t *cert, *found = NULL; - while (strlen(groups) > 0) + enumerator = acerts->create_enumerator(acerts); + while (enumerator->enumerate(enumerator, &cert)) { - char *end; - char *next = strchr(groups, ','); - - if (next == NULL) - end = next = groups + strlen(groups); - else - end = next++; - - /* eat preceeding whitespace */ - while (groups < end && *groups == ' ') - groups++; + ac_t *ac = (ac_t*)cert; - /* eat trailing whitespace */ - while (end > groups && *(end-1) == ' ') - end--; - - if (groups < end) + if (issuer->equals(issuer, ac->get_holderIssuer(ac)) && + chunk_equals(serial, ac->get_holderSerial(ac))) { - ietfAttr_t *attr = malloc_thing(ietfAttr_t); - ietfAttrList_t *el = malloc_thing(ietfAttrList_t); - - attr->kind = IETF_ATTRIBUTE_STRING; - attr->value.ptr = groups; - attr->value.len = end - groups; - attr->count = 0; - - el->attr = add_ietfAttr(attr); - el->next = *listp; - *listp = el; + found = cert; + break; } - - groups = next; } + enumerator->destroy(enumerator); + return found; } -static bool same_attribute(const ietfAttr_t *a, const ietfAttr_t *b) +/** + * Verifies a X.509 attribute certificate + */ +bool ac_verify_cert(certificate_t *cert, bool strict) { - return (a->kind == b->kind && a->value.len == b->value.len - && memeq(a->value.ptr, b->value.ptr, b->value.len)); -} + ac_t *ac = (ac_t*)cert; + identification_t *subject = cert->get_subject(cert); + identification_t *issuer = cert->get_issuer(cert); + chunk_t authKeyID = ac->get_authKeyIdentifier(ac); + cert_t *aacert; + time_t notBefore, valid_until; -bool group_membership(const ietfAttrList_t *peer_list - , const char *conn - , const ietfAttrList_t *conn_list) -{ - if (conn_list == NULL) - return TRUE; + DBG1("holder: '%Y'", subject); + DBG1("issuer: '%Y'", issuer); - while (peer_list != NULL) + if (!cert->get_validity(cert, NULL, NULL, &valid_until)) { - const ietfAttr_t *peer_attr = peer_list->attr; - const ietfAttrList_t *list = conn_list; - - while (list != NULL) - { - ietfAttr_t *conn_attr = list->attr; - - if (same_attribute(conn_attr, peer_attr)) - { - DBG(DBG_CONTROL, - DBG_log("%s: peer matches group '%.*s'" - , conn - , (int)peer_attr->value.len, peer_attr->value.ptr) - ) - return TRUE; - } - list = list->next; - } - peer_list = peer_list->next; + DBG1("attribute certificate is invalid (valid from %T to %T)", + ¬Before, FALSE, &valid_until, FALSE); + return FALSE; } - DBG(DBG_CONTROL, - DBG_log("%s: peer doesn't match any group", conn) - ) - return FALSE; -} + DBG1("attribute certificate is valid until %T", &valid_until, FALSE); -void unshare_ietfAttrList(ietfAttrList_t **listp) -{ - ietfAttrList_t *list = *listp; + lock_authcert_list("verify_x509acert"); + aacert = get_authcert(issuer, authKeyID, X509_AA); + unlock_authcert_list("verify_x509acert"); - while (list != NULL) + if (aacert == NULL) { - ietfAttrList_t *el = malloc_thing(ietfAttrList_t); - - el->attr = list->attr; - el->attr->count++; - el->next = NULL; - *listp = el; - listp = &el->next; - list = list->next; + DBG1("issuer aacert not found"); + return FALSE; } -} - -/** - * Parses ietfAttrSyntax - */ -static ietfAttrList_t* parse_ietfAttrSyntax(chunk_t blob, int level0) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; + DBG2("issuer aacert found"); - ietfAttrList_t *list = NULL; - - parser = asn1_parser_create(ietfAttrSyntaxObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) + if (!cert->issued_by(cert, aacert->cert)) { - switch (objectID) - { - case IETF_ATTR_OCTETS: - case IETF_ATTR_OID: - case IETF_ATTR_STRING: - { - ietfAttr_t *attr = malloc_thing(ietfAttr_t); - ietfAttrList_t *el = malloc_thing(ietfAttrList_t); - - attr->kind = (objectID - IETF_ATTR_OCTETS) / 2; - attr->value = object; - attr->count = 0; - - el->attr = add_ietfAttr(attr); - el->next = list; - list = el; - } - break; - default: - break; - } + DBG1("attribute certificate signature is invalid"); + return FALSE; } - parser->destroy(parser); - return list; -} - -/** - * Parses roleSyntax - */ -static void parse_roleSyntax(chunk_t blob, int level0) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; + DBG1("attribute certificate signature is valid"); - parser = asn1_parser_create(roleSyntaxObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - default: - break; - } - } - parser->destroy(parser); + return verify_x509cert(aacert, strict, &valid_until); } /** - * Parses an X.509 attribute certificate + * Add a X.509 attribute certificate to the chained list */ -bool parse_ac(chunk_t blob, x509acert_t *ac) +static void ac_add_cert(certificate_t *cert) { - asn1_parser_t *parser; - chunk_t object; - int objectID; - int type = OID_UNKNOWN; - int extn_oid = OID_UNKNOWN; - bool success = FALSE; - bool critical; + ac_t *ac = (ac_t*)cert; + identification_t *hIssuer = ac->get_holderIssuer(ac); + chunk_t hSerial = ac->get_holderSerial(ac); - parser = asn1_parser_create(acObjects, blob); + enumerator_t *enumerator; + certificate_t *cert_old; - while (parser->iterate(parser, &objectID, &object)) + enumerator = acerts->create_enumerator(acerts); + while (enumerator->enumerate(enumerator, &cert_old)) { - u_int level = parser->get_level(parser)+1; + ac_t *ac_old = (ac_t*)cert_old; - switch (objectID) + if (hIssuer->equals(hIssuer, ac_old->get_holderIssuer(ac_old)) && + chunk_equals(hSerial, ac_old->get_holderSerial(ac_old))) { - case AC_OBJ_CERTIFICATE: - ac->certificate = object; - break; - case AC_OBJ_CERTIFICATE_INFO: - ac->certificateInfo = object; - break; - case AC_OBJ_VERSION: - ac->version = (object.len) ? (1 + (u_int)*object.ptr) : 1; - DBG(DBG_PARSING, - DBG_log(" v%d", ac->version); - ) - if (ac->version != 2) + if (cert->is_newer(cert, cert_old)) { - plog("v%d attribute certificates are not supported" - , ac->version); - goto end; + acerts->remove_at(acerts, enumerator); + cert_old->destroy(cert_old); } - break; - case AC_OBJ_HOLDER_ISSUER: - ac->holderIssuer = get_directoryName(object, level, FALSE); - break; - case AC_OBJ_HOLDER_SERIAL: - ac->holderSerial = object; - break; - case AC_OBJ_ENTITY_NAME: - ac->entityName = get_directoryName(object, level, TRUE); - break; - case AC_OBJ_ISSUER_NAME: - ac->issuerName = get_directoryName(object, level, FALSE); - break; - case AC_OBJ_SIG_ALG: - ac->sigAlg = asn1_parse_algorithmIdentifier(object, level, NULL); - break; - case AC_OBJ_SERIAL_NUMBER: - ac->serialNumber = object; - break; - case AC_OBJ_NOT_BEFORE: - ac->notBefore = asn1_to_time(&object, ASN1_GENERALIZEDTIME); - break; - case AC_OBJ_NOT_AFTER: - ac->notAfter = asn1_to_time(&object, ASN1_GENERALIZEDTIME); - break; - case AC_OBJ_ATTRIBUTE_TYPE: - type = asn1_known_oid(object); - break; - case AC_OBJ_ATTRIBUTE_VALUE: + else { - switch (type) { - case OID_AUTHENTICATION_INFO: - DBG(DBG_PARSING, - DBG_log(" need to parse authenticationInfo") - ) - break; - case OID_ACCESS_IDENTITY: - DBG(DBG_PARSING, - DBG_log(" need to parse accessIdentity") - ) - break; - case OID_CHARGING_IDENTITY: - ac->charging = parse_ietfAttrSyntax(object, level); - break; - case OID_GROUP: - ac->groups = parse_ietfAttrSyntax(object, level); - break; - case OID_ROLE: - parse_roleSyntax(object, level); - break; - default: - break; - } + cert->destroy(cert); + cert = NULL; } break; - case AC_OBJ_EXTN_ID: - extn_oid = asn1_known_oid(object); - break; - case AC_OBJ_CRITICAL: - critical = object.len && *object.ptr; - DBG(DBG_PARSING, - DBG_log(" %s",(critical)?"TRUE":"FALSE"); - ) - break; - case AC_OBJ_EXTN_VALUE: - { - switch (extn_oid) { - case OID_CRL_DISTRIBUTION_POINTS: - DBG(DBG_PARSING, - DBG_log(" need to parse crlDistributionPoints") - ) - break; - case OID_AUTHORITY_KEY_ID: - parse_authorityKeyIdentifier(object, level - , &ac->authKeyID, &ac->authKeySerialNumber); - break; - case OID_TARGET_INFORMATION: - DBG(DBG_PARSING, - DBG_log(" need to parse targetInformation") - ) - break; - case OID_NO_REV_AVAIL: - ac->noRevAvail = TRUE; - break; - default: - break; - } - } - break; - case AC_OBJ_ALGORITHM: - ac->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); - break; - case AC_OBJ_SIGNATURE: - ac->signature = object; - break; - - default: - break; } } - success = parser->success(parser); - time(&ac->installed); - -end: - parser->destroy(parser); - return success; -} + enumerator->destroy(enumerator); -/** - * Release an ietfAttribute, free it if count reaches zero - */ -static void release_ietfAttr(ietfAttr_t* attr) -{ - if (--attr->count == 0) + if (cert) { - ietfAttrList_t **plist = &ietfAttributes; - ietfAttrList_t *list = *plist; - - while (list->attr != attr) - { - plist = &list->next; - list = *plist; - } - *plist = list->next; - - free(attr->value.ptr); - free(attr); - free(list); + acerts->insert_last(acerts, cert); } } /** - * Free an ietfAttrList + * Check if at least one peer attribute matches a connection attribute */ -void free_ietfAttrList(ietfAttrList_t* list) +bool match_group_membership(ietf_attributes_t *peer_attributes, char *conn, + ietf_attributes_t *conn_attributes) { - while (list != NULL) - { - ietfAttrList_t *el = list; - - release_ietfAttr(el->attr); - list = list->next; - free(el); - } -} + bool match; -/** - * Free a X.509 attribute certificate - */ -void free_acert(x509acert_t *ac) -{ - if (ac != NULL) + if (conn_attributes == NULL) { - free_ietfAttrList(ac->charging); - free_ietfAttrList(ac->groups); - free(ac->certificate.ptr); - free(ac); - } -} - -/** - * Free first X.509 attribute certificate in the chained list - */ -static void free_first_acert(void) -{ - x509acert_t *first = x509acerts; - x509acerts = first->next; - free_acert(first); -} - -/** - * Free all attribute certificates in the chained list - */ -void free_acerts(void) -{ - while (x509acerts != NULL) - free_first_acert(); -} - -/** - * Get a X.509 attribute certificate for a given holder - */ -x509acert_t* get_x509acert(chunk_t issuer, chunk_t serial) -{ - x509acert_t *ac = x509acerts; - x509acert_t *prev_ac = NULL; - - while (ac != NULL) - { - if (same_dn(issuer, ac->holderIssuer) - && same_serial(serial, ac->holderSerial)) - { - if (ac!= x509acerts) - { - /* bring the certificate up front */ - prev_ac->next = ac->next; - ac->next = x509acerts; - x509acerts = ac; - } - return ac; - } - prev_ac = ac; - ac = ac->next; - } - return NULL; -} - -/** - * Add a X.509 attribute certificate to the chained list - */ -static void add_acert(x509acert_t *ac) -{ - x509acert_t *old_ac = get_x509acert(ac->holderIssuer, ac->holderSerial); - - if (old_ac != NULL) - { - if (ac->notBefore >old_ac->notBefore) - { - /* delete the old attribute cert */ - free_first_acert(); - DBG(DBG_CONTROL, - DBG_log("attribute cert is newer - existing cert deleted") - ) - } - else - { - DBG(DBG_CONTROL, - DBG_log("attribute cert is not newer - existing cert kept"); - ) - free_acert(ac); - return; - } + return TRUE; } - plog("attribute cert added"); - /* insert new attribute cert at the root of the chain */ - ac->next = x509acerts; - x509acerts = ac; -} + match = conn_attributes->matches(conn_attributes, peer_attributes); + DBG1("%s: peer with attributes '%s' is %sa member of the groups '%s'", + conn, peer_attributes->get_string(peer_attributes), + match ? "" : "not ", conn_attributes->get_string(conn_attributes)); -/** - * Verify the validity of an attribute certificate by - * checking the notBefore and notAfter dates - */ -static err_t check_ac_validity(const x509acert_t *ac) -{ - time_t current_time; - - time(¤t_time); - DBG(DBG_CONTROL | DBG_PARSING, - DBG_log(" not before : %T", &ac->notBefore, TRUE); - DBG_log(" current time: %T", ¤t_time, TRUE); - DBG_log(" not after : %T", &ac->notAfter, TRUE); - ) - - if (current_time < ac->notBefore) - return "attribute certificate is not valid yet"; - if (current_time > ac->notAfter) - return "attribute certificate has expired"; - else - return NULL; + return match; } /** - * verifies a X.509 attribute certificate + * Loads X.509 attribute certificates */ -bool verify_x509acert(x509acert_t *ac, bool strict) +void ac_load_certs(void) { - u_char buf[BUF_LEN]; - x509cert_t *aacert; - err_t ugh = NULL; - time_t valid_until = ac->notAfter; - - DBG(DBG_CONTROL, - dntoa(buf, BUF_LEN, ac->entityName); - DBG_log("holder: '%s'",buf); - dntoa(buf, BUF_LEN, ac->issuerName); - DBG_log("issuer: '%s'",buf); - ) - - ugh = check_ac_validity(ac); - - if (ugh != NULL) - { - plog("%s", ugh); - return FALSE; - } - DBG(DBG_CONTROL, - DBG_log("attribute certificate is valid") - ) + enumerator_t *enumerator; + struct stat st; + char *file; - lock_authcert_list("verify_x509acert"); - aacert = get_authcert(ac->issuerName, ac->authKeySerialNumber - , ac->authKeyID, AUTH_AA); - unlock_authcert_list("verify_x509acert"); - - if (aacert == NULL) - { - plog("issuer aacert not found"); - return FALSE; - } - DBG(DBG_CONTROL, - DBG_log("issuer aacert found") - ) + DBG1("loading attribute certificates from '%s'", A_CERT_PATH); - if (!x509_check_signature(ac->certificateInfo, ac->signature, ac->algorithm, - aacert)) + enumerator = enumerator_create_directory(A_CERT_PATH); + if (!enumerator) { - plog("attribute certificate signature is invalid"); - return FALSE; + return; } - DBG(DBG_CONTROL, - DBG_log("attribute certificate signature is valid"); - ) - - return verify_x509cert(aacert, strict, &valid_until); -} - -/** - * Loads X.509 attribute certificates - */ -void load_acerts(void) -{ - u_char buf[BUF_LEN]; - - /* change directory to specified path */ - u_char *save_dir = getcwd(buf, BUF_LEN); - if (!chdir(A_CERT_PATH)) + while (enumerator->enumerate(enumerator, NULL, &file, &st)) { - struct dirent **filelist; - int n; + certificate_t *cert; - plog("Changing to directory '%s'",A_CERT_PATH); - n = scandir(A_CERT_PATH, &filelist, file_select, alphasort); - - if (n > 0) + if (!S_ISREG(st.st_mode)) { - while (n--) - { - chunk_t blob = chunk_empty; - bool pgp = FALSE; - - if (load_coded_file(filelist[n]->d_name, NULL, "acert", &blob, &pgp)) - { - x509acert_t *ac = malloc_thing(x509acert_t); - - *ac = empty_ac; - - if (parse_ac(blob, ac) - && verify_x509acert(ac, FALSE)) - add_acert(ac); - else - free_acert(ac); - } - free(filelist[n]); - } - free(filelist); + /* skip special file */ + continue; } - } - /* restore directory path */ - ignore_result(chdir(save_dir)); -} - -/** - * lists group attributes separated by commas on a single line - */ -void format_groups(const ietfAttrList_t *list, char *buf, int len) -{ - bool first_group = TRUE; - - while (list != NULL && len > 0) - { - ietfAttr_t *attr = list->attr; - - if (attr->kind == IETF_ATTRIBUTE_OCTETS - || attr->kind == IETF_ATTRIBUTE_STRING) + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, + BUILD_FROM_FILE, file, BUILD_END); + if (cert) { - int written = snprintf(buf, len, "%s%.*s" - , (first_group)? "" : ", " - , (int)attr->value.len, attr->value.ptr); - - first_group = FALSE; - - /* return value of snprintf() up to glibc 2.0.6 */ - if (written < 0) - break; - - buf += written; - len -= written; + DBG1(" loaded attribute certificate from '%s'", file); + ac_add_cert(cert); } - list = list->next; } + enumerator->destroy(enumerator); } /** - * list all X.509 attribute certificates in the chained list + * List all X.509 attribute certificates in the chained list */ -void list_acerts(bool utc) +void ac_list_certs(bool utc) { - x509acert_t *ac = x509acerts; + enumerator_t *enumerator; + certificate_t *cert; time_t now; /* determine the current time */ time(&now); - if (ac != NULL) + if (acerts->get_count(acerts) > 0) { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of X.509 Attribute Certificates:"); - whack_log(RC_COMMENT, " "); } - while (ac != NULL) + enumerator = acerts->create_enumerator(acerts); + while (enumerator->enumerate(enumerator, &cert)) { - u_char buf[BUF_LEN]; + ac_t *ac = (ac_t*)cert; + identification_t *entityName, *holderIssuer, *issuer; + chunk_t holderSerial, serial, authKeyID; + time_t notBefore, notAfter; + ietf_attributes_t *groups; - whack_log(RC_COMMENT, "%T", &ac->installed, utc); - if (ac->entityName.ptr != NULL) - { - dntoa(buf, BUF_LEN, ac->entityName); - whack_log(RC_COMMENT, " holder: '%s'", buf); - } - if (ac->holderIssuer.ptr != NULL) - { - dntoa(buf, BUF_LEN, ac->holderIssuer); - whack_log(RC_COMMENT, " hissuer: '%s'", buf); - } - if (ac->holderSerial.ptr != NULL) + whack_log(RC_COMMENT, " "); + + entityName = cert->get_subject(cert); + if (entityName) { - datatot(ac->holderSerial.ptr, ac->holderSerial.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " hserial: %s", buf); + whack_log(RC_COMMENT, " holder: \"%Y\"", entityName); } - if (ac->groups != NULL) + + holderIssuer = ac->get_holderIssuer(ac); + if (holderIssuer) { - format_groups(ac->groups, buf, BUF_LEN); - whack_log(RC_COMMENT, " groups: %s", buf); + whack_log(RC_COMMENT, " hissuer: \"%Y\"", holderIssuer); } - dntoa(buf, BUF_LEN, ac->issuerName); - whack_log(RC_COMMENT, " issuer: '%s'", buf); - datatot(ac->serialNumber.ptr, ac->serialNumber.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " serial: %s", buf); - whack_log(RC_COMMENT, " validity: not before %T %s", - &ac->notBefore, utc, - (ac->notBefore < now)?"ok":"fatal (not valid yet)"); - whack_log(RC_COMMENT, " not after %T %s", - &ac->notAfter, utc, - check_expiry(ac->notAfter, ACERT_WARNING_INTERVAL, TRUE)); - if (ac->authKeyID.ptr != NULL) + + holderSerial = ac->get_holderSerial(ac); + if (holderSerial.ptr) { - datatot(ac->authKeyID.ptr, ac->authKeyID.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " authkey: %s", buf); + whack_log(RC_COMMENT, " hserial: %#B", &holderSerial); } - if (ac->authKeySerialNumber.ptr != NULL) + + groups = ac->get_groups(ac); + if (groups) { - datatot(ac->authKeySerialNumber.ptr, ac->authKeySerialNumber.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " aserial: %s", buf); + whack_log(RC_COMMENT, " groups: %s", groups->get_string(groups)); + groups->destroy(groups); } - ac = ac->next; - } -} + issuer = cert->get_issuer(cert); + whack_log(RC_COMMENT, " issuer: \"%Y\"", issuer); -/** - * list all group attributes in alphabetical order - */ -void list_groups(bool utc) -{ - ietfAttrList_t *list = ietfAttributes; - - if (list != NULL) - { - whack_log(RC_COMMENT, " "); - whack_log(RC_COMMENT, "List of Group Attributes:"); - whack_log(RC_COMMENT, " "); - } + serial = ac->get_serial(ac); + whack_log(RC_COMMENT, " serial: %#B", &serial); - while (list != NULL) - { - ietfAttr_t *attr = list->attr; + cert->get_validity(cert, &now, ¬Before, ¬After); + whack_log(RC_COMMENT, " validity: not before %T %s", + ¬Before, utc, + (notBefore < now)?"ok":"fatal (not valid yet)"); + whack_log(RC_COMMENT, " not after %T %s", ¬After, utc, + check_expiry(notAfter, ACERT_WARNING_INTERVAL, TRUE)); - whack_log(RC_COMMENT, "%T, count: %d", &attr->installed, utc, attr->count); - - switch (attr->kind) + authKeyID = ac->get_authKeyIdentifier(ac); + if (authKeyID.ptr) { - case IETF_ATTRIBUTE_OCTETS: - case IETF_ATTRIBUTE_STRING: - whack_log(RC_COMMENT, " %.*s", (int)attr->value.len, attr->value.ptr); - break; - case IETF_ATTRIBUTE_OID: - whack_log(RC_COMMENT, " OID"); - break; - default: - break; + whack_log(RC_COMMENT, " authkey: %#B", &authKeyID); } - - list = list->next; } + enumerator->destroy(enumerator); } + diff --git a/src/pluto/ac.h b/src/pluto/ac.h index bee016143..d4e0c1590 100644 --- a/src/pluto/ac.h +++ b/src/pluto/ac.h @@ -1,7 +1,7 @@ /* Support of X.509 attribute certificates * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler * Copyright (C) 2003 Martin Berner, Lukas Suter - + * Copyright (C) 2009 Andreas Steffen * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -17,85 +17,23 @@ #ifndef _AC_H #define _AC_H -/* definition of ietfAttribute kinds */ - -typedef enum { - IETF_ATTRIBUTE_OCTETS = 0, - IETF_ATTRIBUTE_OID = 1, - IETF_ATTRIBUTE_STRING = 2 -} ietfAttribute_t; - -/* access structure for an ietfAttribute */ - -typedef struct ietfAttr ietfAttr_t; - -struct ietfAttr { - time_t installed; - int count; - ietfAttribute_t kind; - chunk_t value; -}; - -typedef struct ietfAttrList ietfAttrList_t; - -struct ietfAttrList { - ietfAttrList_t *next; - ietfAttr_t *attr; -}; - +#include +#include +#include /* access structure for an X.509 attribute certificate */ -typedef struct x509acert x509acert_t; - -struct x509acert { - x509acert_t *next; - time_t installed; - chunk_t certificate; - chunk_t certificateInfo; - u_int version; - /* holder */ - /* baseCertificateID */ - chunk_t holderIssuer; - chunk_t holderSerial; - chunk_t entityName; - /* v2Form */ - chunk_t issuerName; - /* signature */ - int sigAlg; - chunk_t serialNumber; - /* attrCertValidityPeriod */ - time_t notBefore; - time_t notAfter; - /* attributes */ - ietfAttrList_t *charging; - ietfAttrList_t *groups; - /* extensions */ - chunk_t authKeyID; - chunk_t authKeySerialNumber; - bool noRevAvail; - /* signatureAlgorithm */ - int algorithm; - chunk_t signature; -}; +extern void ac_initialize(void); +extern void ac_finalize(void); +extern void ac_load_certs(void); +extern void ac_list_certs(bool utc); -/* used for initialization */ -extern const x509acert_t empty_ac; +extern certificate_t* ac_get_cert(identification_t *issuer, chunk_t serial); -extern void unshare_ietfAttrList(ietfAttrList_t **listp); -extern void free_ietfAttrList(ietfAttrList_t *list); -extern void decode_groups(char *groups, ietfAttrList_t **listp); -extern bool group_membership(const ietfAttrList_t *my_list - , const char *conn, const ietfAttrList_t *conn_list); -extern bool parse_ac(chunk_t blob, x509acert_t *ac); -extern bool verify_x509acert(x509acert_t *ac, bool strict); -extern x509acert_t* get_x509acert(chunk_t issuer, chunk_t serial); -extern void load_acerts(void); -extern void free_acert(x509acert_t *ac); -extern void free_acerts(void); -extern void list_acerts(bool utc); -extern void list_groups(bool utc); -extern void format_groups(const ietfAttrList_t *list, char *buf, int len); +extern bool ac_verify_cert(certificate_t *ac, bool strict); +extern bool match_group_membership(ietf_attributes_t *peer_attributes, + char *conn, + ietf_attributes_t *conn_attributes); -#endif /* _AH_H */ +#endif /* _AC_H */ diff --git a/src/pluto/alg_info.c b/src/pluto/alg_info.c index c25418fc1..edecf14c6 100644 --- a/src/pluto/alg_info.c +++ b/src/pluto/alg_info.c @@ -51,19 +51,13 @@ int alg_info_esp_aa2sadb(int auth) { int sadb_aalg = 0; - switch(auth) { + switch(auth) + { case AUTH_ALGORITHM_HMAC_MD5: case AUTH_ALGORITHM_HMAC_SHA1: sadb_aalg = auth + 1; break; - case AUTH_ALGORITHM_HMAC_SHA2_256: - case AUTH_ALGORITHM_HMAC_SHA2_384: - case AUTH_ALGORITHM_HMAC_SHA2_512: - case AUTH_ALGORITHM_HMAC_RIPEMD: - sadb_aalg = auth; - break; default: - /* loose ... */ sadb_aalg = auth; } return sadb_aalg; @@ -73,20 +67,13 @@ int alg_info_esp_sadb2aa(int sadb_aalg) { int auth = 0; - switch(sadb_aalg) { + switch(sadb_aalg) + { case SADB_AALG_MD5HMAC: case SADB_AALG_SHA1HMAC: auth = sadb_aalg - 1; break; - /* since they are the same ... :) */ - case AUTH_ALGORITHM_HMAC_SHA2_256: - case AUTH_ALGORITHM_HMAC_SHA2_384: - case AUTH_ALGORITHM_HMAC_SHA2_512: - case AUTH_ALGORITHM_HMAC_RIPEMD: - auth = sadb_aalg; - break; default: - /* loose ... */ auth = sadb_aalg; } return auth; @@ -133,7 +120,7 @@ static void __alg_info_esp_add(struct alg_info_esp *alg_info, int ealg_id, DBG(DBG_CRYPT, DBG_log("esp alg added: %s_%d/%s, cnt=%d", - enum_show(&esp_transformid_names, ealg_id), ek_bits, + enum_show(&esp_transform_names, ealg_id), ek_bits, enum_show(&auth_alg_names, aalg_id), alg_info->alg_info_cnt) ) @@ -238,12 +225,12 @@ static void __alg_info_ike_add (struct alg_info_ike *alg_info, int ealg_id, * merging alg_info (ike_info) contents */ -static int default_ike_groups[] = { +static int default_ike_groups[] = { MODP_1536_BIT, MODP_1024_BIT }; -/* +/* * Add IKE alg info _with_ logic (policy): */ static void alg_info_ike_add (struct alg_info *alg_info, int ealg_id, @@ -258,7 +245,7 @@ static void alg_info_ike_add (struct alg_info *alg_info, int ealg_id, n_groups=0; goto in_loop; } - + for (; n_groups--; i++) { modp_id = default_ike_groups[i]; @@ -372,7 +359,7 @@ static status_t alg_info_parse_str(struct alg_info *alg_info, char *alg_str) eat_whitespace(&string); - if (string.len > 0) + if (string.len > 0) { chunk_t alg; @@ -397,7 +384,7 @@ static status_t alg_info_parse_str(struct alg_info *alg_info, char *alg_str) { case PROTO_IPSEC_ESP: alg_info_esp_add(alg_info, ealg, ealg_keysize, - aalg, aalg_keysize); + aalg, aalg_keysize); break; case PROTO_ISAKMP: alg_info_ike_add(alg_info, ealg, ealg_keysize, @@ -461,12 +448,16 @@ struct alg_info_esp *alg_info_esp_create_from_str(char *alg_str) status = alg_info_parse_str((struct alg_info *)alg_info_esp, alg_str); out: - if (status != SUCCESS) + if (status == SUCCESS) + { + alg_info_esp->ref_cnt = 1; + return alg_info_esp; + } + else { free(alg_info_esp); - alg_info_esp = NULL; + return NULL; } - return alg_info_esp; } struct alg_info_ike *alg_info_ike_create_from_str(char *alg_str) @@ -481,12 +472,16 @@ struct alg_info_ike *alg_info_ike_create_from_str(char *alg_str) zero(alg_info_ike); alg_info_ike->alg_info_protoid = PROTO_ISAKMP; - if (alg_info_parse_str((struct alg_info *)alg_info_ike, alg_str) != SUCCESS) + if (alg_info_parse_str((struct alg_info *)alg_info_ike, alg_str) == SUCCESS) + { + alg_info_ike->ref_cnt = 1; + return alg_info_ike; + } + else { free(alg_info_ike); return NULL; } - return alg_info_ike; } /* @@ -494,7 +489,7 @@ struct alg_info_ike *alg_info_ike_create_from_str(char *alg_str) * several connections instances, * handle free() with ref_cnts */ -void +void alg_info_addref(struct alg_info *alg_info) { if (alg_info != NULL) @@ -529,7 +524,7 @@ alg_info_snprint(char *buf, int buflen, struct alg_info *alg_info) struct esp_info *esp_info; struct ike_info *ike_info; int cnt; - + switch (alg_info->alg_info_protoid) { case PROTO_IPSEC_ESP: { @@ -538,7 +533,7 @@ alg_info_snprint(char *buf, int buflen, struct alg_info *alg_info) ALG_INFO_ESP_FOREACH(alg_info_esp, esp_info, cnt) { np = snprintf(ptr, buflen, "%s", - enum_show(&esp_transformid_names, esp_info->esp_ealg_id)); + enum_show(&esp_transform_names, esp_info->esp_ealg_id)); ptr += np; buflen -= np; if (esp_info->esp_ealg_keylen) @@ -608,7 +603,7 @@ out: , "buffer space exhausted in alg_info_snprint_ike(), buflen=%d" , buflen); } - + return ptr - buf; } diff --git a/src/pluto/alg_info.h b/src/pluto/alg_info.h index fcf7efca0..85b88ddff 100644 --- a/src/pluto/alg_info.h +++ b/src/pluto/alg_info.h @@ -74,7 +74,7 @@ extern int alg_info_snprint_esp(char *buf, int buflen extern int alg_info_snprint_ike(char *buf, int buflen , struct alg_info_ike *alg_info); #define ALG_INFO_ESP_FOREACH(ai, ai_esp, i) \ - for (i=(ai)->alg_info_cnt,ai_esp=(ai)->esp; i--; ai_esp++) + for (i=(ai)->alg_info_cnt,ai_esp=(ai)->esp; i--; ai_esp++) #define ALG_INFO_IKE_FOREACH(ai, ai_ike, i) \ - for (i=(ai)->alg_info_cnt,ai_ike=(ai)->ike; i--; ai_ike++) + for (i=(ai)->alg_info_cnt,ai_ike=(ai)->ike; i--; ai_ike++) #endif /* ALG_INFO_H */ diff --git a/src/pluto/builder.c b/src/pluto/builder.c new file mode 100644 index 000000000..0cba32bcf --- /dev/null +++ b/src/pluto/builder.c @@ -0,0 +1,150 @@ +/* Pluto certificate/CRL/AC builder hooks. + * Copyright (C) 2002-2009 Andreas Steffen + * Copyright (C) 2009 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "builder.h" + +#include +#include +#include +#include +#include + +#include + +#include +#include + +#include "constants.h" +#include "defs.h" +#include "log.h" +#include "certs.h" +#include "crl.h" + +/** + * Load a certificate + */ +static cert_t *builder_load_cert(certificate_type_t type, va_list args) +{ + x509_flag_t flags = 0; + chunk_t blob = chunk_empty; + bool pgp = FALSE; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_PGP: + pgp = TRUE; + /* FALL */ + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_X509_FLAG: + flags |= va_arg(args, x509_flag_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (blob.ptr) + { + cert_t *cert = malloc_thing(cert_t); + + *cert = cert_empty; + + if (pgp) + { + cert->cert = lib->creds->create(lib->creds, + CRED_CERTIFICATE, CERT_GPG, + BUILD_BLOB_PGP, blob, + BUILD_END); + } + else + { + cert->cert = lib->creds->create(lib->creds, + CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, blob, + BUILD_X509_FLAG, flags, + BUILD_END); + } + if (cert->cert) + { + return cert; + } + plog(" error in X.509 certificate"); + cert_free(cert); + } + return NULL; +} + +/** + * Load a CRL + */ +static x509crl_t *builder_load_crl(certificate_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + x509crl_t *crl; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (blob.ptr) + { + crl = malloc_thing(x509crl_t); + crl->next = NULL; + crl->distributionPoints = linked_list_create(); + crl->crl = lib->creds->create(lib->creds, + CRED_CERTIFICATE, CERT_X509_CRL, + BUILD_BLOB_ASN1_DER, blob, + BUILD_END); + if (crl->crl) + { + return crl; + } + plog(" error in X.509 crl"); + free_crl(crl); + } + return NULL; +} + +void init_builder(void) +{ + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, + (builder_function_t)builder_load_cert); + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, + (builder_function_t)builder_load_crl); +} + +void free_builder(void) +{ + lib->creds->remove_builder(lib->creds, (builder_function_t)builder_load_cert); + lib->creds->remove_builder(lib->creds, (builder_function_t)builder_load_crl); +} + diff --git a/src/pluto/builder.h b/src/pluto/builder.h new file mode 100644 index 000000000..784751b7c --- /dev/null +++ b/src/pluto/builder.h @@ -0,0 +1,24 @@ +/* Pluto certificate/CRL/AC builder hooks. + * Copyright (C) 2009 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef _BUILDER_H +#define _BUILDER_H + +/* register credential builder hooks */ +extern void init_builder(); +/* unregister credential builder hooks */ +extern void free_builder(); + +#endif /* _BUILDER_H */ diff --git a/src/pluto/ca.c b/src/pluto/ca.c index 4fdb8cfe7..e25e7f6f5 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -15,11 +15,14 @@ #include #include #include -#include -#include #include +#include #include +#include +#include +#include + #include #include "constants.h" @@ -34,21 +37,7 @@ /* chained list of X.509 authority certificates (ca, aa, and ocsp) */ -static x509cert_t *x509authcerts = NULL; - -const ca_info_t empty_ca_info = { - NULL , /* next */ - NULL , /* name */ - UNDEFINED_TIME, - { NULL, 0 } , /* authName */ - { NULL, 0 } , /* authKeyID */ - { NULL, 0 } , /* authKey SerialNumber */ - NULL , /* ldaphost */ - NULL , /* ldapbase */ - NULL , /* ocspori */ - NULL , /* crluri */ - FALSE /* strictcrlpolicy */ -}; +static cert_t *x509authcerts = NULL; /* chained list of X.509 certification authority information records */ @@ -57,53 +46,71 @@ static ca_info_t *ca_infos = NULL; /* * Checks if CA a is trusted by CA b */ -bool -trusted_ca(chunk_t a, chunk_t b, int *pathlen) +bool trusted_ca(identification_t *a, identification_t *b, int *pathlen) { bool match = FALSE; /* no CA b specified -> any CA a is accepted */ - if (b.ptr == NULL) + if (b == NULL) { - *pathlen = (a.ptr == NULL)? 0 : MAX_CA_PATH_LEN; + *pathlen = (a == NULL) ? 0 : X509_MAX_PATH_LEN; return TRUE; } /* no CA a specified -> trust cannot be established */ - if (a.ptr == NULL) + if (a == NULL) { - *pathlen = MAX_CA_PATH_LEN; + *pathlen = X509_MAX_PATH_LEN; return FALSE; } *pathlen = 0; /* CA a equals CA b -> we have a match */ - if (same_dn(a, b)) + if (a->equals(a, b)) + { return TRUE; + } /* CA a might be a subordinate CA of b */ lock_authcert_list("trusted_ca"); - while ((*pathlen)++ < MAX_CA_PATH_LEN) + while ((*pathlen)++ < X509_MAX_PATH_LEN) { - x509cert_t *cacert = get_authcert(a, chunk_empty, chunk_empty, AUTH_CA); + certificate_t *certificate; + identification_t *issuer; + cert_t *cacert; - /* cacert not found or self-signed root cacert-> exit */ - if (cacert == NULL || same_dn(cacert->issuer, a)) + cacert = get_authcert(a, chunk_empty, X509_CA); + if (cacert == NULL) + { break; + } + certificate = cacert->cert; + + /* is the certificate self-signed? */ + { + x509_t *x509 = (x509_t*)certificate; + + if (x509->get_flags(x509) & X509_SELF_SIGNED) + { + break; + } + } /* does the issuer of CA a match CA b? */ - match = same_dn(cacert->issuer, b); + issuer = certificate->get_issuer(certificate); + match = b->equals(b, issuer); /* we have a match and exit the loop */ if (match) + { break; - + } /* go one level up in the CA chain */ - a = cacert->issuer; + a = issuer; } - + unlock_authcert_list("trusted_ca"); return match; } @@ -111,33 +118,36 @@ trusted_ca(chunk_t a, chunk_t b, int *pathlen) /* * does our CA match one of the requested CAs? */ -bool -match_requested_ca(generalName_t *requested_ca, chunk_t our_ca, int *our_pathlen) +bool match_requested_ca(linked_list_t *requested_ca, identification_t *our_ca, + int *our_pathlen) { + identification_t *ca; + enumerator_t *enumerator; + /* if no ca is requested than any ca will match */ - if (requested_ca == NULL) + if (requested_ca == NULL || requested_ca->get_count(requested_ca) == 0) { *our_pathlen = 0; return TRUE; } - *our_pathlen = MAX_CA_PATH_LEN + 1; + *our_pathlen = X509_MAX_PATH_LEN + 1; - while (requested_ca != NULL) + enumerator = requested_ca->create_enumerator(requested_ca); + while (enumerator->enumerate(enumerator, &ca)) { int pathlen; - if (trusted_ca(our_ca, requested_ca->name, &pathlen) - && pathlen < *our_pathlen) + if (trusted_ca(our_ca, ca, &pathlen) && pathlen < *our_pathlen) { *our_pathlen = pathlen; } - requested_ca = requested_ca->next; } + enumerator->destroy(enumerator); - if (*our_pathlen > MAX_CA_PATH_LEN) + if (*our_pathlen > X509_MAX_PATH_LEN) { - *our_pathlen = MAX_CA_PATH_LEN; + *our_pathlen = X509_MAX_PATH_LEN; return FALSE; } else @@ -149,55 +159,80 @@ match_requested_ca(generalName_t *requested_ca, chunk_t our_ca, int *our_pathlen /* * free the first authority certificate in the chain */ -static void -free_first_authcert(void) +static void free_first_authcert(void) { - x509cert_t *first = x509authcerts; + cert_t *first = x509authcerts; + x509authcerts = first->next; - free_x509cert(first); + cert_free(first); } /* * free all CA certificates */ -void -free_authcerts(void) +void free_authcerts(void) { lock_authcert_list("free_authcerts"); while (x509authcerts != NULL) + { free_first_authcert(); - + } unlock_authcert_list("free_authcerts"); } /* * get a X.509 authority certificate with a given subject or keyid */ -x509cert_t* -get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid, u_char auth_flags) +cert_t* get_authcert(identification_t *subject, chunk_t keyid, + x509_flag_t auth_flags) { - x509cert_t *cert = x509authcerts; - x509cert_t *prev_cert = NULL; + cert_t *cert, *prev_cert = NULL; + + /* the authority certificate list is empty */ + if (x509authcerts == NULL) + { + return NULL; + } - while (cert != NULL) + for (cert = x509authcerts; cert != NULL; prev_cert = cert, cert = cert->next) { - if (cert->authority_flags & auth_flags - && ((keyid.ptr != NULL) ? same_keyid(keyid, cert->subjectKeyID) - : (same_dn(subject, cert->subject) - && same_serial(serial, cert->serialNumber)))) + certificate_t *certificate = cert->cert; + x509_t *x509 = (x509_t*)certificate; + + /* skip non-matching types of authority certificates */ + if (!(x509->get_flags(x509) & auth_flags)) + { + continue; + } + + /* compare the keyid with the certificate's subjectKeyIdentifier */ + if (keyid.ptr) { - if (cert != x509authcerts) + chunk_t subjectKeyId; + + subjectKeyId = x509->get_subjectKeyIdentifier(x509); + if (subjectKeyId.ptr && !chunk_equals(keyid, subjectKeyId)) { - /* bring the certificate up front */ - prev_cert->next = cert->next; - cert->next = x509authcerts; - x509authcerts = cert; + continue; } - return cert; } - prev_cert = cert; - cert = cert->next; + + /* compare the subjectDistinguishedNames */ + if (!certificate->has_subject(certificate, subject)) + { + continue; + } + + /* found the authcert */ + if (cert != x509authcerts) + { + /* bring the certificate up front */ + prev_cert->next = cert->next; + cert->next = x509authcerts; + x509authcerts = cert; + } + return cert; } return NULL; } @@ -205,31 +240,27 @@ get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid, u_char auth_flags) /* * add an authority certificate to the chained list */ -x509cert_t* -add_authcert(x509cert_t *cert, u_char auth_flags) +cert_t* add_authcert(cert_t *cert, x509_flag_t auth_flags) { - x509cert_t *old_cert; - - /* set authority flags */ - cert->authority_flags |= auth_flags; + certificate_t *certificate = cert->cert; + x509_t *x509 = (x509_t*)certificate; + cert_t *old_cert; lock_authcert_list("add_authcert"); - old_cert = get_authcert(cert->subject, cert->serialNumber - , cert->subjectKeyID, auth_flags); - - if (old_cert != NULL) + old_cert = get_authcert(certificate->get_subject(certificate), + x509->get_subjectKeyIdentifier(x509), + auth_flags); + if (old_cert) { - if (same_x509cert(cert, old_cert)) + if (certificate->equals(certificate, old_cert->cert)) { - /* cert is already present, just add additional authority flags */ - old_cert->authority_flags |= cert->authority_flags; DBG(DBG_CONTROL | DBG_PARSING , DBG_log(" authcert is already present and identical") ) unlock_authcert_list("add_authcert"); - free_x509cert(cert); + cert_free(cert); return old_cert; } else @@ -245,7 +276,7 @@ add_authcert(x509cert_t *cert, u_char auth_flags) /* add new authcert to chained list */ cert->next = x509authcerts; x509authcerts = cert; - share_x509cert(cert); /* set count to one */ + cert_share(cert); /* set count to one */ DBG(DBG_CONTROL | DBG_PARSING, DBG_log(" authcert inserted") ) @@ -256,51 +287,43 @@ add_authcert(x509cert_t *cert, u_char auth_flags) /* * Loads authority certificates */ -void -load_authcerts(const char *type, const char *path, u_char auth_flags) +void load_authcerts(char *type, char *path, x509_flag_t auth_flags) { - struct dirent **filelist; - u_char buf[BUF_LEN]; - u_char *save_dir; - int n; + enumerator_t *enumerator; + struct stat st; + char *file; - /* change directory to specified path */ - save_dir = getcwd(buf, BUF_LEN); + DBG1("loading %s certificates from '%s'", type, path); - if (chdir(path)) + enumerator = enumerator_create_directory(path); + if (!enumerator) { - plog("Could not change to directory '%s'", path); + DBG1(" reading directory '%s' failed"); + return; } - else + + while (enumerator->enumerate(enumerator, NULL, &file, &st)) { - plog("Changing to directory '%s'", path); - n = scandir(path, &filelist, file_select, alphasort); + cert_t *cert; - if (n < 0) - plog(" scandir() error"); - else + if (!S_ISREG(st.st_mode)) { - while (n--) - { - cert_t cert; - - if (load_cert(filelist[n]->d_name, type, &cert)) - add_authcert(cert.u.x509, auth_flags); - - free(filelist[n]); - } - free(filelist); + /* skip special file */ + continue; + } + cert = load_cert(file, type, auth_flags); + if (cert) + { + add_authcert(cert, auth_flags); } } - /* restore directory path */ - ignore_result(chdir(save_dir)); + enumerator->destroy(enumerator); } /* * list all X.509 authcerts with given auth flags in a chained list */ -void -list_authcerts(const char *caption, u_char auth_flags, bool utc) +void list_authcerts(const char *caption, x509_flag_t auth_flags, bool utc) { lock_authcert_list("list_authcerts"); list_x509cert_chain(caption, x509authcerts, auth_flags, utc); @@ -310,19 +333,38 @@ list_authcerts(const char *caption, u_char auth_flags, bool utc) /* * get a cacert with a given subject or keyid from an alternative list */ -static const x509cert_t* -get_alt_cacert(chunk_t subject, chunk_t serial, chunk_t keyid - , const x509cert_t *cert) +static const cert_t* get_alt_cacert(identification_t *subject, chunk_t keyid, + const cert_t *cert) { - while (cert != NULL) + if (cert == NULL) { - if ((keyid.ptr != NULL) ? same_keyid(keyid, cert->subjectKeyID) - : (same_dn(subject, cert->subject) - && same_serial(serial, cert->serialNumber))) + return NULL; + } + for (; cert != NULL; cert = cert->next) + { + certificate_t *certificate = cert->cert; + + /* compare the keyid with the certificate's subjectKeyIdentifier */ + if (keyid.ptr) + { + x509_t *x509 = (x509_t*)certificate; + chunk_t subjectKeyId; + + subjectKeyId = x509->get_subjectKeyIdentifier(x509); + if (subjectKeyId.ptr && !chunk_equals(keyid, subjectKeyId)) + { + continue; + } + } + + /* compare the subjectDistinguishedNames */ + if (!certificate->has_subject(certificate, subject)) { - return cert; + continue; } - cert = cert->next; + + /* we found the cacert */ + return cert; } return NULL; } @@ -330,34 +372,32 @@ get_alt_cacert(chunk_t subject, chunk_t serial, chunk_t keyid /* establish trust into a candidate authcert by going up the trust chain. * validity and revocation status are not checked. */ -bool -trust_authcert_candidate(const x509cert_t *cert, const x509cert_t *alt_chain) +bool trust_authcert_candidate(const cert_t *cert, const cert_t *alt_chain) { int pathlen; lock_authcert_list("trust_authcert_candidate"); - for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++) + for (pathlen = 0; pathlen < X509_MAX_PATH_LEN; pathlen++) { - const x509cert_t *authcert = NULL; - u_char buf[BUF_LEN]; + certificate_t *certificate = cert->cert; + x509_t *x509 = (x509_t*)certificate; + identification_t *subject = certificate->get_subject(certificate); + identification_t *issuer = certificate->get_issuer(certificate); + chunk_t authKeyID = x509->get_authKeyIdentifier(x509); + const cert_t *authcert = NULL; DBG(DBG_CONTROL, - dntoa(buf, BUF_LEN, cert->subject); - DBG_log("subject: '%s'",buf); - dntoa(buf, BUF_LEN, cert->issuer); - DBG_log("issuer: '%s'",buf); - if (cert->authKeyID.ptr != NULL) + DBG_log("subject: '%Y'", subject); + DBG_log("issuer: '%Y'", issuer); + if (authKeyID.ptr != NULL) { - datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':' - , buf, BUF_LEN); - DBG_log("authkey: %s", buf); + DBG_log("authkey: %#B", &authKeyID); } ) /* search in alternative chain first */ - authcert = get_alt_cacert(cert->issuer, cert->authKeySerialNumber - , cert->authKeyID, alt_chain); + authcert = get_alt_cacert(issuer, authKeyID, alt_chain); if (authcert != NULL) { @@ -368,8 +408,7 @@ trust_authcert_candidate(const x509cert_t *cert, const x509cert_t *alt_chain) else { /* search in trusted chain */ - authcert = get_authcert(cert->issuer, cert->authKeySerialNumber - , cert->authKeyID, AUTH_CA); + authcert = get_authcert(issuer, authKeyID, X509_CA); if (authcert != NULL) { @@ -385,8 +424,7 @@ trust_authcert_candidate(const x509cert_t *cert, const x509cert_t *alt_chain) } } - if (!x509_check_signature(cert->tbsCertificate, cert->signature, - cert->algorithm, authcert)) + if (!certificate->issued_by(certificate, authcert->cert)) { plog("certificate signature is invalid"); unlock_authcert_list("trust_authcert_candidate"); @@ -397,7 +435,7 @@ trust_authcert_candidate(const x509cert_t *cert, const x509cert_t *alt_chain) ) /* check if cert is a self-signed root ca */ - if (pathlen > 0 && same_dn(cert->issuer, cert->subject)) + if (pathlen > 0 && (x509->get_flags(x509) & X509_SELF_SIGNED)) { DBG(DBG_CONTROL, DBG_log("reached self-signed root ca") @@ -409,7 +447,7 @@ trust_authcert_candidate(const x509cert_t *cert, const x509cert_t *alt_chain) /* go up one step in the trust chain */ cert = authcert; } - plog("maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN); + plog("maximum ca path length of %d levels exceeded", X509_MAX_PATH_LEN); unlock_authcert_list("trust_authcert_candidate"); return FALSE; } @@ -417,16 +455,14 @@ trust_authcert_candidate(const x509cert_t *cert, const x509cert_t *alt_chain) /* * get a CA info record with a given authName or authKeyID */ -ca_info_t* -get_ca_info(chunk_t authname, chunk_t serial, chunk_t keyid) +ca_info_t* get_ca_info(identification_t *name, chunk_t keyid) { ca_info_t *ca= ca_infos; - while (ca!= NULL) + while (ca != NULL) { - if ((keyid.ptr != NULL) ? same_keyid(keyid, ca->authKeyID) - : (same_dn(authname, ca->authName) - && same_serial(serial, ca->authKeySerialNumber))) + if ((keyid.ptr) ? same_keyid(keyid, ca->authKeyID) + : name->equals(name, ca->authName)) { return ca; } @@ -443,24 +479,23 @@ static void free_ca_info(ca_info_t* ca_info) { if (ca_info == NULL) + { return; - + } + ca_info->crluris->destroy_function(ca_info->crluris, free); + DESTROY_IF(ca_info->authName); free(ca_info->name); free(ca_info->ldaphost); free(ca_info->ldapbase); free(ca_info->ocspuri); - free(ca_info->authName.ptr); free(ca_info->authKeyID.ptr); - free(ca_info->authKeySerialNumber.ptr); - free_generalNames(ca_info->crluri, TRUE); free(ca_info); } /* * free all CA certificates */ -void -free_ca_infos(void) +void free_ca_infos(void) { while (ca_infos != NULL) { @@ -474,8 +509,7 @@ free_ca_infos(void) /* * find a CA information record by name and optionally delete it */ -bool -find_ca_info_by_name(const char *name, bool delete) +bool find_ca_info_by_name(const char *name, bool delete) { ca_info_t **ca_p = &ca_infos; ca_info_t *ca = *ca_p; @@ -501,16 +535,26 @@ find_ca_info_by_name(const char *name, bool delete) return FALSE; } +/* + * Create an empty ca_info_t record + */ +ca_info_t* create_ca_info(void) +{ + ca_info_t *ca_info = malloc_thing(ca_info_t); + + memset(ca_info, 0, sizeof(ca_info_t)); + ca_info->crluris = linked_list_create(); - /* - * adds a CA description to a chained list + return ca_info; +} + +/** + * Adds a CA description to a chained list */ -void -add_ca_info(const whack_message_t *msg) +void add_ca_info(const whack_message_t *msg) { smartcard_t *sc = NULL; - cert_t cert; - bool valid_cert = FALSE; + cert_t *cert = NULL; bool cached_cert = FALSE; if (find_ca_info_by_name(msg->name, FALSE)) @@ -522,60 +566,54 @@ add_ca_info(const whack_message_t *msg) if (scx_on_smartcard(msg->cacert)) { /* load CA cert from smartcard */ - valid_cert = scx_load_cert(msg->cacert, &sc, &cert, &cached_cert); + cert = scx_load_cert(msg->cacert, &sc, &cached_cert); } else { /* load CA cert from file */ - valid_cert = load_ca_cert(msg->cacert, &cert); + cert = load_ca_cert(msg->cacert); } - if (valid_cert) + if (cert) { - char buf[BUF_LEN]; - x509cert_t *cacert = cert.u.x509; + certificate_t *certificate = cert->cert; + x509_t *x509 = (x509_t*)certificate; + identification_t *subject = certificate->get_subject(certificate); + chunk_t subjectKeyID = x509->get_subjectKeyIdentifier(x509); ca_info_t *ca = NULL; /* does the authname already exist? */ - ca = get_ca_info(cacert->subject, cacert->serialNumber - , cacert->subjectKeyID); - + ca = get_ca_info(subject, subjectKeyID); + if (ca != NULL) { /* ca_info is already present */ loglog(RC_DUPNAME, " duplicate ca information in record \"%s\" found," "ignoring \"%s\"", ca->name, msg->name); - free_x509cert(cacert); + cert_free(cert); return; } plog("added ca description \"%s\"", msg->name); /* create and initialize new ca_info record */ - ca = malloc_thing(ca_info_t); - *ca = empty_ca_info; + ca = create_ca_info(); /* name */ ca->name = clone_str(msg->name); - + /* authName */ - ca->authName = chunk_clone(cacert->subject); - dntoa(buf, BUF_LEN, ca->authName); + ca->authName = subject->clone(subject); DBG(DBG_CONTROL, - DBG_log("authname: '%s'", buf) + DBG_log("authname: '%Y'", subject) ) - /* authSerialNumber */ - ca->authKeySerialNumber = chunk_clone(cacert->serialNumber); - /* authKeyID */ - if (cacert->subjectKeyID.ptr != NULL) + if (subjectKeyID.ptr) { - ca->authKeyID = chunk_clone(cacert->subjectKeyID); - datatot(cacert->subjectKeyID.ptr, cacert->subjectKeyID.len, ':' - , buf, BUF_LEN); + ca->authKeyID = chunk_clone(subjectKeyID); DBG(DBG_CONTROL | DBG_PARSING , - DBG_log("authkey: %s", buf) + DBG_log("authkey: %#B", &subjectKeyID) ) } @@ -594,23 +632,9 @@ add_ca_info(const whack_message_t *msg) plog(" ignoring ocspuri with unkown protocol"); } - /* crluri2*/ - if (msg->crluri2 != NULL) - { - generalName_t gn = - { NULL, GN_URI, {msg->crluri2, strlen(msg->crluri2)} }; - - add_distribution_points(&gn, &ca->crluri); - } - - /* crluri */ - if (msg->crluri != NULL) - { - generalName_t gn = - { NULL, GN_URI, {msg->crluri, strlen(msg->crluri)} }; - - add_distribution_points(&gn, &ca->crluri); - } + /* add crl uris */ + add_distribution_point(ca->crluris, msg->crluri); + add_distribution_point(ca->crluris, msg->crluri2); /* strictrlpolicy */ ca->strictcrlpolicy = msg->whack_strict; @@ -620,17 +644,19 @@ add_ca_info(const whack_message_t *msg) ca->next = ca_infos; ca_infos = ca; - ca->installed = time(NULL); - + unlock_ca_info_list("add_ca_info"); /* add cacert to list of authcerts */ + cert = add_authcert(cert, X509_CA); if (!cached_cert && sc != NULL) { - if (sc->last_cert.type == CERT_X509_SIGNATURE) - sc->last_cert.u.x509->count--; - sc->last_cert.u.x509 = add_authcert(cacert, AUTH_CA); - share_cert(sc->last_cert); + if (sc->last_cert != NULL) + { + sc->last_cert->count--; + } + sc->last_cert = cert; + cert_share(sc->last_cert); } if (sc != NULL) time(&sc->last_load); @@ -640,54 +666,46 @@ add_ca_info(const whack_message_t *msg) /* * list all ca_info records in the chained list */ -void -list_ca_infos(bool utc) +void list_ca_infos(bool utc) { ca_info_t *ca = ca_infos; - + if (ca != NULL) { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of X.509 CA Information Records:"); - whack_log(RC_COMMENT, " "); } while (ca != NULL) { - u_char buf[BUF_LEN]; - /* strictpolicy per CA not supported yet * whack_log(RC_COMMENT, "%T, \"%s\", strictcrlpolicy: %s" , &ca->installed, utc, ca->name , ca->strictcrlpolicy? "yes":"no"); */ - whack_log(RC_COMMENT, "%T, \"%s\"", &ca->installed, utc, ca->name); - dntoa(buf, BUF_LEN, ca->authName); - whack_log(RC_COMMENT, " authname: '%s'", buf); - if (ca->ldaphost != NULL) - whack_log(RC_COMMENT, " ldaphost: '%s'", ca->ldaphost); - if (ca->ldapbase != NULL) - whack_log(RC_COMMENT, " ldapbase: '%s'", ca->ldapbase); - if (ca->ocspuri != NULL) - whack_log(RC_COMMENT, " ocspuri: '%s'", ca->ocspuri); - - list_distribution_points(ca->crluri); - - if (ca->authKeyID.ptr != NULL) + whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, " authname: \"%Y\"", ca->authName); + if (ca->ldaphost) + { + whack_log(RC_COMMENT, " ldaphost: '%s'", ca->ldaphost); + } + if (ca->ldapbase) { - datatot(ca->authKeyID.ptr, ca->authKeyID.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " authkey: %s", buf); + whack_log(RC_COMMENT, " ldapbase: '%s'", ca->ldapbase); } - if (ca->authKeySerialNumber.ptr != NULL) + if (ca->ocspuri) { - datatot(ca->authKeySerialNumber.ptr, ca->authKeySerialNumber.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " aserial: %s", buf); + whack_log(RC_COMMENT, " ocspuri: '%s'", ca->ocspuri); + } + + list_distribution_points(ca->crluris); + + if (ca->authKeyID.ptr) + { + whack_log(RC_COMMENT, " authkey: %#B", &ca->authKeyID); } ca = ca->next; } } - diff --git a/src/pluto/ca.h b/src/pluto/ca.h index 44d079b4c..d964a694a 100644 --- a/src/pluto/ca.h +++ b/src/pluto/ca.h @@ -15,49 +15,39 @@ #ifndef _CA_H #define _CA_H -#include "x509.h" -#include "whack.h" - -#define MAX_CA_PATH_LEN 7 +#include +#include -/* authority flags */ - -#define AUTH_NONE 0x00 /* no authorities */ -#define AUTH_CA 0x01 /* certification authority */ -#define AUTH_AA 0x02 /* authorization authority */ -#define AUTH_OCSP 0x04 /* ocsp signing authority */ +#include "certs.h" +#include "whack.h" /* CA info structures */ typedef struct ca_info ca_info_t; struct ca_info { - ca_info_t *next; - char *name; - time_t installed; - chunk_t authName; - chunk_t authKeyID; - chunk_t authKeySerialNumber; - char *ldaphost; - char *ldapbase; - char *ocspuri; - generalName_t *crluri; - bool strictcrlpolicy; + ca_info_t *next; + char *name; + identification_t *authName; + chunk_t authKeyID; + char *ldaphost; + char *ldapbase; + char *ocspuri; + linked_list_t *crluris; + bool strictcrlpolicy; }; -extern bool trusted_ca(chunk_t a, chunk_t b, int *pathlen); -extern bool match_requested_ca(generalName_t *requested_ca - , chunk_t our_ca, int *our_pathlen); -extern x509cert_t* get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid - , u_char auth_flags); -extern void load_authcerts(const char *type, const char *path - , u_char auth_flags); -extern x509cert_t* add_authcert(x509cert_t *cert, u_char auth_flags); +extern bool trusted_ca(identification_t *a, identification_t *b, int *pathlen); +extern bool match_requested_ca(linked_list_t *requested_ca, + identification_t *our_ca, int *our_pathlen); +extern cert_t* get_authcert(identification_t *subject, chunk_t keyid, + x509_flag_t auth_flags); +extern void load_authcerts(char *type, char *path, x509_flag_t auth_flags); +extern cert_t* add_authcert(cert_t *cert, x509_flag_t auth_flags); extern void free_authcerts(void); -extern void list_authcerts(const char *caption, u_char auth_flags, bool utc); -extern bool trust_authcert_candidate(const x509cert_t *cert - , const x509cert_t *alt_chain); -extern ca_info_t* get_ca_info(chunk_t name, chunk_t serial, chunk_t keyid); +extern void list_authcerts(const char *caption, x509_flag_t auth_flags, bool utc); +extern bool trust_authcert_candidate(const cert_t *cert, const cert_t *alt_chain); +extern ca_info_t* get_ca_info(identification_t *name, chunk_t keyid); extern bool find_ca_info_by_name(const char *name, bool delete); extern void add_ca_info(const whack_message_t *msg); extern void delete_ca_info(const char *name); diff --git a/src/pluto/certs.c b/src/pluto/certs.c index ca3019b9b..8bce4c5c2 100644 --- a/src/pluto/certs.c +++ b/src/pluto/certs.c @@ -17,153 +17,166 @@ #include #include #include +#include +#include #include -#include "library.h" -#include "asn1/asn1.h" +#include +#include +#include +#include #include "constants.h" #include "defs.h" #include "log.h" -#include "id.h" -#include "pem.h" #include "certs.h" +#include "whack.h" +#include "fetch.h" +#include "keys.h" +#include "builder.h" /** - * used for initializatin of certs + * Initialization */ -const cert_t cert_empty = {CERT_NONE, {NULL}}; +const cert_t cert_empty = { + NULL , /* cert */ + NULL , /* *next */ + 0 , /* count */ + FALSE /* smartcard */ +}; /** - * extracts the certificate to be sent to the peer + * Chained lists of X.509 and PGP end entity certificates */ -chunk_t cert_get_encoding(cert_t cert) -{ - switch (cert.type) - { - case CERT_PGP: - return cert.u.pgp->certificate; - case CERT_X509_SIGNATURE: - return cert.u.x509->certificate; - default: - return chunk_empty; - } -} +static cert_t *certs = NULL; -public_key_t* cert_get_public_key(const cert_t cert) +/** + * Free a pluto certificate + */ +void cert_free(cert_t *cert) { - switch (cert.type) + if (cert) { - case CERT_PGP: - return cert.u.pgp->public_key; - break; - case CERT_X509_SIGNATURE: - return cert.u.x509->public_key; - break; - default: - return NULL; + certificate_t *certificate = cert->cert; + + if (certificate) + { + certificate->destroy(certificate); + } + free(cert); } } -/* load a coded key or certificate file with autodetection - * of binary DER or base64 PEM ASN.1 formats and armored PGP format +/** + * Add a pluto end entity certificate to the chained list */ -bool load_coded_file(char *filename, prompt_pass_t *pass, const char *type, - chunk_t *blob, bool *pgp) +cert_t* cert_add(cert_t *cert) { - err_t ugh = NULL; - - FILE *fd = fopen(filename, "r"); + certificate_t *certificate = cert->cert; + cert_t *c = certs; - if (fd) + while (c != NULL) { - int bytes; - fseek(fd, 0, SEEK_END ); - blob->len = ftell(fd); - rewind(fd); - blob->ptr = malloc(blob->len); - bytes = fread(blob->ptr, 1, blob->len, fd); - fclose(fd); - plog(" loaded %s file '%s' (%d bytes)", type, filename, bytes); - - *pgp = FALSE; - - /* try DER format */ - if (is_asn1(*blob)) + if (certificate->equals(certificate, c->cert)) /* already in chain, free cert */ { - DBG(DBG_PARSING, - DBG_log(" file coded in DER format"); - ) - return TRUE; + cert_free(cert); + return c; } + c = c->next; + } - /* try PEM format */ - ugh = pemtobin(blob, pass, filename, pgp); + /* insert new cert at the root of the chain */ + lock_certs_and_keys("cert_add"); + cert->next = certs; + certs = cert; + DBG(DBG_CONTROL | DBG_PARSING, + DBG_log(" cert inserted") + ) + unlock_certs_and_keys("cert_add"); + return cert; +} - if (ugh == NULL) - { - if (*pgp) - { - DBG(DBG_PARSING, - DBG_log(" file coded in armored PGP format"); - ) - return TRUE; - } - if (is_asn1(*blob)) - { - DBG(DBG_PARSING, - DBG_log(" file coded in PEM format"); - ) - return TRUE; - } - ugh = "file coded in unknown format, discarded"; - } +/** + * Passphrase callback to read from whack fd + */ +chunk_t whack_pass_cb(prompt_pass_t *pass, int try) +{ + int n; - /* a conversion error has occured */ - plog(" %s", ugh); - free(blob->ptr); - *blob = chunk_empty; + if (try > MAX_PROMPT_PASS_TRIALS) + { + whack_log(RC_LOG_SERIOUS, "invalid passphrase, too many trials"); + return chunk_empty; + } + if (try == 1) + { + whack_log(RC_ENTERSECRET, "need passphrase for 'private key'"); } else { - plog(" could not open %s file '%s'", type, filename); + whack_log(RC_ENTERSECRET, "invalid passphrase, please try again"); + } + + n = read(pass->fd, pass->secret, PROMPT_PASS_LEN); + + if (n == -1) + { + whack_log(RC_LOG_SERIOUS, "read(whackfd) failed"); + return chunk_empty; } - return FALSE; + + pass->secret[n-1] = '\0'; + + if (strlen(pass->secret) == 0) + { + whack_log(RC_LOG_SERIOUS, "no passphrase entered, aborted"); + return chunk_empty; + } + return chunk_create(pass->secret, strlen(pass->secret)); } /** - * Loads a PKCS#1 or PGP privatekey file + * Loads a PKCS#1 or PGP private key file */ private_key_t* load_private_key(char* filename, prompt_pass_t *pass, key_type_t type) { private_key_t *key = NULL; - chunk_t blob = chunk_empty; - bool pgp = FALSE; - - char *path = concatenate_paths(PRIVATE_KEY_PATH, filename); + char *path; - if (load_coded_file(path, pass, "private key", &blob, &pgp)) - { - if (pgp) - { - parse_pgp(blob, NULL, &key); - } - else + path = concatenate_paths(PRIVATE_KEY_PATH, filename); + if (pass && pass->prompt && pass->fd != NULL_FD) + { /* use passphrase callback */ + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_FROM_FILE, path, + BUILD_PASSPHRASE_CALLBACK, whack_pass_cb, pass, + BUILD_END); + if (key) { - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, - BUILD_BLOB_ASN1_DER, blob, BUILD_END); + whack_log(RC_SUCCESS, "valid passphrase"); } - if (key == NULL) - { - plog(" syntax error in %s private key file", pgp ? "PGP":"PKCS#"); - } - free(blob.ptr); + } + else if (pass) + { /* use a given passphrase */ + chunk_t password = chunk_create(pass->secret, strlen(pass->secret)); + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_FROM_FILE, path, + BUILD_PASSPHRASE, password, BUILD_END); + } + else + { /* no passphrase */ + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_FROM_FILE, path, BUILD_END); + + } + if (key) + { + plog(" loaded private key from '%s'", filename); } else { - plog(" error loading private key file"); + plog(" syntax error in private key file"); } return key; } @@ -171,125 +184,166 @@ private_key_t* load_private_key(char* filename, prompt_pass_t *pass, /** * Loads a X.509 or OpenPGP certificate */ -bool load_cert(char *filename, const char *label, cert_t *cert) +cert_t* load_cert(char *filename, const char *label, x509_flag_t flags) { - bool pgp = FALSE; - chunk_t blob = chunk_empty; - - /* initialize cert struct */ - cert->type = CERT_NONE; - cert->u.x509 = NULL; + cert_t *cert; - if (load_coded_file(filename, NULL, label, &blob, &pgp)) + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, + BUILD_FROM_FILE, filename, + BUILD_X509_FLAG, flags, + BUILD_END); + if (cert) { - if (pgp) - { - pgpcert_t *pgpcert = malloc_thing(pgpcert_t); - *pgpcert = pgpcert_empty; - if (parse_pgp(blob, pgpcert, NULL)) - { - cert->type = CERT_PGP; - cert->u.pgp = pgpcert; - return TRUE; - } - else - { - plog(" error in OpenPGP certificate"); - free_pgpcert(pgpcert); - return FALSE; - } - } - else - { - x509cert_t *x509cert = malloc_thing(x509cert_t); - *x509cert = empty_x509cert; - if (parse_x509cert(blob, 0, x509cert)) - { - cert->type = CERT_X509_SIGNATURE; - cert->u.x509 = x509cert; - return TRUE; - } - else - { - plog(" error in X.509 certificate"); - free_x509cert(x509cert); - return FALSE; - } - } + plog(" loaded %s certificate from '%s'", label, filename); } - return FALSE; + return cert; } /** * Loads a host certificate */ -bool load_host_cert(char *filename, cert_t *cert) +cert_t* load_host_cert(char *filename) { char *path = concatenate_paths(HOST_CERT_PATH, filename); - return load_cert(path, "host cert", cert); + return load_cert(path, "host", X509_NONE); } /** * Loads a CA certificate */ -bool load_ca_cert(char *filename, cert_t *cert) +cert_t* load_ca_cert(char *filename) { char *path = concatenate_paths(CA_CERT_PATH, filename); - return load_cert(path, "CA cert", cert); + return load_cert(path, "CA", X509_NONE); } /** - * establish equality of two certificates + * for each link pointing to the certificate increase the count by one */ -bool same_cert(const cert_t *a, const cert_t *b) +void cert_share(cert_t *cert) { - return a->type == b->type && a->u.x509 == b->u.x509; + if (cert != NULL) + { + cert->count++; + } +} + +/* release of a certificate decreases the count by one + * the certificate is freed when the counter reaches zero + */ +void cert_release(cert_t *cert) +{ + if (cert && --cert->count == 0) + { + cert_t **pp = &certs; + while (*pp != cert) + { + pp = &(*pp)->next; + } + *pp = cert->next; + cert_free(cert); + } } /** - * for each link pointing to the certificate increase the count by one + * Get a X.509 certificate with a given issuer found at a certain position */ -void share_cert(cert_t cert) +cert_t* get_x509cert(identification_t *issuer, chunk_t keyid, cert_t *chain) { - switch (cert.type) + cert_t *cert = chain ? chain->next : certs; + + while (cert) { - case CERT_PGP: - share_pgpcert(cert.u.pgp); - break; - case CERT_X509_SIGNATURE: - share_x509cert(cert.u.x509); - break; - default: - break; + certificate_t *certificate = cert->cert; + x509_t *x509 = (x509_t*)certificate; + chunk_t authKeyID = x509->get_authKeyIdentifier(x509); + + if (keyid.ptr ? same_keyid(keyid, authKeyID) : + certificate->has_issuer(certificate, issuer)) + { + return cert; + } + cert = cert->next; } + return NULL; } -/* release of a certificate decreases the count by one - " the certificate is freed when the counter reaches zero +/** + * List all PGP end certificates in a chained list */ -void -release_cert(cert_t cert) +void list_pgp_end_certs(bool utc) { - switch (cert.type) + cert_t *cert = certs; + time_t now = time(NULL); + bool first = TRUE; + + + while (cert != NULL) { - case CERT_PGP: - release_pgpcert(cert.u.pgp); - break; - case CERT_X509_SIGNATURE: - release_x509cert(cert.u.x509); - break; - default: - break; + certificate_t *certificate = cert->cert; + + if (certificate->get_type(certificate) == CERT_GPG) + { + time_t created, until; + public_key_t *key; + identification_t *userid = certificate->get_subject(certificate); + pgp_certificate_t *pgp_cert = (pgp_certificate_t*)certificate; + chunk_t fingerprint = pgp_cert->get_fingerprint(pgp_cert); + + if (first) + { + whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, "List of PGP End Entity Certificates:"); + first = false; + } + whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, " userid: '%Y'", userid); + whack_log(RC_COMMENT, " digest: %#B", &fingerprint); + + /* list validity */ + certificate->get_validity(certificate, &now, &created, &until); + whack_log(RC_COMMENT, " created: %T", &created, utc); + whack_log(RC_COMMENT, " until: %T %s%s", &until, utc, + check_expiry(until, CA_CERT_WARNING_INTERVAL, TRUE), + (until == TIME_32_BIT_SIGNED_MAX) ? " (expires never)":""); + + key = certificate->get_public_key(certificate); + if (key) + { + chunk_t keyid; + + whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", + key_type_names, key->get_type(key), + key->get_keysize(key) * BITS_PER_BYTE, + has_private_key(cert)? ", has private key" : ""); + if (key->get_fingerprint(key, KEY_ID_PUBKEY_INFO_SHA1, &keyid)) + { + whack_log(RC_COMMENT, " keyid: %#B", &keyid); + } + if (key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &keyid)) + { + whack_log(RC_COMMENT, " subjkey: %#B", &keyid); + } + } + } + cert = cert->next; } } -/* +/** + * List all X.509 end certificates in a chained list + */ +void list_x509_end_certs(bool utc) +{ + list_x509cert_chain("End Entity", certs, X509_NONE, utc); +} + +/** * list all X.509 and OpenPGP end certificates */ -void -list_certs(bool utc) +void cert_list(bool utc) { list_x509_end_certs(utc); list_pgp_end_certs(utc); diff --git a/src/pluto/certs.h b/src/pluto/certs.h index 0810c52fa..21e856a3c 100644 --- a/src/pluto/certs.h +++ b/src/pluto/certs.h @@ -18,9 +18,12 @@ #define _CERTS_H #include +#include +#include -#include "x509.h" -#include "pgpcert.h" +#include + +#include "defs.h" /* path definitions for private keys, end certs, * cacerts, attribute certs and crls @@ -43,16 +46,16 @@ #define CRL_WARNING_INTERVAL 7 /* days */ #define ACERT_WARNING_INTERVAL 1 /* day */ -/* certificate access structure - * currently X.509 and OpenPGP certificates are supported - */ -typedef struct { - u_char type; - union { - x509cert_t *x509; - pgpcert_t *pgp; - } u; -} cert_t; +/* access structure for a pluto certificate */ + +typedef struct cert_t cert_t; + +struct cert_t { + certificate_t *cert; + cert_t *next; + int count; + bool smartcard; +}; /* used for initialization */ extern const cert_t cert_empty; @@ -62,19 +65,17 @@ extern const cert_t cert_empty; */ extern bool no_cr_send; -extern public_key_t* cert_get_public_key(const cert_t cert); -extern chunk_t cert_get_encoding(cert_t cert); extern private_key_t* load_private_key(char* filename, prompt_pass_t *pass, key_type_t type); -extern bool load_coded_file(char *filename, prompt_pass_t *pass, - const char *type, chunk_t *blob, bool *pgp); -extern bool load_cert(char *filename, const char *label, cert_t *cert); -extern bool load_host_cert(char *filename, cert_t *cert); -extern bool load_ca_cert(char *filename, cert_t *cert); -extern bool same_cert(const cert_t *a, const cert_t *b); -extern void share_cert(cert_t cert); -extern void release_cert(cert_t cert); -extern void list_certs(bool utc); +extern cert_t* load_cert(char *filename, const char *label, x509_flag_t flags); +extern cert_t* load_host_cert(char *filename); +extern cert_t* load_ca_cert(char *filename); +extern cert_t* cert_add(cert_t *cert); +extern void cert_free(cert_t *cert); +extern void cert_share(cert_t *cert); +extern void cert_release(cert_t *cert); +extern void cert_list(bool utc); +extern cert_t* get_x509cert(identification_t *issuer, chunk_t keyid, cert_t* chain); #endif /* _CERTS_H */ diff --git a/src/pluto/connections.c b/src/pluto/connections.c index b800b1665..fece34eec 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -30,15 +30,15 @@ #include #include "kameipsec.h" +#include #include #include "constants.h" #include "defs.h" -#include "id.h" +#include "myid.h" #include "x509.h" #include "ca.h" #include "crl.h" -#include "pgpcert.h" #include "certs.h" #include "ac.h" #include "smartcard.h" @@ -62,9 +62,9 @@ #include "nat_traversal.h" #include "virtual.h" -static void flush_pending_by_connection(struct connection *c); /* forward */ +static void flush_pending_by_connection(connection_t *c); /* forward */ -static struct connection *connections = NULL; +static connection_t *connections = NULL; /* struct host_pair: a nexus of information about a pair of hosts. * A host is an IP address, UDP port pair. This is a debatable choice: @@ -82,34 +82,62 @@ struct host_pair { u_int16_t port; /* host order */ } me, him; bool initial_connection_sent; - struct connection *connections; /* connections with this pair */ + connection_t *connections; /* connections with this pair */ struct pending *pending; /* awaiting Keying Channel */ struct host_pair *next; }; static struct host_pair *host_pairs = NULL; -static struct connection *unoriented_connections = NULL; +static connection_t *unoriented_connections = NULL; -/* check to see that Ids of peers match */ -bool -same_peer_ids(const struct connection *c, const struct connection *d -, const struct id *his_id) +/** + * Check if an id was instantiated by assigning to it the current IP address + */ +bool his_id_was_instantiated(const connection_t *c) { - return same_id(&c->spd.this.id, &d->spd.this.id) - && same_id(his_id == NULL? &c->spd.that.id : his_id, &d->spd.that.id); + if (c->kind != CK_INSTANCE) + { + return FALSE; + } + if (id_is_ipaddr(c->spd.that.id)) + { + identification_t *host; + bool equal; + + host = identification_create_from_sockaddr((sockaddr_t*)&c->spd.that.host_addr); + equal = host->equals(host, c->spd.that.id); + host->destroy(host); + return equal; + } + else + { + return TRUE; + } } -static struct host_pair * -find_host_pair(const ip_address *myaddr, u_int16_t myport -, const ip_address *hisaddr, u_int16_t hisport) +/** + * Check to see that IDs of peers match + */ +bool same_peer_ids(const connection_t *c, const connection_t *d, + identification_t *his_id) +{ + return d->spd.this.id->equals(d->spd.this.id, c->spd.this.id) && + d->spd.that.id->equals(d->spd.that.id, + his_id ? his_id : c->spd.that.id); +} + +static struct host_pair *find_host_pair(const ip_address *myaddr, + u_int16_t myport, + const ip_address *hisaddr, + u_int16_t hisport) { struct host_pair *p, *prev; /* default hisaddr to an appropriate any */ if (hisaddr == NULL) hisaddr = aftoinfo(addrtypeof(myaddr))->any; - + if (nat_traversal_enabled) { /** @@ -125,7 +153,7 @@ find_host_pair(const ip_address *myaddr, u_int16_t myport if (sameaddr(&p->me.addr, myaddr) && p->me.port == myport && sameaddr(&p->him.addr, hisaddr) && p->him.port == hisport) { - if (prev != NULL) + if (prev) { prev->next = p->next; /* remove p from list */ p->next = host_pairs; /* and stick it on front */ @@ -138,15 +166,16 @@ find_host_pair(const ip_address *myaddr, u_int16_t myport } /* find head of list of connections with this pair of hosts */ -static struct connection * -find_host_pair_connections(const ip_address *myaddr, u_int16_t myport -, const ip_address *hisaddr, u_int16_t hisport) +static connection_t *find_host_pair_connections(const ip_address *myaddr, + u_int16_t myport, + const ip_address *hisaddr, + u_int16_t hisport) { struct host_pair *hp = find_host_pair(myaddr, myport, hisaddr, hisport); if (nat_traversal_enabled && hp && hisaddr) { - struct connection *c; + connection_t *c; for (c = hp->connections; c != NULL; c = c->hp_next) { @@ -158,8 +187,7 @@ find_host_pair_connections(const ip_address *myaddr, u_int16_t myport return hp == NULL? NULL : hp->connections; } -static void -connect_to_host_pair(struct connection *c) +static void connect_to_host_pair(connection_t *c) { if (oriented(*c)) { @@ -206,10 +234,9 @@ connect_to_host_pair(struct connection *c) * Move the winner (if any) to the front. * If none is found, and strict, a diagnostic is logged to whack. */ -struct connection * -con_by_name(const char *nm, bool strict) +connection_t *con_by_name(const char *nm, bool strict) { - struct connection *p, *prev; + connection_t *p, *prev; for (prev = NULL, p = connections; ; prev = p, p = p->ac_next) { @@ -223,7 +250,7 @@ con_by_name(const char *nm, bool strict) if (streq(p->name, nm) && (!strict || p->kind != CK_INSTANCE)) { - if (prev != NULL) + if (prev) { prev->ac_next = p->ac_next; /* remove p from list */ p->ac_next = connections; /* and stick it on front */ @@ -235,8 +262,7 @@ con_by_name(const char *nm, bool strict) return p; } -void -release_connection(struct connection *c, bool relations) +void release_connection(connection_t *c, bool relations) { if (c->kind == CK_INSTANCE) { @@ -264,10 +290,9 @@ release_connection(struct connection *c, bool relations) } -void -delete_connection(struct connection *c, bool relations) +void delete_connection(connection_t *c, bool relations) { - struct connection *old_cur_connection + connection_t *old_cur_connection = cur_connection == c? NULL : cur_connection; #ifdef DEBUG lset_t old_cur_debugging = cur_debugging; @@ -294,26 +319,30 @@ delete_connection(struct connection *c, bool relations) release_connection(c, relations); /* won't delete c */ if (c->kind == CK_GROUP) + { delete_group(c); + } /* free up any logging resources */ perpeer_logfree(c); /* find and delete c from connections list */ - list_rm(struct connection, ac_next, c, connections); + list_rm(connection_t, ac_next, c, connections); cur_connection = old_cur_connection; /* find and delete c from the host pair list */ if (c->host_pair == NULL) { if (c->ikev1) - list_rm(struct connection, hp_next, c, unoriented_connections); + { + list_rm(connection_t, hp_next, c, unoriented_connections); + } } else { struct host_pair *hp = c->host_pair; - list_rm(struct connection, hp_next, c, hp->connections); + list_rm(connection_t, hp_next, c, hp->connections); c->host_pair = NULL; /* redundant, but safe */ /* if there are no more connections with this host_pair @@ -332,25 +361,45 @@ delete_connection(struct connection *c, bool relations) { free(c->spd.that.virt); } + + /* release virtual IP address lease if any */ + if (c->spd.that.modecfg && c->spd.that.pool && + !isanyaddr(&c->spd.that.host_srcip)) + { + host_t *vip; + + vip = host_create_from_sockaddr((sockaddr_t*)&c->spd.that.host_srcip); + lib->attributes->release_address(lib->attributes, c->spd.that.pool, + vip, c->spd.that.id); + vip->destroy(vip); + } + + /* free internal data */ #ifdef DEBUG cur_debugging = old_cur_debugging; #endif free(c->name); - free_id_content(&c->spd.this.id); + DESTROY_IF(c->spd.this.id); + DESTROY_IF(c->spd.this.ca); + DESTROY_IF(c->spd.this.groups); free(c->spd.this.updown); - free(c->spd.this.ca.ptr); - free_ietfAttrList(c->spd.this.groups); - free_id_content(&c->spd.that.id); + free(c->spd.this.pool); + DESTROY_IF(c->spd.that.id); + DESTROY_IF(c->spd.that.ca); + DESTROY_IF(c->spd.that.groups); free(c->spd.that.updown); - free(c->spd.that.ca.ptr); - free_ietfAttrList(c->spd.that.groups); - free_generalNames(c->requested_ca, TRUE); + free(c->spd.that.pool); + if (c->requested_ca) + { + c->requested_ca->destroy_offset(c->requested_ca, + offsetof(identification_t, destroy)); + } gw_delref(&c->gw_info); lock_certs_and_keys("delete_connection"); - release_cert(c->spd.this.cert); + cert_release(c->spd.this.cert); scx_release(c->spd.this.sc); - release_cert(c->spd.that.cert); + cert_release(c->spd.that.cert); scx_release(c->spd.that.sc); unlock_certs_and_keys("delete_connection"); @@ -361,30 +410,29 @@ delete_connection(struct connection *c, bool relations) } /* Delete connections with the specified name */ -void -delete_connections_by_name(const char *name, bool strict) +void delete_connections_by_name(const char *name, bool strict) { - struct connection *c = con_by_name(name, strict); + connection_t *c = con_by_name(name, strict); for (; c != NULL; c = con_by_name(name, FALSE)) delete_connection(c, FALSE); } -void -delete_every_connection(void) +void delete_every_connection(void) { - while (connections != NULL) + while (connections) + { delete_connection(connections, TRUE); + } } -void -release_dead_interfaces(void) +void release_dead_interfaces(void) { struct host_pair *hp; for (hp = host_pairs; hp != NULL; hp = hp->next) { - struct connection **pp + connection_t **pp , *p; for (pp = &hp->connections; (p = *pp) != NULL; ) @@ -427,18 +475,17 @@ release_dead_interfaces(void) } /* adjust orientations of connections to reflect newly added interfaces */ -void -check_orientations(void) +void check_orientations(void) { /* try to orient all the unoriented connections */ { - struct connection *c = unoriented_connections; + connection_t *c = unoriented_connections; unoriented_connections = NULL; - while (c != NULL) + while (c) { - struct connection *nxt = c->hp_next; + connection_t *nxt = c->hp_next; (void)orient(c); connect_to_host_pair(c); @@ -472,12 +519,12 @@ check_orientations(void) * cost of leaving it is slight and cannot * be induced by a foe). */ - struct connection *c = hp->connections; + connection_t *c = hp->connections; hp->connections = NULL; - while (c != NULL) + while (c) { - struct connection *nxt = c->hp_next; + connection_t *nxt = c->hp_next; c->interface = NULL; (void)orient(c); @@ -491,34 +538,38 @@ check_orientations(void) } } -static err_t -default_end(struct end *e, ip_address *dflt_nexthop) +static err_t default_end(struct end *e, ip_address *dflt_nexthop) { err_t ugh = NULL; - const struct af_info *afi = aftoinfo(addrtypeof(&e->host_addr)); + int af = addrtypeof(&e->host_addr); - if (afi == NULL) + if (af != AF_INET && af != AF_INET6) + { return "unknown address family in default_end"; + } /* default ID to IP (but only if not NO_IP -- WildCard) */ - if (e->id.kind == ID_ANY && !isanyaddr(&e->host_addr)) + if (e->id->get_type(e->id) == ID_ANY && !isanyaddr(&e->host_addr)) { - e->id.kind = afi->id_addr; - e->id.ip_addr = e->host_addr; + e->id->destroy(e->id); + e->id = identification_create_from_sockaddr((sockaddr_t*)&e->host_addr); e->has_id_wildcards = FALSE; } /* default nexthop to other side */ if (isanyaddr(&e->host_nexthop)) + { e->host_nexthop = *dflt_nexthop; + } /* default client to subnet containing only self * XXX This may mean that the client's address family doesn't match * tunnel_addr_family. */ if (!e->has_client) + { ugh = addrtosubnet(&e->host_addr, &e->client); - + } return ugh; } @@ -527,15 +578,10 @@ default_end(struct end *e, ip_address *dflt_nexthop) * Note: if that==NULL, skip nexthop * Returns strlen of formated result (length excludes NUL at end). */ -size_t -format_end(char *buf -, size_t buf_len -, const struct end *this -, const struct end *that -, bool is_left -, lset_t policy) +size_t format_end(char *buf, size_t buf_len, const struct end *this, + const struct end *that, bool is_left, lset_t policy) { - char client[SUBNETTOT_BUF]; + char client[BUF_LEN]; const char *client_sep = ""; char protoport[sizeof(":255/65535")]; const char *host = NULL; @@ -591,17 +637,24 @@ format_end(char *buf if (isanyaddr(&client_net) && isanyaddr(&client_mask) && (policy & (POLICY_GROUP | POLICY_OPPO))) + { client_sep = ""; /* boring case */ + } else if (subnetisnone(&this->client)) + { strcpy(client, "?"); + } else + { subnettot(&this->client, 0, client, sizeof(client)); + } } else if (this->modecfg && isanyaddr(&this->host_srcip)) { - /* we are mode config client */ + /* we are mode config client, or a server with a pool */ client_sep = "==="; - strcpy(client, "%modecfg"); + client[0] = '%'; + strcpy(client+1, this->pool ? this->pool : "modecfg"); } /* host */ @@ -613,53 +666,50 @@ format_end(char *buf host_port[0] = '\0'; if (this->host_port != IKE_UDP_PORT) - snprintf(host_port, sizeof(host_port), ":%u" - , this->host_port); + { + snprintf(host_port, sizeof(host_port), ":%u", this->host_port); + } /* payload portocol and port */ protoport[0] = '\0'; if (this->has_port_wildcard) + { snprintf(protoport, sizeof(protoport), ":%u/%%any", this->protocol); + } else if (this->port || this->protocol) + { snprintf(protoport, sizeof(protoport), ":%u/%u", this->protocol , this->port); - - /* id, if different from host */ - host_id[0] = '\0'; - if (this->id.kind == ID_MYID) - { - strcpy(host_id, "[%myid]"); } - else if (!(this->id.kind == ID_ANY - || (id_is_ipaddr(&this->id) && sameaddr(&this->id.ip_addr, &this->host_addr)))) - { - int len = idtoa(&this->id, host_id+1, sizeof(host_id)-2); - host_id[0] = '['; - strcpy(&host_id[len < 0? (ptrdiff_t)sizeof(host_id)-2 : 1 + len], "]"); - } + /* id */ + snprintf(host_id, sizeof(host_id), "[%Y]", this->id); /* [---hop] */ hop[0] = '\0'; hop_sep = ""; - if (that != NULL && !sameaddr(&this->host_nexthop, &that->host_addr)) + if (that && !sameaddr(&this->host_nexthop, &that->host_addr)) { addrtot(&this->host_nexthop, 0, hop, sizeof(hop)); hop_sep = "---"; } if (is_left) + { snprintf(buf, buf_len, "%s%s%s%s%s%s%s%s%s%s%s" , open_brackets, client, close_brackets, client_sep , this->allow_any? "%":"" , host, host_port, host_id, protoport , hop_sep, hop); + } else + { snprintf(buf, buf_len, "%s%s%s%s%s%s%s%s%s%s%s" , hop, hop_sep , this->allow_any? "%":"" , host, host_port, host_id, protoport, client_sep , open_brackets, client, close_brackets); + } return strlen(buf); } @@ -668,10 +718,9 @@ format_end(char *buf */ #define CONNECTION_BUF (2 * (END_BUF - 1) + 4) -static size_t -format_connection(char *buf, size_t buf_len - , const struct connection *c - , struct spd_route *sr) +static size_t format_connection(char *buf, size_t buf_len, + const connection_t *c, + struct spd_route *sr) { size_t w = format_end(buf, buf_len, &sr->this, &sr->that, TRUE, LEMPTY); @@ -679,22 +728,35 @@ format_connection(char *buf, size_t buf_len return w + format_end(buf + w, buf_len - w, &sr->that, &sr->this, FALSE, c->policy); } -static void -unshare_connection_strings(struct connection *c) +static void unshare_connection_strings(connection_t *c) { c->name = clone_str(c->name); - - unshare_id_content(&c->spd.this.id); + c->spd.this.id = c->spd.this.id->clone(c->spd.this.id); + c->spd.this.pool = clone_str(c->spd.this.pool); c->spd.this.updown = clone_str(c->spd.this.updown); scx_share(c->spd.this.sc); - share_cert(c->spd.this.cert); - c->spd.this.ca = chunk_clone(c->spd.this.ca); - - unshare_id_content(&c->spd.that.id); + cert_share(c->spd.this.cert); + if (c->spd.this.ca) + { + c->spd.this.ca = c->spd.this.ca->clone(c->spd.this.ca); + } + if (c->spd.this.groups) + { + c->spd.this.groups = c->spd.this.groups->get_ref(c->spd.this.groups); + } + c->spd.that.id = c->spd.that.id->clone(c->spd.that.id); + c->spd.that.pool = clone_str(c->spd.that.pool); c->spd.that.updown = clone_str(c->spd.that.updown); scx_share(c->spd.that.sc); - share_cert(c->spd.that.cert); - c->spd.that.ca = chunk_clone(c->spd.that.ca); + cert_share(c->spd.that.cert); + if (c->spd.that.ca) + { + c->spd.that.ca = c->spd.that.ca->clone(c->spd.that.ca); + } + if (c->spd.that.groups) + { + c->spd.that.groups = c->spd.that.groups->get_ref(c->spd.that.groups); + } /* increment references to algo's */ alg_info_addref((struct alg_info *)c->alg_info_esp); @@ -703,137 +765,116 @@ unshare_connection_strings(struct connection *c) static void load_end_certificate(char *filename, struct end *dst) { - time_t valid_until; - cert_t cert; - bool valid_cert = FALSE; + time_t notBefore, notAfter; + cert_t *cert = NULL; + certificate_t *certificate; bool cached_cert = FALSE; - + /* initialize end certificate */ - dst->cert.type = CERT_NONE; - dst->cert.u.x509 = NULL; + dst->cert = NULL; /* initialize smartcard info record */ dst->sc = NULL; - if (filename != NULL) + if (filename) { if (scx_on_smartcard(filename)) { /* load cert from smartcard */ - valid_cert = scx_load_cert(filename, &dst->sc, &cert, &cached_cert); + cert = scx_load_cert(filename, &dst->sc, &cached_cert); } else { /* load cert from file */ - valid_cert = load_host_cert(filename, &cert); + cert = load_host_cert(filename); } } - if (valid_cert) + if (cert) { - err_t ugh = NULL; + certificate = cert->cert; - switch (cert.type) + if (dst->id->get_type(dst->id) == ID_ANY || + !certificate->has_subject(certificate, dst->id)) { - case CERT_PGP: - select_pgpcert_id(cert.u.pgp, &dst->id); + plog( " id '%Y' not confirmed by certificate, defaulting to '%Y'", + dst->id, certificate->get_subject(certificate)); + dst->id->destroy(dst->id); + dst->id = certificate->get_subject(certificate); + dst->id = dst->id->clone(dst->id); + } - if (cached_cert) - dst->cert = cert; - else + if (cached_cert) + { + dst->cert = cert; + } + else + { + if (!certificate->get_validity(certificate, NULL, ¬Before, ¬After)) { - valid_until = cert.u.pgp->until; - add_pgp_public_key(cert.u.pgp, cert.u.pgp->until, DAL_LOCAL); - dst->cert.type = cert.type; - dst->cert.u.pgp = add_pgpcert(cert.u.pgp); + plog("certificate is invalid (valid from %T to %T)", + ¬Before, FALSE, ¬After, FALSE); + cert_free(cert); + return; } - break; - case CERT_X509_SIGNATURE: - select_x509cert_id(cert.u.x509, &dst->id); + DBG(DBG_CONTROL, + DBG_log("certificate is valid") + ) + add_public_key_from_cert(cert, notAfter, DAL_LOCAL); + dst->cert = cert_add(cert); + } + certificate = dst->cert->cert; - if (cached_cert) - dst->cert = cert; - else - { - /* check validity of cert */ - valid_until = cert.u.x509->notAfter; - ugh = check_validity(cert.u.x509, &valid_until); - if (ugh != NULL) - { - plog(" %s", ugh); - free_x509cert(cert.u.x509); - break; - } + /* if no CA is defined, use issuer as default */ + if (dst->ca == NULL && certificate->get_type(certificate) == CERT_X509) + { + identification_t *issuer; - DBG(DBG_CONTROL, - DBG_log("certificate is valid") - ) - add_x509_public_key(cert.u.x509, valid_until, DAL_LOCAL); - dst->cert.type = cert.type; - dst->cert.u.x509 = add_x509cert(cert.u.x509); - } - /* if no CA is defined, use issuer as default */ - if (dst->ca.ptr == NULL) - dst->ca = dst->cert.u.x509->issuer; - break; - default: - break; + issuer = certificate->get_issuer(certificate); + dst->ca = issuer->clone(issuer); } /* cache the certificate that was last retrieved from the smartcard */ - if (dst->sc != NULL) + if (dst->sc) { - if (!same_cert(&dst->sc->last_cert, &dst->cert)) + if (!certificate->equals(certificate, dst->sc->last_cert->cert)) { lock_certs_and_keys("load_end_certificates"); - release_cert(dst->sc->last_cert); + cert_release(dst->sc->last_cert); dst->sc->last_cert = dst->cert; - share_cert(dst->cert); + cert_share(dst->cert); unlock_certs_and_keys("load_end_certificates"); } time(&dst->sc->last_load); } } + scx_share(dst->sc); + cert_share(dst->cert); } -static bool -extract_end(struct end *dst, const whack_end_t *src, const char *which) +static bool extract_end(struct end *dst, const whack_end_t *src, + const char *which) { bool same_ca = FALSE; - /* decode id, if any */ - if (src->id == NULL) - { - dst->id.kind = ID_ANY; - } - else - { - err_t ugh = atoid(src->id, &dst->id, TRUE); - - if (ugh != NULL) - { - loglog(RC_BADID, "bad %s --id: %s (ignored)", which, ugh); - dst->id = empty_id; /* ignore bad one */ - } - } - - dst->ca = chunk_empty; + dst->id = identification_create_from_string(src->id); + dst->ca = NULL; /* decode CA distinguished name, if any */ - if (src->ca != NULL) + if (src->ca) { if streq(src->ca, "%same") + { same_ca = TRUE; + } else if (!streq(src->ca, "%any")) { - err_t ugh; - - dst->ca.ptr = temporary_cyclic_buffer(); - ugh = atodn(src->ca, &dst->ca); - if (ugh != NULL) + dst->ca = identification_create_from_string(src->ca); + if (dst->ca->get_type(dst->ca) != ID_DER_ASN1_DN) { - plog("bad CA string '%s': %s (ignored)", src->ca, ugh); - dst->ca = chunk_empty; + plog("bad CA string '%s', ignored", src->ca); + dst->ca->destroy(dst->ca); + dst->ca = NULL; } } } @@ -842,10 +883,13 @@ extract_end(struct end *dst, const whack_end_t *src, const char *which) load_end_certificate(src->cert, dst); /* does id has wildcards? */ - dst->has_id_wildcards = id_count_wildcards(&dst->id) > 0; + dst->has_id_wildcards = dst->id->contains_wildcards(dst->id); /* decode group attributes, if any */ - decode_groups(src->groups, &dst->groups); + if (src->groups) + { + dst->groups = ietf_attributes_create_from_string(src->groups); + } /* the rest is simple copying of corresponding fields */ dst->host_addr = src->host_addr; @@ -863,30 +907,38 @@ extract_end(struct end *dst, const whack_end_t *src, const char *which) dst->hostaccess = src->hostaccess; dst->allow_any = src->allow_any; dst->sendcert = src->sendcert; - dst->updown = src->updown; + dst->updown = clone_str(src->updown); dst->host_port = src->host_port; + /* if the sourceip netmask is zero a named pool exists */ + if (src->sourceip_mask == 0) + { + dst->pool = clone_str(src->sourceip); + } + /* if host sourceip is defined but no client is present * behind the host then set client to sourceip/32 */ - if (addrbytesptr(&dst->host_srcip, NULL) - && !isanyaddr(&dst->host_srcip) - && !dst->has_natip - && !dst->has_client) + if (addrbytesptr(&dst->host_srcip, NULL) && + !isanyaddr(&dst->host_srcip) && !dst->has_natip && !dst->has_client) { err_t ugh = addrtosubnet(&dst->host_srcip, &dst->client); - if (ugh != NULL) + if (ugh) + { plog("could not assign host sourceip to client subnet"); + } else + { dst->has_client = TRUE; + } } return same_ca; } -static bool -check_connection_end(const whack_end_t *this, const whack_end_t *that -, const whack_message_t *wm) +static bool check_connection_end(const whack_end_t *this, + const whack_end_t *that, + const whack_message_t *wm) { if (wm->addr_family != addrtypeof(&this->host_addr) || wm->addr_family != addrtypeof(&this->host_nexthop) @@ -921,23 +973,23 @@ check_connection_end(const whack_end_t *this, const whack_end_t *that return TRUE; /* happy */ } -struct connection * -find_connection_by_reqid(uint32_t reqid) +connection_t *find_connection_by_reqid(uint32_t reqid) { - struct connection *c; + connection_t *c; reqid &= ~3; for (c = connections; c != NULL; c = c->ac_next) { if (c->spd.reqid == reqid) + { return c; + } } return NULL; } -static uint32_t -gen_reqid(void) +static uint32_t gen_reqid(void) { uint32_t start; static uint32_t reqid = IPSEC_MANUAL_REQID_MAX & ~3; @@ -946,17 +998,20 @@ gen_reqid(void) do { reqid += 4; if (reqid == 0) + { reqid = (IPSEC_MANUAL_REQID_MAX & ~3) + 4; + } if (!find_connection_by_reqid(reqid)) + { return reqid; + } } while (reqid != start); exit_log("unable to allocate reqid"); return 0; /* never reached ... */ } -void -add_connection(const whack_message_t *wm) +void add_connection(const whack_message_t *wm) { if (con_by_name(wm->name, FALSE) != NULL) { @@ -973,45 +1028,50 @@ add_connection(const whack_message_t *wm) && check_connection_end(&wm->left, &wm->right, wm)) { bool same_rightca, same_leftca; - struct connection *c = malloc_thing(struct connection); + connection_t *c = malloc_thing(connection_t); zero(c); - c->name = wm->name; + c->name = clone_str(wm->name); c->ikev1 = wm->ikev1; c->policy = wm->policy; if ((c->policy & POLICY_COMPRESS) && !can_do_IPcomp) + { loglog(RC_COMMENT , "ignoring --compress in \"%s\" because KLIPS is not configured to do IPCOMP" , c->name); + } if (wm->esp) { DBG(DBG_CONTROL, DBG_log("from whack: got --esp=%s", wm->esp ? wm->esp: "NULL") ) - c->alg_info_esp= alg_info_esp_create_from_str(wm->esp? wm->esp : ""); + c->alg_info_esp = alg_info_esp_create_from_str(wm->esp? wm->esp : ""); DBG(DBG_CRYPT|DBG_CONTROL, static char buf[BUF_LEN]=""; if (c->alg_info_esp) + { alg_info_snprint(buf, sizeof(buf) ,(struct alg_info *)c->alg_info_esp); + } DBG_log("esp proposal: %s", buf); ) if (c->alg_info_esp) { - if (c->alg_info_esp->alg_info_cnt==0) - loglog(RC_LOG_SERIOUS - , "got 0 transforms for esp=\"%s\"", wm->esp); + if (c->alg_info_esp->alg_info_cnt == 0) + { + loglog(RC_LOG_SERIOUS, "got 0 esp transforms"); + } } else { - loglog(RC_LOG_SERIOUS, "esp string error"); + loglog(RC_LOG_SERIOUS, "syntax error in esp string"); } } - + if (wm->ike) { DBG(DBG_CONTROL, @@ -1023,22 +1083,25 @@ add_connection(const whack_message_t *wm) static char buf[BUF_LEN]=""; if (c->alg_info_ike) + { alg_info_snprint(buf, sizeof(buf) , (struct alg_info *)c->alg_info_ike); + } DBG_log("ike proposal: %s", buf); ) if (c->alg_info_ike) { - if (c->alg_info_ike->alg_info_cnt==0) - loglog(RC_LOG_SERIOUS - , "got 0 transforms for ike=\"%s\"", wm->ike); + if (c->alg_info_ike->alg_info_cnt == 0) + { + loglog(RC_LOG_SERIOUS, "got 0 ike transforms"); + } } else { - loglog(RC_LOG_SERIOUS, "ike string error:"); + loglog(RC_LOG_SERIOUS, "syntax error in ike string"); } } - + c->sa_ike_life_seconds = wm->sa_ike_life_seconds; c->sa_ipsec_life_seconds = wm->sa_ipsec_life_seconds; c->sa_rekey_margin = wm->sa_rekey_margin; @@ -1059,9 +1122,13 @@ add_connection(const whack_message_t *wm) same_rightca = extract_end(&c->spd.that, &wm->right, "right"); if (same_rightca) - c->spd.that.ca = c->spd.this.ca; + { + c->spd.that.ca = c->spd.this.ca->clone(c->spd.this.ca); + } else if (same_leftca) - c->spd.this.ca = c->spd.that.ca; + { + c->spd.this.ca = c->spd.that.ca->clone(c->spd.that.ca); + } default_end(&c->spd.this, &c->spd.that.host_addr); default_end(&c->spd.that, &c->spd.this.host_addr); @@ -1127,16 +1194,17 @@ add_connection(const whack_message_t *wm) c->spd.that.has_client = TRUE; } - unshare_connection_strings(c); (void)orient(c); if (c->ikev1) + { connect_to_host_pair(c); + } /* log all about this connection */ plog("added connection description \"%s\"", c->name); DBG(DBG_CONTROL, - char topo[CONNECTION_BUF]; + char topo[BUF_LEN]; (void) format_connection(topo, sizeof(topo), c, &c->spd); @@ -1172,12 +1240,10 @@ add_connection(const whack_message_t *wm) * Returns name of new connection. May be NULL. * Caller is responsible for freeing. */ -char * -add_group_instance(struct connection *group, const ip_subnet *target) +char *add_group_instance(connection_t *group, const ip_subnet *target) { - char namebuf[100] - , targetbuf[SUBNETTOT_BUF]; - struct connection *t; + char namebuf[100], targetbuf[SUBNETTOT_BUF]; + connection_t *t; char *name = NULL; passert(group->kind == CK_GROUP); @@ -1213,7 +1279,7 @@ add_group_instance(struct connection *group, const ip_subnet *target) if (t->spd.that.virt) { DBG_log("virtual_ip not supported in group instance"); - t->spd.that.virt = NULL; + t->spd.that.virt = NULL; } /* add to connections list */ @@ -1234,9 +1300,8 @@ add_group_instance(struct connection *group, const ip_subnet *target) } /* an old target has disappeared for a group: delete instance */ -void -remove_group_instance(const struct connection *group USED_BY_DEBUG -, const char *name) +void remove_group_instance(const connection_t *group USED_BY_DEBUG, + const char *name) { passert(group->kind == CK_GROUP); passert(oriented(*group)); @@ -1254,13 +1319,10 @@ remove_group_instance(const struct connection *group USED_BY_DEBUG * * Note that instantiate can only deal with a single SPD/eroute. */ -static struct connection * -instantiate(struct connection *c, const ip_address *him -, u_int16_t his_port -, const struct id *his_id) +static connection_t *instantiate(connection_t *c, const ip_address *him, + u_int16_t his_port, identification_t *his_id) { - struct connection *d; - int wildcards; + connection_t *d; passert(c->kind == CK_TEMPLATE); passert(c->spd.next == NULL); @@ -1269,15 +1331,20 @@ instantiate(struct connection *c, const ip_address *him d = clone_thing(*c); d->spd.that.allow_any = FALSE; - if (his_id != NULL) + if (his_id) { - passert(match_id(his_id, &d->spd.that.id, &wildcards)); - d->spd.that.id = *his_id; + d->spd.that.id = his_id; d->spd.that.has_id_wildcards = FALSE; } unshare_connection_strings(d); - unshare_ietfAttrList(&d->spd.this.groups); - unshare_ietfAttrList(&d->spd.that.groups); + if (d->spd.this.groups) + { + d->spd.this.groups = d->spd.this.groups->get_ref(d->spd.this.groups); + } + if (d->spd.that.groups) + { + d->spd.that.groups = d->spd.that.groups->get_ref(d->spd.that.groups); + } d->kind = CK_INSTANCE; passert(oriented(*d)); @@ -1318,11 +1385,11 @@ instantiate(struct connection *c, const ip_address *him } } -struct connection * -rw_instantiate(struct connection *c, const ip_address *him, u_int16_t his_port -, const ip_subnet *his_net, const struct id *his_id) +connection_t *rw_instantiate(connection_t *c, const ip_address *him, + u_int16_t his_port, const ip_subnet *his_net, + identification_t *his_id) { - struct connection *d = instantiate(c, him, his_port, his_id); + connection_t *d = instantiate(c, him, his_port, his_id); if (d && his_net && is_virtual_connection(c)) { @@ -1345,15 +1412,12 @@ rw_instantiate(struct connection *c, const ip_address *him, u_int16_t his_port return d; } -struct connection * -oppo_instantiate(struct connection *c -, const ip_address *him -, const struct id *his_id -, struct gw_info *gw -, const ip_address *our_client USED_BY_DEBUG -, const ip_address *peer_client) +connection_t *oppo_instantiate(connection_t *c, const ip_address *him, + identification_t *his_id, struct gw_info *gw, + const ip_address *our_client USED_BY_DEBUG, + const ip_address *peer_client) { - struct connection *d = instantiate(c, him, 0, his_id); + connection_t *d = instantiate(c, him, 0, his_id); passert(d->spd.next == NULL); @@ -1407,7 +1471,7 @@ oppo_instantiate(struct connection *c d->instance_initiation_ok = TRUE; DBG(DBG_CONTROL, - char topo[CONNECTION_BUF]; + char topo[BUF_LEN]; (void) format_connection(topo, sizeof(topo), d, &d->spd); DBG_log("instantiated \"%s\": %s", d->name, topo); @@ -1416,14 +1480,17 @@ oppo_instantiate(struct connection *c } /* priority formatting */ -void -fmt_policy_prio(policy_prio_t pp, char buf[POLICY_PRIO_BUF]) +void fmt_policy_prio(policy_prio_t pp, char buf[POLICY_PRIO_BUF]) { if (pp == BOTTOM_PRIO) + { snprintf(buf, POLICY_PRIO_BUF, "0"); + } else + { snprintf(buf, POLICY_PRIO_BUF, "%lu,%lu" , pp>>16, (pp & ~(~(policy_prio_t)0 << 16)) >> 8); + } } /* Format any information needed to identify an instance of a connection. @@ -1431,8 +1498,8 @@ fmt_policy_prio(policy_prio_t pp, char buf[POLICY_PRIO_BUF]) * Road Warrior: peer's IP address * Opportunistic: [" " myclient "==="] " ..." peer ["===" hisclient] '\0' */ -static size_t -fmt_client(const ip_subnet *client, const ip_address *gw, const char *prefix, char buf[ADDRTOT_BUF]) +static size_t fmt_client(const ip_subnet *client, const ip_address *gw, + const char *prefix, char buf[ADDRTOT_BUF]) { if (subnetisaddr(client, gw)) { @@ -1452,8 +1519,7 @@ fmt_client(const ip_subnet *client, const ip_address *gw, const char *prefix, ch return strlen(buf); } -void -fmt_conn_instance(const struct connection *c, char buf[CONN_INST_BUF]) +void fmt_conn_instance(const connection_t *c, char buf[CONN_INST_BUF]) { char *p = buf; @@ -1510,13 +1576,12 @@ fmt_conn_instance(const struct connection *c, char buf[CONN_INST_BUF]) * * See also build_outgoing_opportunistic_connection. */ -struct connection * -find_connection_for_clients(struct spd_route **srp, - const ip_address *our_client, - const ip_address *peer_client, - int transport_proto) +connection_t *find_connection_for_clients(struct spd_route **srp, + const ip_address *our_client, + const ip_address *peer_client, + int transport_proto) { - struct connection *c = connections, *best = NULL; + connection_t *c = connections, *best = NULL; policy_prio_t best_prio = BOTTOM_PRIO; struct spd_route *sr; struct spd_route *best_sr = NULL; @@ -1540,7 +1605,9 @@ find_connection_for_clients(struct spd_route **srp, for (c = connections; c != NULL; c = c->ac_next) { if (c->kind == CK_GROUP) + { continue; + } for (sr = &c->spd; best!=c && sr; sr = sr->next) { @@ -1605,11 +1672,14 @@ find_connection_for_clients(struct spd_route **srp, } } - if (best!= NULL && NEVER_NEGOTIATE(best->policy)) + if (best && NEVER_NEGOTIATE(best->policy)) + { best = NULL; - - if (srp != NULL && best != NULL) + } + if (srp && best) + { *srp = best_sr; + } #ifdef DEBUG if (DBGP(DBG_CONTROL)) @@ -1654,25 +1724,18 @@ find_connection_for_clients(struct spd_route **srp, * find_connection_for_clients. In this case, we know the gateways * that we need to instantiate an opportunistic connection. */ -struct connection * -build_outgoing_opportunistic_connection(struct gw_info *gw - ,const ip_address *our_client - ,const ip_address *peer_client) +connection_t *build_outgoing_opportunistic_connection(struct gw_info *gw, + const ip_address *our_client, + const ip_address *peer_client) { struct iface *p; - struct connection *best = NULL; + connection_t *best = NULL; struct spd_route *sr, *bestsr; char ocb[ADDRTOT_BUF], pcb[ADDRTOT_BUF]; addrtot(our_client, 0, ocb, sizeof(ocb)); addrtot(peer_client, 0, pcb, sizeof(pcb)); - passert(!isanyaddr(our_client) && !isanyaddr(peer_client)); - - /* We don't know his ID yet, so gw id must be an ipaddr */ - passert(gw->key != NULL); - passert(id_is_ipaddr(&gw->gw_id)); - /* for each of our addresses... */ for (p = interfaces; p != NULL; p = p->next) { @@ -1680,8 +1743,8 @@ build_outgoing_opportunistic_connection(struct gw_info *gw * We cannot know what port the peer would use, so we assume * that it is pluto_port (makes debugging easier). */ - struct connection *c = find_host_pair_connections(&p->addr - , pluto_port, (ip_address *)NULL, pluto_port); + connection_t *c = find_host_pair_connections(&p->addr, pluto_port, + (ip_address *)NULL, pluto_port); for (; c != NULL; c = c->hp_next) { @@ -1723,18 +1786,25 @@ build_outgoing_opportunistic_connection(struct gw_info *gw } } - if (best == NULL - || NEVER_NEGOTIATE(best->policy) - || (best->policy & POLICY_OPPO) == LEMPTY - || best->kind != CK_TEMPLATE) + if (best == NULL || NEVER_NEGOTIATE(best->policy) || + (best->policy & POLICY_OPPO) == LEMPTY || best->kind != CK_TEMPLATE) + { return NULL; + } else - return oppo_instantiate(best, &gw->gw_id.ip_addr, NULL, gw - , our_client, peer_client); + { + chunk_t encoding = gw->gw_id->get_encoding(gw->gw_id); + id_type_t type = gw->gw_id->get_type(gw->gw_id); + ip_address ip_addr; + + initaddr(encoding.ptr, encoding.len, + (type == ID_IPV4_ADDR) ? AF_INET : AF_INET6, &ip_addr); + + return oppo_instantiate(best, &ip_addr, NULL, gw, our_client, peer_client); + } } -bool -orient(struct connection *c) +bool orient(connection_t *c) { struct spd_route *sr; @@ -1750,7 +1820,9 @@ orient(struct connection *c) for (p = interfaces; p != NULL; p = p->next) { if (p->ike_float) + { continue; + } for (;;) { @@ -1796,12 +1868,11 @@ orient(struct connection *c) return oriented(*c); } -void -initiate_connection(const char *name, int whackfd) +void initiate_connection(const char *name, int whackfd) { - struct connection *c = con_by_name(name, TRUE); + connection_t *c = con_by_name(name, TRUE); - if (c != NULL && c->ikev1) + if (c && c->ikev1) { set_cur_connection(c); if (!oriented(*c)) @@ -1823,11 +1894,11 @@ initiate_connection(const char *name, int whackfd) else { /* do we have to prompt for a PIN code? */ - if (c->spd.this.sc != NULL && !c->spd.this.sc->valid && whackfd != NULL_FD) + if (c->spd.this.sc && !c->spd.this.sc->valid && whackfd != NULL_FD) { scx_get_pin(c->spd.this.sc, whackfd); } - if (c->spd.this.sc != NULL && !c->spd.this.sc->valid) + if (c->spd.this.sc && !c->spd.this.sc->valid) { loglog(RC_NOVALIDPIN, "cannot initiate connection without valid PIN"); } @@ -1836,8 +1907,8 @@ initiate_connection(const char *name, int whackfd) if (c->spd.that.allow_any) { - c = instantiate(c, &c->spd.that.host_addr, c->spd.that.host_port - , &c->spd.that.id); + c = instantiate(c, &c->spd.that.host_addr, + c->spd.that.host_port, c->spd.that.id); } /* We will only request an IPsec SA if policy isn't empty @@ -1928,10 +1999,7 @@ struct find_oppo_continuation { struct find_oppo_bundle b; }; -static void -cannot_oppo(struct connection *c - , struct find_oppo_bundle *b - , err_t ugh) +static void cannot_oppo(connection_t *c, struct find_oppo_bundle *b, err_t ugh) { char pcb[ADDRTOT_BUF]; char ocb[ADDRTOT_BUF]; @@ -1946,11 +2014,11 @@ cannot_oppo(struct connection *c , "Can't Opportunistically initiate for %s to %s: %s" , ocb, pcb, ugh); - if (c != NULL && c->policy_next != NULL) + if (c && c->policy_next) { /* there is some policy that comes afterwards */ struct spd_route *shunt_spd; - struct connection *nc = c->policy_next; + connection_t *nc = c->policy_next; struct state *st; passert(c->kind == CK_TEMPLATE); @@ -2048,12 +2116,9 @@ cannot_oppo(struct connection *c static void initiate_opportunistic_body(struct find_oppo_bundle *b , struct adns_continuation *ac, err_t ac_ugh); /* forward */ -void -initiate_opportunistic(const ip_address *our_client -, const ip_address *peer_client -, int transport_proto -, bool held -, int whackfd) +void initiate_opportunistic(const ip_address *our_client, + const ip_address *peer_client, int transport_proto, + bool held, int whackfd) { struct find_oppo_bundle b; @@ -2070,11 +2135,10 @@ initiate_opportunistic(const ip_address *our_client initiate_opportunistic_body(&b, NULL, NULL); } -static void -continue_oppo(struct adns_continuation *acr, err_t ugh) +static void continue_oppo(struct adns_continuation *acr, err_t ugh) { struct find_oppo_continuation *cr = (void *)acr; /* inherit, damn you! */ - struct connection *c; + connection_t *c; bool was_held = cr->b.held; int whackfd = cr->b.whackfd; @@ -2095,7 +2159,7 @@ continue_oppo(struct adns_continuation *acr, err_t ugh) #ifdef DEBUG /* if we're going to ignore the error, at least note it in debugging log */ - if (cr->b.failure_ok && ugh != NULL) + if (cr->b.failure_ok && ugh) { DBG(DBG_CONTROL | DBG_DNS, { @@ -2110,7 +2174,7 @@ continue_oppo(struct adns_continuation *acr, err_t ugh) } #endif - if (!cr->b.failure_ok && ugh != NULL) + if (!cr->b.failure_ok && ugh) { c = find_connection_for_clients(NULL, &cr->b.our_client, &cr->b.peer_client , cr->b.transport_proto); @@ -2145,10 +2209,8 @@ continue_oppo(struct adns_continuation *acr, err_t ugh) } #ifdef USE_KEYRR -static err_t -check_key_recs(enum myid_state try_state -, const struct connection *c -, struct adns_continuation *ac) +static err_t check_key_recs(enum myid_state try_state, const connection_t *c, + struct adns_continuation *ac) { /* Check if KEY lookup yielded good results. * Looking up based on our ID. Used if @@ -2194,14 +2256,15 @@ check_key_recs(enum myid_state try_state } } } - if (ugh != NULL) + if (ugh) + { myid_state = old_myid_state; + } return ugh; } #endif /* USE_KEYRR */ -static err_t check_txt_recs(enum myid_state try_state, - const struct connection *c, +static err_t check_txt_recs(enum myid_state try_state, const connection_t *c, struct adns_continuation *ac) { /* Check if TXT lookup yielded good results. @@ -2226,7 +2289,7 @@ static err_t check_txt_recs(enum myid_state try_state, { ugh = "we don't know our own RSA key"; } - else if (!same_id(&ac->id, &c->spd.this.id)) + else if (!ac->id->equals(ac->id, c->spd.this.id)) { ugh = "our ID changed underfoot"; } @@ -2251,7 +2314,7 @@ static err_t check_txt_recs(enum myid_state try_state, } } } - if (ugh != NULL) + if (ugh) { myid_state = old_myid_state; } @@ -2260,12 +2323,11 @@ static err_t check_txt_recs(enum myid_state try_state, /* note: gateways_from_dns must be NULL iff this is the first call */ -static void -initiate_opportunistic_body(struct find_oppo_bundle *b -, struct adns_continuation *ac -, err_t ac_ugh) +static void initiate_opportunistic_body(struct find_oppo_bundle *b, + struct adns_continuation *ac, + err_t ac_ugh) { - struct connection *c; + connection_t *c; struct spd_route *sr; /* What connection shall we use? @@ -2353,17 +2415,11 @@ initiate_opportunistic_body(struct find_oppo_bundle *b char mycredentialstr[BUF_LEN]; char cib[CONN_INST_BUF]; - DBG(DBG_CONTROL, DBG_log("creating new instance from \"%s\"%s" - , c->name - , (fmt_conn_instance(c, cib), cib))); - - - idtoa(&sr->this.id, mycredentialstr, sizeof(mycredentialstr)); - - passert(c->policy & POLICY_OPPO); /* can't initiate Road Warrior connections */ + DBG(DBG_CONTROL, DBG_log("creating new instance from \"%s\"%s", + c->name, (fmt_conn_instance(c, cib), cib))); + snprintf(mycredentialstr, BUF_LEN, "%Y", sr->this.id); /* handle any DNS answer; select next step */ - switch (b->step) { case fos_start: @@ -2373,18 +2429,17 @@ initiate_opportunistic_body(struct find_oppo_bundle *b case fos_myid_ip_txt: /* TXT for our default IP address as %myid */ ugh = check_txt_recs(MYID_IP, c, ac); - if (ugh != NULL) + if (ugh) { /* cannot use our IP as OE identitiy for initiation */ - DBG(DBG_OPPO, DBG_log("can not use our IP (%s:TXT) as identity: %s" - , myid_str[MYID_IP] - , ugh)); + DBG(DBG_OPPO, + DBG_log("can not use our IP (%Y:TXT) as identity: %s", + myids[MYID_IP], ugh)); if (!logged_myid_ip_txt_warning) { - loglog(RC_LOG_SERIOUS - , "can not use our IP (%s:TXT) as identity: %s" - , myid_str[MYID_IP] - , ugh); + loglog(RC_LOG_SERIOUS, + "can not use our IP (%Y:TXT) as identity: %s", + myids[MYID_IP], ugh); logged_myid_ip_txt_warning = TRUE; } @@ -2396,9 +2451,9 @@ initiate_opportunistic_body(struct find_oppo_bundle *b /* we can use our IP as OE identity for initiation */ if (!logged_myid_ip_txt_warning) { - loglog(RC_LOG_SERIOUS - , "using our IP (%s:TXT) as identity!" - , myid_str[MYID_IP]); + loglog(RC_LOG_SERIOUS, + "using our IP (%Y:TXT) as identity!", + myids[MYID_IP]); logged_myid_ip_txt_warning = TRUE; } @@ -2408,18 +2463,17 @@ initiate_opportunistic_body(struct find_oppo_bundle *b case fos_myid_hostname_txt: /* TXT for our hostname as %myid */ ugh = check_txt_recs(MYID_HOSTNAME, c, ac); - if (ugh != NULL) + if (ugh) { /* cannot use our hostname as OE identitiy for initiation */ - DBG(DBG_OPPO, DBG_log("can not use our hostname (%s:TXT) as identity: %s" - , myid_str[MYID_HOSTNAME] - , ugh)); + DBG(DBG_OPPO, + DBG_log("can not use our hostname (%Y:TXT) as identity: %s", + myids[MYID_HOSTNAME], ugh)); if (!logged_myid_fqdn_txt_warning) { - loglog(RC_LOG_SERIOUS - , "can not use our hostname (%s:TXT) as identity: %s" - , myid_str[MYID_HOSTNAME] - , ugh); + loglog(RC_LOG_SERIOUS, + "can not use our hostname (%Y:TXT) as identity: %s", + myids[MYID_HOSTNAME], ugh); logged_myid_fqdn_txt_warning = TRUE; } #ifdef USE_KEYRR @@ -2432,9 +2486,9 @@ initiate_opportunistic_body(struct find_oppo_bundle *b /* we can use our hostname as OE identity for initiation */ if (!logged_myid_fqdn_txt_warning) { - loglog(RC_LOG_SERIOUS - , "using our hostname (%s:TXT) as identity!" - , myid_str[MYID_HOSTNAME]); + loglog(RC_LOG_SERIOUS, + "using our hostname (%Y:TXT) as identity!", + myids[MYID_HOSTNAME]); logged_myid_fqdn_txt_warning = TRUE; } next_step = fos_our_client; @@ -2444,18 +2498,17 @@ initiate_opportunistic_body(struct find_oppo_bundle *b #ifdef USE_KEYRR case fos_myid_ip_key: /* KEY for our default IP address as %myid */ ugh = check_key_recs(MYID_IP, c, ac); - if (ugh != NULL) + if (ugh) { /* cannot use our IP as OE identitiy for initiation */ - DBG(DBG_OPPO, DBG_log("can not use our IP (%s:KEY) as identity: %s" - , myid_str[MYID_IP] - , ugh)); + DBG(DBG_OPPO, + DBG_log("can not use our IP (%Y:KEY) as identity: %s", + myids[MYID_IP], ugh)); if (!logged_myid_ip_key_warning) { - loglog(RC_LOG_SERIOUS - , "can not use our IP (%s:KEY) as identity: %s" - , myid_str[MYID_IP] - , ugh); + loglog(RC_LOG_SERIOUS, + "can not use our IP (%Y:KEY) as identity: %s", + myids[MYID_IP], ugh); logged_myid_ip_key_warning = TRUE; } @@ -2467,9 +2520,9 @@ initiate_opportunistic_body(struct find_oppo_bundle *b /* we can use our IP as OE identity for initiation */ if (!logged_myid_ip_key_warning) { - loglog(RC_LOG_SERIOUS - , "using our IP (%s:KEY) as identity!" - , myid_str[MYID_IP]); + loglog(RC_LOG_SERIOUS, + "using our IP (%Y:KEY) as identity!", + myids[MYID_IP]); logged_myid_ip_key_warning = TRUE; } next_step = fos_our_client; @@ -2478,21 +2531,19 @@ initiate_opportunistic_body(struct find_oppo_bundle *b case fos_myid_hostname_key: /* KEY for our hostname as %myid */ ugh = check_key_recs(MYID_HOSTNAME, c, ac); - if (ugh != NULL) + if (ugh) { /* cannot use our IP as OE identitiy for initiation */ - DBG(DBG_OPPO, DBG_log("can not use our hostname (%s:KEY) as identity: %s" - , myid_str[MYID_HOSTNAME] - , ugh)); + DBG(DBG_OPPO, + DBG_log("can not use our hostname (%Y:KEY) as identity: %s", + myids[MYID_HOSTNAME], ugh)); if (!logged_myid_fqdn_key_warning) { - loglog(RC_LOG_SERIOUS - , "can not use our hostname (%s:KEY) as identity: %s" - , myid_str[MYID_HOSTNAME] - , ugh); + loglog(RC_LOG_SERIOUS, + "can not use our hostname (%Y:KEY) as identity: %s", + myids[MYID_HOSTNAME], ugh); logged_myid_fqdn_key_warning = TRUE; } - next_step = fos_myid_hostname_key; ugh = NULL; /* failure can be recovered from */ } @@ -2501,9 +2552,9 @@ initiate_opportunistic_body(struct find_oppo_bundle *b /* we can use our IP as OE identity for initiation */ if (!logged_myid_fqdn_key_warning) { - loglog(RC_LOG_SERIOUS - , "using our hostname (%s:KEY) as identity!" - , myid_str[MYID_HOSTNAME]); + loglog(RC_LOG_SERIOUS, + "using our hostname (%Y:KEY) as identity!", + myids[MYID_HOSTNAME]); logged_myid_fqdn_key_warning = TRUE; } next_step = fos_our_client; @@ -2522,8 +2573,6 @@ initiate_opportunistic_body(struct find_oppo_bundle *b next_step = fos_his_client; /* normal situation */ - passert(sr != NULL); - if (private == NULL) { ugh = "we don't know our own RSA key"; @@ -2533,7 +2582,7 @@ initiate_opportunistic_body(struct find_oppo_bundle *b /* this wasn't true when we started -- bail */ ugh = "our IP address changed underfoot"; } - else if (!same_id(&ac->sgw_id, &sr->this.id)) + else if (!ac->sgw_id->equals(ac->sgw_id, sr->this.id)) { /* this wasn't true when we started -- bail */ ugh = "our ID changed underfoot"; @@ -2548,8 +2597,6 @@ initiate_opportunistic_body(struct find_oppo_bundle *b ugh = "no TXT RR for our client delegates us"; for (gwp = ac->gateways_from_dns; gwp != NULL; gwp = gwp->next) { - passert(same_id(&gwp->gw_id, &sr->this.id)); - ugh = "TXT RR for our client has wrong key"; /* If there is a key from the TXT record, * we count it as a win if we match the key. @@ -2592,7 +2639,7 @@ initiate_opportunistic_body(struct find_oppo_bundle *b { ugh = "we don't know our own RSA key"; } - else if (!same_id(&ac->id, &c->spd.this.id)) + else if (!ac->id->equals(ac->id, c->spd.this.id)) { ugh = "our ID changed underfoot"; } @@ -2606,8 +2653,6 @@ initiate_opportunistic_body(struct find_oppo_bundle *b ugh = "no TXT RR for us"; for (gwp = ac->gateways_from_dns; gwp != NULL; gwp = gwp->next) { - passert(same_id(&gwp->gw_id, &sr->this.id)); - ugh = "TXT RR for us has wrong key"; if (gwp->gw_key_present && private->belongs_to(private, gwp->key->public_key)) @@ -2620,7 +2665,7 @@ initiate_opportunistic_body(struct find_oppo_bundle *b } } #ifdef USE_KEYRR - if (ugh != NULL) + if (ugh) { /* if no TXT with right key, try KEY */ DBG(DBG_CONTROL, @@ -2707,18 +2752,14 @@ initiate_opportunistic_body(struct find_oppo_bundle *b /* We cannot seem to instantiate a suitable connection: * complain clearly. */ - char ocb[ADDRTOT_BUF] - , pcb[ADDRTOT_BUF] - , pb[ADDRTOT_BUF]; + char ocb[ADDRTOT_BUF], pcb[ADDRTOT_BUF]; addrtot(&b->our_client, 0, ocb, sizeof(ocb)); addrtot(&b->peer_client, 0, pcb, sizeof(pcb)); - passert(id_is_ipaddr(&ac->gateways_from_dns->gw_id)); - addrtot(&ac->gateways_from_dns->gw_id.ip_addr, 0, pb, sizeof(pb)); - loglog(RC_OPPOFAILURE - , "no suitable connection for opportunism" - " between %s and %s with %s as peer" - , ocb, pcb, pb); + loglog(RC_OPPOFAILURE, + "no suitable connection for opportunism " + "between %s and %s with %Y as peer", + ocb, pcb, ac->gateways_from_dns->gw_id); #ifdef KLIPS if (b->held) @@ -2774,7 +2815,7 @@ initiate_opportunistic_body(struct find_oppo_bundle *b , ours, his, oppo_step_name[b->step], ugh ? ugh : "ok"); }); - if (ugh != NULL) + if (ugh) { b->policy_prio = c->prio; b->failure_shunt = shunt_policy_spi(c, FALSE); @@ -2788,7 +2829,7 @@ initiate_opportunistic_body(struct find_oppo_bundle *b { /* set up the next query */ struct find_oppo_continuation *cr = malloc_thing(struct find_oppo_continuation); - struct id id; + identification_t *id; b->policy_prio = c->prio; b->failure_shunt = shunt_policy_spi(c, FALSE); @@ -2829,23 +2870,20 @@ initiate_opportunistic_body(struct find_oppo_bundle *b switch (next_step) { case fos_myid_ip_txt: - if (c->spd.this.id.kind == ID_MYID + if (c->spd.this.id->get_type(c->spd.this.id) == ID_MYID && myid_state != MYID_SPECIFIED) { cr->b.failure_ok = TRUE; cr->b.want = b->want = "TXT record for IP address as %myid"; - ugh = start_adns_query(&myids[MYID_IP] - , &myids[MYID_IP] - , T_TXT - , continue_oppo - , &cr->ac); + ugh = start_adns_query(myids[MYID_IP], myids[MYID_IP], + T_TXT, continue_oppo, &cr->ac); break; } cr->b.step = fos_myid_hostname_txt; /* fall through */ case fos_myid_hostname_txt: - if (c->spd.this.id.kind == ID_MYID + if (c->spd.this.id->get_type(c->spd.this.id) == ID_MYID && myid_state != MYID_SPECIFIED) { #ifdef USE_KEYRR @@ -2854,11 +2892,9 @@ initiate_opportunistic_body(struct find_oppo_bundle *b cr->b.failure_ok = FALSE; #endif cr->b.want = b->want = "TXT record for hostname as %myid"; - ugh = start_adns_query(&myids[MYID_HOSTNAME] - , &myids[MYID_HOSTNAME] - , T_TXT - , continue_oppo - , &cr->ac); + ugh = start_adns_query(myids[MYID_HOSTNAME], + myids[MYID_HOSTNAME], + T_TXT, continue_oppo, &cr->ac); break; } @@ -2872,11 +2908,8 @@ initiate_opportunistic_body(struct find_oppo_bundle *b { cr->b.failure_ok = TRUE; cr->b.want = b->want = "KEY record for IP address as %myid (no good TXT)"; - ugh = start_adns_query(&myids[MYID_IP] - , (const struct id *) NULL /* security gateway meaningless */ - , T_KEY - , continue_oppo - , &cr->ac); + ugh = start_adns_query(myids[MYID_IP], NULL, /* security gateway meaningless */ + T_KEY, continue_oppo, &cr->ac); break; } cr->b.step = fos_myid_hostname_key; @@ -2888,11 +2921,8 @@ initiate_opportunistic_body(struct find_oppo_bundle *b { cr->b.failure_ok = FALSE; /* last attempt! */ cr->b.want = b->want = "KEY record for hostname as %myid (no good TXT)"; - ugh = start_adns_query(&myids[MYID_HOSTNAME] - , (const struct id *) NULL /* security gateway meaningless */ - , T_KEY - , continue_oppo - , &cr->ac); + ugh = start_adns_query(myids[MYID_HOSTNAME], NULL, /* security gateway meaningless */ + T_KEY, continue_oppo, &cr->ac); break; } #endif @@ -2906,12 +2936,10 @@ initiate_opportunistic_body(struct find_oppo_bundle *b * Note: {unshare|free}_id_content not needed for id: ephemeral. */ cr->b.want = b->want = "our client's TXT record"; - iptoid(&b->our_client, &id); - ugh = start_adns_query(&id - , &c->spd.this.id /* we are the security gateway */ - , T_TXT - , continue_oppo - , &cr->ac); + id = identification_create_from_sockaddr((sockaddr_t*)&b->our_client); + ugh = start_adns_query(id, c->spd.this.id, /* we are the security gateway */ + T_TXT, continue_oppo, &cr->ac); + id->destroy(id); break; } cr->b.step = fos_our_txt; @@ -2920,22 +2948,16 @@ initiate_opportunistic_body(struct find_oppo_bundle *b case fos_our_txt: /* TXT for us */ cr->b.failure_ok = b->failure_ok = TRUE; cr->b.want = b->want = "our TXT record"; - ugh = start_adns_query(&sr->this.id - , &sr->this.id /* we are the security gateway XXX - maybe ignore? mcr */ - , T_TXT - , continue_oppo - , &cr->ac); + ugh = start_adns_query(sr->this.id, sr->this.id, /* we are the security gateway */ + T_TXT, continue_oppo, &cr->ac); break; #ifdef USE_KEYRR case fos_our_key: /* KEY for us */ cr->b.want = b->want = "our KEY record"; cr->b.failure_ok = b->failure_ok = FALSE; - ugh = start_adns_query(&sr->this.id - , (const struct id *) NULL /* security gateway meaningless */ - , T_KEY - , continue_oppo - , &cr->ac); + ugh = start_adns_query(sr->this.id, NULL, /* security gateway meaningless */ + T_KEY, continue_oppo, &cr->ac); break; #endif /* USE_KEYRR */ @@ -2943,12 +2965,10 @@ initiate_opportunistic_body(struct find_oppo_bundle *b /* note: {unshare|free}_id_content not needed for id: ephemeral */ cr->b.want = b->want = "target's TXT record"; cr->b.failure_ok = b->failure_ok = FALSE; - iptoid(&b->peer_client, &id); - ugh = start_adns_query(&id - , (const struct id *) NULL /* security gateway unconstrained */ - , T_TXT - , continue_oppo - , &cr->ac); + id = identification_create_from_sockaddr((sockaddr_t*)&b->peer_client); + ugh = start_adns_query(id, NULL, /* security gateway unconstrained */ + T_TXT, continue_oppo, &cr->ac); + id->destroy(id); break; default: @@ -2964,20 +2984,19 @@ initiate_opportunistic_body(struct find_oppo_bundle *b close_any(b->whackfd); } -void -terminate_connection(const char *nm) +void terminate_connection(const char *nm) { /* Loop because more than one may match (master and instances) * But at least one is required (enforced by con_by_name). */ - struct connection *c = con_by_name(nm, TRUE); + connection_t *c = con_by_name(nm, TRUE); if (c == NULL || !c->ikev1) return; do { - struct connection *n = c->ac_next; /* grab this before c might disappear */ + connection_t *n = c->ac_next; /* grab this before c might disappear */ if (streq(c->name, nm) && c->kind >= CK_PERMANENT @@ -2993,7 +3012,7 @@ terminate_connection(const char *nm) reset_cur_connection(); } c = n; - } while (c != NULL); + } while (c); } /* an ISAKMP SA has been established. @@ -3002,8 +3021,7 @@ terminate_connection(const char *nm) */ bool uniqueIDs = FALSE; /* --uniqueids? */ -void -ISAKMP_SA_established(struct connection *c, so_serial_t serial) +void ISAKMP_SA_established(connection_t *c, so_serial_t serial) { c->newest_isakmp_sa = serial; @@ -3011,23 +3029,25 @@ ISAKMP_SA_established(struct connection *c, so_serial_t serial) * whether we are a mode config server with a virtual IP to send. */ if (!isanyaddr(&c->spd.that.host_srcip) && !c->spd.that.has_natip) + { c->spd.that.modecfg = TRUE; - + } + if (uniqueIDs) { /* for all connections: if the same Phase 1 IDs are used * for a different IP address, unorient that connection. */ - struct connection *d; + connection_t *d; for (d = connections; d != NULL; ) { - struct connection *next = d->ac_next; /* might move underneath us */ + connection_t *next = d->ac_next; /* might move underneath us */ - if (d->kind >= CK_PERMANENT - && same_id(&c->spd.this.id, &d->spd.this.id) - && same_id(&c->spd.that.id, &d->spd.that.id) - && !sameaddr(&c->spd.that.host_addr, &d->spd.that.host_addr)) + if (d->kind >= CK_PERMANENT && + c->spd.this.id->equals(c->spd.this.id, d->spd.this.id) && + c->spd.that.id->equals(c->spd.that.id, d->spd.that.id) && + !sameaddr(&c->spd.that.host_addr, &d->spd.that.host_addr)) { release_connection(d, FALSE); } @@ -3047,13 +3067,10 @@ ISAKMP_SA_established(struct connection *c, so_serial_t serial) * The return value is used to find other connections sharing a route. * *erop is used to find other connections sharing an eroute. */ -struct connection * -route_owner(struct connection *c - , struct spd_route **srp - , struct connection **erop - , struct spd_route **esrp) +connection_t *route_owner(connection_t *c, struct spd_route **srp, + connection_t **erop, struct spd_route **esrp) { - struct connection *d + connection_t *d , *best_ro = c , *best_ero = c; struct spd_route *srd, *src; @@ -3076,11 +3093,17 @@ route_owner(struct connection *c for (src = &c->spd; src; src=src->next) { if (!samesubnet(&src->that.client, &srd->that.client)) + { continue; + } if (src->that.protocol != srd->that.protocol) + { continue; + } if (src->that.port != srd->that.port) + { continue; + } passert(oriented(*d)); if (srd->routing > best_routing) { @@ -3090,11 +3113,17 @@ route_owner(struct connection *c } if (!samesubnet(&src->this.client, &srd->this.client)) + { continue; + } if (src->this.protocol != srd->this.protocol) + { continue; + } if (src->this.port != srd->this.port) + { continue; + } if (srd->routing > best_erouting) { best_ero = d; @@ -3123,7 +3152,7 @@ route_owner(struct connection *c , (fmt_conn_instance(best_ro, cib), cib) , enum_name(&routing_story, best_ro->spd.routing)); - if (erop != NULL) + if (erop) { m = builddiag("%s; eroute owner:", m); if (!erouted(best_ero->spd.routing)) @@ -3140,14 +3169,17 @@ route_owner(struct connection *c DBG_log("%s", m); }); - if (erop != NULL) + if (erop) + { *erop = erouted(best_erouting)? best_ero : NULL; - - if (srp != NULL ) + } + if (srp) { *srp = best_sr; - if (esrp != NULL ) + if (esrp) + { *esrp = best_esr; + } } return routed(best_routing)? best_ro : NULL; @@ -3157,10 +3189,9 @@ route_owner(struct connection *c * There ought to be only one. * This might get to be a bottleneck -- try hashing if it does. */ -struct connection * -shunt_owner(const ip_subnet *ours, const ip_subnet *his) +connection_t *shunt_owner(const ip_subnet *ours, const ip_subnet *his) { - struct connection *c; + connection_t *c; struct spd_route *sr; for (c = connections; c != NULL; c = c->ac_next) @@ -3180,11 +3211,11 @@ shunt_owner(const ip_subnet *ours, const ip_subnet *his) * We don't know enough to chose amongst those available. * ??? no longer usefully different from find_host_pair_connections */ -struct connection * -find_host_connection(const ip_address *me, u_int16_t my_port -, const ip_address *him, u_int16_t his_port, lset_t policy) +connection_t *find_host_connection(const ip_address *me, u_int16_t my_port, + const ip_address *him, u_int16_t his_port, + lset_t policy) { - struct connection *c = find_host_pair_connections(me, my_port, him, his_port); + connection_t *c = find_host_pair_connections(me, my_port, him, his_port); if (policy != LEMPTY) { @@ -3193,7 +3224,7 @@ find_host_connection(const ip_address *me, u_int16_t my_port /* if we have requirements for the policy, * choose the first matching connection. */ - while (c != NULL) + while (c) { if (c->policy & auth_requested) { @@ -3266,25 +3297,25 @@ find_host_connection(const ip_address *me, u_int16_t my_port */ #define PRIO_NO_MATCH_FOUND 2048 -struct connection * -refine_host_connection(const struct state *st, const struct id *peer_id -, chunk_t peer_ca) +connection_t *refine_host_connection(const struct state *st, + identification_t *peer_id, + identification_t *peer_ca) { - struct connection *c = st->st_connection; - struct connection *d; - struct connection *best_found = NULL; + connection_t *c = st->st_connection; + connection_t *d; + connection_t *best_found = NULL; u_int16_t auth = st->st_oakley.auth; lset_t auth_policy = POLICY_PSK; const chunk_t *psk = NULL; bool wcpip; /* wildcard Peer IP? */ int best_prio = PRIO_NO_MATCH_FOUND; - int wildcards, our_pathlen, peer_pathlen; + int our_pathlen, peer_pathlen; - if (same_id(&c->spd.that.id, peer_id) - && trusted_ca(peer_ca, c->spd.that.ca, &peer_pathlen) - && peer_pathlen == 0 - && match_requested_ca(c->requested_ca, c->spd.this.ca, &our_pathlen) - && our_pathlen == 0) + if (c->spd.that.id->equals(c->spd.that.id, peer_id) && + trusted_ca(peer_ca, c->spd.that.ca, &peer_pathlen) && + peer_pathlen == 0 && + match_requested_ca(c->requested_ca, c->spd.this.ca, &our_pathlen) && + our_pathlen == 0) { DBG(DBG_CONTROL, DBG_log("current connection is a full match" @@ -3345,8 +3376,10 @@ refine_host_connection(const struct state *st, const struct id *peer_id { const char *match_name[] = {"no", "ok"}; - bool matching_id = match_id(peer_id - , &d->spd.that.id, &wildcards); + id_match_t match_level = peer_id->matches(peer_id, d->spd.that.id); + + bool matching_id = match_level > ID_MATCH_NONE; + bool matching_auth = (d->policy & auth_policy) != LEMPTY; bool matching_trust = trusted_ca(peer_ca @@ -3355,10 +3388,11 @@ refine_host_connection(const struct state *st, const struct id *peer_id , d->spd.this.ca, &our_pathlen); bool match = matching_id && matching_auth && matching_trust; - int prio = (MAX_WILDCARDS + 1) * !matching_request + wildcards; + int prio = (ID_MATCH_PERFECT) * !matching_request + + ID_MATCH_PERFECT - match_level; - prio = (MAX_CA_PATH_LEN + 1) * prio + peer_pathlen; - prio = (MAX_CA_PATH_LEN + 1) * prio + our_pathlen; + prio = (X509_MAX_PATH_LEN + 1) * prio + peer_pathlen; + prio = (X509_MAX_PATH_LEN + 1) * prio + our_pathlen; DBG(DBG_CONTROLMORE, DBG_log("%s: %s match (id: %s, auth: %s, trust: %s, request: %s, prio: %4d)" @@ -3373,11 +3407,15 @@ refine_host_connection(const struct state *st, const struct id *peer_id /* do we have a match? */ if (!match) + { continue; + } /* ignore group connections */ if (d->policy & POLICY_GROUP) + { continue; + } if (c->spd.that.host_port != d->spd.that.host_port && d->kind == CK_INSTANCE) @@ -3395,12 +3433,17 @@ refine_host_connection(const struct state *st, const struct id *peer_id const chunk_t *dpsk = get_preshared_secret(d); if (dpsk == NULL) + { continue; /* no secret */ - + } if (psk != dpsk) + { if (psk->len != dpsk->len || memcmp(psk->ptr, dpsk->ptr, psk->len) != 0) + { continue; /* different secret */ + } + } } break; @@ -3415,7 +3458,9 @@ refine_host_connection(const struct state *st, const struct id *peer_id .*/ if (d->spd.this.sc == NULL /* no smartcard */ && get_private_key(d) == NULL) /* no private key */ + { continue; + } break; default: @@ -3456,10 +3501,10 @@ refine_host_connection(const struct state *st, const struct id *peer_id * With virtual addressing, we must not allow someone to use an already * used (by another id) addr/net. */ -static bool -is_virtual_net_used(const ip_subnet *peer_net, const struct id *peer_id) +static bool is_virtual_net_used(const ip_subnet *peer_net, + identification_t *peer_id) { - struct connection *d; + connection_t *d; for (d = connections; d != NULL; d = d->ac_next) { @@ -3469,16 +3514,15 @@ is_virtual_net_used(const ip_subnet *peer_net, const struct id *peer_id) case CK_INSTANCE: if ((subnetinsubnet(peer_net,&d->spd.that.client) || subnetinsubnet(&d->spd.that.client,peer_net)) - && !same_id(&d->spd.that.id, peer_id)) + && !d->spd.that.id->equals(d->spd.that.id, peer_id)) { - char buf[BUF_LEN]; char client[SUBNETTOT_BUF]; subnettot(peer_net, 0, client, sizeof(client)); - idtoa(&d->spd.that.id, buf, sizeof(buf)); - plog("Virtual IP %s is already used by '%s'", client, buf); - idtoa(peer_id, buf, sizeof(buf)); - plog("Your ID is '%s'", buf); + plog("Virtual IP %s is already used by '%Y'", + client, d->spd.that.id); + plog("Your ID is '%Y'", peer_id); + return TRUE; /* already used by another one */ } break; @@ -3516,27 +3560,27 @@ is_virtual_net_used(const ip_subnet *peer_net, const struct id *peer_id) */ #define PATH_WEIGHT 1 -#define WILD_WEIGHT (MAX_CA_PATH_LEN+1) -#define PRIO_WEIGHT (MAX_WILDCARDS+1)*WILD_WEIGHT +#define WILD_WEIGHT (X509_MAX_PATH_LEN+1) +#define PRIO_WEIGHT (ID_MATCH_PERFECT+1) * WILD_WEIGHT /* fc_try: a helper function for find_client_connection */ -static struct connection * -fc_try(const struct connection *c -, struct host_pair *hp -, const struct id *peer_id -, const ip_subnet *our_net -, const ip_subnet *peer_net -, const u_int8_t our_protocol -, const u_int16_t our_port -, const u_int8_t peer_protocol -, const u_int16_t peer_port -, chunk_t peer_ca -, const ietfAttrList_t *peer_list) +static connection_t *fc_try(const connection_t *c, struct host_pair *hp, + identification_t *peer_id, + const ip_subnet *our_net, + const ip_subnet *peer_net, + const u_int8_t our_protocol, + const u_int16_t our_port, + const u_int8_t peer_protocol, + const u_int16_t peer_port, + identification_t *peer_ca, + ietf_attributes_t *peer_attributes) { - struct connection *d; - struct connection *best = NULL; + connection_t *d; + connection_t *best = NULL; policy_prio_t best_prio = BOTTOM_PRIO; - int wildcards, pathlen; + id_match_t match_level; + int pathlen; + const bool peer_net_is_host = subnetisaddr(peer_net, &c->spd.that.host_addr); @@ -3545,20 +3589,28 @@ fc_try(const struct connection *c struct spd_route *sr; if (d->policy & POLICY_GROUP) + { continue; + } - if (!(same_id(&c->spd.this.id, &d->spd.this.id) - && match_id(&c->spd.that.id, &d->spd.that.id, &wildcards) - && trusted_ca(peer_ca, d->spd.that.ca, &pathlen) - && group_membership(peer_list, d->name, d->spd.that.groups))) + match_level = c->spd.that.id->matches(c->spd.that.id, d->spd.that.id); + + if (!(c->spd.this.id->equals(c->spd.this.id, d->spd.this.id) && + (match_level > ID_MATCH_NONE) && + trusted_ca(peer_ca, d->spd.that.ca, &pathlen) && + match_group_membership(peer_attributes, d->name, d->spd.that.groups))) + { continue; + } /* compare protocol and ports */ if (d->spd.this.protocol != our_protocol || d->spd.this.port != our_port || d->spd.that.protocol != peer_protocol || (d->spd.that.port != peer_port && !d->spd.that.has_port_wildcard)) + { continue; + } /* non-Opportunistic case: * our_client must match. @@ -3595,29 +3647,38 @@ fc_try(const struct connection *c #endif /* DEBUG */ if (!samesubnet(&sr->this.client, our_net)) + { continue; - + } if (sr->that.has_client) { if (sr->that.has_client_wildcard) { if (!subnetinsubnet(peer_net, &sr->that.client)) + { continue; + } } else { if (!samesubnet(&sr->that.client, peer_net) && !is_virtual_connection(d)) + { continue; + } if (is_virtual_connection(d) && (!is_virtual_net_allowed(d, peer_net, &c->spd.that.host_addr) - || is_virtual_net_used(peer_net, peer_id?peer_id:&c->spd.that.id))) - continue; + || is_virtual_net_used(peer_net, peer_id?peer_id:c->spd.that.id))) + { + continue; + } } } else { if (!peer_net_is_host) + { continue; + } } /* We've run the gauntlet -- success: @@ -3629,8 +3690,8 @@ fc_try(const struct connection *c * - given that, the shortest CA pathlength is preferred */ prio = PRIO_WEIGHT * routed(sr->routing) - + WILD_WEIGHT * (MAX_WILDCARDS - wildcards) - + PATH_WEIGHT * (MAX_CA_PATH_LEN - pathlen) + + WILD_WEIGHT * match_level + + PATH_WEIGHT * (X509_MAX_PATH_LEN - pathlen) + 1; if (prio > best_prio) { @@ -3640,9 +3701,10 @@ fc_try(const struct connection *c } } - if (best != NULL && NEVER_NEGOTIATE(best->policy)) + if (best && NEVER_NEGOTIATE(best->policy)) + { best = NULL; - + } DBG(DBG_CONTROLMORE, DBG_log(" fc_try concluding with %s [%ld]" , (best ? best->name : "none"), best_prio) @@ -3650,22 +3712,22 @@ fc_try(const struct connection *c return best; } -static struct connection * -fc_try_oppo(const struct connection *c -, struct host_pair *hp -, const ip_subnet *our_net -, const ip_subnet *peer_net -, const u_int8_t our_protocol -, const u_int16_t our_port -, const u_int8_t peer_protocol -, const u_int16_t peer_port -, chunk_t peer_ca -, const ietfAttrList_t *peer_list) +static connection_t *fc_try_oppo(const connection_t *c, + struct host_pair *hp, + const ip_subnet *our_net, + const ip_subnet *peer_net, + const u_int8_t our_protocol, + const u_int16_t our_port, + const u_int8_t peer_protocol, + const u_int16_t peer_port, + identification_t *peer_ca, + ietf_attributes_t *peer_attributes) { - struct connection *d; - struct connection *best = NULL; + connection_t *d; + connection_t *best = NULL; policy_prio_t best_prio = BOTTOM_PRIO; - int wildcards, pathlen; + id_match_t match_level; + int pathlen; for (d = hp->connections; d != NULL; d = d->hp_next) { @@ -3673,20 +3735,27 @@ fc_try_oppo(const struct connection *c policy_prio_t prio; if (d->policy & POLICY_GROUP) + { continue; + } + match_level = c->spd.that.id->matches(c->spd.that.id, c->spd.that.id); - if (!(same_id(&c->spd.this.id, &d->spd.this.id) - && match_id(&c->spd.that.id, &d->spd.that.id, &wildcards) - && trusted_ca(peer_ca, d->spd.that.ca, &pathlen) - && group_membership(peer_list, d->name, d->spd.that.groups))) + if (!(c->spd.this.id->equals(c->spd.this.id, d->spd.this.id) && + (match_level > ID_MATCH_NONE) && + trusted_ca(peer_ca, d->spd.that.ca, &pathlen) && + match_group_membership(peer_attributes, d->name, d->spd.that.groups))) + { continue; + } /* compare protocol and ports */ if (d->spd.this.protocol != our_protocol || d->spd.this.port != our_port || d->spd.that.protocol != peer_protocol || (d->spd.that.port != peer_port && !d->spd.that.has_port_wildcard)) + { continue; + } /* Opportunistic case: * our_net must be inside d->spd.this.client @@ -3714,7 +3783,9 @@ fc_try_oppo(const struct connection *c if (!subnetinsubnet(our_net, &sr->this.client) || !subnetinsubnet(peer_net, &sr->that.client)) + { continue; + } /* The connection is feasible, but we continue looking for the best. * The highest priority wins, implementing eroute-like rule. @@ -3725,8 +3796,8 @@ fc_try_oppo(const struct connection *c * - given that, the shortest CA pathlength is preferred */ prio = PRIO_WEIGHT * (d->prio + routed(sr->routing)) - + WILD_WEIGHT * (MAX_WILDCARDS - wildcards) - + PATH_WEIGHT * (MAX_CA_PATH_LEN - pathlen); + + WILD_WEIGHT * match_level + + PATH_WEIGHT * (X509_MAX_PATH_LEN - pathlen); if (prio > best_prio) { best = d; @@ -3736,9 +3807,8 @@ fc_try_oppo(const struct connection *c } /* if the best wasn't opportunistic, we fail: it must be a shunt */ - if (best != NULL - && (NEVER_NEGOTIATE(best->policy) - || (best->policy & POLICY_OPPO) == LEMPTY)) + if (best && (NEVER_NEGOTIATE(best->policy) || + (best->policy & POLICY_OPPO) == LEMPTY)) { best = NULL; } @@ -3754,44 +3824,52 @@ fc_try_oppo(const struct connection *c /* * get the peer's CA and group attributes */ -chunk_t -get_peer_ca_and_groups(struct connection *c, const ietfAttrList_t **peer_list) +void get_peer_ca_and_groups(connection_t *c, + identification_t **peer_ca, + ietf_attributes_t **peer_attributes) { - struct state *p1st = find_phase1_state(c, ISAKMP_SA_ESTABLISHED_STATES); + struct state *p1st; - *peer_list = NULL; + *peer_ca = NULL; + *peer_attributes = NULL; - if (p1st != NULL - && p1st->st_peer_pubkey != NULL - && p1st->st_peer_pubkey->issuer.ptr != NULL) + p1st = find_phase1_state(c, ISAKMP_SA_ESTABLISHED_STATES); + if (p1st && p1st->st_peer_pubkey && p1st->st_peer_pubkey->issuer) { - x509acert_t *ac = get_x509acert(p1st->st_peer_pubkey->issuer - , p1st->st_peer_pubkey->serial);; + certificate_t *cert; - if (ac != NULL && verify_x509acert(ac, strict_crl_policy)) - *peer_list = ac->groups; + cert = ac_get_cert(p1st->st_peer_pubkey->issuer, + p1st->st_peer_pubkey->serial); + if (cert && ac_verify_cert(cert, strict_crl_policy)) + { + ac_t *ac = (ac_t*)cert; + + *peer_attributes = ac->get_groups(ac); + } else { DBG(DBG_CONTROL, DBG_log("no valid attribute cert found") ) } - return p1st->st_peer_pubkey->issuer; + *peer_ca = p1st->st_peer_pubkey->issuer; } - return chunk_empty; } -struct connection * -find_client_connection(struct connection *c -, const ip_subnet *our_net, const ip_subnet *peer_net -, const u_int8_t our_protocol, const u_int16_t our_port -, const u_int8_t peer_protocol, const u_int16_t peer_port) +connection_t *find_client_connection(connection_t *c, + const ip_subnet *our_net, + const ip_subnet *peer_net, + const u_int8_t our_protocol, + const u_int16_t our_port, + const u_int8_t peer_protocol, + const u_int16_t peer_port) { - struct connection *d; + connection_t *d; struct spd_route *sr; + ietf_attributes_t *peer_attributes = NULL; + identification_t *peer_ca; - const ietfAttrList_t *peer_list = NULL; - chunk_t peer_ca = get_peer_ca_and_groups(c, &peer_list); + get_peer_ca_and_groups(c, &peer_ca, &peer_attributes); #ifdef DEBUG if (DBGP(DBG_CONTROLMORE)) @@ -3813,7 +3891,7 @@ find_client_connection(struct connection *c * but even greater priority to a routed concrete connection */ { - struct connection *unrouted = NULL; + connection_t *unrouted = NULL; int srnum = -1; for (sr = &c->spd; unrouted == NULL && sr != NULL; sr = sr->next) @@ -3838,12 +3916,14 @@ find_client_connection(struct connection *c && sr->this.port == our_port && sr->that.protocol == peer_protocol && sr->that.port == peer_port - && group_membership(peer_list, c->name, sr->that.groups)) + && match_group_membership(peer_attributes, c->name, sr->that.groups)) { passert(oriented(*c)); if (routed(sr->routing)) + { + DESTROY_IF(peer_attributes); return c; - + } unrouted = c; } } @@ -3851,7 +3931,7 @@ find_client_connection(struct connection *c /* exact match? */ d = fc_try(c, c->host_pair, NULL, our_net, peer_net , our_protocol, our_port, peer_protocol, peer_port - , peer_ca, peer_list); + , peer_ca, peer_attributes); DBG(DBG_CONTROLMORE, DBG_log(" fc_try %s gives %s" @@ -3860,7 +3940,9 @@ find_client_connection(struct connection *c ) if (d == NULL) + { d = unrouted; + } } if (d == NULL) @@ -3890,12 +3972,12 @@ find_client_connection(struct connection *c #endif /* DEBUG */ } - if (hp != NULL) + if (hp) { /* RW match with actual peer_id or abstract peer_id? */ d = fc_try(c, hp, NULL, our_net, peer_net , our_protocol, our_port, peer_protocol, peer_port - , peer_ca, peer_list); + , peer_ca, peer_attributes); if (d == NULL && subnetishost(our_net) @@ -3907,7 +3989,7 @@ find_client_connection(struct connection *c */ d = fc_try_oppo(c, hp, our_net, peer_net , our_protocol, our_port, peer_protocol, peer_port - , peer_ca, peer_list); + , peer_ca, peer_attributes); } } } @@ -3916,24 +3998,27 @@ find_client_connection(struct connection *c DBG_log(" concluding with d = %s" , (d ? d->name : "none")) ) + DESTROY_IF(peer_attributes); return d; } -int -connection_compare(const struct connection *ca -, const struct connection *cb) +int connection_compare(const connection_t *ca, const connection_t *cb) { int ret; /* DBG_log("comparing %s to %s", ca->name, cb->name); */ ret = strcasecmp(ca->name, cb->name); - if (ret != 0) + if (ret) + { return ret; + } ret = ca->kind - cb->kind; /* note: enum connection_kind behaves like int */ - if (ret != 0) + if (ret) + { return ret; + } /* same name, and same type */ switch (ca->kind) @@ -3950,19 +4035,17 @@ connection_compare(const struct connection *ca } } -static int -connection_compare_qsort(const void *a, const void *b) +static int connection_compare_qsort(const void *a, const void *b) { - return connection_compare(*(const struct connection *const *)a - , *(const struct connection *const *)b); + return connection_compare(*(const connection_t *const *)a + , *(const connection_t *const *)b); } -void -show_connections_status(bool all, const char *name) +void show_connections_status(bool all, const char *name) { - struct connection *c; + connection_t *c; int count, i; - struct connection **array; + connection_t **array; /* make an array of connections, and sort it */ count = 0; @@ -3971,7 +4054,7 @@ show_connections_status(bool all, const char *name) if (c->ikev1 && (name == NULL || streq(c->name, name))) count++; } - array = malloc(sizeof(struct connection *)*count); + array = malloc(sizeof(connection_t *)*count); count=0; for (c = connections; c != NULL; c = c->ac_next) @@ -3981,7 +4064,7 @@ show_connections_status(bool all, const char *name) } /* sort it! */ - qsort(array, count, sizeof(struct connection *), connection_compare_qsort); + qsort(array, count, sizeof(connection_t *), connection_compare_qsort); for (i = 0; i < count; i++) { @@ -3999,11 +4082,11 @@ show_connections_status(bool all, const char *name) /* show topology */ { - char topo[CONNECTION_BUF]; + char topo[BUF_LEN]; struct spd_route *sr = &c->spd; int num=0; - while (sr != NULL) + while (sr) { (void) format_connection(topo, sizeof(topo), c, sr); whack_log(RC_COMMENT, "\"%s\"%s: %s; %s; eroute owner: #%lu" @@ -4018,32 +4101,30 @@ show_connections_status(bool all, const char *name) if (all) { /* show CAs if defined */ - if (c->spd.this.ca.ptr != NULL || c->spd.that.ca.ptr != NULL) + if (c->spd.this.ca && c->spd.that.ca) { - char this_ca[BUF_LEN], that_ca[BUF_LEN]; - - dntoa_or_null(this_ca, BUF_LEN, c->spd.this.ca, "%any"); - dntoa_or_null(that_ca, BUF_LEN, c->spd.that.ca, "%any"); + whack_log(RC_COMMENT, "\"%s\"%s: CAs: \"%Y\"...\"%Y\"", + c->name, instance, c->spd.this.ca, c->spd.that.ca); + } + else if (c->spd.this.ca) + { + whack_log(RC_COMMENT, "\"%s\"%s: CAs: \"%Y\"...%%any", + c->name, instance, c->spd.this.ca); - whack_log(RC_COMMENT - , "\"%s\"%s: CAs: '%s'...'%s'" - , c->name - , instance - , this_ca - , that_ca); + } + else if (c->spd.that.ca) + { + whack_log(RC_COMMENT, "\"%s\"%s: CAs: %%any...\"%Y\"", + c->name, instance, c->spd.that.ca); } /* show group attributes if defined */ - if (c->spd.that.groups != NULL) + if (c->spd.that.groups) { - char buf[BUF_LEN]; - - format_groups(c->spd.that.groups, buf, BUF_LEN); - whack_log(RC_COMMENT - , "\"%s\"%s: groups: %s" + whack_log(RC_COMMENT, "\"%s\"%s: groups: %s" , c->name , instance - , buf); + , c->spd.that.groups->get_string(c->spd.that.groups)); } whack_log(RC_COMMENT @@ -4058,7 +4139,7 @@ show_connections_status(bool all, const char *name) , (unsigned long) c->sa_keying_tries); /* show DPD parameters if defined */ - + if (c->dpd_action != DPD_ACTION_NONE) whack_log(RC_COMMENT , "\"%s\"%s: dpd_action: %N;" @@ -4095,7 +4176,7 @@ show_connections_status(bool all, const char *name) , instance , c->newest_isakmp_sa , c->newest_ipsec_sa); - + if (all) { ike_alg_show_connection(c, instance); @@ -4116,7 +4197,7 @@ show_connections_status(bool all, const char *name) struct pending { int whack_sock; struct state *isakmp_sa; - struct connection *connection; + connection_t *connection; lset_t policy; unsigned long try; so_serial_t replacing; @@ -4125,18 +4206,13 @@ struct pending { }; /* queue a Quick Mode negotiation pending completion of a suitable Main Mode */ -void -add_pending(int whack_sock -, struct state *isakmp_sa -, struct connection *c -, lset_t policy -, unsigned long try -, so_serial_t replacing) +void add_pending(int whack_sock, struct state *isakmp_sa, connection_t *c, + lset_t policy, unsigned long try, so_serial_t replacing) { bool already_queued = FALSE; struct pending *p = c->host_pair->pending; - while (p != NULL) + while (p) { if (streq(c->name, p->connection->name)) { @@ -4169,8 +4245,7 @@ add_pending(int whack_sock * This is accomplished by closing all the whack socket file descriptors. * We go to a lot of trouble to tell each whack, but to not tell it twice. */ -void -release_pending_whacks(struct state *st, err_t story) +void release_pending_whacks(struct state *st, err_t story) { struct pending *p; struct stat stst; @@ -4202,20 +4277,20 @@ release_pending_whacks(struct state *st, err_t story) } } -static void -delete_pending(struct pending **pp) +static void delete_pending(struct pending **pp) { struct pending *p = *pp; *pp = p->next; - if (p->connection != NULL) + if (p->connection) + { connection_discard(p->connection); + } close_any(p->whack_sock); free(p); } -void -unpend(struct state *st) +void unpend(struct state *st) { struct pending **pp , *p; @@ -4241,8 +4316,7 @@ unpend(struct state *st) } /* a Main Mode negotiation has been replaced; update any pending */ -void -update_pending(struct state *os, struct state *ns) +void update_pending(struct state *os, struct state *ns) { struct pending *p; @@ -4259,12 +4333,11 @@ update_pending(struct state *os, struct state *ns) } /* a Main Mode negotiation has failed; discard any pending */ -void -flush_pending_by_state(struct state *st) +void flush_pending_by_state(struct state *st) { struct host_pair *hp = st->st_connection->host_pair; - if (hp != NULL) + if (hp) { struct pending **pp , *p; @@ -4280,10 +4353,9 @@ flush_pending_by_state(struct state *st) } /* a connection has been deleted; discard any related pending */ -static void -flush_pending_by_connection(struct connection *c) +static void flush_pending_by_connection(connection_t *c) { - if (c->host_pair != NULL) + if (c->host_pair) { struct pending **pp , *p; @@ -4303,8 +4375,7 @@ flush_pending_by_connection(struct connection *c) } } -void -show_pending_phase2(const struct host_pair *hp, const struct state *st) +void show_pending_phase2(const struct host_pair *hp, const struct state *st) { const struct pending *p; @@ -4329,8 +4400,7 @@ show_pending_phase2(const struct host_pair *hp, const struct state *st) * We must be careful to avoid circularity: * we don't touch it if it is CK_GOING_AWAY. */ -void -connection_discard(struct connection *c) +void connection_discard(connection_t *c) { if (c->kind == CK_INSTANCE) { @@ -4354,28 +4424,26 @@ connection_discard(struct connection *c) long eclipse_count = 0; -struct connection * -eclipsed(struct connection *c, struct spd_route **esrp) +connection_t *eclipsed(connection_t *c, struct spd_route **esrp) { - struct connection *ue; + connection_t *ue; struct spd_route *sr1 = &c->spd; ue = NULL; - while (sr1 != NULL && ue != NULL) + while (sr1 && ue) { for (ue = connections; ue != NULL; ue = ue->ac_next) { struct spd_route *srue = &ue->spd; - while (srue != NULL - && srue->routing == RT_ROUTED_ECLIPSED + while (srue && srue->routing == RT_ROUTED_ECLIPSED && !(samesubnet(&sr1->this.client, &srue->this.client) && samesubnet(&sr1->that.client, &srue->that.client))) { srue = srue->next; } - if (srue != NULL && srue->routing==RT_ROUTED_ECLIPSED) + if (srue && srue->routing == RT_ROUTED_ECLIPSED) { *esrp = srue; break; diff --git a/src/pluto/connections.h b/src/pluto/connections.h index 16cbbfd72..ee2e00da6 100644 --- a/src/pluto/connections.h +++ b/src/pluto/connections.h @@ -1,5 +1,6 @@ /* information about connections between hosts and clients * Copyright (C) 1998-2001 D. Hugh Redelmeier + * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -17,9 +18,11 @@ #include -#include "id.h" +#include +#include +#include + #include "certs.h" -#include "ac.h" #include "smartcard.h" #include "whack.h" @@ -127,7 +130,7 @@ extern void fmt_policy_prio(policy_prio_t pp, char buf[POLICY_PRIO_BUF]); struct virtual_t; struct end { - struct id id; + identification_t *id; ip_address host_addr, host_nexthop, @@ -144,13 +147,14 @@ struct end { u_int16_t host_port; /* host order */ u_int16_t port; /* host order */ u_int8_t protocol; - cert_t cert; /* end certificate */ - chunk_t ca; /* CA distinguished name */ - struct ietfAttrList *groups;/* access control groups */ + cert_t *cert; /* end certificate */ + identification_t *ca; /* CA distinguished name */ + ietf_attributes_t *groups; /* access control groups */ smartcard_t *sc; /* smartcard reader and key info */ struct virtual_t *virt; bool modecfg; /* this end: request local address from server */ /* that end: give local addresses to clients */ + char *pool; /* name of an associated virtual IP address pool */ bool hostaccess; /* allow access to host via iptables INPUT/OUTPUT */ /* rules if client behind host is a subnet */ bool allow_any; /* IP address is subject to change */ @@ -166,6 +170,8 @@ struct spd_route { uint32_t reqid; }; +typedef struct connection connection_t; + struct connection { char *name; bool ikev1; @@ -182,10 +188,10 @@ struct connection { time_t dpd_timeout; dpd_action_t dpd_action; - char *log_file_name; /* name of log file */ - FILE *log_file; /* possibly open FILE */ + char *log_file_name; /* name of log file */ + FILE *log_file; /* possibly open FILE */ TAILQ_ENTRY(connection) log_link; /* linked list of open conns */ - bool log_file_err; /* only bitch once */ + bool log_file_err; /* only bitch once */ struct spd_route spd; @@ -210,119 +216,110 @@ struct connection { sa_family_t addr_family; /* between gateways */ sa_family_t tunnel_addr_family; /* between clients */ - struct connection *policy_next; /* if multiple policies, + connection_t *policy_next; /* if multiple policies, next one to apply */ - struct gw_info *gw_info; struct alg_info_esp *alg_info_esp; struct alg_info_ike *alg_info_ike; - struct host_pair *host_pair; - struct connection *hp_next; /* host pair list link */ - - struct connection *ac_next; /* all connections list link */ - - generalName_t *requested_ca; /* collected certificate requests */ + connection_t *hp_next; /* host pair list link */ + connection_t *ac_next; /* all connections list link */ + linked_list_t *requested_ca; /* collected certificate requests */ bool got_certrequest; }; #define oriented(c) ((c).interface != NULL) -extern bool orient(struct connection *c); +extern bool orient(connection_t *c); -extern bool same_peer_ids(const struct connection *c - , const struct connection *d, const struct id *his_id); +extern bool same_peer_ids(const connection_t *c, const connection_t *d, + identification_t *his_id); /* Format the topology of a connection end, leaving out defaults. * Largest left end looks like: client === host : port [ host_id ] --- hop * Note: if that==NULL, skip nexthop */ #define END_BUF (SUBNETTOT_BUF + ADDRTOT_BUF + IDTOA_BUF + ADDRTOT_BUF + 10) -extern size_t format_end(char *buf, size_t buf_len - , const struct end *this, const struct end *that - , bool is_left, lset_t policy); +extern size_t format_end(char *buf, size_t buf_len, const struct end *this, + const struct end *that, bool is_left, lset_t policy); extern void add_connection(const whack_message_t *wm); extern void initiate_connection(const char *name, int whackfd); -extern void initiate_opportunistic(const ip_address *our_client - , const ip_address *peer_client, int transport_proto, bool held, int whackfd); +extern void initiate_opportunistic(const ip_address *our_client, + const ip_address *peer_client, + int transport_proto, bool held, int whackfd); extern void terminate_connection(const char *nm); -extern void release_connection(struct connection *c, bool relations); -extern void delete_connection(struct connection *c, bool relations); +extern void release_connection(connection_t *c, bool relations); +extern void delete_connection(connection_t *c, bool relations); extern void delete_connections_by_name(const char *name, bool strict); extern void delete_every_connection(void); -extern char *add_group_instance(struct connection *group, const ip_subnet *target); -extern void remove_group_instance(const struct connection *group, const char *name); +extern char *add_group_instance(connection_t *group, const ip_subnet *target); +extern void remove_group_instance(const connection_t *group, const char *name); extern void release_dead_interfaces(void); extern void check_orientations(void); -extern struct connection *route_owner(struct connection *c - , struct spd_route **srp - , struct connection **erop - , struct spd_route **esrp); -extern struct connection *shunt_owner(const ip_subnet *ours - , const ip_subnet *his); +extern connection_t *route_owner(connection_t *c, struct spd_route **srp, + connection_t **erop, struct spd_route **esrp); +extern connection_t *shunt_owner(const ip_subnet *ours, const ip_subnet *his); extern bool uniqueIDs; /* --uniqueids? */ -extern void ISAKMP_SA_established(struct connection *c, so_serial_t serial); +extern void ISAKMP_SA_established(connection_t *c, so_serial_t serial); -#define his_id_was_instantiated(c) ((c)->kind == CK_INSTANCE \ - && (id_is_ipaddr(&(c)->spd.that.id)? \ - sameaddr(&(c)->spd.that.id.ip_addr, &(c)->spd.that.host_addr) : TRUE)) +#define id_is_ipaddr(id) ((id)->get_type(id) == ID_IPV4_ADDR || \ + (id)->get_type(id) == ID_IPV6_ADDR) +extern bool his_id_was_instantiated(const connection_t *c); struct state; /* forward declaration of tag (defined in state.h) */ -extern struct connection - *con_by_name(const char *nm, bool strict), - *find_host_connection(const ip_address *me, u_int16_t my_port - , const ip_address *him, u_int16_t his_port, lset_t policy), - *refine_host_connection(const struct state *st, const struct id *id - , chunk_t peer_ca), - *find_client_connection(struct connection *c - , const ip_subnet *our_net - , const ip_subnet *peer_net - , const u_int8_t our_protocol - , const u_int16_t out_port - , const u_int8_t peer_protocol - , const u_int16_t peer_port), - *find_connection_by_reqid(uint32_t reqid); - -extern struct connection * -find_connection_for_clients(struct spd_route **srp - , const ip_address *our_client - , const ip_address *peer_client - , int transport_proto); - -extern chunk_t get_peer_ca_and_groups(struct connection *c - , const ietfAttrList_t **peer_list); - + +extern connection_t* con_by_name(const char *nm, bool strict); +extern connection_t* find_host_connection(const ip_address *me, + u_int16_t my_port, + const ip_address *him, + u_int16_t his_port, lset_t policy); +extern connection_t* refine_host_connection(const struct state *st, + identification_t *id, + identification_t *peer_ca); +extern connection_t* find_client_connection(connection_t *c, + const ip_subnet *our_net, + const ip_subnet *peer_net, + const u_int8_t our_protocol, + const u_int16_t out_port, + const u_int8_t peer_protocol, + const u_int16_t peer_port); +extern connection_t* find_connection_by_reqid(uint32_t reqid); +extern connection_t* find_connection_for_clients(struct spd_route **srp, + const ip_address *our_client, + const ip_address *peer_client, + int transport_proto); +extern void get_peer_ca_and_groups(connection_t *c, + identification_t **peer_ca, + ietf_attributes_t **peer_attributes); + /* instantiating routines * Note: connection_discard() is in state.h because all its work * is looking through state objects. */ struct gw_info; /* forward declaration of tag (defined in dnskey.h) */ struct alg_info; /* forward declaration of tag (defined in alg_info.h) */ -extern struct connection *rw_instantiate(struct connection *c - , const ip_address *him - , u_int16_t his_port - , const ip_subnet *his_net - , const struct id *his_id); - -extern struct connection *oppo_instantiate(struct connection *c - , const ip_address *him - , const struct id *his_id - , struct gw_info *gw - , const ip_address *our_client - , const ip_address *peer_client); - -extern struct connection - *build_outgoing_opportunistic_connection(struct gw_info *gw - , const ip_address *our_client - , const ip_address *peer_client); - -/* worst case: "[" serial "] " myclient "=== ..." peer "===" hisclient '\0' */ -#define CONN_INST_BUF \ - (2 + 10 + 1 + SUBNETTOT_BUF + 7 + ADDRTOT_BUF + 3 + SUBNETTOT_BUF + 1) - -extern void fmt_conn_instance(const struct connection *c - , char buf[CONN_INST_BUF]); +extern connection_t *rw_instantiate(connection_t *c, + const ip_address *him, + u_int16_t his_port, + const ip_subnet *his_net, + identification_t *his_id); + +extern connection_t *oppo_instantiate(connection_t *c, + const ip_address *him, + identification_t *his_id, + struct gw_info *gw, + const ip_address *our_client, + const ip_address *peer_client); + +extern connection_t + *build_outgoing_opportunistic_connection(struct gw_info *gw, + const ip_address *our_client, + const ip_address *peer_client); + +#define CONN_INST_BUF BUF_LEN + +extern void fmt_conn_instance(const connection_t *c, char buf[CONN_INST_BUF]); /* operations on "pending", the structure representing Quick Mode * negotiations delayed until a Keying Channel has been negotiated. @@ -330,12 +327,9 @@ extern void fmt_conn_instance(const struct connection *c struct pending; /* forward declaration (opaque outside connections.c) */ -extern void add_pending(int whack_sock - , struct state *isakmp_sa - , struct connection *c - , lset_t policy - , unsigned long try - , so_serial_t replacing); +extern void add_pending(int whack_sock, struct state *isakmp_sa, + connection_t *c, lset_t policy, unsigned long try, + so_serial_t replacing); extern void release_pending_whacks(struct state *st, err_t story); extern void unpend(struct state *st); @@ -343,7 +337,7 @@ extern void update_pending(struct state *os, struct state *ns); extern void flush_pending_by_state(struct state *st); extern void show_pending_phase2(const struct host_pair *hp, const struct state *st); -extern void connection_discard(struct connection *c); +extern void connection_discard(connection_t *c); /* A template connection's eroute can be eclipsed by * either a %hold or an eroute for an instance iff @@ -351,15 +345,15 @@ extern void connection_discard(struct connection *c); */ #define eclipsable(sr) (subnetishost(&(sr)->this.client) && subnetishost(&(sr)->that.client)) extern long eclipse_count; -extern struct connection *eclipsed(struct connection *c, struct spd_route **); +extern connection_t *eclipsed(connection_t *c, struct spd_route **); /* print connection status */ extern void show_connections_status(bool all, const char *name); -extern int connection_compare(const struct connection *ca - , const struct connection *cb); -extern void update_host_pair(const char *why, struct connection *c +extern int connection_compare(const connection_t *ca + , const connection_t *cb); +extern void update_host_pair(const char *why, connection_t *c , const ip_address *myaddr, u_int16_t myport , const ip_address *hisaddr, u_int16_t hisport); diff --git a/src/pluto/constants.c b/src/pluto/constants.c index e46728d84..6f991fd69 100644 --- a/src/pluto/constants.c +++ b/src/pluto/constants.c @@ -25,6 +25,8 @@ #include +#include + #include "constants.h" #include "defs.h" #include "log.h" @@ -61,20 +63,6 @@ enum_names version_names = ISAKMP_MAJOR_VERSION< + #include #include #include @@ -135,19 +137,23 @@ extern const char sparse_end[]; * and in http://www.iana.org/assignments/isakmp-registry */ enum ipsec_authentication_algo { - AH_NONE = 0, - AH_MD5 = 2, - AH_SHA = 3, - AH_DES = 4, - AH_SHA2_256 = 5, - AH_SHA2_384 = 6, - AH_SHA2_512 = 7, - AH_RIPEMD = 8, - AH_AES_XCBC_MAC = 9, - AH_RSA = 10 + AH_NONE = 0, + AH_MD5 = 2, + AH_SHA = 3, + AH_DES = 4, + AH_SHA2_256 = 5, + AH_SHA2_384 = 6, + AH_SHA2_512 = 7, + AH_RIPEMD = 8, + AH_AES_XCBC_MAC = 9, + AH_RSA = 10, + AH_AES_128_GMAC = 11, + AH_AES_192_GMAC = 12, + AH_AES_256_GMAC = 13, + AH_SHA2_256_96 = 252 }; -extern enum_names ah_transformid_names; +extern enum_names ah_transform_names; /* IPsec ESP transform values * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4 @@ -155,45 +161,45 @@ extern enum_names ah_transformid_names; */ enum ipsec_cipher_algo { - ESP_NONE = 0, - ESP_DES_IV64 = 1, - ESP_DES = 2, - ESP_3DES = 3, - ESP_RC5 = 4, - ESP_IDEA = 5, - ESP_CAST = 6, - ESP_BLOWFISH = 7, - ESP_3IDEA = 8, - ESP_DES_IV32 = 9, - ESP_RC4 = 10, - ESP_NULL = 11, - ESP_AES = 12, - ESP_AES_CTR = 13, - ESP_AES_CCM_8 = 14, - ESP_AES_CCM_12 = 15, - ESP_AES_CCM_16 = 16, - ESP_UNASSIGNED_17 = 17, - ESP_AES_GCM_8 = 18, - ESP_AES_GCM_12 = 19, - ESP_AES_GCM_16 = 20, - ESP_SEED_CBC = 21, - ESP_CAMELLIA = 22, - ESP_SERPENT = 252, - ESP_TWOFISH = 253 + ESP_NONE = 0, + ESP_DES_IV64 = 1, + ESP_DES = 2, + ESP_3DES = 3, + ESP_RC5 = 4, + ESP_IDEA = 5, + ESP_CAST = 6, + ESP_BLOWFISH = 7, + ESP_3IDEA = 8, + ESP_DES_IV32 = 9, + ESP_RC4 = 10, + ESP_NULL = 11, + ESP_AES = 12, + ESP_AES_CTR = 13, + ESP_AES_CCM_8 = 14, + ESP_AES_CCM_12 = 15, + ESP_AES_CCM_16 = 16, + ESP_UNASSIGNED_17 = 17, + ESP_AES_GCM_8 = 18, + ESP_AES_GCM_12 = 19, + ESP_AES_GCM_16 = 20, + ESP_SEED_CBC = 21, + ESP_CAMELLIA = 22, + ESP_SERPENT = 252, + ESP_TWOFISH = 253 }; -extern enum_names esp_transformid_names; +extern enum_names esp_transform_names; /* IPCOMP transform values * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5 */ enum ipsec_comp_algo { - IPSCOMP_NONE = 0, - IPCOMP_OUI = 1, - IPCOMP_DEFLATE = 2, - IPCOMP_LZS = 3, - IPCOMP_LZJH = 4 + IPSCOMP_NONE = 0, + IPCOMP_OUI = 1, + IPCOMP_DEFLATE = 2, + IPCOMP_LZS = 3, + IPCOMP_LZJH = 4 }; extern enum_names ipcomp_transformid_names; @@ -202,18 +208,18 @@ extern enum_names ipcomp_transformid_names; * RFC 2408 ISAKMP, chapter 3.9 */ enum ipsec_cert_type { - CERT_NONE= 0, - CERT_PKCS7_WRAPPED_X509= 1, - CERT_PGP= 2, - CERT_DNS_SIGNED_KEY= 3, - CERT_X509_SIGNATURE= 4, - CERT_X509_KEY_EXCHANGE= 5, - CERT_KERBEROS_TOKENS= 6, - CERT_CRL= 7, - CERT_ARL= 8, - CERT_SPKI= 9, - CERT_X509_ATTRIBUTE= 10, - CERT_RAW_RSA_KEY= 11 + CERT_NONE= 0, + CERT_PKCS7_WRAPPED_X509= 1, + CERT_PGP= 2, + CERT_DNS_SIGNED_KEY= 3, + CERT_X509_SIGNATURE= 4, + CERT_X509_KEY_EXCHANGE= 5, + CERT_KERBEROS_TOKENS= 6, + CERT_CRL= 7, + CERT_ARL= 8, + CERT_SPKI= 9, + CERT_X509_ATTRIBUTE= 10, + CERT_RAW_RSA_KEY= 11 }; /* RFC 2560 OCSP - certificate status */ @@ -225,21 +231,6 @@ typedef enum { CERT_UNDEFINED = 3 } cert_status_t; -/* RFC 2459 CRL reason codes */ - -extern enum_name_t *crl_reason_names; - -typedef enum { - REASON_UNSPECIFIED = 0, - REASON_KEY_COMPROMISE = 1, - REASON_CA_COMPROMISE = 2, - REASON_AFFILIATION_CHANGED = 3, - REASON_SUPERSEDED = 4, - REASON_CESSATION_OF_OPERATON = 5, - REASON_CERTIFICATE_HOLD = 6, - REASON_REMOVE_FROM_CRL = 8 -} crl_reason_t; - /* RFC 3706 Dead Peer Detection */ extern enum_name_t *dpd_action_names; @@ -549,24 +540,6 @@ extern const char *const payload_name[]; extern enum_names attr_msg_type_names; -/* Mode Config attribute values */ -#define INTERNAL_IP4_ADDRESS 1 -#define INTERNAL_IP4_NETMASK 2 -#define INTERNAL_IP4_DNS 3 -#define INTERNAL_IP4_NBNS 4 -#define INTERNAL_ADDRESS_EXPIRY 5 -#define INTERNAL_IP4_DHCP 6 -#define APPLICATION_VERSION 7 -#define INTERNAL_IP6_ADDRESS 8 -#define INTERNAL_IP6_NETMASK 9 -#define INTERNAL_IP6_DNS 10 -#define INTERNAL_IP6_NBNS 11 -#define INTERNAL_IP6_DHCP 12 -#define INTERNAL_IP4_SUBNET 13 -#define SUPPORTED_ATTRIBUTES 14 -#define INTERNAL_IP6_SUBNET 15 - - extern enum_names modecfg_attr_names; /* XAUTH attribute values */ @@ -704,10 +677,10 @@ extern enum_name_t *cert_policy_names; typedef enum certpolicy { CERT_ALWAYS_SEND = 0, - CERT_SEND_IF_ASKED = 1, + CERT_SEND_IF_ASKED = 1, CERT_NEVER_SEND = 2, - CERT_YES_SEND = 3, /* synonym for CERT_ALWAYS_SEND */ + CERT_YES_SEND = 3, /* synonym for CERT_ALWAYS_SEND */ CERT_NO_SEND = 4 /* synonym for CERT_NEVER_SEND */ } certpolicy_t; @@ -883,18 +856,22 @@ extern enum_names enc_mode_names; extern enum_names auth_alg_names, extended_auth_alg_names; -#define AUTH_ALGORITHM_NONE 0 /* our private designation */ -#define AUTH_ALGORITHM_HMAC_MD5 1 -#define AUTH_ALGORITHM_HMAC_SHA1 2 -#define AUTH_ALGORITHM_DES_MAC 3 -#define AUTH_ALGORITHM_KPDK 4 -#define AUTH_ALGORITHM_HMAC_SHA2_256 5 -#define AUTH_ALGORITHM_HMAC_SHA2_384 6 -#define AUTH_ALGORITHM_HMAC_SHA2_512 7 -#define AUTH_ALGORITHM_HMAC_RIPEMD 8 -#define AUTH_ALGORITHM_AES_XCBC_MAC 9 -#define AUTH_ALGORITHM_SIG_RSA 10 -#define AUTH_ALGORITHM_NULL 251 +#define AUTH_ALGORITHM_NONE 0 /* our private designation */ +#define AUTH_ALGORITHM_HMAC_MD5 1 +#define AUTH_ALGORITHM_HMAC_SHA1 2 +#define AUTH_ALGORITHM_DES_MAC 3 +#define AUTH_ALGORITHM_KPDK 4 +#define AUTH_ALGORITHM_HMAC_SHA2_256 5 +#define AUTH_ALGORITHM_HMAC_SHA2_384 6 +#define AUTH_ALGORITHM_HMAC_SHA2_512 7 +#define AUTH_ALGORITHM_HMAC_RIPEMD 8 +#define AUTH_ALGORITHM_AES_XCBC_MAC 9 +#define AUTH_ALGORITHM_SIG_RSA 10 +#define AUTH_ALGORITHM_AES_128_GMAC 11 +#define AUTH_ALGORITHM_AES_192_GMAC 12 +#define AUTH_ALGORITHM_AES_256_GMAC 13 +#define AUTH_ALGORITHM_NULL 251 +#define AUTH_ALGORITHM_HMAC_SHA2_256_96 252 /* Oakley Lifetime Type attribute * draft-ietf-ipsec-ike-01.txt appendix A @@ -1026,52 +1003,55 @@ extern enum_names notification_names; extern enum_names ipsec_notification_names; typedef enum { - NOTHING_WRONG = 0, /* unofficial! */ - - INVALID_PAYLOAD_TYPE = 1, - DOI_NOT_SUPPORTED = 2, - SITUATION_NOT_SUPPORTED = 3, - INVALID_COOKIE = 4, - INVALID_MAJOR_VERSION = 5, - INVALID_MINOR_VERSION = 6, - INVALID_EXCHANGE_TYPE = 7, - INVALID_FLAGS = 8, - INVALID_MESSAGE_ID = 9, - INVALID_PROTOCOL_ID = 10, - INVALID_SPI = 11, - INVALID_TRANSFORM_ID = 12, - ATTRIBUTES_NOT_SUPPORTED = 13, - NO_PROPOSAL_CHOSEN = 14, - BAD_PROPOSAL_SYNTAX = 15, - PAYLOAD_MALFORMED = 16, - INVALID_KEY_INFORMATION = 17, - INVALID_ID_INFORMATION = 18, - INVALID_CERT_ENCODING = 19, - INVALID_CERTIFICATE = 20, - CERT_TYPE_UNSUPPORTED = 21, - INVALID_CERT_AUTHORITY = 22, - INVALID_HASH_INFORMATION = 23, - AUTHENTICATION_FAILED = 24, - INVALID_SIGNATURE = 25, - ADDRESS_NOTIFICATION = 26, - NOTIFY_SA_LIFETIME = 27, - CERTIFICATE_UNAVAILABLE = 28, - UNSUPPORTED_EXCHANGE_TYPE = 29, - UNEQUAL_PAYLOAD_LENGTHS = 30, + ISAKMP_NOTHING_WRONG = 0, /* unofficial! */ + + ISAKMP_INVALID_PAYLOAD_TYPE = 1, + ISAKMP_DOI_NOT_SUPPORTED = 2, + ISAKMP_SITUATION_NOT_SUPPORTED = 3, + ISAKMP_INVALID_COOKIE = 4, + ISAKMP_INVALID_MAJOR_VERSION = 5, + ISAKMP_INVALID_MINOR_VERSION = 6, + ISAKMP_INVALID_EXCHANGE_TYPE = 7, + ISAKMP_INVALID_FLAGS = 8, + ISAKMP_INVALID_MESSAGE_ID = 9, + ISAKMP_INVALID_PROTOCOL_ID = 10, + ISAKMP_INVALID_SPI = 11, + ISAKMP_INVALID_TRANSFORM_ID = 12, + ISAKMP_ATTRIBUTES_NOT_SUPPORTED = 13, + ISAKMP_NO_PROPOSAL_CHOSEN = 14, + ISAKMP_BAD_PROPOSAL_SYNTAX = 15, + ISAKMP_PAYLOAD_MALFORMED = 16, + ISAKMP_INVALID_KEY_INFORMATION = 17, + ISAKMP_INVALID_ID_INFORMATION = 18, + ISAKMP_INVALID_CERT_ENCODING = 19, + ISAKMP_INVALID_CERTIFICATE = 20, + ISAKMP_CERT_TYPE_UNSUPPORTED = 21, + ISAKMP_INVALID_CERT_AUTHORITY = 22, + ISAKMP_INVALID_HASH_INFORMATION = 23, + ISAKMP_AUTHENTICATION_FAILED = 24, + ISAKMP_INVALID_SIGNATURE = 25, + ISAKMP_ADDRESS_NOTIFICATION = 26, + ISAKMP_NOTIFY_SA_LIFETIME = 27, + ISAKMP_CERTIFICATE_UNAVAILABLE = 28, + ISAKMP_UNSUPPORTED_EXCHANGE_TYPE = 29, + ISAKMP_UNEQUAL_PAYLOAD_LENGTHS = 30, /* ISAKMP status type */ - CONNECTED = 16384, + ISAKMP_CONNECTED = 16384, /* IPSEC DOI additions; status types (RFC2407 IPSEC DOI 4.6.3) * These must be sent under the protection of an ISAKMP SA. */ - IPSEC_RESPONDER_LIFETIME = 24576, - IPSEC_REPLAY_STATUS = 24577, - IPSEC_INITIAL_CONTACT = 24578, + IPSEC_RESPONDER_LIFETIME = 24576, + IPSEC_REPLAY_STATUS = 24577, + IPSEC_INITIAL_CONTACT = 24578, /* RFC 3706 DPD */ - R_U_THERE = 36136, - R_U_THERE_ACK = 36137 + R_U_THERE = 36136, + R_U_THERE_ACK = 36137, + + /* Juniper SRX private use */ + NS_NHTB_INFORM = 40001 } notification_t; diff --git a/src/pluto/crl.c b/src/pluto/crl.c index c800f2acc..84fe77554 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -24,11 +24,6 @@ #include -#include -#include -#include -#include - #include "constants.h" #include "defs.h" #include "log.h" @@ -39,145 +34,53 @@ #include "keys.h" #include "whack.h" #include "fetch.h" +#include "builder.h" /* chained lists of X.509 crls */ -static x509crl_t *x509crls = NULL; - -/** - * ASN.1 definition of an X.509 certificate revocation list - */ -static const asn1Object_t crlObjects[] = { - { 0, "certificateList", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "tbsCertList", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */ - { 2, "version", ASN1_INTEGER, ASN1_OPT | - ASN1_BODY }, /* 2 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 4 */ - { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 5 */ - { 2, "thisUpdate", ASN1_EOC, ASN1_RAW }, /* 6 */ - { 2, "nextUpdate", ASN1_EOC, ASN1_RAW }, /* 7 */ - { 2, "revokedCertificates", ASN1_SEQUENCE, ASN1_OPT | - ASN1_LOOP }, /* 8 */ - { 3, "certList", ASN1_SEQUENCE, ASN1_NONE }, /* 9 */ - { 4, "userCertificate", ASN1_INTEGER, ASN1_BODY }, /* 10 */ - { 4, "revocationDate", ASN1_EOC, ASN1_RAW }, /* 11 */ - { 4, "crlEntryExtensions", ASN1_SEQUENCE, ASN1_OPT | - ASN1_LOOP }, /* 12 */ - { 5, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */ - { 6, "extnID", ASN1_OID, ASN1_BODY }, /* 14 */ - { 6, "critical", ASN1_BOOLEAN, ASN1_DEF | - ASN1_BODY }, /* 15 */ - { 6, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 16 */ - { 4, "end opt or loop", ASN1_EOC, ASN1_END }, /* 17 */ - { 2, "end opt or loop", ASN1_EOC, ASN1_END }, /* 18 */ - { 2, "optional extensions", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 19 */ - { 3, "crlExtensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 20 */ - { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 21 */ - { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 22 */ - { 5, "critical", ASN1_BOOLEAN, ASN1_DEF | - ASN1_BODY }, /* 23 */ - { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 24 */ - { 3, "end loop", ASN1_EOC, ASN1_END }, /* 25 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 26 */ - { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 27 */ - { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 28 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; - -#define CRL_OBJ_CERTIFICATE_LIST 0 -#define CRL_OBJ_TBS_CERT_LIST 1 -#define CRL_OBJ_VERSION 2 -#define CRL_OBJ_SIG_ALG 4 -#define CRL_OBJ_ISSUER 5 -#define CRL_OBJ_THIS_UPDATE 6 -#define CRL_OBJ_NEXT_UPDATE 7 -#define CRL_OBJ_USER_CERTIFICATE 10 -#define CRL_OBJ_REVOCATION_DATE 11 -#define CRL_OBJ_CRL_ENTRY_EXTN_ID 14 -#define CRL_OBJ_CRL_ENTRY_CRITICAL 15 -#define CRL_OBJ_CRL_ENTRY_EXTN_VALUE 16 -#define CRL_OBJ_EXTN_ID 22 -#define CRL_OBJ_CRITICAL 23 -#define CRL_OBJ_EXTN_VALUE 24 -#define CRL_OBJ_ALGORITHM 27 -#define CRL_OBJ_SIGNATURE 28 - -const x509crl_t empty_x509crl = { - NULL , /* *next */ - UNDEFINED_TIME, /* installed */ - NULL , /* distributionPoints */ - { NULL, 0 } , /* certificateList */ - { NULL, 0 } , /* tbsCertList */ - 1 , /* version */ - OID_UNKNOWN , /* sigAlg */ - { NULL, 0 } , /* issuer */ - UNDEFINED_TIME, /* thisUpdate */ - UNDEFINED_TIME, /* nextUpdate */ - NULL , /* revokedCertificates */ - /* crlExtensions */ - /* extension */ - /* extnID */ - /* critical */ - /* extnValue */ - { NULL, 0 } , /* authKeyID */ - { NULL, 0 } , /* authKeySerialNumber */ - { NULL, 0 } , /* crlNumber */ - OID_UNKNOWN , /* algorithm */ - { NULL, 0 } /* signature */ -}; +static x509crl_t *x509crls = NULL; /** * Get the X.509 CRL with a given issuer */ -static x509crl_t* get_x509crl(chunk_t issuer, chunk_t serial, chunk_t keyid) +static x509crl_t* get_x509crl(identification_t *issuer, chunk_t keyid) { - x509crl_t *crl = x509crls; + x509crl_t *x509crl = x509crls; x509crl_t *prev_crl = NULL; - while (crl != NULL) + while (x509crl != NULL) { - if ((keyid.ptr != NULL && crl->authKeyID.ptr != NULL) - ? same_keyid(keyid, crl->authKeyID) - : (same_dn(crl->issuer, issuer) && same_serial(serial, crl->authKeySerialNumber))) + certificate_t *cert_crl = x509crl->crl; + crl_t *crl = (crl_t*)cert_crl; + identification_t *crl_issuer = cert_crl->get_issuer(cert_crl); + chunk_t authKeyID = crl->get_authKeyIdentifier(crl); + + if ((keyid.ptr && authKeyID.ptr)? same_keyid(keyid, authKeyID) : + issuer->equals(issuer, crl_issuer)) { - if (crl != x509crls) + if (x509crl != x509crls) { /* bring the CRL up front */ - prev_crl->next = crl->next; - crl->next = x509crls; - x509crls = crl; + prev_crl->next = x509crl->next; + x509crl->next = x509crls; + x509crls = x509crl; } - return crl; + return x509crl; } - prev_crl = crl; - crl = crl->next; + prev_crl = x509crl; + x509crl = x509crl->next; } return NULL; } -/** - * Free the dynamic memory used to store revoked certificates - */ -static void free_revoked_certs(revokedCert_t* revokedCerts) -{ - while (revokedCerts != NULL) - { - revokedCert_t * revokedCert = revokedCerts; - revokedCerts = revokedCert->next; - free(revokedCert); - } -} - /** * Free the dynamic memory used to store CRLs */ void free_crl(x509crl_t *crl) { - free_revoked_certs(crl->revokedCertificates); - free_generalNames(crl->distributionPoints, TRUE); - free(crl->certificateList.ptr); + DESTROY_IF(crl->crl); + crl->distributionPoints->destroy_function(crl->distributionPoints, free); free(crl); } @@ -194,7 +97,9 @@ void free_crls(void) lock_crl_list("free_crls"); while (x509crls != NULL) + { free_first_crl(); + } unlock_crl_list("free_crls"); } @@ -202,127 +107,109 @@ void free_crls(void) /** * Insert X.509 CRL into chained list */ -bool insert_crl(chunk_t blob, chunk_t crl_uri, bool cache_crl) +bool insert_crl(x509crl_t *x509crl, char *crl_uri, bool cache_crl) { - x509crl_t *crl = malloc_thing(x509crl_t); + certificate_t *cert_crl = x509crl->crl; + crl_t *crl = (crl_t*)cert_crl; + identification_t *issuer = cert_crl->get_issuer(cert_crl); + chunk_t authKeyID = crl->get_authKeyIdentifier(crl); + cert_t *issuer_cert; + x509crl_t *oldcrl; + time_t now, nextUpdate; + bool valid_sig; + + /* add distribution point */ + add_distribution_point(x509crl->distributionPoints, crl_uri); + + lock_authcert_list("insert_crl"); + + /* get the issuer cacert */ + issuer_cert = get_authcert(issuer, authKeyID, X509_CA); + if (issuer_cert == NULL) + { + plog("crl issuer cacert not found"); + free_crl(x509crl); + unlock_authcert_list("insert_crl"); + return FALSE; + } + DBG(DBG_CONTROL, + DBG_log("crl issuer cacert found") + ) - *crl = empty_x509crl; + /* check the issuer's signature of the crl */ + valid_sig = cert_crl->issued_by(cert_crl, issuer_cert->cert); + unlock_authcert_list("insert_crl"); - if (parse_x509crl(blob, 0, crl)) + if (!valid_sig) { - x509cert_t *issuer_cert; - x509crl_t *oldcrl; - bool valid_sig; - generalName_t *gn; - - /* add distribution point */ - gn = malloc_thing(generalName_t); - gn->kind = GN_URI; - gn->name = crl_uri; - gn->next = crl->distributionPoints; - crl->distributionPoints = gn; - - lock_authcert_list("insert_crl"); - /* get the issuer cacert */ - issuer_cert = get_authcert(crl->issuer, crl->authKeySerialNumber, - crl->authKeyID, AUTH_CA); - if (issuer_cert == NULL) - { - plog("crl issuer cacert not found"); - free_crl(crl); - unlock_authcert_list("insert_crl"); - return FALSE; - } - DBG(DBG_CONTROL, - DBG_log("crl issuer cacert found") - ) + free_crl(x509crl); + return FALSE; + } + DBG(DBG_CONTROL, + DBG_log("crl signature is valid") + ) - /* check the issuer's signature of the crl */ - valid_sig = x509_check_signature(crl->tbsCertList, crl->signature, - crl->algorithm, issuer_cert); - unlock_authcert_list("insert_crl"); + /* note the current time */ + time(&now); - if (!valid_sig) - { - free_crl(crl); - return FALSE; - } - DBG(DBG_CONTROL, - DBG_log("crl signature is valid") - ) + lock_crl_list("insert_crl"); + oldcrl = get_x509crl(issuer, authKeyID); - lock_crl_list("insert_crl"); - oldcrl = get_x509crl(crl->issuer, crl->authKeySerialNumber - , crl->authKeyID); + if (oldcrl != NULL) + { + certificate_t *old_cert_crl = oldcrl->crl; - if (oldcrl != NULL) + if (cert_crl->is_newer(cert_crl, old_cert_crl)) { - if (crl->thisUpdate > oldcrl->thisUpdate) - { - /* keep any known CRL distribution points */ - add_distribution_points(oldcrl->distributionPoints - , &crl->distributionPoints); + /* keep any known CRL distribution points */ + add_distribution_points(x509crl->distributionPoints, + oldcrl->distributionPoints); - /* now delete the old CRL */ - free_first_crl(); - DBG(DBG_CONTROL, - DBG_log("thisUpdate is newer - existing crl deleted") - ) - } - else - { - unlock_crl_list("insert_crls"); - DBG(DBG_CONTROL, - DBG_log("thisUpdate is not newer - existing crl not replaced"); - ) - free_crl(crl); - return oldcrl->nextUpdate - time(NULL) > 2*crl_check_interval; - } + /* now delete the old CRL */ + free_first_crl(); + DBG(DBG_CONTROL, + DBG_log("thisUpdate is newer - existing crl deleted") + ) } - - /* insert new CRL */ - crl->next = x509crls; - x509crls = crl; - - unlock_crl_list("insert_crl"); - - /* If crl caching is enabled then the crl is saved locally. - * Only http or ldap URIs are cached but not local file URIs. - * The issuer's subjectKeyID is used as a unique filename - */ - if (cache_crl && strncasecmp(crl_uri.ptr, "file", 4) != 0) + else { - char path[BUF_LEN], buf[BUF_LEN]; - char digest_buf[HASH_SIZE_SHA1]; - chunk_t subjectKeyID = chunk_from_buf(digest_buf); - bool has_keyID; - - if (issuer_cert->subjectKeyID.ptr == NULL) - { - has_keyID = compute_subjectKeyID(issuer_cert, subjectKeyID); - } - else - { - subjectKeyID = issuer_cert->subjectKeyID; - has_keyID = TRUE; - } - if (has_keyID) - { - datatot(subjectKeyID.ptr, subjectKeyID.len, 16, buf, BUF_LEN); - snprintf(path, BUF_LEN, "%s/%s.crl", CRL_PATH, buf); - chunk_write(crl->certificateList, path, "crl", 0022, TRUE); - } + unlock_crl_list("insert_crls"); + DBG(DBG_CONTROL, + DBG_log("thisUpdate is not newer - existing crl not replaced"); + ) + free_crl(x509crl); + old_cert_crl->get_validity(old_cert_crl, &now, NULL, &nextUpdate); + return nextUpdate - now > 2*crl_check_interval; } - - /* is the fetched crl valid? */ - return crl->nextUpdate - time(NULL) > 2*crl_check_interval; } - else + + /* insert new CRL */ + x509crl->next = x509crls; + x509crls = x509crl; + + unlock_crl_list("insert_crl"); + + /* If crl caching is enabled then the crl is saved locally. + * Only http or ldap URIs are cached but not local file URIs. + * The CRL's authorityKeyIdentifier is used as a unique filename + */ + if (cache_crl && strncasecmp(crl_uri, "file", 4) != 0) { - plog(" error in X.509 crl"); - free_crl(crl); - return FALSE; + char buf[BUF_LEN]; + chunk_t hex, encoding; + + hex = chunk_to_hex(crl->get_authKeyIdentifier(crl), NULL, FALSE); + snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_PATH, hex); + free(hex.ptr); + + encoding = cert_crl->get_encoding(cert_crl); + chunk_write(encoding, buf, "crl", 022, TRUE); + free(encoding.ptr); } + + /* is the fetched crl valid? */ + cert_crl->get_validity(cert_crl, &now, NULL, &nextUpdate); + return nextUpdate - now > 2*crl_check_interval; } /** @@ -352,22 +239,19 @@ void load_crls(void) { while (n--) { - bool pgp = FALSE; - chunk_t blob = chunk_empty; char *filename = filelist[n]->d_name; + x509crl_t *x509crl; - if (load_coded_file(filename, NULL, "crl", &blob, &pgp)) + x509crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_PLUTO_CRL, + BUILD_FROM_FILE, filename, BUILD_END); + if (x509crl) { - chunk_t crl_uri; - - crl_uri.len = 7 + sizeof(CRL_PATH) + strlen(filename); - crl_uri.ptr = malloc(crl_uri.len + 1); + char crl_uri[BUF_LEN]; - /* build CRL file URI */ - snprintf(crl_uri.ptr, crl_uri.len + 1, "file://%s/%s" - , CRL_PATH, filename); - - insert_crl(blob, crl_uri, FALSE); + plog(" loaded crl from '%s'", filename); + snprintf(crl_uri, BUF_LEN, "file://%s/%s", CRL_PATH, filename); + insert_crl(x509crl, crl_uri, FALSE); } free(filelist[n]); } @@ -378,212 +262,77 @@ void load_crls(void) ignore_result(chdir(save_dir)); } -/** - * Parses a CRL revocation reason code - */ -static crl_reason_t parse_crl_reasonCode(chunk_t object) -{ - crl_reason_t reason = REASON_UNSPECIFIED; - - if (*object.ptr == ASN1_ENUMERATED - && asn1_length(&object) == 1) - { - reason = *object.ptr; - } - - DBG(DBG_PARSING, - DBG_log(" '%N'", crl_reason_names, reason) - ) - return reason; -} - -/* - * Parses an X.509 CRL - */ -bool parse_x509crl(chunk_t blob, u_int level0, x509crl_t *crl) -{ - u_char buf[BUF_LEN]; - asn1_parser_t *parser; - chunk_t extnID; - chunk_t userCertificate = chunk_empty; - chunk_t object; - int objectID; - bool success = FALSE; - bool critical; - - parser = asn1_parser_create(crlObjects, blob); - - while (parser->iterate(parser, &objectID, &object)) - { - u_int level = parser->get_level(parser)+1; - - switch (objectID) { - case CRL_OBJ_CERTIFICATE_LIST: - crl->certificateList = object; - break; - case CRL_OBJ_TBS_CERT_LIST: - crl->tbsCertList = object; - break; - case CRL_OBJ_VERSION: - crl->version = (object.len) ? (1+(u_int)*object.ptr) : 1; - DBG(DBG_PARSING, - DBG_log(" v%d", crl->version); - ) - break; - case CRL_OBJ_SIG_ALG: - crl->sigAlg = asn1_parse_algorithmIdentifier(object, level, NULL); - break; - case CRL_OBJ_ISSUER: - crl->issuer = object; - DBG(DBG_PARSING, - dntoa(buf, BUF_LEN, object); - DBG_log(" '%s'",buf) - ) - break; - case CRL_OBJ_THIS_UPDATE: - crl->thisUpdate = asn1_parse_time(object, level); - break; - case CRL_OBJ_NEXT_UPDATE: - crl->nextUpdate = asn1_parse_time(object, level); - break; - case CRL_OBJ_USER_CERTIFICATE: - userCertificate = object; - break; - case CRL_OBJ_REVOCATION_DATE: - { - /* put all the serial numbers and the revocation date in a chained list - with revocedCertificates pointing to the first revoked certificate */ - - revokedCert_t *revokedCert = malloc_thing(revokedCert_t); - revokedCert->userCertificate = userCertificate; - revokedCert->revocationDate = asn1_parse_time(object, level); - revokedCert->revocationReason = REASON_UNSPECIFIED; - revokedCert->next = crl->revokedCertificates; - crl->revokedCertificates = revokedCert; - } - break; - case CRL_OBJ_CRL_ENTRY_EXTN_ID: - case CRL_OBJ_EXTN_ID: - extnID = object; - break; - case CRL_OBJ_CRL_ENTRY_CRITICAL: - case CRL_OBJ_CRITICAL: - critical = object.len && *object.ptr; - DBG(DBG_PARSING, - DBG_log(" %s",(critical)?"TRUE":"FALSE"); - ) - break; - case CRL_OBJ_CRL_ENTRY_EXTN_VALUE: - case CRL_OBJ_EXTN_VALUE: - { - u_int extn_oid = asn1_known_oid(extnID); - - if (extn_oid == OID_CRL_REASON_CODE) - { - crl->revokedCertificates->revocationReason = - parse_crl_reasonCode(object); - } - else if (extn_oid == OID_AUTHORITY_KEY_ID) - { - parse_authorityKeyIdentifier(object, level - , &crl->authKeyID, &crl->authKeySerialNumber); - } - else if (extn_oid == OID_CRL_NUMBER) - { - if (!asn1_parse_simple_object(&object, ASN1_INTEGER, - level, "crlNumber")) - { - goto end; - } - crl->crlNumber = object; - } - } - break; - case CRL_OBJ_ALGORITHM: - crl->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); - break; - case CRL_OBJ_SIGNATURE: - crl->signature = object; - break; - default: - break; - } - } - success = parser->success(parser); - time(&crl->installed); - -end: - parser->destroy(parser); - return success; -} /* Checks if the current certificate is revoked. It goes through the * list of revoked certificates of the corresponding crl. Either the * status CERT_GOOD or CERT_REVOKED is returned */ -static cert_status_t -check_revocation(const x509crl_t *crl, chunk_t serial -, time_t *revocationDate, crl_reason_t * revocationReason) +static cert_status_t check_revocation(crl_t *crl, chunk_t cert_serial, + time_t *revocationDate, + crl_reason_t *revocationReason) { - revokedCert_t *revokedCert = crl->revokedCertificates; + enumerator_t *enumerator; + cert_status_t status; + chunk_t serial; - *revocationDate = UNDEFINED_TIME; - *revocationReason = REASON_UNSPECIFIED; - DBG(DBG_CONTROL, - DBG_dump_chunk("serial number:", serial) + DBG_log("serial number: %#B", &cert_serial) ) + *revocationDate = UNDEFINED_TIME; + *revocationReason = CRL_REASON_UNSPECIFIED; + status = CERT_GOOD; - while(revokedCert != NULL) + enumerator = crl->create_enumerator(crl); + while (enumerator->enumerate(enumerator, &serial, + revocationDate, revocationReason)) { - /* compare serial numbers */ - if (revokedCert->userCertificate.len == serial.len && - memeq(revokedCert->userCertificate.ptr, serial.ptr, serial.len)) + if (chunk_equals(serial, cert_serial)) { - *revocationDate = revokedCert->revocationDate; - *revocationReason = revokedCert->revocationReason; - return CERT_REVOKED; + status = CERT_REVOKED; + break; } - revokedCert = revokedCert->next; } - return CERT_GOOD; + enumerator->destroy(enumerator); + return status; } /* * check if any crls are about to expire */ -void -check_crls(void) +void check_crls(void) { - x509crl_t *crl; + x509crl_t *x509crl; + time_t now, nextUpdate, time_left; lock_crl_list("check_crls"); - crl = x509crls; + time(&now); + x509crl = x509crls; - while (crl != NULL) + while (x509crl != NULL) { - time_t time_left = crl->nextUpdate - time(NULL); - u_char buf[BUF_LEN]; + certificate_t *cert_crl = x509crl->crl; + crl_t *crl = (crl_t*)cert_crl; + identification_t *issuer = cert_crl->get_issuer(cert_crl); + chunk_t authKeyID = crl->get_authKeyIdentifier(crl); + + cert_crl->get_validity(cert_crl, &now, NULL, &nextUpdate); + time_left = nextUpdate - now; DBG(DBG_CONTROL, - dntoa(buf, BUF_LEN, crl->issuer); - DBG_log("issuer: '%s'",buf); - if (crl->authKeyID.ptr != NULL) + DBG_log("issuer: '%Y'", issuer); + if (authKeyID.ptr) { - datatot(crl->authKeyID.ptr, crl->authKeyID.len, ':' - , buf, BUF_LEN); - DBG_log("authkey: %s", buf); + DBG_log("authkey: %#B", &authKeyID); } DBG_log("%ld seconds left", time_left) ) if (time_left < 2*crl_check_interval) { - fetch_req_t *req = build_crl_fetch_request(crl->issuer - , crl->authKeySerialNumber - , crl->authKeyID, crl->distributionPoints); + fetch_req_t *req = build_crl_fetch_request(issuer, authKeyID, + x509crl->distributionPoints); add_crl_fetch_request(req); } - crl = crl->next; + x509crl = x509crl->next; } unlock_crl_list("check_crls"); } @@ -591,112 +340,131 @@ check_crls(void) /* * verify if a cert hasn't been revoked by a crl */ -cert_status_t -verify_by_crl(const x509cert_t *cert, time_t *until, time_t *revocationDate -, crl_reason_t *revocationReason) +cert_status_t verify_by_crl(cert_t *cert, time_t *until, time_t *revocationDate, + crl_reason_t *revocationReason) { - x509crl_t *crl; - - ca_info_t *ca = get_ca_info(cert->issuer, cert->authKeySerialNumber - , cert->authKeyID); - - generalName_t *crluri = (ca == NULL)? NULL : ca->crluri; - + certificate_t *certificate = cert->cert; + x509_t *x509 = (x509_t*)certificate; + identification_t *issuer = certificate->get_issuer(certificate); + chunk_t authKeyID = x509->get_authKeyIdentifier(x509); + x509crl_t *x509crl; + ca_info_t *ca; + enumerator_t *enumerator; + char *point; + + ca = get_ca_info(issuer, authKeyID); + *revocationDate = UNDEFINED_TIME; - *revocationReason = REASON_UNSPECIFIED; + *revocationReason = CRL_REASON_UNSPECIFIED; lock_crl_list("verify_by_crl"); - crl = get_x509crl(cert->issuer, cert->authKeySerialNumber, cert->authKeyID); + x509crl = get_x509crl(issuer, authKeyID); - if (crl == NULL) + if (x509crl == NULL) { + linked_list_t *crluris; + unlock_crl_list("verify_by_crl"); plog("crl not found"); - if (cert->crlDistributionPoints != NULL) + crluris = linked_list_create(); + if (ca) { - fetch_req_t *req = build_crl_fetch_request(cert->issuer - , cert->authKeySerialNumber - , cert->authKeyID, cert->crlDistributionPoints); - add_crl_fetch_request(req); + add_distribution_points(crluris, ca->crluris); } - if (crluri != NULL) + enumerator = x509->create_crl_uri_enumerator(x509); + while (enumerator->enumerate(enumerator, &point)) { - fetch_req_t *req = build_crl_fetch_request(cert->issuer - , cert->authKeySerialNumber - , cert->authKeyID, crluri); - add_crl_fetch_request(req); + add_distribution_point(crluris, point); } + enumerator->destroy(enumerator); - if (cert->crlDistributionPoints != 0 || crluri != NULL) + if (crluris->get_count(crluris) > 0) { + fetch_req_t *req; + + req = build_crl_fetch_request(issuer, authKeyID, crluris); + crluris->destroy_function(crluris, free); + add_crl_fetch_request(req); wake_fetch_thread("verify_by_crl"); return CERT_UNKNOWN; } else + { + crluris->destroy(crluris); return CERT_UNDEFINED; + } } else { - x509cert_t *issuer_cert; - bool valid; + certificate_t *cert_crl = x509crl->crl; + crl_t *crl = (crl_t*)cert_crl; + chunk_t authKeyID = crl->get_authKeyIdentifier(crl); + cert_t *issuer_cert; + bool trusted, valid; DBG(DBG_CONTROL, DBG_log("crl found") ) - add_distribution_points(cert->crlDistributionPoints - , &crl->distributionPoints); + if (ca) + { + add_distribution_points(x509crl->distributionPoints, ca->crluris); + } - add_distribution_points(crluri - , &crl->distributionPoints); + enumerator = x509->create_crl_uri_enumerator(x509); + while (enumerator->enumerate(enumerator, &point)) + { + add_distribution_point(x509crl->distributionPoints, point); + } + enumerator->destroy(enumerator); lock_authcert_list("verify_by_crl"); - issuer_cert = get_authcert(crl->issuer, crl->authKeySerialNumber - , crl->authKeyID, AUTH_CA); - valid = x509_check_signature(crl->tbsCertList, crl->signature, - crl->algorithm, issuer_cert); - + issuer_cert = get_authcert(issuer, authKeyID, X509_CA); + trusted = cert_crl->issued_by(cert_crl, issuer_cert->cert); + unlock_authcert_list("verify_by_crl"); - if (valid) + if (trusted) { cert_status_t status; DBG(DBG_CONTROL, DBG_log("crl signature is valid") ) - /* return the expiration date */ - *until = crl->nextUpdate; + + /* return the expiration date */ + valid = cert_crl->get_validity(cert_crl, NULL, NULL, until); /* has the certificate been revoked? */ - status = check_revocation(crl, cert->serialNumber, revocationDate + status = check_revocation(crl, x509->get_serial(x509), revocationDate , revocationReason); - if (*until < time(NULL)) + if (valid) + { + unlock_crl_list("verify_by_crl"); + DBG(DBG_CONTROL, + DBG_log("crl is valid: until %T", until, FALSE) + ) + } + else { fetch_req_t *req; - plog("crl update is overdue since %T", until, TRUE); + DBG(DBG_CONTROL, + DBG_log("crl is stale: since %T", until, FALSE) + ) /* try to fetch a crl update */ - req = build_crl_fetch_request(crl->issuer - , crl->authKeySerialNumber - , crl->authKeyID, crl->distributionPoints); + req = build_crl_fetch_request(issuer, authKeyID, + x509crl->distributionPoints); unlock_crl_list("verify_by_crl"); add_crl_fetch_request(req); wake_fetch_thread("verify_by_crl"); } - else - { - unlock_crl_list("verify_by_crl"); - DBG(DBG_CONTROL, - DBG_log("crl is valid") - ) - } return status; } else @@ -711,65 +479,59 @@ verify_by_crl(const x509cert_t *cert, time_t *until, time_t *revocationDate /* * list all X.509 crls in the chained list */ -void -list_crls(bool utc, bool strict) +void list_crls(bool utc, bool strict) { - x509crl_t *crl; + x509crl_t *x509crl; lock_crl_list("list_crls"); - crl = x509crls; + x509crl = x509crls; - if (crl != NULL) + if (x509crl) { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of X.509 CRLs:"); - whack_log(RC_COMMENT, " "); } - while (crl != NULL) + while (x509crl) { - u_char buf[BUF_LEN]; + certificate_t *cert_crl = x509crl->crl; + crl_t *crl = (crl_t*)cert_crl; + chunk_t serial, authKeyID; + time_t thisUpdate, nextUpdate; u_int revoked = 0; - revokedCert_t *revokedCert = crl->revokedCertificates; + enumerator_t *enumerator; - /* count number of revoked certificates in CRL */ - while (revokedCert != NULL) + whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, " issuer: \"%Y\"", + cert_crl->get_issuer(cert_crl)); + serial = crl->get_serial(crl); + if (serial.ptr) { - revoked++; - revokedCert = revokedCert->next; + whack_log(RC_COMMENT, " serial: %#B", &serial); } - whack_log(RC_COMMENT, "%T, revoked certs: %d", - &crl->installed, utc, revoked); - dntoa(buf, BUF_LEN, crl->issuer); - whack_log(RC_COMMENT, " issuer: '%s'", buf); - if (crl->crlNumber.ptr != NULL) - { - datatot(crl->crlNumber.ptr, crl->crlNumber.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " crlnumber: %s", buf); - } - list_distribution_points(crl->distributionPoints); - - whack_log(RC_COMMENT, " updates: this %T", - &crl->thisUpdate, utc); - whack_log(RC_COMMENT, " next %T %s", - &crl->nextUpdate, utc, - check_expiry(crl->nextUpdate, CRL_WARNING_INTERVAL, strict)); - if (crl->authKeyID.ptr != NULL) + /* count number of revoked certificates in CRL */ + enumerator = crl->create_enumerator(crl); + while (enumerator->enumerate(enumerator, NULL, NULL, NULL)) { - datatot(crl->authKeyID.ptr, crl->authKeyID.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " authkey: %s", buf); + revoked++; } - if (crl->authKeySerialNumber.ptr != NULL) + enumerator->destroy(enumerator); + whack_log(RC_COMMENT, " revoked: %d certificates", revoked); + + list_distribution_points(x509crl->distributionPoints); + + cert_crl->get_validity(cert_crl, NULL, &thisUpdate, &nextUpdate); + whack_log(RC_COMMENT, " updates: this %T", &thisUpdate, utc); + whack_log(RC_COMMENT, " next %T %s", &nextUpdate, utc, + check_expiry(nextUpdate, CRL_WARNING_INTERVAL, strict)); + authKeyID = crl->get_authKeyIdentifier(crl); + if (authKeyID.ptr) { - datatot(crl->authKeySerialNumber.ptr, crl->authKeySerialNumber.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " aserial: %s", buf); + whack_log(RC_COMMENT, " authkey: %#B", &authKeyID); } - crl = crl->next; + x509crl = x509crl->next; } unlock_crl_list("list_crls"); } diff --git a/src/pluto/crl.h b/src/pluto/crl.h index 7c110ad5a..43bafe145 100644 --- a/src/pluto/crl.h +++ b/src/pluto/crl.h @@ -14,47 +14,18 @@ #include "constants.h" -/* access structure for a revoked serial number */ - -typedef struct revokedCert revokedCert_t; - -struct revokedCert{ - revokedCert_t *next; - chunk_t userCertificate; - time_t revocationDate; - crl_reason_t revocationReason; -}; +#include +#include +#include /* storage structure for an X.509 CRL */ typedef struct x509crl x509crl_t; struct x509crl { - x509crl_t *next; - time_t installed; - generalName_t *distributionPoints; - chunk_t certificateList; - chunk_t tbsCertList; - u_int version; - /* signature */ - int sigAlg; - chunk_t issuer; - time_t thisUpdate; - time_t nextUpdate; - revokedCert_t *revokedCertificates; - /* v2 extensions */ - /* crlExtensions */ - /* extension */ - /* extnID */ - /* critical */ - /* extnValue */ - chunk_t authKeyID; - chunk_t authKeySerialNumber; - chunk_t crlNumber; - - /* signatureAlgorithm */ - int algorithm; - chunk_t signature; + certificate_t *crl; + x509crl_t *next; + linked_list_t *distributionPoints; }; /* apply a strict CRL policy @@ -69,18 +40,14 @@ extern bool cache_crls; /* * check periodically for expired crls - */ + */ extern long crl_check_interval; - -/* used for initialization */ -extern const x509crl_t empty_x509crl; - -extern bool parse_x509crl(chunk_t blob, u_int level0, x509crl_t *crl); extern void load_crls(void); extern void check_crls(void); -extern bool insert_crl(chunk_t blob, chunk_t crl_uri, bool cache_crl); -extern cert_status_t verify_by_crl(const x509cert_t *cert, time_t *until - , time_t *revocationDate, crl_reason_t *revocationReason); +extern bool insert_crl(x509crl_t *crl, char *crl_uri, bool cache_crl); +extern cert_status_t verify_by_crl(cert_t *cert, time_t *until, + time_t *revocationDate, + crl_reason_t *revocationReason); extern void list_crls(bool utc, bool strict); extern void free_crls(void); extern void free_crl(x509crl_t *crl); diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index f47ad1eeb..2113cecbc 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -21,12 +21,12 @@ #include "log.h" static struct encrypt_desc encrypt_desc_3des = -{ +{ algo_type: IKE_ALG_ENCRYPT, - algo_id: OAKLEY_3DES_CBC, + algo_id: OAKLEY_3DES_CBC, algo_next: NULL, - enc_blocksize: DES_BLOCK_SIZE, + enc_blocksize: DES_BLOCK_SIZE, keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, @@ -40,7 +40,7 @@ static struct encrypt_desc encrypt_desc_aes = { algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_AES_CBC, - algo_next: NULL, + algo_next: NULL, enc_blocksize: AES_BLOCK_SIZE, keyminlen: AES_KEY_MIN_LEN, @@ -48,6 +48,22 @@ static struct encrypt_desc encrypt_desc_aes = keymaxlen: AES_KEY_MAX_LEN, }; +#define CAMELLIA_KEY_MIN_LEN 128 +#define CAMELLIA_KEY_DEF_LEN 128 +#define CAMELLIA_KEY_MAX_LEN 256 + +static struct encrypt_desc encrypt_desc_camellia = +{ + algo_type: IKE_ALG_ENCRYPT, + algo_id: OAKLEY_CAMELLIA_CBC, + algo_next: NULL, + + enc_blocksize: CAMELLIA_BLOCK_SIZE, + keyminlen: CAMELLIA_KEY_MIN_LEN, + keydeflen: CAMELLIA_KEY_DEF_LEN, + keymaxlen: CAMELLIA_KEY_MAX_LEN, +}; + #define BLOWFISH_KEY_MIN_LEN 128 #define BLOWFISH_KEY_MAX_LEN 448 @@ -55,7 +71,7 @@ static struct encrypt_desc encrypt_desc_blowfish = { algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_BLOWFISH_CBC, - algo_next: NULL, + algo_next: NULL, enc_blocksize: BLOWFISH_BLOCK_SIZE, keyminlen: BLOWFISH_KEY_MIN_LEN, @@ -83,7 +99,7 @@ static struct encrypt_desc encrypt_desc_serpent = #define TWOFISH_KEY_DEF_LEN 128 #define TWOFISH_KEY_MAX_LEN 256 -static struct encrypt_desc encrypt_desc_twofish = +static struct encrypt_desc encrypt_desc_twofish = { algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_TWOFISH_CBC, @@ -108,18 +124,18 @@ static struct encrypt_desc encrypt_desc_twofish_ssh = }; static struct hash_desc hash_desc_md5 = -{ +{ algo_type: IKE_ALG_HASH, algo_id: OAKLEY_MD5, - algo_next: NULL, + algo_next: NULL, hash_digest_size: HASH_SIZE_MD5, }; static struct hash_desc hash_desc_sha1 = -{ +{ algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA, - algo_next: NULL, + algo_next: NULL, hash_digest_size: HASH_SIZE_SHA1, }; @@ -146,91 +162,91 @@ static struct hash_desc hash_desc_sha2_512 = { const struct dh_desc unset_group = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_NONE, + algo_id: MODP_NONE, algo_next: NULL, ke_size: 0 }; -static struct dh_desc dh_desc_modp_1024 = { +static struct dh_desc dh_desc_modp_1024 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_1024_BIT, + algo_id: MODP_1024_BIT, algo_next: NULL, ke_size: 1024 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_1536 = { +static struct dh_desc dh_desc_modp_1536 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_1536_BIT, + algo_id: MODP_1536_BIT, algo_next: NULL, ke_size: 1536 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_2048 = { +static struct dh_desc dh_desc_modp_2048 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_2048_BIT, + algo_id: MODP_2048_BIT, algo_next: NULL, ke_size: 2048 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_3072 = { +static struct dh_desc dh_desc_modp_3072 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_3072_BIT, + algo_id: MODP_3072_BIT, algo_next: NULL, ke_size: 3072 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_4096 = { +static struct dh_desc dh_desc_modp_4096 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_4096_BIT, + algo_id: MODP_4096_BIT, algo_next: NULL, ke_size: 4096 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_6144 = { +static struct dh_desc dh_desc_modp_6144 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_6144_BIT, + algo_id: MODP_6144_BIT, algo_next: NULL, ke_size: 6144 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_8192 = { +static struct dh_desc dh_desc_modp_8192 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_8192_BIT, + algo_id: MODP_8192_BIT, algo_next: NULL, ke_size: 8192 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_256 = { +static struct dh_desc dh_desc_ecp_256 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_256_BIT, + algo_id: ECP_256_BIT, algo_next: NULL, ke_size: 2*256 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_384 = { +static struct dh_desc dh_desc_ecp_384 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_384_BIT, + algo_id: ECP_384_BIT, algo_next: NULL, ke_size: 2*384 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_521 = { +static struct dh_desc dh_desc_ecp_521 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_521_BIT, + algo_id: ECP_521_BIT, algo_next: NULL, ke_size: 2*528 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_192 = { +static struct dh_desc dh_desc_ecp_192 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_192_BIT, + algo_id: ECP_192_BIT, algo_next: NULL, ke_size: 2*192 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_224 = { +static struct dh_desc dh_desc_ecp_224 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_224_BIT, + algo_id: ECP_224_BIT, algo_next: NULL, ke_size: 2*224 / BITS_PER_BYTE }; @@ -283,12 +299,12 @@ bool init_crypto(void) (no_md5) ? "MD5" : ""); return FALSE; } - + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &encryption_alg)) { const struct encrypt_desc *desc; - + switch (encryption_alg) { case ENCR_3DES: @@ -300,6 +316,9 @@ bool init_crypto(void) case ENCR_AES_CBC: desc = &encrypt_desc_aes; break; + case ENCR_CAMELLIA_CBC: + desc = &encrypt_desc_camellia; + break; case ENCR_TWOFISH_CBC: desc = &encrypt_desc_twofish; ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh); @@ -308,7 +327,7 @@ bool init_crypto(void) desc = &encrypt_desc_serpent; break; default: - continue; + continue; } ike_alg_add((struct ike_alg *)desc); } @@ -381,7 +400,7 @@ encryption_algorithm_t oakley_to_encryption_algorithm(int alg) case OAKLEY_DES_CBC: return ENCR_DES; case OAKLEY_IDEA_CBC: - return ENCR_IDEA; + return ENCR_IDEA; case OAKLEY_BLOWFISH_CBC: return ENCR_BLOWFISH; case OAKLEY_RC5_R16_B64_CBC: @@ -392,6 +411,8 @@ encryption_algorithm_t oakley_to_encryption_algorithm(int alg) return ENCR_CAST; case OAKLEY_AES_CBC: return ENCR_AES_CBC; + case OAKLEY_CAMELLIA_CBC: + return ENCR_CAMELLIA_CBC; case OAKLEY_SERPENT_CBC: return ENCR_SERPENT_CBC; case OAKLEY_TWOFISH_CBC: @@ -491,7 +512,7 @@ int oakley_from_encryption_algorithm(encryption_algorithm_t alg) return OAKLEY_CAMELLIA_CBC; case ENCR_SERPENT_CBC: return OAKLEY_SERPENT_CBC; - case ENCR_TWOFISH_CBC: + case ENCR_TWOFISH_CBC: return OAKLEY_TWOFISH_CBC; default: return 0; @@ -561,7 +582,7 @@ int esp_from_encryption_algorithm(encryption_algorithm_t alg) return ESP_CAMELLIA; case ENCR_SERPENT_CBC: return ESP_SERPENT; - case ENCR_TWOFISH_CBC: + case ENCR_TWOFISH_CBC: return ESP_TWOFISH; default: return 0; @@ -581,12 +602,20 @@ int esp_from_integrity_algorithm(integrity_algorithm_t alg) return AUTH_ALGORITHM_HMAC_SHA1; case AUTH_AES_XCBC_96: return AUTH_ALGORITHM_AES_XCBC_MAC; + case AUTH_HMAC_SHA2_256_96: + return AUTH_ALGORITHM_HMAC_SHA2_256_96; case AUTH_HMAC_SHA2_256_128: return AUTH_ALGORITHM_HMAC_SHA2_256; case AUTH_HMAC_SHA2_384_192: return AUTH_ALGORITHM_HMAC_SHA2_384; case AUTH_HMAC_SHA2_512_256: return AUTH_ALGORITHM_HMAC_SHA2_512; + case AUTH_AES_128_GMAC: + return AUTH_ALGORITHM_AES_128_GMAC; + case AUTH_AES_192_GMAC: + return AUTH_ALGORITHM_AES_192_GMAC; + case AUTH_AES_256_GMAC: + return AUTH_ALGORITHM_AES_256_GMAC; default: return 0; } diff --git a/src/pluto/db_ops.c b/src/pluto/db_ops.c index 4ba4fa324..547ea5f22 100644 --- a/src/pluto/db_ops.c +++ b/src/pluto/db_ops.c @@ -1,6 +1,6 @@ /* Dynamic db (proposal, transforms, attributes) handling. * Author: JuanJo Ciarlante - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your @@ -12,11 +12,11 @@ * for more details. */ -/* +/* * The stratedy is to have (full contained) struct db_prop in db_context * pointing to ONE dynamically sizable transform vector (trans0). * Each transform stores attrib. in ONE dyn. sizable attribute vector (attrs0) - * in a "serialized" way (attributes storage is used in linear sequence for + * in a "serialized" way (attributes storage is used in linear sequence for * subsecuent transforms). * * Resizing for both trans0 and attrs0 is supported: @@ -24,7 +24,7 @@ * also update trans_cur (by offset) * - For attrs0: after allocating and copying attrs, I must rewrite each * trans->attrs present in trans0; to achieve this, calculate - * attrs pointer offset (new minus old) and iterate over + * attrs pointer offset (new minus old) and iterate over * each transform "adding" this difference. * also update attrs_cur (by offset) * @@ -70,7 +70,7 @@ #ifdef NOT_YET /* * Allocator cache: - * Because of the single-threaded nature of pluto/spdb.c, + * Because of the single-threaded nature of pluto/spdb.c, * alloc()/free() is exercised many times with very small * lifetime objects. * Just caching last object (currently it will select the @@ -84,9 +84,9 @@ struct db_ops_alloc_cache { #endif #ifndef NO_DB_OPS_STATS -/* - * stats: do account for allocations - * displayed in db_ops_show_status() +/* + * stats: do account for allocations + * displayed in db_ops_show_status() */ struct db_ops_stats { int st_curr_cnt; /* current number of allocations */ @@ -100,7 +100,7 @@ struct db_ops_stats { static struct db_ops_stats db_context_st = DB_OPS_ZERO; static struct db_ops_stats db_trans_st = DB_OPS_ZERO; static struct db_ops_stats db_attrs_st = DB_OPS_ZERO; -static __inline__ void *malloc_bytes_st(size_t size, struct db_ops_stats *st) +static __inline__ void *malloc_bytes_st(size_t size, struct db_ops_stats *st) { void *ptr = malloc(size); if (ptr) @@ -108,7 +108,7 @@ static __inline__ void *malloc_bytes_st(size_t size, struct db_ops_stats *st) st->st_curr_cnt++; st->st_total_cnt++; if (size > st->st_maxsz) st->st_maxsz=size; - } + } return ptr; } #define ALLOC_BYTES_ST(z,st) malloc_bytes_st(z, &st); @@ -125,13 +125,13 @@ static __inline__ void *malloc_bytes_st(size_t size, struct db_ops_stats *st) * as a result of "add" operations */ int -db_prop_init(struct db_context *ctx, u_int8_t protoid, int max_trans, int max_attrs) +db_prop_init(struct db_context *ctx, u_int8_t protoid, int max_trans, int max_attrs) { ctx->trans0 = NULL; ctx->attrs0 = NULL; if (max_trans > 0) { /* quite silly if not */ - ctx->trans0 = ALLOC_BYTES_ST ( sizeof(struct db_trans) * max_trans, + ctx->trans0 = ALLOC_BYTES_ST ( sizeof(struct db_trans) * max_trans, db_trans_st); memset(ctx->trans0, '\0', sizeof(struct db_trans) * max_trans); } @@ -162,12 +162,12 @@ db_trans_expand(struct db_context *ctx, int delta_trans) int offset; old_trans = ctx->trans0; - new_trans = ALLOC_BYTES_ST ( sizeof (struct db_trans) * max_trans, + new_trans = ALLOC_BYTES_ST ( sizeof (struct db_trans) * max_trans, db_trans_st); if (!new_trans) goto out; memcpy(new_trans, old_trans, ctx->max_trans * sizeof(struct db_trans)); - + /* update trans0 (obviously) */ ctx->trans0 = ctx->prop.trans = new_trans; /* update trans_cur (by offset) */ @@ -175,7 +175,7 @@ db_trans_expand(struct db_context *ctx, int delta_trans) { char *cctx = (char *)(ctx->trans_cur); - + cctx += offset; ctx->trans_cur = (struct db_trans *)cctx; } @@ -186,7 +186,7 @@ db_trans_expand(struct db_context *ctx, int delta_trans) out: return ret; } -/* +/* * Expand storage for attributes by delta_attrs number AND * rewrite trans->attr pointers */ @@ -201,22 +201,22 @@ db_attrs_expand(struct db_context *ctx, int delta_attrs) int offset; old_attrs = ctx->attrs0; - new_attrs = ALLOC_BYTES_ST ( sizeof (struct db_attr) * max_attrs, + new_attrs = ALLOC_BYTES_ST ( sizeof (struct db_attr) * max_attrs, db_attrs_st); if (!new_attrs) goto out; memcpy(new_attrs, old_attrs, ctx->max_attrs * sizeof(struct db_attr)); - + /* update attrs0 and attrs_cur (obviously) */ offset = (char *)(new_attrs) - (char *)(old_attrs); - + { char *actx = (char *)(ctx->attrs0); - + actx += offset; ctx->attrs0 = (struct db_attr *)actx; - + actx = (char *)ctx->attrs_cur; actx += offset; ctx->attrs_cur = (struct db_attr *)actx; @@ -237,13 +237,13 @@ out: return ret; } /* Allocate a new db object */ -struct db_context * -db_prop_new(u_int8_t protoid, int max_trans, int max_attrs) +struct db_context * +db_prop_new(u_int8_t protoid, int max_trans, int max_attrs) { struct db_context *ctx; ctx = ALLOC_BYTES_ST ( sizeof (struct db_context), db_context_st); if (!ctx) goto out; - + if (db_prop_init(ctx, protoid, max_trans, max_attrs) < 0) { PFREE_ST(ctx, db_context_st); ctx=NULL; @@ -266,8 +266,8 @@ db_trans_add(struct db_context *ctx, u_int8_t transid) /* skip incrementing current trans pointer the 1st time*/ if (ctx->trans_cur && ctx->trans_cur->attr_cnt) ctx->trans_cur++; - /* - * Strategy: if more space is needed, expand by + /* + * Strategy: if more space is needed, expand by * /2 + 1 * * This happens to produce a "reasonable" sequence @@ -287,10 +287,10 @@ db_trans_add(struct db_context *ctx, u_int8_t transid) } /* Add attr copy to current transform, expanding attrs0 if needed */ int -db_attr_add(struct db_context *ctx, const struct db_attr *a) +db_attr_add(struct db_context *ctx, const struct db_attr *a) { - /* - * Strategy: if more space is needed, expand by + /* + * Strategy: if more space is needed, expand by * /2 + 1 */ if ((ctx->attrs_cur - ctx->attrs0) >= ctx->max_attrs) { @@ -302,7 +302,7 @@ db_attr_add(struct db_context *ctx, const struct db_attr *a) ctx->trans_cur->attr_cnt++; return 0; } -/* Add attr copy (by value) to current transform, +/* Add attr copy (by value) to current transform, * expanding attrs0 if needed, just calls db_attr_add(). */ int @@ -317,7 +317,7 @@ db_attr_add_values(struct db_context *ctx, u_int16_t type, u_int16_t val) int db_ops_show_status(void) { - whack_log(RC_COMMENT, "stats " __FILE__ ": " + whack_log(RC_COMMENT, "stats " __FILE__ ": " DB_OPS_STATS_DESC " :" DB_OPS_STATS_STR("context") DB_OPS_STATS_STR("trans") @@ -329,7 +329,7 @@ db_ops_show_status(void) return 0; } #endif /* NO_DB_OPS_STATS */ -/* +/* * From below to end just testing stuff .... */ #ifdef TEST @@ -349,7 +349,7 @@ static void db_prop_print(struct db_prop *p) default: continue; } - printf(" transid=\"%s\"\n", + printf(" transid=\"%s\"\n", enum_name(n, t->transid)); for (ai=0, a=t->attrs; ai < t->attr_cnt; ai++, a++) { int i; @@ -367,16 +367,16 @@ static void db_prop_print(struct db_prop *p) default: continue; } - printf(" type=\"%s\" value=\"%s\"\n", + printf(" type=\"%s\" value=\"%s\"\n", enum_name(n_at, i), enum_name(n_av, a->val)); } } } -static void db_print(struct db_context *ctx) +static void db_print(struct db_context *ctx) { - printf("trans_cur diff=%d, attrs_cur diff=%d\n", + printf("trans_cur diff=%d, attrs_cur diff=%d\n", ctx->trans_cur - ctx->trans0, ctx->attrs_cur - ctx->attrs0); db_prop_print(&ctx->prop); diff --git a/src/pluto/demux.c b/src/pluto/demux.c index 3cfc909af..fad1450cd 100644 --- a/src/pluto/demux.c +++ b/src/pluto/demux.c @@ -819,7 +819,7 @@ check_msg_errqueue(const struct iface *ifp, short interest) bool send_packet(struct state *st, const char *where) { - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; int port_buf; bool err; u_int8_t ike_pkt[MAX_OUTPUT_UDP_SIZE]; @@ -1258,16 +1258,16 @@ process_packet(struct msg_digest **mdp) struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur; if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION) { - SEND_NOTIFICATION(INVALID_MAJOR_VERSION); + SEND_NOTIFICATION(ISAKMP_INVALID_MAJOR_VERSION); return; } else if ((hdr->isa_version & ISA_MIN_MASK) != ISAKMP_MINOR_VERSION) { - SEND_NOTIFICATION(INVALID_MINOR_VERSION); + SEND_NOTIFICATION(ISAKMP_INVALID_MINOR_VERSION); return; } } - SEND_NOTIFICATION(PAYLOAD_MALFORMED); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED); return; } @@ -1295,14 +1295,14 @@ process_packet(struct msg_digest **mdp) { plog("Message ID was 0x%08lx but should be zero in Main Mode", (unsigned long) md->hdr.isa_msgid); - SEND_NOTIFICATION(INVALID_MESSAGE_ID); + SEND_NOTIFICATION(ISAKMP_INVALID_MESSAGE_ID); return; } if (is_zero_cookie(md->hdr.isa_icookie)) { plog("Initiator Cookie must not be zero in Main Mode message"); - SEND_NOTIFICATION(INVALID_COOKIE); + SEND_NOTIFICATION(ISAKMP_INVALID_COOKIE); return; } @@ -1315,7 +1315,7 @@ process_packet(struct msg_digest **mdp) { plog("initial Main Mode message is invalid:" " its Encrypted Flag is on"); - SEND_NOTIFICATION(INVALID_FLAGS); + SEND_NOTIFICATION(ISAKMP_INVALID_FLAGS); return; } @@ -1399,7 +1399,7 @@ process_packet(struct msg_digest **mdp) { memcpy(st->st_ph1_iv, st->st_new_iv, st->st_new_iv_len); st->st_ph1_iv_len = st->st_new_iv_len; - + /* backup new_iv */ new_iv_len = st->st_new_iv_len; passert(new_iv_len <= MAX_DIGEST_LEN) @@ -1429,7 +1429,7 @@ process_packet(struct msg_digest **mdp) { plog("Quick Mode message is invalid because" " it has an Initiator Cookie of 0"); - SEND_NOTIFICATION(INVALID_COOKIE); + SEND_NOTIFICATION(ISAKMP_INVALID_COOKIE); return; } @@ -1437,7 +1437,7 @@ process_packet(struct msg_digest **mdp) { plog("Quick Mode message is invalid because" " it has a Responder Cookie of 0"); - SEND_NOTIFICATION(INVALID_COOKIE); + SEND_NOTIFICATION(ISAKMP_INVALID_COOKIE); return; } @@ -1445,7 +1445,7 @@ process_packet(struct msg_digest **mdp) { plog("Quick Mode message is invalid because" " it has a Message ID of 0"); - SEND_NOTIFICATION(INVALID_MESSAGE_ID); + SEND_NOTIFICATION(ISAKMP_INVALID_MESSAGE_ID); return; } @@ -1475,7 +1475,7 @@ process_packet(struct msg_digest **mdp) { loglog(RC_LOG_SERIOUS, "Quick Mode message is unacceptable because" " it is for an incomplete ISAKMP SA"); - SEND_NOTIFICATION(PAYLOAD_MALFORMED /* XXX ? */); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED /* XXX ? */); return; } @@ -1486,7 +1486,7 @@ process_packet(struct msg_digest **mdp) " it uses a previously used Message ID 0x%08lx" " (perhaps this is a duplicated packet)" , (unsigned long) md->hdr.isa_msgid); - SEND_NOTIFICATION(INVALID_MESSAGE_ID); + SEND_NOTIFICATION(ISAKMP_INVALID_MESSAGE_ID); return; } @@ -1498,7 +1498,7 @@ process_packet(struct msg_digest **mdp) } else { - set_cur_state(st); + set_cur_state(st); from_state = st->st_state; } @@ -1635,7 +1635,7 @@ process_packet(struct msg_digest **mdp) default: plog("unsupported exchange type %s in message" , enum_show(&exchange_names, md->hdr.isa_xchg)); - SEND_NOTIFICATION(UNSUPPORTED_EXCHANGE_TYPE); + SEND_NOTIFICATION(ISAKMP_UNSUPPORTED_EXCHANGE_TYPE); return; } @@ -1681,7 +1681,7 @@ process_packet(struct msg_digest **mdp) default: auth = st->st_oakley.auth; } - + while (!LHAS(smc->flags, auth)) { smc++; @@ -1748,14 +1748,14 @@ process_packet(struct msg_digest **mdp) if (st == NULL) { plog("discarding encrypted message for an unknown ISAKMP SA"); - SEND_NOTIFICATION(PAYLOAD_MALFORMED /* XXX ? */); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED /* XXX ? */); return; } if (st->st_skeyid_e.ptr == (u_char *) NULL) { loglog(RC_LOG_SERIOUS, "discarding encrypted message" " because we haven't yet negotiated keying materiel"); - SEND_NOTIFICATION(INVALID_FLAGS); + SEND_NOTIFICATION(ISAKMP_INVALID_FLAGS); return; } @@ -1795,7 +1795,7 @@ process_packet(struct msg_digest **mdp) if (pbs_left(&md->message_pbs) % crypter_block_size != 0) { loglog(RC_LOG_SERIOUS, "malformed message: not a multiple of encryption blocksize"); - SEND_NOTIFICATION(PAYLOAD_MALFORMED); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED); return; } @@ -1823,11 +1823,11 @@ process_packet(struct msg_digest **mdp) memcpy(new_iv, data.ptr + data.len - crypter_block_size, crypter_block_size); - crypter->set_key(crypter, st->st_enc_key); + crypter->set_key(crypter, st->st_enc_key); crypter->decrypt(crypter, data, iv, NULL); crypter->destroy(crypter); - memcpy(st->st_new_iv, new_iv, crypter_block_size); + memcpy(st->st_new_iv, new_iv, crypter_block_size); if (restore_iv) { memcpy(st->st_new_iv, new_iv, new_iv_len); @@ -1848,7 +1848,7 @@ process_packet(struct msg_digest **mdp) if (smc->flags & SMF_INPUT_ENCRYPTED) { loglog(RC_LOG_SERIOUS, "packet rejected: should have been encrypted"); - SEND_NOTIFICATION(INVALID_FLAGS); + SEND_NOTIFICATION(ISAKMP_INVALID_FLAGS); return; } } @@ -1875,7 +1875,7 @@ process_packet(struct msg_digest **mdp) if (pd == &md->digest[PAYLIMIT]) { loglog(RC_LOG_SERIOUS, "more than %d payloads in message; ignored", PAYLIMIT); - SEND_NOTIFICATION(PAYLOAD_MALFORMED); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED); return; } @@ -1915,7 +1915,7 @@ process_packet(struct msg_digest **mdp) loglog(RC_LOG_SERIOUS, "%smessage ignored because it contains an unknown or" " unexpected payload type (%s) at the outermost level" , excuse, enum_show(&payload_names, np)); - SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE); + SEND_NOTIFICATION(ISAKMP_INVALID_PAYLOAD_TYPE); return; } } @@ -1929,7 +1929,7 @@ process_packet(struct msg_digest **mdp) loglog(RC_LOG_SERIOUS, "%smessage ignored because it " "contains an unexpected payload type (%s)" , excuse, enum_show(&payload_names, np)); - SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE); + SEND_NOTIFICATION(ISAKMP_INVALID_PAYLOAD_TYPE); return; } needed &= ~s; @@ -1939,7 +1939,7 @@ process_packet(struct msg_digest **mdp) { loglog(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); if (md->hdr.isa_xchg != ISAKMP_XCHG_INFO) - SEND_NOTIFICATION(PAYLOAD_MALFORMED); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED); return; } @@ -1979,7 +1979,7 @@ process_packet(struct msg_digest **mdp) loglog(RC_LOG_SERIOUS, "message for %s is missing payloads %s" , enum_show(&state_names, from_state) , bitnamesof(payload_name, needed)); - SEND_NOTIFICATION(PAYLOAD_MALFORMED); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED); return; } } @@ -1995,7 +1995,7 @@ process_packet(struct msg_digest **mdp) && md->hdr.isa_np != ISAKMP_NEXT_SA) { loglog(RC_LOG_SERIOUS, "malformed Phase 1 message: does not start with an SA payload"); - SEND_NOTIFICATION(PAYLOAD_MALFORMED); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED); return; } } @@ -2019,7 +2019,7 @@ process_packet(struct msg_digest **mdp) if (md->hdr.isa_np != ISAKMP_NEXT_HASH) { loglog(RC_LOG_SERIOUS, "malformed Quick Mode message: does not start with a HASH payload"); - SEND_NOTIFICATION(PAYLOAD_MALFORMED); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED); return; } @@ -2033,7 +2033,7 @@ process_packet(struct msg_digest **mdp) if (p != &md->digest[i]) { loglog(RC_LOG_SERIOUS, "malformed Quick Mode message: SA payload is in wrong position"); - SEND_NOTIFICATION(PAYLOAD_MALFORMED); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED); return; } } @@ -2054,14 +2054,14 @@ process_packet(struct msg_digest **mdp) loglog(RC_LOG_SERIOUS, "malformed Quick Mode message:" " if any ID payload is present," " there must be exactly two"); - SEND_NOTIFICATION(PAYLOAD_MALFORMED); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED); return; } if (id+1 != id->next) { loglog(RC_LOG_SERIOUS, "malformed Quick Mode message:" " the ID payloads are not adjacent"); - SEND_NOTIFICATION(PAYLOAD_MALFORMED); + SEND_NOTIFICATION(ISAKMP_PAYLOAD_MALFORMED); return; } } @@ -2192,7 +2192,7 @@ complete_state_transition(struct msg_digest **mdp, stf_status result) time_t delay = UNDEFINED_TIME; enum event_type kind = smc->timeout_event; bool agreed_time = FALSE; - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; switch (kind) { @@ -2310,7 +2310,7 @@ complete_state_transition(struct msg_digest **mdp, stf_status result) const char *story = state_story[st->st_state - STATE_MAIN_R0]; enum rc_type w = RC_NEW_STATE + st->st_state; char sadetails[128]; - + sadetails[0]='\0'; if (IS_IPSEC_SA_ESTABLISHED(st->st_state)) diff --git a/src/pluto/dnskey.c b/src/pluto/dnskey.c index ed901ade5..ec56b8530 100644 --- a/src/pluto/dnskey.c +++ b/src/pluto/dnskey.c @@ -36,7 +36,7 @@ #include "adns.h" /* needs */ #include "defs.h" #include "log.h" -#include "id.h" +#include "myid.h" #include "connections.h" #include "keys.h" /* needs connections.h */ #include "dnskey.h" @@ -238,62 +238,30 @@ stop_adns(void) #define our_TXT_attr_string "X-IPsec-Server" static const char our_TXT_attr[] = our_TXT_attr_string; -static err_t -decode_iii(u_char **pp, struct id *gw_id) +identification_t* decode_iii(u_char **pp) { + identification_t *gw_id; u_char *p = *pp + strspn(*pp, " \t"); u_char *e = p + strcspn(p, " \t"); u_char under = *e; if (p == e) { - return "TXT " our_TXT_attr_string " badly formed (no gateway specified)"; + return NULL; } *e = '\0'; - if (*p == '@') - { - /* gateway specification in this record is @FQDN */ - err_t ugh = atoid(p, gw_id, FALSE); - - if (ugh != NULL) - { - return builddiag("malformed FQDN in TXT " our_TXT_attr_string ": %s" - , ugh); - } - } - else - { - /* gateway specification is numeric */ - ip_address ip; - err_t ugh = tnatoaddr(p, e-p - , strchr(p, ':') == NULL? AF_INET : AF_INET6 - , &ip); - - if (ugh != NULL) - { - return builddiag("malformed IP address in TXT " our_TXT_attr_string ": %s" - , ugh); - } - if (isanyaddr(&ip)) - { - return "gateway address must not be 0.0.0.0 or 0::0"; - } - iptoid(&ip, gw_id); - } - + gw_id = identification_create_from_string(p); *e = under; *pp = e + strspn(e, " \t"); - return NULL; + return gw_id; } -static err_t -process_txt_rr_body(u_char *str -, bool doit /* should we capture information? */ -, enum dns_auth_level dns_auth_level -, struct adns_continuation *const cr) +static err_t process_txt_rr_body(u_char *str, bool doit, + enum dns_auth_level dns_auth_level, + struct adns_continuation *const cr) { - const struct id *client_id = &cr->id; /* subject of query */ + identification_t *client_id = cr->id; /* subject of query */ u_char *p = str; unsigned long pref = 0; struct gw_info gi; @@ -349,10 +317,13 @@ process_txt_rr_body(u_char *str p += strspn(p, " \t"); /* Decode iii (Security Gateway ID). */ - zero(&gi); /* before first use */ - TRY(decode_iii(&p, &gi.gw_id)); /* will need to unshare_id_content */ + gi.gw_id = decode_iii(&p); + if (gi.gw_id == NULL) + { + return "TXT " our_TXT_attr_string " badly formed (no gateway specified)"; + } if (!cr->sgw_specified) { @@ -360,19 +331,14 @@ process_txt_rr_body(u_char *str * and we don't know who to initiate with. * So we're looking for gateway specs with an IP address */ - if (!id_is_ipaddr(&gi.gw_id)) + if (gi.gw_id->get_type(gi.gw_id) != ID_IPV4_ADDR && + gi.gw_id->get_type(gi.gw_id) != ID_IPV6_ADDR) { DBG(DBG_DNS, - { - char cidb[BUF_LEN]; - char gwidb[BUF_LEN]; - - idtoa(client_id, cidb, sizeof(cidb)); - idtoa(&gi.gw_id, gwidb, sizeof(gwidb)); - DBG_log("TXT %s record for %s: security gateway %s;" - " ignored because gateway's IP is unspecified" - , our_TXT_attr, cidb, gwidb); - }); + DBG_log("TXT %s record for '%Y': security gateway '%Y';" + " ignored because gateway's IP is unspecified", + our_TXT_attr, client_id, gi.gw_id); + ) return NULL; /* we cannot use this record, but it isn't wrong */ } } @@ -381,23 +347,15 @@ process_txt_rr_body(u_char *str /* We do know the peer's ID (because we are responding) * So we're looking for gateway specs specifying this known ID. */ - const struct id *peer_id = &cr->sgw_id; + identification_t *peer_id = cr->sgw_id; - if (!same_id(peer_id, &gi.gw_id)) + if (!peer_id->equals(peer_id, gi.gw_id)) { DBG(DBG_DNS, - { - char cidb[BUF_LEN]; - char gwidb[BUF_LEN]; - char pidb[BUF_LEN]; - - idtoa(client_id, cidb, sizeof(cidb)); - idtoa(&gi.gw_id, gwidb, sizeof(gwidb)); - idtoa(peer_id, pidb, sizeof(pidb)); - DBG_log("TXT %s record for %s: security gateway %s;" - " ignored -- looking to confirm %s as gateway" - , our_TXT_attr, cidb, gwidb, pidb); - }); + DBG_log("TXT %s record for '%Y': security gateway '%Y';" + " ignored -- looking to confirm '%Y' as gateway", + our_TXT_attr, client_id, gi.gw_id, peer_id); + ) return NULL; /* we cannot use this record, but it isn't wrong */ } } @@ -407,7 +365,7 @@ process_txt_rr_body(u_char *str /* really accept gateway */ struct gw_info **gwip; /* gateway insertion point */ - gi.client_id = *client_id; /* will need to unshare_id_content */ + gi.client_id = client_id; /* will need to unshare_id_content */ /* decode optional kkk: base 64 encoding of key */ @@ -436,7 +394,7 @@ process_txt_rr_body(u_char *str } rfc3110_chunk = chunk_create(buf, sz); key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - BUILD_BLOB_RFC_3110, rfc3110_chunk, + BUILD_BLOB_DNSKEY, rfc3110_chunk, BUILD_END); if (key == NULL) { @@ -462,32 +420,26 @@ process_txt_rr_body(u_char *str DBG(DBG_DNS, { - char cidb[BUF_LEN]; - char gwidb[BUF_LEN]; - identification_t *keyid; - public_key_t *pub_key; - - idtoa(client_id, cidb, sizeof(cidb)); - idtoa(&gi.gw_id, gwidb, sizeof(gwidb)); - pub_key = gi.key->public_key; - keyid = pub_key->get_id(pub_key, ID_PUBKEY_SHA1); + chunk_t keyid; + public_key_t *key = gi.key->public_key; - if (gi.gw_key_present) + if (gi.gw_key_present && + key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &keyid)) { - DBG_log("gateway for %s is %s with key %Y" - , cidb, gwidb, keyid); + DBG_log("gateway for %s is %s with key %#B", + client_id, gi.gw_id, &keyid); } else { - DBG_log("gateway for %s is %s; no key specified" - , cidb, gwidb); + DBG_log("gateway for '%Y' is '%Y'; no key specified", + client_id, gi.gw_id); } }); gi.next = *gwip; *gwip = clone_thing(gi); - unshare_id_content(&(*gwip)->gw_id); - unshare_id_content(&(*gwip)->client_id); + (*gwip)->gw_id = (*gwip)->gw_id->clone((*gwip)->gw_id); + (*gwip)->client_id = (*gwip)->client_id->clone((*gwip)->client_id); } return NULL; @@ -1271,75 +1223,62 @@ process_dns_answer(struct adns_continuation *const cr /****************************************************************/ -static err_t -build_dns_name(u_char name_buf[NS_MAXDNAME + 2] -, unsigned long serial USED_BY_DEBUG -, const struct id *id -, const char *typename USED_BY_DEBUG -, const char *gwname USED_BY_DEBUG) +static err_t build_dns_name(u_char name_buf[NS_MAXDNAME + 2], + unsigned long serial USED_BY_DEBUG, + identification_t *id, + const char *typename USED_BY_DEBUG, + identification_t *gw USED_BY_DEBUG) { /* note: all end in "." to suppress relative searches */ id = resolve_myid(id); - switch (id->kind) - { - case ID_IPV4_ADDR: - { - /* XXX: this is really ugly and only temporary until addrtot can - * generate the correct format - */ - const unsigned char *b; - size_t bl USED_BY_DEBUG = addrbytesptr(&id->ip_addr, &b); - passert(bl == 4); - snprintf(name_buf, NS_MAXDNAME + 2, "%d.%d.%d.%d.in-addr.arpa." - , b[3], b[2], b[1], b[0]); - break; - } - - case ID_IPV6_ADDR: + switch (id->get_type(id)) { - /* ??? is this correct? */ - const unsigned char *b; - size_t bl; - u_char *op = name_buf; - static const char suffix[] = "IP6.INT."; - - for (bl = addrbytesptr(&id->ip_addr, &b); bl-- != 0; ) + case ID_IPV4_ADDR: { - if (op + 4 + sizeof(suffix) >= name_buf + NS_MAXDNAME + 1) - return "IPv6 reverse name too long"; - op += sprintf(op, "%x.%x.", b[bl] & 0xF, b[bl] >> 4); - } - strcpy(op, suffix); - break; - } + chunk_t b = id->get_encoding(id); - case ID_FQDN: - /* strip trailing "." characters, then add one */ + snprintf(name_buf, NS_MAXDNAME + 2, "%d.%d.%d.%d.in-addr.arpa.", + b.ptr[3], b.ptr[2], b.ptr[1], b.ptr[0]); + break; + } + case ID_IPV6_ADDR: { - size_t il = id->name.len; + chunk_t b = id->get_encoding(id); + size_t bl; + u_char *op = name_buf; + static const char suffix[] = "IP6.INT."; - while (il > 0 && id->name.ptr[il - 1] == '.') - il--; - if (il > NS_MAXDNAME) + for (bl = b.len; bl-- != 0; ) + { + if (op + 4 + sizeof(suffix) >= name_buf + NS_MAXDNAME + 1) + { + return "IPv6 reverse name too long"; + } + op += sprintf(op, "%x.%x.", b.ptr[bl] & 0xF, b.ptr[bl] >> 4); + } + strcpy(op, suffix); + break; + } + case ID_FQDN: + { + if (snprintf(name_buf, NS_MAXDNAME + 2, "%Y.", id) > NS_MAXDNAME + 1) + { return "FQDN too long for domain name"; - - memcpy(name_buf, id->name.ptr, il); - strcpy(name_buf + il, "."); + } + break; } - break; - - default: - return "can only query DNS for key for ID that is a FQDN, IPV4_ADDR, or IPV6_ADDR"; + default: + return "can only query DNS for key for ID that is a FQDN, IPV4_ADDR, or IPV6_ADDR"; } - DBG(DBG_CONTROL | DBG_DNS, DBG_log("DNS query %lu for %s for %s (gw: %s)" - , serial, typename, name_buf, gwname)); + DBG(DBG_CONTROL | DBG_DNS, + DBG_log("DNS query %lu for %s for %s (gw: %Y)", serial, typename, name_buf, gw) + ) return NULL; } -void -gw_addref(struct gw_info *gw) +void gw_addref(struct gw_info *gw) { if (gw != NULL) { @@ -1348,8 +1287,7 @@ gw_addref(struct gw_info *gw) } } -void -gw_delref(struct gw_info **gwp) +void gw_delref(struct gw_info **gwp) { struct gw_info *gw = *gwp; @@ -1361,10 +1299,12 @@ gw_delref(struct gw_info **gwp) gw->refcnt--; if (gw->refcnt == 0) { - free_id_content(&gw->client_id); - free_id_content(&gw->gw_id); + DESTROY_IF(gw->client_id); + DESTROY_IF(gw->gw_id); if (gw->gw_key_present) + { unreference_key(&gw->key); + } gw_delref(&gw->next); free(gw); /* trickery could make this a tail-call */ } @@ -1414,68 +1354,61 @@ static int adns_in_flight = 0; /* queries outstanding */ static struct adns_continuation *continuations = NULL; /* newest of queue */ static struct adns_continuation *next_query = NULL; /* oldest not sent */ -static struct adns_continuation * -continuation_for_qtid(unsigned long qtid) +static struct adns_continuation *continuation_for_qtid(unsigned long qtid) { struct adns_continuation *cr = NULL; if (qtid != 0) + { for (cr = continuations; cr != NULL && cr->qtid != qtid; cr = cr->previous) ; + } return cr; } -static void -release_adns_continuation(struct adns_continuation *cr) +static void release_adns_continuation(struct adns_continuation *cr) { passert(cr != next_query); gw_delref(&cr->gateways_from_dns); #ifdef USE_KEYRR free_public_keys(&cr->keys_from_dns); #endif /* USE_KEYRR */ - unshare_id_content(&cr->id); - unshare_id_content(&cr->sgw_id); + cr->id = cr->id->clone(cr->id); + cr->sgw_id = cr->sgw_id->clone(cr->sgw_id); /* unlink from doubly-linked list */ if (cr->next == NULL) { - passert(continuations == cr); continuations = cr->previous; } else { - passert(cr->next->previous == cr); cr->next->previous = cr->previous; } if (cr->previous != NULL) { - passert(cr->previous->next == cr); cr->previous->next = cr->next; } free(cr); } -err_t -start_adns_query(const struct id *id /* domain to query */ -, const struct id *sgw_id /* if non-null, any accepted gw_info must match */ -, int type /* T_TXT or T_KEY, selecting rr type of interest */ -, cont_fn_t cont_fn -, struct adns_continuation *cr) +err_t start_adns_query(identification_t *id, /* domain to query */ + identification_t *sgw_id, /* if non-null, any accepted gw_info must match */ + int type, /* T_TXT or T_KEY, selecting rr type of interest */ + cont_fn_t cont_fn, + struct adns_continuation *cr) { static unsigned long qtid = 1; /* query transaction id; NOTE: static */ const char *typename = rr_typename(type); - char gwidb[BUF_LEN]; - if(adns_pid == 0 - && adns_restart_count < ADNS_RESTART_MAX) + if(adns_pid == 0 && adns_restart_count < ADNS_RESTART_MAX) { plog("ADNS helper was not running. Restarting attempt %d",adns_restart_count); init_adns(); } - /* Splice this in at head of doubly-linked list of continuations. * Note: this must be done before any release_adns_continuation(). */ @@ -1483,7 +1416,6 @@ start_adns_query(const struct id *id /* domain to query */ cr->previous = continuations; if (continuations != NULL) { - passert(continuations->next == NULL); continuations->next = cr; } continuations = cr; @@ -1491,11 +1423,11 @@ start_adns_query(const struct id *id /* domain to query */ cr->qtid = qtid++; cr->type = type; cr->cont_fn = cont_fn; - cr->id = *id; - unshare_id_content(&cr->id); - cr->sgw_specified = sgw_id != NULL; - cr->sgw_id = cr->sgw_specified? *sgw_id : empty_id; - unshare_id_content(&cr->sgw_id); + cr->id = id->clone(id); + cr->sgw_specified = (sgw_id != NULL); + cr->sgw_id = cr->sgw_specified ? + sgw_id->clone(sgw_id) : + identification_create_from_string("%any"); cr->gateways_from_dns = NULL; #ifdef USE_KEYRR cr->keys_from_dns = NULL; @@ -1507,15 +1439,12 @@ start_adns_query(const struct id *id /* domain to query */ cr->debugging = LEMPTY; #endif - idtoa(&cr->sgw_id, gwidb, sizeof(gwidb)); - zero(&cr->query); - { - err_t ugh = build_dns_name(cr->query.name_buf, cr->qtid - , id, typename, gwidb); + err_t ugh = build_dns_name(cr->query.name_buf, cr->qtid, id, + typename, cr->sgw_id); - if (ugh != NULL) + if (ugh) { release_adns_continuation(cr); return ugh; @@ -1620,8 +1549,7 @@ send_unsent_ADNS_queries(void) * Returns with error message iff lwdnsq result is malformed. * Most errors will be in DNS data and will be handled by cr->cont_fn. */ -static err_t -process_lwdnsq_answer(char *ts) +static err_t process_lwdnsq_answer(char *ts) { err_t ugh = NULL; char *rest; @@ -1813,11 +1741,10 @@ process_lwdnsq_answer(char *ts) } #endif /* USE_LWRES */ -static void -recover_adns_die(void) +static void recover_adns_die(void) { struct adns_continuation *cr = NULL; - + adns_pid = 0; if(adns_restart_count < ADNS_RESTART_MAX) { adns_restart_count++; @@ -1834,7 +1761,7 @@ recover_adns_die(void) if(continuations != NULL) { for (; cr->previous != NULL; cr = cr->previous); } - + next_query = cr; if(next_query != NULL) { @@ -1848,8 +1775,7 @@ void reset_adns_restart_count(void) adns_restart_count=0; } -void -handle_adns_answer(void) +void handle_adns_answer(void) { /* These are retained across calls to handle_adns_answer. */ static size_t buflen = 0; /* bytes in answer buffer */ diff --git a/src/pluto/dnskey.h b/src/pluto/dnskey.h index 976c715bf..d26a0e64f 100644 --- a/src/pluto/dnskey.h +++ b/src/pluto/dnskey.h @@ -12,9 +12,10 @@ * for more details. */ -extern int - adns_qfd, /* file descriptor for sending queries to adns */ - adns_afd; /* file descriptor for receiving answers from adns */ +#include + +extern int adns_qfd; /* file descriptor for sending queries to adns */ +extern int adns_afd; /* file descriptor for receiving answers from adns */ extern const char *pluto_adns_option; /* path from --pluto_adns */ extern void init_adns(void); extern void stop_adns(void); @@ -33,13 +34,13 @@ struct adns_continuation; /* forward declaration (not far!) */ typedef void (*cont_fn_t)(struct adns_continuation *cr, err_t ugh); struct adns_continuation { - unsigned long qtid; /* query transaction id number */ - int type; /* T_TXT or T_KEY, selecting rr type of interest */ - cont_fn_t cont_fn; /* function to carry on suspended work */ - struct id id; /* subject of query */ + unsigned long qtid; /* query transaction id number */ + int type; /* T_TXT or T_KEY, selecting rr type of interest */ + cont_fn_t cont_fn; /* function to carry on suspended work */ + identification_t *id; /* subject of query */ bool sgw_specified; - struct id sgw_id; /* peer, if constrained */ - lset_t debugging; /* only used #ifdef DEBUG, but don't want layout to change */ + identification_t *sgw_id; /* peer, if constrained */ + lset_t debugging; /* only used #ifdef DEBUG, but don't want layout to change */ struct gw_info *gateways_from_dns; /* answer, if looking for our TXT rrs */ #ifdef USE_KEYRR struct pubkey_list *keys_from_dns; /* answer, if looking for KEY rrs */ @@ -47,7 +48,7 @@ struct adns_continuation { struct adns_continuation *previous, *next; struct pubkey *last_info; /* the last structure we accumulated */ #ifdef USE_LWRES - bool used; /* have we called the cont_fn yet? */ + bool used; /* have we called the cont_fn yet? */ struct { u_char name_buf[NS_MAXDNAME + 2]; } query; @@ -56,8 +57,8 @@ struct adns_continuation { #endif /* ! USE_LWRES */ }; -extern err_t start_adns_query(const struct id *id /* domain to query */ - , const struct id *sgw_id /* if non-null, any accepted gw_info must match */ +extern err_t start_adns_query(identification_t *id /* domain to query */ + , identification_t *sgw_id /* if non-null, any accepted gw_info must match */ , int type /* T_TXT or T_KEY, selecting rr type of interest */ , cont_fn_t cont_fn /* continuation function */ , struct adns_continuation *cr); @@ -65,18 +66,17 @@ extern err_t start_adns_query(const struct id *id /* domain to query */ /* Gateway info gleaned from reverse DNS of client */ struct gw_info { - unsigned refcnt; /* reference counted! */ - unsigned pref; /* preference: lower is better */ -#define NO_TIME ((time_t) -2) /* time_t value meaning "not_yet" */ - struct id client_id; /* id of client of peer */ - struct id gw_id; /* id of peer (if id_is_ipaddr, .ip_addr is address) */ + unsigned refcnt; /* reference counted! */ + unsigned pref; /* preference: lower is better */ +#define NO_TIME ((time_t) -2) /* time_t value meaning "not_yet" */ + identification_t* client_id; /* id of client of peer */ + identification_t* gw_id; /* id of peer (if id_is_ipaddr, .ip_addr is address) */ bool gw_key_present; struct pubkey *key; struct gw_info *next; }; -extern void gw_addref(struct gw_info *gw) - , gw_delref(struct gw_info **gwp); - +extern void gw_addref(struct gw_info *gw); +extern void gw_delref(struct gw_info **gwp); extern void reset_adns_restart_count(void); diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index 6f7f1215f..6172165bd 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -28,27 +28,27 @@ #include #include #include -#include +#include +#ifdef THREADS +#include +#endif #include "constants.h" #include "defs.h" #include "log.h" -#include "id.h" -#include "pem.h" #include "x509.h" #include "ca.h" #include "whack.h" #include "ocsp.h" #include "crl.h" #include "fetch.h" +#include "builder.h" fetch_req_t empty_fetch_req = { NULL , /* next */ - 0 , /* installed */ 0 , /* trials */ - { NULL, 0}, /* issuer */ + NULL , /* issuer */ { NULL, 0}, /* authKeyID */ - { NULL, 0}, /* authKeySerialNumber */ NULL /* distributionPoints */ }; @@ -59,7 +59,7 @@ static fetch_req_t *crl_fetch_reqs = NULL; static ocsp_location_t *ocsp_fetch_reqs = NULL; #ifdef THREADS -static pthread_t thread; +static thread_t *thread; static pthread_mutex_t certs_and_keys_mutex = PTHREAD_MUTEX_INITIALIZER; static pthread_mutex_t authcert_list_mutex = PTHREAD_MUTEX_INITIALIZER; static pthread_mutex_t crl_list_mutex = PTHREAD_MUTEX_INITIALIZER; @@ -251,10 +251,9 @@ void wake_fetch_thread(const char *who) */ static void free_fetch_request(fetch_req_t *req) { - free(req->issuer.ptr); - free(req->authKeySerialNumber.ptr); + req->distributionPoints->destroy_function(req->distributionPoints, free); + DESTROY_IF(req->issuer); free(req->authKeyID.ptr); - free_generalNames(req->distributionPoints, TRUE); free(req); } @@ -262,86 +261,63 @@ static void free_fetch_request(fetch_req_t *req) /** * Fetch an ASN.1 blob coded in PEM or DER format from a URL */ -bool fetch_asn1_blob(char *url, chunk_t *blob) +x509crl_t* fetch_crl(char *url) { + x509crl_t *crl; + chunk_t blob; + DBG1(" fetching crl from '%s' ...", url); - if (lib->fetcher->fetch(lib->fetcher, url, blob, FETCH_END) != SUCCESS) + if (lib->fetcher->fetch(lib->fetcher, url, &blob, FETCH_END) != SUCCESS) { DBG1("crl fetching failed"); return FALSE; } - - if (is_asn1(*blob)) + crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, + BUILD_BLOB_PEM, blob, BUILD_END); + free(blob.ptr); + if (!crl) { - DBG2(" fetched blob coded in DER format"); + DBG1("crl fetched successfully but data coded in unknown format"); } - else - { - bool pgp = FALSE; - - if (pem_to_bin(blob, chunk_empty, &pgp) != SUCCESS) - { - free(blob->ptr); - return FALSE; - } - if (is_asn1(*blob)) - { - DBG2(" fetched blob coded in PEM format"); - } - else - { - DBG1("crl fetched successfully but data coded in unknown format"); - free(blob->ptr); - return FALSE; - } - } - return TRUE; + return crl; } /** * Complete a distributionPoint URI with ca information */ -static char* complete_uri(chunk_t distPoint, const char *ldaphost) +static char* complete_uri(char *distPoint, const char *ldaphost) { - char *uri; - char *ptr = distPoint.ptr; - size_t len = distPoint.len; + char *symbol = strchr(distPoint, ':'); - char *symbol = memchr(ptr, ':', len); - - if (symbol != NULL) + if (symbol) { - size_t type_len = symbol - ptr; - - if (type_len >= 4 && strncasecmp(ptr, "ldap", 4) == 0) + int type_len = symbol - distPoint; + + if (type_len >= 4 && strncasecmp(distPoint, "ldap", 4) == 0) { - ptr = symbol + 1; - len -= (type_len + 1); + char *ptr = symbol + 1; + int len = strlen(distPoint) - (type_len + 1); if (len > 2 && *ptr++ == '/' && *ptr++ == '/') { len -= 2; - symbol = memchr(ptr, '/', len); - - if (symbol != NULL && symbol - ptr == 0 && ldaphost != NULL) + symbol = strchr(ptr, '/'); + + if (symbol && symbol - ptr == 0 && ldaphost) { - uri = malloc(distPoint.len + strlen(ldaphost) + 1); + char uri[BUF_LEN]; /* insert the ldaphost into the uri */ - sprintf(uri, "%.*s%s%.*s" - , (int)(distPoint.len - len), distPoint.ptr - , ldaphost - , (int)len, symbol); - return uri; + snprintf(uri, BUF_LEN, "%.*s%s%.*s", strlen(distPoint)-len, + distPoint, ldaphost, len, symbol); + return strdup(uri); } } } } - + /* default action: copy distributionPoint without change */ - uri = malloc(distPoint.len + 1); - sprintf(uri, "%.*s", (int)distPoint.len, distPoint.ptr); - return uri; + return strdup(distPoint); } /** @@ -358,39 +334,40 @@ static void fetch_crls(bool cache_crls) while (req != NULL) { + enumerator_t *enumerator; + char *point; bool valid_crl = FALSE; - chunk_t blob = chunk_empty; - generalName_t *gn = req->distributionPoints; const char *ldaphost; ca_info_t *ca; lock_ca_info_list("fetch_crls"); - ca = get_ca_info(req->issuer, req->authKeySerialNumber, req->authKeyID); + ca = get_ca_info(req->issuer, req->authKeyID); ldaphost = (ca == NULL)? NULL : ca->ldaphost; - while (gn != NULL) + enumerator = req->distributionPoints->create_enumerator(req->distributionPoints); + while (enumerator->enumerate(enumerator, &point)) { - char *uri = complete_uri(gn->name, ldaphost); + x509crl_t *crl; + char *uri; - if (fetch_asn1_blob(uri, &blob)) - { - chunk_t crl_uri = chunk_clone(gn->name); + uri = complete_uri(point, ldaphost); + crl = fetch_crl(uri); + free(uri); - if (insert_crl(blob, crl_uri, cache_crls)) + if (crl) + { + if (insert_crl(crl, point, cache_crls)) { DBG(DBG_CONTROL, DBG_log("we have a valid crl") ) valid_crl = TRUE; - free(uri); break; } } - free(uri); - gn = gn->next; } - + enumerator->destroy(enumerator); unlock_ca_info_list("fetch_crls"); if (valid_crl) @@ -415,19 +392,11 @@ static void fetch_crls(bool cache_crls) static void fetch_ocsp_status(ocsp_location_t* location) { - chunk_t request, response; - char *uri; + chunk_t request = build_ocsp_request(location); + chunk_t response = chunk_empty; - request = build_ocsp_request(location); - response = chunk_empty; - - /* we need a null terminated string for curl */ - uri = malloc(location->uri.len + 1); - memcpy(uri, location->uri.ptr, location->uri.len); - *(uri + location->uri.len) = '\0'; - - DBG1(" requesting ocsp status from '%s' ...", uri); - if (lib->fetcher->fetch(lib->fetcher, uri, &response, + DBG1(" requesting ocsp status from '%s' ...", location->uri); + if (lib->fetcher->fetch(lib->fetcher, location->uri, &response, FETCH_REQUEST_DATA, request, FETCH_REQUEST_TYPE, "application/ocsp-request", FETCH_END) == SUCCESS) @@ -436,17 +405,16 @@ static void fetch_ocsp_status(ocsp_location_t* location) } else { - DBG1("ocsp request to %s failed", uri); + DBG1("ocsp request to %s failed", location->uri); } - free(uri); free(request.ptr); chunk_free(&location->nonce); /* increment the trial counter of the unresolved fetch requests */ { ocsp_certinfo_t *certinfo = location->certinfo; - + while (certinfo != NULL) { certinfo->trials++; @@ -482,6 +450,9 @@ static void* fetch_thread(void *arg) { struct timespec wait_interval; + /* the fetching thread is only cancellable while waiting for new events */ + thread_cancelability(FALSE); + DBG(DBG_CONTROL, DBG_log("fetch thread started") ) @@ -498,8 +469,11 @@ static void* fetch_thread(void *arg) DBG(DBG_CONTROL, DBG_log("next regular crl check in %ld seconds", crl_check_interval) ) + + thread_cancelability(TRUE); status = pthread_cond_timedwait(&fetch_wake_cond, &fetch_wake_mutex , &wait_interval); + thread_cancelability(FALSE); if (status == ETIMEDOUT) { @@ -519,22 +493,22 @@ static void* fetch_thread(void *arg) fetch_ocsp(); fetch_crls(cache_crls); } + return NULL; } #endif /* THREADS*/ /** * Initializes curl and starts the fetching thread */ -void init_fetch(void) +void fetch_initialize(void) { if (crl_check_interval > 0) { #ifdef THREADS - int status = pthread_create( &thread, NULL, fetch_thread, NULL); - - if (status != 0) + thread = thread_create((thread_main_t)fetch_thread, NULL); + if (thread == NULL) { - plog("fetching thread could not be started, status = %d", status); + plog("fetching thread could not be started"); } #else /* !THREADS */ plog("warning: not compiled with pthread support"); @@ -542,6 +516,23 @@ void init_fetch(void) } } +/** + * Terminates the fetching thread + */ +void fetch_finalize(void) +{ + if (crl_check_interval > 0) + { +#ifdef THREADS + if (thread) + { + thread->cancel(thread); + thread->join(thread); + } +#endif + } +} + void free_crl_fetch(void) { lock_crl_fetch_list("free_crl_fetch"); @@ -567,63 +558,94 @@ void free_ocsp_fetch(void) } +/** + * Add an additional distribution point + */ +void add_distribution_point(linked_list_t *points, char *new_point) +{ + char *point; + bool add = TRUE; + enumerator_t *enumerator; + + if (new_point == NULL || *new_point == '\0') + { + return; + } + + enumerator = points->create_enumerator(points); + while (enumerator->enumerate(enumerator, &point)) + { + if (streq(point, new_point)) + { + add = FALSE; + break; + } + } + enumerator->destroy(enumerator); + + if (add) + { + points->insert_last(points, strdup(new_point)); + } +} + /** * Add additional distribution points */ -void add_distribution_points(const generalName_t *newPoints ,generalName_t **distributionPoints) +void add_distribution_points(linked_list_t *points, linked_list_t *new_points) { - while (newPoints != NULL) + char *new_point; + enumerator_t *enumerator; + + enumerator = new_points->create_enumerator(new_points); + while (enumerator->enumerate(enumerator, &new_point)) { - /* skip empty distribution point */ - if (newPoints->name.len > 0) - { - bool add = TRUE; - generalName_t *gn = *distributionPoints; + bool add = TRUE; + char *point; + enumerator_t *enumerator; - while (gn != NULL) + enumerator = points->create_enumerator(points); + while (enumerator->enumerate(enumerator, &point)) + { + if (streq(point, new_point)) { - if (gn->kind == newPoints->kind - && gn->name.len == newPoints->name.len - && memeq(gn->name.ptr, newPoints->name.ptr, gn->name.len)) - { - /* skip if the distribution point is already present */ - add = FALSE; - break; - } - gn = gn->next; + add = FALSE; + break; } + } + enumerator->destroy(enumerator); - if (add) - { - /* clone additional distribution point */ - gn = clone_thing(*newPoints); - gn->name = chunk_clone(newPoints->name); - - /* insert additional CRL distribution point */ - gn->next = *distributionPoints; - *distributionPoints = gn; - } + if (add) + { + points->insert_last(points, strdup(new_point)); } - newPoints = newPoints->next; } + enumerator->destroy(enumerator); } -fetch_req_t* build_crl_fetch_request(chunk_t issuer, chunk_t authKeySerialNumber, - chunk_t authKeyID, const generalName_t *gn) +fetch_req_t* build_crl_fetch_request(identification_t *issuer, + chunk_t authKeyID, + linked_list_t *distributionPoints) { + char *point; + enumerator_t *enumerator; fetch_req_t *req = malloc_thing(fetch_req_t); - *req = empty_fetch_req; - /* note current time */ - req->installed = time(NULL); + memset(req, 0, sizeof(fetch_req_t)); + req->distributionPoints = linked_list_create(); /* clone fields */ - req->issuer = chunk_clone(issuer); - req->authKeySerialNumber = chunk_clone(authKeySerialNumber); + req->issuer = issuer->clone(issuer); req->authKeyID = chunk_clone(authKeyID); /* copy distribution points */ - add_distribution_points(gn, &req->distributionPoints); + enumerator = distributionPoints->create_enumerator(distributionPoints); + while (enumerator->enumerate(enumerator, &point)) + { + req->distributionPoints->insert_last(req->distributionPoints, + strdup(point)); + } + enumerator->destroy(enumerator); return req; } @@ -640,9 +662,8 @@ void add_crl_fetch_request(fetch_req_t *req) while (r != NULL) { - if ((req->authKeyID.ptr != NULL)? same_keyid(req->authKeyID, r->authKeyID) - : (same_dn(req->issuer, r->issuer) - && same_serial(req->authKeySerialNumber, r->authKeySerialNumber))) + if (req->authKeyID.ptr ? same_keyid(req->authKeyID, r->authKeyID) : + req->issuer->equals(req->issuer, r->issuer)) { /* there is already a fetch request */ DBG(DBG_CONTROL, @@ -650,7 +671,8 @@ void add_crl_fetch_request(fetch_req_t *req) ) /* there might be new distribution points */ - add_distribution_points(req->distributionPoints, &r->distributionPoints); + add_distribution_points(r->distributionPoints, + req->distributionPoints); unlock_crl_fetch_list("add_crl_fetch_request"); free_fetch_request(req); @@ -686,17 +708,20 @@ void add_ocsp_fetch_request(ocsp_location_t *location, chunk_t serialNumber) /** * List all distribution points */ -void list_distribution_points(const generalName_t *gn) +void list_distribution_points(linked_list_t *distributionPoints) { - bool first_gn = TRUE; + char *point; + bool first_point = TRUE; + enumerator_t *enumerator; - while (gn != NULL) + enumerator = distributionPoints->create_enumerator(distributionPoints); + while (enumerator->enumerate(enumerator, &point)) { - whack_log(RC_COMMENT, " %s '%.*s'", (first_gn)? "distPts: " - :" ", (int)gn->name.len, gn->name.ptr); - first_gn = FALSE; - gn = gn->next; + whack_log(RC_COMMENT, " %s '%s'", + (first_point)? "distPts: " : " ", point); + first_point = FALSE; } + enumerator->destroy(enumerator); } /** @@ -712,29 +737,17 @@ void list_crl_fetch_requests(bool utc) if (req != NULL) { whack_log(RC_COMMENT, " "); - whack_log(RC_COMMENT, "List of CRL fetch requests:"); - whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, "List of CRL Fetch Requests:"); } while (req != NULL) { - u_char buf[BUF_LEN]; - - whack_log(RC_COMMENT, "%T, trials: %d" - , &req->installed, utc, req->trials); - dntoa(buf, BUF_LEN, req->issuer); - whack_log(RC_COMMENT, " issuer: '%s'", buf); - if (req->authKeyID.ptr != NULL) - { - datatot(req->authKeyID.ptr, req->authKeyID.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " authkey: %s", buf); - } - if (req->authKeySerialNumber.ptr != NULL) + whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, " trials: %d", req->trials); + whack_log(RC_COMMENT, " issuer: \"%Y\"", req->issuer); + if (req->authKeyID.ptr) { - datatot(req->authKeySerialNumber.ptr, req->authKeySerialNumber.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " aserial: %s", buf); + whack_log(RC_COMMENT, " authkey: %#B", &req->authKeyID); } list_distribution_points(req->distributionPoints); req = req->next; diff --git a/src/pluto/fetch.h b/src/pluto/fetch.h index f7b4eb074..265dc5fe7 100644 --- a/src/pluto/fetch.h +++ b/src/pluto/fetch.h @@ -13,6 +13,9 @@ * for more details. */ +#include +#include + #include "x509.h" #define FETCH_CMD_TIMEOUT 10 /* seconds */ @@ -27,13 +30,11 @@ typedef enum { typedef struct fetch_req fetch_req_t; struct fetch_req { - fetch_req_t *next; - time_t installed; - int trials; - chunk_t issuer; - chunk_t authKeyID; - chunk_t authKeySerialNumber; - generalName_t *distributionPoints; + fetch_req_t *next; + int trials; + identification_t *issuer; + chunk_t authKeyID; + linked_list_t *distributionPoints; }; #ifdef THREADS @@ -61,16 +62,20 @@ extern void wake_fetch_thread(const char *who); #define unlock_certs_and_keys(who) /* do nothing */ #define wake_fetch_thread(who) /* do nothing */ #endif -extern void init_fetch(void); +extern void fetch_initialize(void); +extern void fetch_finalize(void); extern void free_crl_fetch(void); extern void free_ocsp_fetch(void); -extern void add_distribution_points(const generalName_t *newPoints - , generalName_t **distributionPoints); -extern fetch_req_t* build_crl_fetch_request(chunk_t issuer, chunk_t authKeySerialNumber - , chunk_t authKeyID, const generalName_t *gn); +extern void add_distribution_point(linked_list_t *points, char* new_point); +extern void add_distribution_points(linked_list_t *points, + linked_list_t *new_points); +extern fetch_req_t* build_crl_fetch_request(identification_t *issuer, + chunk_t authKeyID, + linked_list_t *distributionPoints); extern void add_crl_fetch_request(fetch_req_t *req); -extern void add_ocsp_fetch_request(struct ocsp_location *location, chunk_t serialNumber); -extern void list_distribution_points(const generalName_t *gn); +extern void add_ocsp_fetch_request(struct ocsp_location *location, + chunk_t serialNumber); +extern void list_distribution_points(linked_list_t *distributionPoints); extern void list_crl_fetch_requests(bool utc); extern void list_ocsp_fetch_requests(bool utc); extern size_t write_buffer(void *ptr, size_t size, size_t nmemb, void *data); diff --git a/src/pluto/foodgroups.c b/src/pluto/foodgroups.c index ed9853fc4..e4f9a1d01 100644 --- a/src/pluto/foodgroups.c +++ b/src/pluto/foodgroups.c @@ -48,7 +48,7 @@ static size_t fg_path_space = 0; struct fg_groups { struct fg_groups *next; - struct connection *connection; + connection_t *connection; }; static struct fg_groups *groups = NULL; @@ -78,8 +78,7 @@ struct fg_targets *new_targets; * It returns -1, 0, or +1 if a is, respectively, * less than, equal to, or greater than b. */ -static int -ipcmp(ip_address *a, ip_address *b) +static int ipcmp(ip_address *a, ip_address *b) { if (addrtypeof(a) != addrtypeof(b)) { @@ -105,8 +104,7 @@ ipcmp(ip_address *a, ip_address *b) * It returns -1, 0, or +1 if a is, respectively, * less than, equal to, or greater than b. */ -static int -subnetcmp(const ip_subnet *a, const ip_subnet *b) +static int subnetcmp(const ip_subnet *a, const ip_subnet *b) { ip_address neta, maska, netb, maskb; int r; @@ -121,8 +119,7 @@ subnetcmp(const ip_subnet *a, const ip_subnet *b) return r; } -static void -read_foodgroup(struct fg_groups *g) +static void read_foodgroup(struct fg_groups *g) { const char *fgn = g->connection->name; const ip_subnet *lsn = &g->connection->spd.this.client; @@ -244,8 +241,7 @@ read_foodgroup(struct fg_groups *g) } } -static void -free_targets(void) +static void free_targets(void) { while (targets != NULL) { @@ -257,8 +253,7 @@ free_targets(void) } } -void -load_groups(void) +void load_groups(void) { passert(new_targets == NULL); @@ -341,8 +336,7 @@ load_groups(void) } -void -add_group(struct connection *c) +void add_group(connection_t *c) { struct fg_groups *g = malloc_thing(struct fg_groups); @@ -352,8 +346,7 @@ add_group(struct connection *c) g->connection = c; } -static struct fg_groups * -find_group(const struct connection *c) +static struct fg_groups *find_group(const connection_t *c) { struct fg_groups *g; @@ -362,8 +355,7 @@ find_group(const struct connection *c) return g; } -void -route_group(struct connection *c) +void route_group(connection_t *c) { /* it makes no sense to route a connection that is ISAKMP-only */ if (!NEVER_NEGOTIATE(c->policy) && !HAS_IPSEC_POLICY(c->policy)) @@ -381,7 +373,7 @@ route_group(struct connection *c) { if (t->group == g) { - struct connection *ci = con_by_name(t->name, FALSE); + connection_t *ci = con_by_name(t->name, FALSE); if (ci != NULL) { @@ -395,8 +387,7 @@ route_group(struct connection *c) } } -void -unroute_group(struct connection *c) +void unroute_group(connection_t *c) { struct fg_groups *g = find_group(c); struct fg_targets *t; @@ -407,7 +398,7 @@ unroute_group(struct connection *c) { if (t->group == g) { - struct connection *ci = con_by_name(t->name, FALSE); + connection_t *ci = con_by_name(t->name, FALSE); if (ci != NULL) { @@ -419,8 +410,7 @@ unroute_group(struct connection *c) } } -void -delete_group(const struct connection *c) +void delete_group(const connection_t *c) { struct fg_groups *g; diff --git a/src/pluto/id.c b/src/pluto/id.c deleted file mode 100644 index f34775e68..000000000 --- a/src/pluto/id.c +++ /dev/null @@ -1,523 +0,0 @@ -/* identity representation, as in IKE ID Payloads (RFC 2407 DOI 4.6.2.1) - * Copyright (C) 1999-2001 D. Hugh Redelmeier - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef HOST_NAME_MAX /* POSIX 1003.1-2001 says defines this */ -# define HOST_NAME_MAX 255 /* upper bound, according to SUSv2 */ -#endif -#include - -#include - -#include "constants.h" -#include "defs.h" -#include "id.h" -#include "log.h" -#include "connections.h" -#include "packet.h" -#include "whack.h" - -const struct id empty_id; /* ID_ANY */ - -enum myid_state myid_state = MYID_UNKNOWN; -struct id myids[MYID_SPECIFIED+1]; /* %myid */ -char *myid_str[MYID_SPECIFIED+1]; /* string form of IDs */ - -/* initialize id module - * Fills in myid from environment variable IPSECmyid or defaultrouteaddr - */ -void -init_id(void) -{ - passert(empty_id.kind == ID_ANY); - myid_state = MYID_UNKNOWN; - { - enum myid_state s; - - for (s = MYID_UNKNOWN; s <= MYID_SPECIFIED; s++) - { - myids[s] = empty_id; - myid_str[s] = NULL; - } - } - set_myid(MYID_SPECIFIED, getenv("IPSECmyid")); - set_myid(MYID_IP, getenv("defaultrouteaddr")); - set_myFQDN(); -} - -/* - * free id module - */ -void -free_id(void) -{ - enum myid_state s; - - for (s = MYID_UNKNOWN; s <= MYID_SPECIFIED; s++) - { - free_id_content(&myids[s]); - free(myid_str[s]); - } -} - -static void -calc_myid_str(enum myid_state s) -{ - /* preformat the ID name */ - char buf[BUF_LEN]; - - idtoa(&myids[s], buf, BUF_LEN); - replace(myid_str[s], clone_str(buf)); -} - - -void -set_myid(enum myid_state s, char *idstr) -{ - if (idstr != NULL) - { - struct id id; - err_t ugh = atoid(idstr, &id, FALSE); - - if (ugh != NULL) - { - loglog(RC_BADID, "myid malformed: %s \"%s\"", ugh, idstr); - } - else - { - free_id_content(&myids[s]); - unshare_id_content(&id); - myids[s] = id; - if (s == MYID_SPECIFIED) - myid_state = MYID_SPECIFIED; - - calc_myid_str(s); - } - } -} - -void -set_myFQDN(void) -{ - char FQDN[HOST_NAME_MAX + 1]; - int r = gethostname(FQDN, sizeof(FQDN)); - - free_id_content(&myids[MYID_HOSTNAME]); - myids[MYID_HOSTNAME] = empty_id; - if (r != 0) - { - log_errno((e, "gethostname() failed in set_myFQDN")); - } - else - { - FQDN[sizeof(FQDN) - 1] = '\0'; /* insurance */ - - { - size_t len = strlen(FQDN); - - if (len > 0 && FQDN[len-1] == '.') - { - /* nuke trailing . */ - FQDN[len-1]='\0'; - } - } - - if (!strcaseeq(FQDN, "localhost.localdomain")) - { - chunk_t myid_name = { FQDN, strlen(FQDN) }; - - myids[MYID_HOSTNAME].name = chunk_clone(myid_name); - myids[MYID_HOSTNAME].kind = ID_FQDN; - calc_myid_str(MYID_HOSTNAME); - } - } -} - -void -show_myid_status(void) -{ - char idstr[BUF_LEN]; - - (void)idtoa(&myids[myid_state], idstr, sizeof(idstr)); - whack_log(RC_COMMENT, "%%myid = %s", idstr); -} - -/* Convert textual form of id into a (temporary) struct id. - * Note that if the id is to be kept, unshare_id_content will be necessary. - */ -err_t -atoid(char *src, struct id *id, bool myid_ok) -{ - err_t ugh = NULL; - - *id = empty_id; - - if (myid_ok && streq("%myid", src)) - { - id->kind = ID_MYID; - } - else if (strchr(src, '=') != NULL) - { - /* we interpret this as an ASCII X.501 ID_DER_ASN1_DN */ - id->kind = ID_DER_ASN1_DN; - id->name.ptr = temporary_cyclic_buffer(); /* assign temporary buffer */ - id->name.len = 0; - /* convert from LDAP style or openssl x509 -subject style to ASN.1 DN - * discard optional @ character in front of DN - */ - ugh = atodn((*src == '@')?src+1:src, &id->name); - } - else if (strchr(src, '@') == NULL) - { - if (streq(src, "%any") || streq(src, "0.0.0.0")) - { - /* any ID will be accepted */ - id->kind = ID_ANY; - } - else - { - /* !!! this test is not sufficient for distinguishing address families. - * We need a notation to specify that a FQDN is to be resolved to IPv6. - */ - const struct af_info *afi = strchr(src, ':') == NULL - ? &af_inet4_info: &af_inet6_info; - - id->kind = afi->id_addr; - ugh = ttoaddr(src, 0, afi->af, &id->ip_addr); - } - } - else - { - if (*src == '@') - { - if (*(src+1) == '#') - { - /* if there is a second specifier (#) on the line - * we interprete this as ID_KEY_ID - */ - id->kind = ID_KEY_ID; - id->name.ptr = src; - /* discard @~, convert from hex to bin */ - ugh = ttodata(src+2, 0, 16, id->name.ptr, strlen(src), &id->name.len); - } - else if (*(src+1) == '~') - { - /* if there is a second specifier (~) on the line - * we interprete this as a binary ID_DER_ASN1_DN - */ - id->kind = ID_DER_ASN1_DN; - id->name.ptr = src; - /* discard @~, convert from hex to bin */ - ugh = ttodata(src+2, 0, 16, id->name.ptr, strlen(src), &id->name.len); - } - else - { - id->kind = ID_FQDN; - id->name.ptr = src+1; /* discard @ */ - id->name.len = strlen(src)-1; - } - } - else - { - /* We leave in @, as per DOI 4.6.2.4 - * (but DNS wants . instead). - */ - id->kind = ID_USER_FQDN; - id->name.ptr = src; - id->name.len = strlen(src); - } - } - return ugh; -} - - -/* - * Converts a binary key ID into hexadecimal format - */ -int -keyidtoa(char *dst, size_t dstlen, chunk_t keyid) -{ - int n = datatot(keyid.ptr, keyid.len, 'x', dst, dstlen); - return (((size_t)n < dstlen)? n : dstlen) - 1; -} - -void -iptoid(const ip_address *ip, struct id *id) -{ - *id = empty_id; - - switch (addrtypeof(ip)) - { - case AF_INET: - id->kind = ID_IPV4_ADDR; - break; - case AF_INET6: - id->kind = ID_IPV6_ADDR; - break; - default: - bad_case(addrtypeof(ip)); - } - id->ip_addr = *ip; -} - -int -idtoa(const struct id *id, char *dst, size_t dstlen) -{ - int n; - - id = resolve_myid(id); - switch (id->kind) - { - case ID_ANY: - n = snprintf(dst, dstlen, "(none)"); - break; - case ID_IPV4_ADDR: - case ID_IPV6_ADDR: - n = (int)addrtot(&id->ip_addr, 0, dst, dstlen) - 1; - break; - case ID_FQDN: - n = snprintf(dst, dstlen, "@%.*s", (int)id->name.len, id->name.ptr); - break; - case ID_USER_FQDN: - n = snprintf(dst, dstlen, "%.*s", (int)id->name.len, id->name.ptr); - break; - case ID_DER_ASN1_DN: - n = dntoa(dst, dstlen, id->name); - break; - case ID_KEY_ID: - n = keyidtoa(dst, dstlen, id->name); - break; - default: - n = snprintf(dst, dstlen, "unknown id kind %d", id->kind); - break; - } - - /* "Sanitize" string so that log isn't endangered: - * replace unprintable characters with '?'. - */ - if (n > 0) - { - for ( ; *dst != '\0'; dst++) - if (!isprint(*dst)) - *dst = '?'; - } - - return n; -} - -/* Replace the shell metacharacters ', \, ", `, and $ in a character string - * by escape sequences consisting of their octal values - */ -void -escape_metachar(const char *src, char *dst, size_t dstlen) -{ - while (*src != '\0' && dstlen > 4) - { - switch (*src) - { - case '\'': - case '\\': - case '"': - case '`': - case '$': - sprintf(dst,"\\%s%o", (*src < 64)?"0":"", *src); - dst += 4; - dstlen -= 4; - break; - default: - *dst++ = *src; - dstlen--; - } - src++; - } - *dst = '\0'; -} - - -/* Make private copy of string in struct id. - * This is needed if the result of atoid is to be kept. - */ -void -unshare_id_content(struct id *id) -{ - switch (id->kind) - { - case ID_FQDN: - case ID_USER_FQDN: - case ID_DER_ASN1_DN: - case ID_KEY_ID: - id->name = chunk_clone(id->name); - break; - case ID_MYID: - case ID_ANY: - case ID_IPV4_ADDR: - case ID_IPV6_ADDR: - break; - default: - bad_case(id->kind); - } -} - -void -free_id_content(struct id *id) -{ - switch (id->kind) - { - case ID_FQDN: - case ID_USER_FQDN: - case ID_DER_ASN1_DN: - case ID_KEY_ID: - free(id->name.ptr); - break; - case ID_MYID: - case ID_ANY: - case ID_IPV4_ADDR: - case ID_IPV6_ADDR: - break; - default: - bad_case(id->kind); - } -} - -/* compare two struct id values */ -bool -same_id(const struct id *a, const struct id *b) -{ - a = resolve_myid(a); - b = resolve_myid(b); - if (a->kind != b->kind) - return FALSE; - switch (a->kind) - { - case ID_ANY: - return TRUE; /* kind of vacuous */ - - case ID_IPV4_ADDR: - case ID_IPV6_ADDR: - return sameaddr(&a->ip_addr, &b->ip_addr); - - case ID_FQDN: - case ID_USER_FQDN: - /* assumptions: - * - case should be ignored - * - trailing "." should be ignored (even if the only character?) - */ - { - size_t al = a->name.len - , bl = b->name.len; - - while (al > 0 && a->name.ptr[al - 1] == '.') - al--; - while (bl > 0 && b->name.ptr[bl - 1] == '.') - bl--; - return al == bl - && strncasecmp(a->name.ptr, b->name.ptr, al) == 0; - } - - case ID_DER_ASN1_DN: - return same_dn(a->name, b->name); - - case ID_KEY_ID: - return a->name.len == b->name.len - && memeq(a->name.ptr, b->name.ptr, a->name.len); - - default: - bad_case(a->kind); - } - return FALSE; -} - -/* compare two struct id values, DNs can contain wildcards */ -bool -match_id(const struct id *a, const struct id *b, int *wildcards) -{ - if (b->kind == ID_ANY) - { - *wildcards = MAX_WILDCARDS; - return TRUE; - } - if (a->kind != b->kind) - return FALSE; - if (a->kind == ID_DER_ASN1_DN) - return match_dn(a->name, b->name, wildcards); - else - { - *wildcards = 0; - return same_id(a, b); - } -} - -/* count the numer of wildcards in an id */ -int -id_count_wildcards(const struct id *id) -{ - switch (id->kind) - { - case ID_ANY: - return MAX_WILDCARDS; - case ID_DER_ASN1_DN: - return dn_count_wildcards(id->name); - default: - return 0; - } -} - -/* build an ID payload - * Note: no memory is allocated for the body of the payload (tl->ptr). - * We assume it will end up being a pointer into a sufficiently - * stable datastructure. It only needs to last a short time. - */ -void -build_id_payload(struct isakmp_ipsec_id *hd, chunk_t *tl, struct end *end) -{ - const struct id *id = resolve_myid(&end->id); - - zero(hd); - hd->isaiid_idtype = id->kind; - switch (id->kind) - { - case ID_ANY: - hd->isaiid_idtype = aftoinfo(addrtypeof(&end->host_addr))->id_addr; - tl->len = addrbytesptr(&end->host_addr - , (const unsigned char **)&tl->ptr); /* sets tl->ptr too */ - break; - case ID_FQDN: - case ID_USER_FQDN: - case ID_DER_ASN1_DN: - case ID_KEY_ID: - *tl = id->name; - break; - case ID_IPV4_ADDR: - case ID_IPV6_ADDR: - tl->len = addrbytesptr(&id->ip_addr - , (const unsigned char **)&tl->ptr); /* sets tl->ptr too */ - break; - default: - bad_case(id->kind); - } -} - -/* - * Local Variables: - * c-basic-offset:4 - * c-style: pluto - * End: - */ diff --git a/src/pluto/id.h b/src/pluto/id.h deleted file mode 100644 index dc2dcdfa6..000000000 --- a/src/pluto/id.h +++ /dev/null @@ -1,65 +0,0 @@ -/* identity representation, as in IKE ID Payloads (RFC 2407 DOI 4.6.2.1) - * Copyright (C) 1999-2001 D. Hugh Redelmeier - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef _ID_H -#define _ID_H - -#include "defs.h" - -struct id { - int kind; /* ID_* value */ - ip_address ip_addr; /* ID_IPV4_ADDR, ID_IPV6_ADDR */ - chunk_t name; /* ID_FQDN, ID_USER_FQDN (with @) */ - /* ID_KEY_ID, ID_DER_ASN_DN */ -}; - -extern void init_id(void); -extern void free_id(void); -extern const struct id empty_id; /* ID_NONE */ - -enum myid_state { - MYID_UNKNOWN, /* not yet figured out */ - MYID_HOSTNAME, /* our current hostname */ - MYID_IP, /* our default IP address */ - MYID_SPECIFIED /* as specified by ipsec.conf */ -}; - -extern enum myid_state myid_state; -extern struct id myids[MYID_SPECIFIED+1]; /* %myid */ -extern char *myid_str[MYID_SPECIFIED+1]; /* strings */ -extern void set_myid(enum myid_state s, char *); -extern void show_myid_status(void); -#define resolve_myid(id) ((id)->kind == ID_MYID? &myids[myid_state] : (id)) -extern void set_myFQDN(void); - -extern err_t atoid(char *src, struct id *id, bool myid_ok); -extern int keyidtoa(char *dst, size_t dstlen, chunk_t keyid); -extern void iptoid(const ip_address *ip, struct id *id); -extern int idtoa(const struct id *id, char *dst, size_t dstlen); -#define IDTOA_BUF 512 -extern void escape_metachar(const char *src, char *dst, size_t dstlen); -struct end; /* forward declaration of tag (defined in connections.h) */ -extern void unshare_id_content(struct id *id); -extern void free_id_content(struct id *id); -extern bool same_id(const struct id *a, const struct id *b); -#define MAX_WILDCARDS 15 -extern bool match_id(const struct id *a, const struct id *b, int *wildcards); -extern int id_count_wildcards(const struct id *id); -#define id_is_ipaddr(id) ((id)->kind == ID_IPV4_ADDR || (id)->kind == ID_IPV6_ADDR) - -struct isakmp_ipsec_id; /* forward declaration of tag (defined in packet.h) */ -extern void - build_id_payload(struct isakmp_ipsec_id *hd, chunk_t *tl, struct end *end); - -#endif /* _ID_H */ diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index f833f85b5..7521dd33b 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -23,6 +23,8 @@ #include #include +#include +#include #include #include #include @@ -126,7 +128,7 @@ struct dh_desc *ike_alg_get_dh_group(u_int alg) /** * Get pfsgroup for this connection */ -const struct dh_desc *ike_alg_pfsgroup(struct connection *c, lset_t policy) +const struct dh_desc *ike_alg_pfsgroup(connection_t *c, lset_t policy) { const struct dh_desc *ret = NULL; @@ -141,7 +143,7 @@ const struct dh_desc *ike_alg_pfsgroup(struct connection *c, lset_t policy) /** * Create an OAKLEY proposal based on alg_info and policy */ -struct db_context *ike_alg_db_new(struct connection *c, lset_t policy) +struct db_context *ike_alg_db_new(connection_t *c, lset_t policy) { struct alg_info_ike *ai = c->alg_info_ike; struct db_context *db_ctx = NULL; @@ -176,13 +178,13 @@ struct db_context *ike_alg_db_new(struct connection *c, lset_t policy) enum_show(&oakley_enc_names, ealg)); continue; } - if (!ike_alg_get_hasher(halg)) + if (!ike_alg_get_hasher(halg)) { plog("ike alg: hasher %s not present", enum_show(&oakley_hash_names, halg)); continue; } - if (!ike_alg_get_dh_group(modp)) + if (!ike_alg_get_dh_group(modp)) { plog("ike alg: dh group %s not present", enum_show(&oakley_group_names, modp)); @@ -193,20 +195,43 @@ struct db_context *ike_alg_db_new(struct connection *c, lset_t policy) if (policy & POLICY_PUBKEY) { int auth_method = 0; - private_key_t *key = get_private_key(c); + size_t key_size = 0; + key_type_t key_type = KEY_ANY; - if (key == NULL) + + if (c->spd.this.cert) + { + certificate_t *certificate = c->spd.this.cert->cert; + public_key_t *key = certificate->get_public_key(certificate); + + if (key == NULL) + { + plog("ike alg: unable to retrieve my public key"); + continue; + } + key_type = key->get_type(key); + key_size = key->get_keysize(key); + key->destroy(key); + } + else { - plog("ike alg: unable to locate my private key"); - continue; + private_key_t *key = get_private_key(c); + + if (key == NULL) + { + plog("ike alg: unable to retrieve my private key"); + continue; + } + key_type = key->get_type(key); + key_size = key->get_keysize(key); } - switch (key->get_type(key)) + switch (key_type) { case KEY_RSA: auth_method = OAKLEY_RSA_SIG; break; case KEY_ECDSA: - switch (key->get_keysize(key)) + switch (key_size) { case 32: auth_method = OAKLEY_ECDSA_256; @@ -344,7 +369,7 @@ void ike_alg_list(void) * Show IKE algorithms for this connection (result from ike= string) * and newest SA */ -void ike_alg_show_connection(struct connection *c, const char *instance) +void ike_alg_show_connection(connection_t *c, const char *instance) { struct state *st = state_with_serialno(c->newest_isakmp_sa); diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 57f4fb54b..1f8917d79 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -25,7 +25,6 @@ #include #include /* missing from on old systems */ #include -#include /* for gettimeofday */ #include @@ -36,12 +35,14 @@ #include #include #include +#include #include "constants.h" #include "defs.h" +#include "myid.h" #include "state.h" -#include "id.h" #include "x509.h" +#include "ac.h" #include "crl.h" #include "ca.h" #include "certs.h" @@ -101,21 +102,24 @@ * and return from the ENCLOSING stf_status returning function if it fails. */ #define RETURN_STF_FAILURE(f) \ - { int r = (f); if (r != NOTHING_WRONG) return STF_FAIL + r; } + { int r = (f); if (r != ISAKMP_NOTHING_WRONG) return STF_FAIL + r; } /* create output HDR as replica of input HDR */ -void -echo_hdr(struct msg_digest *md, bool enc, u_int8_t np) +void echo_hdr(struct msg_digest *md, bool enc, u_int8_t np) { struct isakmp_hdr r_hdr = md->hdr; /* mostly same as incoming header */ r_hdr.isa_flags &= ~ISAKMP_FLAG_COMMIT; /* we won't ever turn on this bit */ if (enc) + { r_hdr.isa_flags |= ISAKMP_FLAG_ENCRYPTION; + } /* some day, we may have to set r_hdr.isa_version */ r_hdr.isa_np = np; if (!out_struct(&r_hdr, &isakmp_hdr_desc, &md->reply, &md->rbody)) + { impossible(); /* surely must have room and be well-formed */ + } } /* Compute DH shared secret from our local secret and the peer's public value. @@ -172,13 +176,13 @@ static notification_t accept_KE(chunk_t *dest, const char *val_name, loglog(RC_LOG_SERIOUS, "KE has %u byte DH public value; %u required" , (unsigned) pbs_left(pbs), gr->ke_size); /* XXX Could send notification back */ - return INVALID_KEY_INFORMATION; + return ISAKMP_INVALID_KEY_INFORMATION; } free(dest->ptr); *dest = chunk_create(pbs->cur, pbs_left(pbs)); *dest = chunk_clone(*dest); DBG_cond_dump_chunk(DBG_CRYPT, "DH public value received:\n", *dest); - return NOTHING_WRONG; + return ISAKMP_NOTHING_WRONG; } /* accept_PFS_KE @@ -197,7 +201,7 @@ static notification_t accept_PFS_KE(struct msg_digest *md, chunk_t *dest, if (st->st_pfs_group != NULL) { loglog(RC_LOG_SERIOUS, "missing KE payload in %s message", msg_name); - return INVALID_KEY_INFORMATION; + return ISAKMP_INVALID_KEY_INFORMATION; } } else @@ -206,16 +210,16 @@ static notification_t accept_PFS_KE(struct msg_digest *md, chunk_t *dest, { loglog(RC_LOG_SERIOUS, "%s message KE payload requires a GROUP_DESCRIPTION attribute in SA" , msg_name); - return INVALID_KEY_INFORMATION; + return ISAKMP_INVALID_KEY_INFORMATION; } if (ke_pd->next != NULL) { loglog(RC_LOG_SERIOUS, "%s message contains several KE payloads; we accept at most one", msg_name); - return INVALID_KEY_INFORMATION; /* ??? */ + return ISAKMP_INVALID_KEY_INFORMATION; /* ??? */ } return accept_KE(dest, val_name, st->st_pfs_group, &ke_pd->pbs); } - return NOTHING_WRONG; + return ISAKMP_NOTHING_WRONG; } static bool build_and_ship_nonce(chunk_t *n, pb_stream *outs, u_int8_t np, @@ -231,39 +235,42 @@ static bool build_and_ship_nonce(chunk_t *n, pb_stream *outs, u_int8_t np, return out_generic_chunk(np, &isakmp_nonce_desc, outs, *n, name); } -static bool collect_rw_ca_candidates(struct msg_digest *md, generalName_t **top) +static linked_list_t* collect_rw_ca_candidates(struct msg_digest *md) { - struct connection *d = find_host_connection(&md->iface->addr - , pluto_port, (ip_address*)NULL, md->sender_port, LEMPTY); + linked_list_t *list = linked_list_create(); + connection_t *d; + + d = find_host_connection(&md->iface->addr, pluto_port, (ip_address*)NULL, + md->sender_port, LEMPTY); for (; d != NULL; d = d->hp_next) { /* must be a road warrior connection */ - if (d->kind == CK_TEMPLATE && !(d->policy & POLICY_OPPO) - && d->spd.that.ca.ptr != NULL) + if (d->kind == CK_TEMPLATE && !(d->policy & POLICY_OPPO) && + d->spd.that.ca) { - generalName_t *gn; + enumerator_t *enumerator; + identification_t *ca; bool new_entry = TRUE; - for (gn = *top; gn != NULL; gn = gn->next) + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &ca)) { - if (same_dn(gn->name, d->spd.that.ca)) + if (ca->equals(ca, d->spd.that.ca)) { new_entry = FALSE; break; - } + } } + enumerator->destroy(enumerator); + if (new_entry) { - gn = malloc_thing(generalName_t); - gn->kind = GN_DIRECTORY_NAME; - gn->name = d->spd.that.ca; - gn->next = *top; - *top = gn; + list->insert_last(list, d->spd.that.ca->clone(d->spd.that.ca)); } } } - return *top != NULL; + return list; } static bool build_and_ship_CR(u_int8_t type, chunk_t ca, pb_stream *outs, @@ -276,8 +283,9 @@ static bool build_and_ship_CR(u_int8_t type, chunk_t ca, pb_stream *outs, /* build CR header */ if (!out_struct(&cr_hd, &isakmp_ipsec_cert_req_desc, outs, &cr_pbs)) + { return FALSE; - + } if (ca.ptr != NULL) { /* build CR body containing the distinguished name of the CA */ @@ -323,24 +331,33 @@ static void send_notification(struct state *sndst, u_int16_t type, hdr.isa_msgid = msgid; hdr.isa_flags = encst ? ISAKMP_FLAG_ENCRYPTION : 0; if (icookie) + { memcpy(hdr.isa_icookie, icookie, COOKIE_SIZE); + } if (rcookie) + { memcpy(hdr.isa_rcookie, rcookie, COOKIE_SIZE); + } if (!out_struct(&hdr, &isakmp_hdr_desc, &pbs, &r_hdr_pbs)) + { impossible(); + } } /* HASH -- value to be filled later */ if (encst) { pb_stream hash_pbs; - if (!out_generic(ISAKMP_NEXT_N, &isakmp_hash_desc, &r_hdr_pbs, - &hash_pbs)) + if (!out_generic(ISAKMP_NEXT_N, &isakmp_hash_desc, &r_hdr_pbs, &hash_pbs)) + { impossible(); + } r_hashval = hash_pbs.cur; /* remember where to plant value */ if (!out_zero( encst->st_oakley.hasher->hash_digest_size, &hash_pbs, "HASH")) + { impossible(); + } close_output_pbs(&hash_pbs); r_hash_start = r_hdr_pbs.cur; /* hash from after HASH */ } @@ -358,7 +375,9 @@ static void send_notification(struct state *sndst, u_int16_t type, if (!out_struct(&isan, &isakmp_notification_desc, &r_hdr_pbs, ¬_pbs) || !out_raw(spi, spisize, ¬_pbs, "spi")) + { impossible(); + } close_output_pbs(¬_pbs); } @@ -393,8 +412,9 @@ static void send_notification(struct state *sndst, u_int16_t type, u_int new_iv_len = encst->st_new_iv_len; if (old_iv_len > MAX_DIGEST_LEN || new_iv_len > MAX_DIGEST_LEN) + { impossible(); - + } memcpy(old_iv, encst->st_iv, old_iv_len); memcpy(new_iv, encst->st_new_iv, new_iv_len); @@ -405,8 +425,10 @@ static void send_notification(struct state *sndst, u_int16_t type, } init_phase2_iv(encst, &msgid); if (!encrypt_message(&r_hdr_pbs, encst)) + { impossible(); - + } + /* restore preserved st_iv and st_new_iv */ memcpy(encst->st_iv, old_iv, old_iv_len); memcpy(encst->st_new_iv, new_iv, new_iv_len); @@ -475,7 +497,7 @@ void send_notification_from_md(struct msg_digest *md, u_int16_t type) * st_connection->interface */ struct state st; - struct connection cnx; + connection_t cnx; passert(md); @@ -569,10 +591,14 @@ void send_delete(struct state *st) pb_stream hash_pbs; if (!out_generic(ISAKMP_NEXT_D, &isakmp_hash_desc, &r_hdr_pbs, &hash_pbs)) + { impossible(); + } r_hashval = hash_pbs.cur; /* remember where to plant value */ if (!out_zero(p1st->st_oakley.hasher->hash_digest_size, &hash_pbs, "HASH(1)")) + { impossible(); + } close_output_pbs(&hash_pbs); r_hash_start = r_hdr_pbs.cur; /* hash from after HASH(1) */ } @@ -595,7 +621,9 @@ void send_delete(struct state *st) if (!out_struct(&isad, &isakmp_delete_desc, &r_hdr_pbs, &del_pbs) || !out_raw(&isakmp_spi, (2*COOKIE_SIZE), &del_pbs, "delete payload")) + { impossible(); + } close_output_pbs(&del_pbs); } else @@ -615,7 +643,9 @@ void send_delete(struct state *st) isad.isad_nospi = 1; if (!out_struct(&isad, &isakmp_delete_desc, &r_hdr_pbs, &del_pbs) || !out_raw(&ns->spi, sizeof(ipsec_spi_t), &del_pbs, "delete payload")) + { impossible(); + } close_output_pbs(&del_pbs); } } @@ -656,8 +686,9 @@ void send_delete(struct state *st) init_phase2_iv(p1st, &msgid); if (!encrypt_message(&r_hdr_pbs, p1st)) + { impossible(); - + } p1st->st_tpacket = chunk_create(reply_pbs.start, pbs_offset(&reply_pbs)); send_packet(p1st, "delete notify"); p1st->st_tpacket = saved_tpacket; @@ -755,14 +786,15 @@ void accept_delete(struct state *st, struct msg_digest *md, } else { - struct connection *oldc; - + connection_t *oldc; + oldc = cur_connection; set_cur_connection(dst->st_connection); if (nat_traversal_enabled) + { nat_traversal_change_port_lookup(md, dst); - + } loglog(RC_LOG_SERIOUS, "received Delete SA payload: " "deleting ISAKMP State #%lu", dst->st_serialno); delete_state(dst); @@ -790,18 +822,19 @@ void accept_delete(struct state *st, struct msg_digest *md, } else { - struct connection *rc = dst->st_connection; - struct connection *oldc; - + connection_t *rc = dst->st_connection; + connection_t *oldc; + oldc = cur_connection; set_cur_connection(rc); if (nat_traversal_enabled) + { nat_traversal_change_port_lookup(md, dst); - + } if (rc->newest_ipsec_sa == dst->st_serialno && (rc->policy & POLICY_UP)) - { + { /* Last IPSec SA for a permanent connection that we * have initiated. Replace it in a few seconds. * @@ -855,7 +888,9 @@ void close_message(pb_stream *pbs) size_t padding = pad_up(pbs_offset(pbs), 4); if (padding != 0) + { (void) out_zero(padding, pbs, "message padding"); + } close_output_pbs(pbs); } @@ -864,15 +899,14 @@ void close_message(pb_stream *pbs) * Note: this is not called from demux.c */ static stf_status -main_outI1(int whack_sock, struct connection *c, struct state *predecessor +main_outI1(int whack_sock, connection_t *c, struct state *predecessor , lset_t policy, unsigned long try) { struct state *st = new_state(); pb_stream reply; /* not actually a reply, but you know what I mean */ pb_stream rbody; - int vids_to_send = 0; - + /* set up new state */ st->st_connection = c; set_cur_state(st); /* we must reset before exit */ @@ -883,30 +917,48 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor /* determine how many Vendor ID payloads we will be sending */ if (SEND_PLUTO_VID) + { vids_to_send++; + } if (SEND_CISCO_UNITY_VID) + { vids_to_send++; - if (c->spd.this.cert.type == CERT_PGP) + } + if (c->spd.this.cert && + c->spd.this.cert->cert->get_type(c->spd.this.cert->cert) == CERT_GPG) + { vids_to_send++; + } if (SEND_XAUTH_VID) + { vids_to_send++; + } + /* always send DPD Vendor ID */ - vids_to_send++; + vids_to_send++; + if (nat_traversal_enabled) + { vids_to_send++; + } get_cookie(TRUE, st->st_icookie, COOKIE_SIZE, &c->spd.that.host_addr); insert_state(st); /* needs cookies, connection, and msgid (0) */ if (HAS_IPSEC_POLICY(policy)) + { add_pending(dup_any(whack_sock), st, c, policy, 1 , predecessor == NULL? SOS_NOBODY : predecessor->st_serialno); - + } if (predecessor == NULL) + { plog("initiating Main Mode"); + } else + { plog("initiating Main Mode to replace #%lu", predecessor->st_serialno); + } /* set up reply */ init_pbs(&reply, reply_buffer, sizeof(reply_buffer), "reply packet"); @@ -970,7 +1022,8 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor /* if we have an OpenPGP certificate we assume an * OpenPGP peer and have to send the Vendor ID */ - if (c->spd.this.cert.type == CERT_PGP) + if (c->spd.this.cert && + c->spd.this.cert->cert->get_type(c->spd.this.cert->cert) == CERT_GPG) { if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE , &rbody, VID_OPENPGP)) @@ -1042,7 +1095,7 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor return STF_OK; } -void ipsecdoi_initiate(int whack_sock, struct connection *c, lset_t policy, +void ipsecdoi_initiate(int whack_sock, connection_t *c, lset_t policy, unsigned long try, so_serial_t replacing) { /* If there's already an ISAKMP SA established, use that and @@ -1155,7 +1208,7 @@ static bool skeyid_preshared(struct state *st) { loglog(RC_LOG_SERIOUS, "%N not available to compute skeyid", pseudo_random_function_names, prf_alg); - return FALSE; + return FALSE; } free(st->st_skeyid.ptr); prf->set_key(prf, *pss); @@ -1166,8 +1219,7 @@ static bool skeyid_preshared(struct state *st) } } -static bool -skeyid_digisig(struct state *st) +static bool skeyid_digisig(struct state *st) { chunk_t nir; pseudo_random_function_t prf_alg; @@ -1234,12 +1286,9 @@ static bool generate_skeyids_iv(struct state *st) /* generate SKEYID_* from SKEYID */ { - char buf_skeyid_d[] = { 0x00 }; - char buf_skeyid_a[] = { 0x01 }; - char buf_skeyid_e[] = { 0x02 }; - chunk_t seed_skeyid_d = chunk_from_buf(buf_skeyid_d); - chunk_t seed_skeyid_a = chunk_from_buf(buf_skeyid_a); - chunk_t seed_skeyid_e = chunk_from_buf(buf_skeyid_e); + chunk_t seed_skeyid_d = chunk_from_chars(0x00); + chunk_t seed_skeyid_a = chunk_from_chars(0x01); + chunk_t seed_skeyid_e = chunk_from_chars(0x02); chunk_t icookie = { st->st_icookie, COOKIE_SIZE }; chunk_t rcookie = { st->st_rcookie, COOKIE_SIZE }; pseudo_random_function_t prf_alg; @@ -1254,7 +1303,7 @@ static bool generate_skeyids_iv(struct state *st) prf->allocate_bytes(prf, st->st_shared, NULL); prf->allocate_bytes(prf, icookie, NULL); prf->allocate_bytes(prf, rcookie, NULL); - prf->allocate_bytes(prf, seed_skeyid_d, &st->st_skeyid_d); + prf->allocate_bytes(prf, seed_skeyid_d, &st->st_skeyid_d); /* SKEYID_A */ free(st->st_skeyid_a.ptr); @@ -1262,7 +1311,7 @@ static bool generate_skeyids_iv(struct state *st) prf->allocate_bytes(prf, st->st_shared, NULL); prf->allocate_bytes(prf, icookie, NULL); prf->allocate_bytes(prf, rcookie, NULL); - prf->allocate_bytes(prf, seed_skeyid_a, &st->st_skeyid_a); + prf->allocate_bytes(prf, seed_skeyid_a, &st->st_skeyid_a); /* SKEYID_E */ free(st->st_skeyid_e.ptr); @@ -1270,7 +1319,7 @@ static bool generate_skeyids_iv(struct state *st) prf->allocate_bytes(prf, st->st_shared, NULL); prf->allocate_bytes(prf, icookie, NULL); prf->allocate_bytes(prf, rcookie, NULL); - prf->allocate_bytes(prf, seed_skeyid_e, &st->st_skeyid_e); + prf->allocate_bytes(prf, seed_skeyid_e, &st->st_skeyid_e); prf->destroy(prf); } @@ -1289,7 +1338,7 @@ static bool generate_skeyids_iv(struct state *st) DBG_dump_chunk("DH_i:", st->st_gi); DBG_dump_chunk("DH_r:", st->st_gr); ); - + hasher->get_hash(hasher, st->st_gi, NULL); hasher->get_hash(hasher, st->st_gr, st->st_new_iv); hasher->destroy(hasher); @@ -1302,15 +1351,14 @@ static bool generate_skeyids_iv(struct state *st) */ { size_t keysize = st->st_oakley.enckeylen/BITS_PER_BYTE; - + /* free any existing key */ free(st->st_enc_key.ptr); if (keysize > st->st_skeyid_e.len) { u_char keytemp[MAX_OAKLEY_KEY_LEN + MAX_DIGEST_LEN]; - char seed_buf[] = { 0x00 }; - chunk_t seed = chunk_from_buf(seed_buf); + chunk_t seed = chunk_from_chars(0x00); size_t prf_block_size, i; pseudo_random_function_t prf_alg; prf_t *prf; @@ -1319,7 +1367,7 @@ static bool generate_skeyids_iv(struct state *st) prf = lib->crypto->create_prf(lib->crypto, prf_alg); prf->set_key(prf, st->st_skeyid_e); prf_block_size = prf->get_block_size(prf); - + for (i = 0;;) { prf->get_bytes(prf, seed, &keytemp[i]); @@ -1336,7 +1384,7 @@ static bool generate_skeyids_iv(struct state *st) else { st->st_enc_key = chunk_create(st->st_skeyid_e.ptr, keysize); - } + } st->st_enc_key = chunk_clone(st->st_enc_key); } @@ -1421,7 +1469,7 @@ static bool generate_skeyids_iv(struct state *st) * Use PKCS#1 version 1.5 encryption of hash (called * RSAES-PKCS1-V1_5) in PKCS#2. */ -static size_t sign_hash(signature_scheme_t scheme, struct connection *c, +static size_t sign_hash(signature_scheme_t scheme, connection_t *c, u_char sig_val[RSA_MAX_OCTETS], chunk_t hash) { size_t sz = 0; @@ -1469,7 +1517,9 @@ static size_t sign_hash(signature_scheme_t scheme, struct connection *c, ) sz = scx_sign_hash(sc, hash.ptr, hash.len, sig_val, sz) ? sz : 0; if (!pkcs11_keep_state) + { scx_release_context(sc); + } unlock_certs_and_keys("sign_hash"); } return sz; @@ -1487,7 +1537,7 @@ static size_t sign_hash(signature_scheme_t scheme, struct connection *c, */ struct tac_state { struct state *st; - chunk_t hash; + chunk_t hash; chunk_t sig; int tried_cnt; /* number of keys tried */ }; @@ -1495,17 +1545,18 @@ struct tac_state { static bool take_a_crack(struct tac_state *s, pubkey_t *kr) { public_key_t *pub_key = kr->public_key; - identification_t *keyid = pub_key->get_id(pub_key, ID_PUBKEY_INFO_SHA1); + chunk_t keyid = chunk_empty; signature_scheme_t scheme; s->tried_cnt++; scheme = oakley_to_signature_scheme(s->st->st_oakley.auth); + pub_key->get_fingerprint(pub_key, KEY_ID_PUBKEY_INFO_SHA1, &keyid); if (pub_key->verify(pub_key, scheme, s->hash, s->sig)) { DBG(DBG_CRYPT | DBG_CONTROL, - DBG_log("%s check passed with keyid %Y", - enum_show(&oakley_auth_names, s->st->st_oakley.auth), keyid) + DBG_log("%s check passed with keyid %#B", + enum_show(&oakley_auth_names, s->st->st_oakley.auth), &keyid) ) unreference_key(&s->st->st_peer_pubkey); s->st->st_peer_pubkey = reference_key(kr); @@ -1514,14 +1565,14 @@ static bool take_a_crack(struct tac_state *s, pubkey_t *kr) else { DBG(DBG_CRYPT, - DBG_log("%s check failed with keyid %Y", - enum_show(&oakley_auth_names, s->st->st_oakley.auth), keyid) + DBG_log("%s check failed with keyid %#B", + enum_show(&oakley_auth_names, s->st->st_oakley.auth), &keyid) ) return FALSE; } } -static stf_status check_signature(key_type_t key_type, const struct id* peer, +static stf_status check_signature(key_type_t key_type, identification_t* peer, struct state *st, chunk_t hash, const pb_stream *sig_pbs, #ifdef USE_KEYRR @@ -1529,7 +1580,7 @@ static stf_status check_signature(key_type_t key_type, const struct id* peer, #endif /* USE_KEYRR */ const struct gw_info *gateways_from_dns) { - const struct connection *c = st->st_connection; + const connection_t *c = st->st_connection; struct tac_state s; s.st = st; @@ -1545,7 +1596,8 @@ static stf_status check_signature(key_type_t key_type, const struct id* peer, for (gw = c->gw_info; gw != NULL; gw = gw->next) { /* only consider entries that have a key and are for our peer */ - if (gw->gw_key_present && same_id(&gw->gw_id, &c->spd.that.id)&& + if (gw->gw_key_present && + gw->gw_id->equals(gw->gw_id, c->spd.that.id) && take_a_crack(&s, gw->key)) { return STF_OK; @@ -1564,7 +1616,7 @@ static stf_status check_signature(key_type_t key_type, const struct id* peer, pubkey_t *key = p->key; key_type_t type = key->public_key->get_type(key->public_key); - if (type == key_type && same_id(peer, &key->id)) + if (type == key_type && peer->equals(peer, key->id)) { time_t now = time(NULL); @@ -1576,7 +1628,6 @@ static stf_status check_signature(key_type_t key_type, const struct id* peer, *pp = free_public_keyentry(p); continue; /* continue with next public key */ } - if (take_a_crack(&s, key)) { return STF_OK; @@ -1628,34 +1679,30 @@ static stf_status check_signature(key_type_t key_type, const struct id* peer, /* no acceptable key was found: diagnose */ { - char id_buf[BUF_LEN]; /* arbitrary limit on length of ID reported */ - - idtoa(peer, id_buf, sizeof(id_buf)); - if (s.tried_cnt == 0) { - loglog(RC_LOG_SERIOUS, "no public key known for '%s'", id_buf); + loglog(RC_LOG_SERIOUS, "no public key known for '%Y'", peer); } else if (s.tried_cnt == 1) { - loglog(RC_LOG_SERIOUS, "signature check for '%s' failed: " - " wrong key?; tried %d", id_buf, s.tried_cnt); + loglog(RC_LOG_SERIOUS, "signature check for '%Y' failed: " + " wrong key?; tried %d", peer, s.tried_cnt); DBG(DBG_CONTROL, - DBG_log("public key for '%s' failed: " - "decrypted SIG payload into a malformed ECB", id_buf) + DBG_log("public key for '%Y' failed: " + "decrypted SIG payload into a malformed ECB", peer) ) } else { - loglog(RC_LOG_SERIOUS, "signature check for '%s' failed: " - "tried %d keys but none worked.", id_buf, s.tried_cnt); + loglog(RC_LOG_SERIOUS, "signature check for '%Y' failed: " + "tried %d keys but none worked.", peer, s.tried_cnt); DBG(DBG_CONTROL, - DBG_log("all %d public keys for '%s' failed: " + DBG_log("all %d public keys for '%Y' failed: " "best decrypted SIG payload into a malformed ECB", - s.tried_cnt, id_buf) + s.tried_cnt, peer) ) } - return STF_FAIL + INVALID_KEY_INFORMATION; + return STF_FAIL + ISAKMP_INVALID_KEY_INFORMATION; } } @@ -1669,12 +1716,12 @@ static notification_t accept_nonce(struct msg_digest *md, chunk_t *dest, { loglog(RC_LOG_SERIOUS, "%s length not between %d and %d" , name , MINIMUM_NONCE_SIZE, MAXIMUM_NONCE_SIZE); - return PAYLOAD_MALFORMED; /* ??? */ + return ISAKMP_PAYLOAD_MALFORMED; /* ??? */ } free(dest->ptr); *dest = chunk_create(nonce_pbs->cur, len); *dest = chunk_clone(*dest); - return NOTHING_WRONG; + return ISAKMP_NOTHING_WRONG; } /* encrypt message, sans fixed part of header @@ -1682,8 +1729,7 @@ static notification_t accept_nonce(struct msg_digest *md, chunk_t *dest, * The theory is that there will be no "backing out", so we commit to IV. * We also close the pbs. */ -bool -encrypt_message(pb_stream *pbs, struct state *st) +bool encrypt_message(pb_stream *pbs, struct state *st) { u_int8_t *enc_start = pbs->start + sizeof(struct isakmp_hdr); size_t enc_len = pbs_offset(pbs) - sizeof(struct isakmp_hdr); @@ -1723,7 +1769,7 @@ encrypt_message(pb_stream *pbs, struct state *st) crypter->set_key(crypter, st->st_enc_key); crypter->encrypt(crypter, data, iv, NULL); crypter->destroy(crypter); - + new_iv = data.ptr + data.len - crypter_block_size; memcpy(st->st_new_iv, new_iv, crypter_block_size); update_iv(st); @@ -1755,7 +1801,7 @@ static size_t quick_mode_hash12(u_char *dest, u_char *start, u_char *roof, if (hash2) { prf->get_bytes(prf, st->st_ni, NULL); /* include Ni_b in the hash */ - } + } prf->get_bytes(prf, msg_chunk, dest); prf_block_size = prf->get_block_size(prf); prf->destroy(prf); @@ -1775,13 +1821,12 @@ static size_t quick_mode_hash12(u_char *dest, u_char *start, u_char *roof, */ static size_t quick_mode_hash3(u_char *dest, struct state *st) { - char seed_buf[] = { 0x00 }; - chunk_t seed_chunk = chunk_from_buf(seed_buf); + chunk_t seed_chunk = chunk_from_chars(0x00); chunk_t msgid_chunk = chunk_from_thing(st->st_msgid); pseudo_random_function_t prf_alg; prf_t *prf; size_t prf_block_size; - + prf_alg = oakley_to_prf(st->st_oakley.hash); prf = lib->crypto->create_prf(lib->crypto, prf_alg); prf->set_key(prf, st->st_skeyid_a); @@ -1814,7 +1859,7 @@ void init_phase2_iv(struct state *st, const msgid_t *msgid) st->st_new_iv_len = hasher->get_hash_size(hasher); passert(st->st_new_iv_len <= sizeof(st->st_new_iv)); - + hasher->get_hash(hasher, iv_chunk, NULL); hasher->get_hash(hasher, msgid_chunk, st->st_new_iv); hasher->destroy(hasher); @@ -1846,27 +1891,30 @@ static bool emit_subnet_id(ip_subnet *net, u_int8_t np, u_int8_t protoid, id.isaiid_port = port; if (!out_struct(&id, &isakmp_ipsec_identification_desc, outs, &id_pbs)) + { return FALSE; - + } networkof(net, &ta); tal = addrbytesptr(&ta, &tbp); if (!out_raw(tbp, tal, &id_pbs, "client network")) + { return FALSE; - + } if (!subnetishost(net)) { maskof(net, &ta); tal = addrbytesptr(&ta, &tbp); if (!out_raw(tbp, tal, &id_pbs, "client mask")) + { return FALSE; + } } - close_output_pbs(&id_pbs); return TRUE; } stf_status quick_outI1(int whack_sock, struct state *isakmp_sa, - struct connection *c, lset_t policy, unsigned long try, + connection_t *c, lset_t policy, unsigned long try, so_serial_t replacing) { struct state *st = duplicate_state(isakmp_sa); @@ -1878,10 +1926,27 @@ stf_status quick_outI1(int whack_sock, struct state *isakmp_sa, bool has_client = c->spd.this.has_client || c->spd.that.has_client || c->spd.this.protocol || c->spd.that.protocol || c->spd.this.port || c->spd.that.port; - + bool send_natoa = FALSE; u_int8_t np = ISAKMP_NEXT_NONE; + if (c->spd.this.modecfg && !c->spd.this.has_client && + isanyaddr(&c->spd.this.host_srcip)) + { + connection_t *ph1_c = isakmp_sa->st_connection; + + if (ph1_c->spd.this.modecfg && !isanyaddr(&ph1_c->spd.this.host_srcip)) + { + char srcip[ADDRTOT_BUF]; + + c->spd.this.host_srcip = ph1_c->spd.this.host_srcip; + c->spd.this.client = ph1_c->spd.this.client; + c->spd.this.has_client = TRUE; + addrtot(&c->spd.this.host_srcip, 0, srcip, sizeof(srcip)); + plog("inheriting virtual IP source address %s from ModeCfg", srcip); + } + } + st->st_whack_sock = whack_sock; st->st_connection = c; set_cur_state(st); /* we must reset before exit */ @@ -1899,27 +1964,30 @@ stf_status quick_outI1(int whack_sock, struct state *isakmp_sa, insert_state(st); /* needs cookies, connection, and msgid */ if (replacing == SOS_NOBODY) - plog("initiating Quick Mode %s {using isakmp#%lu}" - , prettypolicy(policy) - , isakmp_sa->st_serialno); + { + plog("initiating Quick Mode %s {using isakmp#%lu}", + prettypolicy(policy), isakmp_sa->st_serialno); + } else - plog("initiating Quick Mode %s to replace #%lu {using isakmp#%lu}" - , prettypolicy(policy) - , replacing - , isakmp_sa->st_serialno); - + { + plog("initiating Quick Mode %s to replace #%lu {using isakmp#%lu}", + prettypolicy(policy), replacing, isakmp_sa->st_serialno); + } if (isakmp_sa->nat_traversal & NAT_T_DETECTED) { /* Duplicate nat_traversal status in new state */ st->nat_traversal = isakmp_sa->nat_traversal; if (isakmp_sa->nat_traversal & LELEM(NAT_TRAVERSAL_NAT_BHND_ME)) + { has_client = TRUE; - + } nat_traversal_change_port_lookup(NULL, st); } else + { st->nat_traversal = 0; + } /* are we going to send a NAT-OA payload? */ if ((st->nat_traversal & NAT_T_WITH_NATOA) @@ -1957,13 +2025,15 @@ stf_status quick_outI1(int whack_sock, struct state *isakmp_sa, /* SA out */ - /* + /* * See if pfs_group has been specified for this conn, * if not, fallback to old use-same-as-P1 behaviour */ #ifndef NO_IKE_ALG if (st->st_connection) + { st->st_pfs_group = ike_alg_pfsgroup(st->st_connection, policy); + } if (!st->st_pfs_group) #endif /* If PFS specified, use the same group as during Phase 1: @@ -1979,11 +2049,12 @@ stf_status quick_outI1(int whack_sock, struct state *isakmp_sa, lset_t pm = POLICY_ENCRYPT | POLICY_AUTHENTICATE; if (can_do_IPcomp) + { pm |= POLICY_COMPRESS; - - if (!out_sa(&rbody - , &ipsec_sadb[(st->st_policy & pm) >> POLICY_IPSEC_SHIFT] - , st, FALSE, ISAKMP_NEXT_NONCE)) + } + if (!out_sa(&rbody, + &ipsec_sadb[(st->st_policy & pm) >> POLICY_IPSEC_SHIFT], + st, FALSE, ISAKMP_NEXT_NONCE)) { reset_cur_state(); return STF_INTERNAL_ERROR; @@ -2063,14 +2134,18 @@ stf_status quick_outI1(int whack_sock, struct state *isakmp_sa, event_schedule(EVENT_RETRANSMIT, EVENT_RETRANSMIT_DELAY_0, st); if (replacing == SOS_NOBODY) + { whack_log(RC_NEW_STATE + STATE_QUICK_I1 , "%s: initiate" , enum_name(&state_names, st->st_state)); + } else + { whack_log(RC_NEW_STATE + STATE_QUICK_I1 , "%s: initiate to replace #%lu" , enum_name(&state_names, st->st_state) , replacing); + } reset_cur_state(); return STF_OK; } @@ -2092,35 +2167,45 @@ static void decode_cert(struct msg_digest *md) blob.len = pbs_left(&p->pbs); if (cert->isacert_type == CERT_X509_SIGNATURE) { - x509cert_t cert = empty_x509cert; - if (parse_x509cert(blob, 0, &cert)) + cert_t x509cert = cert_empty; + + x509cert.cert = lib->creds->create(lib->creds, + CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, blob, + BUILD_END); + if (x509cert.cert) { - if (verify_x509cert(&cert, strict_crl_policy, &valid_until)) + if (verify_x509cert(&x509cert, strict_crl_policy, &valid_until)) { DBG(DBG_PARSING, DBG_log("Public key validated") ) - add_x509_public_key(&cert, valid_until, DAL_SIGNED); + add_public_key_from_cert(&x509cert, valid_until, DAL_SIGNED); } else { plog("X.509 certificate rejected"); } - DESTROY_IF(cert.public_key); - free_generalNames(cert.subjectAltName, FALSE); - free_generalNames(cert.crlDistributionPoints, FALSE); + x509cert.cert->destroy(x509cert.cert); } else + { plog("Syntax error in X.509 certificate"); + } } else if (cert->isacert_type == CERT_PKCS7_WRAPPED_X509) { - x509cert_t *cert = NULL; + linked_list_t *certs = linked_list_create(); - if (pkcs7_parse_signedData(blob, NULL, &cert, NULL, NULL)) - store_x509certs(&cert, strict_crl_policy); + if (pkcs7_parse_signedData(blob, NULL, certs, NULL, NULL)) + { + store_x509certs(certs, strict_crl_policy); + } else + { plog("Syntax error in PKCS#7 wrapped X.509 certificates"); + } + certs->destroy_offset(certs, offsetof(certificate_t, destroy)); } else { @@ -2134,7 +2219,7 @@ static void decode_cert(struct msg_digest *md) /* * Decode the CR payload of Phase 1. */ -static void decode_cr(struct msg_digest *md, struct connection *c) +static void decode_cr(struct msg_digest *md, connection_t *c) { struct payload_digest *p; @@ -2142,7 +2227,7 @@ static void decode_cr(struct msg_digest *md, struct connection *c) { struct isakmp_cr *const cr = &p->payload.cr; chunk_t ca_name; - + ca_name.len = pbs_left(&p->pbs); ca_name.ptr = (ca_name.len > 0)? p->pbs.cur : NULL; @@ -2150,32 +2235,37 @@ static void decode_cr(struct msg_digest *md, struct connection *c) if (cr->isacr_type == CERT_X509_SIGNATURE) { - char buf[BUF_LEN]; - if (ca_name.len > 0) { - generalName_t *gn; - + identification_t *ca; + if (!is_asn1(ca_name)) + { continue; - - gn = malloc_thing(generalName_t); - ca_name = chunk_clone(ca_name); - gn->kind = GN_DIRECTORY_NAME; - gn->name = ca_name; - gn->next = c->requested_ca; - c->requested_ca = gn; + } + if (c->requested_ca == NULL) + { + c->requested_ca = linked_list_create(); + } + ca = identification_create_from_encoding(ID_DER_ASN1_DN, ca_name); + c->requested_ca->insert_last(c->requested_ca, ca); + DBG(DBG_PARSING | DBG_CONTROL, + DBG_log("requested CA: \"%Y\"", ca) + ) + } + else + { + DBG(DBG_PARSING | DBG_CONTROL, + DBG_log("requested CA: %%any") + ) } c->got_certrequest = TRUE; - - DBG(DBG_PARSING | DBG_CONTROL, - dntoa_or_null(buf, BUF_LEN, ca_name, "%any"); - DBG_log("requested CA: '%s'", buf); - ) } else + { loglog(RC_LOG_SERIOUS, "ignoring %s certificate request payload", enum_show(&cert_type_names, cr->isacr_type)); + } } } @@ -2184,12 +2274,13 @@ static void decode_cr(struct msg_digest *md, struct connection *c) * We must be called before SIG or HASH are decoded since we * may change the peer's public key or ID. */ -static bool decode_peer_id(struct msg_digest *md, struct id *peer) +static bool decode_peer_id(struct msg_digest *md, identification_t **peer) { struct state *const st = md->st; struct payload_digest *const id_pld = md->chain[ISAKMP_NEXT_ID]; const pb_stream *const id_pbs = &id_pld->pbs; struct isakmp_id *const id = &id_pld->payload.id; + chunk_t id_payload; /* I think that RFC2407 (IPSEC DOI) 4.6.2 is confused. * It talks about the protocol ID and Port fields of the ID @@ -2218,74 +2309,50 @@ static bool decode_peer_id(struct msg_digest *md, struct id *peer) return FALSE; } - peer->kind = id->isaid_idtype; + id_payload = chunk_create(id_pbs->cur, pbs_left(id_pbs)); - switch (peer->kind) + switch (id->isaid_idtype) { - case ID_IPV4_ADDR: - case ID_IPV6_ADDR: - /* failure mode for initaddr is probably inappropriate address length */ - { - err_t ugh = initaddr(id_pbs->cur, pbs_left(id_pbs) - , peer->kind == ID_IPV4_ADDR? AF_INET : AF_INET6 - , &peer->ip_addr); - - if (ugh != NULL) + case ID_IPV4_ADDR: + if (id_payload.len != 4) { - loglog(RC_LOG_SERIOUS, "improper %s identification payload: %s" - , enum_show(&ident_names, peer->kind), ugh); - /* XXX Could send notification back */ + loglog(RC_LOG_SERIOUS, "improper %s Phase 1 ID payload", + enum_show(&ident_names, id->isaid_idtype)); return FALSE; } - } - break; - - case ID_USER_FQDN: - if (memchr(id_pbs->cur, '@', pbs_left(id_pbs)) == NULL) - { - loglog(RC_LOG_SERIOUS, "peer's ID_USER_FQDN contains no @"); - return FALSE; - } - /* FALLTHROUGH */ - case ID_FQDN: - if (memchr(id_pbs->cur, '\0', pbs_left(id_pbs)) != NULL) - { - loglog(RC_LOG_SERIOUS, "Phase 1 ID Payload of type %s contains a NUL" - , enum_show(&ident_names, peer->kind)); + break; + case ID_IPV6_ADDR: + if (id_payload.len != 16) + { + loglog(RC_LOG_SERIOUS, "improper %s Phase 1 ID payload", + enum_show(&ident_names, id->isaid_idtype)); + return FALSE; + } + break; + case ID_USER_FQDN: + case ID_FQDN: + if (memchr(id_payload.ptr, '\0', id_payload.len) != NULL) + { + loglog(RC_LOG_SERIOUS, "%s Phase 1 ID payload contains " + "a NUL character", + enum_show(&ident_names, id->isaid_idtype)); + return FALSE; + } + break; + case ID_KEY_ID: + case ID_DER_ASN1_DN: + break; + default: + /* XXX Could send notification back */ + loglog(RC_LOG_SERIOUS, "unacceptable identity type (%s) " + "in Phase 1 ID payload", + enum_show(&ident_names, id->isaid_idtype)); return FALSE; - } - - /* ??? ought to do some more sanity check, but what? */ - - peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs)); - break; - - case ID_KEY_ID: - peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs)); - DBG(DBG_PARSING, - DBG_dump_chunk("KEY ID:", peer->name)); - break; - - case ID_DER_ASN1_DN: - peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs)); - DBG(DBG_PARSING, - DBG_dump_chunk("DER ASN1 DN:", peer->name)); - break; - - default: - /* XXX Could send notification back */ - loglog(RC_LOG_SERIOUS, "Unacceptable identity type (%s) in Phase 1 ID Payload" - , enum_show(&ident_names, peer->kind)); - return FALSE; } + *peer = identification_create_from_encoding(id->isaid_idtype, id_payload); - { - char buf[BUF_LEN]; - - idtoa(peer, buf, sizeof(buf)); - plog("Peer ID is %s: '%s'", - enum_show(&ident_names, id->isaid_idtype), buf); - } + plog("Peer ID is %s: '%Y'", enum_show(&ident_names, id->isaid_idtype), + *peer); /* check for certificates */ decode_cert(md); @@ -2298,45 +2365,51 @@ static bool decode_peer_id(struct msg_digest *md, struct id *peer) * - if the initiation was explicit, we'd be ignoring user's intent * - if opportunistic, we'll lose our HOLD info */ -static bool switch_connection(struct msg_digest *md, struct id *peer, +static bool switch_connection(struct msg_digest *md, identification_t *peer, bool initiator) { struct state *const st = md->st; - struct connection *c = st->st_connection; - - chunk_t peer_ca = (st->st_peer_pubkey != NULL) - ? st->st_peer_pubkey->issuer : chunk_empty; + connection_t *c = st->st_connection; + identification_t *peer_ca; - DBG(DBG_CONTROL, - char buf[BUF_LEN]; - - dntoa_or_null(buf, BUF_LEN, peer_ca, "%none"); - DBG_log("peer CA: '%s'", buf); - ) + peer_ca = st->st_peer_pubkey ? st->st_peer_pubkey->issuer : NULL; + if (peer_ca) + { + DBG(DBG_CONTROL, + DBG_log("peer CA: \"%Y\"", peer_ca) + ) + } + else + { + DBG(DBG_CONTROL, + DBG_log("peer CA: %%none") + ) + } if (initiator) { int pathlen; - if (!same_id(&c->spd.that.id, peer)) + if (!peer->equals(peer, c->spd.that.id)) { - char expect[BUF_LEN] - , found[BUF_LEN]; - - idtoa(&c->spd.that.id, expect, sizeof(expect)); - idtoa(peer, found, sizeof(found)); - loglog(RC_LOG_SERIOUS - , "we require peer to have ID '%s', but peer declares '%s'" - , expect, found); + loglog(RC_LOG_SERIOUS, + "we require peer to have ID '%Y', but peer declares '%Y'", + c->spd.that.id, peer); return FALSE; } - DBG(DBG_CONTROL, - char buf[BUF_LEN]; - - dntoa_or_null(buf, BUF_LEN, c->spd.that.ca, "%none"); - DBG_log("required CA: '%s'", buf); - ) + if (c->spd.that.ca) + { + DBG(DBG_CONTROL, + DBG_log("required CA: \"%s\"", c->spd.that.ca); + ) + } + else + { + DBG(DBG_CONTROL, + DBG_log("required CA: %%none"); + ) + } if (!trusted_ca(peer_ca, c->spd.that.ca, &pathlen)) { @@ -2347,7 +2420,7 @@ static bool switch_connection(struct msg_digest *md, struct id *peer, } else { - struct connection *r; + connection_t *r; /* check for certificate requests */ decode_cr(md, c); @@ -2355,24 +2428,31 @@ static bool switch_connection(struct msg_digest *md, struct id *peer, r = refine_host_connection(st, peer, peer_ca); /* delete the collected certificate requests */ - free_generalNames(c->requested_ca, TRUE); - c->requested_ca = NULL; + if (c->requested_ca) + { + c->requested_ca->destroy_offset(c->requested_ca, + offsetof(identification_t, destroy)); + c->requested_ca = NULL; + } if (r == NULL) { - char buf[BUF_LEN]; - - idtoa(peer, buf, sizeof(buf)); - loglog(RC_LOG_SERIOUS, "no suitable connection for peer '%s'", buf); + loglog(RC_LOG_SERIOUS, "no suitable connection for peer '%Y'", peer); return FALSE; } - DBG(DBG_CONTROL, - char buf[BUF_LEN]; - - dntoa_or_null(buf, BUF_LEN, r->spd.this.ca, "%none"); - DBG_log("offered CA: '%s'", buf); - ) + if (r->spd.this.ca) + { + DBG(DBG_CONTROL, + DBG_log("offered CA: \"%Y\"", r->spd.this.ca) + ) + } + else + { + DBG(DBG_CONTROL, + DBG_log("offered CA: %%none") + ) + } if (r != c) { @@ -2396,10 +2476,9 @@ static bool switch_connection(struct msg_digest *md, struct id *peer, } else if (c->spd.that.has_id_wildcards) { - free_id_content(&c->spd.that.id); - c->spd.that.id = *peer; + c->spd.that.id->destroy(c->spd.that.id); + c->spd.that.id = peer->clone(peer); c->spd.that.has_id_wildcards = FALSE; - unshare_id_content(&c->spd.that.id); } } return TRUE; @@ -2489,13 +2568,19 @@ static bool decode_net_id(struct isakmp_ipsec_id *id, pb_stream *id_pbs, ugh = initaddr(id_pbs->cur , afi->ia_sz, afi->af, &temp_address); if (ugh == NULL) + { ugh = initaddr(id_pbs->cur + afi->ia_sz , afi->ia_sz, afi->af, &temp_mask); + } if (ugh == NULL) + { ugh = initsubnet(&temp_address, masktocount(&temp_mask) , '0', net); + } if (ugh == NULL && subnetisnone(net)) + { ugh = "contains only anyaddr"; + } if (ugh != NULL) { loglog(RC_LOG_SERIOUS, "%s ID payload %s bad subnet in Quick I1 (%s)" @@ -2528,8 +2613,10 @@ static bool decode_net_id(struct isakmp_ipsec_id *id, pb_stream *id_pbs, } ugh = initaddr(id_pbs->cur, afi->ia_sz, afi->af, &temp_address_from); if (ugh == NULL) + { ugh = initaddr(id_pbs->cur + afi->ia_sz , afi->ia_sz, afi->af, &temp_address_to); + } if (ugh != NULL) { loglog(RC_LOG_SERIOUS, "%s ID payload %s malformed (%s) in Quick I1" @@ -2540,7 +2627,9 @@ static bool decode_net_id(struct isakmp_ipsec_id *id, pb_stream *id_pbs, ugh = rangetosubnet(&temp_address_from, &temp_address_to, net); if (ugh == NULL && subnetisnone(net)) + { ugh = "contains only anyaddr"; + } if (ugh != NULL) { char temp_buff1[ADDRTOT_BUF], temp_buff2[ADDRTOT_BUF]; @@ -2582,8 +2671,9 @@ static bool check_net_id(struct isakmp_ipsec_id *id, pb_stream *id_pbs, ip_subnet net_temp; if (!decode_net_id(id, id_pbs, &net_temp, which)) + { return FALSE; - + } if (!samesubnet(net, &net_temp) || *protoid != id->isaiid_protoid || *port != id->isaiid_port) { @@ -2598,7 +2688,7 @@ static bool check_net_id(struct isakmp_ipsec_id *id, pb_stream *id_pbs, */ static bool has_preloaded_public_key(struct state *st) { - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; /* do not consider rw connections since * the peer's identity must be known @@ -2613,7 +2703,8 @@ static bool has_preloaded_public_key(struct state *st) pubkey_t *key = p->key; key_type_t type = key->public_key->get_type(key->public_key); - if (type == KEY_RSA && same_id(&c->spd.that.id, &key->id) && + if (type == KEY_RSA && + c->spd.that.id->equals(c->spd.that.id, key->id) && key->until_time == UNDEFINED_TIME) { /* found a preloaded public key */ @@ -2646,7 +2737,7 @@ static void compute_proto_keymat(struct state *st, u_int8_t protoid, if (needed_len && pi->attrs.key_len) { needed_len = pi->attrs.key_len / BITS_PER_BYTE; - } + } switch (pi->attrs.transid) { @@ -2745,7 +2836,7 @@ static void compute_proto_keymat(struct state *st, u_int8_t protoid, char *keymat_i_peer = pi->peer_keymat + i; chunk_t keymat_our = { keymat_i_our, prf_block_size }; chunk_t keymat_peer = { keymat_i_peer, prf_block_size }; - + if (st->st_shared.ptr != NULL) { /* PFS: include the g^xy */ @@ -2785,9 +2876,13 @@ static void compute_proto_keymat(struct state *st, u_int8_t protoid, static void compute_keymats(struct state *st) { if (st->st_ah.present) + { compute_proto_keymat(st, PROTO_IPSEC_AH, &st->st_ah); + } if (st->st_esp.present) + { compute_proto_keymat(st, PROTO_IPSEC_ESP, &st->st_esp); + } } static bool uses_pubkey_auth(int auth) @@ -2807,6 +2902,38 @@ static bool uses_pubkey_auth(int auth) } } +/* build an ID payload + * Note: no memory is allocated for the body of the payload (tl->ptr). + * We assume it will end up being a pointer into a sufficiently + * stable datastructure. It only needs to last a short time. + */ +static void build_id_payload(struct isakmp_ipsec_id *hd, chunk_t *tl, struct end *end) +{ + identification_t *id = resolve_myid(end->id); + + zero(hd); + hd->isaiid_idtype = id->get_type(id); + + switch (id->get_type(id)) + { + case ID_ANY: + hd->isaiid_idtype = aftoinfo(addrtypeof(&end->host_addr))->id_addr; + tl->len = addrbytesptr(&end->host_addr, + (const unsigned char **)&tl->ptr); /* sets tl->ptr too */ + break; + case ID_IPV4_ADDR: + case ID_IPV6_ADDR: + case ID_FQDN: + case ID_USER_FQDN: + case ID_DER_ASN1_DN: + case ID_KEY_ID: + *tl = id->get_encoding(id); + break; + default: + bad_case(id->get_type(id)); + } +} + /* State Transition Functions. * * The definition of state_microcode_table in demux.c is a good @@ -2833,7 +2960,7 @@ stf_status main_inI1_outR1(struct msg_digest *md) { struct payload_digest *const sa_pd = md->chain[ISAKMP_NEXT_SA]; struct state *st; - struct connection *c; + connection_t *c; struct isakmp_proposal proposal; pb_stream proposal_pbs; pb_stream r_sa_pbs; @@ -2877,7 +3004,7 @@ stf_status main_inI1_outR1(struct msg_digest *md) * but Food Groups kind of assumes one. */ { - struct connection *d; + connection_t *d; d = find_host_connection(&md->iface->addr , pluto_port, (ip_address*)NULL, md->sender_port, policy); @@ -2936,7 +3063,7 @@ stf_status main_inI1_outR1(struct msg_digest *md) /* Create an instance * This is a rare case: wildcard peer ID but static peer IP address */ - c = rw_instantiate(c, &md->sender, md->sender_port, NULL, &c->spd.that.id); + c = rw_instantiate(c, &md->sender, md->sender_port, NULL, c->spd.that.id); } /* Set up state */ @@ -3126,7 +3253,7 @@ stf_status main_inR1_outI2(struct msg_digest *md) { loglog(RC_LOG_SERIOUS, "a single Transform is required in a selecting Oakley Proposal; found %u" , (unsigned)proposal.isap_notrans); - RETURN_STF_FAILURE(BAD_PROPOSAL_SYNTAX); + RETURN_STF_FAILURE(ISAKMP_BAD_PROPOSAL_SYNTAX); } RETURN_STF_FAILURE(parse_isakmp_sa_body(ipsecdoisit , &proposal_pbs, &proposal, NULL, st, TRUE)); @@ -3155,35 +3282,46 @@ stf_status main_inR1_outI2(struct msg_digest *md) /* KE out */ if (!build_and_ship_KE(st, &st->st_gi, st->st_oakley.group , &md->rbody, ISAKMP_NEXT_NONCE)) + { return STF_INTERNAL_ERROR; + } #ifdef DEBUG /* Ni out */ if (!build_and_ship_nonce(&st->st_ni, &md->rbody , (cur_debugging & IMPAIR_BUST_MI2)? ISAKMP_NEXT_VID : np, "Ni")) + { return STF_INTERNAL_ERROR; - + } if (cur_debugging & IMPAIR_BUST_MI2) { /* generate a pointless large VID payload to push message over MTU */ pb_stream vid_pbs; if (!out_generic(np, &isakmp_vendor_id_desc, &md->rbody, &vid_pbs)) + { return STF_INTERNAL_ERROR; + } if (!out_zero(1500 /*MTU?*/, &vid_pbs, "Filler VID")) + { return STF_INTERNAL_ERROR; + } close_output_pbs(&vid_pbs); } #else /* Ni out */ if (!build_and_ship_nonce(&st->st_ni, &md->rbody, np, "Ni")) + { return STF_INTERNAL_ERROR; + } #endif if (st->nat_traversal & NAT_T_WITH_NATD) { if (!nat_traversal_add_natd(ISAKMP_NEXT_NONE, &md->rbody, md)) + { return STF_INTERNAL_ERROR; + } } /* finish message */ @@ -3251,15 +3389,18 @@ stf_status main_inI2_outR2(struct msg_digest *md) /* KE out */ if (!build_and_ship_KE(st, &st->st_gr, st->st_oakley.group , &md->rbody, ISAKMP_NEXT_NONCE)) + { return STF_INTERNAL_ERROR; + } #ifdef DEBUG /* Nr out */ - if (!build_and_ship_nonce(&st->st_nr, &md->rbody - , (cur_debugging & IMPAIR_BUST_MR2)? ISAKMP_NEXT_VID + if (!build_and_ship_nonce(&st->st_nr, &md->rbody, + (cur_debugging & IMPAIR_BUST_MR2)? ISAKMP_NEXT_VID : (send_cr? ISAKMP_NEXT_CR : np), "Nr")) + { return STF_INTERNAL_ERROR; - + } if (cur_debugging & IMPAIR_BUST_MR2) { /* generate a pointless large VID payload to push message over MTU */ @@ -3267,9 +3408,13 @@ stf_status main_inI2_outR2(struct msg_digest *md) if (!out_generic((send_cr)? ISAKMP_NEXT_CR : np, &isakmp_vendor_id_desc, &md->rbody, &vid_pbs)) + { return STF_INTERNAL_ERROR; + } if (!out_zero(1500 /*MTU?*/, &vid_pbs, "Filler VID")) + { return STF_INTERNAL_ERROR; + } close_output_pbs(&vid_pbs); } #else @@ -3284,33 +3429,50 @@ stf_status main_inI2_outR2(struct msg_digest *md) { if (st->st_connection->kind == CK_PERMANENT) { - if (!build_and_ship_CR(CERT_X509_SIGNATURE - , st->st_connection->spd.that.ca - , &md->rbody, np)) + identification_t *ca = st->st_connection->spd.that.ca; + chunk_t cr = (ca) ? ca->get_encoding(ca) : chunk_empty; + + if (!build_and_ship_CR(CERT_X509_SIGNATURE, cr, &md->rbody, np)) + { return STF_INTERNAL_ERROR; + } } else { - generalName_t *ca = NULL; + linked_list_t *list = collect_rw_ca_candidates(md); + int count = list->get_count(list); + bool error = FALSE; - if (collect_rw_ca_candidates(md, &ca)) + if (count) { - generalName_t *gn; + enumerator_t *enumerator; + identification_t *ca; - for (gn = ca; gn != NULL; gn = gn->next) + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &ca)) { - if (!build_and_ship_CR(CERT_X509_SIGNATURE, gn->name - , &md->rbody - , gn->next == NULL ? np : ISAKMP_NEXT_CR)) - return STF_INTERNAL_ERROR; + if (!build_and_ship_CR(CERT_X509_SIGNATURE, + ca->get_encoding(ca), &md->rbody, + --count ? ISAKMP_NEXT_CR : np)) + { + error = TRUE; + break; + } } - free_generalNames(ca, FALSE); + enumerator->destroy(enumerator); } else { - if (!build_and_ship_CR(CERT_X509_SIGNATURE, chunk_empty - , &md->rbody, np)) - return STF_INTERNAL_ERROR; + if (!build_and_ship_CR(CERT_X509_SIGNATURE, chunk_empty, + &md->rbody, np)) + { + error = TRUE; + } + } + list->destroy_offset(list, offsetof(identification_t, destroy)); + if (error) + { + return STF_INTERNAL_ERROR; } } } @@ -3318,7 +3480,9 @@ stf_status main_inI2_outR2(struct msg_digest *md) if (st->nat_traversal & NAT_T_WITH_NATD) { if (!nat_traversal_add_natd(ISAKMP_NEXT_NONE, &md->rbody, md)) + { return STF_INTERNAL_ERROR; + } } /* finish message */ @@ -3329,7 +3493,9 @@ stf_status main_inI2_outR2(struct msg_digest *md) */ compute_dh_shared(st, st->st_gi); if (!generate_skeyids_iv(st)) - return STF_FAIL + AUTHENTICATION_FAILED; + { + return STF_FAIL + ISAKMP_AUTHENTICATION_FAILED; + } update_iv(st); return STF_OK; @@ -3350,9 +3516,10 @@ stf_status main_inR2_outI3(struct msg_digest *md) struct state *const st = md->st; pb_stream *const keyex_pbs = &md->chain[ISAKMP_NEXT_KE]->pbs; pb_stream id_pbs; /* ID Payload; also used for hash calculation */ - - certpolicy_t cert_policy = st->st_connection->spd.this.sendcert; - cert_t mycert = st->st_connection->spd.this.cert; + + connection_t *c = st->st_connection; + certpolicy_t cert_policy = c->spd.this.sendcert; + cert_t *mycert = c->spd.this.cert; bool requested, send_cert, send_cr; bool pubkey_auth = uses_pubkey_auth(st->st_oakley.auth); @@ -3365,22 +3532,26 @@ stf_status main_inR2_outI3(struct msg_digest *md) RETURN_STF_FAILURE(accept_nonce(md, &st->st_nr, "Nr")); /* decode certificate requests */ - st->st_connection->got_certrequest = FALSE; - decode_cr(md, st->st_connection); + c->got_certrequest = FALSE; + decode_cr(md, c); /* free collected certificate requests since as initiator * we don't heed them anyway */ - free_generalNames(st->st_connection->requested_ca, TRUE); - st->st_connection->requested_ca = NULL; + if (c->requested_ca) + { + c->requested_ca->destroy_offset(c->requested_ca, + offsetof(identification_t, destroy)); + c->requested_ca = NULL; + } /* send certificate if auth is RSA, we have one and we want * or are requested to send it */ - requested = cert_policy == CERT_SEND_IF_ASKED - && st->st_connection->got_certrequest; - send_cert = pubkey_auth && mycert.type != CERT_NONE - && (cert_policy == CERT_ALWAYS_SEND || requested); + requested = cert_policy == CERT_SEND_IF_ASKED && c->got_certrequest; + send_cert = pubkey_auth && mycert && + mycert->cert->get_type(mycert->cert) == CERT_X509 && + (cert_policy == CERT_ALWAYS_SEND || requested); /* send certificate request if we don't have a preloaded RSA public key */ send_cr = !no_cr_send && send_cert && !has_preloaded_public_key(st); @@ -3388,8 +3559,9 @@ stf_status main_inR2_outI3(struct msg_digest *md) /* done parsing; initialize crypto */ compute_dh_shared(st, st->st_gr); if (!generate_skeyids_iv(st)) - return STF_FAIL + AUTHENTICATION_FAILED; - + { + return STF_FAIL + ISAKMP_AUTHENTICATION_FAILED; + } if (st->nat_traversal & NAT_T_WITH_NATD) { nat_traversal_natd_lookup(md); @@ -3413,11 +3585,13 @@ stf_status main_inR2_outI3(struct msg_digest *md) struct isakmp_ipsec_id id_hd; chunk_t id_b; - build_id_payload(&id_hd, &id_b, &st->st_connection->spd.this); + build_id_payload(&id_hd, &id_b, &c->spd.this); id_hd.isaiid_np = (send_cert)? ISAKMP_NEXT_CERT : auth_payload; if (!out_struct(&id_hd, &isakmp_ipsec_identification_desc, &md->rbody, &id_pbs) || !out_chunk(id_b, &id_pbs, "my identity")) + { return STF_INTERNAL_ERROR; + } close_output_pbs(&id_pbs); } @@ -3427,12 +3601,14 @@ stf_status main_inR2_outI3(struct msg_digest *md) DBG(DBG_CONTROL, DBG_log("our certificate policy is %N", cert_policy_names, cert_policy) ) - if (mycert.type != CERT_NONE) + if (mycert && mycert->cert->get_type(mycert->cert) == CERT_X509) { const char *request_text = ""; if (cert_policy == CERT_SEND_IF_ASKED) + { request_text = (send_cert)? "upon request":"without request"; + } plog("we have a cert %s sending it %s" , send_cert? "and are":"but are not", request_text); } @@ -3443,31 +3619,43 @@ stf_status main_inR2_outI3(struct msg_digest *md) } if (send_cert) { + bool success; + chunk_t cert_encoding; pb_stream cert_pbs; struct isakmp_cert cert_hd; cert_hd.isacert_np = (send_cr)? ISAKMP_NEXT_CR : ISAKMP_NEXT_SIG; - cert_hd.isacert_type = mycert.type; + cert_hd.isacert_type = CERT_X509_SIGNATURE; if (!out_struct(&cert_hd, &isakmp_ipsec_certificate_desc, &md->rbody, &cert_pbs)) + { return STF_INTERNAL_ERROR; - if (!out_chunk(cert_get_encoding(mycert), &cert_pbs, "CERT")) + } + cert_encoding = mycert->cert->get_encoding(mycert->cert); + success = out_chunk(cert_encoding, &cert_pbs, "CERT"); + free(cert_encoding.ptr); + if (!success) + { return STF_INTERNAL_ERROR; + } close_output_pbs(&cert_pbs); } /* CR out */ if (send_cr) { - if (!build_and_ship_CR(mycert.type, st->st_connection->spd.that.ca - , &md->rbody, ISAKMP_NEXT_SIG)) + identification_t *ca = st->st_connection->spd.that.ca; + chunk_t cr = (ca) ? ca->get_encoding(ca) : chunk_empty; + + if (!build_and_ship_CR(CERT_X509_SIGNATURE, cr, &md->rbody, ISAKMP_NEXT_SIG)) + { return STF_INTERNAL_ERROR; + } } /* HASH_I or SIG_I out */ { - u_char hash_buf[MAX_DIGEST_LEN]; - chunk_t hash = chunk_from_buf(hash_buf); + chunk_t hash = chunk_alloca(MAX_DIGEST_LEN); main_mode_hash(st, &hash, TRUE, &id_pbs); @@ -3489,16 +3677,18 @@ stf_status main_inR2_outI3(struct msg_digest *md) scheme = oakley_to_signature_scheme(st->st_oakley.auth); - sig_len = sign_hash(scheme, st->st_connection, sig_val, hash); + sig_len = sign_hash(scheme, c, sig_val, hash); if (sig_len == 0) { loglog(RC_LOG_SERIOUS, "unable to locate my private key for signature"); - return STF_FAIL + AUTHENTICATION_FAILED; + return STF_FAIL + ISAKMP_AUTHENTICATION_FAILED; } if (!out_generic_raw(ISAKMP_NEXT_NONE, &isakmp_signature_desc , &md->rbody, sig_val, sig_len, "SIG_I")) + { return STF_INTERNAL_ERROR; + } } } @@ -3506,8 +3696,9 @@ stf_status main_inR2_outI3(struct msg_digest *md) /* st_new_iv was computed by generate_skeyids_iv */ if (!encrypt_message(&md->rbody, st)) + { return STF_INTERNAL_ERROR; /* ??? we may be partly committed */ - + } return STF_OK; } @@ -3534,13 +3725,10 @@ struct key_continuation { typedef stf_status (key_tail_fn)(struct msg_digest *md , struct key_continuation *kc); -static void report_key_dns_failure(struct id *id, err_t ugh) +static void report_key_dns_failure(identification_t *id, err_t ugh) { - char id_buf[BUF_LEN]; /* arbitrary limit on length of ID reported */ - - (void) idtoa(id, id_buf, sizeof(id_buf)); - loglog(RC_LOG_SERIOUS, "no RSA public key known for '%s'" - "; DNS search for KEY failed (%s)", id_buf, ugh); + loglog(RC_LOG_SERIOUS, "no RSA public key known for '%Y'" + "; DNS search for KEY failed (%s)", id, ugh); } @@ -3558,15 +3746,16 @@ main_id_and_auth(struct msg_digest *md , const struct key_continuation *kc /* current state, can be NULL */ ) { - u_char hash_buf[MAX_DIGEST_LEN]; - chunk_t hash = chunk_from_buf(hash_buf); + chunk_t hash = chunk_alloca(MAX_DIGEST_LEN); struct state *st = md->st; - struct id peer; + identification_t *peer; stf_status r = STF_OK; /* ID Payload in */ if (!decode_peer_id(md, &peer)) - return STF_FAIL + INVALID_ID_INFORMATION; + { + return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; + } /* Hash the ID Payload. * main_mode_hash requires idpl->cur to be at end of payload @@ -3596,7 +3785,7 @@ main_id_and_auth(struct msg_digest *md , hash_pbs->cur, pbs_left(hash_pbs)); loglog(RC_LOG_SERIOUS, "received Hash Payload does not match computed value"); /* XXX Could send notification back */ - r = STF_FAIL + INVALID_HASH_INFORMATION; + r = STF_FAIL + ISAKMP_INVALID_HASH_INFORMATION; } } break; @@ -3604,14 +3793,14 @@ main_id_and_auth(struct msg_digest *md case OAKLEY_RSA_SIG: case XAUTHInitRSA: case XAUTHRespRSA: - r = check_signature(KEY_RSA, &peer, st, hash, - &md->chain[ISAKMP_NEXT_SIG]->pbs, + r = check_signature(KEY_RSA, peer, st, hash, + &md->chain[ISAKMP_NEXT_SIG]->pbs, #ifdef USE_KEYRR - kc == NULL? NULL : kc->ac.keys_from_dns, + kc == NULL ? NULL : kc->ac.keys_from_dns, #endif /* USE_KEYRR */ - kc == NULL? NULL : kc->ac.gateways_from_dns + kc == NULL ? NULL : kc->ac.gateways_from_dns ); - + if (r == STF_SUSPEND) { /* initiate/resume asynchronous DNS lookup for key */ @@ -3634,22 +3823,14 @@ main_id_and_auth(struct msg_digest *md #ifdef USE_KEYRR nkc->failure_ok = TRUE; #endif - ugh = start_adns_query(&peer - , &peer /* SG itself */ - , T_TXT - , cont_fn - , &nkc->ac); + ugh = start_adns_query(peer, peer, T_TXT, cont_fn, &nkc->ac); break; #ifdef USE_KEYRR case kos_his_txt: /* second try: look for the KEY records */ nkc->step = kos_his_key; - ugh = start_adns_query(&peer - , NULL /* no sgw for KEY */ - , T_KEY - , cont_fn - , &nkc->ac); + ugh = start_adns_query(peer, NULL, T_KEY, cont_fn, &nkc->ac); break; #endif /* USE_KEYRR */ @@ -3659,9 +3840,9 @@ main_id_and_auth(struct msg_digest *md if (ugh != NULL) { - report_key_dns_failure(&peer, ugh); + report_key_dns_failure(peer, ugh); st->st_suspended_md = NULL; - r = STF_FAIL + INVALID_KEY_INFORMATION; + r = STF_FAIL + ISAKMP_INVALID_KEY_INFORMATION; } } break; @@ -3669,7 +3850,7 @@ main_id_and_auth(struct msg_digest *md case OAKLEY_ECDSA_256: case OAKLEY_ECDSA_384: case OAKLEY_ECDSA_521: - r = check_signature(KEY_ECDSA, &peer, st, hash, + r = check_signature(KEY_ECDSA, peer, st, hash, &md->chain[ISAKMP_NEXT_SIG]->pbs, #ifdef USE_KEYRR NULL, @@ -3681,16 +3862,20 @@ main_id_and_auth(struct msg_digest *md bad_case(st->st_oakley.auth); } if (r != STF_OK) + { + peer->destroy(peer); return r; - + } DBG(DBG_CRYPT, DBG_log("authentication succeeded")); /* * With the peer ID known, let's see if we need to switch connections. */ - if (!switch_connection(md, &peer, initiator)) - return STF_FAIL + INVALID_ID_INFORMATION; - + if (!switch_connection(md, peer, initiator)) + { + r = STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; + } + peer->destroy(peer); return r; } @@ -3715,7 +3900,7 @@ main_id_and_auth(struct msg_digest *md * to find authentication, or we run out of things * to try. */ -static void key_continue(struct adns_continuation *cr, err_t ugh, +static void key_continue(struct adns_continuation *cr, err_t ugh, key_tail_fn *tail) { struct key_continuation *kc = (void *)cr; @@ -3734,8 +3919,8 @@ static void key_continue(struct adns_continuation *cr, err_t ugh, if (!kc->failure_ok && ugh != NULL) { - report_key_dns_failure(&st->st_connection->spd.that.id, ugh); - r = STF_FAIL + INVALID_KEY_INFORMATION; + report_key_dns_failure(st->st_connection->spd.that.id, ugh); + r = STF_FAIL + ISAKMP_INVALID_KEY_INFORMATION; } else { @@ -3751,7 +3936,9 @@ static void key_continue(struct adns_continuation *cr, err_t ugh, complete_state_transition(&kc->md, r); } if (kc->md != NULL) + { release_md(kc->md); + } cur_state = NULL; } @@ -3786,7 +3973,7 @@ main_inI3_outR3_tail(struct msg_digest *md u_int8_t auth_payload; pb_stream r_id_pbs; /* ID Payload; also used for hash calculation */ certpolicy_t cert_policy; - cert_t mycert; + cert_t *mycert; bool pubkey_auth, send_cert, requested; /* ID and HASH_I or SIG_I in @@ -3798,7 +3985,9 @@ main_inI3_outR3_tail(struct msg_digest *md , kc); if (r != STF_OK) + { return r; + } } /* send certificate if pubkey authentication is used, we have one @@ -3809,7 +3998,8 @@ main_inI3_outR3_tail(struct msg_digest *md requested = cert_policy == CERT_SEND_IF_ASKED && st->st_connection->got_certrequest; pubkey_auth = uses_pubkey_auth(st->st_oakley.auth); - send_cert = pubkey_auth && mycert.type != CERT_NONE && + send_cert = pubkey_auth && mycert && + mycert->cert->get_type(mycert->cert) == CERT_X509 && (cert_policy == CERT_ALWAYS_SEND || requested); /*************** build output packet HDR*;IDir;HASH/SIG_R ***************/ @@ -3840,7 +4030,9 @@ main_inI3_outR3_tail(struct msg_digest *md id_hd.isaiid_np = (send_cert)? ISAKMP_NEXT_CERT : auth_payload; if (!out_struct(&id_hd, &isakmp_ipsec_identification_desc, &md->rbody, &r_id_pbs) || !out_chunk(id_b, &r_id_pbs, "my identity")) + { return STF_INTERNAL_ERROR; + } close_output_pbs(&r_id_pbs); } @@ -3850,12 +4042,14 @@ main_inI3_outR3_tail(struct msg_digest *md DBG(DBG_CONTROL, DBG_log("our certificate policy is %N", cert_policy_names, cert_policy) ) - if (mycert.type != CERT_NONE) + if (mycert && mycert->cert->get_type(mycert->cert) == CERT_X509) { const char *request_text = ""; if (cert_policy == CERT_SEND_IF_ASKED) + { request_text = (send_cert)? "upon request":"without request"; + } plog("we have a cert %s sending it %s" , send_cert? "and are":"but are not", request_text); } @@ -3866,23 +4060,31 @@ main_inI3_outR3_tail(struct msg_digest *md } if (send_cert) { + bool success; + chunk_t cert_encoding; pb_stream cert_pbs; - struct isakmp_cert cert_hd; + cert_hd.isacert_np = ISAKMP_NEXT_SIG; - cert_hd.isacert_type = mycert.type; + cert_hd.isacert_type = CERT_X509_SIGNATURE; if (!out_struct(&cert_hd, &isakmp_ipsec_certificate_desc, &md->rbody, &cert_pbs)) - return STF_INTERNAL_ERROR; - if (!out_chunk(cert_get_encoding(mycert), &cert_pbs, "CERT")) + { + return STF_INTERNAL_ERROR; + } + cert_encoding = mycert->cert->get_encoding(mycert->cert); + success = out_chunk(cert_encoding, &cert_pbs, "CERT"); + free(cert_encoding.ptr); + if (!success) + { return STF_INTERNAL_ERROR; + } close_output_pbs(&cert_pbs); } /* HASH_R or SIG_R out */ { - u_char hash_buf[MAX_DIGEST_LEN]; - chunk_t hash = chunk_from_buf(hash_buf); + chunk_t hash = chunk_alloca(MAX_DIGEST_LEN); main_mode_hash(st, &hash, FALSE, &r_id_pbs); @@ -3908,19 +4110,23 @@ main_inI3_outR3_tail(struct msg_digest *md if (sig_len == 0) { loglog(RC_LOG_SERIOUS, "unable to locate my private key for signature"); - return STF_FAIL + AUTHENTICATION_FAILED; + return STF_FAIL + ISAKMP_AUTHENTICATION_FAILED; } if (!out_generic_raw(ISAKMP_NEXT_NONE, &isakmp_signature_desc , &md->rbody, sig_val, sig_len, "SIG_R")) + { return STF_INTERNAL_ERROR; + } } } /* encrypt message, sans fixed part of header */ if (!encrypt_message(&md->rbody, st)) + { return STF_INTERNAL_ERROR; /* ??? we may be partly committed */ + } /* Last block of Phase 1 (R3), kept for Phase 2 IV generation */ DBG_cond_dump(DBG_CRYPT, "last encrypted block of Phase 1:" @@ -3969,7 +4175,9 @@ static stf_status main_inR3_tail(struct msg_digest *md, stf_status r = main_id_and_auth(md, TRUE, main_inR3_continue, kc); if (r != STF_OK) + { return r; + } } /**************** done input ****************/ @@ -4103,7 +4311,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b stf_status quick_inI1_outR1(struct msg_digest *md) { const struct state *const p1st = md->st; - struct connection *c = p1st->st_connection; + connection_t *c = p1st->st_connection; struct payload_digest *const id_pd = md->chain[ISAKMP_NEXT_ID]; struct verify_oppo_bundle b; @@ -4127,12 +4335,16 @@ stf_status quick_inI1_outR1(struct msg_digest *md) if (!decode_net_id(&id_pd->payload.ipsec_id, &id_pd->pbs , &b.his.net, "peer client")) - return STF_FAIL + INVALID_ID_INFORMATION; + { + return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; + } /* Hack for MS 818043 NAT-T Update */ if (id_pd->payload.ipsec_id.isaiid_idtype == ID_FQDN) + { happy(addrtosubnet(&c->spd.that.host_addr, &b.his.net)); + } /* End Hack for MS 818043 NAT-T Update */ @@ -4144,8 +4356,9 @@ stf_status quick_inI1_outR1(struct msg_digest *md) if (!decode_net_id(&id_pd->next->payload.ipsec_id, &id_pd->next->pbs , &b.my.net, "our client")) - return STF_FAIL + INVALID_ID_INFORMATION; - + { + return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; + } b.my.proto = id_pd->next->payload.ipsec_id.isaiid_protoid; b.my.port = id_pd->next->payload.ipsec_id.isaiid_port; b.my.net.addr.u.v4.sin_port = htons(b.my.port); @@ -4154,8 +4367,9 @@ stf_status quick_inI1_outR1(struct msg_digest *md) { /* implicit IDci and IDcr: peer and self */ if (!sameaddrtype(&c->spd.this.host_addr, &c->spd.that.host_addr)) + { return STF_FAIL; - + } happy(addrtosubnet(&c->spd.this.host_addr, &b.my.net)); happy(addrtosubnet(&c->spd.that.host_addr, &b.his.net)); b.his.proto = b.my.proto = 0; @@ -4224,7 +4438,7 @@ static void quick_inI1_outR1_continue(struct adns_continuation *cr, err_t ugh) if (!b->failure_ok && ugh != NULL) { report_verify_failure(b, ugh); - r = STF_FAIL + INVALID_ID_INFORMATION; + r = STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; } else { @@ -4233,7 +4447,9 @@ static void quick_inI1_outR1_continue(struct adns_continuation *cr, err_t ugh) complete_state_transition(&b->md, r); } if (b->md != NULL) + { release_md(b->md); + } cur_state = NULL; } @@ -4242,11 +4458,11 @@ static stf_status quick_inI1_outR1_start_query(struct verify_oppo_bundle *b, { struct msg_digest *md = b->md; struct state *p1st = md->st; - struct connection *c = p1st->st_connection; + connection_t *c = p1st->st_connection; struct verify_oppo_continuation *vc = malloc_thing(struct verify_oppo_continuation); - struct id id /* subject of query */ - , *our_id /* needed for myid playing */ - , our_id_space; /* ephemeral: no need for unshare_id_content */ + identification_t *id; /* subject of query */ + identification_t *our_id; /* needed for myid playing */ + identification_t *our_id_space; /* ephemeral: no need for unshare_id_content */ ip_address client; err_t ugh = NULL; @@ -4282,20 +4498,20 @@ static stf_status quick_inI1_outR1_start_query(struct verify_oppo_bundle *b, * %myid makes no sense for the other side (but it is syntactically * legal). */ - our_id = resolve_myid(&c->spd.this.id); - if (our_id->kind == ID_ANY) + our_id = resolve_myid(c->spd.this.id); + if (our_id->get_type(our_id) == ID_ANY) { - iptoid(&c->spd.this.host_addr, &our_id_space); - our_id = &our_id_space; + our_id_space = identification_create_from_sockaddr((sockaddr_t*)&c->spd.this.host_addr); + our_id = our_id_space; } switch (next_step) { case vos_our_client: networkof(&b->my.net, &client); - iptoid(&client, &id); + id = identification_create_from_sockaddr((sockaddr_t*)&client); vc->b.failure_ok = b->failure_ok = FALSE; - ugh = start_adns_query(&id + ugh = start_adns_query(id , our_id , T_TXT , quick_inI1_outR1_continue @@ -4324,10 +4540,10 @@ static stf_status quick_inI1_outR1_start_query(struct verify_oppo_bundle *b, case vos_his_client: networkof(&b->his.net, &client); - iptoid(&client, &id); + id = identification_create_from_sockaddr((sockaddr_t*)&client); vc->b.failure_ok = b->failure_ok = FALSE; - ugh = start_adns_query(&id - , &c->spd.that.id + ugh = start_adns_query(id + , c->spd.that.id , T_TXT , quick_inI1_outR1_continue , &vc->ac); @@ -4345,7 +4561,7 @@ static stf_status quick_inI1_outR1_start_query(struct verify_oppo_bundle *b, */ report_verify_failure(b, ugh); p1st->st_suspended_md = NULL; - return STF_FAIL + INVALID_ID_INFORMATION; + return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; } else { @@ -4358,7 +4574,7 @@ static enum verify_oppo_step quick_inI1_outR1_process_answer( struct adns_continuation *ac, struct state *p1st) { - struct connection *c = p1st->st_connection; + connection_t *c = p1st->st_connection; enum verify_oppo_step next_step = vos_our_client; err_t ugh = NULL; @@ -4491,14 +4707,12 @@ static enum verify_oppo_step quick_inI1_outR1_process_answer( next_step = vos_done; { public_key_t *pub_key; - identification_t *p1st_keyid; struct gw_info *gwp; - + /* check that the public key that authenticated * the ISAKMP SA (p1st) will do for this gateway. */ pub_key = p1st->st_peer_pubkey->public_key; - p1st_keyid = pub_key->get_id(pub_key, ID_PUBKEY_INFO_SHA1); ugh = "peer's client does not delegate to peer"; for (gwp = ac->gateways_from_dns; gwp != NULL; gwp = gwp->next) @@ -4510,10 +4724,8 @@ static enum verify_oppo_step quick_inI1_outR1_process_answer( * it implies fetching a KEY from the same * place we must have gotten it. */ - if (!gwp->gw_key_present || p1st_keyid->equals(p1st_keyid, - gwp->key->public_key->get_id(gwp->key->public_key, - ID_PUBKEY_INFO_SHA1)) - ) + if (!gwp->gw_key_present || + pub_key->equals(pub_key, gwp->key->public_key)) { ugh = NULL; /* good! */ break; @@ -4539,7 +4751,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, { struct msg_digest *md = b->md; struct state *const p1st = md->st; - struct connection *c = p1st->st_connection; + connection_t *c = p1st->st_connection; struct payload_digest *const id_pd = md->chain[ISAKMP_NEXT_ID]; ip_subnet *our_net = &b->my.net , *his_net = &b->his.net; @@ -4552,7 +4764,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, * a suitable connection (our current one only matches for hosts). */ { - struct connection *p = find_client_connection(c + connection_t *p = find_client_connection(c , our_net, his_net, b->my.proto, b->my.port, b->his.proto, b->his.port); if (p == NULL) @@ -4582,7 +4794,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, plog("cannot respond to IPsec SA request" " because no connection is known for %s" , buf); - return STF_FAIL + INVALID_ID_INFORMATION; + return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; } else if (p != c) { @@ -4609,14 +4821,18 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, next_step = quick_inI1_outR1_process_answer(b, ac, p1st); if (next_step == vos_fail) - return STF_FAIL + INVALID_ID_INFORMATION; + { + return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; + } /* short circuit: if peer's client is self, * accept that we've verified delegation in Phase 1 */ if (next_step == vos_his_client && sameaddr(&c->spd.that.host_addr, &his_client)) + { next_step = vos_done; + } /* the second chunk: initiate the next DNS query (if any) */ DBG(DBG_CONTROL, @@ -4633,7 +4849,9 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, /* start next DNS query and suspend (if necessary) */ if (next_step != vos_done) + { return quick_inI1_outR1_start_query(b, next_step); + } /* Instantiate inbound Opportunistic connection, * carrying over authenticated peer ID @@ -4643,7 +4861,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, * We should record DNS sec use, if any -- belongs in * state during perhaps. */ - p = oppo_instantiate(p, &c->spd.that.host_addr, &c->spd.that.id + p = oppo_instantiate(p, &c->spd.that.host_addr, c->spd.that.id , NULL, &our_client, &his_client); } else @@ -4652,7 +4870,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, * instantiate, carrying over authenticated peer ID */ p = rw_instantiate(p, &c->spd.that.host_addr, md->sender_port - , his_net, &c->spd.that.id); + , his_net, c->spd.that.id); } } #ifdef DEBUG @@ -4680,7 +4898,9 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, c->spd.that.client = *his_net; c->spd.that.virt = NULL; if (subnetishost(his_net) && addrinsubnet(&c->spd.that.host_addr, his_net)) + { c->spd.that.has_client = FALSE; + } } /* fill in the client's true port */ @@ -4708,7 +4928,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, if (st->st_connection != c) { - struct connection *t = st->st_connection; + connection_t *t = st->st_connection; st->st_connection = c; set_cur_connection(c); @@ -4781,7 +5001,9 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, /* sa header is unchanged -- except for np */ sa.isasa_np = ISAKMP_NEXT_NONCE; if (!out_struct(&sa, &isakmp_sa_desc, &md->rbody, &r_sa_pbs)) + { return STF_INTERNAL_ERROR; + } /* parse and accept body */ st->st_pfs_group = &unset_group; @@ -4794,7 +5016,7 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, if ((st->st_policy & POLICY_PFS) && st->st_pfs_group == NULL) { loglog(RC_LOG_SERIOUS, "we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION"); - return STF_FAIL + NO_PROPOSAL_CHOSEN; /* ??? */ + return STF_FAIL + ISAKMP_NO_PROPOSAL_CHOSEN; } /* Ni in */ @@ -4811,7 +5033,9 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, if (!build_and_ship_nonce(&st->st_nr, &md->rbody , st->st_pfs_group != NULL? ISAKMP_NEXT_KE : id_pd != NULL? ISAKMP_NEXT_ID : ISAKMP_NEXT_NONE , "Nr")) + { return STF_INTERNAL_ERROR; + } /* [ KE ] out (for PFS) */ @@ -4819,7 +5043,9 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, { if (!build_and_ship_KE(st, &st->st_gr, st->st_pfs_group , &md->rbody, id_pd != NULL? ISAKMP_NEXT_ID : ISAKMP_NEXT_NONE)) - return STF_INTERNAL_ERROR; + { + return STF_INTERNAL_ERROR; + } /* MPZ-Operations might be done after sending the packet... */ compute_dh_shared(st, st->st_gi); @@ -4831,13 +5057,17 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, struct isakmp_ipsec_id *p = (void *)md->rbody.cur; /* UGH! */ if (!out_raw(id_pd->pbs.start, pbs_room(&id_pd->pbs), &md->rbody, "IDci")) + { return STF_INTERNAL_ERROR; + } p->isaiid_np = ISAKMP_NEXT_ID; p = (void *)md->rbody.cur; /* UGH! */ if (!out_raw(id_pd->next->pbs.start, pbs_room(&id_pd->next->pbs), &md->rbody, "IDcr")) + { return STF_INTERNAL_ERROR; + } p->isaiid_np = ISAKMP_NEXT_NONE; } @@ -4873,12 +5103,16 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, * failure won't look like success. */ if (!install_inbound_ipsec_sa(st)) + { return STF_INTERNAL_ERROR; /* ??? we may be partly committed */ + } /* encrypt message, except for fixed part of header */ if (!encrypt_message(&md->rbody, st)) + { return STF_INTERNAL_ERROR; /* ??? we may be partly committed */ + } return STF_OK; } @@ -4891,14 +5125,16 @@ static void dpd_init(struct state *st) { struct state *p1st = find_state(st->st_icookie, st->st_rcookie , &st->st_connection->spd.that.host_addr, 0); - + if (p1st == NULL) + { loglog(RC_LOG_SERIOUS, "could not find phase 1 state for DPD"); + } else if (p1st->st_dpd) { plog("Dead Peer Detection (RFC 3706) enabled"); /* randomize the first DPD event */ - + event_schedule(EVENT_DPD , (0.5 + rand()/(RAND_MAX + 1.E0)) * st->st_connection->dpd_delay , st); @@ -4914,7 +5150,7 @@ static void dpd_init(struct state *st) stf_status quick_inR1_outI2(struct msg_digest *md) { struct state *const st = md->st; - const struct connection *c = st->st_connection; + const connection_t *c = st->st_connection; /* HASH(2) in */ CHECK_QUICK_HASH(md @@ -4937,7 +5173,9 @@ stf_status quick_inR1_outI2(struct msg_digest *md) RETURN_STF_FAILURE(accept_PFS_KE(md, &st->st_gr, "Gr", "Quick Mode R1")); if (st->st_pfs_group != NULL) + { compute_dh_shared(st, st->st_gr); + } /* [ IDci, IDcr ] in; these must match what we sent */ @@ -4954,7 +5192,9 @@ stf_status quick_inR1_outI2(struct msg_digest *md) , &st->st_myuserprotoid, &st->st_myuserport , &st->st_connection->spd.this.client , "our client")) - return STF_FAIL + INVALID_ID_INFORMATION; + { + return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; + } /* IDcr (responder is peer) */ @@ -4962,7 +5202,9 @@ stf_status quick_inR1_outI2(struct msg_digest *md) , &st->st_peeruserprotoid, &st->st_peeruserport , &st->st_connection->spd.that.client , "peer client")) - return STF_FAIL + INVALID_ID_INFORMATION; + { + return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; + } } else { @@ -4972,35 +5214,40 @@ stf_status quick_inR1_outI2(struct msg_digest *md) { loglog(RC_LOG_SERIOUS, "IDci, IDcr payloads missing in message" " but default does not match proposal"); - return STF_FAIL + INVALID_ID_INFORMATION; + return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; } } } /* check the peer's group attributes */ - { - const ietfAttrList_t *peer_list = NULL; - - get_peer_ca_and_groups(st->st_connection, &peer_list); + identification_t *peer_ca = NULL; + ietf_attributes_t *peer_attributes = NULL; + bool match; - if (!group_membership(peer_list, st->st_connection->name - , st->st_connection->spd.that.groups)) + get_peer_ca_and_groups(st->st_connection, &peer_ca, &peer_attributes); + match = match_group_membership(peer_attributes, + st->st_connection->name, + st->st_connection->spd.that.groups); + DESTROY_IF(peer_attributes); + + if (!match) { - char buf[BUF_LEN]; + ietf_attributes_t *groups = st->st_connection->spd.that.groups; - format_groups(st->st_connection->spd.that.groups, buf, BUF_LEN); - loglog(RC_LOG_SERIOUS, "peer is not member of one of the groups: %s" - , buf); - return STF_FAIL + INVALID_ID_INFORMATION; + loglog(RC_LOG_SERIOUS, + "peer with attributes '%s' is not a member of the groups '%s'", + peer_attributes->get_string(peer_attributes), + groups->get_string(groups)); + return STF_FAIL + ISAKMP_INVALID_ID_INFORMATION; } } - if ((st->nat_traversal & NAT_T_DETECTED) - && (st->nat_traversal & NAT_T_WITH_NATOA)) - { - nat_traversal_natoa_lookup(md); - } + if ((st->nat_traversal & NAT_T_DETECTED) + && (st->nat_traversal & NAT_T_WITH_NATOA)) + { + nat_traversal_natoa_lookup(md); + } /* ??? We used to copy the accepted proposal into the state, but it was * never used. From sa_pd->pbs.start, length pbs_room(&sa_pd->pbs). @@ -5029,32 +5276,37 @@ stf_status quick_inR1_outI2(struct msg_digest *md) * failure won't look like success. */ if (!install_ipsec_sa(st, TRUE)) + { return STF_INTERNAL_ERROR; + } /* encrypt message, except for fixed part of header */ if (!encrypt_message(&md->rbody, st)) - return STF_INTERNAL_ERROR; /* ??? we may be partly committed */ - { - DBG(DBG_CONTROLMORE, DBG_log("inR1_outI2: instance %s[%ld], setting newest_ipsec_sa to #%ld (was #%ld) (spd.eroute=#%ld)" + return STF_INTERNAL_ERROR; /* ??? we may be partly committed */ + } + DBG(DBG_CONTROLMORE, + DBG_log("inR1_outI2: instance %s[%ld], setting newest_ipsec_sa to #%ld (was #%ld) (spd.eroute=#%ld)" , st->st_connection->name , st->st_connection->instance_serial , st->st_serialno , st->st_connection->newest_ipsec_sa - , st->st_connection->spd.eroute_owner)); - } - + , st->st_connection->spd.eroute_owner) + ) st->st_connection->newest_ipsec_sa = st->st_serialno; /* note (presumed) success */ if (c->gw_info != NULL) + { c->gw_info->key->last_worked_time = now(); + } /* If we want DPD on this connection then initialize it */ if (st->st_connection->dpd_action != DPD_ACTION_NONE) + { dpd_init(st); - + } return STF_OK; } @@ -5078,17 +5330,17 @@ stf_status quick_inI2(struct msg_digest *md) * failure won't look like success. */ if (!install_ipsec_sa(st, FALSE)) - return STF_INTERNAL_ERROR; - { - DBG(DBG_CONTROLMORE, DBG_log("inI2: instance %s[%ld], setting newest_ipsec_sa to #%ld (was #%ld) (spd.eroute=#%ld)" + return STF_INTERNAL_ERROR; + } + DBG(DBG_CONTROLMORE, + DBG_log("inI2: instance %s[%ld], setting newest_ipsec_sa to #%ld (was #%ld) (spd.eroute=#%ld)" , st->st_connection->name , st->st_connection->instance_serial , st->st_serialno , st->st_connection->newest_ipsec_sa - , st->st_connection->spd.eroute_owner)); - } - + , st->st_connection->spd.eroute_owner) + ) st->st_connection->newest_ipsec_sa = st->st_serialno; update_iv(st); /* not actually used, but tidy */ @@ -5098,13 +5350,16 @@ stf_status quick_inI2(struct msg_digest *md) struct gw_info *gw = st->st_connection->gw_info; if (gw != NULL) + { gw->key->last_worked_time = now(); + } } /* If we want DPD on this connection then initialize it */ if (st->st_connection->dpd_action != DPD_ACTION_NONE) + { dpd_init(st); - + } return STF_OK; } @@ -5117,9 +5372,9 @@ static stf_status send_isakmp_notification(struct state *st, u_int16_t type, u_char *r_hashval, /* where in reply to jam hash value */ *r_hash_start; /* start of what is to be hashed */ - + msgid = generate_msgid(st); - + init_pbs(&reply, reply_buffer, sizeof(reply_buffer), "ISAKMP notify"); /* HDR* */ @@ -5134,7 +5389,9 @@ static stf_status send_isakmp_notification(struct state *st, u_int16_t type, memcpy(hdr.isa_icookie, st->st_icookie, COOKIE_SIZE); memcpy(hdr.isa_rcookie, st->st_rcookie, COOKIE_SIZE); if (!out_struct(&hdr, &isakmp_hdr_desc, &reply, &rbody)) + { impossible(); + } } /* HASH -- create and note space to be filled later */ START_HASH_PAYLOAD(rbody, ISAKMP_NEXT_N); @@ -5147,22 +5404,32 @@ static stf_status send_isakmp_notification(struct state *st, u_int16_t type, isan.isan_np = ISAKMP_NEXT_NONE; isan.isan_doi = ISAKMP_DOI_IPSEC; isan.isan_protoid = PROTO_ISAKMP; - isan.isan_spisize = COOKIE_SIZE * 2; + isan.isan_spisize = COOKIE_SIZE * 2; isan.isan_type = type; if (!out_struct(&isan, &isakmp_notification_desc, &rbody, ¬ify_pbs)) + { return STF_INTERNAL_ERROR; + } if (!out_raw(st->st_icookie, COOKIE_SIZE, ¬ify_pbs, "notify icookie")) - return STF_INTERNAL_ERROR; + { + return STF_INTERNAL_ERROR; + } if (!out_raw(st->st_rcookie, COOKIE_SIZE, ¬ify_pbs, "notify rcookie")) - return STF_INTERNAL_ERROR; + { + return STF_INTERNAL_ERROR; + } if (data != NULL && len > 0) + { if (!out_raw(data, len, ¬ify_pbs, "notify data")) - return STF_INTERNAL_ERROR; + { + return STF_INTERNAL_ERROR; + } + } close_output_pbs(¬ify_pbs); } - + { - /* finish computing HASH */ + /* finish computing HASH */ chunk_t msgid_chunk = chunk_from_thing(msgid); chunk_t msg_chunk = { r_hash_start, rbody.cur-r_hash_start }; pseudo_random_function_t prf_alg; @@ -5197,8 +5464,10 @@ static stf_status send_isakmp_notification(struct state *st, u_int16_t type, init_phase2_iv(st, &msgid); if (!encrypt_message(&rbody, st)) + { return STF_INTERNAL_ERROR; - + } + /* restore preserved st_iv and st_new_iv */ memcpy(st->st_iv, old_iv, old_iv_len); memcpy(st->st_new_iv, new_iv, new_iv_len); @@ -5241,7 +5510,9 @@ void dpd_outI(struct state *p2st) /* If no DPD, then get out of here */ if (!st->st_dpd) + { return; + } /* schedule the next periodic DPD event */ event_schedule(EVENT_DPD, delay, p2st); @@ -5329,7 +5600,7 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p if (n->isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) < COOKIE_SIZE * 2) { loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE has invalid SPI length (%d)", n->isan_spisize); - return STF_FAIL + PAYLOAD_MALFORMED; + return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED; } if (memcmp(pbs->cur, st->st_icookie, COOKIE_SIZE) != 0) @@ -5338,7 +5609,7 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p /* Ignore it, cisco sends odd icookies */ #else loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE has invalid icookie (broken Cisco?)"); - return STF_FAIL + INVALID_COOKIE; + return STF_FAIL + ISAKMP_INVALID_COOKIE; #endif } pbs->cur += COOKIE_SIZE; @@ -5346,7 +5617,7 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p if (memcmp(pbs->cur, st->st_rcookie, COOKIE_SIZE) != 0) { loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE has invalid rcookie (broken Cisco?)"); - return STF_FAIL + INVALID_COOKIE; + return STF_FAIL + ISAKMP_INVALID_COOKIE; } pbs->cur += COOKIE_SIZE; @@ -5354,7 +5625,7 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p { loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE has invalid data length (%d)" , (int) pbs_left(pbs)); - return STF_FAIL + PAYLOAD_MALFORMED; + return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED; } seqno = ntohl(*(u_int32_t *)pbs->cur); @@ -5403,7 +5674,7 @@ stf_status dpd_inR(struct state *st, struct isakmp_notification *const n, loglog(RC_LOG_SERIOUS , "DPD: R_U_THERE_ACK has invalid SPI length (%d)" , n->isan_spisize); - return STF_FAIL + PAYLOAD_MALFORMED; + return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED; } if (memcmp(pbs->cur, st->st_icookie, COOKIE_SIZE) != 0) @@ -5412,7 +5683,7 @@ stf_status dpd_inR(struct state *st, struct isakmp_notification *const n, /* Ignore it, cisco sends odd icookies */ #else loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE_ACK has invalid icookie"); - return STF_FAIL + INVALID_COOKIE; + return STF_FAIL + ISAKMP_INVALID_COOKIE; #endif } pbs->cur += COOKIE_SIZE; @@ -5423,7 +5694,7 @@ stf_status dpd_inR(struct state *st, struct isakmp_notification *const n, /* Ignore it, cisco sends odd icookies */ #else loglog(RC_LOG_SERIOUS, "DPD: R_U_THERE_ACK has invalid rcookie"); - return STF_FAIL + INVALID_COOKIE; + return STF_FAIL + ISAKMP_INVALID_COOKIE; #endif } pbs->cur += COOKIE_SIZE; @@ -5433,7 +5704,7 @@ stf_status dpd_inR(struct state *st, struct isakmp_notification *const n, loglog(RC_LOG_SERIOUS , " DPD: R_U_THERE_ACK has invalid data length (%d)" , (int) pbs_left(pbs)); - return STF_FAIL + PAYLOAD_MALFORMED; + return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED; } seqno = ntohl(*(u_int32_t *)pbs->cur); @@ -5447,7 +5718,7 @@ stf_status dpd_inR(struct state *st, struct isakmp_notification *const n, loglog(RC_LOG_SERIOUS , "DPD: R_U_THERE_ACK has unexpected sequence number %u (expected %u)" , seqno, st->st_dpd_expectseqno); - return STF_FAIL + PAYLOAD_MALFORMED; + return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED; } st->st_dpd_expectseqno = 0; @@ -5466,7 +5737,7 @@ void dpd_timeout(struct state *st) { struct state *newest_phase1_st; - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; int action = st->st_connection->dpd_action; char cname[BUF_LEN]; @@ -5501,14 +5772,18 @@ dpd_timeout(struct state *st) */ loglog(RC_LOG_SERIOUS, "DPD: Putting connection \"%s\" into %%trap", c->name); if (c->kind == CK_INSTANCE) + { delete_connection(c, TRUE); + } break; case DPD_ACTION_CLEAR: /* dpdaction=clear - Wipe the SA & eroute - everything */ loglog(RC_LOG_SERIOUS, "DPD: Clearing connection \"%s\"", c->name); unroute_connection(c); if (c->kind == CK_INSTANCE) + { delete_connection(c, TRUE); + } break; case DPD_ACTION_RESTART: /* dpdaction=restart - Restart connection, @@ -5521,7 +5796,9 @@ dpd_timeout(struct state *st) strncpy(cname, c->name, BUF_LEN); if (c->kind == CK_INSTANCE) + { delete_connection(c, TRUE); + } initiate_connection(cname, NULL_FD); break; default: diff --git a/src/pluto/ipsec_doi.h b/src/pluto/ipsec_doi.h index 2e242e903..c11edaa94 100644 --- a/src/pluto/ipsec_doi.h +++ b/src/pluto/ipsec_doi.h @@ -12,6 +12,11 @@ * for more details. */ +#ifndef _IPSEC_DOI_H +#define _IPSEC_DOI_H + +#include "defs.h" + extern void echo_hdr(struct msg_digest *md, bool enc, u_int8_t np); extern void ipsecdoi_initiate(int whack_sock, struct connection *c @@ -95,8 +100,9 @@ extern void dpd_timeout(struct state *st); DBG_cond_dump(DBG_CRYPT, "received " hash_name ":", hash_pbs->cur, pbs_left(hash_pbs)); \ loglog(RC_LOG_SERIOUS, "received " hash_name " does not match computed value in " msg_name); \ /* XXX Could send notification back */ \ - return STF_FAIL + INVALID_HASH_INFORMATION; \ + return STF_FAIL + ISAKMP_INVALID_HASH_INFORMATION; \ } \ } +#endif /* _IPSEC_DOI_H */ diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index 46edac1cd..fe4655d3f 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -45,7 +45,6 @@ #include "constants.h" #include "defs.h" -#include "id.h" #include "connections.h" #include "state.h" #include "timer.h" @@ -151,7 +150,7 @@ static void DBG_bare_shunt(const char *op, const struct bare_shunt *bs) struct eroute_info *orphaned_holds = NULL; /* forward declaration */ -static bool shunt_eroute(struct connection *c, struct spd_route *sr, +static bool shunt_eroute(connection_t *c, struct spd_route *sr, enum routing_t rt_kind, unsigned int op, const char *opname); @@ -347,14 +346,43 @@ ipsec_spi_t get_my_cpi(struct spd_route *sr, bool tunnel) latest_cpi++; if (latest_cpi == first_busy_cpi) + { find_my_cpi_gap(&latest_cpi, &first_busy_cpi); - + } if (latest_cpi > IPCOMP_LAST_NEGOTIATED) + { latest_cpi = IPCOMP_FIRST_NEGOTIATED; - + } return htonl((ipsec_spi_t)latest_cpi); } +/* Replace the shell metacharacters ', \, ", `, and $ in a character string + * by escape sequences consisting of their octal values + */ +static void escape_metachar(const char *src, char *dst, size_t dstlen) +{ + while (*src != '\0' && dstlen > 4) + { + switch (*src) + { + case '\'': + case '\\': + case '"': + case '`': + case '$': + sprintf(dst,"\\%s%o", (*src < 64)?"0":"", *src); + dst += 4; + dstlen -= 4; + break; + default: + *dst++ = *src; + dstlen--; + } + src++; + } + *dst = '\0'; +} + /* invoke the updown script to do the routing and firewall commands required * * The user-specified updown script is run. Parameters are fed to it in @@ -392,7 +420,7 @@ ipsec_spi_t get_my_cpi(struct spd_route *sr, bool tunnel) # define DEFAULT_UPDOWN "ipsec _updown" #endif -static bool do_command(struct connection *c, struct spd_route *sr, +static bool do_command(connection_t *c, struct spd_route *sr, const char *verb) { char cmd[1536]; /* arbitrary limit on shell command length */ @@ -469,7 +497,7 @@ static bool do_command(struct connection *c, struct spd_route *sr, } addrtot(&sr->this.host_addr, 0, me_str, sizeof(me_str)); - idtoa(&sr->this.id, myid_str, sizeof(myid_str)); + snprintf(myid_str, sizeof(myid_str), "%Y", sr->this.id); escape_metachar(myid_str, secure_myid_str, sizeof(secure_myid_str)); subnettot(&sr->this.client, 0, myclient_str, sizeof(myclientnet_str)); networkof(&sr->this.client, &ta); @@ -478,7 +506,7 @@ static bool do_command(struct connection *c, struct spd_route *sr, addrtot(&ta, 0, myclientmask_str, sizeof(myclientmask_str)); addrtot(&sr->that.host_addr, 0, peer_str, sizeof(peer_str)); - idtoa(&sr->that.id, peerid_str, sizeof(peerid_str)); + snprintf(peerid_str, sizeof(peerid_str), "%Y", sr->that.id); escape_metachar(peerid_str, secure_peerid_str, sizeof(secure_peerid_str)); subnettot(&sr->that.client, 0, peerclient_str, sizeof(peerclientnet_str)); networkof(&sr->that.client, &ta); @@ -492,11 +520,19 @@ static bool do_command(struct connection *c, struct spd_route *sr, key_type_t type = key->public_key->get_type(key->public_key); int pathlen; - if (type == KEY_RSA && same_id(&sr->that.id, &key->id) && + if (type == KEY_RSA && + sr->that.id->equals(sr->that.id, key->id) && trusted_ca(key->issuer, sr->that.ca, &pathlen)) { - dntoa_or_null(peerca_str, BUF_LEN, key->issuer, ""); - escape_metachar(peerca_str, secure_peerca_str, sizeof(secure_peerca_str)); + if (key->issuer) + { + snprintf(peerca_str, BUF_LEN, "%Y", key->issuer); + escape_metachar(peerca_str, secure_peerca_str, BUF_LEN); + } + else + { + secure_peerca_str[0] = '\0'; + } break; } } @@ -653,10 +689,10 @@ enum routability { route_farconflict = 3 }; -static enum routability could_route(struct connection *c) +static enum routability could_route(connection_t *c) { struct spd_route *esr, *rosr; - struct connection *ero /* who, if anyone, owns our eroute? */ + connection_t *ero /* who, if anyone, owns our eroute? */ , *ro = route_owner(c, &rosr, &ero, &esr); /* who owns our route? */ /* it makes no sense to route a connection that is ISAKMP-only */ @@ -710,8 +746,8 @@ static enum routability could_route(struct connection *c) /* if there is an eroute for another connection, there is a problem */ if (ero != NULL && ero != c) { - struct connection *ero2, *ero_top; - struct connection *inside, *outside; + connection_t *ero2, *ero_top; + connection_t *inside, *outside; /* * note, wavesec (PERMANENT) goes *outside* and @@ -797,7 +833,7 @@ static enum routability could_route(struct connection *c) return route_easy; } -bool trap_connection(struct connection *c) +bool trap_connection(connection_t *c) { switch (could_route(c)) { @@ -825,7 +861,7 @@ bool trap_connection(struct connection *c) /** * Delete any eroute for a connection and unroute it if route isn't shared */ -void unroute_connection(struct connection *c) +void unroute_connection(connection_t *c) { struct spd_route *sr; enum routing_t cr; @@ -847,7 +883,9 @@ void unroute_connection(struct connection *c) /* only unroute if no other connection shares it */ if (routed(cr) && route_owner(c, NULL, NULL, NULL) == NULL) + { (void) do_command(c, sr, "unroute"); + } } } @@ -868,7 +906,7 @@ static void set_text_said(char *text_said, const ip_address *dst, * this allows the entry to be deleted. */ static struct bare_shunt** bare_shunt_ptr(const ip_subnet *ours, - const ip_subnet *his, + const ip_subnet *his, int transport_proto) { struct bare_shunt *p, **pp; @@ -942,8 +980,8 @@ static bool raw_eroute(const ip_address *this_host, const ip_subnet *this_client, const ip_address *that_host, const ip_subnet *that_client, - ipsec_spi_t spi, - unsigned int proto, + ipsec_spi_t spi, + unsigned int proto, unsigned int satype, unsigned int transport_proto, const struct pfkey_proto_info *proto_info, @@ -1072,8 +1110,9 @@ static bool eroute_connection(struct spd_route *sr, ipsec_spi_t spi, , "eroute_connection %s", opname); if (proto == SA_INT) + { peer = aftoinfo(addrtypeof(peer))->any; - + } return raw_eroute(&sr->this.host_addr, &sr->this.client , peer , &sr->that.client @@ -1083,7 +1122,7 @@ static bool eroute_connection(struct spd_route *sr, ipsec_spi_t spi, /* assign a bare hold to a connection */ -bool assign_hold(struct connection *c USED_BY_DEBUG, struct spd_route *sr, +bool assign_hold(connection_t *c USED_BY_DEBUG, struct spd_route *sr, int transport_proto, const ip_address *src, const ip_address *dst) @@ -1225,7 +1264,7 @@ static bool sag_eroute(struct state *st, struct spd_route *sr, /* compute a (host-order!) SPI to implement the policy in connection c */ ipsec_spi_t -shunt_policy_spi(struct connection *c, bool prospective) +shunt_policy_spi(connection_t *c, bool prospective) { /* note: these are in host order :-( */ static const ipsec_spi_t shunt_spi[] = @@ -1256,7 +1295,7 @@ shunt_policy_spi(struct connection *c, bool prospective) * If negotiation has failed, the choice between %trap/%pass/%drop/%reject * is specified in the policy of connection c. */ -static bool shunt_eroute(struct connection *c, struct spd_route *sr, +static bool shunt_eroute(connection_t *c, struct spd_route *sr, enum routing_t rt_kind, unsigned int op, const char *opname) { @@ -1316,7 +1355,7 @@ static bool shunt_eroute(struct connection *c, struct spd_route *sr, { /* maybe we are uneclipsing something */ struct spd_route *esr; - struct connection *ue = eclipsed(c, &esr); + connection_t *ue = eclipsed(c, &esr); if (ue != NULL) { @@ -1359,15 +1398,20 @@ static const char *read_proto(const char * s, size_t * len, int * transport_prot l = *len; p = memchr(s, ':', l); - if (p == 0) { + if (p == 0) + { *transport_proto = 0; return 0; } ugh = ttoul(p+1, l-((p-s)+1), 10, &proto); if (ugh != 0) + { return ugh; + } if (proto > 65535) + { return "protocol number is too large, legal range is 0-65535"; + } *len = p-s; *transport_proto = proto; return 0; @@ -1429,7 +1473,9 @@ void scan_proc_shunts(void) f = fopen(procname, "r"); if (f == NULL) + { return; + } /* for each line... */ for (lino = 1; ; lino++) @@ -1445,7 +1491,9 @@ void scan_proc_shunts(void) cp = fgets(buf, sizeof(buf), f); if (cp == NULL) + { break; + } /* break out each field * Note: if there are too many fields, just stop; @@ -1461,7 +1509,9 @@ void scan_proc_shunts(void) field[fi] = chunk_create(cp, w); cp += w; if (w == 0) + { break; + } } /* This odd do-hickey is to share error reporting code. @@ -1473,9 +1523,13 @@ void scan_proc_shunts(void) * check if things are as they should be. */ if (fi == 5) + { ff = &field[0]; /* old form, with no count */ + } else if (fi == 6) + { ff = &field[1]; /* new form, with count */ + } else { ugh = "has wrong number of fields"; @@ -1501,7 +1555,9 @@ void scan_proc_shunts(void) context = "count field is malformed: "; ugh = ttoul(field[0].ptr, field[0].len, 10, &eri.count); if (ugh != NULL) + { break; + } } /* our client */ @@ -1509,21 +1565,27 @@ void scan_proc_shunts(void) context = "source subnet field malformed: "; ugh = ttosubnet(ff[0].ptr, ff[0].len, AF_INET, &eri.ours); if (ugh != NULL) + { break; + } /* his client */ context = "destination subnet field malformed: "; ugh = ttosubnet(ff[2].ptr, ff[2].len, AF_INET, &eri.his); if (ugh != NULL) + { break; + } /* SAID */ context = "SA ID field malformed: "; ugh = read_proto(ff[4].ptr, &ff[4].len, &eri.transport_proto); if (ugh != NULL) + { break; + } ugh = ttosa(ff[4].ptr, ff[4].len, &eri.said); } while (FALSE); @@ -1666,7 +1728,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) { /* Build an inbound or outbound SA */ - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; ip_subnet src, dst; ip_subnet src_client, dst_client; ipsec_spi_t inner_spi = 0; @@ -1738,9 +1800,13 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) ipip_spi = htonl(++last_tunnel_spi); if (inbound) + { st->st_tunnel_in_spi = ipip_spi; + } else + { st->st_tunnel_out_spi = ipip_spi; + } } set_text_said(text_said @@ -1797,10 +1863,10 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) said_next->text_said = text_said; if (!kernel_ops->add_sa(said_next, replace)) + { goto fail; - + } said_next++; - encapsulation = ENCAPSULATION_MODE_TRANSPORT; } @@ -1861,7 +1927,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (ei == &esp_info[countof(esp_info)]) { /* Check for additional kernel alg */ - if ((ei=kernel_alg_esp_info(st->st_esp.attrs.transid, + if ((ei=kernel_alg_esp_info(st->st_esp.attrs.transid, st->st_esp.attrs.auth))!=NULL) { break; @@ -1873,7 +1939,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) * assuming the name will be found. */ loglog(RC_LOG_SERIOUS, "ESP transform %s / auth %s not implemented yet" - , enum_name(&esp_transformid_names, st->st_esp.attrs.transid) + , enum_name(&esp_transform_names, st->st_esp.attrs.transid) , enum_name(&auth_alg_names, st->st_esp.attrs.auth)); goto fail; } @@ -1892,7 +1958,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (key_len > ei->enckeylen) { loglog(RC_LOG_SERIOUS, "ESP transform %s passed key_len=%d > %d", - enum_name(&esp_transformid_names, st->st_esp.attrs.transid), + enum_name(&esp_transform_names, st->st_esp.attrs.transid), (int)key_len, (int)ei->enckeylen); goto fail; } @@ -1906,7 +1972,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) { case ESP_3DES: /* 168 bits in kernel, need 192 bits for keymat_len */ - if (key_len == 21) + if (key_len == 21) { key_len = 24; } @@ -1914,7 +1980,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) case ESP_DES: /* 56 bits in kernel, need 64 bits for keymat_len */ if (key_len == 7) - { + { key_len = 8; } break; @@ -1930,7 +1996,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) key_len += 4; break; default: - break; + break; } /* divide up keying material */ @@ -2032,7 +2098,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) { struct pfkey_proto_info proto_info[4]; int i = 0; - + if (st->st_ipcomp.present) { proto_info[i].proto = IPPROTO_COMP; @@ -2040,7 +2106,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) proto_info[i].reqid = c->spd.reqid + 2; i++; } - + if (st->st_esp.present) { proto_info[i].proto = IPPROTO_ESP; @@ -2048,7 +2114,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) proto_info[i].reqid = c->spd.reqid + 1; i++; } - + if (st->st_ah.present) { proto_info[i].proto = IPPROTO_AH; @@ -2056,9 +2122,9 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) proto_info[i].reqid = c->spd.reqid; i++; } - + proto_info[i].proto = 0; - + if (kernel_ops->inbound_eroute && encapsulation == ENCAPSULATION_MODE_TUNNEL) { @@ -2068,7 +2134,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) proto_info[i].encapsulation = ENCAPSULATION_MODE_TRANSPORT; } } - + /* MCR - should be passed a spd_eroute structure here */ (void) raw_eroute(&c->spd.that.host_addr, &c->spd.that.client , &c->spd.this.host_addr, &c->spd.this.client @@ -2079,11 +2145,11 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) } /* If there are multiple SPIs, group them. */ - + if (kernel_ops->grp_sa && said_next > &said[1]) { struct kernel_sa *s; - + /* group SAs, two at a time, inner to outer (backwards in said[]) * The grouping is by pairs. So if said[] contains ah esp ipip, * the grouping would be ipip:esp, esp:ah. @@ -2095,15 +2161,15 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) text_said1[SATOT_BUF]; /* group s[1] and s[0], in that order */ - + set_text_said(text_said0, s[0].dst, s[0].spi, s[0].proto); set_text_said(text_said1, s[1].dst, s[1].spi, s[1].proto); - + DBG(DBG_KLIPS, DBG_log("grouping %s and %s", text_said1, text_said0)); - + s[0].text_said = text_said0; s[1].text_said = text_said1; - + if (!kernel_ops->grp_sa(s + 1, s)) { goto fail; @@ -2135,7 +2201,7 @@ static bool teardown_half_ipsec_sa(struct state *st, bool inbound) * so deleting any one will do. So we just delete the * first one found. It may or may not be the only one. */ - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; struct { unsigned proto; struct ipsec_proto_info *info; @@ -2227,7 +2293,7 @@ bool get_sa_info(struct state *st, bool inbound, u_int *bytes, time_t *use_time) { char text_said[SATOT_BUF]; struct kernel_sa sa; - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; *use_time = UNDEFINED_TIME; @@ -2353,7 +2419,7 @@ void init_kernel(void) */ bool install_inbound_ipsec_sa(struct state *st) { - struct connection *const c = st->st_connection; + connection_t *const c = st->st_connection; /* If our peer has a fixed-address client, check if we already * have a route for that client that conflicts. We will take this @@ -2367,7 +2433,7 @@ bool install_inbound_ipsec_sa(struct state *st) for (;;) { struct spd_route *esr; - struct connection *o = route_owner(c, &esr, NULL, NULL); + connection_t *o = route_owner(c, &esr, NULL, NULL); if (o == NULL) { @@ -2417,20 +2483,20 @@ bool install_inbound_ipsec_sa(struct state *st) * Any SA Group must have already been created. * On failure, steps will be unwound. */ -bool route_and_eroute(struct connection *c USED_BY_KLIPS, +bool route_and_eroute(connection_t *c USED_BY_KLIPS, struct spd_route *sr USED_BY_KLIPS, struct state *st USED_BY_KLIPS) { #ifdef KLIPS struct spd_route *esr; struct spd_route *rosr; - struct connection *ero /* who, if anyone, owns our eroute? */ + connection_t *ero /* who, if anyone, owns our eroute? */ , *ro = route_owner(c, &rosr, &ero, &esr); bool eroute_installed = FALSE , firewall_notified = FALSE , route_installed = FALSE; - struct connection *ero_top; + connection_t *ero_top; struct bare_shunt **bspp; DBG(DBG_CONTROLMORE, @@ -2438,7 +2504,7 @@ bool route_and_eroute(struct connection *c USED_BY_KLIPS, , c->name , (c->policy_next ? c->policy_next->name : "none") , ero ? ero->name : "null" - , esr + , esr , ro ? ro->name : "null" , rosr , st ? st->st_serialno : 0)); @@ -2472,11 +2538,14 @@ bool route_and_eroute(struct connection *c USED_BY_KLIPS, /* if no state provided, then install a shunt for later */ if (st == NULL) + { eroute_installed = shunt_eroute(c, sr, RT_ROUTED_PROSPECTIVE , ERO_REPLACE, "replace"); + } else + { eroute_installed = sag_eroute(st, sr, ERO_REPLACE, "replace"); - + } #if 0 /* XXX - MCR. I previously felt that this was a bogus check */ if (ero != NULL && ero != c && esr != sr) @@ -2588,7 +2657,7 @@ bool route_and_eroute(struct connection *c USED_BY_KLIPS, else if (ero != NULL && ero != c) { /* check if ero is an ancestor of c. */ - struct connection *ero2; + connection_t *ero2; for (ero2 = c; ero2 != NULL && ero2 != c; ero2 = ero2->policy_next) ; @@ -2788,7 +2857,7 @@ void delete_ipsec_sa(struct state *st USED_BY_KLIPS, /* If the state is the eroute owner, we must adjust * the routing for the connection. */ - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; struct spd_route *sr; passert(st->st_connection); @@ -2837,9 +2906,9 @@ void delete_ipsec_sa(struct state *st USED_BY_KLIPS, #ifdef KLIPS static bool update_nat_t_ipsec_esp_sa (struct state *st, bool inbound) { - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; char text_said[SATOT_BUF]; - struct kernel_sa sa; + struct kernel_sa sa; ip_address src = inbound? c->spd.that.host_addr : c->spd.this.host_addr, dst = inbound? c->spd.this.host_addr : c->spd.that.host_addr; @@ -2924,7 +2993,7 @@ bool was_eroute_idle(struct state *st, time_t idle_max, time_t *idle_time) ret = *idle_time >= idle_max; } } - else + else { while (f != NULL) { diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c index 7e7d25872..bf67315e6 100644 --- a/src/pluto/kernel_alg.c +++ b/src/pluto/kernel_alg.c @@ -90,7 +90,7 @@ static struct sadb_alg* sadb_alg_ptr (int satype, int exttype, int alg_id, default: return NULL; } - + return alg_p; } @@ -154,7 +154,7 @@ bool kernel_alg_esp_enc_ok(u_int alg_id, u_int key_len, if (!ret) goto out; alg_p = &esp_ealg[alg_id]; - + /* * test #2: if key_len specified, it must be in range */ @@ -195,8 +195,8 @@ out: return ret; } -/* - * ML: make F_STRICT logic consider enc,auth algorithms +/* + * ML: make F_STRICT logic consider enc,auth algorithms */ bool kernel_alg_esp_ok_final(u_int ealg, u_int key_len, u_int aalg, struct alg_info_esp *alg_info) @@ -237,14 +237,14 @@ bool kernel_alg_esp_ok_final(u_int ealg, u_int key_len, u_int aalg, { loglog(RC_LOG_SERIOUS , "You should NOT use insecure ESP algorithms [%s (%d)]!" - , enum_name(&esp_transformid_names, ealg), key_len); + , enum_name(&esp_transform_names, ealg), key_len); } return TRUE; } } } plog("IPSec Transform [%s (%d), %s] refused due to %s", - enum_name(&esp_transformid_names, ealg), key_len, + enum_name(&esp_transform_names, ealg), key_len, enum_name(&auth_alg_names, aalg), ealg_insecure ? "insecure key_len and enc. alg. not listed in \"esp\" string" : "strict flag"); return FALSE; @@ -252,7 +252,7 @@ bool kernel_alg_esp_ok_final(u_int ealg, u_int key_len, u_int aalg, return TRUE; } -/** +/** * Load kernel_alg arrays from /proc used in manual mode from klips/utils/spi.c */ int kernel_alg_proc_read(void) @@ -312,7 +312,7 @@ int kernel_alg_proc_read(void) return 0; } -/** +/** * Load kernel_alg arrays pluto's SADB_REGISTER user by pluto/kernel.c */ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen) @@ -380,6 +380,7 @@ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen) ) /* if AES_CBC is registered then also register AES_CCM and AES_GCM */ if (satype == SADB_SATYPE_ESP && + supp_exttype == SADB_EXT_SUPPORTED_ENCRYPT && sadb.alg->sadb_alg_id == SADB_X_EALG_AESCBC) { struct sadb_alg alg = *sadb.alg; @@ -395,6 +396,16 @@ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen) } } } + /* if SHA2_256 is registered then also register SHA2_256_96 */ + if (satype == SADB_SATYPE_ESP && + supp_exttype == SADB_EXT_SUPPORTED_AUTH && + sadb.alg->sadb_alg_id == SADB_X_AALG_SHA2_256HMAC) + { + struct sadb_alg alg = *sadb.alg; + + alg.sadb_alg_id = SADB_X_AALG_SHA2_256_96HMAC; + kernel_alg_add(satype, supp_exttype, &alg); + } } } } @@ -422,7 +433,7 @@ u_int kernel_alg_esp_enc_keylen(u_int alg_id) break; } -none: +none: DBG(DBG_KLIPS, DBG_log("kernel_alg_esp_enc_keylen(): alg_id=%d, keylen=%d", alg_id, keylen) @@ -461,7 +472,7 @@ void kernel_alg_list(void) if (ESP_EALG_PRESENT(sadb_id)) { n = snprintf(pos, len, " %s", - enum_name(&esp_transformid_names, sadb_id)); + enum_name(&esp_transform_names, sadb_id)); pos += n; len -= n; if (len <= 0) @@ -471,7 +482,7 @@ void kernel_alg_list(void) } } whack_log(RC_COMMENT, " encryption:%s", buf); - + pos = buf; *pos = '\0'; len = BUF_LEN; @@ -493,7 +504,7 @@ void kernel_alg_list(void) whack_log(RC_COMMENT, " integrity: %s", buf); } -void kernel_alg_show_connection(struct connection *c, const char *instance) +void kernel_alg_show_connection(connection_t *c, const char *instance) { struct state *st = state_with_serialno(c->newest_ipsec_sa); @@ -502,12 +513,12 @@ void kernel_alg_show_connection(struct connection *c, const char *instance) const char *aalg_name, *pfsgroup_name; aalg_name = (c->policy & POLICY_AUTHENTICATE) ? - enum_show(&ah_transformid_names, st->st_ah.attrs.transid): + enum_show(&ah_transform_names, st->st_ah.attrs.transid): enum_show(&auth_alg_names, st->st_esp.attrs.auth); pfsgroup_name = (c->policy & POLICY_PFS) ? - (c->alg_info_esp->esp_pfsgroup) ? - enum_show(&oakley_group_names, + (c->alg_info_esp && c->alg_info_esp->esp_pfsgroup) ? + enum_show(&oakley_group_names, c->alg_info_esp->esp_pfsgroup) : "" : ""; @@ -516,7 +527,7 @@ void kernel_alg_show_connection(struct connection *c, const char *instance) whack_log(RC_COMMENT, "\"%s\"%s: ESP%s proposal: %s_%u/%s/%s", c->name, instance, (st->st_ah.present) ? "/AH" : "", - enum_show(&esp_transformid_names, st->st_esp.attrs.transid), + enum_show(&esp_transform_names, st->st_esp.attrs.transid), st->st_esp.attrs.key_len, aalg_name, pfsgroup_name); } else @@ -524,7 +535,7 @@ void kernel_alg_show_connection(struct connection *c, const char *instance) whack_log(RC_COMMENT, "\"%s\"%s: ESP%s proposal: %s/%s/%s", c->name, instance, (st->st_ah.present) ? "/AH" : "", - enum_show(&esp_transformid_names, st->st_esp.attrs.transid), + enum_show(&esp_transform_names, st->st_esp.attrs.transid), aalg_name, pfsgroup_name); } } @@ -634,7 +645,7 @@ static bool kernel_alg_db_add(struct db_context *db_ctx, DBG_log("kernel_alg_db_add() kernel enc ealg_id=%d not present", ealg_id); return FALSE; } - + if (!(policy & POLICY_AUTHENTICATE) && /* skip ESP auth attrs for AH */ esp_info->esp_aalg_id != AUTH_ALGORITHM_NONE) { @@ -666,11 +677,11 @@ static bool kernel_alg_db_add(struct db_context *db_ctx, { db_attr_add_values(db_ctx, KEY_LENGTH, esp_info->esp_ealg_keylen); } - + return TRUE; } -/* +/* * Create proposal with runtime kernel algos, merging * with passed proposal if not NULL * @@ -694,12 +705,6 @@ struct db_context* kernel_alg_db_new(struct alg_info_esp *alg_info, /* pass aprox. number of transforms and attributes */ ctx_new = db_prop_new(PROTO_IPSEC_ESP, trans_cnt, trans_cnt * 2); - /* - * Loop: for each element (struct esp_info) of alg_info, - * if kernel support is present then build the transform (and attrs) - * if NULL alg_info, propose everything ... - */ - if (alg_info) { int i; @@ -710,28 +715,6 @@ struct db_context* kernel_alg_db_new(struct alg_info_esp *alg_info, kernel_alg_db_add(ctx_new, &tmp_esp_info, policy); } } - else - { - u_int ealg_id; - - ESP_EALG_FOR_EACH_UPDOWN(ealg_id) - { - u_int aalg_id; - - tmp_esp_info.esp_ealg_id = ealg_id; - tmp_esp_info.esp_ealg_keylen = 0; - - for (aalg_id = 1; aalg_id <= SADB_AALG_MAX; aalg_id++) - { - if (ESP_AALG_PRESENT(aalg_id)) - { - tmp_esp_info.esp_aalg_id = alg_info_esp_sadb2aa(aalg_id); - tmp_esp_info.esp_aalg_keylen = 0; - kernel_alg_db_add(ctx_new, &tmp_esp_info, policy); - } - } - } - } prop = db_prop_get(ctx_new); return ctx_new; } diff --git a/src/pluto/kernel_netlink.c b/src/pluto/kernel_netlink.c index 0376e817b..289714b50 100644 --- a/src/pluto/kernel_netlink.c +++ b/src/pluto/kernel_netlink.c @@ -40,6 +40,11 @@ #include "whack.h" /* for RC_LOG_SERIOUS */ #include "kernel_alg.h" +/** required for Linux 2.6.26 kernel and later */ +#ifndef XFRM_STATE_AF_UNSPEC +#define XFRM_STATE_AF_UNSPEC 32 +#endif + /* Minimum priority number in SPD used by pluto. */ #define MIN_SPD_PRIORITY 1024 @@ -80,15 +85,15 @@ static sparse_names xfrm_type_names = { /* Authentication algorithms */ static sparse_names aalg_list = { - { SADB_X_AALG_NULL, "digest_null" }, - { SADB_AALG_MD5HMAC, "md5" }, - { SADB_AALG_SHA1HMAC, "sha1" }, - { SADB_X_AALG_SHA2_256HMAC, "sha256" }, - { SADB_X_AALG_SHA2_384HMAC, "sha384" }, - { SADB_X_AALG_SHA2_512HMAC, "sha512" }, - { SADB_X_AALG_RIPEMD160HMAC, "ripemd160" }, - { SADB_X_AALG_AES_XCBC_MAC, "xcbc(aes)"}, - { SADB_X_AALG_NULL, "null" }, + { SADB_X_AALG_NULL, "digest_null" }, + { SADB_AALG_MD5HMAC, "md5" }, + { SADB_AALG_SHA1HMAC, "sha1" }, + { SADB_X_AALG_SHA2_256_96HMAC, "sha256" }, + { SADB_X_AALG_SHA2_256HMAC, "hmac(sha256)" }, + { SADB_X_AALG_SHA2_384HMAC, "hmac(sha384)" }, + { SADB_X_AALG_SHA2_512HMAC, "hmac(sha512)" }, + { SADB_X_AALG_RIPEMD160HMAC, "ripemd160" }, + { SADB_X_AALG_AES_XCBC_MAC, "xcbc(aes)"}, { 0, sparse_end } }; @@ -183,7 +188,7 @@ static void init_netlink(void) * @param hdr - Data to be sent. * @param rbuf - Return Buffer - contains data returned from the send. * @param rbuf_len - Length of rbuf - * @param description - String - user friendly description of what is + * @param description - String - user friendly description of what is * being attempted. Used for diagnostics * @param text_said - String * @return bool True if the message was succesfully sent. @@ -343,6 +348,7 @@ static bool netlink_policy(struct nlmsghdr *hdr, bool enoent_ok, struct { struct nlmsghdr n; struct nlmsgerr e; + char data[1024]; } rsp; int error; @@ -382,7 +388,7 @@ static bool netlink_policy(struct nlmsghdr *hdr, bool enoent_ok, * @param proto int (Currently unused) Contains protocol (u=tcp, 17=udp, etc...) * @param transport_proto int (Currently unused) 0=tunnel, 1=transport * @param satype int - * @param proto_info + * @param proto_info * @param lifetime (Currently unused) * @param ip int * @return boolean True if successful @@ -518,9 +524,9 @@ static bool netlink_raw_eroute(const ip_address *this_host tmpl[i].optional = proto_info[i].proto == IPPROTO_COMP && dir != XFRM_POLICY_OUT; tmpl[i].aalgos = tmpl[i].ealgos = tmpl[i].calgos = ~0; + tmpl[i].family = that_host->u.v4.sin_family; tmpl[i].mode = proto_info[i].encapsulation == ENCAPSULATION_MODE_TUNNEL; - if (!tmpl[i].mode) { continue; @@ -590,7 +596,7 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace) char data[1024]; } req; struct rtattr *attr; - u_int16_t icv_size = 64; + u_int16_t icv_size = 64; memset(&req, 0, sizeof(req)); req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; @@ -602,7 +608,15 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace) req.p.id.spi = sa->spi; req.p.id.proto = satype2proto(sa->satype); req.p.family = sa->src->u.v4.sin_family; - req.p.mode = (sa->encapsulation == ENCAPSULATION_MODE_TUNNEL); + if (sa->encapsulation == ENCAPSULATION_MODE_TUNNEL) + { + req.p.mode = XFRM_MODE_TUNNEL; + req.p.flags |= XFRM_STATE_AF_UNSPEC; + } + else + { + req.p.mode = XFRM_MODE_TRANSPORT; + } req.p.replay_window = sa->replay_window; req.p.reqid = sa->reqid; req.p.lft.soft_byte_limit = XFRM_INF; @@ -616,7 +630,6 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace) if (sa->authalg) { - struct xfrm_algo algo; const char *name; name = sparse_name(aalg_list, sa->authalg); @@ -632,16 +645,37 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace) sa->authkeylen * BITS_PER_BYTE) ) - strcpy(algo.alg_name, name); - algo.alg_key_len = sa->authkeylen * BITS_PER_BYTE; + if (sa->authalg == SADB_X_AALG_SHA2_256HMAC) + { + struct xfrm_algo_auth algo; - attr->rta_type = XFRMA_ALG_AUTH; - attr->rta_len = RTA_LENGTH(sizeof(algo) + sa->authkeylen); + /* the kernel uses SHA256 with 96 bit truncation by default, + * use specified truncation size supported by newer kernels */ + strcpy(algo.alg_name, name); + algo.alg_key_len = sa->authkeylen * BITS_PER_BYTE; + algo.alg_trunc_len = 128; - memcpy(RTA_DATA(attr), &algo, sizeof(algo)); - memcpy((char *)RTA_DATA(attr) + sizeof(algo), sa->authkey - , sa->authkeylen); + attr->rta_type = XFRMA_ALG_AUTH_TRUNC; + attr->rta_len = RTA_LENGTH(sizeof(algo) + sa->authkeylen); + + memcpy(RTA_DATA(attr), &algo, sizeof(algo)); + memcpy((char *)RTA_DATA(attr) + sizeof(algo), sa->authkey + , sa->authkeylen); + } + else + { + struct xfrm_algo algo; + + strcpy(algo.alg_name, name); + algo.alg_key_len = sa->authkeylen * BITS_PER_BYTE; + attr->rta_type = XFRMA_ALG_AUTH; + attr->rta_len = RTA_LENGTH(sizeof(algo) + sa->authkeylen); + + memcpy(RTA_DATA(attr), &algo, sizeof(algo)); + memcpy((char *)RTA_DATA(attr) + sizeof(algo), sa->authkey + , sa->authkeylen); + } req.n.nlmsg_len += attr->rta_len; attr = (struct rtattr *)((char *)attr + attr->rta_len); } @@ -674,19 +708,19 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace) } DBG(DBG_CRYPT, DBG_log("configured esp encryption algorithm %s with key size %d", - enum_show(&esp_transformid_names, sa->encalg), + enum_show(&esp_transform_names, sa->encalg), sa->enckeylen * BITS_PER_BYTE) ) attr->rta_type = XFRMA_ALG_AEAD; attr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_aead) + sa->enckeylen); req.n.nlmsg_len += attr->rta_len; - + algo = (struct xfrm_algo_aead*)RTA_DATA(attr); algo->alg_key_len = sa->enckeylen * BITS_PER_BYTE; algo->alg_icv_len = icv_size; strcpy(algo->alg_name, name); memcpy(algo->alg_key, sa->enckey, sa->enckeylen); - + attr = (struct rtattr *)((char *)attr + attr->rta_len); break; } @@ -704,7 +738,7 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace) } DBG(DBG_CRYPT, DBG_log("configured esp encryption algorithm %s with key size %d", - enum_show(&esp_transformid_names, sa->encalg), + enum_show(&esp_transform_names, sa->encalg), sa->enckeylen * BITS_PER_BYTE) ) attr->rta_type = XFRMA_ALG_CRYPT; @@ -962,7 +996,7 @@ static void linux_pfkey_register(void) /** Create ip_address out of xfrm_address_t. * - * @param family + * @param family * @param src xfrm formatted IP address * @param dst ip_address formatted destination * @return err_t NULL if okay, otherwise an error @@ -1001,7 +1035,7 @@ static err_t xfrm_sel_to_ip_pair(const struct xfrm_selector *sel, if ((ugh = xfrm_to_ip_address(family, &sel->saddr, src)) || (ugh = xfrm_to_ip_address(family, &sel->daddr, dst))) - { + { return ugh; } diff --git a/src/pluto/kernel_noklips.c b/src/pluto/kernel_noklips.c index 82a6ab648..e99efe062 100644 --- a/src/pluto/kernel_noklips.c +++ b/src/pluto/kernel_noklips.c @@ -107,7 +107,7 @@ noklips_del_sa(const struct kernel_sa *sa UNUSED) const struct kernel_ops noklips_kernel_ops = { type: KERNEL_TYPE_NONE, async_fdp: NULL, - + init: init_noklips, pfkey_register: noklips_register, pfkey_register_response: noklips_register_response, diff --git a/src/pluto/kernel_pfkey.c b/src/pluto/kernel_pfkey.c index 7ac405fd4..99ba4ff30 100644 --- a/src/pluto/kernel_pfkey.c +++ b/src/pluto/kernel_pfkey.c @@ -73,7 +73,7 @@ static sparse_names pfkey_type_names = { NE(SADB_X_DELFLOW), NE(SADB_X_DEBUG), NE(SADB_X_NAT_T_NEW_MAPPING), - NE(SADB_MAX), + NE(SADB_MAX), { 0, sparse_end } }; @@ -531,7 +531,7 @@ pfkeyext_protocol(int transport_proto , const char *text_said , struct sadb_ext *extensions[SADB_EXT_MAX + 1]) { - return (transport_proto == 0)? TRUE + return (transport_proto == 0)? TRUE : pfkey_build( pfkey_x_protocol_build(extensions + SADB_X_EXT_PROTOCOL, transport_proto) , description, text_said, extensions); diff --git a/src/pluto/keys.c b/src/pluto/keys.c index 516872e8e..8cf28ace1 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -36,12 +36,11 @@ #include #include +#include #include "constants.h" #include "defs.h" -#include "id.h" #include "x509.h" -#include "pgpcert.h" #include "certs.h" #include "smartcard.h" #include "connections.h" @@ -61,7 +60,7 @@ const char *shared_secrets_file = SHARED_SECRETS_FILE; typedef struct id_list id_list_t; struct id_list { - struct id id; + identification_t *id; id_list_t *next; }; @@ -84,9 +83,9 @@ struct secret { */ static void free_public_key(pubkey_t *pk) { + DESTROY_IF(pk->id); DESTROY_IF(pk->public_key); - free_id_content(&pk->id); - free(pk->issuer.ptr); + DESTROY_IF(pk->issuer); free(pk->serial.ptr); free(pk); } @@ -97,7 +96,7 @@ secret_t *secrets = NULL; * me and the peer. We match the Id (if none, the IP address). * Failure is indicated by a NULL. */ -static const secret_t* get_secret(const struct connection *c, +static const secret_t* get_secret(const connection_t *c, enum PrivateKeyKind kind, bool asym) { enum { /* bits */ @@ -109,14 +108,14 @@ static const secret_t* get_secret(const struct connection *c, unsigned int best_match = 0; secret_t *best = NULL; secret_t *s; - const struct id *my_id = &c->spd.this.id - , *his_id = &c->spd.that.id; - struct id rw_id; + identification_t *my_id, *his_id; /* is there a certificate assigned to this connection? */ - if (kind == PPK_PUBKEY && c->spd.this.cert.type != CERT_NONE) + if (kind == PPK_PUBKEY && c->spd.this.cert) { - public_key_t *pub_key = cert_get_public_key(c->spd.this.cert); + certificate_t *certificate = c->spd.this.cert->cert; + + public_key_t *pub_key = certificate->get_public_key(certificate); for (s = secrets; s != NULL; s = s->next) { @@ -127,26 +126,28 @@ static const secret_t* get_secret(const struct connection *c, break; /* we have found the private key - no sense in searching further */ } } + pub_key->destroy(pub_key); return best; } + my_id = c->spd.this.id; + if (his_id_was_instantiated(c)) { /* roadwarrior: replace him with 0.0.0.0 */ - rw_id.kind = c->spd.that.id.kind; - rw_id.name = chunk_empty; - happy(anyaddr(addrtypeof(&c->spd.that.host_addr), &rw_id.ip_addr)); - his_id = &rw_id; + his_id = identification_create_from_string("%any"); } - else if (kind == PPK_PSK - && (c->policy & (POLICY_PSK | POLICY_XAUTH_PSK)) - && ((c->kind == CK_TEMPLATE && c->spd.that.id.kind == ID_ANY) || - (c->kind == CK_INSTANCE && id_is_ipaddr(&c->spd.that.id)))) + else if (kind == PPK_PSK && (c->policy & (POLICY_PSK | POLICY_XAUTH_PSK)) && + ((c->kind == CK_TEMPLATE && + c->spd.that.id->get_type(c->spd.that.id) == ID_ANY) || + (c->kind == CK_INSTANCE && id_is_ipaddr(c->spd.that.id)))) { /* roadwarrior: replace him with 0.0.0.0 */ - rw_id.kind = ID_IPV4_ADDR; - happy(anyaddr(addrtypeof(&c->spd.that.host_addr), &rw_id.ip_addr)); - his_id = &rw_id; + his_id = identification_create_from_string("%any"); + } + else + { + his_id = c->spd.that.id->clone(c->spd.that.id); } for (s = secrets; s != NULL; s = s->next) @@ -169,11 +170,11 @@ static const secret_t* get_secret(const struct connection *c, for (i = s->ids; i != NULL; i = i->next) { - if (same_id(my_id, &i->id)) + if (my_id->equals(my_id, i->id)) { match |= match_me; } - if (same_id(his_id, &i->id)) + if (his_id->equals(his_id, i->id)) { match |= match_him; } @@ -239,6 +240,7 @@ static const secret_t* get_secret(const struct connection *c, } } } + his_id->destroy(his_id); return best; } @@ -246,7 +248,7 @@ static const secret_t* get_secret(const struct connection *c, * Failure is indicated by a NULL pointer. * Note: the result is not to be freed by the caller. */ -const chunk_t* get_preshared_secret(const struct connection *c) +const chunk_t* get_preshared_secret(const connection_t *c) { const secret_t *s = get_secret(c, PPK_PSK, FALSE); @@ -262,11 +264,11 @@ const chunk_t* get_preshared_secret(const struct connection *c) /* check the existence of a private key matching a public key contained * in an X.509 or OpenPGP certificate */ -bool has_private_key(cert_t cert) +bool has_private_key(cert_t *cert) { secret_t *s; bool has_key = FALSE; - public_key_t *pub_key = cert_get_public_key(cert); + public_key_t *pub_key = cert->cert->get_public_key(cert->cert); for (s = secrets; s != NULL; s = s->next) { @@ -277,31 +279,37 @@ bool has_private_key(cert_t cert) break; } } + pub_key->destroy(pub_key); return has_key; } /* * get the matching private key belonging to a given X.509 certificate */ -private_key_t* get_x509_private_key(const x509cert_t *cert) +private_key_t* get_x509_private_key(const cert_t *cert) { + public_key_t *public_key = cert->cert->get_public_key(cert->cert); + private_key_t *private_key = NULL; secret_t *s; for (s = secrets; s != NULL; s = s->next) { + if (s->kind == PPK_PUBKEY && - s->u.private_key->belongs_to(s->u.private_key, cert->public_key)) + s->u.private_key->belongs_to(s->u.private_key, public_key)) { - return s->u.private_key; + private_key = s->u.private_key; + break; } } - return NULL; + public_key->destroy(public_key); + return private_key; } /* find the appropriate private key (see get_secret). * Failure is indicated by a NULL pointer. */ -private_key_t* get_private_key(const struct connection *c) +private_key_t* get_private_key(const connection_t *c) { const secret_t *s = get_secret(c, PPK_PUBKEY, TRUE); @@ -392,7 +400,7 @@ enum rsa_private_key_part_t { RSA_PART_EXPONENT1 = 5, RSA_PART_EXPONENT2 = 6, RSA_PART_COEFFICIENT = 7 -}; +}; const char *rsa_private_key_part_names[] = { "Modulus", @@ -408,20 +416,17 @@ const char *rsa_private_key_part_names[] = { /** * Parse fields of an RSA private key in BIND 8.2's representation * consistiong of a braced list of keyword and value pairs in required order. - * Conversion into ASN.1 DER encoded PKCS#1 representation. */ static err_t process_rsa_secret(private_key_t **key) { - chunk_t asn1_chunk[countof(rsa_private_key_part_names)]; - chunk_t pkcs1_chunk; + chunk_t rsa_chunk[countof(rsa_private_key_part_names)]; u_char buf[RSA_MAX_ENCODING_BYTES]; /* limit on size of binary representation of key */ rsa_private_key_part_t part, p; - size_t sz, len = 0; + size_t sz; err_t ugh; for (part = RSA_PART_MODULUS; part <= RSA_PART_COEFFICIENT; part++) { - chunk_t rsa_private_key_part; const char *keyword = rsa_private_key_part_names[part]; if (!shift()) @@ -448,9 +453,8 @@ static err_t process_rsa_secret(private_key_t **key) part++; goto end; } - rsa_private_key_part = chunk_create(buf, sz); - asn1_chunk[part] = asn1_integer("c", rsa_private_key_part); - len += asn1_chunk[part].len; + rsa_chunk[part] = chunk_create(buf, sz); + rsa_chunk[part] = chunk_clone(rsa_chunk[part]); } /* We require an (indented) '}' and the end of the record. @@ -468,21 +472,17 @@ static err_t process_rsa_secret(private_key_t **key) goto end; } - pkcs1_chunk = asn1_wrap(ASN1_SEQUENCE, "ccccccccc", - ASN1_INTEGER_0, - asn1_chunk[RSA_PART_MODULUS], - asn1_chunk[RSA_PART_PUBLIC_EXPONENT], - asn1_chunk[RSA_PART_PRIVATE_EXPONENT], - asn1_chunk[RSA_PART_PRIME1], - asn1_chunk[RSA_PART_PRIME2], - asn1_chunk[RSA_PART_EXPONENT1], - asn1_chunk[RSA_PART_EXPONENT2], - asn1_chunk[RSA_PART_COEFFICIENT]); - *key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, pkcs1_chunk, - BUILD_END); - free(pkcs1_chunk.ptr); + BUILD_RSA_MODULUS, rsa_chunk[RSA_PART_MODULUS], + BUILD_RSA_PUB_EXP, rsa_chunk[RSA_PART_PUBLIC_EXPONENT], + BUILD_RSA_PRIV_EXP, rsa_chunk[RSA_PART_PRIVATE_EXPONENT], + BUILD_RSA_PRIME1, rsa_chunk[RSA_PART_PRIME1], + BUILD_RSA_PRIME2, rsa_chunk[RSA_PART_PRIME2], + BUILD_RSA_EXP1, rsa_chunk[RSA_PART_EXPONENT1], + BUILD_RSA_EXP2, rsa_chunk[RSA_PART_EXPONENT2], + BUILD_RSA_COEFF, rsa_chunk[RSA_PART_COEFFICIENT], + BUILD_END); + if (*key == NULL) { ugh = "parsing of RSA private key failed"; @@ -492,9 +492,9 @@ end: /* clean up and return */ for (p = RSA_PART_MODULUS ; p < part; p++) { - free(asn1_chunk[p].ptr); + chunk_clear(&rsa_chunk[p]); } - return ugh; + return ugh; } /** @@ -722,7 +722,7 @@ static err_t process_pin(secret_t *s, int whackfd) } } else - { + { /* we read the pin directly from ipsec.secrets */ err_t ugh = process_psk_secret(&sc->pin); if (ugh != NULL) @@ -762,16 +762,12 @@ static void log_psk(secret_t *s) { do { - n += idtoa(&id_list->id, buf + n, BUF_LEN - n); + n += snprintf(buf + n, BUF_LEN - n, "%Y ", id_list->id); if (n >= BUF_LEN) { n = BUF_LEN - 1; break; } - else if (n < BUF_LEN - 1) - { - n += snprintf(buf + n, BUF_LEN - n, " "); - } id_list = id_list->next; } while (id_list); @@ -948,42 +944,12 @@ static void process_secret_records(int whackfd) /* an id * See RFC2407 IPsec Domain of Interpretation 4.6.2 */ - struct id id; - err_t ugh; + id_list_t *i = malloc_thing(id_list_t); - if (tokeq("%any")) - { - id = empty_id; - id.kind = ID_IPV4_ADDR; - ugh = anyaddr(AF_INET, &id.ip_addr); - } - else if (tokeq("%any6")) - { - id = empty_id; - id.kind = ID_IPV6_ADDR; - ugh = anyaddr(AF_INET6, &id.ip_addr); - } - else - { - ugh = atoid(tok, &id, FALSE); - } + i->id = identification_create_from_string(tok); + i->next = s->ids; + s->ids = i; - if (ugh != NULL) - { - loglog(RC_LOG_SERIOUS - , "ERROR \"%s\" line %d: index \"%s\" %s" - , flp->filename, flp->lino, tok, ugh); - } - else - { - id_list_t *i = malloc_thing(id_list_t); - - i->id = id; - unshare_id_content(&i->id); - i->next = s->ids; - s->ids = i; - /* DBG_log("id type %d: %s %.*s", i->kind, ip_str(&i->ip_addr), (int)i->name.len, i->name.ptr); */ - } if (!shift()) { /* unexpected Record Boundary or EOF */ @@ -1071,11 +1037,11 @@ void free_preshared_secrets(void) { id_list_t *i, *ni; - ns = s->next; /* grab before freeing s */ + ns = s->next; for (i = s->ids; i != NULL; i = ni) { - ni = i->next; /* grab before freeing i */ - free_id_content(&i->id); + ni = i->next; + i->id->destroy(i->id); free(i); } switch (s->kind) @@ -1119,8 +1085,8 @@ pubkey_t* public_key_from_rsa(public_key_t *key) pubkey_t *p = malloc_thing(pubkey_t); zero(p); - p->id = empty_id; /* don't know, doesn't matter */ - p->issuer = chunk_empty; + p->id = identification_create_from_string("%any"); /* don't know, doesn't matter */ + p->issuer = NULL; p->serial = chunk_empty; p->public_key = key; @@ -1128,7 +1094,6 @@ pubkey_t* public_key_from_rsa(public_key_t *key) * invariant: recount > 0. */ p->refcnt = 1; - time(&p->installed_time); return p; } @@ -1207,25 +1172,14 @@ static void install_public_key(pubkey_t *pk, pubkey_list_t **head) { pubkey_list_t *p = malloc_thing(pubkey_list_t); - unshare_id_content(&pk->id); - - /* copy issuer dn */ - pk->issuer = chunk_clone(pk->issuer); - - /* copy serial number */ - pk->serial = chunk_clone(pk->serial); - - /* store the time the public key was installed */ - time(&pk->installed_time); - /* install new key at front */ p->key = reference_key(pk); p->next = *head; *head = p; } -void delete_public_keys(const struct id *id, key_type_t type, - chunk_t issuer, chunk_t serial) +void delete_public_keys(identification_t *id, key_type_t type, + identification_t *issuer, chunk_t serial) { pubkey_list_t **pp, *p; pubkey_t *pk; @@ -1236,10 +1190,10 @@ void delete_public_keys(const struct id *id, key_type_t type, pk = p->key; pk_type = pk->public_key->get_type(pk->public_key); - if (same_id(id, &pk->id) && pk_type == type - && (issuer.ptr == NULL || pk->issuer.ptr == NULL - || same_dn(issuer, pk->issuer)) - && same_serial(serial, pk->serial)) + if (id->equals(id, pk->id) && pk_type == type + && (issuer == NULL || pk->issuer == NULL + || issuer->equals(issuer, pk->issuer)) + && (serial.ptr == NULL || chunk_equals(serial, pk->serial))) { *pp = free_public_keyentry(p); } @@ -1252,25 +1206,26 @@ void delete_public_keys(const struct id *id, key_type_t type, pubkey_t* reference_key(pubkey_t *pk) { + DBG(DBG_CONTROLMORE, + DBG_log(" ref key: %p %p cnt %d '%Y'", + pk, pk->public_key, pk->refcnt, pk->id) + ) pk->refcnt++; return pk; } -void -unreference_key(pubkey_t **pkp) +void unreference_key(pubkey_t **pkp) { pubkey_t *pk = *pkp; - char b[BUF_LEN]; if (pk == NULL) { return; } - /* print stuff */ DBG(DBG_CONTROLMORE, - idtoa(&pk->id, b, sizeof(b)); - DBG_log("unreference key: %p %s cnt %d--", pk, b, pk->refcnt) + DBG_log("unref key: %p %p cnt %d '%Y'", + pk, pk->public_key, pk->refcnt, pk->id) ) /* cancel out the pointer */ @@ -1284,7 +1239,7 @@ unreference_key(pubkey_t **pkp) } } -bool add_public_key(const struct id *id, enum dns_auth_level dns_auth_level, +bool add_public_key(identification_t *id, enum dns_auth_level dns_auth_level, enum pubkey_alg alg, chunk_t rfc3110_key, pubkey_list_t **head) { @@ -1296,7 +1251,7 @@ bool add_public_key(const struct id *id, enum dns_auth_level dns_auth_level, { case PUBKEY_ALG_RSA: key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - BUILD_BLOB_RFC_3110, rfc3110_key, + BUILD_BLOB_DNSKEY, rfc3110_key, BUILD_END); if (key == NULL) { @@ -1310,90 +1265,97 @@ bool add_public_key(const struct id *id, enum dns_auth_level dns_auth_level, pk = malloc_thing(pubkey_t); zero(pk); pk->public_key = key; - pk->id = *id; + pk->id = id->clone(id); pk->dns_auth_level = dns_auth_level; pk->until_time = UNDEFINED_TIME; - pk->issuer = chunk_empty; + pk->issuer = NULL; pk->serial = chunk_empty; install_public_key(pk, head); return TRUE; } -/* extract id and public key from x.509 certificate and - * insert it into a pubkeyrec +/** + * Extract id and public key a certificate and insert it into a pubkeyrec */ -void add_x509_public_key(x509cert_t *cert , time_t until, - enum dns_auth_level dns_auth_level) +void add_public_key_from_cert(cert_t *cert , time_t until, + enum dns_auth_level dns_auth_level) { - generalName_t *gn; + certificate_t *certificate = cert->cert; + identification_t *subject = certificate->get_subject(certificate); + identification_t *issuer = NULL; + identification_t *id; + chunk_t serialNumber = chunk_empty; pubkey_t *pk; key_type_t pk_type; /* ID type: ID_DER_ASN1_DN (X.509 subject field) */ pk = malloc_thing(pubkey_t); zero(pk); - pk->public_key = cert->public_key->get_ref(cert->public_key); - pk->id.kind = ID_DER_ASN1_DN; - pk->id.name = cert->subject; + pk->public_key = certificate->get_public_key(certificate); + pk_type = pk->public_key->get_type(pk->public_key); + pk->id = subject->clone(subject); pk->dns_auth_level = dns_auth_level; pk->until_time = until; - pk->issuer = cert->issuer; - pk->serial = cert->serialNumber; - pk_type = pk->public_key->get_type(pk->public_key); - delete_public_keys(&pk->id, pk_type, pk->issuer, pk->serial); - install_public_key(pk, &pubkeys); + if (certificate->get_type(certificate) == CERT_X509) + { + x509_t *x509 = (x509_t*)certificate; - gn = cert->subjectAltName; + issuer = certificate->get_issuer(certificate); + serialNumber = x509->get_serial(x509); + pk->issuer = issuer->clone(issuer); + pk->serial = chunk_clone(serialNumber); + } + delete_public_keys(pk->id, pk_type, pk->issuer, pk->serial); + install_public_key(pk, &pubkeys); - while (gn != NULL) /* insert all subjectAltNames */ + if (certificate->get_type(certificate) == CERT_X509) { - struct id id = empty_id; + x509_t *x509 = (x509_t*)certificate; + enumerator_t *enumerator; - gntoid(&id, gn); - if (id.kind != ID_ANY) + /* insert all subjectAltNames from X.509 certificates */ + enumerator = x509->create_subjectAltName_enumerator(x509); + while (enumerator->enumerate(enumerator, &id)) { - pk = malloc_thing(pubkey_t); - zero(pk); - pk->public_key = cert->public_key->get_ref(cert->public_key); - pk->id = id; - pk->dns_auth_level = dns_auth_level; - pk->until_time = until; - pk->issuer = cert->issuer; - pk->serial = cert->serialNumber; - delete_public_keys(&pk->id, pk_type, pk->issuer, pk->serial); - install_public_key(pk, &pubkeys); + if (id->get_type(id) != ID_ANY) + { + pk = malloc_thing(pubkey_t); + zero(pk); + pk->id = id->clone(id); + pk->public_key = certificate->get_public_key(certificate); + pk->dns_auth_level = dns_auth_level; + pk->until_time = until; + pk->issuer = issuer->clone(issuer); + pk->serial = chunk_clone(serialNumber); + delete_public_keys(pk->id, pk_type, pk->issuer, pk->serial); + install_public_key(pk, &pubkeys); + } } - gn = gn->next; + enumerator->destroy(enumerator); + } + else + { + pgp_certificate_t *pgp_cert = (pgp_certificate_t*)certificate; + chunk_t fingerprint = pgp_cert->get_fingerprint(pgp_cert); + + /* add v3 or v4 PGP fingerprint */ + pk = malloc_thing(pubkey_t); + zero(pk); + pk->id = identification_create_from_encoding(ID_KEY_ID, fingerprint); + pk->public_key = certificate->get_public_key(certificate); + pk->dns_auth_level = dns_auth_level; + pk->until_time = until; + delete_public_keys(pk->id, pk_type, pk->issuer, pk->serial); + install_public_key(pk, &pubkeys); } -} - -/* extract id and public key from OpenPGP certificate and - * insert it into a pubkeyrec - */ -void add_pgp_public_key(pgpcert_t *cert , time_t until, - enum dns_auth_level dns_auth_level) -{ - pubkey_t *pk; - key_type_t pk_type; - - pk = malloc_thing(pubkey_t); - zero(pk); - pk->public_key = cert->public_key->get_ref(cert->public_key); - pk->id.kind = ID_KEY_ID; - pk->id.name = cert->fingerprint->get_encoding(cert->fingerprint); - pk->dns_auth_level = dns_auth_level; - pk->until_time = until; - pk_type = pk->public_key->get_type(pk->public_key); - delete_public_keys(&pk->id, pk_type, chunk_empty, chunk_empty); - install_public_key(pk, &pubkeys); } /* when a X.509 certificate gets revoked, all instances of * the corresponding public key must be removed */ -void remove_x509_public_key(const x509cert_t *cert) +void remove_x509_public_key(const cert_t *cert) { - public_key_t *revoked_key = cert->public_key; + public_key_t *revoked_key = cert->cert->get_public_key(cert->cert); pubkey_list_t *p, **pp; p = pubkeys; @@ -1413,6 +1375,7 @@ void remove_x509_public_key(const x509cert_t *cert) } p =*pp; } + revoked_key->destroy(revoked_key); } /* @@ -1426,34 +1389,32 @@ void list_public_keys(bool utc) { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of Public Keys:"); - whack_log(RC_COMMENT, " "); } while (p != NULL) { pubkey_t *key = p->key; public_key_t *public = key->public_key; - identification_t *keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - char buf[BUF_LEN]; + chunk_t keyid; - idtoa(&key->id, buf, BUF_LEN); - whack_log(RC_COMMENT,"%T, '%s'", &key->installed_time, utc, buf); - whack_log(RC_COMMENT, " pubkey: %N %4d bits, until %T %s", + whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, " identity: '%Y'", key->id); + whack_log(RC_COMMENT, " pubkey: %N %4d bits, until %T %s", key_type_names, public->get_type(public), public->get_keysize(public) * BITS_PER_BYTE, &key->until_time, utc, check_expiry(key->until_time, PUBKEY_WARNING_INTERVAL, TRUE)); - whack_log(RC_COMMENT," keyid: %Y", keyid); - if (key->issuer.len > 0) + if (public->get_fingerprint(public, KEY_ID_PUBKEY_INFO_SHA1, &keyid)) + { + whack_log(RC_COMMENT," keyid: %#B", &keyid); + } + if (key->issuer) { - dntoa(buf, BUF_LEN, key->issuer); - whack_log(RC_COMMENT," issuer: '%s'", buf); + whack_log(RC_COMMENT," issuer: \"%Y\"", key->issuer); } - if (key->serial.len > 0) + if (key->serial.len) { - datatot(key->serial.ptr, key->serial.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT," serial: %s", buf); + whack_log(RC_COMMENT," serial: %#B", &key->serial); } p = p->next; } diff --git a/src/pluto/keys.h b/src/pluto/keys.h index 8bc94d839..d856c0009 100644 --- a/src/pluto/keys.h +++ b/src/pluto/keys.h @@ -16,6 +16,7 @@ #ifndef _KEYS_H #define _KEYS_H +#include #include #include @@ -44,22 +45,19 @@ struct connection; extern const chunk_t *get_preshared_secret(const struct connection *c); extern private_key_t *get_private_key(const struct connection *c); -extern private_key_t *get_x509_private_key(const x509cert_t *cert); +extern private_key_t *get_x509_private_key(const cert_t *cert); /* public key machinery */ typedef struct pubkey pubkey_t; struct pubkey { - struct id id; + identification_t *id; unsigned refcnt; /* reference counted! */ enum dns_auth_level dns_auth_level; char *dns_sig; - time_t installed_time - , last_tried_time - , last_worked_time - , until_time; - chunk_t issuer; + time_t last_tried_time, last_worked_time, until_time; + identification_t *issuer; chunk_t serial; public_key_t *public_key; }; @@ -77,23 +75,19 @@ extern pubkey_t *public_key_from_rsa(public_key_t *key); extern pubkey_list_t *free_public_keyentry(pubkey_list_t *p); extern void free_public_keys(pubkey_list_t **keys); extern void free_remembered_public_keys(void); -extern void delete_public_keys(const struct id *id, key_type_t type, - chunk_t issuer, chunk_t serial); +extern void delete_public_keys(identification_t *id, key_type_t type, + identification_t *issuer, chunk_t serial); extern pubkey_t *reference_key(pubkey_t *pk); extern void unreference_key(pubkey_t **pkp); - -extern bool add_public_key(const struct id *id, +extern bool add_public_key(identification_t *id, enum dns_auth_level dns_auth_level, enum pubkey_alg alg, chunk_t rfc3110_key, pubkey_list_t **head); - -extern bool has_private_key(cert_t cert); -extern void add_x509_public_key(x509cert_t *cert, time_t until - , enum dns_auth_level dns_auth_level); -extern void add_pgp_public_key(pgpcert_t *cert, time_t until - , enum dns_auth_level dns_auth_level); -extern void remove_x509_public_key(const x509cert_t *cert); +extern bool has_private_key(cert_t *cert); +extern void add_public_key_from_cert(cert_t *cert, time_t until, + enum dns_auth_level dns_auth_level); +extern void remove_x509_public_key(const cert_t *cert); extern void list_public_keys(bool utc); struct gw_info; /* forward declaration of tag (defined in dnskey.h) */ diff --git a/src/pluto/log.c b/src/pluto/log.c index e34409f1c..2f3536ff3 100644 --- a/src/pluto/log.c +++ b/src/pluto/log.c @@ -38,12 +38,13 @@ #include "server.h" #include "state.h" #include "connections.h" +#include "myid.h" #include "kernel.h" #include "whack.h" /* needs connections.h */ #include "timer.h" /* close one per-peer log */ -static void perpeer_logclose(struct connection *c); /* forward */ +static void perpeer_logclose(connection_t *c); /* forward */ bool @@ -77,7 +78,7 @@ static TAILQ_HEAD(perpeer, connection) perpeer_list; */ int whack_log_fd = NULL_FD; /* only set during whack_handle() */ struct state *cur_state = NULL; /* current state, for diagnostics */ -struct connection *cur_connection = NULL; /* current connection, for diagnostics */ +connection_t *cur_connection = NULL; /* current connection, for diagnostics */ const ip_address *cur_from = NULL; /* source of current current message */ u_int16_t cur_from_port; /* host order */ @@ -99,12 +100,12 @@ static void pluto_dbg(int level, char *fmt, ...) else if (cur_debugging & DBG_RAW) { debug_level = 3; - } + } else if (cur_debugging & DBG_PARSING) { debug_level = 2; } - else + else { debug_level = 1; } @@ -245,7 +246,7 @@ fmt_log(char *buf, size_t buf_len, const char *fmt, va_list ap) { bool reproc = *fmt == '~'; size_t ps; - struct connection *c = cur_state != NULL ? cur_state->st_connection + connection_t *c = cur_state != NULL ? cur_state->st_connection : cur_connection; buf[0] = '\0'; @@ -293,7 +294,7 @@ fmt_log(char *buf, size_t buf_len, const char *fmt, va_list ap) } static void -perpeer_logclose(struct connection *c) +perpeer_logclose(connection_t *c) { /* only free/close things if we had used them! */ if (c->log_file != NULL) @@ -308,7 +309,7 @@ perpeer_logclose(struct connection *c) } void -perpeer_logfree(struct connection *c) +perpeer_logfree(connection_t *c) { perpeer_logclose(c); if (c->log_file_name != NULL) @@ -321,7 +322,7 @@ perpeer_logfree(struct connection *c) /* open the per-peer log */ static void -open_peerlog(struct connection *c) +open_peerlog(connection_t *c) { syslog(LOG_INFO, "opening log file for conn %s", c->name); @@ -725,7 +726,7 @@ lset_t cur_debugging = DBG_NONE; void -extra_debugging(const struct connection *c) +extra_debugging(const connection_t *c) { if(c == NULL) { @@ -835,8 +836,8 @@ static void show_loaded_plugins() char buf[BUF_LEN], *plugin; int len = 0; enumerator_t *enumerator; - - buf[0] = '\0'; + + buf[0] = '\0'; enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin)) { diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c index 228827f2a..03ec7f41f 100644 --- a/src/pluto/modecfg.c +++ b/src/pluto/modecfg.c @@ -26,6 +26,7 @@ #include #include +#include #include #include "constants.h" @@ -81,11 +82,10 @@ struct internal_addr bool xauth_status; }; -/* +/** * Initialize an internal_addr struct */ -static void -init_internal_addr(internal_addr_t *ia) +static void init_internal_addr(internal_addr_t *ia) { int i; @@ -106,46 +106,65 @@ init_internal_addr(internal_addr_t *ia) anyaddr(AF_INET, &ia->dns[i]); } - /* initialize WINS server information */ + /* initialize NBNS server information */ for (i = 0; i < NBNS_SERVER_MAX; i++) { anyaddr(AF_INET, &ia->nbns[i]); } } -/* - * get internal IP address for a connection +/** + * Get internal IP address for a connection */ -static void -get_internal_addr(struct connection *c, internal_addr_t *ia) +static void get_internal_addr(connection_t *c, host_t *requested_vip, + internal_addr_t *ia) { int i, dns_idx = 0, nbns_idx = 0; + enumerator_t *enumerator; + configuration_attribute_type_t type; + chunk_t value; + host_t *vip = NULL; if (isanyaddr(&c->spd.that.host_srcip)) { - /* not defined in connection - fetch it from LDAP */ + if (c->spd.that.pool) + { + vip = lib->attributes->acquire_address(lib->attributes, + c->spd.that.pool, c->spd.that.id, + requested_vip); + if (vip) + { + chunk_t addr = vip->get_address(vip); + + plog("assigning virtual IP %H to peer", vip); + initaddr(addr.ptr, addr.len, vip->get_family(vip), &ia->ipaddr); + + } + } + else + { + plog("no virtual IP found"); + } } else { - char srcip[ADDRTOT_BUF]; - ia->ipaddr = c->spd.that.host_srcip; - - addrtot(&ia->ipaddr, 0, srcip, sizeof(srcip)); - plog("assigning virtual IP source address %s", srcip); + vip = host_create_from_sockaddr((sockaddr_t*)&ia->ipaddr); + plog("assigning virtual IP %H to peer", vip); } if (!isanyaddr(&ia->ipaddr)) /* We got an IP address, send it */ { + c->spd.that.host_srcip = ia->ipaddr; c->spd.that.client.addr = ia->ipaddr; c->spd.that.client.maskbits = 32; c->spd.that.has_client = TRUE; - + ia->attr_set = LELEM(INTERNAL_IP4_ADDRESS) | LELEM(INTERNAL_IP4_NETMASK); } - /* assign DNS servers */ + /* assign DNS servers from strongswan.conf */ for (i = 1; i <= DNS_SERVER_MAX; i++) { char dns_key[16], *dns_str; @@ -158,20 +177,20 @@ get_internal_addr(struct connection *c, internal_addr_t *ia) sa_family_t family = strchr(dns_str, ':') ? AF_INET6 : AF_INET; ugh = ttoaddr(dns_str, 0, family, &ia->dns[dns_idx]); - if (ugh != NULL) + if (ugh) { plog("error in DNS server address: %s", ugh); continue; } plog("assigning DNS server %s to peer", dns_str); - /* differentiate between IP4 and IP6 in modecfg_build_msg() */ + /* differentiate between IP4 and IP6 in modecfg_build_msg() */ ia->attr_set |= LELEM(INTERNAL_IP4_DNS); dns_idx++; } } - /* assign WINS servers */ + /* assign NBNS servers from strongswan.conf */ for (i = 1; i <= NBNS_SERVER_MAX; i++) { char nbns_key[16], *nbns_str; @@ -184,26 +203,93 @@ get_internal_addr(struct connection *c, internal_addr_t *ia) sa_family_t family = strchr(nbns_str, ':') ? AF_INET6 : AF_INET; ugh = ttoaddr(nbns_str, 0, family, &ia->nbns[nbns_idx]); - if (ugh != NULL) + if (ugh) { - plog("error in WINS server address: %s", ugh); + plog("error in NBNS server address: %s", ugh); continue; } plog("assigning NBNS server %s to peer", nbns_str); - /* differentiate between IP4 and IP6 in modecfg_build_msg() */ + /* differentiate between IP4 and IP6 in modecfg_build_msg() */ ia->attr_set |= LELEM(INTERNAL_IP4_NBNS); nbns_idx++; } } + + /* assign attributes from registered providers */ + enumerator = lib->attributes->create_responder_enumerator(lib->attributes, + c->spd.that.id, vip); + while (enumerator->enumerate(enumerator, &type, &value)) + { + err_t ugh; + host_t *server; + sa_family_t family = AF_INET; + + switch (type) + { + case INTERNAL_IP6_DNS: + family = AF_INET6; + /* fallthrough */ + case INTERNAL_IP4_DNS: + if (dns_idx >= DNS_SERVER_MAX) + { + plog("exceeded the maximum number of %d DNS servers", + DNS_SERVER_MAX); + break; + } + ugh = initaddr(value.ptr, value.len, family, &ia->dns[dns_idx]); + if (ugh) + { + plog("error in DNS server address: %s", ugh); + break; + } + server = host_create_from_chunk(family, value, 0); + plog("assigning DNS server %H to peer", server); + server->destroy(server); + + /* differentiate between IP4 and IP6 in modecfg_build_msg() */ + ia->attr_set |= LELEM(INTERNAL_IP4_DNS); + dns_idx++; + break; + + case INTERNAL_IP6_NBNS: + family = AF_INET6; + /* fallthrough */ + case INTERNAL_IP4_NBNS: + if (nbns_idx >= NBNS_SERVER_MAX) + { + plog("exceeded the maximum number of %d NBNS servers", + NBNS_SERVER_MAX); + break; + } + ugh = initaddr(value.ptr, value.len, family, &ia->nbns[nbns_idx]); + if (ugh) + { + plog("error in NBNS server address: %s", ugh); + break; + } + server = host_create_from_chunk(family, value, 0); + plog("assigning NBNS server %H to peer", server); + server->destroy(server); + + /* differentiate between IP4 and IP6 in modecfg_build_msg() */ + ia->attr_set |= LELEM(INTERNAL_IP4_NBNS); + nbns_idx++; + break; + + default: + break; + } + } + enumerator->destroy(enumerator); + DESTROY_IF(vip); } -/* +/** * Set srcip and client subnet to internal IP address */ -static bool -set_internal_addr(struct connection *c, internal_addr_t *ia) +static bool set_internal_addr(connection_t *c, internal_addr_t *ia) { if (ia->attr_set & LELEM(INTERNAL_IP4_ADDRESS) && !isanyaddr(&ia->ipaddr)) @@ -227,7 +313,7 @@ set_internal_addr(struct connection *c, internal_addr_t *ia) plog("replacing virtual IP source address %s by %s" , old_srcip, new_srcip); } - + /* setting srcip */ c->spd.this.host_srcip = ia->ipaddr; @@ -240,7 +326,7 @@ set_internal_addr(struct connection *c, internal_addr_t *ia) return FALSE; } -/* +/** * Compute HASH of Mode Config. */ static size_t modecfg_hash(u_char *dest, u_char *start, u_char *roof, @@ -263,19 +349,18 @@ static size_t modecfg_hash(u_char *dest, u_char *start, u_char *roof, DBG(DBG_CRYPT, DBG_log("ModeCfg HASH computed:"); DBG_dump("", dest, prf_block_size) - ) + ) return prf_block_size; } -/* +/** * Generate an IKE message containing ModeCfg information (eg: IP, DNS, WINS) */ -static stf_status -modecfg_build_msg(struct state *st, pb_stream *rbody - , u_int16_t msg_type - , internal_addr_t *ia - , u_int16_t ap_id) +static stf_status modecfg_build_msg(struct state *st, pb_stream *rbody, + u_int16_t msg_type, + internal_addr_t *ia, + u_int16_t ap_id) { u_char *r_hash_start, *r_hashval; @@ -322,7 +407,7 @@ modecfg_build_msg(struct state *st, pb_stream *rbody is_unity_attr_set = FALSE; } } - + dont_advance = FALSE; if (attr_set & 1) @@ -384,7 +469,7 @@ modecfg_build_msg(struct state *st, pb_stream *rbody mask[t] = 0xff; m -= 8; } -#endif +#endif if (st->st_connection->spd.this.client.maskbits == 0) { mask = 0; @@ -491,11 +576,11 @@ modecfg_build_msg(struct state *st, pb_stream *rbody return STF_OK; } -/* +/** * Send ModeCfg message */ -static stf_status -modecfg_send_msg(struct state *st, int isama_type, internal_addr_t *ia) +static stf_status modecfg_send_msg(struct state *st, int isama_type, + internal_addr_t *ia) { pb_stream msg; pb_stream rbody; @@ -549,11 +634,10 @@ modecfg_send_msg(struct state *st, int isama_type, internal_addr_t *ia) return STF_OK; } -/* +/** * Parse a ModeCfg attribute payload */ -static stf_status -modecfg_parse_attributes(pb_stream *attrs, internal_addr_t *ia) +static stf_status modecfg_parse_attributes(pb_stream *attrs, internal_addr_t *ia) { struct isakmp_attribute attr; pb_stream strattr; @@ -610,12 +694,12 @@ modecfg_parse_attributes(pb_stream *attrs, internal_addr_t *ia) ugh = initaddr((char *)(strattr.cur), 4, AF_INET, &ia->nbns[nbns_idx]); if (ugh != NULL) { - plog("received invalid IPv4 WINS server address: %s", ugh); + plog("received invalid IPv4 NBNS server address: %s", ugh); } else { addrtot(&ia->nbns[nbns_idx], 0, buf, BUF_LEN); - plog("received IPv4 WINS server address %s", buf); + plog("received IPv4 NBNS server address %s", buf); nbns_idx++; } } @@ -644,12 +728,12 @@ modecfg_parse_attributes(pb_stream *attrs, internal_addr_t *ia) ugh = initaddr((char *)(strattr.cur), 16, AF_INET6, &ia->nbns[nbns_idx]); if (ugh != NULL) { - plog("received invalid IPv6 WINS server address: %s", ugh); + plog("received invalid IPv6 NBNS server address: %s", ugh); } else { addrtot(&ia->nbns[nbns_idx], 0, buf, BUF_LEN); - plog("received IPv6 WINS server address %s", buf); + plog("received IPv6 NBNS server address %s", buf); nbns_idx++; } } @@ -735,12 +819,11 @@ modecfg_parse_attributes(pb_stream *attrs, internal_addr_t *ia) return STF_OK; } -/* +/** * Parse a ModeCfg message */ -static stf_status -modecfg_parse_msg(struct msg_digest *md, int isama_type, u_int16_t *isama_id - , internal_addr_t *ia) +static stf_status modecfg_parse_msg(struct msg_digest *md, int isama_type, + u_int16_t *isama_id, internal_addr_t *ia) { struct state *const st = md->st; struct payload_digest *p; @@ -788,12 +871,12 @@ modecfg_parse_msg(struct msg_digest *md, int isama_type, u_int16_t *isama_id return STF_IGNORE; } -/* +/** * Send ModeCfg request message from client to server in pull mode */ -stf_status -modecfg_send_request(struct state *st) +stf_status modecfg_send_request(struct state *st) { + connection_t *c = st->st_connection; stf_status stat; internal_addr_t ia; @@ -801,6 +884,7 @@ modecfg_send_request(struct state *st) ia.attr_set = LELEM(INTERNAL_IP4_ADDRESS) | LELEM(INTERNAL_IP4_NETMASK); + ia.ipaddr = c->spd.this.host_srcip; plog("sending ModeCfg request"); st->st_state = STATE_MODE_CFG_I1; @@ -817,14 +901,14 @@ modecfg_send_request(struct state *st) * * used in ModeCfg pull mode, on the server (responder) */ -stf_status -modecfg_inR0(struct msg_digest *md) +stf_status modecfg_inR0(struct msg_digest *md) { struct state *const st = md->st; u_int16_t isama_id; internal_addr_t ia; bool want_unity_banner; stf_status stat, stat_build; + host_t *requested_vip; stat = modecfg_parse_msg(md, ISAKMP_CFG_REQUEST, &isama_id, &ia); if (stat != STF_OK) @@ -832,9 +916,20 @@ modecfg_inR0(struct msg_digest *md) return stat; } + if (ia.attr_set & LELEM(INTERNAL_IP4_ADDRESS)) + { + requested_vip = host_create_from_sockaddr((sockaddr_t*)&ia.ipaddr); + } + else + { + requested_vip = host_create_any(AF_INET); + } + plog("peer requested virtual IP %H", requested_vip); + want_unity_banner = (ia.unity_attr_set & LELEM(UNITY_BANNER - UNITY_BASE)) != LEMPTY; init_internal_addr(&ia); - get_internal_addr(st->st_connection, &ia); + get_internal_addr(st->st_connection, requested_vip, &ia); + requested_vip->destroy(requested_vip); if (want_unity_banner) { @@ -859,10 +954,9 @@ modecfg_inR0(struct msg_digest *md) /* STATE_MODE_CFG_I1: * HDR*, HASH, ATTR(REPLY=IP) * - * used in ModeCfg pull mode, on the client (initiator) + * used in ModeCfg pull mode, on the client (initiator) */ -stf_status -modecfg_inI1(struct msg_digest *md) +stf_status modecfg_inI1(struct msg_digest *md) { struct state *const st = md->st; u_int16_t isama_id; @@ -882,17 +976,19 @@ modecfg_inI1(struct msg_digest *md) } -/* +/** * Send ModeCfg set message from server to client in push mode */ -stf_status -modecfg_send_set(struct state *st) +stf_status modecfg_send_set(struct state *st) { stf_status stat; internal_addr_t ia; + host_t *vip; init_internal_addr(&ia); - get_internal_addr(st->st_connection, &ia); + vip = host_create_any(AF_INET); + get_internal_addr(st->st_connection, vip, &ia); + vip->destroy(vip); #ifdef CISCO_QUIRKS ia.unity_banner = UNITY_BANNER_STR; @@ -914,8 +1010,7 @@ modecfg_send_set(struct state *st) * * used in ModeCfg push mode, on the client (initiator). */ -stf_status -modecfg_inI0(struct msg_digest *md) +stf_status modecfg_inI0(struct msg_digest *md) { struct state *const st = md->st; u_int16_t isama_id; @@ -958,8 +1053,7 @@ modecfg_inI0(struct msg_digest *md) * * used in ModeCfg push mode, on the server (responder) */ -stf_status -modecfg_inR3(struct msg_digest *md) +stf_status modecfg_inR3(struct msg_digest *md) { struct state *const st = md->st; u_int16_t isama_id; @@ -977,11 +1071,10 @@ modecfg_inR3(struct msg_digest *md) return STF_OK; } -/* +/** * Send XAUTH credentials request (username + password) */ -stf_status -xauth_send_request(struct state *st) +stf_status xauth_send_request(struct state *st) { stf_status stat; internal_addr_t ia; @@ -1005,8 +1098,7 @@ xauth_send_request(struct state *st) * * used on the XAUTH client (initiator) */ -stf_status -xauth_inI0(struct msg_digest *md) +stf_status xauth_inI0(struct msg_digest *md) { struct state *const st = md->st; u_int16_t isama_id; @@ -1111,8 +1203,7 @@ xauth_inI0(struct msg_digest *md) * * used on the XAUTH server (responder) */ -stf_status -xauth_inR1(struct msg_digest *md) +stf_status xauth_inR1(struct msg_digest *md) { struct state *const st = md->st; u_int16_t isama_id; @@ -1148,13 +1239,14 @@ xauth_inR1(struct msg_digest *md) plog("user password attribute is missing in XAUTH reply"); st->st_xauth.status = FALSE; } - else + else { xauth_peer_t peer; peer.conn_name = st->st_connection->name; addrtot(&md->sender, 0, peer.ip_address, sizeof(peer.ip_address)); - idtoa(&md->st->st_connection->spd.that.id, peer.id, sizeof(peer.id)); + snprintf(peer.id, sizeof(peer.id), "%Y", + md->st->st_connection->spd.that.id); DBG(DBG_CONTROL, DBG_log("peer xauth user name is '%.*s'" @@ -1191,8 +1283,7 @@ xauth_inR1(struct msg_digest *md) * * used on the XAUTH client (initiator) */ -stf_status -xauth_inI1(struct msg_digest *md) +stf_status xauth_inI1(struct msg_digest *md) { struct state *const st = md->st; u_int16_t isama_id; @@ -1204,7 +1295,7 @@ xauth_inI1(struct msg_digest *md) if (stat != STF_OK) { /* notification payload - not exactly the right choice, but okay */ - md->note = ATTRIBUTES_NOT_SUPPORTED; + md->note = ISAKMP_ATTRIBUTES_NOT_SUPPORTED; return stat; } @@ -1243,8 +1334,7 @@ xauth_inI1(struct msg_digest *md) * * used on the XAUTH server (responder) */ -stf_status -xauth_inR2(struct msg_digest *md) +stf_status xauth_inR2(struct msg_digest *md) { struct state *const st = md->st; u_int16_t isama_id; diff --git a/src/pluto/modecfg.h b/src/pluto/modecfg.h index 86bfc6ed2..bc1443012 100644 --- a/src/pluto/modecfg.h +++ b/src/pluto/modecfg.h @@ -1,7 +1,7 @@ /* Mode Config related functions * Copyright (C) 2001-2002 Colubris Networks * Copyright (C) 2003-2004 Xelerance Corporation - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your diff --git a/src/pluto/myid.c b/src/pluto/myid.c new file mode 100644 index 000000000..ad4eefd15 --- /dev/null +++ b/src/pluto/myid.c @@ -0,0 +1,121 @@ +/* identity representation, as in IKE ID Payloads (RFC 2407 DOI 4.6.2.1) + * Copyright (C) 1999-2001 D. Hugh Redelmeier + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include +#include + +#ifndef HOST_NAME_MAX /* POSIX 1003.1-2001 says defines this */ +# define HOST_NAME_MAX 255 /* upper bound, according to SUSv2 */ +#endif + +#include + +#include + +#include "myid.h" +#include "constants.h" +#include "defs.h" +#include "log.h" +#include "connections.h" +#include "packet.h" +#include "whack.h" + +enum myid_state myid_state = MYID_UNKNOWN; + +identification_t *myids[MYID_SPECIFIED+1]; /* %myid */ + +/** + * Fills in myid from environment variable IPSECmyid or defaultrouteaddr + */ +void init_myid(void) +{ + myid_state = MYID_UNKNOWN; + { + enum myid_state s; + + for (s = MYID_UNKNOWN; s <= MYID_SPECIFIED; s++) + { + myids[s] = identification_create_from_string("%any"); + } + } + set_myid(MYID_SPECIFIED, getenv("IPSECmyid")); + set_myid(MYID_IP, getenv("defaultrouteaddr")); + set_myFQDN(); +} + +/** + * Free myid module + */ +void free_myid(void) +{ + enum myid_state s; + + for (s = MYID_UNKNOWN; s <= MYID_SPECIFIED; s++) + { + DESTROY_IF(myids[s]); + } +} + +void set_myid(enum myid_state s, char *idstr) +{ + if (idstr) + { + myids[s]->destroy(myids[s]); + myids[s] = identification_create_from_string(idstr); + if (s == MYID_SPECIFIED) + { + myid_state = MYID_SPECIFIED; + } + } +} + +void set_myFQDN(void) +{ + char FQDN[HOST_NAME_MAX + 1]; + int r = gethostname(FQDN, sizeof(FQDN)); + size_t len; + + if (r != 0) + { + log_errno((e, "gethostname() failed in set_myFQDN")); + } + else + { + FQDN[sizeof(FQDN) - 1] = '\0'; /* insurance */ + len = strlen(FQDN); + + if (len > 0 && FQDN[len-1] == '.') + { + /* nuke trailing . */ + FQDN[len-1] = '\0'; + } + if (!strcaseeq(FQDN, "localhost.localdomain")) + { + myids[MYID_HOSTNAME]->destroy(myids[MYID_HOSTNAME]); + myids[MYID_HOSTNAME] = identification_create_from_string(FQDN); + } + } +} + +void show_myid_status(void) +{ + whack_log(RC_COMMENT, "%%myid = '%Y'", myids[myid_state]); +} + +/* + * Local Variables: + * c-basic-offset:4 + * c-style: pluto + * End: + */ diff --git a/src/pluto/myid.h b/src/pluto/myid.h new file mode 100644 index 000000000..012a34968 --- /dev/null +++ b/src/pluto/myid.h @@ -0,0 +1,38 @@ +/* identity representation, as in IKE ID Payloads (RFC 2407 DOI 4.6.2.1) + * Copyright (C) 1999-2001 D. Hugh Redelmeier + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef _MYID_H +#define _MYID_H + +#include + +extern void init_myid(void); +extern void free_myid(void); + +enum myid_state { + MYID_UNKNOWN, /* not yet figured out */ + MYID_HOSTNAME, /* our current hostname */ + MYID_IP, /* our default IP address */ + MYID_SPECIFIED /* as specified by ipsec.conf */ +}; + +extern enum myid_state myid_state; +extern identification_t* myids[MYID_SPECIFIED+1]; /* %myid */ +extern void set_myid(enum myid_state s, char *); +extern void show_myid_status(void); +extern void set_myFQDN(void); + +#define resolve_myid(id) ((id)->get_type(id) == ID_MYID? myids[myid_state] : (id)) + +#endif /* _MYID_H */ diff --git a/src/pluto/nat_traversal.c b/src/pluto/nat_traversal.c index de3972fe2..feedf2aad 100644 --- a/src/pluto/nat_traversal.c +++ b/src/pluto/nat_traversal.c @@ -147,7 +147,7 @@ static void _natd_hash(const struct hash_desc *oakley_hasher, char *hash, addr_chunk = chunk_from_thing(ip->u.v6.sin6_addr.s6_addr); break; default: - addr_chunk = chunk_empty; /* should never occur */ + addr_chunk = chunk_empty; /* should never occur */ } hasher->get_hash(hasher, addr_chunk, NULL); hasher->get_hash(hasher, port_chunk, hash); @@ -310,7 +310,7 @@ bool nat_traversal_add_natd(u_int8_t np, pb_stream *outs, DBG(DBG_EMITTING, DBG_log("sending NATD payloads") ) - + /* * First one with sender IP & port */ @@ -348,7 +348,7 @@ bool nat_traversal_add_natd(u_int8_t np, pb_stream *outs, /* * nat_traversal_natoa_lookup() - * + * * Look for NAT-OA in message */ void nat_traversal_natoa_lookup(struct msg_digest *md) @@ -435,7 +435,7 @@ void nat_traversal_natoa_lookup(struct msg_digest *md) { char ip_t[ADDRTOT_BUF]; addrtot(&ip, 0, ip_t, sizeof(ip_t)); - + DBG_log("received NAT-OA: %s", ip_t); } ) @@ -514,7 +514,7 @@ void nat_traversal_show_result (u_int32_t nt, u_int16_t sport) mth = natt_type_bitnames[2]; break; } - + switch (nt & NAT_T_DETECTED) { case 0: @@ -600,7 +600,7 @@ static void nat_traversal_send_ka (struct state *st) static void nat_traversal_ka_event_state (struct state *st, void *data) { unsigned int *_kap_st = (unsigned int *)data; - const struct connection *c = st->st_connection; + const connection_t *c = st->st_connection; if (!c) return; @@ -658,7 +658,7 @@ struct _new_mapp_nfo { static void nat_traversal_find_new_mapp_state (struct state *st, void *data) { - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; struct _new_mapp_nfo *nfo = (struct _new_mapp_nfo *)data; if (c != NULL @@ -720,7 +720,7 @@ static int nat_traversal_new_mapping(const ip_address *src, u_int16_t sport, void nat_traversal_change_port_lookup(struct msg_digest *md, struct state *st) { - struct connection *c = st ? st->st_connection : NULL; + connection_t *c = st ? st->st_connection : NULL; struct iface *i = NULL; if ((st == NULL) || (c == NULL)) @@ -804,7 +804,7 @@ struct _new_klips_mapp_nfo { static void nat_t_new_klips_mapp (struct state *st, void *data) { - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; struct _new_klips_mapp_nfo *nfo = (struct _new_klips_mapp_nfo *)data; if (c != NULL && st->st_esp.present diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index 8e428a759..b1f558ebf 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -67,19 +67,19 @@ static const char *const response_status_names[] = { typedef struct response response_t; struct response { - chunk_t tbs; - chunk_t responder_id_name; - chunk_t responder_id_key; - time_t produced_at; - chunk_t responses; - chunk_t nonce; - int algorithm; - chunk_t signature; + chunk_t tbs; + identification_t *responder_id_name; + chunk_t responder_id_key; + time_t produced_at; + chunk_t responses; + chunk_t nonce; + int algorithm; + chunk_t signature; }; const response_t empty_response = { { NULL, 0 } , /* tbs */ - { NULL, 0 } , /* responder_id_name */ + NULL , /* responder_id_name */ { NULL, 0 } , /* responder_id_key */ UNDEFINED_TIME, /* produced_at */ { NULL, 0 } , /* single_response */ @@ -105,16 +105,16 @@ struct single_response { }; const single_response_t empty_single_response = { - NULL , /* *next */ - OID_UNKNOWN , /* hash_algorithm */ - { NULL, 0 } , /* issuer_name_hash */ - { NULL, 0 } , /* issuer_key_hash */ - { NULL, 0 } , /* serial_number */ - CERT_UNDEFINED , /* status */ - UNDEFINED_TIME , /* revocationTime */ - REASON_UNSPECIFIED, /* revocationReason */ - UNDEFINED_TIME , /* this_update */ - UNDEFINED_TIME /* next_update */ + NULL , /* *next */ + OID_UNKNOWN , /* hash_algorithm */ + { NULL, 0 } , /* issuer_name_hash */ + { NULL, 0 } , /* issuer_key_hash */ + { NULL, 0 } , /* serial_number */ + CERT_UNDEFINED , /* status */ + UNDEFINED_TIME , /* revocationTime */ + CRL_REASON_UNSPECIFIED, /* revocationReason */ + UNDEFINED_TIME , /* this_update */ + UNDEFINED_TIME /* next_update */ }; @@ -126,26 +126,17 @@ struct request_list { }; /* some OCSP specific prefabricated ASN.1 constants */ - -static u_char ASN1_nonce_oid_str[] = { +static const chunk_t ASN1_nonce_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02 -}; - -static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str); - -static u_char ASN1_response_oid_str[] = { +); +static const chunk_t ASN1_response_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04 -}; - -static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str); - -static u_char ASN1_response_content_str[] = { +); +static const chunk_t ASN1_response_content = chunk_from_chars( 0x04, 0x0D, 0x30, 0x0B, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01 -}; - -static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str); +); /* default OCSP uri */ static chunk_t ocsp_default_uri; @@ -154,7 +145,7 @@ static chunk_t ocsp_default_uri; static ocsp_location_t *ocsp_cache = NULL; /* static temporary storage for ocsp requestor information */ -static x509cert_t *ocsp_requestor_cert = NULL; +static cert_t *ocsp_requestor_cert = NULL; static smartcard_t *ocsp_requestor_sc = NULL; @@ -290,27 +281,38 @@ static const asn1Object_t singleResponseObjects[] = { * Build an ocsp location from certificate information * without unsharing its contents */ -static bool build_ocsp_location(const x509cert_t *cert, ocsp_location_t *location) +static bool build_ocsp_location(const cert_t *cert, ocsp_location_t *location) { + certificate_t *certificate = cert->cert; + identification_t *issuer = certificate->get_issuer(certificate); + x509_t *x509 = (x509_t*)certificate; + chunk_t issuer_dn = issuer->get_encoding(issuer); + chunk_t authKeyID = x509->get_authKeyIdentifier(x509); hasher_t *hasher; static u_char digest[HASH_SIZE_SHA1]; /* temporary storage */ - - location->uri = cert->accessLocation; - if (location->uri.ptr == NULL) + enumerator_t *enumerator = x509->create_ocsp_uri_enumerator(x509); + + location->uri = NULL; + while (enumerator->enumerate(enumerator, &location->uri)) + { + break; + } + enumerator->destroy(enumerator); + + if (location->uri == NULL) { - ca_info_t *ca = get_ca_info(cert->issuer, cert->authKeySerialNumber - , cert->authKeyID); - if (ca != NULL && ca->ocspuri != NULL) + ca_info_t *ca = get_ca_info(issuer, authKeyID); + if (ca && ca->ocspuri) { - location->uri = chunk_create(ca->ocspuri, strlen(ca->ocspuri)); + location->uri = ca->ocspuri; } else { /* abort if no ocsp location uri is defined */ return FALSE; } } - + /* compute authNameID from as SHA-1 hash of issuer DN */ location->authNameID = chunk_create(digest, HASH_SIZE_SHA1); hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); @@ -318,23 +320,22 @@ static bool build_ocsp_location(const x509cert_t *cert, ocsp_location_t *locatio { return FALSE; } - hasher->get_hash(hasher, cert->issuer, digest); + hasher->get_hash(hasher, issuer_dn, digest); hasher->destroy(hasher); location->next = NULL; - location->issuer = cert->issuer; - location->authKeyID = cert->authKeyID; - location->authKeySerialNumber = cert->authKeySerialNumber; - - if (cert->authKeyID.ptr == NULL) + location->issuer = issuer; + location->authKeyID = authKeyID; + + if (authKeyID.ptr == NULL) { - x509cert_t *authcert = get_authcert(cert->issuer - , cert->authKeySerialNumber, cert->authKeyID, AUTH_CA); + cert_t *authcert = get_authcert(issuer, authKeyID, X509_CA); - if (authcert != NULL) + if (authcert) { - location->authKeyID = authcert->subjectKeyID; - location->authKeySerialNumber = authcert->serialNumber; + x509_t *x509 = (x509_t*)authcert->cert; + + location->authKeyID = x509->get_subjectKeyIdentifier(x509); } } @@ -349,11 +350,10 @@ static bool build_ocsp_location(const x509cert_t *cert, ocsp_location_t *locatio */ static bool same_ocsp_location(const ocsp_location_t *a, const ocsp_location_t *b) { - return ((a->authKeyID.ptr != NULL) + return ((a->authKeyID.ptr) ? same_keyid(a->authKeyID, b->authKeyID) - : (same_dn(a->issuer, b->issuer) - && same_serial(a->authKeySerialNumber, b->authKeySerialNumber))) - && chunk_equals(a->uri, b->uri); + : a->issuer->equals(a->issuer, b->issuer)) + && streq(a->uri, b->uri); } /** @@ -362,7 +362,7 @@ static bool same_ocsp_location(const ocsp_location_t *a, const ocsp_location_t * ocsp_location_t* get_ocsp_location(const ocsp_location_t * loc, ocsp_location_t *chain) { - while (chain != NULL) + while (chain) { if (same_ocsp_location(loc, chain)) return chain; @@ -393,7 +393,7 @@ static cert_status_t get_ocsp_status(const ocsp_location_t *loc, certinfop = &location->certinfo; certinfo = *certinfop; - while (certinfo != NULL) + while (certinfo) { cmp = chunk_compare(serialNumber, certinfo->serialNumber); if (cmp <= 0) @@ -416,30 +416,34 @@ static cert_status_t get_ocsp_status(const ocsp_location_t *loc, /** * Verify the ocsp status of a certificate */ -cert_status_t verify_by_ocsp(const x509cert_t *cert, time_t *until, +cert_status_t verify_by_ocsp(const cert_t *cert, time_t *until, time_t *revocationDate, crl_reason_t *revocationReason) { + x509_t *x509 = (x509_t*)cert->cert; + chunk_t serialNumber = x509->get_serial(x509); cert_status_t status; ocsp_location_t location; - time_t nextUpdate = 0; + time_t nextUpdate = UNDEFINED_TIME; *revocationDate = UNDEFINED_TIME; - *revocationReason = REASON_UNSPECIFIED; - + *revocationReason = CRL_REASON_UNSPECIFIED; + /* is an ocsp location defined? */ if (!build_ocsp_location(cert, &location)) + { return CERT_UNDEFINED; + } lock_ocsp_cache("verify_by_ocsp"); - status = get_ocsp_status(&location, cert->serialNumber, &nextUpdate + status = get_ocsp_status(&location, serialNumber, &nextUpdate , revocationDate, revocationReason); unlock_ocsp_cache("verify_by_ocsp"); if (status == CERT_UNDEFINED || nextUpdate < time(NULL)) { plog("ocsp status is stale or not in cache"); - add_ocsp_fetch_request(&location, cert->serialNumber); + add_ocsp_fetch_request(&location, serialNumber); /* inititate fetching of ocsp status */ wake_fetch_thread("verify_by_ocsp"); @@ -457,14 +461,14 @@ void check_ocsp(void) lock_ocsp_cache("check_ocsp"); location = ocsp_cache; - - while (location != NULL) + + while (location) { char buf[BUF_LEN]; bool first = TRUE; ocsp_certinfo_t *certinfo = location->certinfo; - while (certinfo != NULL) + while (certinfo) { if (!certinfo->once) { @@ -473,9 +477,8 @@ void check_ocsp(void) DBG(DBG_CONTROL, if (first) { - dntoa(buf, BUF_LEN, location->issuer); - DBG_log("issuer: '%s'", buf); - if (location->authKeyID.ptr != NULL) + DBG_log("issuer: \"%Y\"", location->issuer); + if (location->authKeyID.ptr) { datatot(location->authKeyID.ptr, location->authKeyID.len , ':', buf, BUF_LEN); @@ -514,7 +517,7 @@ static void free_certinfos(ocsp_certinfo_t *chain) { ocsp_certinfo_t *certinfo; - while (chain != NULL) + while (chain) { certinfo = chain; chain = chain->next; @@ -527,11 +530,10 @@ static void free_certinfos(ocsp_certinfo_t *chain) */ static void free_ocsp_location(ocsp_location_t* location) { - free(location->issuer.ptr); + DESTROY_IF(location->issuer); free(location->authNameID.ptr); free(location->authKeyID.ptr); - free(location->authKeySerialNumber.ptr); - free(location->uri.ptr); + free(location->uri); free_certinfos(location->certinfo); free(location); } @@ -541,7 +543,7 @@ static void free_ocsp_location(ocsp_location_t* location) */ void free_ocsp_locations(ocsp_location_t **chain) { - while (*chain != NULL) + while (*chain) { ocsp_location_t *location = *chain; *chain = location->next; @@ -576,73 +578,55 @@ void list_ocsp_locations(ocsp_location_t *location, bool requests, { bool first = TRUE; - while (location != NULL) + while (location) { ocsp_certinfo_t *certinfo = location->certinfo; - if (certinfo != NULL) + if (certinfo) { - u_char buf[BUF_LEN]; - if (first) { whack_log(RC_COMMENT, " "); - whack_log(RC_COMMENT, "List of OCSP %s:", requests? - "fetch requests":"responses"); + whack_log(RC_COMMENT, "List of OCSP %s:", requests ? + "Fetch Requests" : "Responses"); first = FALSE; } whack_log(RC_COMMENT, " "); - if (location->issuer.ptr != NULL) - { - dntoa(buf, BUF_LEN, location->issuer); - whack_log(RC_COMMENT, " issuer: '%s'", buf); - } - whack_log(RC_COMMENT, " uri: '%.*s'", (int)location->uri.len - , location->uri.ptr); - if (location->authNameID.ptr != NULL) + if (location->issuer) { - datatot(location->authNameID.ptr, location->authNameID.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " authname: %s", buf); + whack_log(RC_COMMENT, " issuer: \"%Y\"", location->issuer); } - if (location->authKeyID.ptr != NULL) + whack_log(RC_COMMENT, " uri: '%s'", location->uri); + if (location->authNameID.ptr) { - datatot(location->authKeyID.ptr, location->authKeyID.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " authkey: %s", buf); + whack_log(RC_COMMENT, " authname: %#B", &location->authNameID); } - if (location->authKeySerialNumber.ptr != NULL) + if (location->authKeyID.ptr) { - datatot(location->authKeySerialNumber.ptr - , location->authKeySerialNumber.len, ':', buf, BUF_LEN); - whack_log(RC_COMMENT, " aserial: %s", buf); + whack_log(RC_COMMENT, " authkey: %#B", &location->authKeyID); } - while (certinfo != NULL) + while (certinfo) { - char thisUpdate[BUF_LEN]; - - snprintf(thisUpdate, BUF_LEN, "%T", &certinfo->thisUpdate, utc); - if (requests) { - whack_log(RC_COMMENT, "%s, trials: %d", thisUpdate - , certinfo->trials); + whack_log(RC_COMMENT, " serial: %#B, %d trials", + &certinfo->serialNumber, certinfo->trials); } else if (certinfo->once) { - whack_log(RC_COMMENT, "%s, onetime use%s", thisUpdate - , (certinfo->nextUpdate < time(NULL))? " (expired)": ""); + whack_log(RC_COMMENT, " serial: %#B, %s, once%s", + &certinfo->serialNumber, + cert_status_names[certinfo->status], + (certinfo->nextUpdate < time(NULL))? " (expired)": ""); } else { - whack_log(RC_COMMENT, "%s, until %T %s", thisUpdate - , &certinfo->nextUpdate, utc - , check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict)); + whack_log(RC_COMMENT, " serial: %#B, %s, until %T %s", + &certinfo->serialNumber, + cert_status_names[certinfo->status], + &certinfo->nextUpdate, utc, + check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict)); } - datatot(certinfo->serialNumber.ptr, certinfo->serialNumber.len, ':' - , buf, BUF_LEN); - whack_log(RC_COMMENT, " serial: %s, %s", buf - , cert_status_names[certinfo->status]); certinfo = certinfo->next; } } @@ -662,7 +646,7 @@ void list_ocsp_cache(bool utc, bool strict) static bool get_ocsp_requestor_cert(ocsp_location_t *location) { - x509cert_t *cert = NULL; + cert_t *cert = NULL; /* initialize temporary static storage */ ocsp_requestor_cert = NULL; @@ -671,17 +655,17 @@ static bool get_ocsp_requestor_cert(ocsp_location_t *location) for (;;) { - char buf[BUF_LEN]; + certificate_t *certificate; /* looking for a certificate from the same issuer */ - cert = get_x509cert(location->issuer, location->authKeySerialNumber - ,location->authKeyID, cert); + cert = get_x509cert(location->issuer, location->authKeyID, cert); if (cert == NULL) + { break; - + } + certificate = cert->cert; DBG(DBG_CONTROL, - dntoa(buf, BUF_LEN, cert->subject); - DBG_log("candidate: '%s'", buf); + DBG_log("candidate: '%Y'", certificate->get_subject(certificate)); ) if (cert->smartcard) @@ -689,7 +673,7 @@ static bool get_ocsp_requestor_cert(ocsp_location_t *location) /* look for a matching private key on a smartcard */ smartcard_t *sc = scx_get(cert); - if (sc != NULL) + if (sc) { DBG(DBG_CONTROL, DBG_log("matching smartcard found") @@ -708,7 +692,7 @@ static bool get_ocsp_requestor_cert(ocsp_location_t *location) /* look for a matching private key in the chained list */ private_key_t *private = get_x509_private_key(cert); - if (private != NULL) + if (private) { DBG(DBG_CONTROL, DBG_log("matching private key found") @@ -726,8 +710,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc) { hasher_t *hasher; u_char *pos; - u_char digest_buf[HASH_SIZE_SHA1]; - chunk_t digest = chunk_from_buf(digest_buf); + chunk_t digest; chunk_t digest_info, sigdata; size_t siglen = 0; @@ -756,15 +739,15 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc) { return chunk_empty; } - hasher->get_hash(hasher, tbs, digest_buf); + hasher->allocate_hash(hasher, tbs, &digest); hasher->destroy(hasher); /* according to PKCS#1 v2.1 digest must be packaged into * an ASN.1 structure for encryption */ - digest_info = asn1_wrap(ASN1_SEQUENCE, "cm" + digest_info = asn1_wrap(ASN1_SEQUENCE, "mm" , asn1_algorithmIdentifier(OID_SHA1) - , asn1_simple_object(ASN1_OCTET_STRING, digest)); + , asn1_wrap(ASN1_OCTET_STRING, "m", digest)); pos = asn1_build_object(&sigdata, ASN1_BIT_STRING, 1 + siglen); *pos++ = 0x00; @@ -784,9 +767,9 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc) */ static chunk_t build_signature(chunk_t tbsRequest) { - chunk_t sigdata, certs; + chunk_t sigdata, cert, certs; - if (ocsp_requestor_sc != NULL) + if (ocsp_requestor_sc) { /* RSA signature is done on smartcard */ sigdata = sc_build_sha1_signature(tbsRequest, ocsp_requestor_sc); @@ -803,15 +786,13 @@ static chunk_t build_signature(chunk_t tbsRequest) } /* include our certificate */ - certs = asn1_wrap(ASN1_CONTEXT_C_0, "m" - , asn1_simple_object(ASN1_SEQUENCE - , ocsp_requestor_cert->certificate - ) - ); + cert = ocsp_requestor_cert->cert->get_encoding(ocsp_requestor_cert->cert); + certs = asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_SEQUENCE, "m", cert)); /* build signature comprising algorithm, signature and cert */ return asn1_wrap(ASN1_CONTEXT_C_0, "m" - , asn1_wrap(ASN1_SEQUENCE, "cmm" + , asn1_wrap(ASN1_SEQUENCE, "mmm" , asn1_algorithmIdentifier(OID_SHA1_WITH_RSA) , sigdata , certs @@ -825,7 +806,7 @@ static chunk_t build_signature(chunk_t tbsRequest) */ static chunk_t build_request(ocsp_location_t *location, ocsp_certinfo_t *certinfo) { - chunk_t reqCert = asn1_wrap(ASN1_SEQUENCE, "cmmm" + chunk_t reqCert = asn1_wrap(ASN1_SEQUENCE, "mmmm" , asn1_algorithmIdentifier(OID_SHA1) , asn1_simple_object(ASN1_OCTET_STRING, location->authNameID) , asn1_simple_object(ASN1_OCTET_STRING, location->authKeyID) @@ -847,7 +828,7 @@ static chunk_t build_request_list(ocsp_location_t *location) size_t datalen = 0; /* build content */ - while (certinfo != NULL) + while (certinfo) { /* build request for every certificate in list * and store them in a chained list @@ -865,7 +846,7 @@ static chunk_t build_request_list(ocsp_location_t *location) pos = asn1_build_object(&requestList, ASN1_SEQUENCE, datalen); /* copy all in chained list, free list afterwards */ - while (reqs != NULL) + while (reqs) { request_list_t *req = reqs; @@ -882,9 +863,12 @@ static chunk_t build_request_list(ocsp_location_t *location) */ static chunk_t build_requestor_name(void) { + certificate_t *certificate = ocsp_requestor_cert->cert; + identification_t *subject = certificate->get_subject(certificate); + return asn1_wrap(ASN1_CONTEXT_C_1, "m" , asn1_simple_object(ASN1_CONTEXT_C_4 - , ocsp_requestor_cert->subject)); + , subject->get_encoding(subject))); } /** @@ -944,17 +928,13 @@ chunk_t build_ocsp_request(ocsp_location_t *location) { bool has_requestor_cert; chunk_t tbsRequest, signature; - char buf[BUF_LEN]; DBG(DBG_CONTROL, DBG_log("assembling ocsp request"); - dntoa(buf, BUF_LEN, location->issuer); - DBG_log("issuer: '%s'", buf); - if (location->authKeyID.ptr != NULL) + DBG_log("issuer: \"%Y\"", location->issuer); + if (location->authKeyID.ptr) { - datatot(location->authKeyID.ptr, location->authKeyID.len, ':' - , buf, BUF_LEN); - DBG_log("authkey: %s", buf); + DBG_log("authkey: %#B", &location->authKeyID); } ) lock_certs_and_keys("build_ocsp_request"); @@ -981,14 +961,13 @@ chunk_t build_ocsp_request(ocsp_location_t *location) */ static bool valid_ocsp_response(response_t *res) { - int pathlen; - x509cert_t *authcert; + int pathlen, pathlen_constraint; + cert_t *authcert; lock_authcert_list("valid_ocsp_response"); - authcert = get_authcert(res->responder_id_name, chunk_empty - , res->responder_id_key, AUTH_OCSP | AUTH_CA); - + authcert = get_authcert(res->responder_id_name, res->responder_id_key, + X509_OCSP_SIGNER | X509_CA); if (authcert == NULL) { plog("no matching ocsp signer cert found"); @@ -999,7 +978,8 @@ static bool valid_ocsp_response(response_t *res) DBG_log("ocsp signer cert found") ) - if (!x509_check_signature(res->tbs, res->signature, res->algorithm, authcert)) + if (!x509_check_signature(res->tbs, res->signature, res->algorithm, + authcert->cert)) { plog("signature of ocsp response is invalid"); unlock_authcert_list("valid_ocsp_response"); @@ -1010,43 +990,38 @@ static bool valid_ocsp_response(response_t *res) ) - for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++) + for (pathlen = -1; pathlen <= X509_MAX_PATH_LEN; pathlen++) { - u_char buf[BUF_LEN]; - err_t ugh = NULL; - time_t until; - - x509cert_t *cert = authcert; + cert_t *cert = authcert; + certificate_t *certificate = cert->cert; + x509_t *x509 = (x509_t*)certificate; + identification_t *subject = certificate->get_subject(certificate); + identification_t *issuer = certificate->get_issuer(certificate); + chunk_t authKeyID = x509->get_authKeyIdentifier(x509); + time_t not_before, not_after; DBG(DBG_CONTROL, - dntoa(buf, BUF_LEN, cert->subject); - DBG_log("subject: '%s'",buf); - dntoa(buf, BUF_LEN, cert->issuer); - DBG_log("issuer: '%s'",buf); - if (cert->authKeyID.ptr != NULL) + DBG_log("subject: '%Y'", subject); + DBG_log("issuer: '%Y'", issuer); + if (authKeyID.ptr) { - datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':' - , buf, BUF_LEN); - DBG_log("authkey: %s", buf); + DBG_log("authkey: %#B", &authKeyID); } ) - ugh = check_validity(authcert, &until); - - if (ugh != NULL) + if (!certificate->get_validity(certificate, NULL, ¬_before, ¬_after)) { - plog("%s", ugh); + plog("certificate is invalid (valid from %T to %T)", + ¬_before, FALSE, ¬_after, FALSE); + unlock_authcert_list("valid_ocsp_response"); return FALSE; } - DBG(DBG_CONTROL, DBG_log("certificate is valid") ) - - authcert = get_authcert(cert->issuer, cert->authKeySerialNumber - , cert->authKeyID, AUTH_CA); + authcert = get_authcert(issuer, authKeyID, X509_CA); if (authcert == NULL) { plog("issuer cacert not found"); @@ -1057,8 +1032,7 @@ static bool valid_ocsp_response(response_t *res) DBG_log("issuer cacert found") ) - if (!x509_check_signature(cert->tbsCertificate, cert->signature, - cert->algorithm, authcert)) + if (!certificate->issued_by(certificate, authcert->cert)) { plog("certificate signature is invalid"); unlock_authcert_list("valid_ocsp_response"); @@ -1068,17 +1042,28 @@ static bool valid_ocsp_response(response_t *res) DBG_log("certificate signature is valid") ) + /* check path length constraint */ + pathlen_constraint = x509->get_pathLenConstraint(x509); + if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && + pathlen > pathlen_constraint) + { + plog("path length of %d violates constraint of %d", + pathlen, pathlen_constraint); + return FALSE; + } + /* check if cert is self-signed */ - if (same_dn(cert->issuer, cert->subject)) + if (x509->get_flags(x509) & X509_SELF_SIGNED) { DBG(DBG_CONTROL, - DBG_log("reached self-signed root ca") + DBG_log("reached self-signed root ca with a path length of %d", + pathlen) ) unlock_authcert_list("valid_ocsp_response"); return TRUE; } } - plog("maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN); + plog("maximum path length of %d exceeded", X509_MAX_PATH_LEN); unlock_authcert_list("valid_ocsp_response"); return FALSE; } @@ -1091,7 +1076,6 @@ static bool parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res) asn1_parser_t *parser; chunk_t object; u_int version; - u_char buf[BUF_LEN]; int objectID; int extn_oid = OID_UNKNOWN; bool success = FALSE; @@ -1116,10 +1100,10 @@ static bool parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res) } break; case BASIC_RESPONSE_ID_BY_NAME: - res->responder_id_name = object; + res->responder_id_name = identification_create_from_encoding( + ID_DER_ASN1_DN, object); DBG(DBG_PARSING, - dntoa(buf, BUF_LEN, object); - DBG_log(" '%s'",buf) + DBG_log(" '%Y'", res->responder_id_name) ) break; case BASIC_RESPONSE_ID_BY_KEY: @@ -1153,23 +1137,35 @@ static bool parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res) break; case BASIC_RESPONSE_CERTIFICATE: { - chunk_t blob = chunk_clone(object); - x509cert_t *cert = malloc_thing(x509cert_t); - - *cert = empty_x509cert; - - if (parse_x509cert(blob, parser->get_level(parser)+1, cert) - && cert->isOcspSigner - && trust_authcert_candidate(cert, NULL)) + cert_t *cert = malloc_thing(cert_t); + x509_t *x509; + + *cert = cert_empty; + cert->cert = lib->creds->create(lib->creds, + CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, object, + BUILD_END); + if (cert->cert == NULL) + { + DBG(DBG_CONTROL | DBG_PARSING, + DBG_log("parsing of embedded ocsp certificate failed") + ) + cert_free(cert); + break; + } + x509 = (x509_t*)cert->cert; + + if ((x509->get_flags(x509) & X509_OCSP_SIGNER) && + trust_authcert_candidate(cert, NULL)) { - add_authcert(cert, AUTH_OCSP); + add_authcert(cert, X509_OCSP_SIGNER); } else { DBG(DBG_CONTROL | DBG_PARSING, DBG_log("embedded ocsp certificate rejected") ) - free_x509cert(cert); + cert_free(cert); } } break; @@ -1292,7 +1288,7 @@ static bool parse_ocsp_single_response(chunk_t blob, int level0, break; case SINGLE_RESPONSE_CERT_STATUS_CRL_REASON: sres->revocationReason = (object.len == 1) - ? *object.ptr : REASON_UNSPECIFIED; + ? *object.ptr : CRL_REASON_UNSPECIFIED; break; case SINGLE_RESPONSE_CERT_STATUS_UNKNOWN: sres->status = CERT_UNKNOWN; @@ -1329,11 +1325,10 @@ ocsp_location_t* add_ocsp_location(const ocsp_location_t *loc, ocsp_location_t *location = malloc_thing(ocsp_location_t); /* unshare location fields */ - location->issuer = chunk_clone(loc->issuer); + location->issuer = loc->issuer->clone(loc->issuer); location->authNameID = chunk_clone(loc->authNameID); location->authKeyID = chunk_clone(loc->authKeyID); - location->authKeySerialNumber = chunk_clone(loc->authKeySerialNumber); - location->uri = chunk_clone(loc->uri); + location->uri = strdup(loc->uri); location->certinfo = NULL; /* insert new ocsp location in front of chain */ @@ -1369,7 +1364,7 @@ void add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, certinfop = &location->certinfo; certinfo = *certinfop; - while (certinfo != NULL) + while (certinfo) { cmp = chunk_compare(info->serialNumber, certinfo->serialNumber); if (cmp <= 0) @@ -1385,10 +1380,11 @@ void add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, cnew->serialNumber = chunk_clone(info->serialNumber); cnew->next = certinfo; + cnew->trials = 0; *certinfop = cnew; certinfo = cnew; } - + DBG(DBG_CONTROL, datatot(info->serialNumber.ptr, info->serialNumber.len, ':' , buf, BUF_LEN); @@ -1403,7 +1399,7 @@ void add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, if (request) { certinfo->status = CERT_UNDEFINED; - + if (cmp != 0) { certinfo->thisUpdate = now; @@ -1415,7 +1411,7 @@ void add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, certinfo->status = info->status; certinfo->revocationTime = info->revocationTime; certinfo->revocationReason = info->revocationReason; - + certinfo->thisUpdate = (info->thisUpdate != UNDEFINED_TIME)? info->thisUpdate : now; @@ -1446,12 +1442,12 @@ static void process_single_response(ocsp_location_t *location, plog("ocsp single response has wrong issuer"); return; } - + /* traverse list of certinfos in increasing order */ certinfop = &location->certinfo; certinfo = *certinfop; - while (certinfo != NULL) + while (certinfo) { cmp = chunk_compare(sres->serialNumber, certinfo->serialNumber); if (cmp <= 0) @@ -1468,14 +1464,14 @@ static void process_single_response(ocsp_location_t *location, /* unlink cert from ocsp fetch request list */ *certinfop = certinfo->next; - + /* update certinfo using the single response information */ certinfo->thisUpdate = sres->thisUpdate; certinfo->nextUpdate = sres->nextUpdate; certinfo->status = sres->status; certinfo->revocationTime = sres->revocationTime; certinfo->revocationReason = sres->revocationReason; - + /* add or update certinfo in ocsp cache */ lock_ocsp_cache("process_single_response"); add_certinfo(location, certinfo, &ocsp_cache, FALSE); @@ -1485,6 +1481,14 @@ static void process_single_response(ocsp_location_t *location, free_certinfo(certinfo); } +/** + * Destroy a response_t object + */ +static void free_response(response_t *res) +{ + DESTROY_IF(res->responder_id_name); +} + /** * Parse and verify ocsp response and update the ocsp cache */ @@ -1498,24 +1502,24 @@ void parse_ocsp(ocsp_location_t *location, chunk_t blob) if (status != STATUS_SUCCESSFUL) { plog("error in ocsp response"); - return; + goto free; } /* check if there was a nonce in the request */ - if (location->nonce.ptr != NULL && res.nonce.ptr == NULL) + if (location->nonce.ptr && res.nonce.ptr == NULL) { plog("ocsp response contains no nonce, replay attack possible"); } /* check if the nonce is identical */ - if (res.nonce.ptr != NULL && !chunk_equals(res.nonce, location->nonce)) + if (res.nonce.ptr && !chunk_equals(res.nonce, location->nonce)) { plog("invalid nonce in ocsp response"); - return; + goto free; } /* check if the response is signed by a trusted key */ if (!valid_ocsp_response(&res)) { plog("invalid ocsp response"); - return; + goto free; } DBG(DBG_CONTROL, DBG_log("valid ocsp response") @@ -1536,7 +1540,7 @@ void parse_ocsp(ocsp_location_t *location, chunk_t blob) single_response_t sres = empty_single_response; if (!parse_ocsp_single_response(object, - parser->get_level(parser)+1, &sres)) + parser->get_level(parser)+1, &sres)) { goto end; } @@ -1546,4 +1550,7 @@ void parse_ocsp(ocsp_location_t *location, chunk_t blob) end: parser->destroy(parser); } + +free: + free_response(&res); } diff --git a/src/pluto/ocsp.h b/src/pluto/ocsp.h index d8ee7bd8c..977cca3c8 100644 --- a/src/pluto/ocsp.h +++ b/src/pluto/ocsp.h @@ -15,6 +15,8 @@ #include "constants.h" +#include + /* constants */ #define OCSP_BASIC_RESPONSE_VERSION 1 @@ -52,12 +54,11 @@ typedef struct ocsp_location ocsp_location_t; struct ocsp_location { ocsp_location_t *next; - chunk_t issuer; - chunk_t authNameID; - chunk_t authKeyID; - chunk_t authKeySerialNumber; - chunk_t uri; - chunk_t nonce; + identification_t *issuer; + chunk_t authNameID; + chunk_t authKeyID; + chunk_t nonce; + char *uri; ocsp_certinfo_t *certinfo; }; @@ -68,11 +69,11 @@ extern ocsp_location_t* add_ocsp_location(const ocsp_location_t *loc extern void add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info , ocsp_location_t **chain, bool request); extern void check_ocsp(void); -extern cert_status_t verify_by_ocsp(const x509cert_t *cert, time_t *until +extern cert_status_t verify_by_ocsp(const cert_t *cert, time_t *until , time_t *revocationTime, crl_reason_t *revocationReason); extern bool ocsp_set_request_cert(char* path); extern void ocsp_set_default_uri(char* uri); -extern void ocsp_cache_add_cert(const x509cert_t* cert); +extern void ocsp_cache_add_cert(const cert_t* cert); extern chunk_t build_ocsp_request(ocsp_location_t* location); extern void parse_ocsp(ocsp_location_t* location, chunk_t blob); extern void list_ocsp_locations(ocsp_location_t *location, bool requests diff --git a/src/pluto/packet.c b/src/pluto/packet.c index 01967efed..35fc4afcc 100644 --- a/src/pluto/packet.c +++ b/src/pluto/packet.c @@ -227,7 +227,7 @@ static field_desc isat_fields_ah[] = { { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL }, { ft_len, 16/BITS_PER_BYTE, "length", NULL }, { ft_nat, 8/BITS_PER_BYTE, "transform number", NULL }, - { ft_enum, 8/BITS_PER_BYTE, "transform ID", &ah_transformid_names }, + { ft_enum, 8/BITS_PER_BYTE, "transform ID", &ah_transform_names }, { ft_mbz, 16/BITS_PER_BYTE, NULL, NULL }, { ft_end, 0, NULL, NULL } }; @@ -242,7 +242,7 @@ static field_desc isat_fields_esp[] = { { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL }, { ft_len, 16/BITS_PER_BYTE, "length", NULL }, { ft_nat, 8/BITS_PER_BYTE, "transform number", NULL }, - { ft_enum, 8/BITS_PER_BYTE, "transform ID", &esp_transformid_names }, + { ft_enum, 8/BITS_PER_BYTE, "transform ID", &esp_transform_names }, { ft_mbz, 16/BITS_PER_BYTE, NULL, NULL }, { ft_end, 0, NULL, NULL } }; @@ -535,7 +535,7 @@ struct_desc isakmp_vendor_id_desc = { "ISAKMP Vendor ID Payload", isag_fields, s +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload ! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! Type ! RESERVED ! Identifier ! + ! Type ! RESERVED ! Identifier ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ Attributes ~ diff --git a/src/pluto/pem.c b/src/pluto/pem.c deleted file mode 100644 index 1a4a99af7..000000000 --- a/src/pluto/pem.c +++ /dev/null @@ -1,127 +0,0 @@ -/* Loading of PEM encoded files with optional encryption - * Copyright (C) 2001-2009 Andreas Steffen - * - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/* decrypt a PEM encoded data block using DES-EDE3-CBC - * see RFC 1423 PEM: Algorithms, Modes and Identifiers - */ - -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include "constants.h" -#include "defs.h" -#include "log.h" -#include "whack.h" -#include "pem.h" - -/** - * Converts a PEM encoded file into its binary form - * RFC 1421 Privacy Enhancement for Electronic Mail, February 1993 - * RFC 934 Message Encapsulation, January 1985 - */ -err_t pemtobin(chunk_t *blob, prompt_pass_t *pass, const char* label, bool *pgp) -{ - chunk_t password = chunk_empty; - - /* do we prompt for the passphrase? */ - if (pass && pass->prompt && pass->fd != NULL_FD) - { - int i; - chunk_t blob_copy; - err_t ugh = "invalid passphrase, too many trials"; - status_t status; - - whack_log(RC_ENTERSECRET, "need passphrase for '%s'", label); - - for (i = 0; i < MAX_PROMPT_PASS_TRIALS; i++) - { - int n; - - if (i > 0) - { - whack_log(RC_ENTERSECRET, "invalid passphrase, please try again"); - } - n = read(pass->fd, pass->secret, PROMPT_PASS_LEN); - - if (n == -1) - { - err_t ugh = "read(whackfd) failed"; - - whack_log(RC_LOG_SERIOUS,ugh); - return ugh; - } - - pass->secret[n-1] = '\0'; - - if (strlen(pass->secret) == 0) - { - err_t ugh = "no passphrase entered, aborted"; - - whack_log(RC_LOG_SERIOUS, ugh); - return ugh; - } - - blob_copy = chunk_clone(*blob); - password = chunk_create(pass->secret, strlen(pass->secret)); - - status = pem_to_bin(blob, password, pgp); - if (status != INVALID_ARG) - { - if (status == SUCCESS) - { - whack_log(RC_SUCCESS, "valid passphrase"); - } - else - { - whack_log(RC_LOG_SERIOUS, "%N, aborted", status_names, status); - } - free(blob_copy.ptr); - return NULL; - } - - /* blob is useless after wrong decryption, restore the original */ - free(blob->ptr); - *blob = blob_copy; - } - whack_log(RC_LOG_SERIOUS, ugh); - return ugh; - } - else - { - if (pass) - { - password = chunk_create(pass->secret, strlen(pass->secret)); - } - if (pem_to_bin(blob, password, pgp) == SUCCESS) - { - return NULL; - } - else - { - return "pem to bin conversion failed"; - } - } -} diff --git a/src/pluto/pem.h b/src/pluto/pem.h deleted file mode 100644 index 5e97b99ed..000000000 --- a/src/pluto/pem.h +++ /dev/null @@ -1,18 +0,0 @@ -/* Loading of PEM encoded files with optional encryption - * Copyright (C) 2001-2009 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -extern err_t pemtobin(chunk_t *blob, prompt_pass_t *pass, const char* label, - bool *pgp); diff --git a/src/pluto/pgpcert.c b/src/pluto/pgpcert.c deleted file mode 100644 index 1d5b14b26..000000000 --- a/src/pluto/pgpcert.c +++ /dev/null @@ -1,514 +0,0 @@ -/* Support of OpenPGP certificates - * Copyright (C) 2002-2009 Andreas Steffen - * - * HSR - Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include -#include -#include - -#include - -#include -#include -#include - -#include "constants.h" -#include "defs.h" -#include "log.h" -#include "id.h" -#include "pgpcert.h" -#include "certs.h" -#include "whack.h" -#include "keys.h" - -/** - * Chained list of OpenPGP end certificates - */ -static pgpcert_t *pgpcerts = NULL; - -/** - * Size of PGP Key ID - */ -#define PGP_KEYID_SIZE 8 - -const pgpcert_t pgpcert_empty = { - NULL , /* next */ - 0 , /* version */ - 0 , /* installed */ - 0 , /* count */ - { NULL, 0 }, /* certificate */ - 0 , /* created */ - 0 , /* until */ - NULL , /* public key */ - NULL /* fingerprint */ -}; - - -/** - * Extracts the length of a PGP packet - */ -static size_t pgp_old_packet_length(chunk_t *blob) -{ - /* bits 0 and 1 define the packet length type */ - int len_type = 0x03 & *blob->ptr++; - - blob->len--; - - /* len_type: 0 -> 1 byte, 1 -> 2 bytes, 2 -> 4 bytes */ - return pgp_length(blob, (len_type == 0)? 1: len_type << 1); -} - -/** - * Extracts PGP packet version (V3 or V4) - */ -static u_char pgp_version(chunk_t *blob) -{ - u_char version = *blob->ptr++; - blob->len--; - DBG(DBG_PARSING, - DBG_log("L3 - version:"); - DBG_log(" V%d", version) - ) - return version; -} - -/** - * Parse OpenPGP signature packet defined in section 5.2.2 of RFC 4880 - */ -static bool parse_pgp_signature_packet(chunk_t *packet, pgpcert_t *cert) -{ - time_t created; - chunk_t keyid; - u_char sig_type; - u_char version = pgp_version(packet); - - /* we parse only V3 signature packets */ - if (version != 3) - { - return TRUE; - } - - /* size byte must have the value 5 */ - if (pgp_length(packet, 1) != 5) - { - plog(" size must be 5"); - return FALSE; - } - - /* signature type - 1 byte */ - sig_type = (u_char)pgp_length(packet, 1); - DBG(DBG_PARSING, - DBG_log("L3 - signature type: 0x%2x", sig_type) - ) - - /* creation date - 4 bytes */ - created = (time_t)pgp_length(packet, 4); - DBG(DBG_PARSING, - DBG_log("L3 - created:"); - DBG_log(" %T", &cert->created, TRUE) - ) - - /* key ID of signer - 8 bytes */ - keyid.ptr = packet->ptr; - keyid.len = PGP_KEYID_SIZE; - DBG_cond_dump_chunk(DBG_PARSING, "L3 - key ID of signer", keyid); - - return TRUE; -} - -/** - * Parses the version and validity of an OpenPGP public key packet - */ -static bool parse_pgp_pubkey_version_validity(chunk_t *packet, pgpcert_t *cert) -{ - cert->version = pgp_version(packet); - - if (cert->version < 3 || cert->version > 4) - { - plog("OpenPGP packet version V%d not supported", cert->version); - return FALSE; - } - - /* creation date - 4 bytes */ - cert->created = (time_t)pgp_length(packet, 4); - DBG(DBG_PARSING, - DBG_log("L3 - created:"); - DBG_log(" %T", &cert->created, TRUE) - ) - - if (cert->version == 3) - { - /* validity in days - 2 bytes */ - cert->until = (time_t)pgp_length(packet, 2); - - /* validity of 0 days means that the key never expires */ - if (cert->until > 0) - { - cert->until = cert->created + 24*3600*cert->until; - } - DBG(DBG_PARSING, - DBG_log("L3 - until:"); - DBG_log(" %T", &cert->until, TRUE); - ) - } - return TRUE; -} - -/** - * Parse OpenPGP public key packet defined in section 5.5.2 of RFC 4880 - */ -static bool parse_pgp_pubkey_packet(chunk_t *packet, pgpcert_t *cert) -{ - chunk_t pubkey_packet = *packet; - pgp_pubkey_alg_t pubkey_alg; - - if (!parse_pgp_pubkey_version_validity(packet, cert)) - { - return FALSE; - } - - /* public key algorithm - 1 byte */ - pubkey_alg = pgp_length(packet, 1); - DBG(DBG_PARSING, - DBG_log("L3 - public key algorithm:"); - DBG_log(" %N", pgp_pubkey_alg_names, pubkey_alg) - ) - - switch (pubkey_alg) - { - case PGP_PUBKEY_ALG_RSA: - case PGP_PUBKEY_ALG_RSA_SIGN_ONLY: - cert->public_key = lib->creds->create(lib->creds, - CRED_PUBLIC_KEY, KEY_RSA, - BUILD_BLOB_PGP, *packet, - BUILD_END); - if (cert->public_key == NULL) - { - return FALSE; - } - break; - default: - plog(" non RSA public keys not supported"); - return FALSE; - } - - /* compute V4 or V3 fingerprint according to section 12.2 of RFC 4880 */ - if (cert->version == 4) - { - char pubkey_packet_header_buf[] = { - 0x99, pubkey_packet.len / 256, pubkey_packet.len % 256 - }; - chunk_t pubkey_packet_header = chunk_from_buf(pubkey_packet_header_buf); - chunk_t hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) - { - plog("no SHA-1 hasher available"); - return FALSE; - } - hasher->allocate_hash(hasher, pubkey_packet_header, NULL); - hasher->allocate_hash(hasher, pubkey_packet, &hash); - hasher->destroy(hasher); - cert->fingerprint = identification_create_from_encoding(ID_KEY_ID, hash); - free(hash.ptr); - } - else - { - /* V3 fingerprint is computed by public_key_t class */ - cert->fingerprint = cert->public_key->get_id(cert->public_key, ID_KEY_ID); - if (cert->fingerprint == NULL) - { - return FALSE; - } - } - return TRUE; -} - -/* - * Parse OpenPGP secret key packet defined in section 5.5.3 of RFC 4880 - */ -static bool parse_pgp_secretkey_packet(chunk_t *packet, private_key_t **key) -{ - pgp_pubkey_alg_t pubkey_alg; - pgpcert_t cert = pgpcert_empty; - - if (!parse_pgp_pubkey_version_validity(packet, &cert)) - { - return FALSE; - } - - /* public key algorithm - 1 byte */ - pubkey_alg = pgp_length(packet, 1); - DBG(DBG_PARSING, - DBG_log("L3 - public key algorithm:"); - DBG_log(" %N", pgp_pubkey_alg_names, pubkey_alg) - ) - - switch (pubkey_alg) - { - case PGP_PUBKEY_ALG_RSA: - case PGP_PUBKEY_ALG_RSA_SIGN_ONLY: - *key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - BUILD_BLOB_PGP, *packet, - BUILD_END); - break; - default: - plog(" non RSA private keys not supported"); - return FALSE; - } - return (*key != NULL); -} - -bool parse_pgp(chunk_t blob, pgpcert_t *cert, private_key_t **key) -{ - DBG(DBG_PARSING, - DBG_log("L0 - PGP file:") - ) - DBG_cond_dump_chunk(DBG_RAW, "", blob); - - if (cert != NULL) - { - /* parse a PGP certificate file */ - cert->certificate = blob; - time(&cert->installed); - } - else if (key == NULL) - { - /* should not occur, nothing to parse */ - return FALSE; - } - - while (blob.len > 0) - { - chunk_t packet = chunk_empty; - u_char packet_tag = *blob.ptr; - - DBG(DBG_PARSING, - DBG_log("L1 - PGP packet: tag= 0x%2x", packet_tag) - ) - - /* bit 7 must be set */ - if (!(packet_tag & 0x80)) - { - plog(" incorrect Packet Tag"); - return FALSE; - } - - /* bit 6 set defines new packet format */ - if (packet_tag & 0x40) - { - plog(" new PGP packet format not supported"); - return FALSE; - } - else - { - int packet_type = (packet_tag & 0x3C) >> 2; - - packet.len = pgp_old_packet_length(&blob); - packet.ptr = blob.ptr; - blob.ptr += packet.len; - blob.len -= packet.len; - DBG(DBG_PARSING, - DBG_log(" %N (%d), old format, %u bytes", - pgp_packet_tag_names, packet_type, - packet_type, packet.len); - DBG_log("L2 - body:") - ) - DBG_cond_dump_chunk(DBG_RAW, "", packet); - - if (cert != NULL) - { - /* parse a PGP certificate */ - switch (packet_type) - { - case PGP_PKT_PUBLIC_KEY: - if (!parse_pgp_pubkey_packet(&packet, cert)) - { - return FALSE; - } - break; - case PGP_PKT_SIGNATURE: - if (!parse_pgp_signature_packet(&packet, cert)) - { - return FALSE; - } - break; - case PGP_PKT_USER_ID: - DBG(DBG_PARSING, - DBG_log("L3 - user ID:"); - DBG_log(" '%.*s'", (int)packet.len, packet.ptr) - ) - break; - default: - break; - } - } - else - { - /* parse a PGP private key file */ - switch (packet_type) - { - case PGP_PKT_SECRET_KEY: - if (!parse_pgp_secretkey_packet(&packet, key)) - { - return FALSE; - } - break; - case PGP_PKT_USER_ID: - DBG(DBG_PARSING, - DBG_log("L3 - user ID:"); - DBG_log(" '%.*s'", (int)packet.len, packet.ptr) - ) - break; - default: - break; - } - - } - } - } - return TRUE; -} - -/** - * Compare two OpenPGP certificates - */ -static bool same_pgpcert(pgpcert_t *a, pgpcert_t *b) -{ - return a->certificate.len == b->certificate.len && - memeq(a->certificate.ptr, b->certificate.ptr, b->certificate.len); -} - -/** - * For each link pointing to the certificate increase the count by one - */ -void share_pgpcert(pgpcert_t *cert) -{ - if (cert != NULL) - { - cert->count++; - } -} - -/** - * Select the OpenPGP keyid as ID - */ -void select_pgpcert_id(pgpcert_t *cert, struct id *end_id) -{ - end_id->kind = ID_KEY_ID; - end_id->name = cert->fingerprint->get_encoding(cert->fingerprint); -} - -/** - * Add an OpenPGP user/host certificate to the chained list - */ -pgpcert_t* add_pgpcert(pgpcert_t *cert) -{ - pgpcert_t *c = pgpcerts; - - while (c != NULL) - { - if (same_pgpcert(c, cert)) /* already in chain, free cert */ - { - free_pgpcert(cert); - return c; - } - c = c->next; - } - - /* insert new cert at the root of the chain */ - cert->next = pgpcerts; - pgpcerts = cert; - DBG(DBG_CONTROL | DBG_PARSING, - DBG_log(" pgp cert inserted") - ) - return cert; -} - -/** - * Release of a certificate decreases the count by one. - * The certificate is freed when the counter reaches zero - */ -void release_pgpcert(pgpcert_t *cert) -{ - if (cert != NULL && --cert->count == 0) - { - pgpcert_t **pp = &pgpcerts; - while (*pp != cert) - { - pp = &(*pp)->next; - } - *pp = cert->next; - free_pgpcert(cert); - } -} - -/** - * Free a PGP certificate - */ -void free_pgpcert(pgpcert_t *cert) -{ - if (cert != NULL) - { - DESTROY_IF(cert->public_key); - DESTROY_IF(cert->fingerprint); - free(cert->certificate.ptr); - free(cert); - } -} - -/** - * List all PGP end certificates in a chained list - */ -void list_pgp_end_certs(bool utc) -{ - pgpcert_t *cert = pgpcerts; - time_t now; - - /* determine the current time */ - time(&now); - - if (cert != NULL) - { - whack_log(RC_COMMENT, " "); - whack_log(RC_COMMENT, "List of PGP End certificates:"); - whack_log(RC_COMMENT, " "); - } - - while (cert != NULL) - { - public_key_t *key = cert->public_key; - cert_t c; - - c.type = CERT_PGP; - c.u.pgp = cert; - - whack_log(RC_COMMENT, "%T, count: %d", &cert->installed, utc, cert->count); - whack_log(RC_COMMENT, " digest: %Y", cert->fingerprint); - whack_log(RC_COMMENT, " created: %T", &cert->created, utc); - whack_log(RC_COMMENT, " until: %T %s", &cert->until, utc, - check_expiry(cert->until, CA_CERT_WARNING_INTERVAL, TRUE)); - whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", - key_type_names, key->get_type(key), - key->get_keysize(key) * BITS_PER_BYTE, - has_private_key(c)? ", has private key" : ""); - whack_log(RC_COMMENT, " keyid: %Y", - key->get_id(key, ID_PUBKEY_INFO_SHA1)); - cert = cert->next; - } -} - diff --git a/src/pluto/pgpcert.h b/src/pluto/pgpcert.h deleted file mode 100644 index 727648391..000000000 --- a/src/pluto/pgpcert.h +++ /dev/null @@ -1,56 +0,0 @@ -/* Support of OpenPGP certificates - * Copyright (C) 2002-2009 Andreas Steffen - * - * HSR - Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef _PGPCERT_H -#define _PGPCERT_H - -#include -#include -#include - -/* - * Length of PGP V3 fingerprint - */ -#define PGP_FINGERPRINT_SIZE HASH_SIZE_MD5 - -typedef char fingerprint_t[PGP_FINGERPRINT_SIZE]; - -/* access structure for an OpenPGP certificate */ - -typedef struct pgpcert pgpcert_t; - -struct pgpcert { - pgpcert_t *next; - int version; - time_t installed; - int count; - chunk_t certificate; - time_t created; - time_t until; - public_key_t *public_key; - identification_t *fingerprint; -}; - -extern const pgpcert_t pgpcert_empty; -extern bool parse_pgp(chunk_t blob, pgpcert_t *cert, private_key_t **key); -extern void share_pgpcert(pgpcert_t *cert); -extern void select_pgpcert_id(pgpcert_t *cert, struct id *end_id); -extern pgpcert_t* add_pgpcert(pgpcert_t *cert); -extern void list_pgp_end_certs(bool utc); -extern void release_pgpcert(pgpcert_t *cert); -extern void free_pgpcert(pgpcert_t *cert); - -#endif /* _PGPCERT_H */ diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c index 7248b042f..733dd2623 100644 --- a/src/pluto/pkcs7.c +++ b/src/pluto/pkcs7.c @@ -17,8 +17,7 @@ #include #include - -#include +#include #include #include @@ -27,11 +26,8 @@ #include #include #include +#include -#include "constants.h" -#include "defs.h" -#include "x509.h" -#include "certs.h" #include "pkcs7.h" const contentInfo_t empty_contentInfo = { @@ -84,10 +80,12 @@ static const asn1Object_t signedDataObjects[] = { { 1, "end loop", ASN1_EOC, ASN1_END }, /* 25 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; +#define PKCS7_SIGNED_VERSION 1 #define PKCS7_DIGEST_ALG 3 #define PKCS7_SIGNED_CONTENT_INFO 5 #define PKCS7_SIGNED_CERT 7 #define PKCS7_SIGNER_INFO 13 +#define PKCS7_SIGNER_INFO_VERSION 14 #define PKCS7_SIGNED_ISSUER 16 #define PKCS7_SIGNED_SERIAL_NUMBER 17 #define PKCS7_DIGEST_ALGORITHM 18 @@ -127,81 +125,6 @@ static const asn1Object_t envelopedDataObjects[] = { #define PKCS7_ENCRYPTED_CONTENT 14 #define PKCS7_ENVELOPED_ROOF 15 -/** - * PKCS7 contentInfo OIDs - */ - -static u_char ASN1_pkcs7_data_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 -}; - -static u_char ASN1_pkcs7_signed_data_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 -}; - -static u_char ASN1_pkcs7_enveloped_data_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03 -}; - -static u_char ASN1_pkcs7_signed_enveloped_data_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04 -}; - -static u_char ASN1_pkcs7_digested_data_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05 -}; - -static char ASN1_pkcs7_encrypted_data_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06 -}; - -static const chunk_t ASN1_pkcs7_data_oid = - chunk_from_buf(ASN1_pkcs7_data_oid_str); -static const chunk_t ASN1_pkcs7_signed_data_oid = - chunk_from_buf(ASN1_pkcs7_signed_data_oid_str); -static const chunk_t ASN1_pkcs7_enveloped_data_oid = - chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str); -static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid = - chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str); -static const chunk_t ASN1_pkcs7_digested_data_oid = - chunk_from_buf(ASN1_pkcs7_digested_data_oid_str); -static const chunk_t ASN1_pkcs7_encrypted_data_oid = - chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str); - -/** - * 3DES and DES encryption OIDs - */ - -static u_char ASN1_3des_ede_cbc_oid_str[] = { - 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07 -}; - -static u_char ASN1_des_cbc_oid_str[] = { - 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x07 -}; - -static const chunk_t ASN1_3des_ede_cbc_oid = - chunk_from_buf(ASN1_3des_ede_cbc_oid_str); -static const chunk_t ASN1_des_cbc_oid = - chunk_from_buf(ASN1_des_cbc_oid_str); - -/** - * PKCS#7 attribute type OIDs - */ - -static u_char ASN1_contentType_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03 -}; - -static u_char ASN1_messageDigest_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04 -}; - -static const chunk_t ASN1_contentType_oid = - chunk_from_buf(ASN1_contentType_oid_str); -static const chunk_t ASN1_messageDigest_oid = - chunk_from_buf(ASN1_messageDigest_oid_str); - /** * Parse PKCS#7 ContentInfo object */ @@ -242,15 +165,16 @@ end: /** * Parse a PKCS#7 signedData object */ -bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert, - chunk_t *attributes, const x509cert_t *cacert) +bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, + linked_list_t *certs, + chunk_t *attributes, certificate_t *cacert) { - u_char buf[BUF_LEN]; asn1_parser_t *parser; chunk_t object; int digest_alg = OID_UNKNOWN; int enc_alg = OID_UNKNOWN; int signerInfos = 0; + int version; int objectID; bool success = FALSE; @@ -267,7 +191,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert return FALSE; } - parser = asn1_parser_create(signedDataObjects, blob); + parser = asn1_parser_create(signedDataObjects, cInfo.content); parser->set_top_level(parser, 2); while (parser->iterate(parser, &objectID, &object)) @@ -276,6 +200,10 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert switch (objectID) { + case PKCS7_SIGNED_VERSION: + version = object.len ? (int)*object.ptr : 0; + DBG2(" v%d", version); + break; case PKCS7_DIGEST_ALG: digest_alg = asn1_parse_algorithmIdentifier(object, level, NULL); break; @@ -286,33 +214,36 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert } break; case PKCS7_SIGNED_CERT: - if (cert != NULL) { - chunk_t cert_blob = chunk_clone(object); - x509cert_t *newcert = malloc_thing(x509cert_t); - - *newcert = empty_x509cert; + certificate_t *cert; DBG2(" parsing pkcs7-wrapped certificate"); - if (parse_x509cert(cert_blob, level+1, newcert)) - { - newcert->next = *cert; - *cert = newcert; - } - else + cert = lib->creds->create(lib->creds, + CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, object, + BUILD_END); + if (cert) { - free_x509cert(newcert); + certs->insert_last(certs, cert); } } break; case PKCS7_SIGNER_INFO: signerInfos++; DBG2(" signer #%d", signerInfos); - break; - case PKCS7_SIGNED_ISSUER: - dntoa(buf, BUF_LEN, object); - DBG2(" '%s'",buf); break; + case PKCS7_SIGNER_INFO_VERSION: + version = object.len ? (int)*object.ptr : 0; + DBG2(" v%d", version); + break; + case PKCS7_SIGNED_ISSUER: + { + identification_t *issuer = identification_create_from_encoding( + ID_DER_ASN1_DN, object); + DBG2(" \"%Y\"", issuer); + issuer->destroy(issuer); + break; + } case PKCS7_AUTH_ATTRIBUTES: if (attributes != NULL) { @@ -340,9 +271,15 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert /* check the signature only if a cacert is available */ if (cacert != NULL) { - public_key_t *key = cacert->public_key; - signature_scheme_t scheme = SIGN_RSA_EMSA_PKCS1_SHA1; + public_key_t *key; + signature_scheme_t scheme; + scheme = signature_scheme_from_oid(digest_alg); + if (scheme == SIGN_UNKNOWN) + { + DBG1("unsupported signature scheme"); + return FALSE; + } if (signerInfos == 0) { DBG1("no signerInfo object found"); @@ -364,11 +301,11 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert return FALSE; } - /* determine signature scheme */ - scheme = signature_scheme_from_oid(digest_alg); - - if (scheme == SIGN_UNKNOWN) + /* verify the signature */ + key = cacert->get_public_key(cacert); + if (key == NULL) { + DBG1("no public key found in CA certificate"); return FALSE; } if (key->verify(key, scheme, *attributes, encrypted_digest)) @@ -378,10 +315,11 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert else { DBG1("invalid signature"); - return FALSE; + success = FALSE; } + key->destroy(key); } - return TRUE; + return success; } /** @@ -399,9 +337,9 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, crypter_t *crypter = NULL; - u_char buf[BUF_LEN]; int enc_alg = OID_UNKNOWN; int content_enc_alg = OID_UNKNOWN; + int version; int objectID; bool success = FALSE; @@ -428,37 +366,45 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, switch (objectID) { case PKCS7_ENVELOPED_VERSION: - if (*object.ptr != 0) - { - DBG1("envelopedData version is not 0"); - goto end; - } - break; + version = object.len ? (int)*object.ptr : 0; + DBG2(" v%d", version); + if (version != 0) + { + DBG1("envelopedData version is not 0"); + goto end; + } + break; case PKCS7_RECIPIENT_INFO_VERSION: - if (*object.ptr != 0) + version = object.len ? (int)*object.ptr : 0; + DBG2(" v%d", version); + if (version != 0) { DBG1("recipient info version is not 0"); goto end; } break; case PKCS7_ISSUER: - dntoa(buf, BUF_LEN, object); - DBG2(" '%s'", buf); - break; + { + identification_t *issuer = identification_create_from_encoding( + ID_DER_ASN1_DN, object); + DBG2(" \"%Y\"", issuer); + issuer->destroy(issuer); + break; + } case PKCS7_SERIAL_NUMBER: if (!chunk_equals(serialNumber, object)) { DBG1("serial numbers do not match"); goto end; - } - break; + } + break; case PKCS7_ENCRYPTION_ALG: enc_alg = asn1_parse_algorithmIdentifier(object, level, NULL); if (enc_alg != OID_RSA_ENCRYPTION) { DBG1("only rsa encryption supported"); goto end; - } + } break; case PKCS7_ENCRYPTED_KEY: if (!key->decrypt(key, object, &symmetric_key)) @@ -477,7 +423,7 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, break; case PKCS7_CONTENT_ENC_ALGORITHM: content_enc_alg = asn1_parse_algorithmIdentifier(object, level, &iv); - + if (content_enc_alg == OID_UNKNOWN) { DBG1("unknown content encryption algorithm"); @@ -578,19 +524,20 @@ failed: */ chunk_t pkcs7_contentType_attribute(void) { - return asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_contentType_oid - , asn1_simple_object(ASN1_SET, ASN1_pkcs7_data_oid)); + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_PKCS9_CONTENT_TYPE), + asn1_wrap(ASN1_SET, "m", + asn1_build_known_oid(OID_PKCS7_DATA))); } /** * @brief Builds a messageDigest attribute - * - * + * + * * @param[in] blob content to create digest of * @param[in] digest_alg digest algorithm to be used * @return ASN.1 encoded messageDigest attribute - * + * */ chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg) { @@ -603,12 +550,10 @@ chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg) hasher->allocate_hash(hasher, content, &digest); hasher->destroy(hasher); - return asn1_wrap(ASN1_SEQUENCE, "cm", - ASN1_messageDigest_oid, - asn1_wrap(ASN1_SET, "m", - asn1_wrap(ASN1_OCTET_STRING, "m", digest) - ) - ); + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_PKCS9_MESSAGE_DIGEST), + asn1_wrap(ASN1_SET, "m", + asn1_wrap(ASN1_OCTET_STRING, "m", digest))); } /** @@ -616,83 +561,59 @@ chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg) */ static chunk_t pkcs7_build_contentInfo(contentInfo_t *cInfo) { - chunk_t content_type; - - /* select DER-encoded OID for pkcs7 contentInfo type */ - switch(cInfo->type) - { - case OID_PKCS7_DATA: - content_type = ASN1_pkcs7_data_oid; - break; - case OID_PKCS7_SIGNED_DATA: - content_type = ASN1_pkcs7_signed_data_oid; - break; - case OID_PKCS7_ENVELOPED_DATA: - content_type = ASN1_pkcs7_enveloped_data_oid; - break; - case OID_PKCS7_SIGNED_ENVELOPED_DATA: - content_type = ASN1_pkcs7_signed_enveloped_data_oid; - break; - case OID_PKCS7_DIGESTED_DATA: - content_type = ASN1_pkcs7_digested_data_oid; - break; - case OID_PKCS7_ENCRYPTED_DATA: - content_type = ASN1_pkcs7_encrypted_data_oid; - break; - case OID_UNKNOWN: - default: - DBG1("invalid pkcs7 contentInfo type"); - return chunk_empty; - } - - return (cInfo->content.ptr == NULL) - ? asn1_simple_object(ASN1_SEQUENCE, content_type) - : asn1_wrap(ASN1_SEQUENCE, "cm" - , content_type - , asn1_simple_object(ASN1_CONTEXT_C_0, cInfo->content) - ); + return (cInfo->content.ptr) ? + asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(cInfo->type), + asn1_simple_object(ASN1_CONTEXT_C_0, cInfo->content)) : + asn1_build_known_oid(cInfo->type); } /** * build issuerAndSerialNumber object */ -chunk_t pkcs7_build_issuerAndSerialNumber(const x509cert_t *cert) +chunk_t pkcs7_build_issuerAndSerialNumber(certificate_t *cert) { - return asn1_wrap(ASN1_SEQUENCE, "cm" - , cert->issuer - , asn1_integer("c", cert->serialNumber)); + identification_t *issuer = cert->get_issuer(cert); + x509_t *x509 = (x509_t*)cert; + + return asn1_wrap(ASN1_SEQUENCE, "cm", + issuer->get_encoding(issuer), + asn1_integer("c", x509->get_serial(x509))); } /** * create a signed pkcs7 contentInfo object */ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes, - const x509cert_t *cert, int digest_alg, + certificate_t *cert, int digest_alg, private_key_t *key) { contentInfo_t pkcs7Data, signedData; - chunk_t authenticatedAttributes, encryptedDigest, signerInfo, cInfo; - - chunk_t digestAlgorithm = asn1_algorithmIdentifier(digest_alg); + chunk_t authenticatedAttributes = chunk_empty; + chunk_t encryptedDigest = chunk_empty; + chunk_t signerInfo, cInfo, signature; + signature_scheme_t scheme = signature_scheme_from_oid(digest_alg); - if (attributes.ptr != NULL) + if (attributes.ptr) { - encryptedDigest = x509_build_signature(attributes, digest_alg, key, - FALSE); - authenticatedAttributes = chunk_clone(attributes); - *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0; + if (key->sign(key, scheme, attributes, &signature)) + { + encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", signature); + authenticatedAttributes = chunk_clone(attributes); + *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0; + } } - else + else if (data.ptr) { - encryptedDigest = (data.ptr == NULL)? chunk_empty - : x509_build_signature(data, digest_alg, key, FALSE); - authenticatedAttributes = chunk_empty; + if (key->sign(key, scheme, data, &signature)) + { + encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", signature); + } } - - signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm" + signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmmmmm" , ASN1_INTEGER_1 , pkcs7_build_issuerAndSerialNumber(cert) - , digestAlgorithm + , asn1_algorithmIdentifier(digest_alg) , authenticatedAttributes , asn1_algorithmIdentifier(OID_RSA_ENCRYPTION) , encryptedDigest); @@ -704,9 +625,9 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes, signedData.type = OID_PKCS7_SIGNED_DATA; signedData.content = asn1_wrap(ASN1_SEQUENCE, "cmmmm" , ASN1_INTEGER_1 - , asn1_simple_object(ASN1_SET, digestAlgorithm) + , asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(digest_alg)) , pkcs7_build_contentInfo(&pkcs7Data) - , asn1_simple_object(ASN1_CONTEXT_C_0, cert->certificate) + , asn1_wrap(ASN1_CONTEXT_C_0, "m", cert->get_encoding(cert)) , asn1_wrap(ASN1_SET, "m", signerInfo)); cInfo = pkcs7_build_contentInfo(&signedData); @@ -720,7 +641,7 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes, /** * create a symmetrically encrypted pkcs7 contentInfo object */ -chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int enc_alg) +chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg) { encryption_algorithm_t alg; size_t alg_key_size; @@ -739,7 +660,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int enc_ /* generate a true random symmetric encryption key and a pseudo-random iv */ { rng_t *rng; - + rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); rng->allocate_bytes(rng, crypter->get_key_size(crypter), &symmetricKey); DBG4("symmetric encryption key %B", &symmetricKey); @@ -760,7 +681,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int enc_ in.ptr = malloc(in.len); DBG2("padding %u bytes of data to multiple block size of %u bytes", - data.len, in.len); + data.len, in.len); /* copy data */ memcpy(in.ptr, data.ptr, data.len); @@ -773,26 +694,41 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int enc_ crypter->set_key(crypter, symmetricKey); crypter->encrypt(crypter, in, iv, &out); crypter->destroy(crypter); + chunk_clear(&in); DBG3("encrypted data %B", &out); - cert->public_key->encrypt(cert->public_key, symmetricKey, &protectedKey); + /* protect symmetric key by public key encryption */ + { + public_key_t *key = cert->get_public_key(cert); - /* build pkcs7 enveloped data object */ + if (key == NULL) + { + DBG1("public key not found in encryption certificate"); + chunk_clear(&symmetricKey); + chunk_free(&iv); + chunk_free(&out); + return chunk_empty; + } + key->encrypt(key, symmetricKey, &protectedKey); + key->destroy(key); + } + + /* build pkcs7 enveloped data object */ { - + chunk_t contentEncryptionAlgorithm = asn1_wrap(ASN1_SEQUENCE, "mm" , asn1_build_known_oid(enc_alg) , asn1_simple_object(ASN1_OCTET_STRING, iv)); - - chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "cmm" - , ASN1_pkcs7_data_oid + + chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "mmm" + , asn1_build_known_oid(OID_PKCS7_DATA) , contentEncryptionAlgorithm , asn1_wrap(ASN1_CONTEXT_S_0, "m", out)); chunk_t encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m" , protectedKey); - chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm" + chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmmm" , ASN1_INTEGER_0 , pkcs7_build_issuerAndSerialNumber(cert) , asn1_algorithmIdentifier(OID_RSA_ENCRYPTION) @@ -810,10 +746,9 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int enc_ cInfo = pkcs7_build_contentInfo(&envelopedData); DBG3("envelopedData %B", &cInfo); - free(envelopedData.content.ptr); - free(symmetricKey.ptr); - free(in.ptr); - free(iv.ptr); + chunk_free(&envelopedData.content); + chunk_free(&iv); + chunk_clear(&symmetricKey); return cInfo; } } diff --git a/src/pluto/pkcs7.h b/src/pluto/pkcs7.h index 028822dfe..1743ea9c4 100644 --- a/src/pluto/pkcs7.h +++ b/src/pluto/pkcs7.h @@ -18,10 +18,10 @@ #ifndef _PKCS7_H #define _PKCS7_H +#include #include #include -#include "defs.h" -#include "x509.h" +#include /* Access structure for a PKCS#7 ContentInfo object */ @@ -35,17 +35,19 @@ struct contentInfo { extern const contentInfo_t empty_contentInfo; extern bool pkcs7_parse_contentInfo(chunk_t blob, u_int level0, - contentInfo_t *cInfo); + contentInfo_t *cInfo); extern bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, - x509cert_t **cert, chunk_t *attributes, const x509cert_t *cacert); + linked_list_t *cert, chunk_t *attributes, + certificate_t *cacert); extern bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, - chunk_t serialNumber, private_key_t *key); + chunk_t serialNumber, private_key_t *key); extern chunk_t pkcs7_contentType_attribute(void); extern chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg); -extern chunk_t pkcs7_build_issuerAndSerialNumber(const x509cert_t *cert); +extern chunk_t pkcs7_build_issuerAndSerialNumber(certificate_t *cert); extern chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes, - const x509cert_t *cert, int digest_alg, private_key_t *key); -extern chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, - int enc_alg); + certificate_t *cert, int digest_alg, + private_key_t *key); +extern chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, + int enc_alg); #endif /* _PKCS7_H */ diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index 5d0e008f3..8b922df8c 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -48,7 +48,7 @@ #include "constants.h" #include "defs.h" -#include "id.h" +#include "myid.h" #include "ca.h" #include "certs.h" #include "ac.h" @@ -73,6 +73,7 @@ #include "virtual.h" #include "timer.h" #include "vendor.h" +#include "builder.h" static void usage(const char *mess) { @@ -128,7 +129,7 @@ static void usage(const char *mess) " [--debug-private]" " [--debug-natt]" #endif - " \\\n\t" + " \\\n\t" "[--nat_traversal] [--keep_alive ]" " \\\n\t" "[--force_keepalive] [--disable_port_floating]" @@ -233,8 +234,8 @@ static void print_plugins() char buf[BUF_LEN], *plugin; int len = 0; enumerator_t *enumerator; - - buf[0] = '\0'; + + buf[0] = '\0'; enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin)) { @@ -260,7 +261,7 @@ int main(int argc, char **argv) #endif /* CAPABILITIES */ /* initialize library and optionsfrom */ - if (!library_init(STRONGSWAN_CONF)) + if (!library_init(NULL)) { library_deinit(); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); @@ -651,10 +652,14 @@ int main(int argc, char **argv) } /* load plugins, further infrastructure may need it */ - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, - lib->settings->get_str(lib->settings, "pluto.load", PLUGINS)); + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "pluto.load", PLUGINS))) + { + exit(SS_RC_INITIALIZATION_FAILED); + } print_plugins(); + init_builder(); if (!init_secret() || !init_crypto()) { plog("initialization failed - aborting pluto"); @@ -668,12 +673,13 @@ int main(int argc, char **argv) init_demux(); init_kernel(); init_adns(); - init_id(); - init_fetch(); + init_myid(); + fetch_initialize(); + ac_initialize(); /* drop unneeded capabilities and change UID/GID */ prctl(PR_SET_KEEPCAPS, 1); - + #ifdef IPSEC_GROUP { struct group group, *grp; @@ -715,15 +721,15 @@ int main(int argc, char **argv) #endif /* CAPABILITIES */ /* loading X.509 CA certificates */ - load_authcerts("CA cert", CA_CERT_PATH, AUTH_CA); + load_authcerts("ca", CA_CERT_PATH, X509_CA); /* loading X.509 AA certificates */ - load_authcerts("AA cert", AA_CERT_PATH, AUTH_AA); + load_authcerts("aa", AA_CERT_PATH, X509_AA); /* loading X.509 OCSP certificates */ - load_authcerts("OCSP cert", OCSP_CERT_PATH, AUTH_OCSP); + load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER); /* loading X.509 CRLs */ load_crls(); /* loading attribute certificates (experimental) */ - load_acerts(); + ac_load_certs(); daily_log_event(); call_server(); @@ -744,22 +750,24 @@ void exit_pluto(int status) free_preshared_secrets(); free_remembered_public_keys(); delete_every_connection(); + fetch_finalize(); /* stop fetching thread */ free_crl_fetch(); /* free chain of crl fetch requests */ free_ocsp_fetch(); /* free chain of ocsp fetch requests */ free_authcerts(); /* free chain of X.509 authority certificates */ free_crls(); /* free chain of X.509 CRLs */ - free_acerts(); /* free chain of X.509 attribute certificates */ free_ca_infos(); /* free chain of X.509 CA information records */ free_ocsp(); /* free ocsp cache */ free_ifaces(); + ac_finalize(); /* free X.509 attribute certificates */ scx_finalize(); /* finalize and unload PKCS #11 module */ xauth_finalize(); /* finalize and unload XAUTH module */ stop_adns(); free_md_pool(); free_crypto(); - free_id(); /* free myids */ + free_myid(); /* free myids */ free_events(); /* free remaining events */ - free_vendorid(); /* free all vendor id records */ + free_vendorid(); /* free all vendor id records */ + free_builder(); delete_lock(); options->destroy(options); library_deinit(); diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c index 013deb446..826a1aa6e 100644 --- a/src/pluto/rcv_whack.c +++ b/src/pluto/rcv_whack.c @@ -33,7 +33,6 @@ #include "constants.h" #include "defs.h" -#include "id.h" #include "ca.h" #include "certs.h" #include "ac.h" @@ -55,16 +54,16 @@ #include "fetch.h" #include "ocsp.h" #include "crl.h" - +#include "myid.h" #include "kernel_alg.h" #include "ike_alg.h" + /* helper variables and function to decode strings from whack message */ static char *next_str , *str_roof; -static bool -unpack_str(char **p) +static bool unpack_str(char **p) { char *end = memchr(next_str, '\0', str_roof - next_str); @@ -103,19 +102,13 @@ struct key_add_continuation { enum key_add_attempt lookingfor; }; -static void -key_add_ugh(const struct id *keyid, err_t ugh) +static void key_add_ugh(identification_t *keyid, err_t ugh) { - char name[BUF_LEN]; /* longer IDs will be truncated in message */ - - (void)idtoa(keyid, name, sizeof(name)); - loglog(RC_NOKEY - , "failure to fetch key for %s from DNS: %s", name, ugh); + loglog(RC_NOKEY, "failure to fetch key for %'Y' from DNS: %s", keyid, ugh); } /* last one out: turn out the lights */ -static void -key_add_merge(struct key_add_common *oc, const struct id *keyid) +static void key_add_merge(struct key_add_common *oc, identification_t *keyid) { if (oc->refCount == 0) { @@ -123,9 +116,12 @@ key_add_merge(struct key_add_common *oc, const struct id *keyid) /* if no success, print all diagnostics */ if (!oc->success) + { for (kaa = ka_TXT; kaa != ka_roof; kaa++) + { key_add_ugh(keyid, oc->diag[kaa]); - + } + } for (kaa = ka_TXT; kaa != ka_roof; kaa++) { free(oc->diag[kaa]); @@ -135,8 +131,7 @@ key_add_merge(struct key_add_common *oc, const struct id *keyid) } } -static void -key_add_continue(struct adns_continuation *ac, err_t ugh) +static void key_add_continue(struct adns_continuation *ac, err_t ugh) { struct key_add_continuation *kc = (void *) ac; struct key_add_common *oc = kc->common; @@ -159,95 +154,87 @@ key_add_continue(struct adns_continuation *ac, err_t ugh) } oc->refCount--; - key_add_merge(oc, &ac->id); + key_add_merge(oc, ac->id); whack_log_fd = NULL_FD; } -static void -key_add_request(const whack_message_t *msg) +static void key_add_request(const whack_message_t *msg) { - struct id keyid; - err_t ugh = atoid(msg->keyid, &keyid, FALSE); + identification_t *key_id; - if (ugh != NULL) + key_id = identification_create_from_string(msg->keyid); + + if (!msg->whack_addkey) { - loglog(RC_BADID, "bad --keyid \"%s\": %s", msg->keyid, ugh); + delete_public_keys(key_id, msg->pubkey_alg, NULL, chunk_empty); } - else + if (msg->keyval.len == 0) { - if (!msg->whack_addkey) - delete_public_keys(&keyid, msg->pubkey_alg - , chunk_empty, chunk_empty); + struct key_add_common *oc = malloc_thing(struct key_add_common); + enum key_add_attempt kaa; + err_t ugh; - if (msg->keyval.len == 0) + /* initialize state shared by queries */ + oc->refCount = 0; + oc->whack_fd = dup_any(whack_log_fd); + oc->success = FALSE; + + for (kaa = ka_TXT; kaa != ka_roof; kaa++) { - struct key_add_common *oc = malloc_thing(struct key_add_common); - enum key_add_attempt kaa; + struct key_add_continuation *kc; - /* initialize state shared by queries */ - oc->refCount = 0; - oc->whack_fd = dup_any(whack_log_fd); - oc->success = FALSE; + oc->diag[kaa] = NULL; + oc->refCount++; + kc = malloc_thing(struct key_add_continuation); + kc->common = oc; + kc->lookingfor = kaa; - for (kaa = ka_TXT; kaa != ka_roof; kaa++) + switch (kaa) { - struct key_add_continuation *kc; - - oc->diag[kaa] = NULL; - oc->refCount++; - kc = malloc_thing(struct key_add_continuation); - kc->common = oc; - kc->lookingfor = kaa; - - switch (kaa) - { case ka_TXT: - ugh = start_adns_query(&keyid - , &keyid /* same */ - , T_TXT - , key_add_continue - , &kc->ac); + ugh = start_adns_query(key_id + , key_id /* same */ + , T_TXT + , key_add_continue + , &kc->ac); break; #ifdef USE_KEYRR case ka_KEY: - ugh = start_adns_query(&keyid - , NULL - , T_KEY - , key_add_continue - , &kc->ac); + ugh = start_adns_query(key_id + , NULL + , T_KEY + , key_add_continue + , &kc->ac); break; #endif /* USE_KEYRR */ default: bad_case(kaa); /* suppress gcc warning */ - } - if (ugh != NULL) - { - oc->diag[kaa] = clone_str(ugh); - oc->refCount--; - } } - - /* Done launching queries. - * Handle total failure case. - */ - key_add_merge(oc, &keyid); - } - else - { - if (!add_public_key(&keyid, DAL_LOCAL, msg->pubkey_alg, msg->keyval, - &pubkeys)) + if (ugh) { - loglog(RC_LOG_SERIOUS, "failed to add public key"); + oc->diag[kaa] = clone_str(ugh); + oc->refCount--; } } + + /* Done launching queries. Handle total failure case. */ + key_add_merge(oc, key_id); + } + else + { + if (!add_public_key(key_id, DAL_LOCAL, msg->pubkey_alg, msg->keyval, + &pubkeys)) + { + loglog(RC_LOG_SERIOUS, "failed to add public key"); + } } + key_id->destroy(key_id); } /* Handle a kernel request. Supposedly, there's a message in * the kernelsock socket. */ -void -whack_handle(int whackctlfd) +void whack_handle(int whackctlfd) { whack_message_t msg; struct sockaddr_un whackaddr; @@ -319,24 +306,26 @@ whack_handle(int whackctlfd) || !unpack_str(&msg.left.ca) /* string 4 */ || !unpack_str(&msg.left.groups) /* string 5 */ || !unpack_str(&msg.left.updown) /* string 6 */ - || !unpack_str(&msg.left.virt) /* string 7 */ - || !unpack_str(&msg.right.id) /* string 8 */ - || !unpack_str(&msg.right.cert) /* string 9 */ - || !unpack_str(&msg.right.ca) /* string 10 */ - || !unpack_str(&msg.right.groups) /* string 11 */ - || !unpack_str(&msg.right.updown) /* string 12 */ - || !unpack_str(&msg.right.virt) /* string 13 */ - || !unpack_str(&msg.keyid) /* string 14 */ - || !unpack_str(&msg.myid) /* string 15 */ - || !unpack_str(&msg.cacert) /* string 16 */ - || !unpack_str(&msg.ldaphost) /* string 17 */ - || !unpack_str(&msg.ldapbase) /* string 18 */ - || !unpack_str(&msg.crluri) /* string 19 */ - || !unpack_str(&msg.crluri2) /* string 20 */ - || !unpack_str(&msg.ocspuri) /* string 21 */ - || !unpack_str(&msg.ike) /* string 22 */ - || !unpack_str(&msg.esp) /* string 23 */ - || !unpack_str(&msg.sc_data) /* string 24 */ + || !unpack_str(&msg.left.sourceip) /* string 7 */ + || !unpack_str(&msg.left.virt) /* string 8 */ + || !unpack_str(&msg.right.id) /* string 9 */ + || !unpack_str(&msg.right.cert) /* string 10 */ + || !unpack_str(&msg.right.ca) /* string 11 */ + || !unpack_str(&msg.right.groups) /* string 12 */ + || !unpack_str(&msg.right.updown) /* string 13 */ + || !unpack_str(&msg.right.sourceip) /* string 14 */ + || !unpack_str(&msg.right.virt) /* string 15 */ + || !unpack_str(&msg.keyid) /* string 16 */ + || !unpack_str(&msg.myid) /* string 17 */ + || !unpack_str(&msg.cacert) /* string 18 */ + || !unpack_str(&msg.ldaphost) /* string 19 */ + || !unpack_str(&msg.ldapbase) /* string 20 */ + || !unpack_str(&msg.crluri) /* string 21 */ + || !unpack_str(&msg.crluri2) /* string 22 */ + || !unpack_str(&msg.ocspuri) /* string 23 */ + || !unpack_str(&msg.ike) /* string 24 */ + || !unpack_str(&msg.esp) /* string 25 */ + || !unpack_str(&msg.sc_data) /* string 26 */ || str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */ { ugh = "message from whack contains bad string"; @@ -372,7 +361,7 @@ whack_handle(int whackctlfd) } else if (!msg.whack_connection) { - struct connection *c = con_by_name(msg.name, TRUE); + connection_t *c = con_by_name(msg.name, TRUE); if (c != NULL) { @@ -424,7 +413,7 @@ whack_handle(int whackctlfd) if (msg.whack_ca && msg.cacert != NULL) add_ca_info(&msg); - + /* process "listen" before any operation that could require it */ if (msg.whack_listen) { @@ -451,22 +440,22 @@ whack_handle(int whackctlfd) if (msg.whack_reread & REREAD_CACERTS) { - load_authcerts("CA cert", CA_CERT_PATH, AUTH_CA); + load_authcerts("ca", CA_CERT_PATH, X509_CA); } if (msg.whack_reread & REREAD_AACERTS) { - load_authcerts("AA cert", AA_CERT_PATH, AUTH_AA); + load_authcerts("aa", AA_CERT_PATH, X509_AA); } if (msg.whack_reread & REREAD_OCSPCERTS) { - load_authcerts("OCSP cert", OCSP_CERT_PATH, AUTH_OCSP); + load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER); } if (msg.whack_reread & REREAD_ACERTS) { - load_acerts(); + ac_load_certs(); } if (msg.whack_reread & REREAD_CRLS) @@ -487,32 +476,27 @@ whack_handle(int whackctlfd) if (msg.whack_list & LIST_CERTS) { - list_certs(msg.whack_utc); + cert_list(msg.whack_utc); } if (msg.whack_list & LIST_CACERTS) { - list_authcerts("CA", AUTH_CA, msg.whack_utc); + list_authcerts("CA", X509_CA, msg.whack_utc); } if (msg.whack_list & LIST_AACERTS) { - list_authcerts("AA", AUTH_AA, msg.whack_utc); + list_authcerts("AA", X509_AA, msg.whack_utc); } if (msg.whack_list & LIST_OCSPCERTS) { - list_authcerts("OCSP", AUTH_OCSP, msg.whack_utc); + list_authcerts("OCSP", X509_OCSP_SIGNER, msg.whack_utc); } if (msg.whack_list & LIST_ACERTS) { - list_acerts(msg.whack_utc); - } - - if (msg.whack_list & LIST_GROUPS) - { - list_groups(msg.whack_utc); + ac_list_certs(msg.whack_utc); } if (msg.whack_list & LIST_CAINFOS) @@ -562,7 +546,7 @@ whack_handle(int whackctlfd) } else { - struct connection *c = con_by_name(msg.name, TRUE); + connection_t *c = con_by_name(msg.name, TRUE); if (c != NULL && c->ikev1) { @@ -588,7 +572,7 @@ whack_handle(int whackctlfd) } else { - struct connection *c = con_by_name(msg.name, TRUE); + connection_t *c = con_by_name(msg.name, TRUE); if (c != NULL && c->ikev1) { diff --git a/src/pluto/rsaref/pkcs11.h b/src/pluto/rsaref/pkcs11.h index 9261e1e4c..3283bdc89 100644 --- a/src/pluto/rsaref/pkcs11.h +++ b/src/pluto/rsaref/pkcs11.h @@ -7,10 +7,10 @@ * License is also granted to make and use derivative works provided that * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or + * Cryptographic Token Interface (Cryptoki)" in all material mentioning or * referencing the derived work. - * RSA Security Inc. makes no representations concerning either the + * RSA Security Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. @@ -275,7 +275,7 @@ extern "C" { #define CK_PKCS11_FUNCTION_INFO(name) \ __PASTE(CK_,name) name; - + struct CK_FUNCTION_LIST { CK_VERSION version; /* Cryptoki version */ diff --git a/src/pluto/rsaref/pkcs11f.h b/src/pluto/rsaref/pkcs11f.h index dec6315dd..54b884aed 100644 --- a/src/pluto/rsaref/pkcs11f.h +++ b/src/pluto/rsaref/pkcs11f.h @@ -7,10 +7,10 @@ * License is also granted to make and use derivative works provided that * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or + * Cryptographic Token Interface (Cryptoki)" in all material mentioning or * referencing the derived work. - * RSA Security Inc. makes no representations concerning either the + * RSA Security Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. @@ -564,7 +564,7 @@ CK_PKCS11_FUNCTION_INFO(C_Sign) /* C_SignUpdate continues a multiple-part signature operation, - * where the signature is (will be) an appendix to the data, + * where the signature is (will be) an appendix to the data, * and plaintext cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #ifdef CK_NEED_ARG_LIST @@ -576,7 +576,7 @@ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #endif -/* C_SignFinal finishes a multiple-part signature operation, +/* C_SignFinal finishes a multiple-part signature operation, * returning the signature. */ CK_PKCS11_FUNCTION_INFO(C_SignFinal) #ifdef CK_NEED_ARG_LIST @@ -625,12 +625,12 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyInit) ( CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey /* verification key */ + CK_OBJECT_HANDLE hKey /* verification key */ ); #endif -/* C_Verify verifies a signature in a single-part operation, +/* C_Verify verifies a signature in a single-part operation, * where the signature is an appendix to the data, and plaintext * cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_Verify) @@ -646,7 +646,7 @@ CK_PKCS11_FUNCTION_INFO(C_Verify) /* C_VerifyUpdate continues a multiple-part verification - * operation, where the signature is an appendix to the data, + * operation, where the signature is an appendix to the data, * and plaintext cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) #ifdef CK_NEED_ARG_LIST @@ -772,7 +772,7 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateKey) #endif -/* C_GenerateKeyPair generates a public-key/private-key pair, +/* C_GenerateKeyPair generates a public-key/private-key pair, * creating new key objects. */ CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) #ifdef CK_NEED_ARG_LIST diff --git a/src/pluto/smartcard.c b/src/pluto/smartcard.c index 7e4452d89..f1a3932a6 100644 --- a/src/pluto/smartcard.c +++ b/src/pluto/smartcard.c @@ -31,6 +31,7 @@ #include #include +#include #include "constants.h" @@ -58,21 +59,21 @@ static smartcard_t *smartcards = NULL; static int sc_number = 0; const smartcard_t empty_sc = { - NULL , /* next */ - 0 , /* last_load */ - { CERT_NONE, {NULL} }, /* last_cert */ - 0 , /* count */ - 0 , /* number */ - 999999 , /* slot */ - NULL , /* id */ - NULL , /* label */ - { NULL, 0 } , /* pin */ - FALSE , /* pinpad */ - FALSE , /* valid */ - FALSE , /* session_opened */ - FALSE , /* logged_in */ - TRUE , /* any_slot */ - 0L , /* session */ + NULL , /* next */ + 0 , /* last_load */ + NULL , /* last_cert */ + 0 , /* count */ + 0 , /* number */ + 999999 , /* slot */ + NULL , /* id */ + NULL , /* label */ + { NULL, 0 } , /* pin */ + FALSE , /* pinpad */ + FALSE , /* valid */ + FALSE , /* session_opened */ + FALSE , /* logged_in */ + TRUE , /* any_slot */ + 0L , /* session */ }; #ifdef SMARTCARD /* compile with smartcard support */ @@ -115,7 +116,7 @@ static const char *const pkcs11_return_name_10[] = { }; static const char *const pkcs11_return_name_20[] = { - "CKR_DATA_INVALID", + "CKR_DATA_INVALID", "CKR_DATA_LEN_RANGE" }; @@ -386,8 +387,7 @@ static enum_names pkcs11_return_names = * The calling application is responsible for cleaning up * and calling C_Finalize() */ -static CK_RV -scx_unload_pkcs11_module(scx_pkcs11_module_t *mod) +static CK_RV scx_unload_pkcs11_module(scx_pkcs11_module_t *mod) { if (!mod || mod->_magic != SCX_MAGIC) return CKR_ARGUMENTS_BAD; @@ -400,8 +400,8 @@ scx_unload_pkcs11_module(scx_pkcs11_module_t *mod) return CKR_OK; } -static scx_pkcs11_module_t* -scx_load_pkcs11_module(const char *name, CK_FUNCTION_LIST_PTR_PTR funcs) +static scx_pkcs11_module_t* scx_load_pkcs11_module(const char *name, + CK_FUNCTION_LIST_PTR_PTR funcs) { CK_RV (*c_get_function_list)(CK_FUNCTION_LIST_PTR_PTR); scx_pkcs11_module_t *mod; @@ -437,14 +437,13 @@ failed: scx_unload_pkcs11_module(mod); /* * retrieve a certificate object */ -static bool -scx_find_cert_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object -, smartcard_t *sc, cert_t *cert) +static cert_t* scx_find_cert_object(CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, smartcard_t *sc) { size_t hex_len, label_len; u_char *hex_id = NULL; + cert_t *cert; chunk_t blob; - x509cert_t *x509cert; CK_ATTRIBUTE attr[] = { { CKA_ID, NULL_PTR, 0L }, @@ -452,16 +451,13 @@ scx_find_cert_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object { CKA_VALUE, NULL_PTR, 0L } }; - /* initialize the return argument */ - *cert = cert_empty; - /* get the length of the attributes first */ CK_RV rv = pkcs11_functions->C_GetAttributeValue(session, object, attr, 3); if (rv != CKR_OK) { plog("couldn't read the attribute sizes: %s" , enum_show(&pkcs11_return_names, rv)); - return FALSE; + return NULL; } free(sc->label); @@ -486,7 +482,7 @@ scx_find_cert_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object free(hex_id); free(sc->label); free(blob.ptr); - return FALSE; + return NULL; } free(sc->id); @@ -500,26 +496,30 @@ scx_find_cert_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object sc->label[label_len] = '\0'; /* parse the retrieved cert */ - x509cert = malloc_thing(x509cert_t); - *x509cert = empty_x509cert; - x509cert->smartcard = TRUE; - if (!parse_x509cert(blob, 0, x509cert)) + /* initialize the return argument */ + cert = malloc_thing(cert_t); + *cert = cert_empty; + cert->smartcard = TRUE; + cert->cert = lib->creds->create(lib->creds, + CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, blob, + BUILD_END); + if (cert->cert) { - plog("failed to load cert from smartcard, error in X.509 certificate"); - free_x509cert(x509cert); - return FALSE; + return cert; } - cert->type = CERT_X509_SIGNATURE; - cert->u.x509 = x509cert; - return TRUE; + + plog("failed to load cert from smartcard, error in X.509 certificate"); + cert_free(cert); + return NULL; } + /* * search a given slot for PKCS#11 certificate objects */ -static void -scx_find_cert_objects(CK_SLOT_ID slot, CK_SESSION_HANDLE session) +static void scx_find_cert_objects(CK_SLOT_ID slot, CK_SESSION_HANDLE session) { CK_RV rv; CK_OBJECT_CLASS class = CKO_CERTIFICATE; @@ -537,10 +537,10 @@ scx_find_cert_objects(CK_SLOT_ID slot, CK_SESSION_HANDLE session) { CK_OBJECT_HANDLE object; CK_ULONG obj_count = 0; - err_t ugh; time_t valid_until; smartcard_t *sc; - x509cert_t *cert; + certificate_t *certificate; + x509_t *x509; rv = pkcs11_functions->C_FindObjects(session, &object, 1, &obj_count); if (rv != CKR_OK) @@ -559,8 +559,8 @@ scx_find_cert_objects(CK_SLOT_ID slot, CK_SESSION_HANDLE session) *sc = empty_sc; sc->any_slot = FALSE; sc->slot = slot; - - if (!scx_find_cert_object(session, object, sc, &sc->last_cert)) + sc->last_cert = scx_find_cert_object(session, object, sc); + if (sc->last_cert == NULL) { scx_free(sc); continue; @@ -571,37 +571,31 @@ scx_find_cert_objects(CK_SLOT_ID slot, CK_SESSION_HANDLE session) ) /* check validity of certificate */ - cert = sc->last_cert.u.x509; - valid_until = cert->notAfter; - ugh = check_validity(cert, &valid_until); - if (ugh != NULL) + certificate = sc->last_cert->cert; + if (!certificate->get_validity(certificate, NULL, NULL, &valid_until)) { - plog(" %s", ugh); - free_x509cert(cert); scx_free(sc); continue; } - else - { - DBG(DBG_CONTROL, - DBG_log(" certificate is valid") - ) - } + DBG(DBG_CONTROL, + DBG_log(" certificate is valid") + ) sc = scx_add(sc); + x509 = (x509_t*)certificate; /* put end entity and ca certificates into different chains */ - if (cert->isCA) + if (x509->get_flags(x509) & X509_CA) { - sc->last_cert.u.x509 = add_authcert(cert, AUTH_CA); + sc->last_cert = add_authcert(sc->last_cert, X509_CA); } else { - add_x509_public_key(cert, valid_until, DAL_LOCAL); - sc->last_cert.u.x509 = add_x509cert(cert); + add_public_key_from_cert(sc->last_cert, valid_until, DAL_LOCAL); + sc->last_cert = cert_add(sc->last_cert); } - share_cert(sc->last_cert); + cert_share(sc->last_cert); time(&sc->last_load); } @@ -616,8 +610,7 @@ scx_find_cert_objects(CK_SLOT_ID slot, CK_SESSION_HANDLE session) /* * search all slots for PKCS#11 certificate objects */ -static void -scx_find_all_cert_objects(void) +static void scx_find_all_cert_objects(void) { CK_RV rv; CK_SLOT_ID_PTR slots = NULL_PTR; @@ -659,7 +652,7 @@ scx_find_all_cert_objects(void) , enum_show(&pkcs11_return_names, rv)); continue; } - + if (!(info.flags & CKF_TOKEN_PRESENT)) { plog("no token present in slot %lu", slot); @@ -696,8 +689,7 @@ scx_find_all_cert_objects(void) * init_args should be unused when we have a PKCS#11 compliant module, * but NSS softoken breaks that API. */ -void -scx_init(const char* module, const char *init_args) +void scx_init(const char* module, const char *init_args) { #ifdef SMARTCARD CK_C_INITIALIZE_ARGS args = { .pReserved = (char *)init_args, }; @@ -750,10 +742,9 @@ scx_init(const char* module, const char *init_args) } /* - * finalize and unload PKCS#11 cryptoki module + * finalize and unload PKCS#11 cryptoki module */ -void -scx_finalize(void) +void scx_finalize(void) { #ifdef SMARTCARD while (smartcards != NULL) @@ -783,21 +774,18 @@ scx_finalize(void) /* * does a filename contain the token %smartcard? */ -bool -scx_on_smartcard(const char *filename) +bool scx_on_smartcard(const char *filename) { return strneq(filename, SCX_TOKEN, strlen(SCX_TOKEN)); } #ifdef SMARTCARD /* - * find a specific object on the smartcard + * find a specific object on the smartcard */ -static bool -scx_pkcs11_find_object( CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR object, - CK_OBJECT_CLASS class, - const char* id) +static bool scx_pkcs11_find_object(CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR object, + CK_OBJECT_CLASS class, const char* id) { size_t len; char buf[BUF_LEN]; @@ -848,8 +836,7 @@ scx_pkcs11_find_object( CK_SESSION_HANDLE session, /* * check if a given certificate object id is found in a slot */ -static bool -scx_find_cert_id_in_slot(smartcard_t *sc, CK_SLOT_ID slot) +static bool scx_find_cert_id_in_slot(smartcard_t *sc, CK_SLOT_ID slot) { CK_SESSION_HANDLE session; CK_OBJECT_HANDLE object; @@ -863,7 +850,7 @@ scx_find_cert_id_in_slot(smartcard_t *sc, CK_SLOT_ID slot) , enum_show(&pkcs11_return_names, rv)); return FALSE; } - + if (!(info.flags & CKF_TOKEN_PRESENT)) { plog("no token present in slot %lu", slot); @@ -891,7 +878,7 @@ scx_find_cert_id_in_slot(smartcard_t *sc, CK_SLOT_ID slot) sc->session_opened = TRUE; return TRUE; } - + rv = pkcs11_functions->C_CloseSession(session); if (rv != CKR_OK) { @@ -905,8 +892,7 @@ scx_find_cert_id_in_slot(smartcard_t *sc, CK_SLOT_ID slot) /* * Connect to the smart card in the reader and select the correct slot */ -bool -scx_establish_context(smartcard_t *sc) +bool scx_establish_context(smartcard_t *sc) { #ifdef SMARTCARD bool id_found = FALSE; @@ -983,8 +969,7 @@ scx_establish_context(smartcard_t *sc) /* * log in to a session */ -bool -scx_login(smartcard_t *sc) +bool scx_login(smartcard_t *sc) { #ifdef SMARTCARD CK_RV rv; @@ -996,7 +981,7 @@ scx_login(smartcard_t *sc) ) return TRUE; } - + if (sc->pin.ptr == NULL) { plog("unable to log in without PIN!"); @@ -1009,7 +994,7 @@ scx_login(smartcard_t *sc) return FALSE; } - rv = pkcs11_functions->C_Login(sc->session, CKU_USER + rv = pkcs11_functions->C_Login(sc->session, CKU_USER , (CK_UTF8CHAR *) sc->pin.ptr, sc->pin.len); if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { @@ -1031,11 +1016,10 @@ scx_login(smartcard_t *sc) /* * logout from a session */ -static void -scx_logout(smartcard_t *sc) +static void scx_logout(smartcard_t *sc) { CK_RV rv; - + rv = pkcs11_functions->C_Logout(sc->session); if (rv != CKR_OK) plog("error in C_Logout: %s" @@ -1052,8 +1036,7 @@ scx_logout(smartcard_t *sc) /* * Release context and disconnect from card */ -void -scx_release_context(smartcard_t *sc) +void scx_release_context(smartcard_t *sc) { #ifdef SMARTCARD CK_RV rv; @@ -1067,7 +1050,7 @@ scx_release_context(smartcard_t *sc) scx_logout(sc); sc->session_opened = FALSE; - + rv = pkcs11_functions->C_CloseSession(sc->session); if (rv != CKR_OK) plog("error in C_CloseSession: %s" @@ -1083,68 +1066,66 @@ scx_release_context(smartcard_t *sc) /* * Load host certificate from smartcard */ -bool -scx_load_cert(const char *filename, smartcard_t **scp, cert_t *cert -, bool *cached) +cert_t* scx_load_cert(const char *filename, smartcard_t **scp, bool *cached) { #ifdef SMARTCARD /* compile with smartcard support */ - CK_OBJECT_HANDLE object; - const char *number_slot_id = filename + strlen(SCX_TOKEN); - - smartcard_t *sc = scx_add(scx_parse_number_slot_id(number_slot_id)); + CK_OBJECT_HANDLE object; + smartcard_t *sc; + cert_t *cert = NULL; /* return the smartcard object */ - *scp = sc; + *scp = sc = scx_add(scx_parse_number_slot_id(number_slot_id)); /* is there a cached smartcard certificate? */ - *cached = sc->last_cert.type != CERT_NONE - && (time(NULL) - sc->last_load) < SCX_CERT_CACHE_INTERVAL; + *cached = sc->last_cert && + (time(NULL) - sc->last_load) < SCX_CERT_CACHE_INTERVAL; if (*cached) { - *cert = sc->last_cert; plog(" using cached cert from smartcard #%d (%s, id: %s, label: '%s')" , sc->number , scx_print_slot(sc, "") , sc->id , sc->label); - return TRUE; + return sc->last_cert; } if (!scx_establish_context(sc)) { scx_release_context(sc); - return FALSE; + return NULL; } /* find the certificate object */ if (!scx_pkcs11_find_object(sc->session, &object, CKO_CERTIFICATE, sc->id)) { scx_release_context(sc); - return FALSE; + return NULL; } /* retrieve the certificate object */ - if (!scx_find_cert_object(sc->session, object, sc, cert)) + cert = scx_find_cert_object(sc->session, object, sc); + if (cert == NULL) { scx_release_context(sc); - return FALSE; + return NULL; } if (!pkcs11_keep_state) + { scx_release_context(sc); - + } plog(" loaded cert from smartcard #%d (%s, id: %s, label: '%s')" , sc->number , scx_print_slot(sc, "") , sc->id , sc->label); - return TRUE; + return cert; #else plog(" warning: SMARTCARD support is deactivated in pluto/Makefile!"); - return FALSE; + return NULL; #endif } @@ -1158,8 +1139,7 @@ scx_load_cert(const char *filename, smartcard_t **scp, cert_t *cert * %smartcard:45 - - 45 * %smartcard0:45 - 0 45 */ -smartcard_t* -scx_parse_number_slot_id(const char *number_slot_id) +smartcard_t* scx_parse_number_slot_id(const char *number_slot_id) { int len = strlen(number_slot_id); smartcard_t *sc = malloc_thing(smartcard_t); @@ -1169,7 +1149,7 @@ scx_parse_number_slot_id(const char *number_slot_id) if (len == 0) /* default: use certificate #1 */ { - sc->number = 1; + sc->number = 1; } else if (*number_slot_id == '#') /* #number scheme */ { @@ -1218,12 +1198,11 @@ scx_parse_number_slot_id(const char *number_slot_id) /* * Verify pin on card */ -bool -scx_verify_pin(smartcard_t *sc) +bool scx_verify_pin(smartcard_t *sc) { #ifdef SMARTCARD CK_RV rv; - + if (!sc->pinpad) sc->valid = FALSE; @@ -1270,9 +1249,8 @@ scx_verify_pin(smartcard_t *sc) /* * Sign hash on smartcard */ -bool -scx_sign_hash(smartcard_t *sc, const u_char *in, size_t inlen -, u_char *out, size_t outlen) +bool scx_sign_hash(smartcard_t *sc, const u_char *in, size_t inlen, u_char *out, + size_t outlen) { #ifdef SMARTCARD CK_RV rv; @@ -1377,12 +1355,11 @@ scx_sign_hash(smartcard_t *sc, const u_char *in, size_t inlen #endif } -/* +/* * encrypt data block with an RSA public key */ -bool -scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen -, u_char *out, size_t *outlen) +bool scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen, u_char *out, + size_t *outlen) { #ifdef SMARTCARD CK_RV rv; @@ -1423,7 +1400,7 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen scx_release_context(sc); return FALSE; } - + /* there must be enough space left for the PKCS#1 v1.5 padding */ if (inlen > attr[0].ulValueLen - 11) { @@ -1467,7 +1444,7 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen rsa_key = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_integer("m", rsa_modulus), asn1_integer("m", rsa_exponent)); - key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER, rsa_key, BUILD_END); free(rsa_key.ptr); if (key == NULL) @@ -1527,12 +1504,11 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen return FALSE; #endif } -/* +/* * decrypt a data block with an RSA private key */ -bool -scx_decrypt(smartcard_t *sc, const u_char *in, size_t inlen -, u_char *out, size_t *outlen) +bool scx_decrypt(smartcard_t *sc, const u_char *in, size_t inlen, u_char *out, + size_t *outlen) { #ifdef SMARTCARD CK_RV rv; @@ -1570,7 +1546,7 @@ scx_decrypt(smartcard_t *sc, const u_char *in, size_t inlen scx_release_context(sc); return FALSE; } - + DBG(DBG_CONTROL, DBG_log("doing RSA decryption on smartcard") ) @@ -1606,9 +1582,8 @@ scx_decrypt(smartcard_t *sc, const u_char *in, size_t inlen * decrypt it using a private RSA key and * return the decrypted data block via whack */ -bool -scx_op_via_whack(const char* msg, int inbase, int outbase, sc_op_t op -, const char* keyid, int whackfd) +bool scx_op_via_whack(const char* msg, int inbase, int outbase, sc_op_t op, + const char* keyid, int whackfd) { char inbuf[RSA_MAX_OCTETS]; char outbuf[2*RSA_MAX_OCTETS + 1]; @@ -1680,7 +1655,7 @@ scx_op_via_whack(const char* msg, int inbase, int outbase, sc_op_t op DBG_dump("smartcard output data:\n", inbuf, outlen) ) - if (outbase == 0) /* use default base */ + if (outbase == 0) /* use default base */ outbase = DEFAULT_BASE; if (outbase == 256) /* ascii plain text */ @@ -1701,8 +1676,7 @@ scx_op_via_whack(const char* msg, int inbase, int outbase, sc_op_t op /* * get length of RSA key in bytes */ -size_t -scx_get_keylength(smartcard_t *sc) +size_t scx_get_keylength(smartcard_t *sc) { #ifdef SMARTCARD CK_RV rv; @@ -1737,8 +1711,7 @@ scx_get_keylength(smartcard_t *sc) /* * prompt for pin and verify it */ -bool -scx_get_pin(smartcard_t *sc, int whackfd) +bool scx_get_pin(smartcard_t *sc, int whackfd) { #ifdef SMARTCARD char pin[BUF_LEN]; @@ -1796,8 +1769,7 @@ scx_get_pin(smartcard_t *sc, int whackfd) /* * free the pin code */ -void -scx_free_pin(chunk_t *pin) +void scx_free_pin(chunk_t *pin) { if (pin->ptr != NULL) { @@ -1811,12 +1783,12 @@ scx_free_pin(chunk_t *pin) /* * frees a smartcard record */ -void -scx_free(smartcard_t *sc) +void scx_free(smartcard_t *sc) { if (sc != NULL) { scx_release_context(sc); + cert_release(sc->last_cert); free(sc->id); free(sc->label); scx_free_pin(&sc->pin); @@ -1827,8 +1799,7 @@ scx_free(smartcard_t *sc) /* release of a smartcard record decreases the count by one " the record is freed when the counter reaches zero */ -void -scx_release(smartcard_t *sc) +void scx_release(smartcard_t *sc) { if (sc != NULL && --sc->count == 0) { @@ -1836,7 +1807,6 @@ scx_release(smartcard_t *sc) while (*pp != sc) pp = &(*pp)->next; *pp = sc->next; - release_cert(sc->last_cert); scx_free(sc); } } @@ -1844,8 +1814,7 @@ scx_release(smartcard_t *sc) /* * compare two smartcard records by comparing their slots and ids */ -static bool -scx_same(smartcard_t *a, smartcard_t *b) +static bool scx_same(smartcard_t *a, smartcard_t *b) { if (a->number && b->number) { @@ -1863,8 +1832,7 @@ scx_same(smartcard_t *a, smartcard_t *b) /* for each link pointing to the smartcard record " increase the count by one */ -void -scx_share(smartcard_t *sc) +void scx_share(smartcard_t *sc) { if (sc != NULL) sc->count++; @@ -1873,8 +1841,7 @@ scx_share(smartcard_t *sc) /* * adds a smartcard record to the chained list */ -smartcard_t* -scx_add(smartcard_t *smartcard) +smartcard_t* scx_add(smartcard_t *smartcard) { smartcard_t *sc = smartcards; smartcard_t **psc = &smartcards; @@ -1903,15 +1870,16 @@ scx_add(smartcard_t *smartcard) /* * get the smartcard that belongs to an X.509 certificate */ -smartcard_t* -scx_get(x509cert_t *cert) +smartcard_t* scx_get(cert_t *cert) { smartcard_t *sc = smartcards; while (sc != NULL) { - if (sc->last_cert.u.x509 == cert) + if (sc->last_cert == cert) + { return sc; + } sc = sc->next; } return NULL; @@ -1920,8 +1888,7 @@ scx_get(x509cert_t *cert) /* * prints either the slot number or 'any slot' */ -char * -scx_print_slot(smartcard_t *sc, const char *whitespace) +char *scx_print_slot(smartcard_t *sc, const char *whitespace) { char *buf = temporary_cyclic_buffer(); @@ -1935,8 +1902,7 @@ scx_print_slot(smartcard_t *sc, const char *whitespace) /* * list all smartcard info records in a chained list */ -void -scx_list(bool utc) +void scx_list(bool utc) { smartcard_t *sc = smartcards; @@ -1944,32 +1910,28 @@ scx_list(bool utc) { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of Smartcard Objects:"); - whack_log(RC_COMMENT, " "); } while (sc != NULL) { - whack_log(RC_COMMENT, "%T, #%d, count: %d" - , &sc->last_load, utc - , sc->number - , sc->count); - whack_log(RC_COMMENT, " %s, session %s, logged %s, has %s" + whack_log(RC_COMMENT, " "); + whack_log(RC_COMMENT, " %s, session %s, logged %s, has %s" , scx_print_slot(sc, " ") , sc->session_opened? "opened" : "closed" , sc->logged_in? "in" : "out" - , sc->pinpad? "pin pad" + , sc->pinpad? "pin pad" : ((sc->pin.ptr == NULL)? "no pin" : sc->valid? "valid pin" : "invalid pin")); if (sc->id != NULL) - whack_log(RC_COMMENT, " id: %s", sc->id); + whack_log(RC_COMMENT, " id: %s", sc->id); if (sc->label != NULL) - whack_log(RC_COMMENT, " label: '%s'", sc->label); - if (sc->last_cert.type == CERT_X509_SIGNATURE) + whack_log(RC_COMMENT, " label: '%s'", sc->label); + if (sc->last_cert) { - char buf[BUF_LEN]; + certificate_t *certificate = sc->last_cert->cert; - dntoa(buf, BUF_LEN, sc->last_cert.u.x509->subject); - whack_log(RC_COMMENT, " subject: '%s'", buf); + whack_log(RC_COMMENT, " subject: '%Y'", + certificate->get_subject(certificate)); } sc = sc->next; } diff --git a/src/pluto/smartcard.h b/src/pluto/smartcard.h index 60a0fccfc..7a2229794 100644 --- a/src/pluto/smartcard.h +++ b/src/pluto/smartcard.h @@ -42,7 +42,7 @@ typedef struct smartcard smartcard_t; struct smartcard { smartcard_t *next; time_t last_load; - cert_t last_cert; + cert_t *last_cert; int count; int number; unsigned long slot; @@ -75,8 +75,7 @@ extern void scx_finalize(void); extern bool scx_establish_context(smartcard_t *sc); extern bool scx_login(smartcard_t *sc); extern bool scx_on_smartcard(const char *filename); -extern bool scx_load_cert(const char *filename, smartcard_t **scp - , cert_t *cert, bool *cached); +extern cert_t* scx_load_cert(const char *filename, smartcard_t **scp, bool *cached); extern bool scx_verify_pin(smartcard_t *sc); extern void scx_share(smartcard_t *sc); extern bool scx_sign_hash(smartcard_t *sc, const u_char *in, size_t inlen @@ -90,7 +89,7 @@ extern bool scx_op_via_whack(const char* msg, int inbase, int outbase extern bool scx_get_pin(smartcard_t *sc, int whackfd); extern size_t scx_get_keylength(smartcard_t *sc); extern smartcard_t* scx_add(smartcard_t *sc); -extern smartcard_t* scx_get(x509cert_t *cert); +extern smartcard_t* scx_get(cert_t *cert); extern void scx_release(smartcard_t *sc); extern void scx_release_context(smartcard_t *sc); extern void scx_free_pin(chunk_t *pin); diff --git a/src/pluto/spdb.c b/src/pluto/spdb.c index a86c9f215..cdf2cb21b 100644 --- a/src/pluto/spdb.c +++ b/src/pluto/spdb.c @@ -24,7 +24,6 @@ #include "constants.h" #include "defs.h" -#include "id.h" #include "connections.h" #include "state.h" #include "packet.h" @@ -607,7 +606,7 @@ static u_int32_t decode_long_duration(pb_stream *pbs) } /* Preparse the body of an ISAKMP SA Payload and - * return body of ISAKMP Proposal Payload + * return body of ISAKMP Proposal Payload * * Only IPsec DOI is accepted (what is the ISAKMP DOI?). * Error response is rudimentary. @@ -624,20 +623,20 @@ preparse_isakmp_sa_body(const struct isakmp_sa *sa { loglog(RC_LOG_SERIOUS, "Unknown/unsupported DOI %s", enum_show(&doi_names, sa->isasa_doi)); /* XXX Could send notification back */ - return DOI_NOT_SUPPORTED; + return ISAKMP_DOI_NOT_SUPPORTED; } /* Situation */ if (!in_struct(ipsecdoisit, &ipsec_sit_desc, sa_pbs, NULL)) { - return SITUATION_NOT_SUPPORTED; + return ISAKMP_SITUATION_NOT_SUPPORTED; } if (*ipsecdoisit != SIT_IDENTITY_ONLY) { loglog(RC_LOG_SERIOUS, "unsupported IPsec DOI situation (%s)" , bitnamesof(sit_bit_names, *ipsecdoisit)); /* XXX Could send notification back */ - return SITUATION_NOT_SUPPORTED; + return ISAKMP_SITUATION_NOT_SUPPORTED; } /* The rules for ISAKMP SAs are scattered. @@ -647,20 +646,20 @@ preparse_isakmp_sa_body(const struct isakmp_sa *sa */ if (!in_struct(proposal, &isakmp_proposal_desc, sa_pbs, proposal_pbs)) { - return PAYLOAD_MALFORMED; + return ISAKMP_PAYLOAD_MALFORMED; } if (proposal->isap_np != ISAKMP_NEXT_NONE) { loglog(RC_LOG_SERIOUS, "Proposal Payload must be alone in Oakley SA; found %s following Proposal" , enum_show(&payload_names, proposal->isap_np)); - return PAYLOAD_MALFORMED; + return ISAKMP_PAYLOAD_MALFORMED; } if (proposal->isap_protoid != PROTO_ISAKMP) { loglog(RC_LOG_SERIOUS, "unexpected Protocol ID (%s) found in Oakley Proposal" , enum_show(&protocol_names, proposal->isap_protoid)); - return INVALID_PROTOCOL_ID; + return ISAKMP_INVALID_PROTOCOL_ID; } /* Just what should we accept for the SPI field? @@ -694,15 +693,15 @@ preparse_isakmp_sa_body(const struct isakmp_sa *sa u_char junk_spi[MAX_ISAKMP_SPI_SIZE]; if (!in_raw(junk_spi, proposal->isap_spisize, proposal_pbs, "Oakley SPI")) - return PAYLOAD_MALFORMED; + return ISAKMP_PAYLOAD_MALFORMED; } else { loglog(RC_LOG_SERIOUS, "invalid SPI size (%u) in Oakley Proposal" , (unsigned)proposal->isap_spisize); - return INVALID_SPI; + return ISAKMP_INVALID_SPI; } - return NOTHING_WRONG; + return ISAKMP_NOTHING_WRONG; } static struct { @@ -750,14 +749,14 @@ notification_t parse_isakmp_policy(pb_stream *proposal_pbs, u_int notrans, if (!in_struct(&trans, &isakmp_isakmp_transform_desc, proposal_pbs, &trans_pbs)) { - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } if (trans.isat_transnum <= last_transnum) { /* picky, picky, picky */ loglog(RC_LOG_SERIOUS, "Transform Numbers are not monotonically increasing" " in Oakley Proposal"); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } last_transnum = trans.isat_transnum; @@ -765,7 +764,7 @@ notification_t parse_isakmp_policy(pb_stream *proposal_pbs, u_int notrans, { loglog(RC_LOG_SERIOUS, "expected KEY_IKE but found %s in Oakley Transform" , enum_show(&isakmp_transformid_names, trans.isat_transid)); - return INVALID_TRANSFORM_ID; + return ISAKMP_INVALID_TRANSFORM_ID; } attr_start = trans_pbs.cur; @@ -779,7 +778,7 @@ notification_t parse_isakmp_policy(pb_stream *proposal_pbs, u_int notrans, if (!in_struct(&a, &isakmp_oakley_attribute_desc, &trans_pbs, &attr_pbs)) { - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } passert((a.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK) < 32); @@ -822,7 +821,7 @@ notification_t parse_isakmp_policy(pb_stream *proposal_pbs, u_int notrans, DBG_log("preparse_isakmp_policy: peer requests %s authentication" , prettypolicy(*policy)) ) - return NOTHING_WRONG; + return ISAKMP_NOTHING_WRONG; } /** @@ -831,23 +830,22 @@ notification_t parse_isakmp_policy(pb_stream *proposal_pbs, u_int notrans, static err_t find_preshared_key(struct state* st) { err_t ugh = NULL; - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; if (get_preshared_secret(c) == NULL) { - char my_id[BUF_LEN], his_id[BUF_LEN]; + char his_id[BUF_LEN]; - idtoa(&c->spd.this.id, my_id, sizeof(my_id)); if (his_id_was_instantiated(c)) { strcpy(his_id, "%any"); } else { - idtoa(&c->spd.that.id, his_id, sizeof(his_id)); + snprintf(his_id, sizeof(his_id), "%Y", c->spd.that.id); } - ugh = builddiag("Can't authenticate: no preshared key found for `%s' and `%s'" - , my_id, his_id); + ugh = builddiag("Can't authenticate: no preshared key found " + "for '%Y' and '%s'", c->spd.this.id, his_id); } return ugh; } @@ -868,7 +866,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, struct state *st, bool initiator) { - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; unsigned no_trans_left; /* for each transform payload... */ @@ -892,7 +890,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, if (no_trans_left == 0) { loglog(RC_LOG_SERIOUS, "number of Transform Payloads disagrees with Oakley Proposal Payload"); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } in_struct(&trans, &isakmp_isakmp_transform_desc, proposal_pbs, &trans_pbs); @@ -908,7 +906,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, u_int32_t val; /* room for larger values */ if (!in_struct(&a, &isakmp_oakley_attribute_desc, &trans_pbs, &attr_pbs)) - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; passert((a.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK) < 32); @@ -917,7 +915,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, loglog(RC_LOG_SERIOUS, "repeated %s attribute in Oakley Transform %u" , enum_show(&oakley_attr_names, a.isaat_af_type) , trans.isat_transnum); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } seen_attrs |= LELEM(a.isaat_af_type & ISAKMP_ATTR_RTYPE_MASK); @@ -1071,7 +1069,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, loglog(RC_LOG_SERIOUS , "attribute OAKLEY_LIFE_TYPE value %s repeated" , enum_show(&oakley_lifetime_names, val)); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } seen_durations |= LELEM(val); life_type = val; @@ -1114,7 +1112,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, , (long) val , OAKLEY_ISAKMP_SA_LIFETIME_MAXIMUM); #endif - } + } ta.life_seconds = val; break; case OAKLEY_LIFE_KILOBYTES: @@ -1210,7 +1208,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, loglog(RC_LOG_SERIOUS, "missing mandatory attribute(s) %s in Oakley Transform %u" , bitnamesof(oakley_attr_bit_names, missing) , trans.isat_transnum); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } } /* We must have liked this transform. @@ -1264,7 +1262,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, /* copy over the results */ st->st_oakley = ta; - return NOTHING_WRONG; + return ISAKMP_NOTHING_WRONG; } /* on to next transform */ @@ -1275,7 +1273,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, if (no_trans_left != 0) { loglog(RC_LOG_SERIOUS, "number of Transform Payloads disagrees with Oakley Proposal Payload"); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } break; } @@ -1283,11 +1281,11 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, { loglog(RC_LOG_SERIOUS, "unexpected %s payload in Oakley Proposal" , enum_show(&payload_names, proposal->isap_np)); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } } loglog(RC_LOG_SERIOUS, "no acceptable Oakley Transform"); - return NO_PROPOSAL_CHOSEN; + return ISAKMP_NO_PROPOSAL_CHOSEN; } /* Parse the body of an IPsec SA Payload (i.e. Phase 2 / Quick Mode). @@ -1712,7 +1710,7 @@ parse_ipsec_sa_body( bool selection, /* if this SA is a selection, only one transform may appear */ struct state *st) /* current state object */ { - const struct connection *c = st->st_connection; + const connection_t *c = st->st_connection; u_int32_t ipsecdoisit; pb_stream next_proposal_pbs; @@ -1726,19 +1724,19 @@ parse_ipsec_sa_body( { loglog(RC_LOG_SERIOUS, "Unknown or unsupported DOI %s", enum_show(&doi_names, sa->isasa_doi)); /* XXX Could send notification back */ - return DOI_NOT_SUPPORTED; + return ISAKMP_DOI_NOT_SUPPORTED; } /* Situation */ if (!in_struct(&ipsecdoisit, &ipsec_sit_desc, sa_pbs, NULL)) - return SITUATION_NOT_SUPPORTED; + return ISAKMP_SITUATION_NOT_SUPPORTED; if (ipsecdoisit != SIT_IDENTITY_ONLY) { loglog(RC_LOG_SERIOUS, "unsupported IPsec DOI situation (%s)" , bitnamesof(sit_bit_names, ipsecdoisit)); /* XXX Could send notification back */ - return SITUATION_NOT_SUPPORTED; + return ISAKMP_SITUATION_NOT_SUPPORTED; } /* The rules for IPsec SAs are scattered. @@ -1755,7 +1753,7 @@ parse_ipsec_sa_body( */ if (!in_struct(&next_proposal, &isakmp_proposal_desc, sa_pbs, &next_proposal_pbs)) - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; /* for each conjunction of proposals... */ while (next_full) @@ -1797,13 +1795,13 @@ parse_ipsec_sa_body( if (!in_raw(filler, sizeof(filler) , &next_proposal_pbs, "CPI filler") || !all_zero(filler, sizeof(filler))) - return INVALID_SPI; + return ISAKMP_INVALID_SPI; } else if (next_proposal.isap_spisize != IPCOMP_CPI_SIZE) { loglog(RC_LOG_SERIOUS, "IPsec Proposal with improper CPI size (%u)" , next_proposal.isap_spisize); - return INVALID_SPI; + return ISAKMP_INVALID_SPI; } /* We store CPI in the low order of a network order @@ -1813,7 +1811,7 @@ parse_ipsec_sa_body( if (!in_raw((u_char *)&next_spi + IPSEC_DOI_SPI_SIZE - IPCOMP_CPI_SIZE , IPCOMP_CPI_SIZE, &next_proposal_pbs, "CPI")) - return INVALID_SPI; + return ISAKMP_INVALID_SPI; /* If sanity ruled, CPIs would have to be such that * the SAID (the triple (CPI, IPCOM, destination IP)) @@ -1832,7 +1830,7 @@ parse_ipsec_sa_body( { loglog(RC_LOG_SERIOUS , "IPsec Proposal contains well-known CPI that I cannot uniquify"); - return INVALID_SPI; + return ISAKMP_INVALID_SPI; } break; default: @@ -1841,7 +1839,7 @@ parse_ipsec_sa_body( { loglog(RC_LOG_SERIOUS, "IPsec Proposal contains CPI from non-negotiated range (0x%lx)" , (unsigned long) ntohl(next_spi)); - return INVALID_SPI; + return ISAKMP_INVALID_SPI; } break; } @@ -1853,11 +1851,11 @@ parse_ipsec_sa_body( { loglog(RC_LOG_SERIOUS, "IPsec Proposal with improper SPI size (%u)" , next_proposal.isap_spisize); - return INVALID_SPI; + return ISAKMP_INVALID_SPI; } if (!in_raw((u_char *)&next_spi, sizeof(next_spi), &next_proposal_pbs, "SPI")) - return INVALID_SPI; + return ISAKMP_INVALID_SPI; /* SPI value 0 is invalid and values 1-255 are reserved to IANA. * RFC 2402 (ESP) 2.4, RFC 2406 (AH) 2.1 @@ -1867,14 +1865,14 @@ parse_ipsec_sa_body( { loglog(RC_LOG_SERIOUS, "IPsec Proposal contains invalid SPI (0x%lx)" , (unsigned long) ntohl(next_spi)); - return INVALID_SPI; + return ISAKMP_INVALID_SPI; } } if (next_proposal.isap_notrans == 0) { loglog(RC_LOG_SERIOUS, "IPsec Proposal contains no Transforms"); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } switch (next_proposal.isap_protoid) @@ -1883,7 +1881,7 @@ parse_ipsec_sa_body( if (ah_seen) { loglog(RC_LOG_SERIOUS, "IPsec SA contains two simultaneous AH Proposals"); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } ah_seen = TRUE; ah_prop_pbs = next_proposal_pbs; @@ -1895,7 +1893,7 @@ parse_ipsec_sa_body( if (esp_seen) { loglog(RC_LOG_SERIOUS, "IPsec SA contains two simultaneous ESP Proposals"); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } esp_seen = TRUE; esp_prop_pbs = next_proposal_pbs; @@ -1907,7 +1905,7 @@ parse_ipsec_sa_body( if (ipcomp_seen) { loglog(RC_LOG_SERIOUS, "IPsec SA contains two simultaneous IPCOMP Proposals"); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } ipcomp_seen = TRUE; ipcomp_prop_pbs = next_proposal_pbs; @@ -1918,7 +1916,7 @@ parse_ipsec_sa_body( default: loglog(RC_LOG_SERIOUS, "unexpected Protocol ID (%s) in IPsec Proposal" , enum_show(&protocol_names, next_proposal.isap_protoid)); - return INVALID_PROTOCOL_ID; + return ISAKMP_INVALID_PROTOCOL_ID; } /* refill next_proposal */ @@ -1931,11 +1929,11 @@ parse_ipsec_sa_body( { loglog(RC_LOG_SERIOUS, "unexpected in Proposal: %s" , enum_show(&payload_names, next_proposal.isap_np)); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } if (!in_struct(&next_proposal, &isakmp_proposal_desc, sa_pbs, &next_proposal_pbs)) - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } while (next_proposal.isap_proposal == propno); /* Now that we have all conjuncts, we should try @@ -1968,7 +1966,7 @@ parse_ipsec_sa_body( , tn == ah_proposal.isap_notrans - 1 , FALSE , st)) - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; previous_transnum = ah_trans.isat_transnum; @@ -1988,7 +1986,7 @@ parse_ipsec_sa_body( { case AUTH_ALGORITHM_NONE: loglog(RC_LOG_SERIOUS, "AUTH_ALGORITHM attribute missing in AH Transform"); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; case AUTH_ALGORITHM_HMAC_MD5: ok_auth = TRUE; @@ -2010,8 +2008,8 @@ parse_ipsec_sa_body( { loglog(RC_LOG_SERIOUS, "%s attribute inappropriate in %s Transform" , enum_name(&auth_alg_names, ah_attrs.auth) - , enum_show(&ah_transformid_names, ah_attrs.transid)); - return BAD_PROPOSAL_SYNTAX; + , enum_show(&ah_transform_names, ah_attrs.transid)); + return ISAKMP_BAD_PROPOSAL_SYNTAX; } if (!ok_auth) { @@ -2019,7 +2017,7 @@ parse_ipsec_sa_body( , DBG_log("%s attribute unsupported" " in %s Transform from %s" , enum_name(&auth_alg_names, ah_attrs.auth) - , enum_show(&ah_transformid_names, ah_attrs.transid) + , enum_show(&ah_transform_names, ah_attrs.transid) , ip_str(&c->spd.that.host_addr))); continue; /* try another */ } @@ -2050,7 +2048,7 @@ parse_ipsec_sa_body( , tn == esp_proposal.isap_notrans - 1 , FALSE , st)) - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; previous_transnum = esp_trans.isat_transnum; @@ -2087,7 +2085,7 @@ parse_ipsec_sa_body( default: DBG(DBG_CONTROL | DBG_CRYPT , DBG_log("unsupported ESP Transform %s from %s" - , enum_show(&esp_transformid_names, esp_attrs.transid) + , enum_show(&esp_transform_names, esp_attrs.transid) , ip_str(&c->spd.that.host_addr))); continue; /* try another */ } @@ -2138,7 +2136,7 @@ parse_ipsec_sa_body( } if (tn == esp_proposal.isap_notrans) continue; /* we didn't find a nice one */ - + esp_attrs.spi = esp_spi; inner_proto = IPPROTO_ESP; if (esp_attrs.encapsulation == ENCAPSULATION_MODE_TUNNEL) @@ -2186,7 +2184,7 @@ parse_ipsec_sa_body( if (well_known_cpi != 0 && !ah_seen && !esp_seen) { plog("illegal proposal: bare IPCOMP used with well-known CPI"); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } for (tn = 0; tn != ipcomp_proposal.isap_notrans; tn++) @@ -2201,14 +2199,14 @@ parse_ipsec_sa_body( , tn == ipcomp_proposal.isap_notrans - 1 , TRUE , st)) - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; previous_transnum = ipcomp_trans.isat_transnum; if (well_known_cpi != 0 && ipcomp_attrs.transid != well_known_cpi) { plog("illegal proposal: IPCOMP well-known CPI disagrees with transform"); - return BAD_PROPOSAL_SYNTAX; + return ISAKMP_BAD_PROPOSAL_SYNTAX; } switch (ipcomp_attrs.transid) @@ -2309,9 +2307,9 @@ parse_ipsec_sa_body( if (ipcomp_seen) st->st_ipcomp.attrs = ipcomp_attrs; - return NOTHING_WRONG; + return ISAKMP_NOTHING_WRONG; } loglog(RC_LOG_SERIOUS, "no acceptable Proposal in IPsec SA"); - return NO_PROPOSAL_CHOSEN; + return ISAKMP_NO_PROPOSAL_CHOSEN; } diff --git a/src/pluto/state.c b/src/pluto/state.c index 5bef36c5c..29d78fb3d 100644 --- a/src/pluto/state.c +++ b/src/pluto/state.c @@ -277,7 +277,7 @@ void release_whack(struct state *st) */ void delete_state(struct state *st) { - struct connection *const c = st->st_connection; + connection_t *const c = st->st_connection; struct state *old_cur_state = cur_state == st? NULL : cur_state; set_cur_state(st); @@ -371,7 +371,7 @@ void delete_state(struct state *st) /** * Is a connection in use by some state? */ -bool states_use_connection(struct connection *c) +bool states_use_connection(connection_t *c) { /* are there any states still using it? */ struct state *st = NULL; @@ -390,7 +390,7 @@ bool states_use_connection(struct connection *c) * if relations == TRUE, then also delete states that share * the same phase 1 SA. */ -void delete_states_by_connection(struct connection *c, bool relations) +void delete_states_by_connection(connection_t *c, bool relations) { int pass; /* this kludge avoids an n^2 algorithm */ @@ -448,7 +448,7 @@ void delete_states_by_connection(struct connection *c, bool relations) } } } - + sr = &c->spd; while (sr != NULL) { @@ -480,7 +480,7 @@ void delete_states_by_peer(ip_address *peer) { struct state *this = st; struct spd_route *sr; - struct connection *c = this->st_connection; + connection_t *c = this->st_connection; st = st->st_hashchain_next; /* before this is deleted */ @@ -521,7 +521,7 @@ struct state *duplicate_state(struct state *st) memcpy(nst->st_icookie, st->st_icookie, COOKIE_SIZE); memcpy(nst->st_rcookie, st->st_rcookie, COOKIE_SIZE); - + nst->st_connection = st->st_connection; nst->st_doi = st->st_doi; nst->st_situation = st->st_situation; @@ -646,7 +646,7 @@ struct state *find_phase2_state_to_delete(const struct state *p1st, /** * Find newest Phase 1 negotiation state object for suitable for connection c */ -struct state *find_phase1_state(const struct connection *c, lset_t ok_states) +struct state *find_phase1_state(const connection_t *c, lset_t ok_states) { struct state *st, @@ -674,7 +674,7 @@ void state_eroute_usage(ip_subnet *ours, ip_subnet *his, unsigned long count, { for (st = statetable[i]; st != NULL; st = st->st_hashchain_next) { - struct connection *c = st->st_connection; + connection_t *c = st->st_connection; /* XXX spd-enum */ if (IS_IPSEC_SA_ESTABLISHED(st->st_state) @@ -708,7 +708,7 @@ void fmt_state(bool all, struct state *st, time_t n, char *state_buf, size_t state_buf_len, char *state_buf2, size_t state_buf2_len) { /* what the heck is interesting about a state? */ - const struct connection *c = st->st_connection; + const connection_t *c = st->st_connection; long delta = st->st_event->ev_time >= n ? (long)(st->st_event->ev_time - n) @@ -724,7 +724,7 @@ void fmt_state(bool all, struct state *st, time_t n, char *state_buf, ? "; eroute owner" : ""; const char *dpd = (all && st->st_dpd && c->dpd_action != DPD_ACTION_NONE) ? "; DPD active" : ""; - + passert(st->st_event != 0); fmt_conn_instance(c, inst); @@ -824,9 +824,9 @@ void fmt_state(bool all, struct state *st, time_t n, char *state_buf, static int state_compare(const void *a, const void *b) { const struct state *sap = *(const struct state *const *)a; - struct connection *ca = sap->st_connection; + connection_t *ca = sap->st_connection; const struct state *sbp = *(const struct state *const *)b; - struct connection *cb = sbp->st_connection; + connection_t *cb = sbp->st_connection; /* DBG_log("comparing %s to %s", ca->name, cb->name); */ diff --git a/src/pluto/state.h b/src/pluto/state.h index a059c52b4..35ffe5a5b 100644 --- a/src/pluto/state.h +++ b/src/pluto/state.h @@ -21,6 +21,7 @@ #include +#include "defs.h" #include "connections.h" /* Message ID mechanism. diff --git a/src/pluto/timer.c b/src/pluto/timer.c index 89082f88e..74806a40c 100644 --- a/src/pluto/timer.c +++ b/src/pluto/timer.c @@ -143,7 +143,7 @@ void event_schedule(enum event_type type, time_t tm, struct state *st) bool init_secret(void) { rng_t *rng; - + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (rng == NULL) @@ -166,7 +166,7 @@ void handle_timer_event(void) struct event *ev = evlist; int type; struct state *st; - struct connection *c = NULL; + connection_t *c = NULL; ip_address peer; if (ev == (struct event *) NULL) /* Just paranoid */ @@ -216,7 +216,7 @@ void handle_timer_event(void) passert(st->st_dpd_event == ev); st->st_dpd_event = NULL; } - else + else { passert(st->st_event == ev); st->st_event = NULL; diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c index a532e50f2..7d3c96c87 100644 --- a/src/pluto/vendor.c +++ b/src/pluto/vendor.c @@ -158,7 +158,7 @@ static struct vid_struct _vid_tab[] = { { VID_CISCO3K, VID_KEEP | VID_SUBSTRING_MATCH, NULL, "Cisco VPN 3000 Series" , { "\x1f\x07\xf7\x0e\xaa\x65\x14\xd3\xb0\xfa\x96\x54\x2a\x50", 14 } }, - { VID_CISCO_IOS, VID_KEEP | VID_SUBSTRING_MATCH, + { VID_CISCO_IOS, VID_KEEP | VID_SUBSTRING_MATCH, NULL, "Cisco IOS Device", { "\x3e\x98\x40\x48", 4 } }, /* @@ -197,7 +197,9 @@ static struct vid_struct _vid_tab[] = { /* * strongSwan */ - DEC_MD5_VID(STRONGSWAN, "strongSwan 4.3.4") + DEC_MD5_VID(STRONGSWAN, "strongSwan") + DEC_MD5_VID(STRONGSWAN_4_3_5, "strongSwan 4.3.5") + DEC_MD5_VID(STRONGSWAN_4_3_4, "strongSwan 4.3.4") DEC_MD5_VID(STRONGSWAN_4_3_3, "strongSwan 4.3.3") DEC_MD5_VID(STRONGSWAN_4_3_2, "strongSwan 4.3.2") DEC_MD5_VID(STRONGSWAN_4_3_1, "strongSwan 4.3.1") @@ -296,7 +298,7 @@ static struct vid_struct _vid_tab[] = { DEC_MD5_VID(NATT_RFC, "RFC 3947") /* misc */ - + { VID_MISC_XAUTH, VID_KEEP, NULL, "XAUTH", { "\x09\x00\x26\x89\xdf\xd6\xb7\x12", 8 } }, @@ -304,7 +306,7 @@ static struct vid_struct _vid_tab[] = { { "\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00", 16 } }, DEC_MD5_VID(MISC_FRAGMENTATION, "FRAGMENTATION") - + DEC_MD5_VID(INITIAL_CONTACT, "Vid-Initial-Contact") /** @@ -338,9 +340,9 @@ void init_vendorid(void) else if (vid->flags & VID_MD5HASH) { chunk_t vid_data = { (u_char *)vid->data, strlen(vid->data) }; - + /** VendorID is a string to hash with MD5 **/ - hasher->allocate_hash(hasher, vid_data, &vid->vid); + hasher->allocate_hash(hasher, vid_data, &vid->vid); } if (vid->descr == NULL) diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h index 8aa2f6348..3df1a8196 100644 --- a/src/pluto/vendor.h +++ b/src/pluto/vendor.h @@ -138,6 +138,8 @@ enum known_vendorid { VID_STRONGSWAN_4_3_1 =119, VID_STRONGSWAN_4_3_2 =120, VID_STRONGSWAN_4_3_3 =121, + VID_STRONGSWAN_4_3_4 =122, + VID_STRONGSWAN_4_3_5 =123, /* 101 - 200 : NAT-Traversal */ VID_NATT_STENBERG_01 =151, diff --git a/src/pluto/virtual.c b/src/pluto/virtual.c index 2067bde01..3e8d5fcba 100644 --- a/src/pluto/virtual.c +++ b/src/pluto/virtual.c @@ -180,7 +180,7 @@ init_virtual_ip(const char *private_list) * ex: vhost:%no,%dhcp,%priv,%v4:192.168.1.0/24 */ struct virtual_t -*create_virtual(const struct connection *c, const char *string) +*create_virtual(const connection_t *c, const char *string) { unsigned short flags=0, n_net=0, i; const char *str = string, *next, *first_net=NULL; @@ -227,7 +227,7 @@ struct virtual_t } else goto fail; - + str = *next ? next+1 : NULL; } @@ -267,14 +267,13 @@ is_virtual_end(const struct end *that) } bool -is_virtual_connection(const struct connection *c) +is_virtual_connection(const connection_t *c) { return ((c->spd.that.virt)?TRUE:FALSE); } -static bool -net_in_list(const ip_subnet *peer_net, const ip_subnet *list, - unsigned short len) +static bool net_in_list(const ip_subnet *peer_net, const ip_subnet *list, + unsigned short len) { unsigned short i; @@ -289,9 +288,8 @@ net_in_list(const ip_subnet *peer_net, const ip_subnet *list, return FALSE; } -bool -is_virtual_net_allowed(const struct connection *c, const ip_subnet *peer_net, - const ip_address *his_addr) +bool is_virtual_net_allowed(const connection_t *c, const ip_subnet *peer_net, + const ip_address *his_addr) { if (c->spd.that.virt == NULL) return FALSE; @@ -312,7 +310,7 @@ is_virtual_net_allowed(const struct connection *c, const ip_subnet *peer_net, if (c->spd.that.virt->n_net && net_in_list(peer_net, c->spd.that.virt->net, c->spd.that.virt->n_net)) return TRUE; - + if (c->spd.that.virt->flags & F_VIRTUAL_ALL) { /** %all must only be used for testing - log it **/ diff --git a/src/pluto/x509.c b/src/pluto/x509.c index 0953f18f5..d8e887955 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -26,14 +26,13 @@ #include #include -#include -#include #include +#include +#include #include "constants.h" #include "defs.h" #include "log.h" -#include "id.h" #include "x509.h" #include "crl.h" #include "ca.h" @@ -44,1277 +43,130 @@ #include "ocsp.h" /** - * Chained lists of X.509 end certificates - */ -static x509cert_t *x509certs = NULL; - -/** - * ASN.1 definition of a basicConstraints extension - */ -static const asn1Object_t basicConstraintsObjects[] = { - { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */ - { 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define BASIC_CONSTRAINTS_CA 1 - -/** - * ASN.1 definition of a authorityKeyIdentifier extension - */ -static const asn1Object_t authKeyIdentifierObjects[] = { - { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_BODY }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ - { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ - { 1, "authorityCertSerialNumber", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define AUTH_KEY_ID_KEY_ID 1 -#define AUTH_KEY_ID_CERT_ISSUER 3 -#define AUTH_KEY_ID_CERT_SERIAL 5 - -/** - * ASN.1 definition of a authorityInfoAccess extension - */ -static const asn1Object_t authInfoAccessObjects[] = { - { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */ - { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 4 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define AUTH_INFO_ACCESS_METHOD 2 -#define AUTH_INFO_ACCESS_LOCATION 3 - -/** - * ASN.1 definition of a extendedKeyUsage extension - */ -static const asn1Object_t extendedKeyUsageObjects[] = { - { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define EXT_KEY_USAGE_PURPOSE_ID 1 - -/** - * ASN.1 definition of generalNames - */ -static const asn1Object_t generalNamesObjects[] = { - { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define GENERAL_NAMES_GN 1 - -/** - * ASN.1 definition of generalName - */ -static const asn1Object_t generalNameObjects[] = { - { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */ - { 0, "end choice", ASN1_EOC, ASN1_END }, /* 1 */ - { 0, "rfc822Name", ASN1_CONTEXT_S_1, ASN1_OPT|ASN1_BODY }, /* 2 */ - { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */ - { 0, "dnsName", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 4 */ - { 0, "end choice", ASN1_EOC, ASN1_END }, /* 5 */ - { 0, "x400Address", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 6 */ - { 0, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 0, "directoryName", ASN1_CONTEXT_C_4, ASN1_OPT|ASN1_BODY }, /* 8 */ - { 0, "end choice", ASN1_EOC, ASN1_END }, /* 9 */ - { 0, "ediPartyName", ASN1_CONTEXT_C_5, ASN1_OPT|ASN1_BODY }, /* 10 */ - { 0, "end choice", ASN1_EOC, ASN1_END }, /* 11 */ - { 0, "URI", ASN1_CONTEXT_S_6, ASN1_OPT|ASN1_BODY }, /* 12 */ - { 0, "end choice", ASN1_EOC, ASN1_END }, /* 13 */ - { 0, "ipAddress", ASN1_CONTEXT_S_7, ASN1_OPT|ASN1_BODY }, /* 14 */ - { 0, "end choice", ASN1_EOC, ASN1_END }, /* 15 */ - { 0, "registeredID", ASN1_CONTEXT_S_8, ASN1_OPT|ASN1_BODY }, /* 16 */ - { 0, "end choice", ASN1_EOC, ASN1_END }, /* 17 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define GN_OBJ_OTHER_NAME 0 -#define GN_OBJ_RFC822_NAME 2 -#define GN_OBJ_DNS_NAME 4 -#define GN_OBJ_X400_ADDRESS 6 -#define GN_OBJ_DIRECTORY_NAME 8 -#define GN_OBJ_EDI_PARTY_NAME 10 -#define GN_OBJ_URI 12 -#define GN_OBJ_IP_ADDRESS 14 -#define GN_OBJ_REGISTERED_ID 16 - -/** - * ASN.1 definition of otherName - */ -static const asn1Object_t otherNameObjects[] = { - {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */ - {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY }, /* 1 */ - {0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define ON_OBJ_ID_TYPE 0 -#define ON_OBJ_VALUE 1 - -/** - * ASN.1 definition of crlDistributionPoints - */ -static const asn1Object_t crlDistributionPointsObjects[] = { - { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 2 */ - { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */ - { 3, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ - { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */ - { 3, "end choice", ASN1_EOC, ASN1_END }, /* 6 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */ - { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ - { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define CRL_DIST_POINTS_FULLNAME 3 - -/** - * ASN.1 definition of an X.509v3 x509_cert - */ -static const asn1Object_t certObjects[] = { - { 0, "x509", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "tbsCertificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 1 */ - { 2, "DEFAULT v1", ASN1_CONTEXT_C_0, ASN1_DEF }, /* 2 */ - { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 3 */ - { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 4 */ - { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 5 */ - { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */ - { 2, "validity", ASN1_SEQUENCE, ASN1_NONE }, /* 7 */ - { 3, "notBefore", ASN1_EOC, ASN1_RAW }, /* 8 */ - { 3, "notAfter", ASN1_EOC, ASN1_RAW }, /* 9 */ - { 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */ - { 2, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_RAW }, /* 11 */ - { 2, "issuerUniqueID", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 12 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 13 */ - { 2, "subjectUniqueID", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 14 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 15 */ - { 2, "optional extensions", ASN1_CONTEXT_C_3, ASN1_OPT }, /* 16 */ - { 3, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 17 */ - { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 18 */ - { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 19 */ - { 5, "critical", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 20 */ - { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 21 */ - { 3, "end loop", ASN1_EOC, ASN1_END }, /* 22 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 23 */ - { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 24 */ - { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 25 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define X509_OBJ_CERTIFICATE 0 -#define X509_OBJ_TBS_CERTIFICATE 1 -#define X509_OBJ_VERSION 3 -#define X509_OBJ_SERIAL_NUMBER 4 -#define X509_OBJ_SIG_ALG 5 -#define X509_OBJ_ISSUER 6 -#define X509_OBJ_NOT_BEFORE 8 -#define X509_OBJ_NOT_AFTER 9 -#define X509_OBJ_SUBJECT 10 -#define X509_OBJ_SUBJECT_PUBLIC_KEY_INFO 11 -#define X509_OBJ_EXTN_ID 19 -#define X509_OBJ_CRITICAL 20 -#define X509_OBJ_EXTN_VALUE 21 -#define X509_OBJ_ALGORITHM 24 -#define X509_OBJ_SIGNATURE 25 - -const x509cert_t empty_x509cert = { - NULL , /* *next */ - UNDEFINED_TIME, /* installed */ - 0 , /* count */ - FALSE , /* smartcard */ - AUTH_NONE , /* authority_flags */ - { NULL, 0 } , /* certificate */ - { NULL, 0 } , /* tbsCertificate */ - 1 , /* version */ - { NULL, 0 } , /* serialNumber */ - OID_UNKNOWN , /* sigAlg */ - { NULL, 0 } , /* issuer */ - /* validity */ - 0 , /* notBefore */ - 0 , /* notAfter */ - { NULL, 0 } , /* subject */ - NULL , /* public_key */ - /* issuerUniqueID */ - /* subjectUniqueID */ - /* extensions */ - /* extension */ - /* extnID */ - /* critical */ - /* extnValue */ - FALSE , /* isCA */ - FALSE , /* isOcspSigner */ - { NULL, 0 } , /* subjectKeyID */ - { NULL, 0 } , /* authKeyID */ - { NULL, 0 } , /* authKeySerialNumber */ - { NULL, 0 } , /* accessLocation */ - NULL , /* subjectAltName */ - NULL , /* crlDistributionPoints */ - OID_UNKNOWN , /* algorithm */ - { NULL, 0 } /* signature */ -}; - -/* coding of X.501 distinguished name */ - -typedef struct { - const u_char *name; - chunk_t oid; - u_char type; -} x501rdn_t; - -/* X.501 acronyms for well known object identifiers (OIDs) */ - -static u_char oid_ND[] = {0x02, 0x82, 0x06, 0x01, - 0x0A, 0x07, 0x14}; -static u_char oid_UID[] = {0x09, 0x92, 0x26, 0x89, 0x93, - 0xF2, 0x2C, 0x64, 0x01, 0x01}; -static u_char oid_DC[] = {0x09, 0x92, 0x26, 0x89, 0x93, - 0xF2, 0x2C, 0x64, 0x01, 0x19}; -static u_char oid_CN[] = {0x55, 0x04, 0x03}; -static u_char oid_S[] = {0x55, 0x04, 0x04}; -static u_char oid_SN[] = {0x55, 0x04, 0x05}; -static u_char oid_C[] = {0x55, 0x04, 0x06}; -static u_char oid_L[] = {0x55, 0x04, 0x07}; -static u_char oid_ST[] = {0x55, 0x04, 0x08}; -static u_char oid_O[] = {0x55, 0x04, 0x0A}; -static u_char oid_OU[] = {0x55, 0x04, 0x0B}; -static u_char oid_T[] = {0x55, 0x04, 0x0C}; -static u_char oid_D[] = {0x55, 0x04, 0x0D}; -static u_char oid_N[] = {0x55, 0x04, 0x29}; -static u_char oid_G[] = {0x55, 0x04, 0x2A}; -static u_char oid_I[] = {0x55, 0x04, 0x2B}; -static u_char oid_ID[] = {0x55, 0x04, 0x2D}; -static u_char oid_EN[] = {0x60, 0x86, 0x48, 0x01, 0x86, - 0xF8, 0x42, 0x03, 0x01, 0x03}; -static u_char oid_E[] = {0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x09, 0x01}; -static u_char oid_UN[] = {0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x09, 0x02}; -static u_char oid_TCGID[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0x89, - 0x31, 0x01, 0x01, 0x02, 0x02, 0x4B}; - -static const x501rdn_t x501rdns[] = { - {"ND" , {oid_ND, 7}, ASN1_PRINTABLESTRING}, - {"UID" , {oid_UID, 10}, ASN1_PRINTABLESTRING}, - {"DC" , {oid_DC, 10}, ASN1_PRINTABLESTRING}, - {"CN" , {oid_CN, 3}, ASN1_PRINTABLESTRING}, - {"S" , {oid_S, 3}, ASN1_PRINTABLESTRING}, - {"SN" , {oid_SN, 3}, ASN1_PRINTABLESTRING}, - {"serialNumber" , {oid_SN, 3}, ASN1_PRINTABLESTRING}, - {"C" , {oid_C, 3}, ASN1_PRINTABLESTRING}, - {"L" , {oid_L, 3}, ASN1_PRINTABLESTRING}, - {"ST" , {oid_ST, 3}, ASN1_PRINTABLESTRING}, - {"O" , {oid_O, 3}, ASN1_PRINTABLESTRING}, - {"OU" , {oid_OU, 3}, ASN1_PRINTABLESTRING}, - {"T" , {oid_T, 3}, ASN1_PRINTABLESTRING}, - {"D" , {oid_D, 3}, ASN1_PRINTABLESTRING}, - {"N" , {oid_N, 3}, ASN1_PRINTABLESTRING}, - {"G" , {oid_G, 3}, ASN1_PRINTABLESTRING}, - {"I" , {oid_I, 3}, ASN1_PRINTABLESTRING}, - {"ID" , {oid_ID, 3}, ASN1_PRINTABLESTRING}, - {"EN" , {oid_EN, 10}, ASN1_PRINTABLESTRING}, - {"employeeNumber" , {oid_EN, 10}, ASN1_PRINTABLESTRING}, - {"E" , {oid_E, 9}, ASN1_IA5STRING}, - {"Email" , {oid_E, 9}, ASN1_IA5STRING}, - {"emailAddress" , {oid_E, 9}, ASN1_IA5STRING}, - {"UN" , {oid_UN, 9}, ASN1_IA5STRING}, - {"unstructuredName", {oid_UN, 9}, ASN1_IA5STRING}, - {"TCGID" , {oid_TCGID, 12}, ASN1_PRINTABLESTRING} -}; - -#define X501_RDN_ROOF 26 - -static u_char ASN1_subjectAltName_oid_str[] = { - 0x06, 0x03, 0x55, 0x1D, 0x11 -}; - -static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str); - -static void update_chunk(chunk_t *ch, int n) -{ - n = (n > -1 && n < (int)ch->len)? n : (int)ch->len-1; - ch->ptr += n; ch->len -= n; -} - - -/** - * Pointer is set to the first RDN in a DN - */ -static err_t init_rdn(chunk_t dn, chunk_t *rdn, chunk_t *attribute, bool *next) -{ - *rdn = chunk_empty; - *attribute = chunk_empty; - - /* a DN is a SEQUENCE OF RDNs */ - - if (*dn.ptr != ASN1_SEQUENCE) - { - return "DN is not a SEQUENCE"; - } - - rdn->len = asn1_length(&dn); - - if (rdn->len == ASN1_INVALID_LENGTH) - { - return "Invalid RDN length"; - } - rdn->ptr = dn.ptr; - - /* are there any RDNs ? */ - *next = rdn->len > 0; - - return NULL; -} - -/** - * Fetches the next RDN in a DN - */ -static err_t get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid, - chunk_t *value, asn1_t *type, bool *next) -{ - chunk_t body; - - /* initialize return values */ - *oid = chunk_empty; - *value = chunk_empty; - - /* if all attributes have been parsed, get next rdn */ - if (attribute->len <= 0) - { - /* an RDN is a SET OF attributeTypeAndValue */ - if (*rdn->ptr != ASN1_SET) - { - return "RDN is not a SET"; - } - attribute->len = asn1_length(rdn); - - if (attribute->len == ASN1_INVALID_LENGTH) - { - return "Invalid attribute length"; - } - attribute->ptr = rdn->ptr; - - /* advance to start of next RDN */ - rdn->ptr += attribute->len; - rdn->len -= attribute->len; - } - - /* an attributeTypeAndValue is a SEQUENCE */ - if (*attribute->ptr != ASN1_SEQUENCE) - { - return "attributeTypeAndValue is not a SEQUENCE"; - } - - /* extract the attribute body */ - body.len = asn1_length(attribute); - - if (body.len == ASN1_INVALID_LENGTH) - { - return "Invalid attribute body length"; - } - body.ptr = attribute->ptr; - - /* advance to start of next attribute */ - attribute->ptr += body.len; - attribute->len -= body.len; - - /* attribute type is an OID */ - if (*body.ptr != ASN1_OID) - { - return "attributeType is not an OID"; - } - - /* extract OID */ - oid->len = asn1_length(&body); - - if (oid->len == ASN1_INVALID_LENGTH) - { - return "Invalid attribute OID length"; - } - oid->ptr = body.ptr; - - /* advance to the attribute value */ - body.ptr += oid->len; - body.len -= oid->len; - - /* extract string type */ - *type = *body.ptr; - - /* extract string value */ - value->len = asn1_length(&body); - - if (value->len == ASN1_INVALID_LENGTH) - { - return "Invalid attribute string length"; - } - value->ptr = body.ptr; - - /* are there any RDNs left? */ - *next = rdn->len > 0 || attribute->len > 0; - - return NULL; -} - -/** - * Parses an ASN.1 distinguished name int its OID/value pairs - */ -static err_t dn_parse(chunk_t dn, chunk_t *str) -{ - chunk_t rdn, oid, attribute, value; - asn1_t type; - int oid_code; - bool next; - bool first = TRUE; - - err_t ugh = init_rdn(dn, &rdn, &attribute, &next); - - if (ugh != NULL) /* a parsing error has occured */ - { - return ugh; - } - - while (next) - { - ugh = get_next_rdn(&rdn, &attribute, &oid, &value, &type, &next); - - if (ugh != NULL) /* a parsing error has occured */ - { - return ugh; - } - - if (first) /* first OID/value pair */ - { - first = FALSE; - } - else /* separate OID/value pair by a comma */ - { - update_chunk(str, snprintf(str->ptr,str->len,", ")); - } - - /* print OID */ - oid_code = asn1_known_oid(oid); - if (oid_code == OID_UNKNOWN) /* OID not found in list */ - { - hex_str(oid, str); - } - else - { - update_chunk(str, snprintf(str->ptr,str->len,"%s", - oid_names[oid_code].name)); - } - - /* print value */ - update_chunk(str, snprintf(str->ptr,str->len,"=%.*s", - (int)value.len,value.ptr)); - } - return NULL; -} - -/** - * Count the number of wildcard RDNs in a distinguished name - */ -int dn_count_wildcards(chunk_t dn) -{ - chunk_t rdn, attribute, oid, value; - asn1_t type; - bool next; - int wildcards = 0; - - err_t ugh = init_rdn(dn, &rdn, &attribute, &next); - - if (ugh != NULL) /* a parsing error has occured */ - { - return -1; - } - - while (next) - { - ugh = get_next_rdn(&rdn, &attribute, &oid, &value, &type, &next); - - if (ugh != NULL) /* a parsing error has occured */ - { - return -1; - } - if (value.len == 1 && *value.ptr == '*') - { - wildcards++; /* we have found a wildcard RDN */ - } - } - return wildcards; -} - -/** - * Prints a binary string in hexadecimal form - */ -void hex_str(chunk_t bin, chunk_t *str) -{ - u_int i; - update_chunk(str, snprintf(str->ptr,str->len,"0x")); - for (i=0; i < bin.len; i++) - update_chunk(str, snprintf(str->ptr,str->len,"%02X",*bin.ptr++)); -} - - -/** Converts a binary DER-encoded ASN.1 distinguished name - * into LDAP-style human-readable ASCII format - */ -int dntoa(char *dst, size_t dstlen, chunk_t dn) -{ - err_t ugh = NULL; - chunk_t str; - - str.ptr = dst; - str.len = dstlen; - ugh = dn_parse(dn, &str); - - if (ugh != NULL) /* error, print DN as hex string */ - { - DBG(DBG_PARSING, - DBG_log("error in DN parsing: %s", ugh) - ) - str.ptr = dst; - str.len = dstlen; - hex_str(dn, &str); - } - return (int)(dstlen - str.len); -} - -/** - * Same as dntoa but prints a special string for a null dn - */ -int dntoa_or_null(char *dst, size_t dstlen, chunk_t dn, const char* null_dn) -{ - if (dn.ptr == NULL) - { - return snprintf(dst, dstlen, "%s", null_dn); - } - else - { - return dntoa(dst, dstlen, dn); - } -} - - -/** - * Codes ASN.1 lengths up to a size of 16'777'215 bytes - */ -static void code_asn1_length(size_t length, chunk_t *code) -{ - if (length < 128) - { - code->ptr[0] = length; - code->len = 1; - } - else if (length < 256) - { - code->ptr[0] = 0x81; - code->ptr[1] = (u_char) length; - code->len = 2; - } - else if (length < 65536) - { - code->ptr[0] = 0x82; - code->ptr[1] = length >> 8; - code->ptr[2] = length & 0x00ff; - code->len = 3; - } - else - { - code->ptr[0] = 0x83; - code->ptr[1] = length >> 16; - code->ptr[2] = (length >> 8) & 0x00ff; - code->ptr[3] = length & 0x0000ff; - code->len = 4; - } -} - -/** - * Converts an LDAP-style human-readable ASCII-encoded - * ASN.1 distinguished name into binary DER-encoded format - */ -err_t atodn(char *src, chunk_t *dn) -{ - /* finite state machine for atodn */ - - typedef enum { - SEARCH_OID = 0, - READ_OID = 1, - SEARCH_NAME = 2, - READ_NAME = 3, - UNKNOWN_OID = 4 - } state_t; - - u_char oid_len_buf[3]; - u_char name_len_buf[3]; - u_char rdn_seq_len_buf[3]; - u_char rdn_set_len_buf[3]; - u_char dn_seq_len_buf[3]; - - chunk_t asn1_oid_len = { oid_len_buf, 0 }; - chunk_t asn1_name_len = { name_len_buf, 0 }; - chunk_t asn1_rdn_seq_len = { rdn_seq_len_buf, 0 }; - chunk_t asn1_rdn_set_len = { rdn_set_len_buf, 0 }; - chunk_t asn1_dn_seq_len = { dn_seq_len_buf, 0 }; - chunk_t oid = chunk_empty; - chunk_t name = chunk_empty; - - int whitespace = 0; - int rdn_seq_len = 0; - int rdn_set_len = 0; - int dn_seq_len = 0; - int pos = 0; - - err_t ugh = NULL; - - u_char *dn_ptr = dn->ptr + 4; - - state_t state = SEARCH_OID; - - do - { - switch (state) - { - case SEARCH_OID: - if (*src != ' ' && *src != '/' && *src != ',') - { - oid.ptr = src; - oid.len = 1; - state = READ_OID; - } - break; - case READ_OID: - if (*src != ' ' && *src != '=') - { - oid.len++; - } - else - { - for (pos = 0; pos < X501_RDN_ROOF; pos++) - { - if (strlen(x501rdns[pos].name) == oid.len && - strncasecmp(x501rdns[pos].name, oid.ptr, oid.len) == 0) - { - break; /* found a valid OID */ - } - } - if (pos == X501_RDN_ROOF) - { - ugh = "unknown OID in distinguished name"; - state = UNKNOWN_OID; - break; - } - code_asn1_length(x501rdns[pos].oid.len, &asn1_oid_len); - - /* reset oid and change state */ - oid = chunk_empty; - state = SEARCH_NAME; - } - break; - case SEARCH_NAME: - if (*src != ' ' && *src != '=') - { - name.ptr = src; - name.len = 1; - whitespace = 0; - state = READ_NAME; - } - break; - case READ_NAME: - if (*src != ',' && *src != '/' && *src != '\0') - { - name.len++; - if (*src == ' ') - { - whitespace++; - } - else - { - whitespace = 0; - } - } - else - { - name.len -= whitespace; - code_asn1_length(name.len, &asn1_name_len); - - /* compute the length of the relative distinguished name sequence */ - rdn_seq_len = 1 + asn1_oid_len.len + x501rdns[pos].oid.len + - 1 + asn1_name_len.len + name.len; - code_asn1_length(rdn_seq_len, &asn1_rdn_seq_len); - - /* compute the length of the relative distinguished name set */ - rdn_set_len = 1 + asn1_rdn_seq_len.len + rdn_seq_len; - code_asn1_length(rdn_set_len, &asn1_rdn_set_len); - - /* encode the relative distinguished name */ - *dn_ptr++ = ASN1_SET; - chunkcpy(dn_ptr, asn1_rdn_set_len); - *dn_ptr++ = ASN1_SEQUENCE; - chunkcpy(dn_ptr, asn1_rdn_seq_len); - *dn_ptr++ = ASN1_OID; - chunkcpy(dn_ptr, asn1_oid_len); - chunkcpy(dn_ptr, x501rdns[pos].oid); - /* encode the ASN.1 character string type of the name */ - *dn_ptr++ = (x501rdns[pos].type == ASN1_PRINTABLESTRING - && !asn1_is_printablestring(name))? ASN1_T61STRING : x501rdns[pos].type; - chunkcpy(dn_ptr, asn1_name_len); - chunkcpy(dn_ptr, name); - - /* accumulate the length of the distinguished name sequence */ - dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len; - - /* reset name and change state */ - name = chunk_empty; - state = SEARCH_OID; - } - break; - case UNKNOWN_OID: - break; - } - } while (*src++ != '\0'); - - /* complete the distinguished name sequence*/ - code_asn1_length(dn_seq_len, &asn1_dn_seq_len); - dn->ptr += 3 - asn1_dn_seq_len.len; - dn->len = 1 + asn1_dn_seq_len.len + dn_seq_len; - dn_ptr = dn->ptr; - *dn_ptr++ = ASN1_SEQUENCE; - chunkcpy(dn_ptr, asn1_dn_seq_len); - return ugh; -} - -/** - * compare two distinguished names by comparing the individual RDNs - */ -bool same_dn(chunk_t a, chunk_t b) -{ - chunk_t rdn_a, rdn_b, attribute_a, attribute_b; - chunk_t oid_a, oid_b, value_a, value_b; - asn1_t type_a, type_b; - bool next_a, next_b; - - /* same lengths for the DNs */ - if (a.len != b.len) - { - return FALSE; - } - - /* try a binary comparison first */ - if (memeq(a.ptr, b.ptr, b.len)) - { - return TRUE; - } - - /* initialize DN parsing */ - if (init_rdn(a, &rdn_a, &attribute_a, &next_a) != NULL - || init_rdn(b, &rdn_b, &attribute_b, &next_b) != NULL) - { - return FALSE; - } - - /* fetch next RDN pair */ - while (next_a && next_b) - { - /* parse next RDNs and check for errors */ - if (get_next_rdn(&rdn_a, &attribute_a, &oid_a, &value_a, &type_a, &next_a) != NULL - || get_next_rdn(&rdn_b, &attribute_b, &oid_b, &value_b, &type_b, &next_b) != NULL) - { - return FALSE; - } - - /* OIDs must agree */ - if (oid_a.len != oid_b.len || memcmp(oid_a.ptr, oid_b.ptr, oid_b.len) != 0) - { - return FALSE; - } - - /* same lengths for values */ - if (value_a.len != value_b.len) - { - return FALSE; - } - - /* printableStrings and email RDNs require uppercase comparison */ - if (type_a == type_b && (type_a == ASN1_PRINTABLESTRING || - (type_a == ASN1_IA5STRING && asn1_known_oid(oid_a) == OID_PKCS9_EMAIL))) - { - if (strncasecmp(value_a.ptr, value_b.ptr, value_b.len) != 0) - { - return FALSE; - } - } - else - { - if (strncmp(value_a.ptr, value_b.ptr, value_b.len) != 0) - { - return FALSE; - } - } - } - /* both DNs must have same number of RDNs */ - if (next_a || next_b) - { - return FALSE; - } - - /* the two DNs are equal! */ - return TRUE; -} - - -/** - * Compare two distinguished names by comparing the individual RDNs. - * A single'*' character designates a wildcard RDN in DN b. - */ -bool match_dn(chunk_t a, chunk_t b, int *wildcards) -{ - chunk_t rdn_a, rdn_b, attribute_a, attribute_b; - chunk_t oid_a, oid_b, value_a, value_b; - asn1_t type_a, type_b; - bool next_a, next_b; - - /* initialize wildcard counter */ - *wildcards = 0; - - /* initialize DN parsing */ - if (init_rdn(a, &rdn_a, &attribute_a, &next_a) != NULL - || init_rdn(b, &rdn_b, &attribute_b, &next_b) != NULL) - { - return FALSE; - } - - /* fetch next RDN pair */ - while (next_a && next_b) - { - /* parse next RDNs and check for errors */ - if (get_next_rdn(&rdn_a, &attribute_a, &oid_a, &value_a, &type_a, &next_a) != NULL - || get_next_rdn(&rdn_b, &attribute_b, &oid_b, &value_b, &type_b, &next_b) != NULL) - { - return FALSE; - } - - /* OIDs must agree */ - if (oid_a.len != oid_b.len || memcmp(oid_a.ptr, oid_b.ptr, oid_b.len) != 0) - { - return FALSE; - } - - /* does rdn_b contain a wildcard? */ - if (value_b.len == 1 && *value_b.ptr == '*') - { - (*wildcards)++; - continue; - } - - /* same lengths for values */ - if (value_a.len != value_b.len) - { - return FALSE; - } - - /* printableStrings and email RDNs require uppercase comparison */ - if (type_a == type_b && (type_a == ASN1_PRINTABLESTRING || - (type_a == ASN1_IA5STRING && asn1_known_oid(oid_a) == OID_PKCS9_EMAIL))) - { - if (strncasecmp(value_a.ptr, value_b.ptr, value_b.len) != 0) - { - return FALSE; - } - } - else - { - if (strncmp(value_a.ptr, value_b.ptr, value_b.len) != 0) - { - return FALSE; - } - } - } - - /* both DNs must have same number of RDNs */ - if (next_a || next_b) - { - return FALSE; - } - - /* the two DNs match! */ - return TRUE; -} - -/** - * Compare two X.509 certificates by comparing their signatures - */ -bool same_x509cert(const x509cert_t *a, const x509cert_t *b) -{ - return chunk_equals(a->signature, b->signature); -} - -/** - * For each link pointing to the certificate increase the count by one - */ -void share_x509cert(x509cert_t *cert) -{ - if (cert != NULL) - { - cert->count++; - } -} - -/** - * Add a X.509 user/host certificate to the chained list - */ -x509cert_t* add_x509cert(x509cert_t *cert) -{ - x509cert_t *c = x509certs; - - while (c != NULL) - { - if (same_x509cert(c, cert)) /* already in chain, free cert */ - { - free_x509cert(cert); - return c; - } - c = c->next; - } - - /* insert new cert at the root of the chain */ - lock_certs_and_keys("add_x509cert"); - cert->next = x509certs; - x509certs = cert; - DBG(DBG_CONTROL | DBG_PARSING, - DBG_log(" x509 cert inserted") - ) - unlock_certs_and_keys("add_x509cert"); - return cert; -} - -/** - * Choose either subject DN or a subjectAltName as connection end ID - */ -void select_x509cert_id(x509cert_t *cert, struct id *end_id) -{ - bool copy_subject_dn = TRUE; /* ID is subject DN */ - - if (end_id->kind != ID_ANY) /* check for matching subjectAltName */ - { - generalName_t *gn = cert->subjectAltName; - - while (gn != NULL) - { - struct id id = empty_id; - - gntoid(&id, gn); - if (same_id(&id, end_id)) - { - copy_subject_dn = FALSE; /* take subjectAltName instead */ - break; - } - gn = gn->next; - } - } - - if (copy_subject_dn) - { - if (end_id->kind != ID_ANY && end_id->kind != ID_DER_ASN1_DN) - { - char buf[BUF_LEN]; - - idtoa(end_id, buf, BUF_LEN); - plog(" no subjectAltName matches ID '%s', replaced by subject DN", buf); - } - end_id->kind = ID_DER_ASN1_DN; - end_id->name.len = cert->subject.len; - end_id->name.ptr = temporary_cyclic_buffer(); - memcpy(end_id->name.ptr, cert->subject.ptr, cert->subject.len); - } -} - -/** - * Check for equality between two key identifiers - */ -bool same_keyid(chunk_t a, chunk_t b) -{ - if (a.ptr == NULL || b.ptr == NULL) - { - return FALSE; - } - return chunk_equals(a, b); -} - -/** - * Check for equality between two serial numbers - */ -bool same_serial(chunk_t a, chunk_t b) -{ - /* do not compare serial numbers if one of them is not defined */ - if (a.ptr == NULL || b.ptr == NULL) - { - return TRUE; - } - return chunk_equals(a, b); -} - -/** - * Get a X.509 certificate with a given issuer found at a certain position - */ -x509cert_t* get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid, - x509cert_t *chain) -{ - x509cert_t *cert = (chain != NULL)? chain->next : x509certs; - - while (cert != NULL) - { - if ((keyid.ptr != NULL) ? same_keyid(keyid, cert->authKeyID) - : (same_dn(issuer, cert->issuer) - && same_serial(serial, cert->authKeySerialNumber))) - { - return cert; - } - cert = cert->next; - } - return NULL; -} - -/** - * Encode a linked list of subjectAltNames - */ -chunk_t build_subjectAltNames(generalName_t *subjectAltNames) -{ - u_char *pos; - chunk_t names; - size_t len = 0; - generalName_t *gn = subjectAltNames; - - /* compute the total size of the ASN.1 attributes object */ - while (gn != NULL) - { - len += gn->name.len; - gn = gn->next; - } - - pos = asn1_build_object(&names, ASN1_SEQUENCE, len); - - gn = subjectAltNames; - while (gn != NULL) - { - chunkcpy(pos, gn->name); - gn = gn->next; - } - - return asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_subjectAltName_oid - , asn1_wrap(ASN1_OCTET_STRING, "m", names)); -} - -/** - * Build a to-be-signed X.509 certificate body - */ -static chunk_t build_tbs_x509cert(x509cert_t *cert, public_key_t *rsa) -{ - /* version is always X.509v3 */ - chunk_t version = asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2); - - chunk_t extensions = chunk_empty; - - chunk_t key = rsa->get_encoding(rsa); - - chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", key)); - - if (cert->subjectAltName != NULL) - { - extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m" - , asn1_wrap(ASN1_SEQUENCE, "m" - , build_subjectAltNames(cert->subjectAltName))); - } - - return asn1_wrap(ASN1_SEQUENCE, "mmccmcmm" - , version - , asn1_integer("c", cert->serialNumber) - , asn1_algorithmIdentifier(cert->sigAlg) - , cert->issuer - , asn1_wrap(ASN1_SEQUENCE, "mm" - , asn1_from_time(&cert->notBefore, ASN1_UTCTIME) - , asn1_from_time(&cert->notAfter, ASN1_UTCTIME) - ) - , cert->subject - , keyInfo - , extensions - ); -} - -/** - * Build a DER-encoded X.509 certificate - */ -void build_x509cert(x509cert_t *cert, public_key_t *cert_key, - private_key_t *signer_key) -{ - chunk_t tbs_cert = build_tbs_x509cert(cert, cert_key); - - chunk_t signature = x509_build_signature(tbs_cert, cert->sigAlg - , signer_key, TRUE); - - cert->certificate = asn1_wrap(ASN1_SEQUENCE, "mcm" - , tbs_cert - , asn1_algorithmIdentifier(cert->sigAlg) - , signature); -} - -/** - * Free the dynamic memory used to store generalNames - */ -void free_generalNames(generalName_t* gn, bool free_name) -{ - while (gn != NULL) - { - generalName_t *gn_top = gn; - if (free_name) - { - free(gn->name.ptr); - } - gn = gn->next; - free(gn_top); - } -} - -/** - * Free a X.509 certificate - */ -void free_x509cert(x509cert_t *cert) -{ - if (cert != NULL) - { - DESTROY_IF(cert->public_key); - free_generalNames(cert->subjectAltName, FALSE); - free_generalNames(cert->crlDistributionPoints, FALSE); - free(cert->certificate.ptr); - free(cert); - cert = NULL; - } -} - -/** - * Release of a certificate decreases the count by one - * the certificate is freed when the counter reaches zero + * Check for equality between two key identifiers */ -void release_x509cert(x509cert_t *cert) +bool same_keyid(chunk_t a, chunk_t b) { - if (cert != NULL && --cert->count == 0) + if (a.ptr == NULL || b.ptr == NULL) { - x509cert_t **pp = &x509certs; - while (*pp != cert) - { - pp = &(*pp)->next; - } - *pp = cert->next; - free_x509cert(cert); + return FALSE; } + return chunk_equals(a, b); } /** * Stores a chained list of end certs and CA certs */ -void store_x509certs(x509cert_t **firstcert, bool strict) +void store_x509certs(linked_list_t *certs, bool strict) { - x509cert_t *cacerts = NULL; - x509cert_t **pp = firstcert; + cert_t *x509cert, *cacerts = NULL; + certificate_t *cert; + enumerator_t *enumerator; - /* first extract CA certs, discarding root CA certs */ + /* first extract CA certs, ignoring self-signed root CA certs */ - while (*pp != NULL) + enumerator = certs->create_enumerator(certs); + while (enumerator->enumerate(enumerator, &cert)) { - x509cert_t *cert = *pp; + x509_t *x509 = (x509_t*)cert; + x509_flag_t flags; - if (cert->isCA) + flags = x509->get_flags(x509); + if (flags & X509_CA) { - *pp = cert->next; - /* we don't accept self-signed CA certs */ - if (same_dn(cert->issuer, cert->subject)) + if (flags & X509_SELF_SIGNED) { plog("self-signed cacert rejected"); - free_x509cert(cert); } else { /* insertion into temporary chain of candidate CA certs */ - cert->next = cacerts; - cacerts = cert; + x509cert = malloc_thing(cert_t); + *x509cert = cert_empty; + x509cert->cert = cert->get_ref(cert); + x509cert->next = cacerts; + cacerts = x509cert; } } - else - { - pp = &cert->next; - } } + enumerator->destroy(enumerator); /* now verify the candidate CA certs */ - - while (cacerts != NULL) + + while (cacerts) { - x509cert_t *cert = cacerts; - + cert_t *cert = cacerts; + cacerts = cacerts->next; if (trust_authcert_candidate(cert, cacerts)) { - add_authcert(cert, AUTH_CA); + add_authcert(cert, X509_CA); } else { plog("intermediate cacert rejected"); - free_x509cert(cert); + cert_free(cert); } } - - /* now verify the end certificates */ - pp = firstcert; + /* now verify the end certificates */ - while (*pp != NULL) + enumerator = certs->create_enumerator(certs); + while (enumerator->enumerate(enumerator, &cert)) { time_t valid_until; - x509cert_t *cert = *pp; + x509_t *x509 = (x509_t*)cert; - if (verify_x509cert(cert, strict, &valid_until)) + if (!(x509->get_flags(x509) & X509_CA)) { - DBG(DBG_CONTROL | DBG_PARSING, - DBG_log("public key validated") - ) - add_x509_public_key(cert, valid_until, DAL_SIGNED); - } - else - { - plog("X.509 certificate rejected"); + x509cert = malloc_thing(cert_t); + *x509cert = cert_empty; + x509cert->cert = cert->get_ref(cert); + + if (verify_x509cert(x509cert, strict, &valid_until)) + { + DBG(DBG_CONTROL | DBG_PARSING, + DBG_log("public key validated") + ) + add_public_key_from_cert(x509cert, valid_until, DAL_SIGNED); + } + else + { + plog("X.509 certificate rejected"); + cert_free(x509cert); + } } - *pp = cert->next; - free_x509cert(cert); } + enumerator->destroy(enumerator); } /** * Check if a signature over binary blob is genuine */ bool x509_check_signature(chunk_t tbs, chunk_t sig, int algorithm, - const x509cert_t *issuer_cert) + certificate_t *issuer_cert) { - public_key_t *key = issuer_cert->public_key; - signature_scheme_t scheme = signature_scheme_from_oid(algorithm); + bool success; + public_key_t *key; + signature_scheme_t scheme; + scheme = signature_scheme_from_oid(algorithm); if (scheme == SIGN_UNKNOWN) { return FALSE; } - return key->verify(key, scheme, tbs, sig); + + key = issuer_cert->get_public_key(issuer_cert); + if (key == NULL) + { + return FALSE; + } + success = key->verify(key, scheme, tbs, sig); + key->destroy(key); + + return success; } /** @@ -1329,631 +181,58 @@ chunk_t x509_build_signature(chunk_t tbs, int algorithm, private_key_t *key, if (scheme == SIGN_UNKNOWN || !key->sign(key, scheme, tbs, &signature)) { return chunk_empty; - } + } return (bit_string) ? asn1_bitstring("m", signature) : asn1_wrap(ASN1_OCTET_STRING, "m", signature); } -/** - * Extracts the basicConstraints extension - */ -static bool parse_basicConstraints(chunk_t blob, int level0) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - bool isCA = FALSE; - - parser = asn1_parser_create(basicConstraintsObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - if (objectID == BASIC_CONSTRAINTS_CA) - { - isCA = object.len && *object.ptr; - DBG(DBG_PARSING, - DBG_log(" %s",(isCA)?"TRUE":"FALSE"); - ) - } - } - parser->destroy(parser); - - return isCA; -} - -/** - * Converts a X.500 generalName into an ID - */ -void gntoid(struct id *id, const generalName_t *gn) -{ - switch(gn->kind) - { - case GN_DNS_NAME: /* ID type: ID_FQDN */ - id->kind = ID_FQDN; - id->name = gn->name; - break; - case GN_IP_ADDRESS: /* ID type: ID_IPV4_ADDR */ - { - const struct af_info *afi = &af_inet4_info; - err_t ugh = NULL; - - id->kind = afi->id_addr; - ugh = initaddr(gn->name.ptr, gn->name.len, afi->af, &id->ip_addr); - } - break; - case GN_RFC822_NAME: /* ID type: ID_USER_FQDN */ - id->kind = ID_USER_FQDN; - id->name = gn->name; - break; - default: - id->kind = ID_ANY; - id->name = chunk_empty; - } -} - -/** - * Compute the subjectKeyIdentifier according to section 4.2.1.2 of RFC 3280 - * as the 160 bit SHA-1 hash of the public key - */ -bool compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID) -{ - identification_t *keyid; - chunk_t encoding; - - keyid = cert->public_key->get_id(cert->public_key, ID_PUBKEY_SHA1); - if (keyid == NULL) - { - plog(" unable to compute subjectKeyID"); - return FALSE; - } - encoding = keyid->get_encoding(keyid); - memcpy(subjectKeyID.ptr, encoding.ptr, subjectKeyID.len); - return TRUE; -} - -/** - * Extracts an otherName - */ -static bool parse_otherName(chunk_t blob, int level0) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - int oid = OID_UNKNOWN; - bool success = FALSE; - - parser = asn1_parser_create(otherNameObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case ON_OBJ_ID_TYPE: - oid = asn1_known_oid(object); - break; - case ON_OBJ_VALUE: - if (oid == OID_XMPP_ADDR) - { - if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING, - parser->get_level(parser) + 1, "xmppAddr")) - { - goto end; - } - } - break; - default: - break; - } - } - success = parser->success(parser); - -end: - parser->destroy(parser); - return success; -} - - -/** - * Extracts a generalName - */ -static generalName_t* parse_generalName(chunk_t blob, int level0) -{ - u_char buf[BUF_LEN]; - asn1_parser_t *parser; - chunk_t object; - generalName_t *gn = NULL; - int objectID; - - parser = asn1_parser_create(generalNameObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - bool valid_gn = FALSE; - - switch (objectID) { - case GN_OBJ_RFC822_NAME: - case GN_OBJ_DNS_NAME: - case GN_OBJ_URI: - DBG(DBG_PARSING, - DBG_log(" '%.*s'", (int)object.len, object.ptr); - ) - valid_gn = TRUE; - break; - case GN_OBJ_DIRECTORY_NAME: - DBG(DBG_PARSING, - dntoa(buf, BUF_LEN, object); - DBG_log(" '%s'", buf) - ) - valid_gn = TRUE; - break; - case GN_OBJ_IP_ADDRESS: - DBG(DBG_PARSING, - DBG_log(" '%d.%d.%d.%d'", *object.ptr, *(object.ptr+1), - *(object.ptr+2), *(object.ptr+3)); - ) - valid_gn = TRUE; - break; - case GN_OBJ_OTHER_NAME: - if (!parse_otherName(object, parser->get_level(parser)+1)) - { - goto end; - } - break; - case GN_OBJ_X400_ADDRESS: - case GN_OBJ_EDI_PARTY_NAME: - case GN_OBJ_REGISTERED_ID: - break; - default: - break; - } - - if (valid_gn) - { - gn = malloc_thing(generalName_t); - gn->kind = (objectID - GN_OBJ_OTHER_NAME) / 2; - gn->name = object; - gn->next = NULL; - goto end; - } - } - -end: - parser->destroy(parser); - return gn; -} - -/** - * Extracts one or several GNs and puts them into a chained list - */ -static generalName_t* parse_generalNames(chunk_t blob, int level0, bool implicit) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - generalName_t *top_gn = NULL; - - parser = asn1_parser_create(generalNamesObjects, blob); - parser->set_top_level(parser, level0); - parser->set_flags(parser, implicit, FALSE); - - while (parser->iterate(parser, &objectID, &object)) - { - if (objectID == GENERAL_NAMES_GN) - { - generalName_t *gn = parse_generalName(object, - parser->get_level(parser)+1); - if (gn) - { - gn->next = top_gn; - top_gn = gn; - } - } - } - parser->destroy(parser); - - return top_gn; -} - -/** - * Returns a directoryName - */ -chunk_t get_directoryName(chunk_t blob, int level, bool implicit) -{ - chunk_t name = chunk_empty; - generalName_t * gn = parse_generalNames(blob, level, implicit); - - if (gn != NULL && gn->kind == GN_DIRECTORY_NAME) - { - name= gn->name; - } - free_generalNames(gn, FALSE); - return name; -} - -/** - * Extracts an authoritykeyIdentifier - */ -void parse_authorityKeyIdentifier(chunk_t blob, int level0, - chunk_t *authKeyID, - chunk_t *authKeySerialNumber) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - - parser = asn1_parser_create(authKeyIdentifierObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case AUTH_KEY_ID_KEY_ID: - *authKeyID = object; - break; - case AUTH_KEY_ID_CERT_ISSUER: - { - generalName_t * gn = parse_generalNames(object, - parser->get_level(parser) + 1, TRUE); - - free_generalNames(gn, FALSE); - } - break; - case AUTH_KEY_ID_CERT_SERIAL: - *authKeySerialNumber = object; - break; - default: - break; - } - } - parser->destroy(parser); -} - -/** - * Extracts an authorityInfoAcess location - */ -static void parse_authorityInfoAccess(chunk_t blob, int level0, - chunk_t *accessLocation) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - int accessMethod = OID_UNKNOWN; - - parser = asn1_parser_create(authInfoAccessObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case AUTH_INFO_ACCESS_METHOD: - accessMethod = asn1_known_oid(object); - break; - case AUTH_INFO_ACCESS_LOCATION: - { - switch (accessMethod) - { - case OID_OCSP: - if (*object.ptr == ASN1_CONTEXT_S_6) - { - if (asn1_length(&object) == ASN1_INVALID_LENGTH) - { - goto end; - } - DBG(DBG_PARSING, - DBG_log(" '%.*s'",(int)object.len, object.ptr) - ) - - /* only HTTP(S) URIs accepted */ - if (strncasecmp(object.ptr, "http", 4) == 0) - { - *accessLocation = object; - goto end; - } - } - plog("warning: ignoring OCSP InfoAccessLocation with unkown protocol"); - break; - default: - /* unkown accessMethod, ignoring */ - break; - } - } - break; - default: - break; - } - } - -end: - parser->destroy(parser); -} - -/** - * Extracts extendedKeyUsage OIDs - */ -static bool parse_extendedKeyUsage(chunk_t blob, int level0) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - bool ocsp_signing = FALSE; - - parser = asn1_parser_create(extendedKeyUsageObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - if (objectID == EXT_KEY_USAGE_PURPOSE_ID - && asn1_known_oid(object) == OID_OCSP_SIGNING) - { - ocsp_signing = TRUE; - } - } - parser->destroy(parser); - - return ocsp_signing; -} - -/** - * Extracts one or several crlDistributionPoints - * and puts them into a chained list - */ -static generalName_t* parse_crlDistributionPoints(chunk_t blob, int level0) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - - generalName_t *top_gn = NULL; /* top of the chained list */ - generalName_t **tail_gn = &top_gn; /* tail of the chained list */ - - parser = asn1_parser_create(crlDistributionPointsObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - if (objectID == CRL_DIST_POINTS_FULLNAME) - { - generalName_t *gn; - - gn = parse_generalNames(object, parser->get_level(parser)+1, TRUE); - /* append extracted generalNames to existing chained list */ - *tail_gn = gn; - /* find new tail of the chained list */ - while (gn != NULL) - { - tail_gn = &gn->next; gn = gn->next; - } - } - } - parser->destroy(parser); - - return top_gn; -} - -/** - * Parses an X.509v3 certificate - */ -bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert) -{ - u_char buf[BUF_LEN]; - asn1_parser_t *parser; - chunk_t object; - int objectID; - int extn_oid = OID_UNKNOWN; - bool critical; - bool success = FALSE; - - parser = asn1_parser_create(certObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) - { - u_int level = parser->get_level(parser) + 1; - - switch (objectID) { - case X509_OBJ_CERTIFICATE: - cert->certificate = object; - break; - case X509_OBJ_TBS_CERTIFICATE: - cert->tbsCertificate = object; - break; - case X509_OBJ_VERSION: - cert->version = (object.len) ? (1+(u_int)*object.ptr) : 1; - DBG(DBG_PARSING, - DBG_log(" v%d", cert->version); - ) - break; - case X509_OBJ_SERIAL_NUMBER: - cert->serialNumber = object; - break; - case X509_OBJ_SIG_ALG: - cert->sigAlg = asn1_parse_algorithmIdentifier(object, level, NULL); - break; - case X509_OBJ_ISSUER: - cert->issuer = object; - DBG(DBG_PARSING, - dntoa(buf, BUF_LEN, object); - DBG_log(" '%s'",buf) - ) - break; - case X509_OBJ_NOT_BEFORE: - cert->notBefore = asn1_parse_time(object, level); - break; - case X509_OBJ_NOT_AFTER: - cert->notAfter = asn1_parse_time(object, level); - break; - case X509_OBJ_SUBJECT: - cert->subject = object; - DBG(DBG_PARSING, - dntoa(buf, BUF_LEN, object); - DBG_log(" '%s'",buf) - ) - break; - case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO: - cert->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, - KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END); - if (cert->public_key == NULL) - { - goto end; - } - break; - case X509_OBJ_EXTN_ID: - extn_oid = asn1_known_oid(object); - break; - case X509_OBJ_CRITICAL: - critical = object.len && *object.ptr; - DBG(DBG_PARSING, - DBG_log(" %s",(critical)?"TRUE":"FALSE"); - ) - break; - case X509_OBJ_EXTN_VALUE: - { - switch (extn_oid) { - case OID_SUBJECT_KEY_ID: - if (!asn1_parse_simple_object(&object, ASN1_OCTET_STRING, - level, "keyIdentifier")) - { - goto end; - } - cert->subjectKeyID = object; - break; - case OID_SUBJECT_ALT_NAME: - cert->subjectAltName = - parse_generalNames(object, level, FALSE); - break; - case OID_BASIC_CONSTRAINTS: - cert->isCA = - parse_basicConstraints(object, level); - break; - case OID_CRL_DISTRIBUTION_POINTS: - cert->crlDistributionPoints = - parse_crlDistributionPoints(object, level); - break; - case OID_AUTHORITY_KEY_ID: - parse_authorityKeyIdentifier(object, level - , &cert->authKeyID, &cert->authKeySerialNumber); - break; - case OID_AUTHORITY_INFO_ACCESS: - parse_authorityInfoAccess(object, level, &cert->accessLocation); - break; - case OID_EXTENDED_KEY_USAGE: - cert->isOcspSigner = parse_extendedKeyUsage(object, level); - break; - case OID_NS_REVOCATION_URL: - case OID_NS_CA_REVOCATION_URL: - case OID_NS_CA_POLICY_URL: - case OID_NS_COMMENT: - if (!asn1_parse_simple_object(&object, ASN1_IA5STRING - , level, oid_names[extn_oid].name)) - { - goto end; - } - break; - default: - break; - } - } - break; - case X509_OBJ_ALGORITHM: - cert->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); - break; - case X509_OBJ_SIGNATURE: - cert->signature = object; - break; - default: - break; - } - } - success = parser->success(parser); - time(&cert->installed); - -end: - parser->destroy(parser); - return success; -} - -/** - * Verify the validity of a certificate by - * checking the notBefore and notAfter dates - */ -err_t check_validity(const x509cert_t *cert, time_t *until) -{ - time_t current_time; - - time(¤t_time); - DBG(DBG_CONTROL | DBG_PARSING , - DBG_log(" not before : %T", &cert->notBefore, TRUE); - DBG_log(" current time: %T", ¤t_time, TRUE); - DBG_log(" not after : %T", &cert->notAfter, TRUE); - ) - - if (cert->notAfter < *until) - { - *until = cert->notAfter; - } - if (current_time < cert->notBefore) - { - return "certificate is not valid yet"; - } - if (current_time > cert->notAfter) - { - return "certificate has expired"; - } - else - { - return NULL; - } -} - /** * Verifies a X.509 certificate */ -bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until) +bool verify_x509cert(cert_t *cert, bool strict, time_t *until) { - int pathlen; + int pathlen, pathlen_constraint; - *until = cert->notAfter; + *until = 0; - for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++) + for (pathlen = -1; pathlen <= X509_MAX_PATH_LEN; pathlen++) { - x509cert_t *issuer_cert; - u_char buf[BUF_LEN]; - err_t ugh = NULL; + certificate_t *certificate = cert->cert; + identification_t *subject = certificate->get_subject(certificate); + identification_t *issuer = certificate->get_issuer(certificate); + x509_t *x509 = (x509_t*)certificate; + chunk_t authKeyID = x509->get_authKeyIdentifier(x509); + cert_t *issuer_cert; + time_t notBefore, notAfter; + bool valid; DBG(DBG_CONTROL, - dntoa(buf, BUF_LEN, cert->subject); - DBG_log("subject: '%s'",buf); - dntoa(buf, BUF_LEN, cert->issuer); - DBG_log("issuer: '%s'",buf); - if (cert->authKeyID.ptr != NULL) + DBG_log("subject: '%Y'", subject); + DBG_log("issuer: '%Y'", issuer); + if (authKeyID.ptr) { - datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':' - , buf, BUF_LEN); - DBG_log("authkey: %s", buf); + DBG_log("authkey: %#B", &authKeyID); } ) - ugh = check_validity(cert, until); - - if (ugh != NULL) + valid = certificate->get_validity(certificate, NULL, + ¬Before, ¬After); + if (*until == UNDEFINED_TIME || notAfter < *until) + { + *until = notAfter; + } + if (!valid) { - plog("%s", ugh); + plog("certificate is invalid (valid from %T to %T)", + ¬Before, FALSE, ¬After, FALSE); return FALSE; } - DBG(DBG_CONTROL, DBG_log("certificate is valid") ) lock_authcert_list("verify_x509cert"); - issuer_cert = get_authcert(cert->issuer, cert->authKeySerialNumber - , cert->authKeyID, AUTH_CA); - + issuer_cert = get_authcert(issuer, authKeyID, X509_CA); if (issuer_cert == NULL) { plog("issuer cacert not found"); @@ -1964,8 +243,7 @@ bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until) DBG_log("issuer cacert found") ) - if (!x509_check_signature(cert->tbsCertificate, cert->signature, - cert->algorithm, issuer_cert)) + if (!certificate->issued_by(certificate, issuer_cert->cert)) { plog("certificate signature is invalid"); unlock_authcert_list("verify_x509cert"); @@ -1976,11 +254,22 @@ bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until) ) unlock_authcert_list("verify_x509cert"); + /* check path length constraint */ + pathlen_constraint = x509->get_pathLenConstraint(x509); + if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && + pathlen > pathlen_constraint) + { + plog("path length of %d violates constraint of %d", + pathlen, pathlen_constraint); + return FALSE; + } + /* check if cert is a self-signed root ca */ - if (pathlen > 0 && same_dn(cert->issuer, cert->subject)) + if (pathlen >= 0 && (x509->get_flags(x509) & X509_SELF_SIGNED)) { DBG(DBG_CONTROL, - DBG_log("reached self-signed root ca") + DBG_log("reached self-signed root ca with a path length of %d", + pathlen) ) return TRUE; } @@ -1988,7 +277,7 @@ bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until) { time_t nextUpdate = *until; time_t revocationDate = UNDEFINED_TIME; - crl_reason_t revocationReason = REASON_UNSPECIFIED; + crl_reason_t revocationReason = CRL_REASON_UNSPECIFIED; /* first check certificate revocation using ocsp */ cert_status_t status = verify_by_ocsp(cert, &nextUpdate @@ -2017,7 +306,7 @@ bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until) DBG(DBG_CONTROL, DBG_log("certificate is good") ) - + /* with strict crl policy the public key must have the same * lifetime as the validity of the ocsp status or crl lifetime */ @@ -2048,15 +337,15 @@ bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until) /* go up one step in the trust chain */ cert = issuer_cert; } - plog("maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN); + plog("maximum path length of %d exceeded", X509_MAX_PATH_LEN); return FALSE; } /** * List all X.509 certs in a chained list */ -void list_x509cert_chain(const char *caption, x509cert_t* cert, - u_char auth_flags, bool utc) +void list_x509cert_chain(const char *caption, cert_t* cert, + x509_flag_t flags, bool utc) { bool first = TRUE; time_t now; @@ -2064,74 +353,107 @@ void list_x509cert_chain(const char *caption, x509cert_t* cert, /* determine the current time */ time(&now); - while (cert != NULL) + while (cert) { - if (auth_flags == AUTH_NONE || (auth_flags & cert->authority_flags)) - { - u_char buf[BUF_LEN]; - public_key_t *key = cert->public_key; - cert_t c; + certificate_t *certificate = cert->cert; + x509_t *x509 = (x509_t*)certificate; - c.type = CERT_X509_SIGNATURE; - c.u.x509 = cert; + if (certificate->get_type(certificate) == CERT_X509 && + (flags == X509_NONE || (flags & x509->get_flags(x509)))) + { + enumerator_t *enumerator; + char buf[BUF_LEN]; + char *pos = buf; + int len = BUF_LEN, pathlen; + bool first_altName = TRUE; + identification_t *id; + time_t notBefore, notAfter; + public_key_t *key; + chunk_t serial, keyid, subjkey, authkey; if (first) { whack_log(RC_COMMENT, " "); whack_log(RC_COMMENT, "List of X.509 %s Certificates:", caption); - whack_log(RC_COMMENT, " "); first = FALSE; } + whack_log(RC_COMMENT, " "); + + enumerator = x509->create_subjectAltName_enumerator(x509); + while (enumerator->enumerate(enumerator, &id)) + { + int written; + + if (first_altName) + { + written = snprintf(pos, len, "%Y", id); + first_altName = FALSE; + } + else + { + written = snprintf(pos, len, ", %Y", id); + } + pos += written; + len -= written; + } + enumerator->destroy(enumerator); + if (!first_altName) + { + whack_log(RC_COMMENT, " altNames: %s", buf); + } - whack_log(RC_COMMENT, "%T, count: %d", &cert->installed, utc, - cert->count); - dntoa(buf, BUF_LEN, cert->subject); - whack_log(RC_COMMENT, " subject: '%s'", buf); - dntoa(buf, BUF_LEN, cert->issuer); - whack_log(RC_COMMENT, " issuer: '%s'", buf); - datatot(cert->serialNumber.ptr, cert->serialNumber.len, ':', - buf, BUF_LEN); - whack_log(RC_COMMENT, " serial: %s", buf); - whack_log(RC_COMMENT, " validity: not before %T %s", - &cert->notBefore, utc, - (cert->notBefore < now)?"ok":"fatal (not valid yet)"); - whack_log(RC_COMMENT, " not after %T %s", - &cert->notAfter, utc, - check_expiry(cert->notAfter, CA_CERT_WARNING_INTERVAL, TRUE)); - whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", - key_type_names, key->get_type(key), - key->get_keysize(key) * BITS_PER_BYTE, - cert->smartcard ? ", on smartcard" : - (has_private_key(c)? ", has private key" : "")); - whack_log(RC_COMMENT, " keyid: %Y", - key->get_id(key, ID_PUBKEY_INFO_SHA1)); - if (cert->subjectKeyID.ptr != NULL) + whack_log(RC_COMMENT, " subject: \"%Y\"", + certificate->get_subject(certificate)); + whack_log(RC_COMMENT, " issuer: \"%Y\"", + certificate->get_issuer(certificate)); + serial = x509->get_serial(x509); + whack_log(RC_COMMENT, " serial: %#B", &serial); + + /* list validity */ + certificate->get_validity(certificate, &now, ¬Before, ¬After); + whack_log(RC_COMMENT, " validity: not before %T %s", + ¬Before, utc, + (notBefore < now)?"ok":"fatal (not valid yet)"); + whack_log(RC_COMMENT, " not after %T %s", + ¬After, utc, + check_expiry(notAfter, CA_CERT_WARNING_INTERVAL, TRUE)); + + key = certificate->get_public_key(certificate); + if (key); { - datatot(cert->subjectKeyID.ptr, cert->subjectKeyID.len, ':', - buf, BUF_LEN); - whack_log(RC_COMMENT, " subjkey: %s", buf); + whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", + key_type_names, key->get_type(key), + key->get_keysize(key) * BITS_PER_BYTE, + cert->smartcard ? ", on smartcard" : + (has_private_key(cert)? ", has private key" : "")); + + if (key->get_fingerprint(key, KEY_ID_PUBKEY_INFO_SHA1, &keyid)) + { + whack_log(RC_COMMENT, " keyid: %#B", &keyid); + } + if (key->get_fingerprint(key, KEY_ID_PUBKEY_SHA1, &subjkey)) + { + whack_log(RC_COMMENT, " subjkey: %#B", &subjkey); + } + key->destroy(key); } - if (cert->authKeyID.ptr != NULL) + + /* list optional authorityKeyIdentifier */ + authkey = x509->get_authKeyIdentifier(x509); + if (authkey.ptr) { - datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':', - buf, BUF_LEN); - whack_log(RC_COMMENT, " authkey: %s", buf); + whack_log(RC_COMMENT, " authkey: %#B", &authkey); } - if (cert->authKeySerialNumber.ptr != NULL) + + /* list optional pathLenConstraint */ + pathlen = x509->get_pathLenConstraint(x509); + if (pathlen != X509_NO_PATH_LEN_CONSTRAINT) { - datatot(cert->authKeySerialNumber.ptr, - cert->authKeySerialNumber.len, ':', buf, BUF_LEN); - whack_log(RC_COMMENT, " aserial: %s", buf); + whack_log(RC_COMMENT, " pathlen: %d", pathlen); } + } cert = cert->next; } } -/** - * List all X.509 end certificates in a chained list - */ -void list_x509_end_certs(bool utc) -{ - list_x509cert_chain("End", x509certs, AUTH_NONE, utc); -} diff --git a/src/pluto/x509.h b/src/pluto/x509.h index ab0fbac9e..e904618b3 100644 --- a/src/pluto/x509.h +++ b/src/pluto/x509.h @@ -18,122 +18,23 @@ #ifndef _X509_H #define _X509_H -#include +#include +#include #include +#include #include "constants.h" -#include "id.h" +#include "certs.h" -/* Definition of generalNames kinds */ - -typedef enum { - GN_OTHER_NAME = 0, - GN_RFC822_NAME = 1, - GN_DNS_NAME = 2, - GN_X400_ADDRESS = 3, - GN_DIRECTORY_NAME = 4, - GN_EDI_PARTY_NAME = 5, - GN_URI = 6, - GN_IP_ADDRESS = 7, - GN_REGISTERED_ID = 8 -} generalNames_t; - -/* access structure for a GeneralName */ - -typedef struct generalName generalName_t; - -struct generalName { - generalName_t *next; - generalNames_t kind; - chunk_t name; -}; - -/* access structure for an X.509v3 certificate */ - -typedef struct x509cert x509cert_t; - -struct x509cert { - x509cert_t *next; - time_t installed; - int count; - bool smartcard; - u_char authority_flags; - chunk_t certificate; - chunk_t tbsCertificate; - u_int version; - chunk_t serialNumber; - /* signature */ - int sigAlg; - chunk_t issuer; - /* validity */ - time_t notBefore; - time_t notAfter; - chunk_t subject; - public_key_t *public_key; - /* issuerUniqueID */ - /* subjectUniqueID */ - /* v3 extensions */ - /* extension */ - /* extension */ - /* extnID */ - /* critical */ - /* extnValue */ - bool isCA; - bool isOcspSigner; /* ocsp */ - chunk_t subjectKeyID; - chunk_t authKeyID; - chunk_t authKeySerialNumber; - chunk_t accessLocation; /* ocsp */ - generalName_t *subjectAltName; - generalName_t *crlDistributionPoints; - /* signatureAlgorithm */ - int algorithm; - chunk_t signature; -}; - -/* used for initialization */ -extern const x509cert_t empty_x509cert; - -extern bool same_serial(chunk_t a, chunk_t b); extern bool same_keyid(chunk_t a, chunk_t b); -extern bool same_dn(chunk_t a, chunk_t b); -extern bool match_dn(chunk_t a, chunk_t b, int *wildcards); -extern bool same_x509cert(const x509cert_t *a, const x509cert_t *b); -extern void hex_str(chunk_t bin, chunk_t *str); -extern int dn_count_wildcards(chunk_t dn); -extern int dntoa(char *dst, size_t dstlen, chunk_t dn); -extern int dntoa_or_null(char *dst, size_t dstlen, chunk_t dn, - const char* null_dn); -extern err_t atodn(char *src, chunk_t *dn); -extern void gntoid(struct id *id, const generalName_t *gn); -extern bool compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID); -extern void select_x509cert_id(x509cert_t *cert, struct id *end_id); -extern bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert); -extern time_t parse_time(chunk_t blob, int level0); -extern void parse_authorityKeyIdentifier(chunk_t blob, int level0 - , chunk_t *authKeyID, chunk_t *authKeySerialNumber); -extern chunk_t get_directoryName(chunk_t blob, int level, bool implicit); -extern err_t check_validity(const x509cert_t *cert, time_t *until); - extern bool x509_check_signature(chunk_t tbs, chunk_t sig, int algorithm, - const x509cert_t *issuer_cert); + certificate_t *issuer_cert); extern chunk_t x509_build_signature(chunk_t tbs, int algorithm, private_key_t *key, bool bit_string); - -extern bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until); -extern x509cert_t* add_x509cert(x509cert_t *cert); -extern x509cert_t* get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid, - x509cert_t* chain); -extern void build_x509cert(x509cert_t *cert, public_key_t *cert_key, - private_key_t *signer_key); -extern chunk_t build_subjectAltNames(generalName_t *subjectAltNames); -extern void share_x509cert(x509cert_t *cert); -extern void release_x509cert(x509cert_t *cert); -extern void free_x509cert(x509cert_t *cert); -extern void store_x509certs(x509cert_t **firstcert, bool strict); -extern void list_x509cert_chain(const char *caption, x509cert_t* cert, - u_char auth_flags, bool utc); +extern bool verify_x509cert(cert_t *cert, bool strict, time_t *until); +extern void store_x509certs(linked_list_t *certs, bool strict); +extern void list_x509cert_chain(const char *caption, cert_t* cert, + x509_flag_t flags, bool utc); extern void list_x509_end_certs(bool utc); -extern void free_generalNames(generalName_t* gn, bool free_name); #endif /* _X509_H */ diff --git a/src/pluto/xauth.c b/src/pluto/xauth.c index af2d72d71..2086a92cc 100644 --- a/src/pluto/xauth.c +++ b/src/pluto/xauth.c @@ -1,7 +1,7 @@ /* Initialization and finalization of the dynamic XAUTH module * Copyright (C) 2006 Andreas Steffen * Hochschule fuer Technik Rapperswil, Switzerland - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your @@ -23,7 +23,7 @@ #include "keys.h" #include "log.h" -void +void xauth_init(void) { #ifdef XAUTH_DEFAULT_LIB diff --git a/src/pluto/xauth.h b/src/pluto/xauth.h index 8ab125ac4..23cae3ed8 100644 --- a/src/pluto/xauth.h +++ b/src/pluto/xauth.h @@ -1,7 +1,7 @@ /* Interface definition of the XAUTH server and|or client module * Copyright (C) 2006 Andreas Steffen * Hochschule fuer Technik Rapperswil, Switzerland - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your diff --git a/src/scepclient/Makefile.am b/src/scepclient/Makefile.am index 20bf76065..3693b7532 100644 --- a/src/scepclient/Makefile.am +++ b/src/scepclient/Makefile.am @@ -1,5 +1,5 @@ ipsec_PROGRAMS = scepclient -scepclient_SOURCES = scepclient.c pkcs10.c pkcs10.h scep.c scep.h loglite.c +scepclient_SOURCES = scepclient.c scep.c scep.h loglite.c PLUTODIR=$(top_srcdir)/src/pluto OPENACDIR=$(top_srcdir)/src/openac @@ -16,18 +16,15 @@ INCLUDES = \ -I$(WHACKDIR) AM_CFLAGS = \ --DIPSEC_CONFDIR=\"${confdir}\" \ --DIPSEC_PLUGINDIR=\"${plugindir}\" \ +-DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DPLUGINS=\""${pluto_plugins}\"" \ --DSTRONGSWAN_CONF=\"${strongswan_conf}\" \ -DDEBUG -DNO_PLUTO LIBSTRONGSWANBUILDDIR=$(top_builddir)/src/libstrongswan LIBFREESWANBUILDDIR=$(top_builddir)/src/libfreeswan scepclient_LDADD = \ -ca.o crl.o certs.o constants.o defs.o fetch.o id.o keys.o lex.o \ -ocsp.o pem.o pgpcert.o pkcs7.o smartcard.o x509.o \ +constants.o defs.o lex.o pkcs7.o \ $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \ $(LIBFREESWANBUILDDIR)/libfreeswan.a @@ -39,47 +36,15 @@ endif dist_man_MANS = scepclient.8 -ca.o : $(PLUTODIR)/ca.c $(PLUTODIR)/ca.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -certs.o : $(PLUTODIR)/certs.c $(PLUTODIR)/certs.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - constants.o : $(PLUTODIR)/constants.c $(PLUTODIR)/constants.h $(COMPILE) $(INCLUDES) -c -o $@ $< -crl.o : $(PLUTODIR)/crl.c $(PLUTODIR)/crl.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - defs.o : $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) $(INCLUDES) -c -o $@ $< -fetch.o : $(PLUTODIR)/fetch.c $(PLUTODIR)/fetch.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -id.o : $(PLUTODIR)/id.c $(PLUTODIR)/id.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -keys.o : $(PLUTODIR)/keys.c $(PLUTODIR)/keys.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - lex.o : $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h $(COMPILE) $(INCLUDES) -c -o $@ $< -ocsp.o : $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -pem.o : $(PLUTODIR)/pem.c $(PLUTODIR)/pem.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -pgpcert.o : $(PLUTODIR)/pgpcert.c $(PLUTODIR)/pgpcert.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - pkcs7.o : $(PLUTODIR)/pkcs7.c $(PLUTODIR)/pkcs7.h $(COMPILE) $(INCLUDES) -c -o $@ $< -smartcard.o : $(PLUTODIR)/smartcard.c $(PLUTODIR)/smartcard.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -x509.o : $(PLUTODIR)/x509.c $(PLUTODIR)/x509.h - $(COMPILE) $(INCLUDES) -c -o $@ $< diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 72cefb3b6..8438b81f9 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -41,26 +43,33 @@ subdir = src/scepclient DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man8dir)" -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(ipsec_PROGRAMS) -am_scepclient_OBJECTS = scepclient.$(OBJEXT) pkcs10.$(OBJEXT) \ - scep.$(OBJEXT) loglite.$(OBJEXT) +am_scepclient_OBJECTS = scepclient.$(OBJEXT) scep.$(OBJEXT) \ + loglite.$(OBJEXT) scepclient_OBJECTS = $(am_scepclient_OBJECTS) am__DEPENDENCIES_1 = @USE_SMARTCARD_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) -scepclient_DEPENDENCIES = ca.o crl.o certs.o constants.o defs.o \ - fetch.o id.o keys.o lex.o ocsp.o pem.o pgpcert.o pkcs7.o \ - smartcard.o x509.o $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \ +scepclient_DEPENDENCIES = constants.o defs.o lex.o pkcs7.o \ + $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \ $(LIBFREESWANBUILDDIR)/libfreeswan.a $(am__DEPENDENCIES_2) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -72,6 +81,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(scepclient_SOURCES) DIST_SOURCES = $(scepclient_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man8dir = $(mandir)/man8 NROFF = nroff MANS = $(dist_man_MANS) @@ -111,25 +141,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -141,11 +168,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -174,9 +204,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -199,7 +229,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -207,6 +237,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -215,10 +246,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -226,9 +259,10 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -scepclient_SOURCES = scepclient.c pkcs10.c pkcs10.h scep.c scep.h loglite.c +scepclient_SOURCES = scepclient.c scep.c scep.h loglite.c PLUTODIR = $(top_srcdir)/src/pluto OPENACDIR = $(top_srcdir)/src/openac WHACKDIR = $(top_srcdir)/src/whack @@ -242,15 +276,12 @@ INCLUDES = \ -I$(LIBCRYPTODIR) \ -I$(WHACKDIR) -AM_CFLAGS = -DIPSEC_CONFDIR=\"${confdir}\" \ - -DIPSEC_PLUGINDIR=\"${plugindir}\" \ - -DPLUGINS=\""${pluto_plugins}\"" \ - -DSTRONGSWAN_CONF=\"${strongswan_conf}\" -DDEBUG -DNO_PLUTO \ +AM_CFLAGS = -DIPSEC_CONFDIR=\"${sysconfdir}\" \ + -DPLUGINS=\""${pluto_plugins}\"" -DDEBUG -DNO_PLUTO \ $(am__append_1) LIBSTRONGSWANBUILDDIR = $(top_builddir)/src/libstrongswan LIBFREESWANBUILDDIR = $(top_builddir)/src/libfreeswan -scepclient_LDADD = ca.o crl.o certs.o constants.o defs.o fetch.o id.o \ - keys.o lex.o ocsp.o pem.o pgpcert.o pkcs7.o smartcard.o x509.o \ +scepclient_LDADD = constants.o defs.o lex.o pkcs7.o \ $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \ $(LIBFREESWANBUILDDIR)/libfreeswan.a $(am__append_2) dist_man_MANS = scepclient.8 @@ -267,9 +298,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/scepclient/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/scepclient/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/scepclient/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/scepclient/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -287,34 +318,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list scepclient$(EXEEXT): $(scepclient_OBJECTS) $(scepclient_DEPENDENCIES) @rm -f scepclient$(EXEEXT) $(LINK) $(scepclient_OBJECTS) $(scepclient_LDADD) $(LIBS) @@ -326,27 +373,26 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/loglite.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs10.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scep.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scepclient.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -356,51 +402,44 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man8: $(man8_MANS) $(man_MANS) +install-man8: $(dist_man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -414,7 +453,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -422,34 +461,52 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -465,13 +522,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -502,6 +563,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -523,6 +585,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -531,18 +595,28 @@ install-data-am: install-ipsecPROGRAMS install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -585,50 +659,18 @@ uninstall-man: uninstall-man8 uninstall-man uninstall-man8 -ca.o : $(PLUTODIR)/ca.c $(PLUTODIR)/ca.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -certs.o : $(PLUTODIR)/certs.c $(PLUTODIR)/certs.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - constants.o : $(PLUTODIR)/constants.c $(PLUTODIR)/constants.h $(COMPILE) $(INCLUDES) -c -o $@ $< -crl.o : $(PLUTODIR)/crl.c $(PLUTODIR)/crl.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - defs.o : $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) $(INCLUDES) -c -o $@ $< -fetch.o : $(PLUTODIR)/fetch.c $(PLUTODIR)/fetch.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -id.o : $(PLUTODIR)/id.c $(PLUTODIR)/id.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -keys.o : $(PLUTODIR)/keys.c $(PLUTODIR)/keys.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - lex.o : $(PLUTODIR)/lex.c $(PLUTODIR)/lex.h $(COMPILE) $(INCLUDES) -c -o $@ $< -ocsp.o : $(PLUTODIR)/ocsp.c $(PLUTODIR)/ocsp.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -pem.o : $(PLUTODIR)/pem.c $(PLUTODIR)/pem.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -pgpcert.o : $(PLUTODIR)/pgpcert.c $(PLUTODIR)/pgpcert.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - pkcs7.o : $(PLUTODIR)/pkcs7.c $(PLUTODIR)/pkcs7.h $(COMPILE) $(INCLUDES) -c -o $@ $< -smartcard.o : $(PLUTODIR)/smartcard.c $(PLUTODIR)/smartcard.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - -x509.o : $(PLUTODIR)/x509.c $(PLUTODIR)/x509.h - $(COMPILE) $(INCLUDES) -c -o $@ $< # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/scepclient/loglite.c b/src/scepclient/loglite.c index 87041f114..539bb5f72 100644 --- a/src/scepclient/loglite.c +++ b/src/scepclient/loglite.c @@ -56,12 +56,12 @@ static void scepclient_dbg(int level, char *fmt, ...) else if (cur_debugging & DBG_RAW) { debug_level = 3; - } + } else if (cur_debugging & DBG_PARSING) { debug_level = 2; } - else + else { debug_level = 1; } diff --git a/src/scepclient/pkcs10.c b/src/scepclient/pkcs10.c deleted file mode 100644 index cdd68431e..000000000 --- a/src/scepclient/pkcs10.c +++ /dev/null @@ -1,224 +0,0 @@ -/** - * @file pkcs10.c - * @brief Functions to build PKCS#10 requests - * - * Contains functions to build DER encoded pkcs#10 certificate requests - */ - -/* Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "../pluto/constants.h" -#include "../pluto/defs.h" -#include "../pluto/log.h" -#include "../pluto/x509.h" - -#include "pkcs10.h" - -/* some pre-coded OIDs */ - -static u_char ASN1_challengePassword_oid_str[] = { - 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07 -}; - -static const chunk_t ASN1_challengePassword_oid = chunk_from_buf(ASN1_challengePassword_oid_str); - -static u_char ASN1_extensionRequest_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E -}; - -static const chunk_t ASN1_extensionRequest_oid = chunk_from_buf(ASN1_extensionRequest_oid_str); - -/** - * @brief Adds a subjectAltName in DER-coded form to a linked list - * - * @param[in,out] subjectAltNames head of the linked list of subjectAltNames - * @param[in] kind type of the subjectAltName (which is a generalName) - * @param[in] value value of the subjectAltName as an ASCII string - */ -void -pkcs10_add_subjectAltName(generalName_t **subjectAltNames, generalNames_t kind -, char *value) -{ - generalName_t *gn; - asn1_t asn1_type = ASN1_EOC; - chunk_t name = { value, strlen(value) }; - - switch (kind) - { - case GN_RFC822_NAME: - asn1_type = ASN1_CONTEXT_S_1; - break; - case GN_DNS_NAME: - asn1_type = ASN1_CONTEXT_S_2; - break; - case GN_IP_ADDRESS: - { - struct in_addr addr; - - /* convert an ASCII dotted IPv4 address (e.g. 123.456.78.90) - * to a byte representation in network order - */ - if (!inet_aton(value, &addr)) - { - fprintf(stderr, "error in IPv4 subjectAltName\n"); - return; - } - asn1_type = ASN1_CONTEXT_S_7; - name.ptr = (u_char *) &addr.s_addr; - name.len = sizeof(addr.s_addr); - break; - } - default: - break; - } - - gn = malloc_thing(generalName_t); - gn->kind = kind; - gn->name = asn1_simple_object(asn1_type, name); - gn->next = *subjectAltNames; - *subjectAltNames = gn; -} - -/** - * @brief Builds the requestInfoAttributes of the certificationRequestInfo-field - * - * challenge password ans subjectAltNames are only included, - * when avaiable in given #pkcs10_t structure - * - * @param[in] pkcs10 Pointer to a #pkcs10_t structure - * @return 1 if succeeded, 0 otherwise - */ -static chunk_t -build_req_info_attributes(pkcs10_t* pkcs10) -{ - - chunk_t subjectAltNames = chunk_empty; - chunk_t challengePassword = chunk_empty; - - if (pkcs10->subjectAltNames != NULL) - { - - subjectAltNames = asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_extensionRequest_oid - , asn1_wrap(ASN1_SET, "m" - , asn1_wrap(ASN1_SEQUENCE, "m" - , build_subjectAltNames(pkcs10->subjectAltNames) - ) - ) - ); - } - - if (pkcs10->challengePassword.len > 0) - { - asn1_t type = asn1_is_printablestring(pkcs10->challengePassword) - ? ASN1_PRINTABLESTRING : ASN1_T61STRING; - - challengePassword = asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_challengePassword_oid - , asn1_wrap(ASN1_SET, "m" - , asn1_simple_object(type, pkcs10->challengePassword) - ) - ); - } - - return asn1_wrap(ASN1_CONTEXT_C_0, "mm" - , subjectAltNames - , challengePassword); -} - -/** - * @brief Builds a DER-code pkcs#10 certificate request - * - * @param[in] pkcs10 pointer to a pkcs10_t struct - * @return DER-code pkcs10 request - */ -static chunk_t -pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg) -{ - chunk_t key = pkcs10->public_key->get_encoding(pkcs10->public_key); - - chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", key)); - - chunk_t cert_req_info = asn1_wrap(ASN1_SEQUENCE, "ccmm", - ASN1_INTEGER_0, - pkcs10->subject, - keyInfo, - build_req_info_attributes(pkcs10)); - - chunk_t signature = x509_build_signature(cert_req_info, signature_alg, - pkcs10->private_key, TRUE); - - return asn1_wrap(ASN1_SEQUENCE, "mcm", - cert_req_info, - asn1_algorithmIdentifier(signature_alg), - signature); -} - -/** - * @brief Creates a pkcs#10 certificate request object - * - * To create a certificate request, the RSA key and the - * names to be included as subject in the certificate request - * (e.g. commonName, organization) are needed. An optional challenge - * password or some subjectAltNames may be included. - * - * @param[in] key rsakey of type #rsakey_t - * @param[in] subject DER-coded subject distinguished name - * @param[in] challengePassword challenge password or chunk_empty - * @param[in] subjectAltNames linked list of subjectAltNames or NULL - * @return pointer to a #pkcs10_t object - */ -pkcs10_t* pkcs10_build(private_key_t *private, public_key_t *public, - chunk_t subject, chunk_t challengePassword, - generalName_t *subjectAltNames, int signature_alg) -{ - pkcs10_t *pkcs10 = malloc_thing(pkcs10_t); - - pkcs10->subject = subject; - pkcs10->private_key = private; - pkcs10->public_key = public; - pkcs10->challengePassword = challengePassword; - pkcs10->subjectAltNames = subjectAltNames; - - pkcs10->request = pkcs10_build_request(pkcs10, signature_alg); - return pkcs10; -} - -/** - * @brief Frees the resources used by an #pkcs10_t object - * - * @param[in] pkcs10 #pkcs10_t to free - */ -void -pkcs10_free(pkcs10_t *pkcs10) -{ - if (pkcs10 != NULL) - { - free(pkcs10->request.ptr); - free(pkcs10); - } -} diff --git a/src/scepclient/pkcs10.h b/src/scepclient/pkcs10.h deleted file mode 100644 index 3f29f019a..000000000 --- a/src/scepclient/pkcs10.h +++ /dev/null @@ -1,60 +0,0 @@ -/** - * @file pkcs10.h - * @brief Functions to build PKCS#10 Request's - * - * Contains functions to build DER encoded pkcs#10 certificate requests - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef _PKCS10_H -#define _PKCS10_H - -#include -#include - -#include "../pluto/defs.h" -#include "../pluto/x509.h" - -typedef struct pkcs10_struct pkcs10_t; - -/** - * @brief type representating a pkcs#10 request. - * - * A pkcs#10 request contains a distinguished name, an optional - * challenge password, a public key and optional subjectAltNames. - * - * The RSA private key is needed to compute the signature of the given request - */ -struct pkcs10_struct { - private_key_t *private_key; - public_key_t *public_key; - chunk_t request; - chunk_t subject; - chunk_t challengePassword; - generalName_t *subjectAltNames; -}; - -extern const pkcs10_t empty_pkcs10; - -extern void pkcs10_add_subjectAltName(generalName_t **subjectAltNames, - generalNames_t kind, char *value); -extern pkcs10_t* pkcs10_build(private_key_t *private, public_key_t *public, - chunk_t subject, chunk_t challengePassword, - generalName_t *subjectAltNames, int signature_alg); -extern void pkcs10_free(pkcs10_t *pkcs10); - -#endif /* _PKCS10_H */ diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c index a788c6f41..598705636 100644 --- a/src/scepclient/scep.c +++ b/src/scepclient/scep.c @@ -1,7 +1,7 @@ /** * @file scep.c * @brief SCEP specific functions - * + * * Contains functions to build SCEP request's and to parse SCEP reply's. */ @@ -39,24 +39,15 @@ #include "scep.h" -static char ASN1_messageType_oid_str[] = { +static const chunk_t ASN1_messageType_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02 -}; - -static char ASN1_senderNonce_oid_str[] = { +); +static const chunk_t ASN1_senderNonce_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05 -}; - -static char ASN1_transId_oid_str[] = { +); +static const chunk_t ASN1_transId_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07 -}; - -static const chunk_t ASN1_messageType_oid = - chunk_from_buf(ASN1_messageType_oid_str); -static const chunk_t ASN1_senderNonce_oid = - chunk_from_buf(ASN1_senderNonce_oid_str); -static const chunk_t ASN1_transId_oid = - chunk_from_buf(ASN1_transId_oid_str); +); static const char *pkiStatus_values[] = { "0", "2", "3" }; @@ -239,7 +230,7 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs) DBG(DBG_CONTROL | DBG_PARSING, DBG_log("parsing attributes") ) - + while (parser->iterate(parser, &objectID, &object)) { switch (objectID) @@ -255,24 +246,23 @@ bool parse_attributes(chunk_t blob, scep_attributes_t *attrs) } } success = parser->success(parser); - + end: parser->destroy(parser); return success; } /** - * Generates a unique fingerprint of the pkcs10 request + * Generates a unique fingerprint of the pkcs10 request * by computing an MD5 hash over it */ chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10) { - char digest_buf[HASH_SIZE_MD5]; - chunk_t digest = chunk_from_buf(digest_buf); + chunk_t digest = chunk_alloca(HASH_SIZE_MD5); hasher_t *hasher; hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - hasher->get_hash(hasher, pkcs10, digest_buf); + hasher->get_hash(hasher, pkcs10, digest.ptr); hasher->destroy(hasher); return chunk_to_hex(digest, NULL, FALSE); @@ -285,21 +275,20 @@ chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10) void scep_generate_transaction_id(public_key_t *key, chunk_t *transID, chunk_t *serialNumber) { - char digest_buf[HASH_SIZE_MD5]; - chunk_t digest = chunk_from_buf(digest_buf); - chunk_t keyEncoding, keyInfo; + chunk_t digest = chunk_alloca(HASH_SIZE_MD5); + chunk_t keyEncoding = chunk_empty, keyInfo; hasher_t *hasher; bool msb_set; u_char *pos; - - keyEncoding = key->get_encoding(key); - keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", keyEncoding)); + key->get_encoding(key, KEY_PUB_ASN1_DER, &keyEncoding); + + keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), + asn1_bitstring("m", keyEncoding)); hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - hasher->get_hash(hasher, keyInfo, digest_buf); + hasher->get_hash(hasher, keyInfo, digest.ptr); hasher->destroy(hasher); free(keyInfo.ptr); @@ -381,8 +370,8 @@ chunk_t scep_senderNonce_attribute(void) * Builds a pkcs7 enveloped and signed scep request */ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg, - const x509cert_t *enc_cert, int enc_alg, - const x509cert_t *signer_cert, int digest_alg, + certificate_t *enc_cert, int enc_alg, + certificate_t *signer_cert, int digest_alg, private_key_t *private_key) { chunk_t envelopedData, attributes, request; @@ -497,7 +486,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, free(escaped_req); status = lib->fetcher->fetch(lib->fetcher, complete_url, response, - FETCH_HTTP_VERSION_1_0, + FETCH_HTTP_VERSION_1_0, FETCH_REQUEST_HEADER, "Pragma:", FETCH_REQUEST_HEADER, "Host:", FETCH_REQUEST_HEADER, "Accept:", @@ -510,7 +499,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, complete_url = malloc(len); snprintf(complete_url, len, "%s?operation=%s", url, operation); - status = lib->fetcher->fetch(lib->fetcher, complete_url, response, + status = lib->fetcher->fetch(lib->fetcher, complete_url, response, FETCH_REQUEST_DATA, pkcs7, FETCH_REQUEST_TYPE, "", FETCH_REQUEST_HEADER, "Expect:", @@ -527,7 +516,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier" , url, operation); - status = lib->fetcher->fetch(lib->fetcher, complete_url, response, + status = lib->fetcher->fetch(lib->fetcher, complete_url, response, FETCH_END); } @@ -536,7 +525,7 @@ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, } err_t scep_parse_response(chunk_t response, chunk_t transID, contentInfo_t *data, - scep_attributes_t *attrs, x509cert_t *signer_cert) + scep_attributes_t *attrs, certificate_t *signer_cert) { chunk_t attributes; diff --git a/src/scepclient/scep.h b/src/scepclient/scep.h index e8dc87591..f64c6b1cc 100644 --- a/src/scepclient/scep.h +++ b/src/scepclient/scep.h @@ -1,7 +1,7 @@ /** * @file scep.h * @brief SCEP specific functions - * + * * Contains functions to build and parse SCEP requests and replies */ @@ -23,6 +23,8 @@ #ifndef _SCEP_H #define _SCEP_H +#include + #include "../pluto/defs.h" #include "../pluto/pkcs7.h" @@ -81,13 +83,13 @@ extern chunk_t scep_transId_attribute(chunk_t transaction_id); extern chunk_t scep_messageType_attribute(scep_msg_t m); extern chunk_t scep_senderNonce_attribute(void); extern chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg, - const x509cert_t *enc_cert, int enc_alg, - const x509cert_t *signer_cert, int digest_alg, + certificate_t *enc_cert, int enc_alg, + certificate_t *signer_cert, int digest_alg, private_key_t *private_key); extern bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, bool http_get_request, chunk_t *response); extern err_t scep_parse_response(chunk_t response, chunk_t transID, contentInfo_t *data, scep_attributes_t *attrs, - x509cert_t *signer_cert); + certificate_t *signer_cert); #endif /* _SCEP_H */ diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index 6c0166d66..576ce1dc5 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -41,18 +41,22 @@ #include #include #include +#include +#include #include #include #include #include +#include +#include +#include #include "../pluto/constants.h" #include "../pluto/defs.h" #include "../pluto/log.h" -#include "../pluto/pkcs7.h" #include "../pluto/certs.h" +#include "../pluto/pkcs7.h" -#include "pkcs10.h" #include "scep.h" /* @@ -121,26 +125,27 @@ options_t *options; * Global variables */ -private_key_t *private_key = NULL; -public_key_t *public_key = NULL; - chunk_t pkcs1; chunk_t pkcs7; -chunk_t subject; chunk_t challengePassword; chunk_t serialNumber; chunk_t transID; chunk_t fingerprint; +chunk_t encoding; +chunk_t pkcs10_encoding; chunk_t issuerAndSubject; chunk_t getCertInitial; chunk_t scep_response; -cert_t cert; -x509cert_t *x509_signer = NULL; -x509cert_t *x509_ca_enc = NULL; -x509cert_t *x509_ca_sig = NULL; -generalName_t *subjectAltNames = NULL; -pkcs10_t *pkcs10 = NULL; +linked_list_t *subjectAltNames; + +identification_t *subject = NULL; +private_key_t *private_key = NULL; +public_key_t *public_key = NULL; +certificate_t *x509_signer = NULL; +certificate_t *x509_ca_enc = NULL; +certificate_t *x509_ca_sig = NULL; +certificate_t *pkcs10_req = NULL; /** * @brief exit scepclient @@ -152,27 +157,25 @@ exit_scepclient(err_t message, ...) { int status = 0; + DESTROY_IF(subject); DESTROY_IF(private_key); DESTROY_IF(public_key); + DESTROY_IF(x509_signer); + DESTROY_IF(x509_ca_enc); + DESTROY_IF(x509_ca_sig); + DESTROY_IF(pkcs10_req); + subjectAltNames->destroy_offset(subjectAltNames, + offsetof(identification_t, destroy)); free(pkcs1.ptr); free(pkcs7.ptr); - free(subject.ptr); free(serialNumber.ptr); free(transID.ptr); free(fingerprint.ptr); + free(encoding.ptr); + free(pkcs10_encoding.ptr); free(issuerAndSubject.ptr); free(getCertInitial.ptr); free(scep_response.ptr); - - free_generalNames(subjectAltNames, TRUE); - if (x509_signer != NULL) - { - x509_signer->subjectAltName = NULL; - } - free_x509cert(x509_signer); - free_x509cert(x509_ca_enc); - free_x509cert(x509_ca_sig); - pkcs10_free(pkcs10); options->destroy(options); /* print any error message to stderr */ @@ -279,7 +282,7 @@ static void print_plugins() char buf[BUF_LEN], *plugin; int len = 0; enumerator_t *enumerator; - + enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin)) { @@ -357,8 +360,8 @@ int main(int argc, char **argv) /* digest algorithm used by pkcs7, default is SHA-1 */ int pkcs7_digest_alg = OID_SHA1; - /* signature algorithm used by pkcs10, default is SHA-1 with RSA encryption */ - int pkcs10_signature_alg = OID_SHA1; + /* signature algorithm used by pkcs10, default is SHA-1 */ + hash_algorithm_t pkcs10_signature_alg = HASH_SHA1; /* URL of the SCEP-Server */ char *scep_url = NULL; @@ -374,20 +377,8 @@ int main(int argc, char **argv) err_t ugh = NULL; - /* initialize global variables */ - pkcs1 = chunk_empty; - pkcs7 = chunk_empty; - serialNumber = chunk_empty; - transID = chunk_empty; - fingerprint = chunk_empty; - issuerAndSubject = chunk_empty; - challengePassword = chunk_empty; - getCertInitial = chunk_empty; - scep_response = chunk_empty; - log_to_stderr = TRUE; - /* initialize library */ - if (!library_init(STRONGSWAN_CONF)) + if (!library_init(NULL)) { library_deinit(); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); @@ -400,8 +391,21 @@ int main(int argc, char **argv) exit(SS_RC_DAEMON_INTEGRITY); } - /* initialize optionsfrom */ - options = options_create(); + /* initialize global variables */ + pkcs1 = chunk_empty; + pkcs7 = chunk_empty; + serialNumber = chunk_empty; + transID = chunk_empty; + fingerprint = chunk_empty; + encoding = chunk_empty; + pkcs10_encoding = chunk_empty; + issuerAndSubject = chunk_empty; + challengePassword = chunk_empty; + getCertInitial = chunk_empty; + scep_response = chunk_empty; + subjectAltNames = linked_list_create(); + options = options_create(); + log_to_stderr = TRUE; for (;;) { @@ -544,7 +548,7 @@ int main(int argc, char **argv) } continue; } - + case 'f': /* --force */ force = TRUE; continue; @@ -614,7 +618,6 @@ int main(int argc, char **argv) case 's': /* --subjectAltName */ { - generalNames_t kind; char *value = strstr(optarg, "="); if (value) @@ -625,25 +628,19 @@ int main(int argc, char **argv) value++; } - if (strcaseeq("email", optarg)) - { - kind = GN_RFC822_NAME; - } - else if (strcaseeq("dns", optarg)) + if (strcaseeq("email", optarg) || + strcaseeq("dns", optarg) || + strcaseeq("ip", optarg)) { - kind = GN_DNS_NAME; - } - else if (strcaseeq("ip", optarg)) - { - kind = GN_IP_ADDRESS; + subjectAltNames->insert_last(subjectAltNames, + identification_create_from_string(value)); + continue; } else { usage("invalid --subjectAltName type"); continue; } - pkcs10_add_subjectAltName(&subjectAltNames, kind, value); - continue; } case 'p': /* --password */ @@ -748,7 +745,7 @@ int main(int argc, char **argv) base_debugging |= DBG_PRIVATE; continue; #endif - default: + default: usage("unknown option"); } /* break from loop */ @@ -759,8 +756,11 @@ int main(int argc, char **argv) init_log("scepclient"); /* load plugins, further infrastructure may need it */ - lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, - lib->settings->get_str(lib->settings, "scepclient.load", PLUGINS)); + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "scepclient.load", PLUGINS))) + { + exit_scepclient("plugin loading failed"); + } print_plugins(); if ((filetype_out == 0) && (!request_ca_certificate)) @@ -787,18 +787,18 @@ int main(int argc, char **argv) /* * input of PKCS#1 file */ - if (filetype_in & PKCS1) /* load an RSA key pair from file */ + if (filetype_in & PKCS1) /* load an RSA key pair from file */ { - prompt_pass_t pass = { "", FALSE, STDIN_FILENO }; char *path = concatenate_paths(PRIVATE_KEY_PATH, file_in_pkcs1); - private_key = load_private_key(path, &pass, KEY_RSA); + private_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_FROM_FILE, path, BUILD_END); } else /* generate an RSA key pair */ { private_key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_KEY_SIZE, rsa_keylength, - BUILD_END); + BUILD_END); } if (private_key == NULL) { @@ -828,11 +828,6 @@ int main(int argc, char **argv) } else { - char buf[IDTOA_BUF]; - chunk_t dn = chunk_empty; - - dn.ptr = buf; - if (distinguishedName == NULL) { char buf[BUF_LEN]; @@ -850,34 +845,43 @@ int main(int argc, char **argv) DBG(DBG_CONTROL, DBG_log("dn: '%s'", distinguishedName); ) - ugh = atodn(distinguishedName, &dn); - if (ugh != NULL) + subject = identification_create_from_string(distinguishedName); + if (subject->get_type(subject) != ID_DER_ASN1_DN) { - exit_scepclient(ugh); + exit_scepclient("parsing of distinguished name failed"); } - subject = chunk_clone(dn); - DBG(DBG_CONTROL, DBG_log("building pkcs10 object:") ) - pkcs10 = pkcs10_build(private_key, public_key, subject, - challengePassword, subjectAltNames, - pkcs10_signature_alg); - fingerprint = scep_generate_pkcs10_fingerprint(pkcs10->request); + pkcs10_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_PKCS10_REQUEST, + BUILD_SIGNING_KEY, private_key, + BUILD_SUBJECT, subject, + BUILD_SUBJECT_ALTNAMES, subjectAltNames, + BUILD_PASSPHRASE, challengePassword, + BUILD_DIGEST_ALG, pkcs10_signature_alg, + BUILD_END); + if (!pkcs10_req) + { + exit_scepclient("generating pkcs10 request failed"); + } + pkcs10_encoding = pkcs10_req->get_encoding(pkcs10_req); + fingerprint = scep_generate_pkcs10_fingerprint(pkcs10_encoding); plog(" fingerprint: %s", fingerprint.ptr); } - /* + /* * output of PKCS#10 file */ if (filetype_out & PKCS10) { char *path = concatenate_paths(REQ_PATH, file_out_pkcs10); - if (!chunk_write(pkcs10->request, path, "pkcs10", 0022, force)) + if (!chunk_write(pkcs10_encoding, path, "pkcs10", 0022, force)) + { exit_scepclient("could not write pkcs10 file '%s'", path); - + } filetype_out &= ~PKCS10; /* delete PKCS10 flag */ } @@ -896,11 +900,11 @@ int main(int argc, char **argv) DBG(DBG_CONTROL, DBG_log("building pkcs1 object:") ) - pkcs1 = private_key->get_encoding(private_key); - - if (!chunk_write(pkcs1, path, "pkcs1", 0066, force)) + if (!private_key->get_encoding(private_key, KEY_PRIV_ASN1_DER, &pkcs1) || + !chunk_write(pkcs1, path, "pkcs1", 0066, force)) + { exit_scepclient("could not write pkcs1 file '%s'", path); - + } filetype_out &= ~PKCS1; /* delete PKCS1 flag */ } @@ -912,19 +916,23 @@ int main(int argc, char **argv) scep_generate_transaction_id(public_key, &transID, &serialNumber); plog(" transaction ID: %.*s", (int)transID.len, transID.ptr); + notBefore = notBefore ? notBefore : time(NULL); + notAfter = notAfter ? notAfter : (notBefore + validity); + /* generate a self-signed X.509 certificate */ - x509_signer = malloc_thing(x509cert_t); - *x509_signer = empty_x509cert; - x509_signer->serialNumber = serialNumber; - x509_signer->sigAlg = OID_SHA1_WITH_RSA; - x509_signer->issuer = subject; - x509_signer->notBefore = (notBefore)? notBefore - : time(NULL); - x509_signer->notAfter = (notAfter)? notAfter - : x509_signer->notBefore + validity; - x509_signer->subject = subject; - x509_signer->subjectAltName = subjectAltNames; - build_x509cert(x509_signer, public_key, private_key); + x509_signer = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_SIGNING_KEY, private_key, + BUILD_PUBLIC_KEY, public_key, + BUILD_SUBJECT, subject, + BUILD_NOT_BEFORE_TIME, notBefore, + BUILD_NOT_AFTER_TIME, notAfter, + BUILD_SERIAL, serialNumber, + BUILD_SUBJECT_ALTNAMES, subjectAltNames, + BUILD_END); + if (!x509_signer) + { + exit_scepclient("generating certificate failed"); + } /* * output of self-signed X.509 certificate file @@ -933,9 +941,16 @@ int main(int argc, char **argv) { char *path = concatenate_paths(HOST_CERT_PATH, file_out_cert_self); - if (!chunk_write(x509_signer->certificate, path, "self-signed cert", 0022, force)) + encoding = x509_signer->get_encoding(x509_signer); + if (!encoding.ptr) + { + exit_scepclient("encoding certificate failed"); + } + if (!chunk_write(encoding, path, "self-signed cert", 0022, force)) + { exit_scepclient("could not write self-signed cert file '%s'", path); -; + } + chunk_free(&encoding); filetype_out &= ~CERT_SELF; /* delete CERT_SELF flag */ } @@ -949,16 +964,16 @@ int main(int argc, char **argv) */ { char *path = concatenate_paths(CA_CERT_PATH, file_in_cacert_enc); - cert_t cert; - - if (!load_cert(path, "encryption cacert", &cert)) + + x509_ca_enc = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, path, BUILD_END); + if (!x509_ca_enc) { exit_scepclient("could not load encryption cacert file '%s'", path); } - x509_ca_enc = cert.u.x509; } - /* + /* * input of PKCS#7 file */ if (filetype_in & PKCS7) @@ -976,10 +991,10 @@ int main(int argc, char **argv) DBG(DBG_CONTROL, DBG_log("building pkcs7 request") ) - pkcs7 = scep_build_request(pkcs10->request - , transID, SCEP_PKCSReq_MSG - , x509_ca_enc, pkcs7_symmetric_cipher - , x509_signer, pkcs7_digest_alg, private_key); + pkcs7 = scep_build_request(pkcs10_encoding, + transID, SCEP_PKCSReq_MSG, + x509_ca_enc, pkcs7_symmetric_cipher, + x509_signer, pkcs7_digest_alg, private_key); } /* @@ -1005,19 +1020,23 @@ int main(int argc, char **argv) */ if (filetype_out & CERT) { + certificate_t *cert; + enumerator_t *enumerator; char *path = concatenate_paths(CA_CERT_PATH, file_in_cacert_sig); - cert_t cert; - time_t poll_start; + time_t poll_start = 0; - x509cert_t *certs = NULL; + linked_list_t *certs = linked_list_create(); chunk_t envelopedData = chunk_empty; chunk_t certData = chunk_empty; contentInfo_t data = empty_contentInfo; scep_attributes_t attrs = empty_scep_attributes; - if (!load_cert(path, "signature cacert", &cert)) + x509_ca_sig = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_FROM_FILE, path, BUILD_END); + if (!x509_ca_sig) + { exit_scepclient("could not load signature cacert file '%s'", path); - x509_ca_sig = cert.u.x509; + } if (!scep_http_request(scep_url, pkcs7, SCEP_PKI_OPERATION, http_get_request, &scep_response)) @@ -1034,17 +1053,19 @@ int main(int argc, char **argv) /* in case of manual mode, we are going into a polling loop */ if (attrs.pkiStatus == SCEP_PENDING) { + identification_t *issuer = x509_ca_sig->get_subject(x509_ca_sig); + plog(" scep request pending, polling every %d seconds" , poll_interval); - time(&poll_start); - issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc" - , x509_ca_sig->subject - , subject); + poll_start = time_monotonic(NULL); + issuerAndSubject = asn1_wrap(ASN1_SEQUENCE, "cc", + issuer->get_encoding(issuer), + subject); } while (attrs.pkiStatus == SCEP_PENDING) { if (max_poll_time > 0 - && (time(NULL) - poll_start >= max_poll_time)) + && (time_monotonic(NULL) - poll_start >= max_poll_time)) { exit_scepclient("maximum poll time reached: %d seconds" , max_poll_time); @@ -1096,7 +1117,7 @@ int main(int argc, char **argv) { exit_scepclient("could not decrypt envelopedData"); } - if (!pkcs7_parse_signedData(certData, NULL, &certs, NULL, NULL)) + if (!pkcs7_parse_signedData(certData, NULL, certs, NULL, NULL)) { exit_scepclient("error parsing the scep response"); } @@ -1104,22 +1125,29 @@ int main(int argc, char **argv) /* store the end entity certificate */ path = concatenate_paths(HOST_CERT_PATH, file_out_cert); - while (certs != NULL) + + enumerator = certs->create_enumerator(certs); + while (enumerator->enumerate(enumerator, &cert)) { bool stored = FALSE; - x509cert_t *cert = certs; + x509_t *x509 = (x509_t*)cert; - if (!cert->isCA) + if (!(x509->get_flags(x509) & X509_CA)) { if (stored) + { exit_scepclient("multiple certs received, only first stored"); - if (!chunk_write(cert->certificate, path, "requested cert", 0022, force)) + } + encoding = cert->get_encoding(cert); + if (!chunk_write(encoding, path, "requested cert", 0022, force)) + { exit_scepclient("could not write cert file '%s'", path); + } + chunk_free(&encoding); stored = TRUE; } - certs = certs->next; - free_x509cert(cert); } + certs->destroy_offset(certs, offsetof(certificate_t, destroy)); filetype_out &= ~CERT; /* delete CERT flag */ } diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 3355b3afb..7524b5f26 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -6,7 +6,7 @@ keywords.c files.h keywords.h cmp.c starter.c cmp.h exec.c invokecharon.c \ exec.h invokecharon.h lex.yy.c loglite.c klips.c klips.h INCLUDES = \ --I${linuxdir} \ +-I${linux_headers} \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libfreeswan \ -I$(top_srcdir)/src/pluto \ @@ -15,9 +15,11 @@ INCLUDES = \ AM_CFLAGS = \ -DIPSEC_DIR=\"${ipsecdir}\" \ --DIPSEC_CONFDIR=\"${confdir}\" \ +-DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" \ -DIPSEC_EAPDIR=\"${eapdir}\" \ +-DDEV_RANDOM=\"${random_device}\" \ +-DDEV_URANDOM=\"${urandom_device}\" \ -DDEBUG starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) @@ -37,7 +39,7 @@ if USE_CHARON endif lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h - $(LEX) $(srcdir)/parser.l + $(LEX) $(srcdir)/parser.l y.tab.c: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h $(YACC) -v -d $(srcdir)/parser.y @@ -51,7 +53,7 @@ keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c -install-exec-local : +install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index a839c20b1..79ea9de32 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -39,14 +41,21 @@ subdir = src/starter DIST_COMMON = README $(dist_man_MANS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(ipsec_PROGRAMS) am_starter_OBJECTS = y.tab.$(OBJEXT) netkey.$(OBJEXT) \ starterwhack.$(OBJEXT) starterstroke.$(OBJEXT) \ @@ -63,6 +72,7 @@ starter_DEPENDENCIES = defs.o \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -74,6 +84,27 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(starter_SOURCES) DIST_SOURCES = $(starter_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff @@ -114,25 +145,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -144,11 +172,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -177,9 +208,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -202,7 +233,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -210,6 +241,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -218,10 +250,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -229,6 +263,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ starter_SOURCES = y.tab.c netkey.c y.tab.h parser.h args.h netkey.h \ @@ -238,16 +273,18 @@ keywords.c files.h keywords.h cmp.c starter.c cmp.h exec.c invokecharon.c \ exec.h invokecharon.h lex.yy.c loglite.c klips.c klips.h INCLUDES = \ --I${linuxdir} \ +-I${linux_headers} \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libfreeswan \ -I$(top_srcdir)/src/pluto \ -I$(top_srcdir)/src/whack \ -I$(top_srcdir)/src/stroke -AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" \ - -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" \ - -DDEBUG $(am__append_1) $(am__append_2) +AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \ + -DIPSEC_EAPDIR=\"${eapdir}\" -DDEV_RANDOM=\"${random_device}\" \ + -DDEV_URANDOM=\"${urandom_device}\" -DDEBUG $(am__append_1) \ + $(am__append_2) starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la $(SOCKLIB) EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf dist_man_MANS = ipsec.conf.5 starter.8 @@ -267,9 +304,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/starter/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/starter/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/starter/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/starter/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -287,34 +324,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list starter$(EXEEXT): $(starter_OBJECTS) $(starter_DEPENDENCIES) @rm -f starter$(EXEEXT) $(LINK) $(starter_OBJECTS) $(starter_LDADD) $(LIBS) @@ -344,21 +397,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -368,96 +421,82 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -install-man5: $(man5_MANS) $(man_MANS) +install-man5: $(dist_man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man5dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + uninstall-man5: @$(NORMAL_UNINSTALL) - @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.5*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 5*) ;; \ - *) ext='5' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man5dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man5dir)/$$inst"; \ - done -install-man8: $(man8_MANS) $(man_MANS) + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } +install-man8: $(dist_man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ done; \ - for i in $$list; do \ - if test -f $$i; then file=$$i; \ - else file=$(srcdir)/$$i; fi; \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \ - done + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + uninstall-man8: @$(NORMAL_UNINSTALL) - @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ - l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ - for i in $$l2; do \ - case "$$i" in \ - *.8*) list="$$list $$i" ;; \ - esac; \ - done; \ - for i in $$list; do \ - ext=`echo $$i | sed -e 's/^.*\\.//'`; \ - case "$$ext" in \ - 8*) ;; \ - *) ext='8' ;; \ - esac; \ - inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ - inst=`echo $$inst | sed -e 's/^.*\///'`; \ - inst=`echo $$inst | sed '$(transform)'`.$$ext; \ - echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \ - rm -f "$(DESTDIR)$(man8dir)/$$inst"; \ - done + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ @@ -471,7 +510,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -479,34 +518,52 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -522,13 +579,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -559,6 +620,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -581,6 +643,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -589,18 +653,28 @@ install-data-am: install-ipsecPROGRAMS install-man install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-exec-local install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-man5 install-man8 install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -645,7 +719,7 @@ uninstall-man: uninstall-man5 uninstall-man8 lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h - $(LEX) $(srcdir)/parser.l + $(LEX) $(srcdir)/parser.l y.tab.c: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h $(YACC) -v -d $(srcdir)/parser.y @@ -659,7 +733,7 @@ keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h defs.o: $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) -c -o $@ $(PLUTODIR)/defs.c -install-exec-local : +install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/cacerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/cacerts" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/ocspcerts" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/ocspcerts" || true @@ -670,6 +744,7 @@ install-exec-local : test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -o ${ipsecuid} -g ${ipsecgid} -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/starter/args.c b/src/starter/args.c index 990d7588b..ebbd42cc8 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -36,6 +36,7 @@ typedef enum { ARG_UINT, ARG_TIME, ARG_ULNG, + ARG_ULLI, ARG_PCNT, ARG_STR, ARG_LST, @@ -111,6 +112,11 @@ static const char *LST_pfsgroup[] = { "modp4096", "modp6144", "modp8192", + "ecp192", + "ecp224", + "ecp256", + "ecp384", + "ecp521", NULL }; @@ -207,6 +213,10 @@ static const token_info_t token_info[] = { ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL }, { ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL }, + { ARG_ULLI, offsetof(starter_conn_t, sa_ipsec_life_bytes), NULL }, + { ARG_ULLI, offsetof(starter_conn_t, sa_ipsec_margin_bytes), NULL }, + { ARG_ULLI, offsetof(starter_conn_t, sa_ipsec_life_packets), NULL }, + { ARG_ULLI, offsetof(starter_conn_t, sa_ipsec_margin_packets), NULL }, { ARG_MISC, 0, NULL /* KW_KEYINGTRIES */ }, { ARG_PCNT, offsetof(starter_conn_t, sa_rekey_fuzz), NULL }, { ARG_MISC, 0, NULL /* KW_REKEY */ }, @@ -217,6 +227,7 @@ static const token_info_t token_info[] = { ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL }, { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, + { ARG_TIME, offsetof(starter_conn_t, inactivity), NULL }, { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, { ARG_MISC, 0, NULL /* KW_XAUTH */ }, { ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool }, @@ -241,7 +252,7 @@ static const token_info_t token_info[] = { ARG_STR, offsetof(starter_end_t, subnet), NULL }, { ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ }, { ARG_MISC, 0, NULL /* KW_PROTOPORT */ }, - { ARG_STR, offsetof(starter_end_t, srcip), NULL }, + { ARG_MISC, 0, NULL /* KW_SOURCEIP */ }, { ARG_MISC, 0, NULL /* KW_NATIP */ }, { ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool }, { ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool }, @@ -391,7 +402,7 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base, case ARG_UINT: { char *endptr; - u_int *u = (u_int *)p; + u_int *u = (u_int *)p; *u = strtoul(kw->value, &endptr, 10); @@ -429,6 +440,20 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base, } break; + case ARG_ULLI: + { + char *endptr; + unsigned long long *ll = (unsigned long long *)p; + + *ll = strtoull(kw->value, &endptr, 10); + + if (*endptr != '\0') + { + plog("# bad integer value: %s=%s", kw->entry->name, kw->value); + return FALSE; + } + } + break; case ARG_TIME: { char *endptr; @@ -490,12 +515,12 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base, { char ** lst; - for (lst = *listp; lst && *lst; lst++) + for (lst = *listp; lst && *lst; lst++) { bool match = FALSE; list = token_info[token].list; - + while (*list != NULL && !match) { match = streq(*lst, *list++); @@ -659,6 +684,17 @@ bool cmp_args(kw_token_t first, kw_token_t last, char *base1, char *base2) } } break; + case ARG_ULLI: + { + unsigned long long *ll1 = (unsigned long long *)p1; + unsigned long long *ll2 = (unsigned long long *)p2; + + if (*ll1 != *ll2) + { + return FALSE; + } + } + break; case ARG_TIME: { time_t *t1 = (time_t *)p1; diff --git a/src/starter/confread.c b/src/starter/confread.c index 5fd2b9fbf..07cc11503 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -119,7 +119,7 @@ load_setup(starter_config_t *cfg, config_parsed_t *cfgp) bool assigned = FALSE; kw_token_t token = kw->entry->token; - + if (token < KW_SETUP_FIRST || token > KW_SETUP_LAST) { plog("# unsupported keyword '%s' in config setup", kw->entry->name); @@ -136,9 +136,8 @@ load_setup(starter_config_t *cfg, config_parsed_t *cfgp) } } -static void -kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token - , kw_list_t *kw, char *conn_name, starter_config_t *cfg) +static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, + kw_list_t *kw, char *conn_name, starter_config_t *cfg) { err_t ugh = NULL; bool assigned = FALSE; @@ -165,10 +164,10 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token ip_subnet net; char *pos; int len = 0; - + end->has_client = TRUE; conn->tunnel_addr_family = ip_version(value); - + pos = strchr(value, ','); if (pos) { @@ -188,31 +187,54 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token plog("# natip and sourceip cannot be defined at the same time"); goto err; } - if (streq(value, "%modeconfig") || streq(value, "%modecfg") || - streq(value, "%config") || streq(value, "%cfg")) + if (value[0] == '%') { - free(end->srcip); - end->srcip = NULL; + if (streq(value, "%modeconfig") || streq(value, "%modecfg") || + streq(value, "%config") || streq(value, "%cfg")) + { + /* request ip via config payload */ + end->sourceip = NULL; + end->sourceip_mask = 1; + } + else + { /* %poolname, strip %, serve ip requests */ + end->sourceip = clone_str(value+1); + end->sourceip_mask = 0; + } end->modecfg = TRUE; } else { + char *pos; ip_address addr; ip_subnet net; - + conn->tunnel_addr_family = ip_version(value); - if (strchr(value, '/')) + pos = strchr(value, '/'); + + if (pos) { /* CIDR notation, address pool */ ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &net); + if (ugh != NULL) + { + plog("# bad subnet: %s=%s [%s]", name, value, ugh); + goto err; + } + *pos = '\0'; + end->sourceip = clone_str(value); + end->sourceip_mask = atoi(pos + 1); } - else if (value[0] != '%') - { /* old style fixed srcip, a %poolname otherwise */ + else + { /* fixed srcip */ ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr); - } - if (ugh != NULL) - { - plog("# bad addr: %s=%s [%s]", name, value, ugh); - goto err; + if (ugh != NULL) + { + plog("# bad addr: %s=%s [%s]", name, value, ugh); + goto err; + } + end->sourceip = clone_str(value); + end->sourceip_mask = (conn->tunnel_addr_family == AF_INET) ? + 32 : 128; } } conn->policy |= POLICY_TUNNEL; @@ -245,6 +267,10 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token end->addr = cfg->defaultroute.addr; end->nexthop = cfg->defaultroute.nexthop; } + else if (!cfg->defaultroute.supported) + { + plog("%%defaultroute not supported, fallback to %%any"); + } else { plog("# default route not known: %s=%s", name, value); @@ -298,7 +324,9 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token if (streq(value, "%defaultroute")) { if (cfg->defaultroute.defined) + { end->nexthop = cfg->defaultroute.nexthop; + } else { plog("# default route not known: %s=%s", name, value); @@ -323,7 +351,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token case KW_SUBNETWITHIN: { ip_subnet net; - + end->has_client = TRUE; end->has_client_wildcard = TRUE; conn->tunnel_addr_family = ip_version(value); @@ -342,7 +370,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token end->has_port_wildcard = has_port_wildcard; break; case KW_NATIP: - if (end->srcip) + if (end->sourceip) { plog("# natip and sourceip cannot be defined at the same time"); goto err; @@ -350,11 +378,11 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token if (streq(value, "%defaultroute")) { char buf[64]; - + if (cfg->defaultroute.defined) { addrtot(&cfg->defaultroute.addr, 0, buf, sizeof(buf)); - end->srcip = clone_str(buf); + end->sourceip = clone_str(buf); } else { @@ -365,7 +393,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token else { ip_address addr; - + conn->tunnel_addr_family = ip_version(value); ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &addr); if (ugh != NULL) @@ -373,7 +401,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token plog("# bad addr: %s=%s [%s]", name, value, ugh); goto err; } - end->srcip = clone_str(value); + end->sourceip = clone_str(value); } end->has_natip = TRUE; conn->policy |= POLICY_TUNNEL; @@ -510,8 +538,8 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) } else if (streq(kw->value, "transport_proxy")) { - conn->policy |= POLICY_PROXY; - } + conn->policy |= POLICY_PROXY; + } else if (streq(kw->value, "passthrough") || streq(kw->value, "pass")) { conn->policy |= POLICY_SHUNT_PASS; @@ -535,10 +563,10 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) break; case KW_COMPRESS: KW_POLICY_FLAG("yes", "no", POLICY_COMPRESS) - break; + break; case KW_AUTH: KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE) - break; + break; case KW_AUTHBY: conn->policy &= ~(POLICY_ID_AUTH_MASK | POLICY_ENCRYPT); @@ -591,7 +619,7 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) case KW_EAP: { char *sep; - + /* check for vendor-type format */ sep = strchr(kw->value, '-'); if (sep) @@ -922,7 +950,7 @@ confread_free_ca(starter_ca_t *ca) /* * free the memory used by a starter_config_t object */ -void +void confread_free(starter_config_t *cfg) { starter_conn_t *conn = cfg->conn_first; @@ -1046,7 +1074,7 @@ confread_load(const char *file) for (ca = cfg->ca_first; ca; ca = ca->next) { also_t *also = ca->also; - + while (also != NULL) { kw_list_t *kw = find_also_ca(also->name, cfg->ca_first, cfg); @@ -1080,7 +1108,7 @@ confread_load(const char *file) for (sconn = cfgp->conn_first; sconn; sconn = sconn->next) { u_int previous_err; - + /* skip %default conn section */ if (streq(sconn->name, "%default")) continue; @@ -1093,7 +1121,7 @@ confread_load(const char *file) conn_default(sconn->name, conn, &cfg->conn_default); conn->kw = sconn->kw; conn->next = NULL; - + previous_err = cfg->err; load_conn(conn, conn->kw, cfg); if (cfg->err > previous_err) diff --git a/src/starter/confread.h b/src/starter/confread.h index b20c2e0d3..7f3211628 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -82,7 +82,8 @@ struct starter_end { char *updown; u_int16_t port; u_int8_t protocol; - char *srcip; + char *sourceip; + int sourceip_mask; }; typedef struct also also_t; @@ -112,6 +113,10 @@ struct starter_conn { time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; time_t sa_rekey_margin; + u_int64_t sa_ipsec_life_bytes; + u_int64_t sa_ipsec_margin_bytes; + u_int64_t sa_ipsec_life_packets; + u_int64_t sa_ipsec_margin_packets; unsigned long sa_keying_tries; unsigned long sa_rekey_fuzz; sa_family_t addr_family; @@ -124,12 +129,14 @@ struct starter_conn { char *esp; char *ike; char *pfsgroup; - + time_t dpd_delay; time_t dpd_timeout; dpd_action_t dpd_action; int dpd_count; - + + time_t inactivity; + bool me_mediation; char *me_mediated_by; char *me_peerid; diff --git a/src/starter/interfaces.c b/src/starter/interfaces.c index 3fff65be7..92b2c74a4 100644 --- a/src/starter/interfaces.c +++ b/src/starter/interfaces.c @@ -1,5 +1,6 @@ /* strongSwan IPsec interfaces management * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security + * 2009 Heiko Hund - Astaro AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -12,12 +13,6 @@ * for more details. */ -#include -#include -#ifdef HAVE_SYS_SOCKIO_H -#include -#endif - #include #include #include @@ -33,120 +28,185 @@ #include "exec.h" #include "files.h" +#ifdef START_PLUTO + +#include +#include +#include +#ifdef HAVE_SYS_SOCKIO_H +#include +#endif + /* - * discover the default route via /proc/net/route + * Get the default route information via rtnetlink */ void get_defaultroute(defaultroute_t *defaultroute) { - FILE *fd; - char line[BUF_LEN]; - bool first = TRUE; - - memset(defaultroute, 0, sizeof(defaultroute_t)); + union { + struct { + struct nlmsghdr nh; + struct rtmsg rt; + } m; + char buf[4096]; + } rtu; + + struct nlmsghdr *nh; + uint32_t best_metric = ~0; + ssize_t msglen; + int fd; + + bzero(&rtu, sizeof(rtu)); + rtu.m.nh.nlmsg_len = NLMSG_LENGTH(sizeof(rtu.m.rt)); + rtu.m.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP; + rtu.m.nh.nlmsg_type = RTM_GETROUTE; + rtu.m.rt.rtm_family = AF_INET; + rtu.m.rt.rtm_table = RT_TABLE_UNSPEC; + rtu.m.rt.rtm_protocol = RTPROT_UNSPEC; + rtu.m.rt.rtm_type = RTN_UNICAST; + + fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); + if (fd == -1) + { + plog("could not create rtnetlink socket"); + return; + } - fd = fopen("/proc/net/route", "r"); + if (send(fd, &rtu, rtu.m.nh.nlmsg_len, 0) == -1) + { + plog("could not write to rtnetlink socket"); + close(fd); + return; + } - if (!fd) + msglen = recv(fd, &rtu, sizeof(rtu), MSG_WAITALL); + if (msglen == -1) { - plog("could not open 'proc/net/route'"); + plog("could not read from rtnetlink socket"); + close(fd); return; } - while (fgets(line, sizeof(line), fd) != 0) + close(fd); + + for (nh = &rtu.m.nh; NLMSG_OK(nh, msglen); nh = NLMSG_NEXT(nh, msglen)) { - char iface[11]; - char destination[9]; - char gateway[11]; - char flags[5]; - char mask[9]; - - int refcnt; - int use; - int metric; - int items; - - /* proc/net/route returns IP addresses in host order */ - strcpy(gateway, "0h"); - - /* skip the header line */ - if (first) + struct rtmsg *rt; + struct rtattr *rta; + uint32_t rtalen, metric = 0; + struct in_addr gw = { .s_addr = INADDR_ANY }; + int iface_idx = -1; + + if (nh->nlmsg_type == NLMSG_ERROR) { - first = FALSE; - continue; + plog("error from rtnetlink"); + return; } - /* parsing a single line of proc/net/route */ - items = sscanf(line, "%10s\t%8s\t%8s\t%5s\t%d\t%d\t%d\t%8s\t" - , iface, destination, gateway+2, flags, &refcnt, &use, &metric, mask); - if (items < 8) - { - plog("parsing error while scanning /proc/net/route"); + if (nh->nlmsg_type == NLMSG_DONE) + break; + + rt = NLMSG_DATA(nh); + if ( rt->rtm_dst_len != 0 + || (rt->rtm_table != RT_TABLE_MAIN + && rt->rtm_table != RT_TABLE_DEFAULT) ) continue; + + rta = RTM_RTA(rt); + rtalen = RTM_PAYLOAD(nh); + while ( RTA_OK(rta, rtalen) ) + { + switch (rta->rta_type) + { + case RTA_GATEWAY: + gw = *(struct in_addr *) RTA_DATA(rta); + break; + case RTA_OIF: + iface_idx = *(int *) RTA_DATA(rta); + break; + case RTA_PRIORITY: + metric = *(uint32_t *) RTA_DATA(rta); + break; + } + rta = RTA_NEXT(rta, rtalen); } - /* check for defaultroute (destination 0.0.0.0 and mask 0.0.0.0) */ - if (streq(destination, "00000000") && streq(mask, "00000000")) + if (metric < best_metric + && iface_idx != -1) { - if (defaultroute->defined) + struct ifreq req; + + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd < 0) + { + plog("could not open AF_INET socket"); + break; + } + bzero(&req, sizeof(req)); + req.ifr_ifindex = iface_idx; + if (ioctl(fd, SIOCGIFNAME, &req) < 0 || + ioctl(fd, SIOCGIFADDR, &req) < 0) { - plog("multiple default routes - cannot cope with %%defaultroute!!!"); - defaultroute->defined = FALSE; - fclose(fd); - return; + plog("could not read interface data, ignoring route"); + close(fd); + break; } - ttoaddr(gateway, strlen(gateway), AF_INET, &defaultroute->nexthop); - strncpy(defaultroute->iface, iface, IFNAMSIZ); + + strncpy(defaultroute->iface, req.ifr_name, IFNAMSIZ); + defaultroute->addr.u.v4 = *((struct sockaddr_in *) &req.ifr_addr); + defaultroute->nexthop.u.v4.sin_family = AF_INET; + + if (gw.s_addr == INADDR_ANY) + { + if (ioctl(fd, SIOCGIFDSTADDR, &req) < 0 || + ((struct sockaddr_in*) &req.ifr_dstaddr)->sin_addr.s_addr == INADDR_ANY) + { + DBG_log("Ignoring default route to device %s because we can't get it's destination", + req.ifr_name); + close(fd); + break; + } + + defaultroute->nexthop.u.v4 = *((struct sockaddr_in *) &req.ifr_dstaddr); + } + else + defaultroute->nexthop.u.v4.sin_addr = gw; + + close(fd); + + DBG(DBG_CONTROL, + char addr[20]; + char nexthop[20]; + addrtot(&defaultroute->addr, 0, addr, sizeof(addr)); + addrtot(&defaultroute->nexthop, 0, nexthop, sizeof(nexthop)); + + DBG_log( + ( !defaultroute->defined + ? "Default route found: iface=%s, addr=%s, nexthop=%s" + : "Better default route: iface=%s, addr=%s, nexthop=%s" + ), defaultroute->iface, addr, nexthop + ) + ); + + best_metric = metric; defaultroute->defined = TRUE; } } - fclose(fd); + defaultroute->supported = TRUE; if (!defaultroute->defined) - { plog("no default route - cannot cope with %%defaultroute!!!"); - } - else - { - char addr_buf[20], nexthop_buf[20]; - struct ifreq physreq; +} - int sock = socket(AF_INET, SOCK_DGRAM, 0); +#else /* !START_PLUTO */ - /* determine IP address of iface */ - if (sock < 0) - { - plog("could not open SOCK_DGRAM socket"); - defaultroute->defined = FALSE; - return; - } - memset ((void*)&physreq, 0, sizeof(physreq)); - strncpy(physreq.ifr_name, defaultroute->iface, IFNAMSIZ); - ioctl(sock, SIOCGIFADDR, &physreq); - close(sock); - defaultroute->addr.u.v4 = *((struct sockaddr_in *)&physreq.ifr_addr); - - addrtot(&defaultroute->addr, 0, addr_buf, sizeof(addr_buf)); - addrtot(&defaultroute->nexthop, 0, nexthop_buf, sizeof(nexthop_buf)); - - DBG(DBG_CONTROL, - DBG_log("Default route found: iface=%s, addr=%s, nexthop=%s" - , defaultroute->iface, addr_buf, nexthop_buf) - ) - - /* for backwards-compatibility with the awk shell scripts - * store the defaultroute in /var/run/ipsec.info - */ - fd = fopen(INFO_FILE, "w"); - - if (fd) - { - fprintf(fd, "defaultroutephys=%s\n", defaultroute->iface ); - fprintf(fd, "defaultroutevirt=ipsec0\n"); - fprintf(fd, "defaultrouteaddr=%s\n", addr_buf); - fprintf(fd, "defaultroutenexthop=%s\n", nexthop_buf); - fclose(fd); - } - } - return; +/** + * Pluto disabled, fall back to %any + */ +void +get_defaultroute(defaultroute_t *defaultroute) +{ + defaultroute->supported = FALSE; } +#endif /* START_PLUTO */ + diff --git a/src/starter/interfaces.h b/src/starter/interfaces.h index abe4c8f9c..ff8535f0e 100644 --- a/src/starter/interfaces.h +++ b/src/starter/interfaces.h @@ -23,6 +23,7 @@ typedef struct { bool defined; + bool supported; char iface[IFNAMSIZ]; ip_address addr; ip_address nexthop; diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index 1eb2a0332..f8aa5e6a9 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -127,7 +127,7 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; - + if (attach_gdb) { argc = 0; @@ -163,7 +163,7 @@ int starter_start_charon (starter_config_t *cfg, bool no_fork, bool attach_gdb) { break; } - + /* get next */ pos = strchr(pos, ','); if (pos) diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c index 08fb0657a..f91f4b6c9 100644 --- a/src/starter/invokepluto.c +++ b/src/starter/invokepluto.c @@ -94,7 +94,7 @@ starter_stop_pluto (void) /* be more and more aggressive */ for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++) { - + if (i < 10) { kill(pid, SIGTERM); @@ -103,7 +103,7 @@ starter_stop_pluto (void) { kill(pid, SIGKILL); plog("starter_stop_pluto(): pluto does not respond, sending KILL"); - } + } else { kill(pid, SIGKILL); @@ -147,7 +147,7 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork, bool attach_gdb) }; printf ("starter_start_pluto entered\n"); - + if (attach_gdb) { argc = 0; diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5 index 31e676324..d4dd7238f 100644 --- a/src/starter/ipsec.conf.5 +++ b/src/starter/ipsec.conf.5 @@ -248,7 +248,7 @@ for Elliptic Curve DSA signatures. .B never can be used if negotiation is never to be attempted or accepted (useful for shunt-only conns). -Digital signatures are superior in every way to shared secrets. +Digital signatures are superior in every way to shared secrets. IKEv1 additionally supports the values .B xauthpsk and @@ -256,7 +256,7 @@ and that will enable eXtended AUTHentication (XAUTH) in addition to IKEv1 main mode based on shared secrets or digital RSA signatures, respectively. This parameter is deprecated for IKEv2 connections, as two peers do not need -to agree on an authentication method. Use the +to agree on an authentication method. Use the .B leftauth parameter instead to define authentication methods in IKEv2. .TP @@ -282,7 +282,7 @@ and loads a connection and brings it up immediatly. .B ignore ignores the connection. This is equal to delete a connection from the config -file. +file. Relevant only locally, other end need not agree on it (but in general, for an intended-to-be-permanent connection, both ends should use @@ -314,7 +314,7 @@ are periodically sent in order to check the liveliness of the IPsec peer. The values .BR clear , .BR hold , -and +and .B restart all activate DPD. If no activity is detected, all connections with a dead peer are stopped and unrouted ( @@ -348,19 +348,23 @@ defines the timeout interval, after which all connections to a peer are deleted in case of inactivity. This only applies to IKEv1, in IKEv2 the default retransmission timeout applies, as every exchange is used to detect dead peers. .TP +.B inactivity +defines the timeout interval, after which a CHILD_SA is closed if it did +not send or receive any traffic. Currently supported in IKEv2 connections only. +.TP .B eap defines the EAP type to propose as server if the client requests EAP authentication. This parameter is deprecated in the favour of .B leftauth. To forward EAP authentication to a RADIUS server using the EAP-RADIUS plugin, -set +set .B eap=radius .TP .B eap_identity defines the identity the client uses to reply to a EAP Identity request. If defined on the EAP server, the defined identity will be used as peer -identity during EAP authentication. The special value +identity during EAP authentication. The special value .B %identity uses the EAP Identity method to ask the client for a EAP identity. If not defined, the IKEv2 identity will be used as EAP identity. @@ -374,7 +378,7 @@ and rekeying include a separate diffe hellman exchange (IKEv2 only). .TP .B forceencaps Force UDP encapsulation for ESP packets even if no NAT situation is detected. -This may help to hurdle restrictive firewalls. To enforce the peer to +This may help to hurdle restrictive firewalls. To enforce the peer to encapsulate packets, NAT detection payloads are faked (IKEv2 only). .TP .B ike @@ -403,8 +407,8 @@ which protocol should be used to initialize the connection. Connections marked w .B ikev1 are initiated with pluto, those marked with .B ikev2 -with charon. An incoming request from the remote peer is handled by the correct -daemon, unaffected from the +with charon. An incoming request from the remote peer is handled by the correct +daemon, unaffected from the .B keyexchange setting. The default value .B ike @@ -421,30 +425,8 @@ means 'never give up'. Relevant only locally, other end need not agree on it. .TP .B keylife -how long a particular instance of a connection -(a set of encryption/authentication keys for user packets) should last, -from successful negotiation to expiry; -acceptable values are an integer optionally followed by -.BR s -(a time in seconds) -or a decimal number followed by -.BR m , -.BR h , -or -.B d -(a time -in minutes, hours, or days respectively) -(default -.BR 1h , -maximum -.BR 24h ). -Normally, the connection is renegotiated (via the keying channel) -before it expires. -The two ends need not exactly agree on -.BR keylife , -although if they do not, -there will be some clutter of superseded connections on the end -which thinks the lifetime is longer. +synonym for +.BR lifetime . .TP .B left (required) @@ -494,14 +476,14 @@ and .TP .B leftauth Authentication method to use (local) or require (remote) in this connection. -This parameter is supported in IKEv2 only. Acceptable values are +This parameter is supported in IKEv2 only. Acceptable values are .B pubkey -for public key authentication (RSA/ECDSA), +for public key authentication (RSA/ECDSA), .B psk for pre-shared key authentication and .B eap to (require the) use of the Extensible Authentication Protocol. In the case -of +of .B eap, an optional EAP method can be appended. Currently defined methods are .B eap-aka, eap-sim, eap-gtc, eap-md5 @@ -515,7 +497,7 @@ EAP methods are defined in the form ). .TP .B leftauth2 -Same as +Same as .B leftauth, but defines an additional authentication exchange. IKEv2 supports multiple authentication rounds using "Multiple Authentication Exchanges" defined @@ -525,7 +507,7 @@ of host and user (IKEv2 only). .B leftca the distinguished name of a certificate authority which is required to lie in the trust path going from the left participant's certificate up -to the root certification authority. +to the root certification authority. .TP .B leftca2 Same as @@ -538,7 +520,7 @@ PEM or DER format. OpenPGP certificates are supported as well. Both absolute paths or paths relative to \fI/etc/ipsec.d/certs\fP are accepted. By default .B leftcert -sets +sets .B leftid to the distinguished name of the certificate's subject and .B leftca @@ -679,7 +661,7 @@ or .B %cfg, an address is requested from the peer. In IKEv2, a defined address is requested, but the server may change it. If the server does not support it, the address -is enforced. +is enforced. .TP .B rightsourceip The internal source IP to use in a tunnel for the remote peer. If the @@ -724,6 +706,61 @@ Relevant only locally, other end need not agree on it. IKEv2 uses the updown script to insert firewall rules only. Routing is not support and will be implemented directly into Charon. .TP +.B lifebytes +the number of bytes transmitted over an IPsec SA before it expires (IKEv2 +only). +.TP +.B lifepackets +the number of packets transmitted over an IPsec SA before it expires (IKEv2 +only). +.TP +.B lifetime +how long a particular instance of a connection +(a set of encryption/authentication keys for user packets) should last, +from successful negotiation to expiry; +acceptable values are an integer optionally followed by +.BR s +(a time in seconds) +or a decimal number followed by +.BR m , +.BR h , +or +.B d +(a time +in minutes, hours, or days respectively) +(default +.BR 1h , +maximum +.BR 24h ). +Normally, the connection is renegotiated (via the keying channel) +before it expires (see +.BR margintime ). +The two ends need not exactly agree on +.BR lifetime , +although if they do not, +there will be some clutter of superseded connections on the end +which thinks the lifetime is longer. +.TP +.B marginbytes +how many bytes before IPsec SA expiry (see +.BR lifebytes ) +should attempts to negotiate a replacement begin (IKEv2 only). +.TP +.B marginpackets +how many packets before IPsec SA expiry (see +.BR lifepackets ) +should attempts to negotiate a replacement begin (IKEv2 only). +.TP +.B margintime +how long before connection expiry or keying-channel expiry +should attempts to +negotiate a replacement +begin; acceptable values as for +.B lifetime +(default +.BR 9m ). +Relevant only locally, other end need not agree on it. +.TP .B mobike enables the IKEv2 MOBIKE protocol defined by RFC 4555. Accepted values are .B yes @@ -759,7 +796,7 @@ PFS is enforced by defining a Diffie-Hellman modp group in the .B esp parameter. .TP -.B pfsgroup +.B pfsgroup defines a Diffie-Hellman group for perfect forward secrecy in IKEv1 Quick Mode differing from the DH group used for IKEv1 Main Mode (IKEv1 only). .TP @@ -789,35 +826,35 @@ will be largely ineffective unless both ends agree on it. .TP .B rekeyfuzz maximum percentage by which -.B rekeymargin +.BR marginbytes , +.B marginpackets +and +.B margintime should be randomly increased to randomize rekeying intervals (important for hosts with many connections); acceptable values are an integer, which may exceed 100, followed by a `%' -(default set by -.IR pluto (8), -currently +(defaults to .BR 100% ). The value of -.BR rekeymargin , +.BR marginTYPE , after this random increase, must not exceed -.BR keylife . +.B lifeTYPE +(where TYPE is one of +.IR bytes , +.I packets +or +.IR time ). The value .B 0% -will suppress time randomization. +will suppress randomization. Relevant only locally, other end need not agree on it. .TP .B rekeymargin -how long before connection expiry or keying-channel expiry -should attempts to -negotiate a replacement -begin; acceptable values as for -.B keylife -(default -.BR 9m ). -Relevant only locally, other end need not agree on it. +synonym for +.BR margintime . .TP .B type the type of the connection; currently the accepted values @@ -854,7 +891,7 @@ and (the default). .SS "CONN PARAMETERS: IKEv2 MEDIATION EXTENSION" -The following parameters are relevant to IKEv2 Mediation Extension +The following parameters are relevant to IKEv2 Mediation Extension operation only. .TP 14 .B mediation @@ -884,7 +921,7 @@ of this connection will be used as peer ID. .SH "CA SECTIONS" This are optional sections that can be used to assign special -parameters to a Certification Authority (CA). These parameters are not +parameters to a Certification Authority (CA). These parameters are not supported in IKEv2 yet. .TP 10 .B auto @@ -892,10 +929,10 @@ currently can have either the value .B ignore or .B add -. +. .TP .B cacert -defines a path to the CA certificate either relative to +defines a path to the CA certificate either relative to \fI/etc/ipsec.d/cacerts\fP or as an absolute path. .TP .B crluri @@ -970,7 +1007,7 @@ Accepted values are .B yes or .BR no . -The default is +The default is .B yes if starter was compiled with IKEv2 support. .TP @@ -987,7 +1024,7 @@ Accepted values are .B yes or .BR no . -The default is +The default is .B yes if starter was compiled with IKEv1 support. .TP @@ -1192,7 +1229,7 @@ value that the MTU of the ipsec\fIn\fR interface(s) should be set to, overriding IPsec's (large) default. .SH CHOOSING A CONNECTION .PP -When choosing a connection to apply to an outbound packet caught with a +When choosing a connection to apply to an outbound packet caught with a .BR %trap, the system prefers the one with the most specific eroute that includes the packet's source and destination IP addresses. diff --git a/src/starter/keywords.c b/src/starter/keywords.c index 3ca7a92f6..e379f78e9 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -54,12 +54,12 @@ struct kw_entry { kw_token_t token; }; -#define TOTAL_KEYWORDS 112 +#define TOTAL_KEYWORDS 119 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 13 -#define MAX_HASH_VALUE 200 -/* maximum key range = 188, duplicates = 0 */ +#define MIN_HASH_VALUE 17 +#define MAX_HASH_VALUE 215 +/* maximum key range = 199, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -75,32 +75,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 3, - 42, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 1, 201, 9, 201, 5, - 39, 1, 64, 47, 62, 1, 201, 88, 5, 83, - 39, 30, 21, 201, 1, 10, 6, 44, 14, 201, - 4, 54, 4, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201, 201, 201, 201, 201, - 201, 201, 201, 201, 201, 201 + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 12, + 78, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 4, 216, 20, 216, 45, + 55, 4, 77, 14, 78, 4, 216, 119, 4, 89, + 46, 34, 29, 216, 6, 12, 5, 56, 34, 216, + 4, 20, 5, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, + 216, 216, 216, 216, 216, 216 }; register int hval = len; @@ -124,143 +124,151 @@ hash (str, len) static const struct kw_entry wordlist[] = { - {"right", KW_RIGHT}, - {"crluri", KW_CRLURI}, {"left", KW_LEFT}, - {"crluri1", KW_CRLURI}, - {"certuribase", KW_CERTURIBASE}, + {"right", KW_RIGHT}, + {"lifetime", KW_KEYLIFE}, {"leftcert", KW_LEFTCERT,}, - {"rightcert", KW_RIGHTCERT}, - {"rightca", KW_RIGHTCA}, {"leftfirewall", KW_LEFTFIREWALL}, {"leftsendcert", KW_LEFTSENDCERT}, {"leftprotoport", KW_LEFTPROTOPORT}, + {"type", KW_TYPE}, + {"rekey", KW_REKEY}, {"leftgroups", KW_LEFTGROUPS}, - {"crlcheckinterval", KW_CRLCHECKINTERVAL}, {"rightsubnet", KW_RIGHTSUBNET}, - {"leftca", KW_LEFTCA}, {"rightsendcert", KW_RIGHTSENDCERT}, - {"cacert", KW_CACERT}, - {"eap", KW_EAP}, + {"leftallowany", KW_LEFTALLOWANY}, + {"rightgroups", KW_RIGHTGROUPS}, {"esp", KW_ESP}, - {"cachecrls", KW_CACHECRLS}, + {"lifebytes", KW_LIFEBYTES}, + {"rightrsasigkey", KW_RIGHTRSASIGKEY}, + {"lifepackets", KW_LIFEPACKETS}, {"leftnexthop", KW_LEFTNEXTHOP}, - {"virtual_private", KW_VIRTUAL_PRIVATE}, + {"leftrsasigkey", KW_LEFTRSASIGKEY}, + {"leftca", KW_LEFTCA}, + {"eap", KW_EAP}, + {"strictcrlpolicy", KW_STRICTCRLPOLICY}, {"rightprotoport", KW_RIGHTPROTOPORT}, - {"ocspuri", KW_OCSPURI}, - {"leftnatip", KW_LEFTNATIP}, - {"rightsourceip", KW_RIGHTSOURCEIP}, - {"ocspuri1", KW_OCSPURI}, - {"also", KW_ALSO}, - {"rightid", KW_RIGHTID}, {"plutostart", KW_PLUTOSTART}, - {"rightid2", KW_RIGHTID2}, - {"compress", KW_COMPRESS}, - {"packetdefault", KW_PACKETDEFAULT}, - {"crluri2", KW_CRLURI2}, - {"rightca2", KW_RIGHTCA2}, - {"leftcert2", KW_LEFTCERT2,}, - {"rightcert2", KW_RIGHTCERT2}, + {"also", KW_ALSO}, + {"rightallowany", KW_RIGHTALLOWANY}, + {"rightsourceip", KW_RIGHTSOURCEIP}, + {"crluri", KW_CRLURI}, + {"leftnatip", KW_LEFTNATIP}, {"lefthostaccess", KW_LEFTHOSTACCESS}, - {"rekey", KW_REKEY}, - {"ldapbase", KW_LDAPBASE}, - {"rightauth2", KW_RIGHTAUTH2}, - {"leftca2", KW_LEFTCA2}, - {"type", KW_TYPE}, + {"rightcert", KW_RIGHTCERT}, + {"certuribase", KW_CERTURIBASE}, + {"packetdefault", KW_PACKETDEFAULT}, + {"plutostderrlog", KW_PLUTOSTDERRLOG}, + {"crluri1", KW_CRLURI}, + {"crlcheckinterval", KW_CRLCHECKINTERVAL}, + {"rightid", KW_RIGHTID}, + {"virtual_private", KW_VIRTUAL_PRIVATE}, {"leftsubnet", KW_LEFTSUBNET}, - {"nat_traversal", KW_NAT_TRAVERSAL}, - {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, + {"cacert", KW_CACERT}, + {"rightca", KW_RIGHTCA}, {"leftsourceip", KW_LEFTSOURCEIP}, - {"rightgroups", KW_RIGHTGROUPS}, - {"rightrsasigkey", KW_RIGHTRSASIGKEY}, + {"inactivity", KW_INACTIVITY}, + {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, + {"installpolicy", KW_INSTALLPOLICY}, + {"nat_traversal", KW_NAT_TRAVERSAL}, + {"ldapbase", KW_LDAPBASE}, + {"leftupdown", KW_LEFTUPDOWN}, {"rightnatip", KW_RIGHTNATIP}, + {"ocspuri", KW_OCSPURI}, {"rightnexthop", KW_RIGHTNEXTHOP}, - {"leftupdown", KW_LEFTUPDOWN}, - {"leftallowany", KW_LEFTALLOWANY}, - {"rightallowany", KW_RIGHTALLOWANY}, + {"leftcert2", KW_LEFTCERT2,}, + {"rightid2", KW_RIGHTID2}, {"rekeyfuzz", KW_REKEYFUZZ}, - {"xauth", KW_XAUTH}, - {"rightauth", KW_RIGHTAUTH}, - {"leftrsasigkey", KW_LEFTRSASIGKEY}, + {"compress", KW_COMPRESS}, {"rightfirewall", KW_RIGHTFIREWALL}, - {"ocspuri2", KW_OCSPURI2}, - {"auto", KW_AUTO}, + {"ocspuri1", KW_OCSPURI}, {"ldaphost", KW_LDAPHOST}, + {"xauth", KW_XAUTH}, + {"postpluto", KW_POSTPLUTO}, + {"eap_identity", KW_EAP_IDENTITY}, + {"plutodebug", KW_PLUTODEBUG}, + {"leftca2", KW_LEFTCA2}, + {"auto", KW_AUTO}, {"righthostaccess", KW_RIGHTHOSTACCESS}, + {"dpddelay", KW_DPDDELAY}, + {"rightauth", KW_RIGHTAUTH}, + {"rightauth2", KW_RIGHTAUTH2}, + {"pfs", KW_PFS}, + {"authby", KW_AUTHBY}, + {"rightupdown", KW_RIGHTUPDOWN}, {"leftid", KW_LEFTID}, - {"strictcrlpolicy", KW_STRICTCRLPOLICY}, + {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, + {"uniqueids", KW_UNIQUEIDS}, {"dumpdir", KW_DUMPDIR}, + {"mediated_by", KW_MEDIATED_BY}, {"ike", KW_IKE}, - {"leftid2", KW_LEFTID2}, - {"postpluto", KW_POSTPLUTO}, - {"rightupdown", KW_RIGHTUPDOWN}, - {"plutostderrlog", KW_PLUTOSTDERRLOG}, - {"pfs", KW_PFS}, - {"fragicmp", KW_FRAGICMP}, - {"overridemtu", KW_OVERRIDEMTU}, - {"leftauth2", KW_LEFTAUTH2}, - {"uniqueids", KW_UNIQUEIDS}, + {"cachecrls", KW_CACHECRLS}, {"prepluto", KW_PREPLUTO}, - {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, - {"keyexchange", KW_KEYEXCHANGE}, - {"keep_alive", KW_KEEP_ALIVE}, - {"hidetos", KW_HIDETOS}, {"force_keepalive", KW_FORCE_KEEPALIVE}, - {"installpolicy", KW_INSTALLPOLICY}, - {"dpdaction", KW_DPDACTION}, - {"eap_identity", KW_EAP_IDENTITY}, + {"hidetos", KW_HIDETOS}, + {"mobike", KW_MOBIKE}, {"forceencaps", KW_FORCEENCAPS}, + {"overridemtu", KW_OVERRIDEMTU}, + {"crluri2", KW_CRLURI2}, + {"rightca2", KW_RIGHTCA2}, + {"rightcert2", KW_RIGHTCERT2}, + {"dpdaction", KW_DPDACTION}, {"nocrsend", KW_NOCRSEND}, - {"auth", KW_AUTH}, - {"leftauth", KW_LEFTAUTH}, - {"mobike", KW_MOBIKE}, - {"plutodebug", KW_PLUTODEBUG}, - {"charonstart", KW_CHARONSTART}, + {"leftid2", KW_LEFTID2}, {"interfaces", KW_INTERFACES}, + {"leftauth", KW_LEFTAUTH}, + {"leftauth2", KW_LEFTAUTH2}, + {"mediation", KW_MEDIATION}, + {"rekeymargin", KW_REKEYMARGIN}, + {"keep_alive", KW_KEEP_ALIVE}, + {"auth", KW_AUTH}, + {"keyingtries", KW_KEYINGTRIES}, + {"me_peerid", KW_ME_PEERID}, + {"fragicmp", KW_FRAGICMP}, + {"margintime", KW_REKEYMARGIN}, + {"ocspuri2", KW_OCSPURI2}, + {"reauth", KW_REAUTH}, {"pkcs11module", KW_PKCS11MODULE}, - {"dpddelay", KW_DPDDELAY}, + {"pfsgroup", KW_PFSGROUP}, + {"marginbytes", KW_MARGINBYTES}, {"pkcs11keepstate", KW_PKCS11KEEPSTATE}, - {"reauth", KW_REAUTH}, - {"me_peerid", KW_ME_PEERID}, - {"rekeymargin", KW_REKEYMARGIN}, + {"marginpackets", KW_MARGINPACKETS}, + {"modeconfig", KW_MODECONFIG}, + {"keyexchange", KW_KEYEXCHANGE}, + {"charonstart", KW_CHARONSTART}, {"pkcs11initargs", KW_PKCS11INITARGS}, - {"mediation", KW_MEDIATION}, - {"pfsgroup", KW_PFSGROUP}, - {"mediated_by", KW_MEDIATED_BY}, - {"keyingtries", KW_KEYINGTRIES}, {"dpdtimeout", KW_DPDTIMEOUT}, - {"keylife", KW_KEYLIFE}, - {"charondebug", KW_CHARONDEBUG}, - {"ikelifetime", KW_IKELIFETIME}, - {"authby", KW_AUTHBY}, {"pkcs11proxy", KW_PKCS11PROXY}, + {"charondebug", KW_CHARONDEBUG}, {"klipsdebug", KW_KLIPSDEBUG}, - {"modeconfig", KW_MODECONFIG} + {"keylife", KW_KEYLIFE}, + {"ikelifetime", KW_IKELIFETIME} }; static const short lookup[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 0, 1, -1, 2, 3, -1, 4, - -1, 5, 6, 7, 8, 9, 10, 11, 12, 13, - 14, 15, 16, -1, 17, 18, -1, -1, 19, 20, - 21, -1, -1, 22, 23, 24, 25, 26, 27, 28, - -1, -1, 29, 30, 31, 32, 33, 34, 35, 36, - 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, - 47, 48, 49, -1, 50, -1, 51, 52, 53, 54, - 55, -1, 56, 57, 58, -1, 59, 60, 61, 62, - 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, - 73, 74, -1, 75, 76, 77, 78, -1, -1, 79, - 80, 81, 82, -1, 83, 84, 85, 86, -1, 87, - 88, 89, 90, 91, 92, 93, -1, 94, 95, -1, - -1, -1, 96, 97, -1, 98, 99, -1, 100, -1, - -1, -1, -1, -1, 101, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 102, -1, 103, -1, 104, - -1, 105, -1, -1, 106, 107, -1, 108, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 109, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 110, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 111 + -1, -1, -1, -1, -1, -1, -1, 0, -1, -1, + 1, -1, -1, -1, 2, 3, -1, -1, 4, 5, + -1, -1, 6, 7, -1, 8, 9, -1, 10, -1, + 11, -1, -1, -1, 12, -1, -1, 13, 14, 15, + 16, 17, 18, 19, 20, -1, 21, 22, 23, -1, + 24, -1, 25, 26, 27, 28, 29, -1, 30, 31, + 32, -1, 33, 34, 35, 36, 37, 38, -1, 39, + -1, 40, 41, 42, 43, 44, -1, 45, -1, 46, + -1, 47, -1, 48, -1, 49, 50, 51, -1, 52, + 53, 54, -1, 55, 56, 57, 58, 59, -1, -1, + 60, 61, 62, 63, 64, 65, 66, 67, 68, -1, + -1, 69, 70, 71, 72, -1, 73, 74, 75, 76, + 77, 78, -1, 79, 80, 81, -1, 82, 83, 84, + 85, 86, -1, 87, 88, -1, -1, 89, 90, 91, + 92, 93, -1, 94, -1, -1, 95, 96, 97, -1, + 98, 99, -1, -1, -1, 100, -1, -1, -1, 101, + -1, 102, 103, -1, -1, -1, 104, 105, 106, 107, + 108, 109, -1, 110, -1, 111, 112, -1, 113, -1, + -1, 114, -1, -1, 115, -1, -1, -1, -1, -1, + -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, + -1, 117, -1, -1, -1, 118 }; #ifdef __GNUC__ diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 3a115d15d..8be31d148 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -66,7 +66,7 @@ typedef enum { KW_TYPE, KW_PFS, KW_COMPRESS, - KW_INSTALLPOLICY, + KW_INSTALLPOLICY, KW_AUTH, KW_AUTHBY, KW_EAP, @@ -76,6 +76,10 @@ typedef enum { KW_IKELIFETIME, KW_KEYLIFE, KW_REKEYMARGIN, + KW_LIFEBYTES, + KW_MARGINBYTES, + KW_LIFEPACKETS, + KW_MARGINPACKETS, KW_KEYINGTRIES, KW_REKEYFUZZ, KW_REKEY, @@ -86,6 +90,7 @@ typedef enum { KW_DPDDELAY, KW_DPDTIMEOUT, KW_DPDACTION, + KW_INACTIVITY, KW_MODECONFIG, KW_XAUTH, KW_MEDIATION, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 66c894850..adf3069bf 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -64,6 +64,12 @@ auth, KW_AUTH authby, KW_AUTHBY keylife, KW_KEYLIFE rekeymargin, KW_REKEYMARGIN +lifetime, KW_KEYLIFE +margintime, KW_REKEYMARGIN +lifebytes, KW_LIFEBYTES +marginbytes, KW_MARGINBYTES +lifepackets, KW_LIFEPACKETS +marginpackets, KW_MARGINPACKETS ikelifetime, KW_IKELIFETIME keyingtries, KW_KEYINGTRIES rekeyfuzz, KW_REKEYFUZZ @@ -75,6 +81,7 @@ pfsgroup, KW_PFSGROUP dpddelay, KW_DPDDELAY dpdtimeout, KW_DPDTIMEOUT dpdaction, KW_DPDACTION +inactivity, KW_INACTIVITY modeconfig, KW_MODECONFIG xauth, KW_XAUTH mediation, KW_MEDIATION diff --git a/src/starter/klips.c b/src/starter/klips.c index 061dee50c..79bd25c44 100644 --- a/src/starter/klips.c +++ b/src/starter/klips.c @@ -46,7 +46,7 @@ starter_klips_init(void) return FALSE; } } - + /* load crypto algorithm modules */ ignore_result(system("modprobe -qv ipsec_aes")); ignore_result(system("modprobe -qv ipsec_blowfish")); @@ -55,7 +55,7 @@ starter_klips_init(void) DBG(DBG_CONTROL, DBG_log("Found KLIPS IPsec stack") ) - + return TRUE; } diff --git a/src/starter/klips.h b/src/starter/klips.h index e93348df1..1a527d108 100644 --- a/src/starter/klips.h +++ b/src/starter/klips.h @@ -1,4 +1,4 @@ -/* strongSwan KLIPS initialization and cleanup +/* strongSwan KLIPS initialization and cleanup * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security * * This program is free software; you can redistribute it and/or modify it diff --git a/src/starter/netkey.h b/src/starter/netkey.h index 55f6a7c47..c12924174 100644 --- a/src/starter/netkey.h +++ b/src/starter/netkey.h @@ -1,4 +1,4 @@ -/* strongSwan netkey initialization and cleanup +/* strongSwan netkey initialization and cleanup * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security * * This program is free software; you can redistribute it and/or modify it diff --git a/src/starter/starter.c b/src/starter/starter.c index b675ccf1c..0aab76d43 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -163,7 +163,7 @@ static void fsig(int signal) static void generate_selfcert() { struct stat stb; - + /* if ipsec.secrets file is missing then generate RSA default key pair */ if (stat(SECRETS_FILE, &stb) != 0) { @@ -176,7 +176,7 @@ static void generate_selfcert() { char buf[1024]; struct group group, *grp; - + if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) == 0 && grp) { gid = grp->gr_gid; @@ -187,7 +187,7 @@ static void generate_selfcert() { char buf[1024]; struct passwd passwd, *pwp; - + if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) == 0 && pwp) { uid = pwp->pw_uid; @@ -353,14 +353,14 @@ int main (int argc, char **argv) } } - last_reload = time(NULL); + last_reload = time_monotonic(NULL); if (stat(STARTER_PID_FILE, &stb) == 0) { plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE); exit(LSB_RC_SUCCESS); } - + generate_selfcert(); /* fork if we're not debugging stuff */ @@ -381,7 +381,7 @@ int main (int argc, char **argv) dup2(fnull, STDERR_FILENO); close(fnull); } - setsid(); + setsid(); } break; case -1: @@ -491,7 +491,7 @@ int main (int argc, char **argv) _action_ |= FLAG_ACTION_LISTEN; } - if (!starter_cmp_pluto(cfg, new_cfg)) + if (!starter_cmp_pluto(cfg, new_cfg)) { plog("Pluto has changed"); if (starter_pluto_pid()) @@ -582,7 +582,7 @@ int main (int argc, char **argv) } } _action_ &= ~FLAG_ACTION_UPDATE; - last_reload = time(NULL); + last_reload = time_monotonic(NULL); } /* @@ -620,7 +620,7 @@ int main (int argc, char **argv) conn->state = STATE_TO_ADD; } } - + /* * Start charon */ @@ -736,7 +736,7 @@ int main (int argc, char **argv) */ if (auto_update) { - time_t now = time(NULL); + time_t now = time_monotonic(NULL); tv.tv_sec = (now < last_reload + auto_update) ? (last_reload + auto_update-now) : 0; diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 054e37fa7..665350c00 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -81,7 +81,7 @@ static int send_stroke_msg (stroke_msg_t *msg) ctl_addr.sun_family = AF_UNIX; strcpy(ctl_addr.sun_path, CHARON_CTL_FILE); - + /* starter is not called from commandline, and therefore absolutely silent */ msg->output_verbosity = -1; @@ -173,7 +173,7 @@ static void ip_address2string(ip_address *addr, char *buffer, size_t len) static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, starter_end_t *conn_end) { char buffer[INET6_ADDRSTRLEN]; - + msg_end->auth = push_string(msg, conn_end->auth); msg_end->auth2 = push_string(msg, conn_end->auth2); msg_end->id = push_string(msg, conn_end->id); @@ -187,45 +187,13 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta ip_address2string(&conn_end->addr, buffer, sizeof(buffer)); msg_end->address = push_string(msg, buffer); msg_end->subnets = push_string(msg, conn_end->subnet); + msg_end->sourceip = push_string(msg, conn_end->sourceip); + msg_end->sourceip_mask = conn_end->sourceip_mask; msg_end->sendcert = conn_end->sendcert; msg_end->hostaccess = conn_end->hostaccess; msg_end->tohost = !conn_end->has_client; msg_end->protocol = conn_end->protocol; msg_end->port = conn_end->port; - if (conn_end->srcip) - { - if (conn_end->srcip[0] == '%') - { /* %poolname, strip % */ - msg_end->sourceip_size = 0; - msg_end->sourceip = push_string(msg, conn_end->srcip + 1); - } - else - { - char *pos = strchr(conn_end->srcip, '/'); - if (pos) - { /* CIDR subnet definition */ - snprintf(buffer, pos - conn_end->srcip + 1, "%s", conn_end->srcip); - msg_end->sourceip = push_string(msg, buffer); - msg_end->sourceip_size = atoi(pos + 1); - } - else - { /* a single address */ - msg_end->sourceip = push_string(msg, conn_end->srcip); - if (strchr(conn_end->srcip, ':')) - { /* IPv6 */ - msg_end->sourceip_size = 128; - } - else - { /* IPv4 */ - msg_end->sourceip_size = 32; - } - } - } - } - else if (conn_end->modecfg) - { - msg_end->sourceip_size = 1; - } } int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) @@ -237,7 +205,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.length = offsetof(stroke_msg_t, buffer); msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2; msg.add_conn.name = push_string(&msg, connection_name(conn)); - + /* PUBKEY is preferred to PSK and EAP */ if (conn->policy & POLICY_PUBKEY) { @@ -254,7 +222,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.eap_type = conn->eap_type; msg.add_conn.eap_vendor = conn->eap_vendor; msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity); - + if (conn->policy & POLICY_TUNNEL) { msg.add_conn.mode = MODE_TUNNEL; @@ -267,7 +235,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) { msg.add_conn.mode = MODE_TRANSPORT; msg.add_conn.proxy_mode = TRUE; - } + } else { msg.add_conn.mode = MODE_TRANSPORT; @@ -279,12 +247,16 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds; msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds; msg.add_conn.rekey.margin = conn->sa_rekey_margin; + msg.add_conn.rekey.life_bytes = conn->sa_ipsec_life_bytes; + msg.add_conn.rekey.margin_bytes = conn->sa_ipsec_margin_bytes; + msg.add_conn.rekey.life_packets = conn->sa_ipsec_life_packets; + msg.add_conn.rekey.margin_packets = conn->sa_ipsec_margin_packets; msg.add_conn.rekey.tries = conn->sa_keying_tries; msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz; } - msg.add_conn.mobike = conn->policy & POLICY_MOBIKE; - msg.add_conn.force_encap = conn->policy & POLICY_FORCE_ENCAP; - msg.add_conn.ipcomp = conn->policy & POLICY_COMPRESS; + msg.add_conn.mobike = (conn->policy & POLICY_MOBIKE) != 0; + msg.add_conn.force_encap = (conn->policy & POLICY_FORCE_ENCAP) != 0; + msg.add_conn.ipcomp = (conn->policy & POLICY_COMPRESS) != 0; msg.add_conn.install_policy = conn->install_policy; msg.add_conn.crl_policy = cfg->setup.strictcrlpolicy; msg.add_conn.unique = cfg->setup.uniqueids; @@ -292,6 +264,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.algorithms.esp = push_string(&msg, conn->esp); msg.add_conn.dpd.delay = conn->dpd_delay; msg.add_conn.dpd.action = conn->dpd_action; + msg.add_conn.inactivity = conn->inactivity; msg.add_conn.ikeme.mediation = conn->me_mediation; msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by); msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid); @@ -361,7 +334,7 @@ int starter_stroke_del_ca(starter_ca_t *ca) int starter_stroke_configure(starter_config_t *cfg) { stroke_msg_t msg; - + if (cfg->setup.cachecrls) { msg.type = STR_CONFIG; diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c index 44b442ae2..67916395f 100644 --- a/src/starter/starterwhack.c +++ b/src/starter/starterwhack.c @@ -33,8 +33,7 @@ #define ip_version(string) (strchr(string, '.') ? AF_INET : AF_INET6) -static int -pack_str (char **p, char **next, char **roof) +static int pack_str (char **p, char **next, char **roof) { const char *s = (*p==NULL) ? "" : *p; /* note: NULL becomes ""! */ size_t len = strlen(s) + 1; @@ -52,8 +51,7 @@ pack_str (char **p, char **next, char **roof) } } -static int -send_whack_msg (whack_message_t *msg) +static int send_whack_msg (whack_message_t *msg) { struct sockaddr_un ctl_addr; int sock; @@ -67,37 +65,41 @@ send_whack_msg (whack_message_t *msg) str_next = (char *)msg->string; str_roof = (char *)&msg->string[sizeof(msg->string)]; - if (!pack_str(&msg->name, &str_next, &str_roof) - || !pack_str(&msg->left.id, &str_next, &str_roof) - || !pack_str(&msg->left.cert, &str_next, &str_roof) - || !pack_str(&msg->left.ca, &str_next, &str_roof) - || !pack_str(&msg->left.groups, &str_next, &str_roof) - || !pack_str(&msg->left.updown, &str_next, &str_roof) - || !pack_str(&msg->left.virt, &str_next, &str_roof) - || !pack_str(&msg->right.id, &str_next, &str_roof) - || !pack_str(&msg->right.cert, &str_next, &str_roof) - || !pack_str(&msg->right.ca, &str_next, &str_roof) - || !pack_str(&msg->right.groups, &str_next, &str_roof) - || !pack_str(&msg->right.updown, &str_next, &str_roof) - || !pack_str(&msg->right.virt, &str_next, &str_roof) - || !pack_str(&msg->keyid, &str_next, &str_roof) - || !pack_str(&msg->myid, &str_next, &str_roof) - || !pack_str(&msg->cacert, &str_next, &str_roof) - || !pack_str(&msg->ldaphost, &str_next, &str_roof) - || !pack_str(&msg->ldapbase, &str_next, &str_roof) - || !pack_str(&msg->crluri, &str_next, &str_roof) - || !pack_str(&msg->crluri2, &str_next, &str_roof) - || !pack_str(&msg->ocspuri, &str_next, &str_roof) - || !pack_str(&msg->ike, &str_next, &str_roof) - || !pack_str(&msg->esp, &str_next, &str_roof) - || !pack_str(&msg->sc_data, &str_next, &str_roof) - || (str_roof - str_next < msg->keyval.len)) + if (!pack_str(&msg->name, &str_next, &str_roof) + || !pack_str(&msg->left.id, &str_next, &str_roof) + || !pack_str(&msg->left.cert, &str_next, &str_roof) + || !pack_str(&msg->left.ca, &str_next, &str_roof) + || !pack_str(&msg->left.groups, &str_next, &str_roof) + || !pack_str(&msg->left.updown, &str_next, &str_roof) + || !pack_str(&msg->left.sourceip, &str_next, &str_roof) + || !pack_str(&msg->left.virt, &str_next, &str_roof) + || !pack_str(&msg->right.id, &str_next, &str_roof) + || !pack_str(&msg->right.cert, &str_next, &str_roof) + || !pack_str(&msg->right.ca, &str_next, &str_roof) + || !pack_str(&msg->right.groups, &str_next, &str_roof) + || !pack_str(&msg->right.updown, &str_next, &str_roof) + || !pack_str(&msg->right.sourceip, &str_next, &str_roof) + || !pack_str(&msg->right.virt, &str_next, &str_roof) + || !pack_str(&msg->keyid, &str_next, &str_roof) + || !pack_str(&msg->myid, &str_next, &str_roof) + || !pack_str(&msg->cacert, &str_next, &str_roof) + || !pack_str(&msg->ldaphost, &str_next, &str_roof) + || !pack_str(&msg->ldapbase, &str_next, &str_roof) + || !pack_str(&msg->crluri, &str_next, &str_roof) + || !pack_str(&msg->crluri2, &str_next, &str_roof) + || !pack_str(&msg->ocspuri, &str_next, &str_roof) + || !pack_str(&msg->ike, &str_next, &str_roof) + || !pack_str(&msg->esp, &str_next, &str_roof) + || !pack_str(&msg->sc_data, &str_next, &str_roof) + || (str_roof - str_next < msg->keyval.len)) { plog("send_wack_msg(): can't pack strings"); return -1; } if (msg->keyval.ptr) + { memcpy(str_next, msg->keyval.ptr, msg->keyval.len); + } msg->keyval.ptr = NULL; str_next += msg->keyval.len; len = str_next - (char *)msg; @@ -130,15 +132,13 @@ send_whack_msg (whack_message_t *msg) return 0; } -static void -init_whack_msg(whack_message_t *msg) +static void init_whack_msg(whack_message_t *msg) { memset(msg, 0, sizeof(whack_message_t)); msg->magic = WHACK_MAGIC; } -static char * -connection_name(starter_conn_t *conn) +static char *connection_name(starter_conn_t *conn) { /* if connection name is '%auto', create a new name like conn_xxxxx */ static char buf[32]; @@ -151,34 +151,26 @@ connection_name(starter_conn_t *conn) return conn->name; } -static void -set_whack_end(whack_end_t *w, starter_end_t *end, sa_family_t family) -{ - if (end->srcip && end->srcip[0] != '%') - { - int len = 0; - char *pos; - - pos = strchr(end->srcip, '/'); - if (pos) - { - /* use first address only for pluto */ - len = pos - end->srcip; - } - w->has_srcip = !end->has_natip; - ttoaddr(end->srcip, len, ip_version(end->srcip), &w->host_srcip); - } - else - { - anyaddr(AF_INET, &w->host_srcip); - } - +static void set_whack_end(whack_end_t *w, starter_end_t *end, sa_family_t family) +{ w->id = end->id; w->cert = end->cert; w->ca = end->ca; w->groups = end->groups; w->host_addr = end->addr; w->has_client = end->has_client; + w->sourceip = end->sourceip; + w->sourceip_mask = end->sourceip_mask; + + if (end->sourceip && end->sourceip_mask > 0) + { + ttoaddr(end->sourceip, 0, ip_version(end->sourceip), &w->host_srcip); + w->has_srcip = !end->has_natip; + } + else + { + anyaddr(AF_INET, &w->host_srcip); + } if (family == AF_INET6 && isanyaddr(&end->nexthop)) { @@ -234,13 +226,14 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end { const char *err; static char keyspace[1024 + 4]; + char buf[ADDRTOT_BUF]; whack_message_t msg; init_whack_msg(&msg); msg.whack_key = TRUE; msg.pubkey_alg = PUBKEY_ALG_RSA; - if (end->id && end->rsakey) + if (end->rsakey) { /* special values to ignore */ if (streq(end->rsakey, "") @@ -250,24 +243,28 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end { return 0; } - msg.keyid = end->id; err = atobytes(end->rsakey, 0, keyspace, sizeof(keyspace), &msg.keyval.len); if (err) { plog("conn %s/%s: rsakey malformed [%s]", connection_name(conn), lr, err); return 1; } + if (end->id) + { + msg.keyid = end->id; + } else { - msg.keyval.ptr = keyspace; - return send_whack_msg(&msg); + addrtot(&end->addr, 0, buf, sizeof(buf)); + msg.keyid = buf; } + msg.keyval.ptr = keyspace; + return send_whack_msg(&msg); } return 0; } -int -starter_whack_add_conn(starter_conn_t *conn) +int starter_whack_add_conn(starter_conn_t *conn) { whack_message_t msg; int r; @@ -332,8 +329,7 @@ starter_whack_add_conn(starter_conn_t *conn) return r; } -int -starter_whack_del_conn(starter_conn_t *conn) +int starter_whack_del_conn(starter_conn_t *conn) { whack_message_t msg; @@ -343,8 +339,7 @@ starter_whack_del_conn(starter_conn_t *conn) return send_whack_msg(&msg); } -int -starter_whack_route_conn(starter_conn_t *conn) +int starter_whack_route_conn(starter_conn_t *conn) { whack_message_t msg; @@ -354,8 +349,7 @@ starter_whack_route_conn(starter_conn_t *conn) return send_whack_msg(&msg); } -int -starter_whack_initiate_conn(starter_conn_t *conn) +int starter_whack_initiate_conn(starter_conn_t *conn) { whack_message_t msg; @@ -366,8 +360,7 @@ starter_whack_initiate_conn(starter_conn_t *conn) return send_whack_msg(&msg); } -int -starter_whack_listen(void) +int starter_whack_listen(void) { whack_message_t msg; init_whack_msg(&msg); @@ -384,8 +377,7 @@ int starter_whack_shutdown(void) return send_whack_msg(&msg); } -int -starter_whack_add_ca(starter_ca_t *ca) +int starter_whack_add_ca(starter_ca_t *ca) { whack_message_t msg; @@ -404,8 +396,7 @@ starter_whack_add_ca(starter_ca_t *ca) return send_whack_msg(&msg); } -int -starter_whack_del_ca(starter_ca_t *ca) +int starter_whack_del_ca(starter_ca_t *ca) { whack_message_t msg; diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index e2ed28afe..82f2be13d 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -36,13 +38,20 @@ ipsec_PROGRAMS = stroke$(EXEEXT) subdir = src/stroke DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(ipsec_PROGRAMS) am_stroke_OBJECTS = stroke.$(OBJEXT) stroke_keywords.$(OBJEXT) stroke_OBJECTS = $(am_stroke_OBJECTS) @@ -53,6 +62,7 @@ stroke_DEPENDENCIES = \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -100,25 +110,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -130,11 +137,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -163,9 +173,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -188,7 +198,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -196,6 +206,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -204,10 +215,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -215,6 +228,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ stroke_SOURCES = stroke.c stroke_msg.h stroke_keywords.c stroke_keywords.h @@ -238,9 +252,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/stroke/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/stroke/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/stroke/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/stroke/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -258,34 +272,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list stroke$(EXEEXT): $(stroke_OBJECTS) $(stroke_DEPENDENCIES) @rm -f stroke$(EXEEXT) $(LINK) $(stroke_OBJECTS) $(stroke_LDADD) $(LIBS) @@ -301,21 +331,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -338,7 +368,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -346,29 +376,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -389,13 +424,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -428,6 +467,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -451,6 +491,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -459,18 +501,28 @@ install-data-am: install-ipsecPROGRAMS install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -493,7 +545,7 @@ ps-am: uninstall-am: uninstall-ipsecPROGRAMS -.MAKE: install-am install-strip +.MAKE: all check install install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-ipsecPROGRAMS clean-libtool ctags distclean \ @@ -512,6 +564,7 @@ uninstall-am: uninstall-ipsecPROGRAMS stroke_keywords.c: $(srcdir)/stroke_keywords.txt $(srcdir)/stroke_keywords.h $(GPERF) -m 10 -D -C -G -t < $(srcdir)/stroke_keywords.txt > $@ + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index c27a8ca3e..955e49535 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -55,14 +55,14 @@ static int send_stroke_msg (stroke_msg_t *msg) { struct sockaddr_un ctl_addr; int sock; - char buffer[64]; + char buffer[512]; int byte_count; ctl_addr.sun_family = AF_UNIX; strcpy(ctl_addr.sun_path, STROKE_SOCKET); - + msg->output_verbosity = 1; /* CONTROL */ - + sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { @@ -76,7 +76,7 @@ static int send_stroke_msg (stroke_msg_t *msg) close(sock); return -1; } - + /* send message */ if (write(sock, msg, msg->length) != msg->length) { @@ -84,56 +84,66 @@ static int send_stroke_msg (stroke_msg_t *msg) close(sock); return -1; } - + while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0) { buffer[byte_count] = '\0'; printf("%s", buffer); + + /* we prompt if we receive the "Passphrase:" magic keyword */ + if (byte_count >= 12 && + strcmp(buffer + byte_count - 12, "Passphrase:\n") == 0) + { + if (fgets(buffer, sizeof(buffer), stdin)) + { + if (write(sock, buffer, strlen(buffer))); + } + } } if (byte_count < 0) { fprintf(stderr, "reading from socket failed: %s\n", strerror(errno)); } - + close(sock); return 0; } static int add_connection(char *name, - char *my_id, char *other_id, + char *my_id, char *other_id, char *my_addr, char *other_addr, char *my_nets, char *other_nets) { stroke_msg_t msg; - + memset(&msg, 0, sizeof(msg)); msg.length = offsetof(stroke_msg_t, buffer); msg.type = STR_ADD_CONN; - + msg.add_conn.name = push_string(&msg, name); msg.add_conn.ikev2 = 1; msg.add_conn.auth_method = 2; msg.add_conn.mode = 1; msg.add_conn.mobike = 1; msg.add_conn.dpd.action = 1; - + msg.add_conn.me.id = push_string(&msg, my_id); msg.add_conn.me.address = push_string(&msg, my_addr); msg.add_conn.me.subnets = push_string(&msg, my_nets); msg.add_conn.me.sendcert = 1; - + msg.add_conn.other.id = push_string(&msg, other_id); msg.add_conn.other.address = push_string(&msg, other_addr); msg.add_conn.other.subnets = push_string(&msg, other_nets); msg.add_conn.other.sendcert = 1; - + return send_stroke_msg(&msg); } static int del_connection(char *name) { stroke_msg_t msg; - + msg.length = offsetof(stroke_msg_t, buffer); msg.type = STR_DEL_CONN; msg.initiate.name = push_string(&msg, name); @@ -143,7 +153,7 @@ static int del_connection(char *name) static int initiate_connection(char *name) { stroke_msg_t msg; - + msg.length = offsetof(stroke_msg_t, buffer); msg.type = STR_INITIATE; msg.initiate.name = push_string(&msg, name); @@ -153,7 +163,7 @@ static int initiate_connection(char *name) static int terminate_connection(char *name) { stroke_msg_t msg; - + msg.type = STR_TERMINATE; msg.length = offsetof(stroke_msg_t, buffer); msg.initiate.name = push_string(&msg, name); @@ -163,7 +173,7 @@ static int terminate_connection(char *name) static int terminate_connection_srcip(char *start, char *end) { stroke_msg_t msg; - + msg.type = STR_TERMINATE_SRCIP; msg.length = offsetof(stroke_msg_t, buffer); msg.terminate_srcip.start = push_string(&msg, start); @@ -174,7 +184,7 @@ static int terminate_connection_srcip(char *start, char *end) static int route_connection(char *name) { stroke_msg_t msg; - + msg.type = STR_ROUTE; msg.length = offsetof(stroke_msg_t, buffer); msg.route.name = push_string(&msg, name); @@ -184,7 +194,7 @@ static int route_connection(char *name) static int unroute_connection(char *name) { stroke_msg_t msg; - + msg.type = STR_UNROUTE; msg.length = offsetof(stroke_msg_t, buffer); msg.unroute.name = push_string(&msg, name); @@ -194,7 +204,7 @@ static int unroute_connection(char *name) static int show_status(stroke_keyword_t kw, char *connection) { stroke_msg_t msg; - + msg.type = (kw == STROKE_STATUS)? STR_STATUS:STR_STATUS_ALL; msg.length = offsetof(stroke_msg_t, buffer); msg.status.name = push_string(&msg, connection); @@ -219,7 +229,7 @@ static int list_flags[] = { static int list(stroke_keyword_t kw, int utc) { stroke_msg_t msg; - + msg.type = STR_LIST; msg.length = offsetof(stroke_msg_t, buffer); msg.list.utc = utc; @@ -240,7 +250,7 @@ static int reread_flags[] = { static int reread(stroke_keyword_t kw) { stroke_msg_t msg; - + msg.type = STR_REREAD; msg.length = offsetof(stroke_msg_t, buffer); msg.reread.flags = reread_flags[kw - STROKE_REREAD_FIRST]; @@ -255,7 +265,7 @@ static int purge_flags[] = { static int purge(stroke_keyword_t kw) { stroke_msg_t msg; - + msg.type = STR_PURGE; msg.length = offsetof(stroke_msg_t, buffer); msg.purge.flags = purge_flags[kw - STROKE_PURGE_FIRST]; @@ -266,7 +276,7 @@ static int leases(stroke_keyword_t kw, char *pool, char *address) { stroke_msg_t msg; - + msg.type = STR_LEASES; msg.length = offsetof(stroke_msg_t, buffer); msg.leases.pool = push_string(&msg, pool); @@ -277,7 +287,7 @@ static int leases(stroke_keyword_t kw, char *pool, char *address) static int set_loglevel(char *type, u_int level) { stroke_msg_t msg; - + msg.type = STR_LOGLEVEL; msg.length = offsetof(stroke_msg_t, buffer); msg.loglevel.type = push_string(&msg, type); @@ -349,7 +359,7 @@ int main(int argc, char *argv[]) { exit_usage(NULL); } - + token = in_word_set(argv[1], strlen(argv[1])); if (token == NULL) @@ -365,8 +375,8 @@ int main(int argc, char *argv[]) exit_usage("\"add\" needs more parameters..."); } res = add_connection(argv[2], - argv[3], argv[4], - argv[5], argv[6], + argv[3], argv[4], + argv[5], argv[6], argv[7], argv[8]); break; case STROKE_DELETE: @@ -417,7 +427,7 @@ int main(int argc, char *argv[]) { exit_usage("\"logtype\" needs more parameters..."); } - res = set_loglevel(argv[2], atoi(argv[3])); + res = set_loglevel(argv[2], atoi(argv[3])); break; case STROKE_STATUS: case STROKE_STATUSALL: diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index abf285a86..56a7a158f 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -138,7 +138,7 @@ struct stroke_end_t { char *updown; char *address; char *sourceip; - int sourceip_size; + int sourceip_mask; char *subnets; int sendcert; int hostaccess; @@ -194,7 +194,7 @@ struct stroke_msg_t { STR_LEASES, /* more to come */ } type; - + /* verbosity of output returned from charon (-from -1=silent to 4=private)*/ int output_verbosity; @@ -203,7 +203,7 @@ struct stroke_msg_t { struct { char *name; } initiate, route, unroute, terminate, status, del_conn, del_ca; - + /* data for STR_TERMINATE_SRCIP */ struct { char *start; @@ -223,6 +223,7 @@ struct stroke_msg_t { int mobike; int force_encap; int ipcomp; + time_t inactivity; int proxy_mode; int install_policy; @@ -237,6 +238,10 @@ struct stroke_msg_t { time_t ipsec_lifetime; time_t ike_lifetime; time_t margin; + u_int64_t life_bytes; + u_int64_t margin_bytes; + u_int64_t life_packets; + u_int64_t margin_packets; unsigned long tries; unsigned long fuzz; } rekey; @@ -268,7 +273,7 @@ struct stroke_msg_t { char *type; int level; } loglevel; - + /* data for STR_CONFIG */ struct { int cachecrl; diff --git a/src/whack/Makefile.in b/src/whack/Makefile.in index 88b066379..eb6238d80 100644 --- a/src/whack/Makefile.in +++ b/src/whack/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -36,13 +38,20 @@ ipsec_PROGRAMS = whack$(EXEEXT) subdir = src/whack DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" -ipsecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) PROGRAMS = $(ipsec_PROGRAMS) am_whack_OBJECTS = whack.$(OBJEXT) whack_OBJECTS = $(am_whack_OBJECTS) @@ -52,6 +61,7 @@ whack_DEPENDENCIES = \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -99,25 +109,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -129,11 +136,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -162,9 +172,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -187,7 +197,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -195,6 +205,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -203,10 +214,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -214,6 +227,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ whack_SOURCES = whack.c whack.h @@ -240,9 +254,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/whack/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/whack/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/whack/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/whack/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -260,34 +274,50 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - if test -f $$p \ - || test -f $$p1 \ - ; then \ - f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(ipsecdir)/$$f'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(ipsecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(ipsecdir)/$$f" || exit 1; \ - else :; fi; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + } \ + ; done uninstall-ipsecPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ - echo " rm -f '$(DESTDIR)$(ipsecdir)/$$f'"; \ - rm -f "$(DESTDIR)$(ipsecdir)/$$f"; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done + @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list whack$(EXEEXT): $(whack_OBJECTS) $(whack_DEPENDENCIES) @rm -f whack$(EXEEXT) $(LINK) $(whack_OBJECTS) $(whack_LDADD) $(LIBS) @@ -302,21 +332,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -339,7 +369,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -347,29 +377,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -390,13 +425,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -427,6 +466,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -448,6 +488,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -456,18 +498,28 @@ install-data-am: install-ipsecPROGRAMS install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -506,6 +558,7 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-ipsecPROGRAMS + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/whack/whack.c b/src/whack/whack.c index 28112500e..c458d6760 100644 --- a/src/whack/whack.c +++ b/src/whack/whack.c @@ -393,7 +393,7 @@ enum { END_SRCIP, END_HOSTACCESS, END_UPDOWN, - + #define END_LAST END_UPDOWN /* last end description*/ /* Connection Description options -- segregated */ @@ -431,7 +431,7 @@ enum { CD_DPDTIMEOUT, CD_IKE, CD_PFSGROUP, - CD_ESP, + CD_ESP, # define CD_LAST CD_ESP /* last connection description */ @@ -861,7 +861,7 @@ int main(int argc, char **argv) msg.addr_family = AF_INET; msg.tunnel_addr_family = AF_INET; - + msg.cacert = NULL; msg.ldaphost = NULL; msg.ldapbase = NULL; @@ -1017,7 +1017,7 @@ int main(int argc, char **argv) if (!options->from(options, optarg, &argc, &argv, optind)) { fprintf(stderr, "optionsfrom failed"); - whack_exit(RC_WHACK_PROBLEM); + whack_exit(RC_WHACK_PROBLEM); } continue; @@ -1134,7 +1134,7 @@ int main(int argc, char **argv) case OPT_STATUS: /* --status */ msg.whack_status = TRUE; continue; - + case OPT_SHUTDOWN: /* --shutdown */ msg.whack_shutdown = TRUE; continue; @@ -1180,7 +1180,7 @@ int main(int argc, char **argv) base = 256; else diagq("not a valid base", optarg); - + if (c == SC_INBASE) msg.inbase = base; else @@ -1472,7 +1472,7 @@ int main(int argc, char **argv) case CD_IKE: /* --ike */ msg.ike = optarg; continue; - + case CD_PFSGROUP: /* --pfsgroup modpXXXX */ msg.pfsgroup = optarg; continue; @@ -1726,10 +1726,10 @@ int main(int argc, char **argv) { if (msg.dpd_delay <= 0) diag("dpddelay must be larger than zero"); - + if (msg.dpd_timeout <= 0) diag("dpdtimeout must be larger than zero"); - + if (msg.dpd_timeout <= msg.dpd_delay) diag("dpdtimeout must be larger than dpddelay"); } @@ -1740,36 +1740,38 @@ int main(int argc, char **argv) /* build esp message as esp=";" */ if (msg.pfsgroup) { - snprintf(esp_buf, sizeof (esp_buf), "%s;%s", + snprintf(esp_buf, sizeof (esp_buf), "%s;%s", msg.esp ? msg.esp : "", msg.pfsgroup ? msg.pfsgroup : ""); msg.esp=esp_buf; } - if (!pack_str(&msg.name) /* string 1 */ - || !pack_str(&msg.left.id) /* string 2 */ - || !pack_str(&msg.left.cert) /* string 3 */ - || !pack_str(&msg.left.ca) /* string 4 */ - || !pack_str(&msg.left.groups) /* string 5 */ - || !pack_str(&msg.left.updown) /* string 6 */ - || !pack_str(&msg.left.virt) /* string 7 */ - || !pack_str(&msg.right.id) /* string 8 */ - || !pack_str(&msg.right.cert) /* string 9 */ - || !pack_str(&msg.right.ca) /* string 10 */ - || !pack_str(&msg.right.groups) /* string 11 */ - || !pack_str(&msg.right.updown) /* string 12 */ - || !pack_str(&msg.right.virt) /* string 13 */ - || !pack_str(&msg.keyid) /* string 14 */ - || !pack_str(&msg.myid) /* string 15 */ - || !pack_str(&msg.cacert) /* string 16 */ - || !pack_str(&msg.ldaphost) /* string 17 */ - || !pack_str(&msg.ldapbase) /* string 18 */ - || !pack_str(&msg.crluri) /* string 19 */ - || !pack_str(&msg.crluri2) /* string 20 */ - || !pack_str(&msg.ocspuri) /* string 21 */ - || !pack_str(&msg.ike) /* string 22 */ - || !pack_str(&msg.esp) /* string 23 */ - || !pack_str(&msg.sc_data) /* string 24 */ - || str_roof - next_str < (ptrdiff_t)msg.keyval.len) /* chunk (sort of string 5) */ + if (!pack_str(&msg.name) /* string 1 */ + || !pack_str(&msg.left.id) /* string 2 */ + || !pack_str(&msg.left.cert) /* string 3 */ + || !pack_str(&msg.left.ca) /* string 4 */ + || !pack_str(&msg.left.groups) /* string 5 */ + || !pack_str(&msg.left.updown) /* string 6 */ + || !pack_str(&msg.left.sourceip) /* string 7 */ + || !pack_str(&msg.left.virt) /* string 8 */ + || !pack_str(&msg.right.id) /* string 9 */ + || !pack_str(&msg.right.cert) /* string 10 */ + || !pack_str(&msg.right.ca) /* string 11 */ + || !pack_str(&msg.right.groups) /* string 12 */ + || !pack_str(&msg.right.updown) /* string 13 */ + || !pack_str(&msg.right.sourceip) /* string 14 */ + || !pack_str(&msg.right.virt) /* string 15 */ + || !pack_str(&msg.keyid) /* string 16 */ + || !pack_str(&msg.myid) /* string 17 */ + || !pack_str(&msg.cacert) /* string 18 */ + || !pack_str(&msg.ldaphost) /* string 19 */ + || !pack_str(&msg.ldapbase) /* string 20 */ + || !pack_str(&msg.crluri) /* string 21 */ + || !pack_str(&msg.crluri2) /* string 22 */ + || !pack_str(&msg.ocspuri) /* string 23 */ + || !pack_str(&msg.ike) /* string 24 */ + || !pack_str(&msg.esp) /* string 25 */ + || !pack_str(&msg.sc_data) /* string 26 */ + || str_roof - next_str < (ptrdiff_t)msg.keyval.len) diag("too many bytes of strings to fit in message to pluto"); memcpy(next_str, msg.keyval.ptr, msg.keyval.len); diff --git a/src/whack/whack.h b/src/whack/whack.h index 79d115262..3f66a7b4f 100644 --- a/src/whack/whack.h +++ b/src/whack/whack.h @@ -17,6 +17,9 @@ #include +#include +#include + /* copy of smartcard operations, defined in smartcard.h */ #ifndef SC_OP_T #define SC_OP_T @@ -58,12 +61,12 @@ struct whack_end { char *cert; /* path string (if any) -- loaded by pluto */ char *ca; /* distinguished name string (if any) -- parsed by pluto */ char *groups; /* access control groups (if any) -- parsed by pluto */ - ip_address - host_addr, - host_nexthop, - host_srcip; + char *sourceip; /* source IP address or pool identifier -- parsed by pluto */ + int sourceip_mask; + ip_address host_addr; + ip_address host_nexthop; + ip_address host_srcip; ip_subnet client; - bool key_from_DNS_on_demand; bool has_client; bool has_client_wildcard; @@ -280,7 +283,7 @@ enum rc_type { /* entry of secrets */ RC_ENTERSECRET = 40, - + /* progress: start of range for successful state transition. * Actual value is RC_NEW_STATE plus the new state code. */ diff --git a/testing/INSTALL b/testing/INSTALL index e70edf44f..68e13d84a 100644 --- a/testing/INSTALL +++ b/testing/INSTALL @@ -53,14 +53,14 @@ are required for the strongSwan testing environment: * A vanilla Linux kernel on which the UML kernel will be based on. We recommend the use of - http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.30.2.tar.bz2 + http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.31.5.tar.bz2 - * The Linux kernel 2.6.29 does not require any patches for the uml guest kernel + * The Linux kernel 2.6.31 does not require any patches for the uml guest kernel to successfully start up. * The matching .config file required to compile the UML kernel: - http://download.strongswan.org/uml/.config-2.6.30 + http://download.strongswan.org/uml/.config-2.6.31 * A gentoo-based UML file system (compressed size 130 MBytes) found at @@ -68,7 +68,7 @@ are required for the strongSwan testing environment: * The latest strongSwan distribution - http://download.strongswan.org/strongswan-4.3.4.tar.bz2 + http://download.strongswan.org/strongswan-4.3.6.tar.bz2 3. Creating the environment diff --git a/testing/Makefile.am b/testing/Makefile.am index ad8d5042a..130b87b43 100644 --- a/testing/Makefile.am +++ b/testing/Makefile.am @@ -5,7 +5,7 @@ EXTRA_DIST = do-tests.in make-testing start-testing stop-testing \ do-tests : do-tests.in sed \ - -e "s:\@IPSEC_ROUTING_TABLE\@:$(IPSEC_ROUTING_TABLE):" \ + -e "s:\@routing_table\@:$(routing_table):" \ $(srcdir)/$@.in > $@ chmod +x $@ diff --git a/testing/Makefile.in b/testing/Makefile.in index 3ace3a55f..6a5fd31f2 100644 --- a/testing/Makefile.in +++ b/testing/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -36,11 +38,19 @@ subdir = testing DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ INSTALL ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = SCRIPTS = $(noinst_SCRIPTS) SOURCES = DIST_SOURCES = @@ -78,25 +88,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -108,11 +115,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -141,9 +151,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -166,7 +176,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -174,6 +184,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -182,10 +193,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -193,6 +206,7 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ noinst_SCRIPTS = do-tests @@ -212,9 +226,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu testing/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu testing/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu testing/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu testing/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -232,6 +246,7 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo @@ -261,13 +276,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -296,6 +315,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -314,6 +334,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -322,18 +344,28 @@ install-data-am: install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -370,9 +402,10 @@ uninstall-am: do-tests : do-tests.in sed \ - -e "s:\@IPSEC_ROUTING_TABLE\@:$(IPSEC_ROUTING_TABLE):" \ + -e "s:\@routing_table\@:$(routing_table):" \ $(srcdir)/$@.in > $@ chmod +x $@ + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/testing/do-tests.in b/testing/do-tests.in index 3a66f4548..7dbb5487a 100755 --- a/testing/do-tests.in +++ b/testing/do-tests.in @@ -46,7 +46,7 @@ TESTRESULTSHTML=$TODAYDIR/all.html INDEX=$TODAYDIR/index.html DEFAULTTESTSDIR=$UMLTESTDIR/testing/tests -SOURCEIP_ROUTING_TABLE=@IPSEC_ROUTING_TABLE@ +SOURCEIP_ROUTING_TABLE=@routing_table@ testnumber="0" failed_cnt="0" @@ -245,9 +245,17 @@ do if [ $SUBDIR = "ipv6" -o $name = "rw-psk-ipv6" ] then - IPTABLES="ip6tables" + IPTABLES_CMD="ip6tables -v -n -L" + IPTABLES_DSP="ip6tables -L" else - IPTABLES="iptables" + IPTABLES_CMD="iptables -v -n -L" + IPTABLES_DSP="iptables -L" + fi + + if [ $name = "net2net-ip4-in-ip6-ikev2" -o $name = "net2net-ip6-in-ip4-ikev2" ] + then + IPTABLES_CMD="iptables -v -n -L ; echo ; ip6tables -v -n -L" + IPTABLES_DSP="iptables -L ; ip6tables -L" fi [ -f $DEFAULTTESTSDIR/${testname}/description.txt ] || die "!! File 'description.txt' is missing" @@ -476,7 +484,7 @@ do > $TESTRESULTDIR/${host}.ip.state 2>/dev/null ssh $HOSTLOGIN ip route list table $SOURCEIP_ROUTING_TABLE \ > $TESTRESULTDIR/${host}.ip.route 2>/dev/null - ssh $HOSTLOGIN $IPTABLES -v -n -L \ + ssh $HOSTLOGIN $IPTABLES_CMD \ > $TESTRESULTDIR/${host}.iptables 2>/dev/null chmod a+r $TESTRESULTDIR/* cat >> $TESTRESULTDIR/index.html <<@EOF @@ -504,7 +512,7 @@ do
  • ip -s xfrm policy
  • ip -s xfrm state
  • ip route list table $SOURCEIP_ROUTING_TABLE
  • -
  • $IPTABLES -L
  • +
  • $IPTABLES_DSP
  • @@ -623,6 +631,17 @@ do @EOF + + ########################################################################## + # remove any charon.pid files that still may exist + # + + for host in $IPSECHOSTS + do + eval HOSTLOGIN=root@\$ipv4_${host} + ssh $HOSTLOGIN 'if [ -f /var/run/charon.pid ]; then rm /var/run/charon.pid; echo " removed charon.pid on `hostname`"; fi' + done + done done diff --git a/testing/hosts/alice/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/hosts/alice/etc/ipsec.d/cacerts/strongswanCert.pem index 0de3b268d..0865ad22e 100644 --- a/testing/hosts/alice/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/hosts/alice/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMDE0NVoXDTE0MDkwODExMDE0NVowRTELMAkGA1UE +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f @@ -9,14 +9,14 @@ FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc 4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ 7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr -K+1LwdqRxo7HgMRiDw8CAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud -DwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0jBGYw -ZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD -VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg -Q0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAJrXTj5gWS37myHHhii9drYwkMFyDHS/ -lHU8rW/drcnHdus507+qUhNr9SiEAHg4Ywj895UDvT0a1sFaw44QyEa/94iKA8/n -+g5kS1IrKvWu3wu8UI3EgzChgHV3cncQlQWbK+FI9Y3Ax1O1np1r+wLptoWpKKKE -UxsYcxP9K4Nbyeon0AIHOajUheiL3t6aRc3m0o7VU7Do6S2r+He+1Zq/nRUfFeTy -0Atebkn8tmUpPSKWaXkmwpVNrjZ1Qu9umAU+dtJyhzL2zmnyhPC4VqpsKCOp7imy -gKZvUIKPm1zyf4T+yjwxwkiX2xVseoM3aKswb1EoZFelHwndU7u0GQ8= +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= -----END CERTIFICATE----- diff --git a/testing/hosts/alice/etc/ipsec.d/certs/aliceCert.pem b/testing/hosts/alice/etc/ipsec.d/certs/aliceCert.pem index e99ae8ec7..49fe4b80b 100644 --- a/testing/hosts/alice/etc/ipsec.d/certs/aliceCert.pem +++ b/testing/hosts/alice/etc/ipsec.d/certs/aliceCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEHzCCAwegAwIBAgIBBTANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEHzCCAwegAwIBAgIBGTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjQzOVoXDTA5MDkwOTExMjQzOVowVzELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwMDcyNFoXDTE0MDgyNjEwMDcyNFowVzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAK7FyvkE18/oujCaTd8GXBNOH+Cvoy0ibJ8j2sNsBrer -GS1lgxRs8zaVfK9fosadu0UZeWIHsOKkew5469sPvkKK2SGGH+pu+x+xO/vuaEG4 -FlkAu8iGFWLQycLt6BJfcqw7FT8rwNuD18XXBXmP7hRavi/TEElbVYHbO7lm8T5W -6hTr/sYddiSB7X9/ba7JBy6lxmBcUAx5bjiiHLaW/llefkqyhc6dw5nvPZ2DchvH -v/HWvLF9bsvxbBkHU0/z/CEsRuMBI7EPEL4rx3UqmuCUAqiMJTS3IrDaIlfJOLWc -KlbsnE6hHpwmt9oDB9iWBY9WeZUSAtJGFw4b7FCZvQ0CAwEAAaOCAQYwggECMAkG -A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRZmh0JtiNTjBsQsfD7ECNa -60iG2jBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG +BQADggEPADCCAQoCggEBANiNakgR5pct0NqirfPJEb9e3YZkYHvqZ/RUJ6Ea9ZGE +8KuQxGAHuLWqaf/3GrL/LYIs1fTJ7JTNMu+PSec8kf9I5AxItPzb+uSwI9hXQxhl +NJ8V+Zjs9Q3GX/59wS3DcHF4i8b88I/f7aLGwHOoRyT/UZPXPGIrHS9UWh/50//Q +/GLreivoW65Cfj7oNi3wMTYwZB5MyPY5q9MRcYyEPa0GNM0GzzYfIEkQz8nuSL/q +WQrmLmlS6Ktw5L3HXsUaKinGt0xI7jLGWh4ysnrjMNxKzRt2LITqSPtoTTR2JB6a +5/6544mB2FGErpSd/LgGTmwzOgloZLpsQgsN6xjpUvsCAwEAAaOCAQYwggECMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQF2gQgjAL0KEcKz2x3LQZm +E9qGPDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0 cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn -L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQADdQIlJkFtmHEjtuyo -2aIcrsUx98FtvVgB7RpQB8JZlly7UEjvX0CIIvW/7Al5/8h9s1rhrRffX7nXQKAQ -AmPnvD2Pp47obDnHqm/L109S1fcL5BiPN1AlgsseUBwzdqBpyRncPXZoAuBh/BU5 -D/1Dip0hXgB/X6+QymSzRJoSKfpeXVICj1kYH1nIkn0YXthYF3BTrCheCzBlKn0S -CixbCUYsUjtSqld0nG76jyGb/gnWntNettH+RXWe1gm6qREJwfEFdeYviTqx2Uxi -6sBKG/XjNAcMArXb7V6w0YAwCyjwCl49B+mLZaFH+9izzBJ7NyVqhH8ToB1gt0re -JGhV +L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBWv4PhHGVpiLF5M3Rn +qQLSoRFjKqn3N9We81RWwVRpBzwoUEaHizelaVct9FJg6t7Fk/D8F0wag5EFKlcg +KQ8fd/0qLE393uwGb4Dvql2w49NFFDUsk5FC+pMUDAYsWHyFu26WKY5kfaMwNMNJ +HK6e4m6+Wmoy5ulkatwDJRDqkyG11YJ/p0n0HAG1DBJoL9079U+xQxT+9a2f7TaO +B/UbQNOvOgqaddk5uUDTjqnY/bltbAAuuI1ZNMrPCCNUorcdhySJb1tlF/JXTTB6 +N60XqYRYnk5T1yftNU0AA26ggskv4MMDwgYCGsyZuCX9vW+XsArRQJ5fsSZDiO7R +8FT2 -----END CERTIFICATE----- diff --git a/testing/hosts/alice/etc/ipsec.d/private/aliceKey.pem b/testing/hosts/alice/etc/ipsec.d/private/aliceKey.pem index 045ef0405..51f9c0d92 100644 --- a/testing/hosts/alice/etc/ipsec.d/private/aliceKey.pem +++ b/testing/hosts/alice/etc/ipsec.d/private/aliceKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEArsXK+QTXz+i6MJpN3wZcE04f4K+jLSJsnyPaw2wGt6sZLWWD -FGzzNpV8r1+ixp27RRl5Ygew4qR7Dnjr2w++QorZIYYf6m77H7E7++5oQbgWWQC7 -yIYVYtDJwu3oEl9yrDsVPyvA24PXxdcFeY/uFFq+L9MQSVtVgds7uWbxPlbqFOv+ -xh12JIHtf39trskHLqXGYFxQDHluOKIctpb+WV5+SrKFzp3Dme89nYNyG8e/8da8 -sX1uy/FsGQdTT/P8ISxG4wEjsQ8QvivHdSqa4JQCqIwlNLcisNoiV8k4tZwqVuyc -TqEenCa32gMH2JYFj1Z5lRIC0kYXDhvsUJm9DQIDAQABAoIBAEsjnnARNPeeBu5+ -aJxKD6v9Gpdu66ir9Cc3MwZxmzG7zcdGrWRKswX0nvaHF2Rsy+aZXSZYSCQosv81 -3bEAw7u4FkHjeDVCIZUujatyhEA89N6vAgzkGK2zNgsoXW4IuzRw8mGGXhQCSvIz -z5bD2ofFu560D3x6V/jMWJENQQqbfWuD27OI+bZp92K2DGM6MoSbdNnd886F2oWR -4pQfrwoxmSm7JFFARoe4t6pZPy4G+5jjnrhB3kblxONaV297nvSby9Ctfke7oOkM -A3JpzNzEmrjjb2M8GKkYmbm6P+0ARdYIToD0sFpbRCdjJAKLadwNNnk2kijxPvQh -HNHGy8ECgYEA2uD922oiNaIvBR+rJ/zRsJg7Dth+upGePiieOZdS0S/dZUFEXuK7 -PdLZOcelQP2fIFRdODLEpkkOii292Ej3zixgzu9QYSfCdhcOoeV+RiAC7XEBBMqc -gFI1DdL91KGSmMNZ+B8yocA31pwQQsVFDUpvgqpA8fxsZkRI9oVSiOsCgYEAzGna -At/Kk9AQfiM7fpjBygYUt1ZErHsPJhLPVXmqx7+FuB2+RQvTMBS4sRdG6yC4Kd1y -CNIo83Yzv2IQGyNOCcGr60OPeqzTSQ6AUn7VxMY5EJZ880nfXBud7mj+CbyFi48V -Sh2qziF18aUYm7z4eJCTpLlFjPzHcoU1ORM0U+cCgYEAzCWp4Kp/OdMJVBgThXpz -AekavGAE43LKS2OLIGAZqG6iaryTToTe62zrms6xPYrQjlDhmXcQn5/oZc0AEukL -6ErQCHKBX/y7jXU3+pyYSEO3N0t9DcEEc1M5lKlEgrwohT8/fQNsMB2edxacvApO -u3S/yPmPFaTAXio2e2gicP0CgYEAp3PjM02PDu14RUypdTjAL7YxjErwcPdSXpc0 -H8pOm9mKOlyrPLbGJ3IiJnhyETW5iBovS4iWIXNoStSTaxfN2vI72rt6sz0WzJdD -idD7X3oezzboXwjaIANDqkV6LhGwuLXa898/yCLjErRzZ0kzptiRCnT3w9pjrK3w -/rN7v2sCgYAEwfgrwjb7+JUaSSaf6TlbM9/ZuTRBVN0OTQz2JVhokeAePeFjHzXt -nzJI2ETYlIu6e1VaFzHb6dp84PzWfLV7Kk8hZqJeCQN4RmQ04oNBllWoOZPbN7oa -8pAMk/DCsBxcM/GvnDQJlDVLQRyY64zJU8EI0rF1t+zosIyGtXom/A== +MIIEpAIBAAKCAQEA2I1qSBHmly3Q2qKt88kRv17dhmRge+pn9FQnoRr1kYTwq5DE +YAe4tapp//casv8tgizV9MnslM0y749J5zyR/0jkDEi0/Nv65LAj2FdDGGU0nxX5 +mOz1DcZf/n3BLcNwcXiLxvzwj9/tosbAc6hHJP9Rk9c8YisdL1RaH/nT/9D8Yut6 +K+hbrkJ+Pug2LfAxNjBkHkzI9jmr0xFxjIQ9rQY0zQbPNh8gSRDPye5Iv+pZCuYu +aVLoq3DkvcdexRoqKca3TEjuMsZaHjKyeuMw3ErNG3YshOpI+2hNNHYkHprn/rnj +iYHYUYSulJ38uAZObDM6CWhkumxCCw3rGOlS+wIDAQABAoIBAFh3/ZGP7pqYlxib +GWHdJSj/gpTi8R/utaV1s/L3ZpearhAJRpDM1sMw6bkupHO4GEl0M7ybudFYu5Ru +/4w+jI60oqX6FiavYCKJazt4+uo+fm73tU6qj7qe7pyzl3YwwAE7dC9JKqY8n4K+ +m+UkPFx7CkLRzdN1NakeVut1TwzU/cUtAV8iY1yEtw/KyiyL/I7aJ3zZ1pg+5kRS +JLKDrRlf0xQ+I7AY12XrSimbLqxmyVmWq74Fm/YAWGgvi/Nx04Zg/C4wp4A+izFt +N8zWjktY1brRrCnRfUEcevv5hPqFxfOPFmB9x7mX/8eH5v2T+XR9swoF92xWHxQ5 +7tcB4NECgYEA69dBy4God5TW1FyT7DbgKHd7BVtOVLjsbQxc8UNBN/mHemUGMs1v +lemW0ZPddU2/rqd3jlZuP4zv/6D9OZ0omi8auejO2WwAbut6JBX+dlvF9+owyU3h +CraycFaxZIMn+JzXbIunmVUrVE1QvpBFaNXlC47cO8CmQlMV0nChzZ8CgYEA6xAV +F1L0iqISsCu0q1iM4LtHVT944o815B8RlREOPxROXJaJQ8phVQgT5PXRkHZDn55Z +mKqkAX2KwjBQj0KfUvmJ6D8T6OZOe08/oSwiBrBpSQsH3AA7mmDXyT3gRsma0jnj +cNGjecG9VXbJiZnBetGdLuvSnVYfdkcw4atthSUCgYEAhaFMaJEo8cjmCSIDtt5J +GOTKUfiwY5T8cbWFnDatZ5f9yb4gSvzYcysOB+Yun17Uc5P0TDRw95VWD5Qap2CD +NwnlrN1bBxsJC9BlPrkvm8TYYWbTCd0U3Es0xC57CSa/qUDFV32yE1GM4ZGFZNS+ +X26C/4+M/lZkXkRRoxGqvKUCgYEAugOyDRESf5qeG1ea03Vxlm3dlzJxYShfRzTm +3wXuNjDFijN+UG0Y9Qc9ZxS4UA+ml+vhjxSKULueUOmW9qeMGUdrwKQaB1YpiR8/ +hTW9f3me97SI9aohgJteZ9xVXO8xW2d/+smLClEsmTM1bXSFTcIPFxB7TRLYNutD +XXIhaxkCgYBEQECMTKNZcGf67fjmA6PMpMGlwbVGmyXYYK4I+IRNUFWyrpNalmr/ +LXj7m1EYcx4BK7BrpDUgnm8q37BAwYOioLJFWLK58iW1B+Qvg6jlwnr+ZaYhZx94 +D/SL9GuQQTQtxlFex4Wale7R8xNdt7xuVJD6pE3mFVkXN4+OrI+EWQ== -----END RSA PRIVATE KEY----- diff --git a/testing/hosts/alice/etc/strongswan.conf b/testing/hosts/alice/etc/strongswan.conf index 4e52c6a6b..ba5dbdd1d 100644 --- a/testing/hosts/alice/etc/strongswan.conf +++ b/testing/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/hosts/bob/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/hosts/bob/etc/ipsec.d/cacerts/strongswanCert.pem index 0de3b268d..0865ad22e 100644 --- a/testing/hosts/bob/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/hosts/bob/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMDE0NVoXDTE0MDkwODExMDE0NVowRTELMAkGA1UE +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f @@ -9,14 +9,14 @@ FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc 4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ 7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr -K+1LwdqRxo7HgMRiDw8CAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud -DwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0jBGYw -ZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD -VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg -Q0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAJrXTj5gWS37myHHhii9drYwkMFyDHS/ -lHU8rW/drcnHdus507+qUhNr9SiEAHg4Ywj895UDvT0a1sFaw44QyEa/94iKA8/n -+g5kS1IrKvWu3wu8UI3EgzChgHV3cncQlQWbK+FI9Y3Ax1O1np1r+wLptoWpKKKE -UxsYcxP9K4Nbyeon0AIHOajUheiL3t6aRc3m0o7VU7Do6S2r+He+1Zq/nRUfFeTy -0Atebkn8tmUpPSKWaXkmwpVNrjZ1Qu9umAU+dtJyhzL2zmnyhPC4VqpsKCOp7imy -gKZvUIKPm1zyf4T+yjwxwkiX2xVseoM3aKswb1EoZFelHwndU7u0GQ8= +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= -----END CERTIFICATE----- diff --git a/testing/hosts/bob/etc/ipsec.d/certs/bobCert.pem b/testing/hosts/bob/etc/ipsec.d/certs/bobCert.pem index 199d3eee2..00ecd5a2d 100644 --- a/testing/hosts/bob/etc/ipsec.d/certs/bobCert.pem +++ b/testing/hosts/bob/etc/ipsec.d/certs/bobCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEHjCCAwagAwIBAgIBBjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEHjCCAwagAwIBAgIBGjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjUzNFoXDTA5MDkwOTExMjUzNFowWDELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwMDgxOFoXDTE0MDgyNjEwMDgxOFowWDELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRswGQYDVQQDFBJib2JAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQDAJaejS3/lJfQHgw0nzvotgSQS8ey/6tvbx7s5RsWY -27x9K5xd44aPrvP2Qpyq34IXRY6uPlIqeUTQN7EKpLrWCxMOT36x5N0Co9J5UWRB -fJC141D+8+1RwJ9/baEIecpCvb0GfDOX0GXN5ltcJk82hZjE4y1yHC1FN7V3zdRg -xmloupPuon+X3bTmyMQ93NKkg48CQGtqtfwQ0MqPiOWu8MBhdztfOyu6aW3EgviF -ithLc02SeNzlpqB3M8GDfX+mr3OVDhhhC2OI+VRlZzz7KxJ13DUR2KkvLZR8Ak4E -5lRjkUnTYd/f3OQYxfjC8idUmj5ojR6Fb0x1tsV/glzXAgMBAAGjggEEMIIBADAJ -BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUaLN5EPOkOkVU3J1Ud0sl -+27OOHswbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ +AQUAA4IBDwAwggEKAoIBAQDXwxTtozmxKaUhC0T5HvxVShfM5jQQKwIzSVAZeXUp +BgQ2uLT9Hn/J7boaUIE1Xf11zCRIlcy5Xkupha2gfqEmRbefYAOr/NFuC4pPEDeJ +jWg/miCZo9/DH2iWvCvU4GCcrY/LKDeDoKL9fc9H5FTtA/Y1ugbooOO1yoV04eot +MmvmYcqUtCX+h/Of9xM0w0m6aoDIXAhjcKEPMg/WL5acWuVVaWONa+x7HoQUDe+9 +MgoB1VmaoB77VYaK72jBhbvonF8GjEb3RiukfuMIOk5yN9OHzA9ODJbTDvSmmQkt +h/oEHAL/tzOQ2zjEptsKvwq/3drGbdREO/cp39I5/ZRFAgMBAAGjggEEMIIBADAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUYUK/uIcou7BS8ODHk9Ro +PGJP1FcwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHQYDVR0RBBYwFIESYm9iQHN0cm9uZ3N3YW4u b3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcv -c3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEEBQADggEBAIyQLLxdeO8clplzRW9z -TRR3J0zSedvi2XlIZ/XCsv0ZVfoBLLWcDp3QrxNiVZXvXXtzjPsDs+DAveZF9LGq -0tIw1uT3JorbgNNrmWvxBvJoQTtSw4LQBuV7vF27jrposx3Hi5qtUXUDS6wVnDUI -5iORqsrddnoDuMN+Jt7oRcvKfYSNwTV+m0ZAHdB5a/ARWO5UILOrxEA/N72NcDYN -NdAd+bLaB38SbkSbh1xj/AGnrHxdJBF4h4mx4btc9gtBSh+dwBHOsn4TheqJ6bbw -7FlXBowQDCJIswKNhWfnIepQlM1KEzmq5YX43uZO2b7amRaIKqy2vNE7+UNFYBpE -Mto= +c3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAEIkmrK7GPm4H/FAEVCN +775XpuofsfGjT/bO/aPCqb+uPwwcKeUfxzICQDEqMv+mtxGuLjtfmTWwUcoPMgN+ +2HZDJGa1+kK2VLUz3QBIQXSdusbITb0ND/xCvbGwsk9y/0DGBnAo3xNBNM73ZQ8k +/A7mQ2nnQfzI9gQ342FOuTTb/kwrVNixQI3dhvf6Th5Dj5rZfQs6c09+9jRLGBFx +g7qQ1gej0fi6XYX4cSNwluu/Vo6xT5epEeTU5KoYn0mtOqFx6AY8xzIqQLvY4m8g +viGoGRqId1gqNiEfshb8KICPI29WyiBRzMKO6reeb+446A9CSLgMW0Ze3SCRXrjr +2nQ= -----END CERTIFICATE----- diff --git a/testing/hosts/bob/etc/ipsec.d/private/bobKey.pem b/testing/hosts/bob/etc/ipsec.d/private/bobKey.pem index 42af98bb0..e74392bce 100644 --- a/testing/hosts/bob/etc/ipsec.d/private/bobKey.pem +++ b/testing/hosts/bob/etc/ipsec.d/private/bobKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAwCWno0t/5SX0B4MNJ876LYEkEvHsv+rb28e7OUbFmNu8fSuc -XeOGj67z9kKcqt+CF0WOrj5SKnlE0DexCqS61gsTDk9+seTdAqPSeVFkQXyQteNQ -/vPtUcCff22hCHnKQr29Bnwzl9BlzeZbXCZPNoWYxOMtchwtRTe1d83UYMZpaLqT -7qJ/l9205sjEPdzSpIOPAkBrarX8ENDKj4jlrvDAYXc7XzsrumltxIL4hYrYS3NN -knjc5aagdzPBg31/pq9zlQ4YYQtjiPlUZWc8+ysSddw1EdipLy2UfAJOBOZUY5FJ -02Hf39zkGMX4wvInVJo+aI0ehW9MdbbFf4Jc1wIDAQABAoIBAGbSP5jUiAYZfzKd -4GZTDfFXz/QLXcN9bFV51ihaRNb9jyn0MmLTpGgzGP3Iu4l8vWKyqB154AI2jqpV -gvnNGOX9Wx8nTwbnD5WgELs24M1iWRXcJLWp1m8PAsrv4WJlueRpIEPeJsWwkSnT -gUQYg/8LEqsZXnJXvanym7sWe/Wkh8i/UyMQJv7zwS+TZ5qeKRfSVo8/9622Ppsh -n+zKFKnTUhiICUHFed4qZWyVR6NVyuzIYjeQy+VmBa5AOzmF549Izg6llwNrvJ8g -DiIKSdtblMrN5OlmTra8LGn2QmlETipRb+4qx+MasbVI8pM1VMMQtBGAJYjhpC51 -rX/RLLECgYEA/Qk9PlUfw2aTA7I6a93pcjhUFTnKFVe9RdrwY7mds5t7dOAPcRBj -5wnIv+OhVszoEo/uOPrgWmBu3ifkmcpPTe4NREFEVA99NOadiJDI/7oAj/Is4c5t -CEb/zHTqKtYMVDrjwhszuPD3m2KNIJ38y4gkkrWT071xQBciztWhvYUCgYEAwmXV -DFoNagTrNhf7Ep5sUek0O3nXPXY/cYKnKhlloUP41ftLbNvZ02qBQ6zqxPHtjGlB -5sPeRQMFbVbmyb+97oa3Mrui1TPiTa5IBPyD36Gg0nFx+xLeXTsy8O8leoFcq02D -1SDSye+fEdj2uYr+f33CIknQHUR4/xkOikgSQasCgYEAzTjOHBzsGw25VLkbmtqr -eIDo6SIqnS7BCsPsTeWAWuhSs9L5kyjI7dxIniEffIfJ/SwQ+NO4XHRz1ugiBv1H -Xpwg1Gfe5BJ/6QTVZaqP6qBPzm+LKUTDt3/l/Uwhk8Zwz2vHx2lKhMei+rpuXbLl -EaoEh5yPHZ87F9Dr4Tbw7AUCgYAjtFpmE2AlWdPtsofdypUwkjmStvUuh7ptWcbk -N5fv/7EDdE1NKDAg4Y3uZSMVmy27PVXqUY1QdZaYl356DaqP1dRuEAJ/UDE/fUQj -DlIWT/Re0pFRwQxwaUAY+oOStZHUsL8G9SliB43a1FO0jm/h8LIoZBBCX+ItUGfY -RBZ+UwKBgCToB2oPwDfrfCkScNozV7GPfcmHTR5bvvpYgRMGyuE1hAwLIWW9V4u9 -1Bp1vCR/C4kiUSBpYsGXLRqJ1GURueQoEbREE4ZvkmNV+t40uX3Fd8/OchAGi934 -0jYmd3dvN4MtF7O02YwpBzuH/wAwdxK0iDbdv+KEZb7TLdL37IN1 +MIIEpQIBAAKCAQEA18MU7aM5sSmlIQtE+R78VUoXzOY0ECsCM0lQGXl1KQYENri0 +/R5/ye26GlCBNV39dcwkSJXMuV5LqYWtoH6hJkW3n2ADq/zRbguKTxA3iY1oP5og +maPfwx9olrwr1OBgnK2Pyyg3g6Ci/X3PR+RU7QP2NboG6KDjtcqFdOHqLTJr5mHK +lLQl/ofzn/cTNMNJumqAyFwIY3ChDzIP1i+WnFrlVWljjWvsex6EFA3vvTIKAdVZ +mqAe+1WGiu9owYW76JxfBoxG90YrpH7jCDpOcjfTh8wPTgyW0w70ppkJLYf6BBwC +/7czkNs4xKbbCr8Kv93axm3URDv3Kd/SOf2URQIDAQABAoIBAQC/GZwptk5c6ePF +1rNqatVXvV5DLwmh4FX8ksyNI5Rvl1KYHRTAtAi/Ev2oXPF0ESFy+jKQz40aCbi+ +FxZndoDI4yr10BaweCYOb846pMRr4oEZBCwnqIuByQnbqCKyU2F+pAMeDyrMPLTg +DFRQ+p11p/KkN3XzCL1mwE9f7NB64fIwIaoAPb5EzELq3SXbBn1MCDPcvZEeyqUW +jW9OGe2hmen7Vk7JLE+2XU6Wyo6X4RWkj2lpOxofuxff4pI+xoiWmZxV93FzZoCo +R55TP0AtgyRUQyRrSgSV8T34sZI79ZBt1N6JBdnOl8sl4niQu5laBKJGKWnEiiPE +w7vUmHLBAoGBAP45AScORw0eb8K4Xy1UAaWZnSzN4z35QxkjelQ05Hkd9lrpwRBz +Us2Yo35spvaI+/sYmnYC6vdnFRTdhVfHY4uTyODWOawhMM1mnWoRo0MohCyBBOjZ +XGeOROWV4uGld6dLj4zoKfDWyw2y9ChT8kxidSmJajxese6DovTv1ov5AoGBANlF +PgRyOCUZK5I1XTzkbt4GMUrRh3gAnTM84enjJHtxo+IZuwhVA8wgfl6k+LXAP49k +si3HnmsAAezqFJOapbBf9zZSCTPTYDFk9qyu8TXw32K48obhb3Ns80Ba4sqVCixo +K3NpOE5OaNxEdBHmi39RJf1fyUNZ+u+cz4xXdiWtAoGAChXo3cvLNdIHTQpTfFDg +39kAS06/vS2uY8jsiXqvtb5ij6jGaAirOEzd754P4af9lzCasCPdfoMwaut+5sSa +RmdOiNz23MVUUlHH3PVmLLvmwn073KEC8XjLcvBHV/xgitqMj2KGh29+DsUSuqbZ +7f3Z+BPjixGWrYe7Z0w8jsECgYEA1a/MNwM/RP1kZQAnG2Rvxd3BTRyWZ+fytBoE +9st3bhFuZUl5MdCrU3AB2YPXOKpD2PvoYi4aGJKBUklGw4UtwDIiKUK12kriKLJs +CZplke+9RJMxtIaz3oohFAJPW38J6nLpiTDLN/jWGQ0aOyDLwgRFoNU8VQmCS3em +iRjcEmECgYEAgyrUsD+qScWzS3GvkZITcy20+iCVfxXH8ZznNVHGFoFZ+3uu/kH+ +u0yXPXPux2t5P2+Ybm4ojV09/QWaJgHVoL7PBiyk5AhXO0A1EK0NG8uJeYaMthJk +D6RrYXqdmKrSEDTh2DvE6W149sRgO2Z3b0FGgzjYjhSFF/ePZxAFiIQ= -----END RSA PRIVATE KEY----- diff --git a/testing/hosts/bob/etc/strongswan.conf b/testing/hosts/bob/etc/strongswan.conf index 4e52c6a6b..ba5dbdd1d 100644 --- a/testing/hosts/bob/etc/strongswan.conf +++ b/testing/hosts/bob/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem index 0de3b268d..0865ad22e 100644 --- a/testing/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMDE0NVoXDTE0MDkwODExMDE0NVowRTELMAkGA1UE +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f @@ -9,14 +9,14 @@ FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc 4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ 7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr -K+1LwdqRxo7HgMRiDw8CAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud -DwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0jBGYw -ZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD -VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg -Q0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAJrXTj5gWS37myHHhii9drYwkMFyDHS/ -lHU8rW/drcnHdus507+qUhNr9SiEAHg4Ywj895UDvT0a1sFaw44QyEa/94iKA8/n -+g5kS1IrKvWu3wu8UI3EgzChgHV3cncQlQWbK+FI9Y3Ax1O1np1r+wLptoWpKKKE -UxsYcxP9K4Nbyeon0AIHOajUheiL3t6aRc3m0o7VU7Do6S2r+He+1Zq/nRUfFeTy -0Atebkn8tmUpPSKWaXkmwpVNrjZ1Qu9umAU+dtJyhzL2zmnyhPC4VqpsKCOp7imy -gKZvUIKPm1zyf4T+yjwxwkiX2xVseoM3aKswb1EoZFelHwndU7u0GQ8= +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= -----END CERTIFICATE----- diff --git a/testing/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 8492fbd45..6c41df9c7 100644 --- a/testing/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBCjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDEwMTIxNDMxOFoXDTA5MTIzMTIxNDMxOFowWjELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBALgbhJIECOCGyNJ4060un/wBuJ6MQjthK5CAEPgX -T/lvZynoSxhfuW5geDCCxQes6dZPeb6wJS4F5fH3qJoLM+Z4n13rZlCEyyMBkcFl -vK0aNFY+ARs0m7arUX8B7Pfi9N6WHTYgO4XpeBHLJrZQz9AU0V3S0rce/WVuVjii -S/cJhrgSi7rl87Qo1jYOA9P06BZQLj0dFNcWWrGpKp/hXvBF1OSP9b15jsgMlCCW -LJqXmLVKDtKgDPLJZR19mILhgcHvaxxD7craL9GR4QmWLb0m84oAIIwaw+0npZJM -YDMMeYeOtcepCWCmRy+XmsqcWu4rtNCu05W1RsXjYZEKBjcCAwEAAaOCAQYwggEC -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRVNeym66J5uu+IfxhD -j9InsWdG0TBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL +AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx +6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ +Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V +Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G +I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov +x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5 +tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCxMEp+Zdclc0aI -U+jO3TmL81gcwea0BUucjZfDyvCSkDXcXidOez+l/vUueGC7Bqq1ukDF8cpVgGtM -2HPxM97ZSLPInMgWIeLq3uX8iTtIo05EYqRasJxBIAkY9o6ja6v6z0CZqjSbi2WE -HrHkFrkOTrRi7deGzbAAhWVjOnAfzSxBaujkdUxb6jGBc2F5qpAeVSbE+sAxzmSd -hRyF3tUUwl4yabBzmoedJzlQ4anqg0G14QScBxgXkq032gKuzNVVxWRp6OFannKG -C1INvsBWYtN62wjXlXXhM/M4sBFhmPpftVb+Amgr1jSspTX2dQsNqhI/WtNvLmfK -omBYfxqp +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul +GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7 +ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr +F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ +L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK +ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k +Rf5Z0GOR -----END CERTIFICATE----- diff --git a/testing/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/hosts/carol/etc/ipsec.d/private/carolKey.pem index 5a41744f6..41a139954 100644 --- a/testing/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,1E1991A43D0778B7 +DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429 -MAsd1YBlHz54KjvBvhpwDBewinBkxBo/NmdsMetLIcV8Ag87YcKtTXYju+fbW21y -DI12iPDQeS9tk17tS8qE5ubWmx/8n0fa5VCdLZ06JK6eeASXNoomXZh5rGsd42It -sj0irWAnbIA3nFFWQl+Uz5pGZMse7aDSNyk1zs3xtywFIaditYIBsRhrTVmJ/bCK -waVr++S2pwUHJ/phKoZQ8pwgF5KtYOZxdNtYIzfOZNMoplESR3+WYBYSuW8BKuOc -QAign/BL2JVJLD4OpHQ68D8Su2sbh6ZYA5jslZLDgG9O7eiMbkCE+N8DmKO6wNAr -zB5ILb4u5dIyTqun32tOENEhpZqDdMQtZZ34fRBze4IoMx9LrEOAHdZAQyyERP80 -iJCnH8BNf6FerA+XeDs4LVd1yrCklXKFINatqSRP/tNY3kruKw2Q7cAi2AFf+Rv6 -1lrvwK4MiLSHFtzcgEJuxm2bxeceIwXLJ2AVlfLBJvK/yJlq0MPedFbl6E6UwKfw -cMLokF3sa1XrfwpJ93enGLqdpJrkR3dTzrsshjIhjQqfc8lqLwRlbMGc9u+V0ZsK -OJ8e26wc/4l5D7CQ1vmgT/R/tuydBtUskgH96anhNJj1M95odkoh4Zicmm5iLgy2 -kluVYiEk0Fs7hc5Qtv8ZLN7ZoBRvZfJZWhXHDXmh71g1aoVYacIkFwiTMX4NoDy5 -QVq9tFUZ1TW4VrNIzfq++rLoz4XlgVy0Yz8jNWKuB0KRuHPNSsQUY2NHkDX+wOjq -MP1SfNDxqPoqrmCqbgMw/9DmeOj9gyiTyjZhPZTxFOp67FYEYzYtR6bLQKEhdgf6 -iOVROZyrFHMZdBiUgV8GECds1th6ZYWmNRGdvxYjSjExIYgkDrcWbowTqD0bFC9b -zClaSqrxR6GHUzbUVOBuCP+RmUx4j6gPvMRLUcIn5RmpbGtPE0ixeB5sFB0IuRRW -6u2YToCiuq3EG1iJRmxjnBa/zj1aBO6OlsE/aPc0Sx+Jhm+MUbDioxUAriX96bJ+ -DEB4zgDhC0vIvkkUVAzQMkWPX479nPDmiZLpMqUIfqUh75WDpHbCladyGMgSkEo0 -IKq96oAWHJC8WLH0UMxMNuf8Ut+TsSpIO6G0RPl/cx3+hQqSUC5oUB7R3ZAWYx+6 -mawjkNJEx72yeJmQtGiZYEfeMt0Svm10PypMXFu0+2JjiS2eRj2K1yqrUnuL6AnY -GYYmTmR74dnVAd35bRYJjY1XHGC9MyqBn4jLqKZm1BKO3sFsctGDy6vybnvAgPD7 -LioGQHPiOZmQe9Q5mMLedE9NAUCzlR8BHRbWtlnajQWcC0JcVu/mBQsjOt/KHh/V -CY4aFXE56lRH2OpqZQxFpBFOSFDcuVX+zcEBGmKfk65n2MFL4McAJUhVRZL561Zx -r9BvILv1Ld6/hECbodq0sUqvbDYHzv25zxAVKSIk1xy85mP5aNbk8xuGHmm860wg -YOqdePwBEcDHoio+ov/uFYB7+4gt40vV90EzSiyfdq8x9RFMViJU430IkIBcvByo -tFFcbN8ucBozxtl4AX495GVSRI7V0XXBtEdOIwJIzPBylZOHxCuTnA== +mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq +i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH +jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx +m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce +pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq +J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf +dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB +h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC +/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY +EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV +pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe +sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz +kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk +gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja +OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53 +D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM +bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo +BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx +7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB +UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs +H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB +y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA +zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty +AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6 +nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J -----END RSA PRIVATE KEY----- diff --git a/testing/hosts/carol/etc/strongswan.conf b/testing/hosts/carol/etc/strongswan.conf index 4e52c6a6b..ba5dbdd1d 100644 --- a/testing/hosts/carol/etc/strongswan.conf +++ b/testing/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem index 0de3b268d..0865ad22e 100644 --- a/testing/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMDE0NVoXDTE0MDkwODExMDE0NVowRTELMAkGA1UE +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f @@ -9,14 +9,14 @@ FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc 4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ 7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr -K+1LwdqRxo7HgMRiDw8CAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud -DwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0jBGYw -ZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD -VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg -Q0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAJrXTj5gWS37myHHhii9drYwkMFyDHS/ -lHU8rW/drcnHdus507+qUhNr9SiEAHg4Ywj895UDvT0a1sFaw44QyEa/94iKA8/n -+g5kS1IrKvWu3wu8UI3EgzChgHV3cncQlQWbK+FI9Y3Ax1O1np1r+wLptoWpKKKE -UxsYcxP9K4Nbyeon0AIHOajUheiL3t6aRc3m0o7VU7Do6S2r+He+1Zq/nRUfFeTy -0Atebkn8tmUpPSKWaXkmwpVNrjZ1Qu9umAU+dtJyhzL2zmnyhPC4VqpsKCOp7imy -gKZvUIKPm1zyf4T+yjwxwkiX2xVseoM3aKswb1EoZFelHwndU7u0GQ8= +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= -----END CERTIFICATE----- diff --git a/testing/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/hosts/dave/etc/ipsec.d/certs/daveCert.pem index abd1554e5..f212e19cf 100644 --- a/testing/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBCDANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIjCCAwqgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjY1MVoXDTA5MDkwOTExMjY1MVowWzELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwMzczOVoXDTE0MDgyNjEwMzczOVowWzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzARBgNVBAsTCkFjY291 bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDGbCmUY6inir71/6RWebegcLUTmDSxRqpRONDx -2IRUEuES5EKc7qsjRz45XoqjiywCQRjYW33fUEEY6r7fnHk70CyUnWeZyr7v4D/2 -LjBN3smDE6/ZZrzxPx+xphlUigYOF/vt4gUiW1dOZ5rcnxG9+eNrSL6gWNNg1iuE -RflSTbmHV6TVmGU2PGddKGZ6XfqWfdA+6iOi2+oyqw6aH4u4hfXhJyMROEOhLdAF -UvzU9UizEXSqsmEOSodS9vypVJRYTbZcx70e9Q7g2MghHvtQY6mVgBzAwakDBCt/ -98lAlKDeXXOQqPcqAZSc2VjG8gEmkr1dum8wsJw8C2liKGRFAgMBAAGjggEFMIIB -ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU3pC10RxsZDx0UNNq -+Ihsoxk4+3IwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx +DQEBAQUAA4IBDwAwggEKAoIBAQDAB/JTbwVY5oNF0+8Behdbc0NOeX+bl0SOcgpZ +ha6nbMBQO41jtOI5r5Xbg9sK9l+DYOnZQZEsEhIVZDoK8yGI/FIEE+gWRf+OLmI8 +k2K+G1dklTC/VP2tZWMQYQWs6UnX3iiVpHccI3CQqqJWe9fZsIsq0J9j9hu6h9dG +IEbon6RXDLPI5DIiIKc3r0jDHNDsIUDzcjuUdCxKFCMuHUCfa1PBiqpj5pP6XT0G +gI6UjbgnNWPTPb2axE7P1x5gQmVwiFiYs+VTh2fq9O9xNxnn/YmzLk4/YNly7xYX +Q31NuhSvRpH7jsJ1p4VSuunYqvccPUKsp5PvCtCeGvNT2qt1AgMBAAGjggEFMIIB +ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU7n842u6huBpBd394 +8mdL6EOdjg4wbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD ExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQAnotcnOE0tJDLy -8Vh1+naT2zrxx9UxfMIeFljwhDqRiHXSLDAbCOnAWoqj8C9riuZwW7UImIIQ9JT9 -Gdktt4bbIcG25rGMC3uqP71CfaAz/SwIZZ2vm8Jt2ZzzSMHsE5qbjDIRAZnq6giR -P2s6PVsMPSpvH34sRbE0UoWJSdtBZJP5bb+T4hc9gfmbyTewwMnjh09KkGJqVxKV -UC/1z1U9zb3X1Gc9y+zI67/D46wM6KdRINaqPdK26aYRFM+/DLoTfFk07dsyz7lt -0C+/ityQOvpfjVlZ/OepT92eWno4FuNRJuUP5/gYiHvSsjZbazqG02qGhJ6VgtGT -5qILUTmI +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAyAbxrpMtTARw3 +jvBwuapaHXnTppz+TkWyfXVpgTwtPlf3rbhPk4DjhT2ygyMTI1azoqProf2aBbDr +DldCSQPsZAcuzOdruKKMo2CQwgLuBFXL+JUX0hiIpFS1ZZHA2aDKyUw4OyADOvDU +8r1/WiwRb91TdYP9nEu9qP30k0vkUg8DCbCmPI1/MVaxVzh9LRAFyOHrnKSCXG7o +StmVFm2Yf3pE4HS1W6DtommyPs7aUD5XAaQdr3DYKI/TazoU6t5g2aEqigu+pj2M +qk5idJkx5VCFvUU1hlChyX6NNNjJNnV6u5YiuatcdYQhpCTBsxnBoM+w0BvNOCl+ +1PdgEy1K -----END CERTIFICATE----- diff --git a/testing/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/hosts/dave/etc/ipsec.d/private/daveKey.pem index 1cbaa183f..c0a5b42d1 100644 --- a/testing/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAxmwplGOop4q+9f+kVnm3oHC1E5g0sUaqUTjQ8diEVBLhEuRC -nO6rI0c+OV6Ko4ssAkEY2Ft931BBGOq+35x5O9AslJ1nmcq+7+A/9i4wTd7JgxOv -2Wa88T8fsaYZVIoGDhf77eIFIltXTmea3J8Rvfnja0i+oFjTYNYrhEX5Uk25h1ek -1ZhlNjxnXShmel36ln3QPuojotvqMqsOmh+LuIX14ScjEThDoS3QBVL81PVIsxF0 -qrJhDkqHUvb8qVSUWE22XMe9HvUO4NjIIR77UGOplYAcwMGpAwQrf/fJQJSg3l1z -kKj3KgGUnNlYxvIBJpK9XbpvMLCcPAtpYihkRQIDAQABAoIBAQCQP7nKotjNVFSX -Sg4Sv9H61XUOlaxY5GKVQZTE/P7WkBMIROEYbXoE35og4tYvJtILoX+KapkLa7Cn -iKDSt1J7ZU/DitryNy6v/HsDYXjEY55jqEBC8CmTyKwl3fa0OtNEE7OWsKXC4FyM -J02x7gJb9fqa1/udXnXtBEYGl0g1x/vDmuhLgKyq6eliTm/orAyjGK2KfRxu06eS -YUZObr25wC7yDLHCBsWHGNVC7ZyxQoxcPOu9WNwlWYu92ZJMdf3+rIgZSeXxCn3U -3CWAC9tL1HnKC/twbyWEc2Gy0lZaQSgTJzaRtKOlqBTc5Szb4l1ibmyeAA7NanXK -wnUYfiZRAoGBAOWW0+4lzZhWOxK/cYwM5+eoI66MhPECFVK2sL8iC34BKGFRCrSd -YS/nugWiAu30knIBrw8z9BN0gYEfiE/EZyP5TbjtabKDN28xQa1+bw9Sr+5g5TcR -HFvZRkJWSYGoIuVO22eXUh+1hwx3KZP/UX6pwkrc2dxQLxNk0mo/BexPAoGBAN0/ -geik9GNIjbKwSPLvIIwcmO4TZja2RJy9NCTJOrJZFpCII6HvOiO0eYx3+So+KblG -n4AUxrhi4jq1/mAA+VUt4B9ywKH8xzGwhno78dJ1lvydpuzXSTHOEgsWh9Kme05P -syt/t1C0ZkWqOKsBGk1f7dU9IOWuOkpVUbbMX10rAoGBALp0S5lUyiu1nDQVljmP -IadZPeE77ZttfbO2+sO++mZSumCOWItmZM9q+gApGwf1YBmGlI1cPBSwwZwD58gg -UUM97IkLBpQbTKHY9uXXkIp5NLf7qSuXkdhmFFE7kmbiDbT83eK7Wc62tf7Bp9qx -t5WOeGQkCCqMVC8D6n6uwDixAoGABV4jErfdzgLWnT01p98xVPTkqPIDitRFOeBF -QZc4O1d5+quy4ZziNjeMs2G9w86aSIp0GDFo2NRdVLtRnpande+U/m5UShnN42C7 -AoAtz8NWlG5mvFxExFaRjX9QcEXlu/KnECkbE3Qs/wewNEXkk3f+VywSfkAJ3f/P -6bVvot0CgYBA1B9SXYhclR3KNZJPRuTn9OQ/TqLmcCMN62dIhPW4WZo2ixZH3YdS -PE/bYmYfZUPt7MnOSNSnuLKineIf1Dipz0gjuSyFGAs5DE+N+8GWYo00n+0e3TLL -pcBj4nOdIVPTZ31IFeVbi06dCYmzLPAGDeLe1M1Z7fakNky1Wv+Sdg== +MIIEpQIBAAKCAQEAwAfyU28FWOaDRdPvAXoXW3NDTnl/m5dEjnIKWYWup2zAUDuN +Y7TiOa+V24PbCvZfg2Dp2UGRLBISFWQ6CvMhiPxSBBPoFkX/ji5iPJNivhtXZJUw +v1T9rWVjEGEFrOlJ194olaR3HCNwkKqiVnvX2bCLKtCfY/YbuofXRiBG6J+kVwyz +yOQyIiCnN69IwxzQ7CFA83I7lHQsShQjLh1An2tTwYqqY+aT+l09BoCOlI24JzVj +0z29msROz9ceYEJlcIhYmLPlU4dn6vTvcTcZ5/2Jsy5OP2DZcu8WF0N9TboUr0aR ++47CdaeFUrrp2Kr3HD1CrKeT7wrQnhrzU9qrdQIDAQABAoIBAQCB4t4dYPKU9xXD +nV4D+bjiukvEQJn3e5F7Z9doReukgwJxQlaYIjkCG6mZGM6H0603B84kjRzMWkyw ++2HnFhyQs1omN/C7YA1C9kyr/GTFgWjTN7YJNEuBhRpEcduM4R55TGLXFK8b8Tyq +HUBAjvOo4qi/BO1Kh6Spvkf1vs83d9clTParD/Tz4QkjUzR5awMKHgOVGgrmTiJL +Miao6ZF0gl6qh377xc3gzQdWh6kIb2RWVL2lR/iSdDP47s2ez8ubMO1v9mu05bc0 +H5YmCVeY4nkzjlVARdCuPulKHxBkStiPEOfnGZkj1F1fjfIoOFnD9MQSYkJuZUoE +6JWiG7QBAoGBAOouYy7W0xRlXGTrahjU9JL+o3nKCRQmvX84Hxy9fx95tz1pS5U4 +7Gk7JFmS9qKhspInnblpjqxA5D3zqoO2gspatg7QfQJpLhbGXLqR7pqp92jbK+mh +4KITqTZRpohtzTWqPxFupzKHo5qDDMJ3m8ArnIVmxM+M0lzpn6Awq5ZVAoGBANHs +NR2voz//E6ZMSpgKb2l3NecFwdwqQQtzghD0wFnNBYV55DJNRuW7DB5t9EdtGgAg +b2bPG+I2RdsZPGnL0EU5+H4rP0YXBGAxoVdaFqjnG5mIRN8mAdnWeVhCH3XBmUP1 +OFe1aghYMyC0ioXe8Vt1yaxeSiMjY4JKtma2DKChAoGBAIedv4CDlg/Mt1oWXwXs +ZYqu/nrsPp+1463GEXZyYykWMsDUtpm/MmGqh118V2pNW/16BcQ3VhF5LvSVpNzM +GCgZqi8gHBUGVlOIInFFS7mzznyh2GdfgJg77JVxaZC+jcWTRxzQSPFhTaSQWhZQ +cBk06Fr07esIMVbvUKrTJLtVAoGBAIFCMsqetaTYSZ8iZuQLuOJ19wjTsLUCh56n +dzU9n5sr9PRlQ6/9iWQ3spSiG8JHWbUuQ6pIaOD3jjgE6AA08X9O3MXDl2hvD9Cz +fqcs37sM4x+8mrvUyVr7ByjjPj/h/5+qxRCssieFN6YxxQH9bxxkANRUEs5kIge+ +PWYtPsVBAoGAVako4J2YAfaD67Yl5u2XOWrBzVWzWNeqBsiAF1nCpR1RfeH4jFN/ +Uy/qbPVjdm14GNwd5wtI0xwBAsrTVit78DoxC2MUKMIuq9xVVakKX8UxBmCnldkW +uhtXwJWH9pfQncCSrEaecfDkL8YVPDX/4XeJjqHpKqbyjTuGv+MK1Yw= -----END RSA PRIVATE KEY----- diff --git a/testing/hosts/dave/etc/strongswan.conf b/testing/hosts/dave/etc/strongswan.conf index 4e52c6a6b..ba5dbdd1d 100644 --- a/testing/hosts/dave/etc/strongswan.conf +++ b/testing/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/hosts/default/etc/ipsec.d/tables.sql b/testing/hosts/default/etc/ipsec.d/tables.sql index 269709542..a7c5f1d81 100644 --- a/testing/hosts/default/etc/ipsec.d/tables.sql +++ b/testing/hosts/default/etc/ipsec.d/tables.sql @@ -183,6 +183,13 @@ CREATE TABLE leases ( released INTEGER NOT NULL ); +DROP TABLE IF EXISTS attributes; +CREATE TABLE attributes ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + type INTEGER NOT NULL, + value BLOB NOT NULL +); + DROP TABLE IF EXISTS ike_sas; CREATE TABLE ike_sas ( local_spi BLOB NOT NULL PRIMARY KEY, diff --git a/testing/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem index 0de3b268d..0865ad22e 100644 --- a/testing/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMDE0NVoXDTE0MDkwODExMDE0NVowRTELMAkGA1UE +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f @@ -9,14 +9,14 @@ FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc 4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ 7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr -K+1LwdqRxo7HgMRiDw8CAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud -DwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0jBGYw -ZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD -VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg -Q0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAJrXTj5gWS37myHHhii9drYwkMFyDHS/ -lHU8rW/drcnHdus507+qUhNr9SiEAHg4Ywj895UDvT0a1sFaw44QyEa/94iKA8/n -+g5kS1IrKvWu3wu8UI3EgzChgHV3cncQlQWbK+FI9Y3Ax1O1np1r+wLptoWpKKKE -UxsYcxP9K4Nbyeon0AIHOajUheiL3t6aRc3m0o7VU7Do6S2r+He+1Zq/nRUfFeTy -0Atebkn8tmUpPSKWaXkmwpVNrjZ1Qu9umAU+dtJyhzL2zmnyhPC4VqpsKCOp7imy -gKZvUIKPm1zyf4T+yjwxwkiX2xVseoM3aKswb1EoZFelHwndU7u0GQ8= +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= -----END CERTIFICATE----- diff --git a/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem index d8fbfa1c9..d5c970f41 100644 --- a/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem +++ b/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -1,24 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEDTCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMTcyNVoXDTA5MDkwOTExMTcyNVowRjELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u -c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv -ri4QmsCnG0N7bxqeUZTQhcmZ/iyN4RsmHwFsiOc06xpnZ7Fbx9gzi/OswU6KGL+F -f9PfvOY36bDTZU8V2QaL30RQUXz3JlG+jUyP9zjqlhsvVYS/cImvqgo3uUkQ0YCD -v2SafTlaQfBOaPFElNEP/H2YSiyB6X80IcHsOMYpskVqPY8785FehjF+pxuyRCK+ -9HXmd+iWdnC09u4qgKRa3L0IamU3q1/BK/afkHK2IAIN4YgM7GzepHVD0f7Exf9U -esJEeh4hDZwSjcMzdybrY9XBxzGqLGPOF128jr+5weUZiBW+RzeBw/gsK1nSPeuX -Od2lPJjTGj+6V3YK6qibAgMBAAGjggEFMIIBATAJBgNVHRMEAjAAMAsGA1UdDwQE -AwIDqDAdBgNVHQ4EFgQU5eQQh2wqxL6thUlCpt52WDA6n8EwbQYDVR0jBGYwZIAU +c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK +L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+ +SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY +YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+ +7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3 +Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb +A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE +AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC -AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA5BgNVHR8EMjAwMC6g -LKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0G -CSqGSIb3DQEBBAUAA4IBAQAvLykhZnqldrsMcbYB36WzWKk+hOihr5dU3fv8Z4ec -tsa3gzxXSefDCxGoezVJ4QXdpdNxxFn31A+r1gxKyGI5JL6EyWz6Y462zp9lE7nW -EIC4ldJwxAXqzDEMcJphO29hApyU9TWsWDa4kL5AKtLFLwH3/Uv/jAzAy+qXIO8h -wLtB+wcmhSo8OFY9kX/cyhht7eb7yD/r2e3wVBOCRk7jePe4yWhN8NJAKwfrEd1K -iGq15ymdmeomhplHRsLZwA2VsCspUNZ/eXjG21s3nEoxcCOcQUz3Q7q4ZgBTZoCW -kAc6FQ5zxoZrmzNWFqzb06jmUVlt7baGtdjT7rEt+dcp +AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr +BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV +jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML +o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq +wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz +p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9 +25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY +7QTufOwP -----END CERTIFICATE----- diff --git a/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem index 89197a447..4d99866f7 100644 --- a/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem +++ b/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAr64uEJrApxtDe28anlGU0IXJmf4sjeEbJh8BbIjnNOsaZ2ex -W8fYM4vzrMFOihi/hX/T37zmN+mw02VPFdkGi99EUFF89yZRvo1Mj/c46pYbL1WE -v3CJr6oKN7lJENGAg79kmn05WkHwTmjxRJTRD/x9mEosgel/NCHB7DjGKbJFaj2P -O/ORXoYxfqcbskQivvR15nfolnZwtPbuKoCkWty9CGplN6tfwSv2n5BytiACDeGI -DOxs3qR1Q9H+xMX/VHrCRHoeIQ2cEo3DM3cm62PVwccxqixjzhddvI6/ucHlGYgV -vkc3gcP4LCtZ0j3rlzndpTyY0xo/uld2CuqomwIDAQABAoIBAECAVQ1npCA2lFo3 -erByB49f75sIhVc6NPuUGrO8uBbn0vPwUGAASdLzKW5eMvXlDDx5qFLXSjdxJ6kV -4ymEWzDzsmNC5/zeJtkti9S30j/fCPAiF/Ep4oOKjOHUt4zjPqoglVFbdLk8yHwh -b6Pcd73E2GAXq6uvDTMYydhvJ+KaozAfbXmQ9vf3HbneI6xmgAug209Cu+gpMspW -4IunMMY/668neRmM7jh+4JNLMqJhCrmQpLkIlRux2yNFzxkF8RrqptGzaLf4KxNF -rRRUThHUfWmB/EvggzJgUMuVA2Pa0bKNvBbbQuwPqXMxLHMGBjvJ8wimsLzJZeXL -fgsyPKECgYEA5x//2cmlKL3LbprRpfSzVOPqM3OSeEqseQtPun9Gs7WNVZZVc/ZJ -O2hjdc9qDGjak3lDSwVbYl8B1kqfGTTLB1sl2171aDJQOWdNV3WQtexUKEhC4Ewn -yXEDoVGAXJtiCj34QYHjoMEHUqfabKyWKUcaK8hbMsOhYPOorfLXg9MCgYEAwpaP -W68NJGu5Zxsdz62rOiPNb58cuoxLDZsJ1sMKJO7BdPIqTZ0oGNdgt5phyc3ROBSH -cjqZdzpim1gXGm4ocGvwg3APNQN6DLBknJNZmHzPd7RLSz2UxhTHRTfHAltQPcmW -cJVBHsrsS0QnvDndXfzLuLq12S6UZasR5eBdcxkCgYEAizBuOI6DdGG4nceG8lbH -mRwY8xtq3h66d7skLMBxp9ByaVS76bYsrCZVn6Fl0EtlNuMUb52uRzPIO3F9FwUA -MFHoHpC1YibKwYdAwKcAm07T7950x/eVDm+NLB2VHDBHfruLQogiubEF4/VKSaA2 -Xm1/iVaD9bJzAZw7vWY9/BkCgYB/Xe9uErGmgkB0BaLIuiNWxfKFOn+id4v01uNk -yHtOW10TgCNCdDi3sdpjs1CIuAhXDdDuav7itLuwdMOCkFI16+EdF29Mwv7TaW4h -sq01i5R9BO03zZIg6Z7ZZr4Dg+OM3fNzs65RSn/KcE0V/kYwa/So8MVw5/VIauYn -MmnYmQKBgDEFWQPyPH242olRqtE0yDp8qVHEjJp7mU822YFbyCyAUnttqOS+/5/u -Z7H95QZHGaQESL1tcNnaiRASJAKDWjKOdM/TTotWjCn65v+DHvgk/IJeYJVHoGBS -pBE+wJ8AZJu3t9GVp3PxFxHIjxUrEKG0rli7bYv8F245+Wx8DeXI +MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm +MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ +qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1 +ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR +fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN +2UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9 +K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7 +mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc +ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f +XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy +Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx +J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj +zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0 +8FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT +61ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo +PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug +bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b +eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1 +ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am +DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt +v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0 +fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw +y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC +h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2 +cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY -----END RSA PRIVATE KEY----- diff --git a/testing/hosts/moon/etc/strongswan.conf b/testing/hosts/moon/etc/strongswan.conf index 4e52c6a6b..ba5dbdd1d 100644 --- a/testing/hosts/moon/etc/strongswan.conf +++ b/testing/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem index 0de3b268d..0865ad22e 100644 --- a/testing/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMDE0NVoXDTE0MDkwODExMDE0NVowRTELMAkGA1UE +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f @@ -9,14 +9,14 @@ FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc 4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ 7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr -K+1LwdqRxo7HgMRiDw8CAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud -DwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0jBGYw -ZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD -VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg -Q0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAJrXTj5gWS37myHHhii9drYwkMFyDHS/ -lHU8rW/drcnHdus507+qUhNr9SiEAHg4Ywj895UDvT0a1sFaw44QyEa/94iKA8/n -+g5kS1IrKvWu3wu8UI3EgzChgHV3cncQlQWbK+FI9Y3Ax1O1np1r+wLptoWpKKKE -UxsYcxP9K4Nbyeon0AIHOajUheiL3t6aRc3m0o7VU7Do6S2r+He+1Zq/nRUfFeTy -0Atebkn8tmUpPSKWaXkmwpVNrjZ1Qu9umAU+dtJyhzL2zmnyhPC4VqpsKCOp7imy -gKZvUIKPm1zyf4T+yjwxwkiX2xVseoM3aKswb1EoZFelHwndU7u0GQ8= +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= -----END CERTIFICATE----- diff --git a/testing/hosts/sun/etc/ipsec.d/certs/sunCert.pem b/testing/hosts/sun/etc/ipsec.d/certs/sunCert.pem index e7825e3db..d0937bab8 100644 --- a/testing/hosts/sun/etc/ipsec.d/certs/sunCert.pem +++ b/testing/hosts/sun/etc/ipsec.d/certs/sunCert.pem @@ -1,24 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIECzCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMTU1M1oXDTA5MDkwOTExMTU1M1owRTELMAkGA1UE +b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z -dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQ8 -foB9h5BZ92gA5JkQTJNuoF6FAzoq91Gh7To27/g74p01+SUnsSaBfPmNfGp4avdS -Ewy2dWMA/7uj0Dbe8MEKssNztp0JQubp2s7n8mrrQLGsqB6YAS09l75XDjS3yqTC -AtH1kD4zAl/j/AyeQBuLR4CyJEmC/rqD3/a+pr42CaljuFBgBRpCTUpU4mlslZSe -zv9wu61PwTFxb8VDlBHUd/lwkXThKgU3uEhWRxLahpSldEGmiTTmx30k/XbOMF2n -HObEHt5EY9uWRGGbj81ZRWiNk0dNtbpneUHv/NvdWLc591M8cEGEQdWW2XTVbL2G -N67q8hdzGgIvb7QJPMcCAwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgOoMB0GA1UdDgQWBBQ9xLkyCBbyQmRet0vvV1Fg6z5q2DBtBgNVHSMEZjBkgBRd +dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V +VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68 +oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y +h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4 +9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4 +e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb +8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB -ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwOQYDVR0fBDIwMDAuoCyg -KoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuLmNybDANBgkq -hkiG9w0BAQQFAAOCAQEAGQQroiAa0SwwhJprGd7OM+rfBJAGbsa3DPzFCfHX1R7i -ZyDs9aph1DK+IgUa377Ev1U7oB0EldpmOoJJugCjtNLfpW3t1RXBERL/QfpO2+VP -Wt3SfZ0Oq48jiqB1MVLMZRPCICZEQjT4sJ3HYs5ZuucuvoxeMx3rQ4HxUtHtMD3S -5JNMwFFiOXAjyIyrTlb7YuRJTT5hE+Rms8GUQ5Xnt7zKZ7yfoSLFzy0/cLFPdQvE -JA7w8crODCZpDgEKVHVyUWuyt1O46N3ydUfDcnKJoQ9HWHm3xCbDex5MHTnvm1lk -Stx71CGM7TE6VPy028UlrSw0JqEwCVwstei2cMzwgA== +ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y +Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA +FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF +0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5 +ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat +Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul +fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5 +G/jGGA== -----END CERTIFICATE----- diff --git a/testing/hosts/sun/etc/ipsec.d/private/sunKey.pem b/testing/hosts/sun/etc/ipsec.d/private/sunKey.pem index de63615a6..d8fad9aad 100644 --- a/testing/hosts/sun/etc/ipsec.d/private/sunKey.pem +++ b/testing/hosts/sun/etc/ipsec.d/private/sunKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA5Dx+gH2HkFn3aADkmRBMk26gXoUDOir3UaHtOjbv+DvinTX5 -JSexJoF8+Y18anhq91ITDLZ1YwD/u6PQNt7wwQqyw3O2nQlC5unazufyautAsayo -HpgBLT2XvlcONLfKpMIC0fWQPjMCX+P8DJ5AG4tHgLIkSYL+uoPf9r6mvjYJqWO4 -UGAFGkJNSlTiaWyVlJ7O/3C7rU/BMXFvxUOUEdR3+XCRdOEqBTe4SFZHEtqGlKV0 -QaaJNObHfST9ds4wXacc5sQe3kRj25ZEYZuPzVlFaI2TR021umd5Qe/8291Ytzn3 -UzxwQYRB1ZbZdNVsvYY3ruryF3MaAi9vtAk8xwIDAQABAoIBACOnh6OO+KSGSW4H -5a47q5rEh2z8nnpxx90KzMJxXp+Ky2X/zoINZ1E6nUlm3u7LDPrB6ZPs1P24ZDrt -5lMMFNQzVaXO59I0Zi0ojzQPbAFj6uFWtZTB7j0hCBmGBAQcSh3e6Q3frL7qvQ45 -0WAvQJiM84iZS63oNt7wRwaG1gmUn/k6j34y4qUkD5FfzGhFkekzDS54bRGwjhTA -7XBUPAcsdNoIPcihokgLXwcdA8l6LBGsk48HN7O+CYOdh4xb6oQ4msgPED3pDIMo -QRptqcPQ6y1qJaiM/D8SvdX2ZTFm/bh2jlGvcm5sWG8VdSDRqq9r0YCi4KlQzA1g -OAyrMeECgYEA9dAVEegvRrFm4V6hC9CAwyS6fiOqx/l0xd354Xv4V6vR6n6rKwDF -kv96A4sMH+mdNf6MwzFFCNW9zZV7noEIvAyPAc7jM7t/Hmt5M41DiDe0RJpWKEdQ -lEj2qd8FqcY4YVDEH/TdchwIvoWHlD2sykW7eoseCY5mYEoQN4Ciwj8CgYEA7bHv -qdaz2SoG9lyj8Mz7XthjYZLeaxKu7cpqP5bqzuRSkVFvib0WKoJfwsewzO5hCHnf -8yMD3Wp4Ap2FYoN2XfV/jQyHvlpMlkxv+bU39/HLosdhzKbOJsru9kbBCaARHAVi -av3O3JfV2/G+cwR6nPCNjcTsIcqtEpUO7kOfU3kCgYAKYNmy4tm0I2NTmpo0FH6L -Pq69CqZ4QPkELaYSNhi7It7/BpAVhbfRyAWPxrwhUMy5beDlkNv4ToXv+yK4A3yp -6+HR0rlXAtCQKTt5yLoUMz3iM531n2UwjZAUhf0IOP1CZpWRP9ZlrfdUi/C4eo4k -ECOlPeBryN5brGTY4w58IwKBgQC0ukRF2I+qoP/mNg4Yu2KtfM4jlG4072G+P9eF -PhSO9p+pCkhKbFD8RWDWUsslJmL09OXIkmkP4zIYmvieLOLFEjLHZi2YGER/SuMg -9B74EQsKW5sK5hF9AXOsIaQI04Hu0lFAlHbC11euAiMShOdNiMG4d3ArSVVK+bb+ -hsAP0QKBgHcJuTJ6dv77evW3MFZPRjFH25pike40PWmSLgCt5PV25DRL2UG0pOut -uybN9biQK5v377/3GD7eOL+acxHODjWmmfeEFW0YlJ1oUb/P8NlqsSnHvUoIqa24 -JmTXS/XzjgxQFFfzo0c1/1JLdG6r5CLTWxHq1EhIOJsowTlrCzX/ +MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB +eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+ +mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV +sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK +3V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ +mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl +QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw +HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH +eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54 +/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/ +RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc +Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY +Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/ +Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h +BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv +NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF +wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc +JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78 +5gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf +mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi +N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr +r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX +jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy +gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV +zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ== -----END RSA PRIVATE KEY----- diff --git a/testing/hosts/sun/etc/strongswan.conf b/testing/hosts/sun/etc/strongswan.conf index 4e52c6a6b..ba5dbdd1d 100644 --- a/testing/hosts/sun/etc/strongswan.conf +++ b/testing/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/hosts/venus/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/hosts/venus/etc/ipsec.d/cacerts/strongswanCert.pem index 0de3b268d..0865ad22e 100644 --- a/testing/hosts/venus/etc/ipsec.d/cacerts/strongswanCert.pem +++ b/testing/hosts/venus/etc/ipsec.d/cacerts/strongswanCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMDE0NVoXDTE0MDkwODExMDE0NVowRTELMAkGA1UE +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f @@ -9,14 +9,14 @@ FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc 4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ 7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr -K+1LwdqRxo7HgMRiDw8CAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud -DwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0jBGYw -ZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD -VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg -Q0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAJrXTj5gWS37myHHhii9drYwkMFyDHS/ -lHU8rW/drcnHdus507+qUhNr9SiEAHg4Ywj895UDvT0a1sFaw44QyEa/94iKA8/n -+g5kS1IrKvWu3wu8UI3EgzChgHV3cncQlQWbK+FI9Y3Ax1O1np1r+wLptoWpKKKE -UxsYcxP9K4Nbyeon0AIHOajUheiL3t6aRc3m0o7VU7Do6S2r+He+1Zq/nRUfFeTy -0Atebkn8tmUpPSKWaXkmwpVNrjZ1Qu9umAU+dtJyhzL2zmnyhPC4VqpsKCOp7imy -gKZvUIKPm1zyf4T+yjwxwkiX2xVseoM3aKswb1EoZFelHwndU7u0GQ8= +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= -----END CERTIFICATE----- diff --git a/testing/hosts/venus/etc/ipsec.d/certs/venusCert.pem b/testing/hosts/venus/etc/ipsec.d/certs/venusCert.pem index 25a6941b0..c383667e6 100644 --- a/testing/hosts/venus/etc/ipsec.d/certs/venusCert.pem +++ b/testing/hosts/venus/etc/ipsec.d/certs/venusCert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBBDANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEDzCCAvegAwIBAgIBGDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMTgyNloXDTA5MDkwOTExMTgyNlowRzELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwMDUyMloXDTE0MDgyNjEwMDUyMlowRzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHTAbBgNVBAMTFHZlbnVz LnN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -mlQ2s9J7bw73onkw0ZwwcM2JDJuU3KmmuzETlmLdtg7m8yFCdhoDg6cxrsIvPAWy -Gs++1e+1qzy7LTnNHckaHHFwJQf0JoIGE1bbUrJidX8B1T3sDdvZFbyfmQTWSEyJ -thrdqdPS92VJW/9XQOPeEhudIHr+NtWQfCm3OQFKDXGCEkHOjpVNHn3BPUiL99ON -FiLZX3gZy6vTERpEE8ga66fHtpM3RJfIxYoUQUdRw8iIa8iOvRGtJa/MfOWX6L/H -wquRv3SuCl4iMSph7e/VE+z5xx3OyKSAki914DgRFnQITKjyGxw1lORlDQlZy2w/ -nu0BAbXS1pb/2AiF8jDpbQIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADALBgNVHQ8E -BAMCA6gwHQYDVR0OBBYEFEqPlXBYJh1knX0Q61HMcn9LOZ6sMG0GA1UdIwRmMGSA +s0UsstkyjuvNkpx/vmZlKpBITJyGmfTfFjl01uU4dUVwzE3yhllGPLN3ijLSteHP +3opUbDNd5dG4eVsa9DUiqIJlk/g+tnKS5IdQbA6yUf1nIHr39tVukOtX66sMeHBU ++M46KD7r4RRrGSBYT1FsyIv47D2uk24nBZ7Sf2+LoVQZfMIVdydIGfHxmQJxymzS +80mh57EN2y70oH9HMwn/bbGb8WrysN09WVbNbT2vdeYX3OJXi0xsmT/Ynev1VD9B +2mbA/XCf4c45xFL1HxKQ/+RTlmY6z6m4rBFuFGCscLPba5g290mXqrpMSpuWUagI +RZmOaeoyd3x25qbYwNe5QwIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADALBgNVHQ8E +BAMCA6gwHQYDVR0OBBYEFI9cCmyxR/wbUXCARuBjbHpUAS1nMG0GA1UdIwRmMGSA FF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UE ChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENB ggEAMB8GA1UdEQQYMBaCFHZlbnVzLnN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAw LqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmww -DQYJKoZIhvcNAQEEBQADggEBAEx3kXh2Z5CMH+tX6cJPyi6gSeOgXy7NBiNsEdXN -rwGp4DwN6uiSog4EYZJA203oqE3eaoYdBXKiOGvjW4vyigvpDr8H+MeW2HsNuMKX -PFpY4NucV0fJlzFhtkp31zTLHNESCgTqNIwGj+CbN0rxhHGE6502krnu+C12nJ7B -fdMzml1RmVp4JlZC5yfiTy0F2s/aH+8xQ2x509UoD+boNM9GR+IlWS2dDypISGid -hbM4rpiMLBj2riWD8HiuljkKQ6LemBXeZQXuIPlusl7cH/synNkHk8iiALM8xfGh -wTEmdo5Tp5sDI3cj3LVvhcsTxjiOA81her1F0itlxpEA/gA= +DQYJKoZIhvcNAQELBQADggEBAK5Pi/g5Y234tEcTFWE0Vdg4cKxIfZRewFOOZI1z +/RWfzoqPZ6YzD15B1toKZrAGsqyhdJ4yQ/BwxJpdgNCscMelkzMubcLXL9QugPS4 +hz4MLkJR2tDCZA/mFUTEbAQwdNSCxSo/l0vZ5KXUg9y5zZhCWpZiHJBXnz/567wn +K16J3x9TYtdh4sT+y+0vHgvosUs2srRTkK2WDDxlh9XTch7DZyrLuiRRFrWjc6y9 +ThVH/qQNXwEBq2t9UYjQUVyx77gVQmiLrPU7UjL4IBoZmBNV/VJ10+rmGj1eG1nD +pgq6oBTrbEsv8Ix7y/MziTB8POj3dKjl2UZmRVBwMbnNqYk= -----END CERTIFICATE----- diff --git a/testing/hosts/venus/etc/ipsec.d/private/venusKey.pem b/testing/hosts/venus/etc/ipsec.d/private/venusKey.pem index 6c4aff0ad..0477f698a 100644 --- a/testing/hosts/venus/etc/ipsec.d/private/venusKey.pem +++ b/testing/hosts/venus/etc/ipsec.d/private/venusKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAmlQ2s9J7bw73onkw0ZwwcM2JDJuU3KmmuzETlmLdtg7m8yFC -dhoDg6cxrsIvPAWyGs++1e+1qzy7LTnNHckaHHFwJQf0JoIGE1bbUrJidX8B1T3s -DdvZFbyfmQTWSEyJthrdqdPS92VJW/9XQOPeEhudIHr+NtWQfCm3OQFKDXGCEkHO -jpVNHn3BPUiL99ONFiLZX3gZy6vTERpEE8ga66fHtpM3RJfIxYoUQUdRw8iIa8iO -vRGtJa/MfOWX6L/HwquRv3SuCl4iMSph7e/VE+z5xx3OyKSAki914DgRFnQITKjy -Gxw1lORlDQlZy2w/nu0BAbXS1pb/2AiF8jDpbQIDAQABAoIBAFyVMMvn9YzGmeCq -e5MD9Dt30kPyAffu/stFwc5yOTfC8OHijhBzwq/0WWXRsKx9bj+PaZjGWWIE6PVU -u6ymvDdcBj7w6pM/ZY2siZ6uzUpXiy32G+qkfTMBGW2e7T4qTGMm8tuy69jmtn+u -SxXunYaXckfOATu8GxWhoP1dvKMbCrlQxxmduP04au8HhpLTQgDZ28PrvyqUR6AW -D+PDGACLbCFzmaMLgv6yv2+GNQpBEDr/VUjOOBvzZhUm9ku81dSdYNhHx8vbT/DG -GkERG9tE2PA51sWB5cUh13ZItWmbW/NoWiykxJb7J7VkjXAn57jw4suSbNEQnA/E -bg/5WwECgYEAyqEWS7cUCLheHuyWHOxkL7ACoko4wS8QO3Q4ohPlqZb7pca7FIqU -WzXEUcyYZPkKTAKx/Vd0Xv6raGImi1QluuwLULACvZ7Ei5uLsMxUCJKyLX7wunTb -64aH8jONNMAXX4K9eVj7EghBGjdnVc4HRAzm/QyH8F6hmXGT7Ulw3JECgYEAwvpU -AkrUGb5UgVG/tNtlOlCqVGyvWOITDEsxLPCTlC6Ls6EIYKvc/21oRNL7n/ssfvS/ -DbyVTatiCXaF/MDbx0msbxJbq3sGTY16/XMb1PeTRdQm4xsUEQB1Fi3MnhLmPzV1 -jdKSKvKoxTfZKUg9eP/aVs4abRyHsIXc7BRznR0CgYBB86qBHGa969xerlyxr1Nw -nhZNYmEUp8/duhdQ0a8XwtfHfmaX6f8drONoSHJ1swVh9iKetd9fp/58bC3lfY8G -RxvruE48D7gjRI50Dh1v6OdrnXyXA8As6c3HzHWybK9u2+v12jtmBB/Ee7H7oKKG -yLhKNtDsMLDic7BVNGkysQKBgHjzr0+oucCqiGOcoc8A1uABEFjE/1WlEOnsbzoQ -l4wx/6nT+I13r+WoKimftEZ/GxA6pZZQ6VHAQlXad63eubf75QMWIVXUQIm1fZli -Yd6QIoUL4X+62YzeesPib2+UC88kS6NKADCyTa3iQk3QqYm5Nenpew06yJXhxLWS -zlGlAoGACEbPUlQB+ouInOFyVcFf1kHsMBcmg54MVi2J6x95149rq5FlY5kbmZcs -6wlSBkAzzKb7WbPNgbGLMAYP+EXKODe+f1nzP+oojmJlCdTLfrudREFA2ZGGOKDX -0o2EhnGL7VB4Upuw5ddMs7s1v6pqUKQXrZQUb24AX8w/1n+0PEM= +MIIEogIBAAKCAQEAs0UsstkyjuvNkpx/vmZlKpBITJyGmfTfFjl01uU4dUVwzE3y +hllGPLN3ijLSteHP3opUbDNd5dG4eVsa9DUiqIJlk/g+tnKS5IdQbA6yUf1nIHr3 +9tVukOtX66sMeHBU+M46KD7r4RRrGSBYT1FsyIv47D2uk24nBZ7Sf2+LoVQZfMIV +dydIGfHxmQJxymzS80mh57EN2y70oH9HMwn/bbGb8WrysN09WVbNbT2vdeYX3OJX +i0xsmT/Ynev1VD9B2mbA/XCf4c45xFL1HxKQ/+RTlmY6z6m4rBFuFGCscLPba5g2 +90mXqrpMSpuWUagIRZmOaeoyd3x25qbYwNe5QwIDAQABAoIBAC9F9I2NHPn3UJRy +1HTfB5p7xbT+Kbh7jECOEjOA6qxyDVayz1uCOzVSlhlJYas4ytoCXFTUDtTFwwGt +dqQjRupsyGCGu/Lcr8O3swtrrLZWPlWgV7ctfSSWCu9IgddYt++MYmWuggEuozdT +AjaYYDlaP9/8PAcAqyWeRh/4yDdYRpEHshePE/uZaIDH1xgQ72v8Ks6fnz3sTYK6 +dJZfZ2EMUS2CsdbqYX+X7CSLkM7FVs+O0xFz00AF7xyfID9RP+nSGkPny60/O5Vk +qO3dC1pXCs3aAXlTUBsP0aHWHFHXIIfJA95fQy0V7gqDxXHRPRInlFdERYkebM4S +ctnfxYECgYEA6vFH8Vzc9G99LIZGX2EfODfwJ62TzDPOgqubUMpQRqydTxA9GaPG +KyoF7GEYK3K8sji/uH1qcogUS46vXNcvm5xe7B5OPgfTLF6tfMaVeBvA6PfGOirx +qzvrFDTp+DdInOOO9KwvVULKvWtIehSIT12EjKXPxnMCh/vTN2ngg2ECgYEAw1aA +Z7iBrOPSTFf3S+rMgEMSv3s578YTg6hlaNfDvTEC9zQEDg7k4MxffRyBKLqidLUl +ZZrcTszdO25c56w7xjFwcLwlFZuaoulFn+ON77/eudtCAjGjnmxUQuruzmoh8YyL +zBB0oEGzm4u46BK3/ODIzQxpZL0MUUTXliLfoyMCgYA5KwrxfUI6rGJOEkJPdSeO +m3XxgbgkCTsn6q/5YbFU8S26Dl5/va071ZbpZNrnv5yQ1WQ5dTMQuXIOzKJ5OddY +yx0B4YHycB7/fe5DHWNDfaVcSuZOQyLZItRZ72I7RuCBZJHlkXxXB9CjdNaG9jYQ +8dWOD87WICguhKVpp3a9IQKBgGLZByl1iMmAkA7qBM56Bvpw9q/HH85iIcXiFU80 +wGygvKtzuwmSJ+hKA5hAMGv35fXBJSeBcjK+IMXOV101HxpwMkIaM3n3wAzolr8O +W+kS4xaSCZkqnW2xzAIA+M+jjYG6aZPeT+Y42TbBQdTOhCSHa5W3zi2YLP+DIsVq +6FiZAoGAUGZttRZOFMZ1paEKtJzvbf7bYNkqW1iIY5AVAN84g4AEJ3910WHxXh7+ +uFWyBU4fUy0Qgk9HihSRbfnq2lvwNNWUeMQmt8t1WpEGUDT6FH4LoDD3fvHbmxY0 +y5QBbDvalkeIe6ESdW1uhLzxCzCRZSkANtMfiVCKvQOOBjxbfeo= -----END RSA PRIVATE KEY----- diff --git a/testing/hosts/venus/etc/strongswan.conf b/testing/hosts/venus/etc/strongswan.conf index 4e52c6a6b..ba5dbdd1d 100644 --- a/testing/hosts/venus/etc/strongswan.conf +++ b/testing/hosts/venus/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/hosts/winnetou/etc/openssl/certs/160769ece9ead9c1c4d89c34aa004c3b66402081 b/testing/hosts/winnetou/etc/openssl/certs/160769ece9ead9c1c4d89c34aa004c3b66402081 new file mode 100644 index 000000000..eb21aa751 Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/160769ece9ead9c1c4d89c34aa004c3b66402081 differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/442b7162c7a4c27bd0f1076e345c5664bed53c7c b/testing/hosts/winnetou/etc/openssl/certs/442b7162c7a4c27bd0f1076e345c5664bed53c7c new file mode 100644 index 000000000..2b48d673b Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/442b7162c7a4c27bd0f1076e345c5664bed53c7c differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/45b967b2f9b4a8855235b2d01249cd1e079348aa b/testing/hosts/winnetou/etc/openssl/certs/45b967b2f9b4a8855235b2d01249cd1e079348aa new file mode 100644 index 000000000..c5d60508b Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/45b967b2f9b4a8855235b2d01249cd1e079348aa differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/644c5cc8c42a6c8cfe62f6a83bb0dbb43f0f0fb4 b/testing/hosts/winnetou/etc/openssl/certs/644c5cc8c42a6c8cfe62f6a83bb0dbb43f0f0fb4 new file mode 100644 index 000000000..10a5268a7 Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/644c5cc8c42a6c8cfe62f6a83bb0dbb43f0f0fb4 differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/c45be2b38883548967f4f959fd5ec0822f65237b b/testing/hosts/winnetou/etc/openssl/certs/c45be2b38883548967f4f959fd5ec0822f65237b new file mode 100644 index 000000000..bee738de2 Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/c45be2b38883548967f4f959fd5ec0822f65237b differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/dbb808e4f319d815aadd8dab6f6ae5b717800e83 b/testing/hosts/winnetou/etc/openssl/certs/dbb808e4f319d815aadd8dab6f6ae5b717800e83 new file mode 100644 index 000000000..a0bf27344 Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/dbb808e4f319d815aadd8dab6f6ae5b717800e83 differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/de106e5254cbafddb683117f90174910f43b5ae3 b/testing/hosts/winnetou/etc/openssl/certs/de106e5254cbafddb683117f90174910f43b5ae3 new file mode 100644 index 000000000..01b0f6c9d Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/de106e5254cbafddb683117f90174910f43b5ae3 differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/de216601f06d10a41171392fdfc9127f0bb9d5b0 b/testing/hosts/winnetou/etc/openssl/certs/de216601f06d10a41171392fdfc9127f0bb9d5b0 new file mode 100644 index 000000000..002aaa25c Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/de216601f06d10a41171392fdfc9127f0bb9d5b0 differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/edde495f4fb6db4e3eff85bcaecda2a3ccc58fcf b/testing/hosts/winnetou/etc/openssl/certs/edde495f4fb6db4e3eff85bcaecda2a3ccc58fcf new file mode 100644 index 000000000..32ceccedc Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/edde495f4fb6db4e3eff85bcaecda2a3ccc58fcf differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/rfc3779/0b5362afd8838bafb66c854732b490d5d8318261 b/testing/hosts/winnetou/etc/openssl/certs/rfc3779/0b5362afd8838bafb66c854732b490d5d8318261 new file mode 100644 index 000000000..c98775369 Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/rfc3779/0b5362afd8838bafb66c854732b490d5d8318261 differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/rfc3779/533394399c61128c957881790d70511537798da1 b/testing/hosts/winnetou/etc/openssl/certs/rfc3779/533394399c61128c957881790d70511537798da1 new file mode 100644 index 000000000..0f2a0ec8d Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/rfc3779/533394399c61128c957881790d70511537798da1 differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/rfc3779/6b5aec8fe9dcb8d0f707490abc84ab0890a7d2da b/testing/hosts/winnetou/etc/openssl/certs/rfc3779/6b5aec8fe9dcb8d0f707490abc84ab0890a7d2da new file mode 100644 index 000000000..489030d9f Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/rfc3779/6b5aec8fe9dcb8d0f707490abc84ab0890a7d2da differ diff --git a/testing/hosts/winnetou/etc/openssl/certs/rfc3779/b8a73c3433f4e341cc7c4ae42989f0a23a956488 b/testing/hosts/winnetou/etc/openssl/certs/rfc3779/b8a73c3433f4e341cc7c4ae42989f0a23a956488 new file mode 100644 index 000000000..863f65237 Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/certs/rfc3779/b8a73c3433f4e341cc7c4ae42989f0a23a956488 differ diff --git a/testing/hosts/winnetou/etc/openssl/crlnumber b/testing/hosts/winnetou/etc/openssl/crlnumber index 9e22bcb8e..eeee65ec4 100644 --- a/testing/hosts/winnetou/etc/openssl/crlnumber +++ b/testing/hosts/winnetou/etc/openssl/crlnumber @@ -1 +1 @@ -02 +05 diff --git a/testing/hosts/winnetou/etc/openssl/crlnumber.old b/testing/hosts/winnetou/etc/openssl/crlnumber.old index 8a0f05e16..64969239d 100644 --- a/testing/hosts/winnetou/etc/openssl/crlnumber.old +++ b/testing/hosts/winnetou/etc/openssl/crlnumber.old @@ -1 +1 @@ -01 +04 diff --git a/testing/hosts/winnetou/etc/openssl/duck/.rand b/testing/hosts/winnetou/etc/openssl/duck/.rand new file mode 100644 index 000000000..49c56672c Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/duck/.rand differ diff --git a/testing/hosts/winnetou/etc/openssl/duck/crlnumber b/testing/hosts/winnetou/etc/openssl/duck/crlnumber new file mode 100644 index 000000000..8a0f05e16 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/duck/crlnumber @@ -0,0 +1 @@ +01 diff --git a/testing/hosts/winnetou/etc/openssl/duck/duckCert.pem b/testing/hosts/winnetou/etc/openssl/duck/duckCert.pem new file mode 100644 index 000000000..bb205a0fd --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/duck/duckCert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0jCCArqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MTEwNDE2MTUwM1oXDTE1MTEwMzE2MTUw +M1owVjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAsTCFJlc2VhcmNoMRkwFwYDVQQDExBEdWNrIFJlc2VhcmNoIENBMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIBRSgHCxHhMjsVZo4PtFnENkHNu +MfyRDsc7m1KRDVt8N4h/EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwDYY0sX+qrpQKa +ub5AgsRa2fOOR9xfyf0Q7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFdXLNY3r60tBsO +UHOJAPZNoGPey5UL9ZjjsN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7ulsSkO9BrfqKD +h/pliP7uZANd0ZpPcrIc68WwrelpI1zu0kYGqu/y8HZpuPuAXtGqS2jctrjSieeY +i9wFLnS2tgV3ID4LzEEICSeqVqOvYgGKbarqLkARdxmdRKM9QYpu+5J+YQIDAQAB +o4GvMIGsMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBR2 +KqikMafGcY8wJbwCZpvLF1SNIDBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDzANBgkqhkiG9w0BAQsF +AAOCAQEAsHR1vDlz2sPQpD9xnt1PL4qX7XWSSM6d+QG3cjdiKCjH8t78ecEm1duv +YozLg6SYHGUF9qYuPz2SAZjQjmIWLlkQpBfQm8/orG+jbsQl5HkXFYX0UWAKZFGx +rjHnOzmQxnmIWHky4uMDT/UmhmWy6kuCmZbKeeOqkBR2gVxfLyzelTSbF4ntEm1C +1XqqtM4OfTOD5QUPD+6rZ5RoIPId9+2A8pJ2NyCUCf47FbkmYzU5+oiChhcGzsC5 +wDlgP32NA88kSiSJ2p2ZveYveRqcyZXZDAiTxRaIwJY0bt2Dk4wKicvy6vPdLA5v +DSlBqDpnqK8tEI9V9YeroihTcygrEg== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/duck/duckKey.pem b/testing/hosts/winnetou/etc/openssl/duck/duckKey.pem new file mode 100644 index 000000000..5fff90708 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/duck/duckKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEApIBRSgHCxHhMjsVZo4PtFnENkHNuMfyRDsc7m1KRDVt8N4h/ +EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwDYY0sX+qrpQKaub5AgsRa2fOOR9xfyf0Q +7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFdXLNY3r60tBsOUHOJAPZNoGPey5UL9Zjj +sN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7ulsSkO9BrfqKDh/pliP7uZANd0ZpPcrIc +68WwrelpI1zu0kYGqu/y8HZpuPuAXtGqS2jctrjSieeYi9wFLnS2tgV3ID4LzEEI +CSeqVqOvYgGKbarqLkARdxmdRKM9QYpu+5J+YQIDAQABAoIBADfb0r6cpnRsnSKF +5RBfReyu6vo4GB0lNGSeRqFRgivU+vMoiG2S58t7AQi2FyTNYbNDFdh31LS8WLbI +OkWv2HehijN4FO4pqmI9JtSHnbLNJEHEizDBTASLz/9irisX3HCXMVORh4oEb2Ko +QdmulOjePSJDZbLv6H/JI0bpYsgiAw26KEoB8cnHwiApF69a4uPJA6gW98nsabyq +9NQVW5QAmUFDnzA6upFRBUeBBpufYMvP82zfntFx72yLBmXgBnyZW23WwZfQZSzw +FChhl40mwykOE8jpeGgxmdWyPc29roF+kuvaOUaSF2nmyl4qhLCISdr0eHXHAGDH +2RjVJ6ECgYEA0YW38d4309J1QegK5vhPWehnxpZHpK86DENevYaS7zRcCu1BRZc0 +aBAceTYCZHYofOWmeIns0qtMfzzuemPCiOZWy9VYgJrJ0YkmNin3DM1/13pWiKqn +EkQCFa6K5AiB0umTOwJoAHlJYlJ2k4bw7Rm/LtiHC2fnRq2KJeKmg60CgYEAyP30 +5D8sUkih9rRfZRHAPo0x1qJpJQC+cFUBMIuOXFIz37TqbZcGDkRRb+ewywNxT73t +TfVDvR7tD3cYTi78dVz539Dwl9mt10QLGsQJ4825uY/LQqUe8F2qz+E3lWqoo+yJ +WlTAqbHI2a4g4CjFC4/+i6lKQ+NpmJLZIPz3HAUCgYEAiduy4Ti2gPAb6OZ1re05 +wM1y4q5kq04EIqd9QbS3Hx7TZPkgllpbyBC5u2M3BcTc9PjhpLQTl7XQGnQL8YmM +KSlteKaCmfO+0NitxLut6sWX1T6Qi1HFpfYLbRqwFkQmr5CyKAR4S7+B8miRzpXe +FhN3wKoFiRKvkMiEelL7/u0CgYEAnh4TWsBL+MuFBxTs+xDU4SCotYZ9GwwTxUFK +N0uCiiRtBK9JwT8PF4gtXNCzZ3Jk4Ou0VSD+0jgTHJh/eXpDR30GYkn4DC3GMdQo +vDy+3wSH+HAj4mEODuBRMUqnNJd85cB+aZ7FFnpzXLQ8zrukEC2OfYaHkxLDjrDv +uaDoMZUCgYEAhD89Cj849LXbJEmjX0MGUCCBO9EBR2Ux2nbuB+TQnvwz7VT0Jkds +Db1IfljoDefqzyFfH/0Z3bNg4EpidAG3BMC4MwY7WzR1rfnXwNluaWM5gmUzFNw0 +mBGXonIf6nRMIO9eeTFI8VfFb6BYvosNxz+9QA/5rpamGN1cKdMjgPc= +-----END RSA PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/duck/duckReq.pem b/testing/hosts/winnetou/etc/openssl/duck/duckReq.pem new file mode 100644 index 000000000..b5d3bcffd --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/duck/duckReq.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICmzCCAYMCAQAwVjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xETAPBgNVBAsTCFJlc2VhcmNoMRkwFwYDVQQDExBEdWNrIFJlc2VhcmNo +IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIBRSgHCxHhMjsVZ +o4PtFnENkHNuMfyRDsc7m1KRDVt8N4h/EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwD +YY0sX+qrpQKaub5AgsRa2fOOR9xfyf0Q7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFd +XLNY3r60tBsOUHOJAPZNoGPey5UL9ZjjsN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7u +lsSkO9BrfqKDh/pliP7uZANd0ZpPcrIc68WwrelpI1zu0kYGqu/y8HZpuPuAXtGq +S2jctrjSieeYi9wFLnS2tgV3ID4LzEEICSeqVqOvYgGKbarqLkARdxmdRKM9QYpu ++5J+YQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAIDZVgYXbPT9NMLOv5Uc6w06 +D5bvQ3/j3W4J8bMpYM/kbvIjwnsNmVggxhYeMmRDhidUcj849ybKRoJo7zrzTfvK +BR1v9xCenB+0mnJQWfxIt1aspEW0Y6Z9g3jW47WOxSQagS5BVKVCcw1qxLJ4q3JS +QqZJeQheHYNu9BQCa2w2rJeE0TT2WohcHxt0RpERZyjMfAlOOEUOB/m8Yx1N7/Zd +wJIWCd3o+HYoDqUCS11y3EN+VO6H/+8gcRANe7tKE5+gqc9+7gDpKLTL7hc0S6sh +e3yYo2CHZ8U2hsJGRFz7sFnZpwFi5KeI4+sKgyUurM2lxvcCzTC3DplG+4Wtcls= +-----END CERTIFICATE REQUEST----- diff --git a/testing/hosts/winnetou/etc/openssl/duck/index.txt b/testing/hosts/winnetou/etc/openssl/duck/index.txt new file mode 100644 index 000000000..759a85b80 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/duck/index.txt @@ -0,0 +1 @@ +V 141103162335Z 01 unknown /C=CH/O=Linux strongSwan/OU=Duck Research/CN=carol@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/duck/index.txt.attr b/testing/hosts/winnetou/etc/openssl/duck/index.txt.attr new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/duck/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/testing/hosts/winnetou/etc/openssl/duck/index.txt.old b/testing/hosts/winnetou/etc/openssl/duck/index.txt.old new file mode 100644 index 000000000..e69de29bb diff --git a/testing/hosts/winnetou/etc/openssl/duck/newcerts/01.pem b/testing/hosts/winnetou/etc/openssl/duck/newcerts/01.pem new file mode 100644 index 000000000..4e13b52d0 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/duck/newcerts/01.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxGTAX +BgNVBAMTEER1Y2sgUmVzZWFyY2ggQ0EwHhcNMDkxMTA0MTYyMzM1WhcNMTQxMTAz +MTYyMzM1WjBfMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh +bjEWMBQGA1UECxMNRHVjayBSZXNlYXJjaDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25n +c3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LueCi67Y +IGRDKP5bkysGWZHrFrztq7elIFCPPSUxyIOYo4Upzr5WsvO0dIfcZY3agV2NcAI2 +30sATlfTUp+obedZMHbzE3VBvQuLjgK42ox2XIXDj23Vy496mVqlwUQulhBcAhMb +jnBb4T0aR7WCnJvfzyckEyWrTN0ajRyQhJEmTn+spYNQX/2lg6hEn/K1T/3Py7sG +veeF6BRenHR5L60NSK7qV7AU+hM4R0UIvgwYqzxSStgGS9G6Bwj9QTOWwSV1tuii +ABiRdZSBoON0uMMpRjgEzuVe0f4VbOCIEXO8MtdpCu7Rwa9tc8OwneLcGCYVomr5 +7KKRJdvC5As3AgMBAAGjgdYwgdMwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYD +VR0OBBYEFFSYDz2TYOMxfyrIx20NhPPHTCOIMHkGA1UdIwRyMHCAFHYqqKQxp8Zx +jzAlvAJmm8sXVI0goVWkUzBRMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXgg +c3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDASBgNVBAMTC1Jlc2VhcmNo +IENBggEFMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMA0GCSqGSIb3 +DQEBCwUAA4IBAQBIpl8SH4Nytgr6KvmXzns80u615WnDmP6oJrnwIZUkunVns8HH +TFUVjvDKoQ+8CvuaH9Ifo2dokGjtGObeO4Y38y0xBIkUO+JpwfTa3SeCEhdOZb3G +4e9WxHhV9IGfRyPsXQG+3JpAMaHYH+PNKiv7RBTq6rGaHzvgUEXRMTbv/bJI+Fs6 +Yfd/XxIur/ftVh4dZocyC74MUyXy5tyZJkHe1aBszOa0iT1852fq93lNUQPQqw0O +3q3Lg7CvbNSdWqeAMqUgeBqh6oQItY9Exrwh0tfuCsjZ0oWXUBghsuiV+GTmZ6ok +BiGmSmtX5OD4UtKcicuMRqnK2MYJHp1z1goE +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf new file mode 100644 index 000000000..8b5511e9d --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf @@ -0,0 +1,178 @@ +# openssl.cnf - OpenSSL configuration file for the ZHW PKI +# Mario Strasser +# + +# This definitions were set by the ca_init script DO NOT change +# them manualy. +CAHOME = /etc/openssl/duck +RANDFILE = $CAHOME/.rand + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +[ new_oids ] +SmartcardLogin = 1.3.6.1.4.1.311.20.2 +ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 + +#################################################################### + +[ ca ] +default_ca = root_ca # The default ca section + +#################################################################### + +[ root_ca ] + +dir = $CAHOME +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/duckCert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +crlnumber = $dir/crlnumber # The current CRL serial number +private_key = $dir/duckKey.pem # The private key +RANDFILE = $dir/.rand # private random number file + +x509_extensions = host_ext # The extentions to add to the cert + +crl_extensions = crl_ext # The extentions to add to the CRL + +default_days = 1825 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha256 # which md to use. +preserve = no # keep passed DN ordering +email_in_dn = no # allow/forbid EMail in DN + +policy = policy_match # specifying how similar the request must look + +#################################################################### + +# the 'match' policy +[ policy_match ] +countryName = match +stateOrProvinceName = optional +localityName = optional +organizationName = match +organizationalUnitName = optional +userId = optional +commonName = supplied +emailAddress = optional + +# the 'anything' policy +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### + +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = ca_ext # The extentions to add to the self signed cert +# req_extensions = v3_req # The extensions to add to a certificate request + + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +#################################################################### + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = CH +countryName_min = 2 +countryName_max = 2 + +#stateOrProvinceName = State or Province Name (full name) +#stateOrProvinceName_default = ZH + +#localityName = Locality Name (eg, city) +#localityName_default = Winterthur + +organizationName = Organization Name (eg, company) +organizationName_default = Linux strongSwan + +0.organizationalUnitName = Organizational Unit Name (eg, section) +0.organizationalUnitName_default = Duck Research + +#1.organizationalUnitName = Type (eg, Staff) +#1.organizationalUnitName_default = Staff + +#userId = UID + +commonName = Common Name (eg, YOUR name) +commonName_default = $ENV::COMMON_NAME +commonName_max = 64 + +#0.emailAddress = Email Address (eg, foo@bar.com) +#0.emailAddress_min = 0 +#0.emailAddress_max = 40 + +#1.emailAddress = Second Email Address (eg, foo@bar.com) +#1.emailAddress_min = 0 +#1.emailAddress_max = 40 + +#################################################################### + +[ req_attributes ] + +#################################################################### + +[ host_ext ] + +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment, keyAgreement +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always +subjectAltName = DNS:$ENV::COMMON_NAME +#extendedKeyUsage = OCSPSigning + +#################################################################### + +[ user_ext ] + +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment, keyAgreement +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always +subjectAltName = email:$ENV::COMMON_NAME + +#################################################################### + +[ ca_ext ] + +basicConstraints = critical, CA:TRUE +keyUsage = cRLSign, keyCertSign +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always + +#################################################################### + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +#issuerAltName = issuer:copy +authorityKeyIdentifier = keyid:always, issuer:always + +# eof diff --git a/testing/hosts/winnetou/etc/openssl/duck/serial b/testing/hosts/winnetou/etc/openssl/duck/serial new file mode 100644 index 000000000..9e22bcb8e --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/duck/serial @@ -0,0 +1 @@ +02 diff --git a/testing/hosts/winnetou/etc/openssl/duck/serial.old b/testing/hosts/winnetou/etc/openssl/duck/serial.old new file mode 100644 index 000000000..8a0f05e16 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/duck/serial.old @@ -0,0 +1 @@ +01 diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl index 7776876c1..60e53a0a4 100755 --- a/testing/hosts/winnetou/etc/openssl/generate-crl +++ b/testing/hosts/winnetou/etc/openssl/generate-crl @@ -38,4 +38,8 @@ cd /etc/openssl/monster openssl ca -gencrl -crldays 15 -config /etc/openssl/monster/openssl.cnf -out crl.pem openssl crl -in crl.pem -outform der -out strongswan-monster.crl cp strongswan-monster.crl /var/www/localhost/htdocs/ +cd /etc/openssl/rfc3779 +openssl ca -gencrl -crldays 15 -config /etc/openssl/rfc3779/openssl.cnf -out crl.pem +openssl crl -in crl.pem -outform der -out strongswan_rfc3779.crl +cp strongswan_rfc3779.crl /var/www/localhost/htdocs/ diff --git a/testing/hosts/winnetou/etc/openssl/generate-hash-and-url b/testing/hosts/winnetou/etc/openssl/generate-hash-and-url new file mode 100755 index 000000000..08208ed65 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/generate-hash-and-url @@ -0,0 +1,13 @@ +#! /bin/bash +# +# generates the SHA-1 hash required by the RFC 4306 +# HASH_AND_URL certificate fetching scheme +# + +for cert in $@ +do + openssl x509 -in $cert -outform der -out cert.der + hash=`sha1sum cert.der | awk '{ print $1 }'` + cp cert.der "$hash" +done +rm cert.der diff --git a/testing/hosts/winnetou/etc/openssl/index.txt b/testing/hosts/winnetou/etc/openssl/index.txt index 9e5194ebc..abdbb857b 100644 --- a/testing/hosts/winnetou/etc/openssl/index.txt +++ b/testing/hosts/winnetou/etc/openssl/index.txt @@ -1,17 +1,17 @@ -V 090909111334Z 01 unknown /C=CH/O=Linux strongSwan/CN=mars.strongswan.org -V 090909111553Z 02 unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org -V 090909111725Z 03 unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org -V 090909111826Z 04 unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org -V 090909112439Z 05 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice@strongswan.org -V 090909112534Z 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob@strongswan.org -R 090909112548Z 041226135423Z 07 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org -V 090909112651Z 08 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org -V 091118162928Z 09 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org -V 091231214318Z 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +R 090909111334Z 090827094721Z,cessationOfOperation 01 unknown /C=CH/O=Linux strongSwan/CN=mars.strongswan.org +R 090909111553Z 090827094730Z,superseded 02 unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org +R 090909111725Z 090827094735Z,superseded 03 unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org +R 090909111826Z 090827094738Z,superseded 04 unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org +R 090909112439Z 090827094746Z,superseded 05 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice@strongswan.org +R 090909112534Z 090827094749Z,superseded 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob@strongswan.org +R 090909112548Z 041226135423Z,keyCompromise 07 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +R 090909112651Z 090827094754Z,superseded 08 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org +R 091118162928Z 091124124946Z,superseded 09 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org +R 091231214318Z 090827113123Z,superseded 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org V 100216084430Z 0B unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org -R 140321062536Z 050621195214Z 0C unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA +R 140321062536Z 050621195214Z,CACompromise 0C unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 140321062916Z 0D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA -R 100607191714Z 070427213122Z 0E unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org +R 100607191714Z 070427213122Z,superseded 0E unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org V 100620195806Z 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 111007105811Z 10 unknown /C=CH/O=Linux strongSwan/OU=SHA-256/CN=moon.strongswan.org V 111007121250Z 11 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org @@ -19,3 +19,12 @@ V 111007122112Z 12 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongsw V 120224075857Z 13 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol@strongswan.org V 120425210745Z 14 unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org V 140406120117Z 15 unknown /C=CH/O=Linux strongSwan/OU=Research/serialNumber=002/CN=carol@strongswan.org +V 140826095904Z 16 unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org +V 140826100332Z 17 unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org +V 140826100522Z 18 unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org +V 140826100724Z 19 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice@strongswan.org +V 140826100818Z 1A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob@strongswan.org +R 140826103106Z 090827103405Z,keyCompromise 1B unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +V 140826103739Z 1C unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org +V 140826104451Z 1D unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +V 141123125153Z 1E unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/index.txt.old b/testing/hosts/winnetou/etc/openssl/index.txt.old index 64b725536..67a737e0e 100644 --- a/testing/hosts/winnetou/etc/openssl/index.txt.old +++ b/testing/hosts/winnetou/etc/openssl/index.txt.old @@ -1,20 +1,29 @@ -V 090909111334Z 01 unknown /C=CH/O=Linux strongSwan/CN=mars.strongswan.org -V 090909111553Z 02 unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org -V 090909111725Z 03 unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org -V 090909111826Z 04 unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org -V 090909112439Z 05 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice@strongswan.org -V 090909112534Z 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob@strongswan.org -R 090909112548Z 041226135423Z 07 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org -V 090909112651Z 08 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org -V 091118162928Z 09 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org -V 091231214318Z 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +R 090909111334Z 090827094721Z,cessationOfOperation 01 unknown /C=CH/O=Linux strongSwan/CN=mars.strongswan.org +R 090909111553Z 090827094730Z,superseded 02 unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org +R 090909111725Z 090827094735Z,superseded 03 unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org +R 090909111826Z 090827094738Z,superseded 04 unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org +R 090909112439Z 090827094746Z,superseded 05 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice@strongswan.org +R 090909112534Z 090827094749Z,superseded 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob@strongswan.org +R 090909112548Z 041226135423Z,keyCompromise 07 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +R 090909112651Z 090827094754Z,superseded 08 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org +R 091118162928Z 091124124946Z,superseded 09 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org +R 091231214318Z 090827113123Z,superseded 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org V 100216084430Z 0B unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org -R 140321062536Z 050621195214Z 0C unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA +R 140321062536Z 050621195214Z,CACompromise 0C unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 140321062916Z 0D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA -R 100607191714Z 070427213122Z 0E unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org +R 100607191714Z 070427213122Z,superseded 0E unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org V 100620195806Z 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 111007105811Z 10 unknown /C=CH/O=Linux strongSwan/OU=SHA-256/CN=moon.strongswan.org V 111007121250Z 11 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org V 111007122112Z 12 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org V 120224075857Z 13 unknown /C=CH/O=Linux strongSwan/OU=OCSP/CN=carol@strongswan.org V 120425210745Z 14 unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org +V 140406120117Z 15 unknown /C=CH/O=Linux strongSwan/OU=Research/serialNumber=002/CN=carol@strongswan.org +V 140826095904Z 16 unknown /C=CH/O=Linux strongSwan/CN=sun.strongswan.org +V 140826100332Z 17 unknown /C=CH/O=Linux strongSwan/CN=moon.strongswan.org +V 140826100522Z 18 unknown /C=CH/O=Linux strongSwan/CN=venus.strongswan.org +V 140826100724Z 19 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=alice@strongswan.org +V 140826100818Z 1A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob@strongswan.org +R 140826103106Z 090827103405Z,keyCompromise 1B unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +V 140826103739Z 1C unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org +V 140826104451Z 1D unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/16.pem b/testing/hosts/winnetou/etc/openssl/newcerts/16.pem new file mode 100644 index 000000000..d0937bab8 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/16.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z +dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V +VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68 +oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y +h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4 +9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4 +e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb +8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd +p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT +EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB +ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y +Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA +FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF +0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5 +ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat +Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul +fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5 +G/jGGA== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/17.pem b/testing/hosts/winnetou/etc/openssl/newcerts/17.pem new file mode 100644 index 000000000..d5c970f41 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/17.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u +c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK +L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+ +SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY +YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+ +7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3 +Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb +A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE +AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU +XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK +ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC +AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr +BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV +jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML +o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq +wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz +p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9 +25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY +7QTufOwP +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/18.pem b/testing/hosts/winnetou/etc/openssl/newcerts/18.pem new file mode 100644 index 000000000..c383667e6 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/18.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBGDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwMDUyMloXDTE0MDgyNjEwMDUyMlowRzELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHTAbBgNVBAMTFHZlbnVz +LnN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +s0UsstkyjuvNkpx/vmZlKpBITJyGmfTfFjl01uU4dUVwzE3yhllGPLN3ijLSteHP +3opUbDNd5dG4eVsa9DUiqIJlk/g+tnKS5IdQbA6yUf1nIHr39tVukOtX66sMeHBU ++M46KD7r4RRrGSBYT1FsyIv47D2uk24nBZ7Sf2+LoVQZfMIVdydIGfHxmQJxymzS +80mh57EN2y70oH9HMwn/bbGb8WrysN09WVbNbT2vdeYX3OJXi0xsmT/Ynev1VD9B +2mbA/XCf4c45xFL1HxKQ/+RTlmY6z6m4rBFuFGCscLPba5g290mXqrpMSpuWUagI +RZmOaeoyd3x25qbYwNe5QwIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADALBgNVHQ8E +BAMCA6gwHQYDVR0OBBYEFI9cCmyxR/wbUXCARuBjbHpUAS1nMG0GA1UdIwRmMGSA +FF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UE +ChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENB +ggEAMB8GA1UdEQQYMBaCFHZlbnVzLnN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAw +LqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmww +DQYJKoZIhvcNAQELBQADggEBAK5Pi/g5Y234tEcTFWE0Vdg4cKxIfZRewFOOZI1z +/RWfzoqPZ6YzD15B1toKZrAGsqyhdJ4yQ/BwxJpdgNCscMelkzMubcLXL9QugPS4 +hz4MLkJR2tDCZA/mFUTEbAQwdNSCxSo/l0vZ5KXUg9y5zZhCWpZiHJBXnz/567wn +K16J3x9TYtdh4sT+y+0vHgvosUs2srRTkK2WDDxlh9XTch7DZyrLuiRRFrWjc6y9 +ThVH/qQNXwEBq2t9UYjQUVyx77gVQmiLrPU7UjL4IBoZmBNV/VJ10+rmGj1eG1nD +pgq6oBTrbEsv8Ix7y/MziTB8POj3dKjl2UZmRVBwMbnNqYk= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/19.pem b/testing/hosts/winnetou/etc/openssl/newcerts/19.pem new file mode 100644 index 000000000..49fe4b80b --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/19.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEHzCCAwegAwIBAgIBGTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwMDcyNFoXDTE0MDgyNjEwMDcyNFowVzELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz +MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANiNakgR5pct0NqirfPJEb9e3YZkYHvqZ/RUJ6Ea9ZGE +8KuQxGAHuLWqaf/3GrL/LYIs1fTJ7JTNMu+PSec8kf9I5AxItPzb+uSwI9hXQxhl +NJ8V+Zjs9Q3GX/59wS3DcHF4i8b88I/f7aLGwHOoRyT/UZPXPGIrHS9UWh/50//Q +/GLreivoW65Cfj7oNi3wMTYwZB5MyPY5q9MRcYyEPa0GNM0GzzYfIEkQz8nuSL/q +WQrmLmlS6Ktw5L3HXsUaKinGt0xI7jLGWh4ysnrjMNxKzRt2LITqSPtoTTR2JB6a +5/6544mB2FGErpSd/LgGTmwzOgloZLpsQgsN6xjpUvsCAwEAAaOCAQYwggECMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQF2gQgjAL0KEcKz2x3LQZm +E9qGPDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG +A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0 +cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu +Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn +L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBWv4PhHGVpiLF5M3Rn +qQLSoRFjKqn3N9We81RWwVRpBzwoUEaHizelaVct9FJg6t7Fk/D8F0wag5EFKlcg +KQ8fd/0qLE393uwGb4Dvql2w49NFFDUsk5FC+pMUDAYsWHyFu26WKY5kfaMwNMNJ +HK6e4m6+Wmoy5ulkatwDJRDqkyG11YJ/p0n0HAG1DBJoL9079U+xQxT+9a2f7TaO +B/UbQNOvOgqaddk5uUDTjqnY/bltbAAuuI1ZNMrPCCNUorcdhySJb1tlF/JXTTB6 +N60XqYRYnk5T1yftNU0AA26ggskv4MMDwgYCGsyZuCX9vW+XsArRQJ5fsSZDiO7R +8FT2 +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/1A.pem b/testing/hosts/winnetou/etc/openssl/newcerts/1A.pem new file mode 100644 index 000000000..00ecd5a2d --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/1A.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEHjCCAwagAwIBAgIBGjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwMDgxOFoXDTE0MDgyNjEwMDgxOFowWDELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh +cmNoMRswGQYDVQQDFBJib2JAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDXwxTtozmxKaUhC0T5HvxVShfM5jQQKwIzSVAZeXUp +BgQ2uLT9Hn/J7boaUIE1Xf11zCRIlcy5Xkupha2gfqEmRbefYAOr/NFuC4pPEDeJ +jWg/miCZo9/DH2iWvCvU4GCcrY/LKDeDoKL9fc9H5FTtA/Y1ugbooOO1yoV04eot +MmvmYcqUtCX+h/Of9xM0w0m6aoDIXAhjcKEPMg/WL5acWuVVaWONa+x7HoQUDe+9 +MgoB1VmaoB77VYaK72jBhbvonF8GjEb3RiukfuMIOk5yN9OHzA9ODJbTDvSmmQkt +h/oEHAL/tzOQ2zjEptsKvwq/3drGbdREO/cp39I5/ZRFAgMBAAGjggEEMIIBADAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUYUK/uIcou7BS8ODHk9Ro +PGJP1FcwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ +BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz +dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHQYDVR0RBBYwFIESYm9iQHN0cm9uZ3N3YW4u +b3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcv +c3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAEIkmrK7GPm4H/FAEVCN +775XpuofsfGjT/bO/aPCqb+uPwwcKeUfxzICQDEqMv+mtxGuLjtfmTWwUcoPMgN+ +2HZDJGa1+kK2VLUz3QBIQXSdusbITb0ND/xCvbGwsk9y/0DGBnAo3xNBNM73ZQ8k +/A7mQ2nnQfzI9gQ342FOuTTb/kwrVNixQI3dhvf6Th5Dj5rZfQs6c09+9jRLGBFx +g7qQ1gej0fi6XYX4cSNwluu/Vo6xT5epEeTU5KoYn0mtOqFx6AY8xzIqQLvY4m8g +viGoGRqId1gqNiEfshb8KICPI29WyiBRzMKO6reeb+446A9CSLgMW0Ze3SCRXrjr +2nQ= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/1B.pem b/testing/hosts/winnetou/etc/openssl/newcerts/1B.pem new file mode 100644 index 000000000..a92610c4f --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/1B.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIjCCAwqgAwIBAgIBGzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwMzEwNloXDTE0MDgyNjEwMzEwNlowWjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh +cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAOHh/BBf9VwUbx3IU2ZvKJylwCUP2Gr40Velcexr +lR1PoK3nwZrJxxfhhxrxdx7Wnt/PDiF2eyzA9U4cOyS1zPpWuRt69PEOWfzQJZkD +e5C6bXZMHwJGaCM0h8EugnwI7/XgbEq8U/1PBwIeFh8xSyIwyn8NqyHWm+6haFZG +Urz7y0ZOAYcX5ZldP8vjm2SyAl0hPlod0ypk2K1igmO8w3cRRFqD27XhztgIJyoi ++BO3umc+BXcpPGoZ7IFaXvHcMVECrxbkrvRdpKiz/4+u8FakQJtBmYuqP2TLodRJ +TKSJ4UvIPXZ8DTEYC/Ja/wrm1hNfH4T3YjWGT++lVbYF7qECAwEAAaOCAQYwggEC +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQRnt9aYXsi/fgMXGVh +ZpTfg8kSYjBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL +MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz +d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCY2EMqkuhtAls/ +jkjXm+sI5YVglE62itSYgJxKZhxoFn3l4Afc6+XBeftK8Y1IjXdeyQUg8qHhkctl +nBiEzRCClporCOXl5hOzWi+ft2hyKgcx8mFB8Qw5ZE9z8dvY70jdPCB4cH5EVaiC +6ElGcI02iO073iCe38b3rmpwfnkIWZ0FVjSFSsTiNPLXWH6m6tt9Gux/PFuLff4a +cdGfEGs01DEp9t0bHqZd6ESf2rEUljT57i9wSBfT5ULj78VTgudw/WhB0CgiXD+f +q2dZC/19B8Xmk6XmEpRQjFK6wFmfBiQdelJo17/8M4LdT/RfvTHJOxr2OAtvCm2Z +0xafBd5x +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/1C.pem b/testing/hosts/winnetou/etc/openssl/newcerts/1C.pem new file mode 100644 index 000000000..f212e19cf --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/1C.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIjCCAwqgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwMzczOVoXDTE0MDgyNjEwMzczOVowWzELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzARBgNVBAsTCkFjY291 +bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDAB/JTbwVY5oNF0+8Behdbc0NOeX+bl0SOcgpZ +ha6nbMBQO41jtOI5r5Xbg9sK9l+DYOnZQZEsEhIVZDoK8yGI/FIEE+gWRf+OLmI8 +k2K+G1dklTC/VP2tZWMQYQWs6UnX3iiVpHccI3CQqqJWe9fZsIsq0J9j9hu6h9dG +IEbon6RXDLPI5DIiIKc3r0jDHNDsIUDzcjuUdCxKFCMuHUCfa1PBiqpj5pP6XT0G +gI6UjbgnNWPTPb2axE7P1x5gQmVwiFiYs+VTh2fq9O9xNxnn/YmzLk4/YNly7xYX +Q31NuhSvRpH7jsJ1p4VSuunYqvccPUKsp5PvCtCeGvNT2qt1AgMBAAGjggEFMIIB +ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU7n842u6huBpBd394 +8mdL6EOdjg4wbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx +CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD +ExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz +d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAyAbxrpMtTARw3 +jvBwuapaHXnTppz+TkWyfXVpgTwtPlf3rbhPk4DjhT2ygyMTI1azoqProf2aBbDr +DldCSQPsZAcuzOdruKKMo2CQwgLuBFXL+JUX0hiIpFS1ZZHA2aDKyUw4OyADOvDU +8r1/WiwRb91TdYP9nEu9qP30k0vkUg8DCbCmPI1/MVaxVzh9LRAFyOHrnKSCXG7o +StmVFm2Yf3pE4HS1W6DtommyPs7aUD5XAaQdr3DYKI/TazoU6t5g2aEqigu+pj2M +qk5idJkx5VCFvUU1hlChyX6NNNjJNnV6u5YiuatcdYQhpCTBsxnBoM+w0BvNOCl+ +1PdgEy1K +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/1D.pem b/testing/hosts/winnetou/etc/openssl/newcerts/1D.pem new file mode 100644 index 000000000..6c41df9c7 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/1D.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh +cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx +6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ +Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V +Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G +I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov +x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5 +tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL +MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz +d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul +GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7 +ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr +F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ +L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK +ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k +Rf5Z0GOR +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/1E.pem b/testing/hosts/winnetou/etc/openssl/newcerts/1E.pem new file mode 100644 index 000000000..f84d1a877 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/1E.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIBHjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MTEyNDEyNTE1M1oXDTE0MTEyMzEyNTE1M1owZzELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHzAdBgNVBAsTFk9DU1Ag +U2lnbmluZyBBdXRob3JpdHkxHDAaBgNVBAMTE29jc3Auc3Ryb25nc3dhbi5vcmcw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8BT5LvsaxM0gOw9QM74ML +vbxXXxTv9W0L//oBnPohbVyueSl0/r2rcIeYa0g1eePgwRRBHwr356Om2mv/zXTp +lQA4qtY6YMZkoeYCOVhO/fJ4CGO213qWeWIYOe4njTuiPUiI20PWancgaic5UOAC +UBnyes94I5kB1OWx0THma4Sv0HdBRoWwO+ZqAA87fpV/Wagi6ElJBcjLbO5Hpy3J +dFvrjNWZwuJw2+qHQ4QOT4McpusfIjgXaZtyEpVIcbJ7knNSq+MapdP0RBS6wzXa +kWx9tMIAB9gKUfENTNl60ZnmqI0KgKiR3Yqia/bbsD7JcangOcOjWA2H0LKnnLdp +AgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU +NJFukTK/NSVDzCh074LCV5J5E3MwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXg +YOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdT +d2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYIT +b2NzcC5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDCTA5BgNVHR8E +MjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4u +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBteNdmkKbr3bUJSKTaJ/qssbyPjL7MjAmi +QA1sSq5yIh7Ir23xEq/XQFF51N2yDNuXhLYk1fWou8BL+X9x97BlQkp9/nZ+BdJG +uH2zOUxcsfq57jtwMzlXGrmVUTMAJRtMqrSnVa9jbW+IF2p/sJfeSRRqJ2qwQoDW +ppvvBF4RfdWOVCCidtRmWKycEtP1ylSYyiHswVWhL2gLXQRQ0l5wJdgT2URRDopC +CBiE5mHOWn17gTWQw9SdGbY37o9jXNrY8GRgOeubHFRmdXa1Cli5P5HhIZygUBWX +tn5BvNDEIUz11/AT+HfpdMSKDiAXMq44wqWoYoUXsaLTIp+Vt6NM +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ocspCert.pem b/testing/hosts/winnetou/etc/openssl/ocspCert.pem index 6ca9a58a4..f84d1a877 100644 --- a/testing/hosts/winnetou/etc/openssl/ocspCert.pem +++ b/testing/hosts/winnetou/etc/openssl/ocspCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIBCTANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEQzCCAyugAwIBAgIBHjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MTExOTE2MjkyOFoXDTA5MTExODE2MjkyOFowZzELMAkGA1UE +b290IENBMB4XDTA5MTEyNDEyNTE1M1oXDTE0MTEyMzEyNTE1M1owZzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHzAdBgNVBAsTFk9DU1Ag U2lnbmluZyBBdXRob3JpdHkxHDAaBgNVBAMTE29jc3Auc3Ryb25nc3dhbi5vcmcw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqJ0y0yhF4iEygd8M73wNC -8RO590BqiD3Z3x9/5GSVCgfm+ao4hcg6CogNGicu4ybzgPoHt0V/El4D8JRkM8QB -pg/R7WI4L1ndSZGgTHcQ1vViXGr4PUsIiUR/EgVCSFs8+6Z73J4bJeMomy27Hn9w -s4leHbrqK87btA2TETV3UlCaDXC6NF8321ZH+D+8OFQaQ0SqKrThKMVYSTf+QdpX -BlI9vtce1SyS6Kiy4WLdXAt8mO7x+UjaVEzFNyi6SXb9FAGVvO9OXi3+mxm9eK2g -+s1kA4jqDvL17JftvJLKzFZ5irEuTe2+wHdQbwtlOkW1JFAsGL4O+r4NIoBuMBZF +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8BT5LvsaxM0gOw9QM74ML +vbxXXxTv9W0L//oBnPohbVyueSl0/r2rcIeYa0g1eePgwRRBHwr356Om2mv/zXTp +lQA4qtY6YMZkoeYCOVhO/fJ4CGO213qWeWIYOe4njTuiPUiI20PWancgaic5UOAC +UBnyes94I5kB1OWx0THma4Sv0HdBRoWwO+ZqAA87fpV/Wagi6ElJBcjLbO5Hpy3J +dFvrjNWZwuJw2+qHQ4QOT4McpusfIjgXaZtyEpVIcbJ7knNSq+MapdP0RBS6wzXa +kWx9tMIAB9gKUfENTNl60ZnmqI0KgKiR3Yqia/bbsD7JcangOcOjWA2H0LKnnLdp AgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU -iAcKuK7HwQdcvmhqxKV/gR83tVYwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXg +NJFukTK/NSVDzCh074LCV5J5E3MwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXg YOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdT d2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYIT b2NzcC5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDCTA5BgNVHR8E MjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4u -Y3JsMA0GCSqGSIb3DQEBBAUAA4IBAQA4jOyh+neFCkXMZ1gK0o98qkBr3vYEO2a0 -wb2hDv8Alx6T5kwLgdhAzZ5urZpAdiWF3NWE+z9KnEWnpep9MRDXNM8uBglgBO2v -SAmV1BXNw2ZDe63w6QvQnezgUuWkrTShfduEDmb8j5jVdzoY+kTKwjLYHPG0Ec79 -Os3PPqXlfeUOkzWnhGVP2EtHCj8SppMdA/XIuwIq8aLN14SITi6gvo/cDMa5N6sT -Q/UBAOWsxbLReaD7l5OXnAJOg3t/RM36vpRqPseGaAgrKy8805QDU2RxsCHrxwzF -Wi/17J6nmX3e4PuwqPAI/4MsHlFdExRvSq/gXBN/Ib4AHGkUr0/q +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBteNdmkKbr3bUJSKTaJ/qssbyPjL7MjAmi +QA1sSq5yIh7Ir23xEq/XQFF51N2yDNuXhLYk1fWou8BL+X9x97BlQkp9/nZ+BdJG +uH2zOUxcsfq57jtwMzlXGrmVUTMAJRtMqrSnVa9jbW+IF2p/sJfeSRRqJ2qwQoDW +ppvvBF4RfdWOVCCidtRmWKycEtP1ylSYyiHswVWhL2gLXQRQ0l5wJdgT2URRDopC +CBiE5mHOWn17gTWQw9SdGbY37o9jXNrY8GRgOeubHFRmdXa1Cli5P5HhIZygUBWX +tn5BvNDEIUz11/AT+HfpdMSKDiAXMq44wqWoYoUXsaLTIp+Vt6NM -----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/ocspKey.pem b/testing/hosts/winnetou/etc/openssl/ocspKey.pem index aa04e24c6..d25396b09 100644 --- a/testing/hosts/winnetou/etc/openssl/ocspKey.pem +++ b/testing/hosts/winnetou/etc/openssl/ocspKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAqidMtMoReIhMoHfDO98DQvETufdAaog92d8ff+RklQoH5vmq -OIXIOgqIDRonLuMm84D6B7dFfxJeA/CUZDPEAaYP0e1iOC9Z3UmRoEx3ENb1Ylxq -+D1LCIlEfxIFQkhbPPume9yeGyXjKJstux5/cLOJXh266ivO27QNkxE1d1JQmg1w -ujRfN9tWR/g/vDhUGkNEqiq04SjFWEk3/kHaVwZSPb7XHtUskuiosuFi3VwLfJju -8flI2lRMxTcoukl2/RQBlbzvTl4t/psZvXitoPrNZAOI6g7y9eyX7bySysxWeYqx -Lk3tvsB3UG8LZTpFtSRQLBi+Dvq+DSKAbjAWRQIDAQABAoIBAC9SnMfPR0qhhcY/ -aMIXBT4x9E2NUZIPcDxPDOCx8bNtxcLcfxYXRxe1ZB9YvbsRm/yvS1qoAyETR6iK -2YqAxyu6Nr4o6l879B9SXbkaayb40ehYUbvWuC6Ylr9MkL/dhdqRFr1uH17ni6T4 -e6CGG+WJWVQeqqSEKJT8H6Zea+NSQi9UOsVgKIMiXr52j3hj8LraH/4FoOPlgg3r -mqrVcQlDYLtt+cufpFJLGzJhTylqlWCRWA6nwKFl8zZqGNaCswKkC3Ql47vlAmQT -ETl4MMpVsmezC8OcursRmgPJzRudnGg6RLyfTff9b/wFmIujvJLYeN/ILRFvFGkq -kiIWNIUCgYEA27y3N6lHJ8ommqquoyAVfQpc5Y1gFFXoE8VzkO1ts5B0N6r2DVvy -DFUT3cSWdBOsF2MykTnyAC0dVXRXTCTEI2AqdmgITOzs3Ydr0XlOPmuM3dOO060F -I9x4GsCpVcV/zWBZfJyUhNQqxpozrWNvHVgxrEc8pjD29iMLf+EsP2cCgYEAxjvP -9uQjRxWv3/5ZVEOpBnecZe+ysg0CgK0zt+nogTAn7ET27FFeW8BjcR6g+r57n9cu -X6EGdxuLexwoqvt3dO/rBF74knTe4ElDzEhcAoxnZPnJrJ6aST0KZ7lGoX5UW7wp -eyW7HXKpd1THY40v7aHhaSr4362kMTFpPvxxrXMCgYAkDa2+Kz8qjyeQXwryZvQ/ -pPCjFXQ7QfEnNVGF6P8D5GK9M4bVoE1xqo/s5jGNcCDfYX5Nh8VmNADJIaKlMq8f -4sp0zRL3lDQ1EOAm6ZFl+n2NdAXOQ2hBfw4RzaS7FwGmL/Xe1U4lES7HkUuDWnpD -xVG5I6MW3ZfXwN5FKCv7ZwKBgByIVWmq8qzzoSnzeTYYuwZ0Ru2hL65TEw4kX/JT -16RoowZt8sCXAabhLS8GApO0wSSDm2gmTEDulQf2SKA7q7kII2KwrMSfz8imovyP -WbcAMI2nKnEPLxPllk7RqynpfgjqL2pLRwB5FY1YhY59ru1cRI6XodTIMH7oJsbr -HQ2jAoGADHlVLAf9hQTYMrLCaO4mjOlJwRa19e1l47o4Lt1H+cGh96Jc4i7Hfkmv -e/j/ZF4XqtjvmZIR2xevL2+/pPVuMYV0hEWyDQzoUgM6OXF4smSG3N+SrDTSmM8I -XE9Ohc2JL3IKWN8SarsTUCrqle7UakmbYTUJqH9bJwGyvm3Ro1o= +MIIEowIBAAKCAQEAvAU+S77GsTNIDsPUDO+DC728V18U7/VtC//6AZz6IW1crnkp +dP69q3CHmGtINXnj4MEUQR8K9+ejptpr/8106ZUAOKrWOmDGZKHmAjlYTv3yeAhj +ttd6lnliGDnuJ407oj1IiNtD1mp3IGonOVDgAlAZ8nrPeCOZAdTlsdEx5muEr9B3 +QUaFsDvmagAPO36Vf1moIuhJSQXIy2zuR6ctyXRb64zVmcLicNvqh0OEDk+DHKbr +HyI4F2mbchKVSHGye5JzUqvjGqXT9EQUusM12pFsfbTCAAfYClHxDUzZetGZ5qiN +CoCokd2Komv227A+yXGp4DnDo1gNh9Cyp5y3aQIDAQABAoIBACKheJrs9Z3XyzLl +AN6tEt8LwG/7VFjqRH6MVFkNt8iGYybDrE4fSYIVRPRe9jrbS4yvI3LnK9cDdFIc +Mv43sov/ZL4LQVAZWRFZ/Ip2U3yhK5LOQMeBotOqYdYCfYoNaml0jjKe6DzK+Uwg +IT9eVRQ3+r99vU7sh5cdxnzdAirlXAGdy2QxdF1lyC/49H6jxS7qxuxHPqI0P8VR +9xVKIXaAKaxcijg47slC386/yEbO96morZuJX+F+iaQ37T0nV3tTergbwDtit3xo +cOdsHan9zGHE1ayKh8DkBinD+BpiLZdapRvcSm2wAKlamXfI3GIAB5r/3B1NW9yb +rsThgc0CgYEA4CN+fNaFYQmLMK33wZfXvcadaktSWWXmnqPVLIWRddUH3SA5qEJB +RwuuLgcfmlmZqBqSOj4pDTtAoNooqA9Ryi0Ugzpvmn5iPevfixQoLix4mn1/bvbF +bo4CX7Vb7mUdfXpu7PwVNALNfaW6fgKM79LoqX4yZ4k/yFuYl+JTIGcCgYEA1r9k +mTi/5royyVX0vV7uwyKrXQ8VRVhnVeT2nG1KkuQqUraUQG8WD9J9uxvbZxhsrax1 +Hg1iCAobzlEL2XoX2y+dN+81o2tm9qcy3L7+g6M/+7nQmU+fbGdBkcWq72dZC4ev +K6grD+gl0uQmdVc7m+3lErojNAlvxTSK1BKrR68CgYA2CxjijO8YGK8BC9FjUnNo +hM1L5eFzQMi8k5BA7evG15jPzodYdLE8qipTWtBZ7STJja6YcIiBcjoBDtkivJ7h ++sCpa5uhSrvxZkA+Tpvpljt2NLBXVxT/tSoJXbdO4f6cVLsOVTHfmpVlqGIxI/hL +kzUaOR16LXO9oahHZwDYHQKBgHPg60PS35p9NxJ1k47sPyKE/rtEfFHjFj+/QWO/ +hdIl1MC1TOJIDzuSdc4Vhhrnjx1YRgplZlS4P7DhAufjfiQEWW3pYqRAPFs0dbmw +Rl56JPiMmAdic8BnJ3all0uAFQinutpv8Gyw9FgMTMRcwgmuIUIttvlJbkqXw6IU +QOB5AoGBAJkTG5alPABxJG9ZuEE+iWCPAV1671FXT115D5wlKOY3CImuhsEW085X +uGZz7WDZWFZJres8RiRlpK035MAg6lUG3trC9+wOluRNehT6h0Vwru8TxjLBxPcc +yjdSVDH61FQLSKWIGLH9VVLX03NXqi3qxVGrrulUSW5h/HR2s3f7 -----END RSA PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/openssl.cnf b/testing/hosts/winnetou/etc/openssl/openssl.cnf index 4a4027072..6433c7a24 100644 --- a/testing/hosts/winnetou/etc/openssl/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/openssl.cnf @@ -42,7 +42,7 @@ crl_extensions = crl_ext # The extentions to add to the CRL default_days = 1825 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = sha1 # which md to use. +default_md = sha256 # which md to use. preserve = no # keep passed DN ordering email_in_dn = no # allow/forbid EMail in DN @@ -146,6 +146,7 @@ subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always subjectAltName = DNS:$ENV::COMMON_NAME #extendedKeyUsage = OCSPSigning +#extendedKeyUsage = serverAuth crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl #################################################################### @@ -164,10 +165,10 @@ crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl [ ca_ext ] -basicConstraints = critical, CA:TRUE +basicConstraints = critical, CA:TRUE, pathlen:1 keyUsage = cRLSign, keyCertSign -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid, issuer:always +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always #################################################################### diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt b/testing/hosts/winnetou/etc/openssl/research/index.txt index 26e68d4f3..75e87f2c9 100644 --- a/testing/hosts/winnetou/etc/openssl/research/index.txt +++ b/testing/hosts/winnetou/etc/openssl/research/index.txt @@ -2,3 +2,4 @@ V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strong V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA V 120323210330Z 03 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org V 140323203747Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org +V 151103161503Z 05 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt.old b/testing/hosts/winnetou/etc/openssl/research/index.txt.old index 2ccf6489c..26e68d4f3 100644 --- a/testing/hosts/winnetou/etc/openssl/research/index.txt.old +++ b/testing/hosts/winnetou/etc/openssl/research/index.txt.old @@ -1,3 +1,4 @@ V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA V 120323210330Z 03 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org +V 140323203747Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/research/newcerts/05.pem b/testing/hosts/winnetou/etc/openssl/research/newcerts/05.pem new file mode 100644 index 000000000..bb205a0fd --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/research/newcerts/05.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0jCCArqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MTEwNDE2MTUwM1oXDTE1MTEwMzE2MTUw +M1owVjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAsTCFJlc2VhcmNoMRkwFwYDVQQDExBEdWNrIFJlc2VhcmNoIENBMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIBRSgHCxHhMjsVZo4PtFnENkHNu +MfyRDsc7m1KRDVt8N4h/EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwDYY0sX+qrpQKa +ub5AgsRa2fOOR9xfyf0Q7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFdXLNY3r60tBsO +UHOJAPZNoGPey5UL9ZjjsN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7ulsSkO9BrfqKD +h/pliP7uZANd0ZpPcrIc68WwrelpI1zu0kYGqu/y8HZpuPuAXtGqS2jctrjSieeY +i9wFLnS2tgV3ID4LzEEICSeqVqOvYgGKbarqLkARdxmdRKM9QYpu+5J+YQIDAQAB +o4GvMIGsMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBR2 +KqikMafGcY8wJbwCZpvLF1SNIDBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDzANBgkqhkiG9w0BAQsF +AAOCAQEAsHR1vDlz2sPQpD9xnt1PL4qX7XWSSM6d+QG3cjdiKCjH8t78ecEm1duv +YozLg6SYHGUF9qYuPz2SAZjQjmIWLlkQpBfQm8/orG+jbsQl5HkXFYX0UWAKZFGx +rjHnOzmQxnmIWHky4uMDT/UmhmWy6kuCmZbKeeOqkBR2gVxfLyzelTSbF4ntEm1C +1XqqtM4OfTOD5QUPD+6rZ5RoIPId9+2A8pJ2NyCUCf47FbkmYzU5+oiChhcGzsC5 +wDlgP32NA88kSiSJ2p2ZveYveRqcyZXZDAiTxRaIwJY0bt2Dk4wKicvy6vPdLA5v +DSlBqDpnqK8tEI9V9YeroihTcygrEg== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/research/serial b/testing/hosts/winnetou/etc/openssl/research/serial index eeee65ec4..cd672a533 100644 --- a/testing/hosts/winnetou/etc/openssl/research/serial +++ b/testing/hosts/winnetou/etc/openssl/research/serial @@ -1 +1 @@ -05 +06 diff --git a/testing/hosts/winnetou/etc/openssl/research/serial.old b/testing/hosts/winnetou/etc/openssl/research/serial.old index 64969239d..eeee65ec4 100644 --- a/testing/hosts/winnetou/etc/openssl/research/serial.old +++ b/testing/hosts/winnetou/etc/openssl/research/serial.old @@ -1 +1 @@ -04 +05 diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/.rand b/testing/hosts/winnetou/etc/openssl/rfc3779/.rand new file mode 100644 index 000000000..20107f5f6 Binary files /dev/null and b/testing/hosts/winnetou/etc/openssl/rfc3779/.rand differ diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/crl.pem b/testing/hosts/winnetou/etc/openssl/rfc3779/crl.pem new file mode 100644 index 000000000..70a9d4c87 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/crl.pem @@ -0,0 +1,15 @@ +-----BEGIN X509 CRL----- +MIICRTCCAS0CAQEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQ0gxGTAXBgNV +BAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHjAcBgNVBAMT +FXN0cm9uZ1N3YW4gUkZDMzc3OSBDQRcNMDkxMjIzMDk0MjUxWhcNMTAwMTA3MDk0 +MjUxWqCBnjCBmzCBjAYDVR0jBIGEMIGBgBQhf6frN9CjCx+h3EIGHhFfPNIQFKFe +pFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAO +BgNVBAsTB1JGQzM3NzkxHjAcBgNVBAMTFXN0cm9uZ1N3YW4gUkZDMzc3OSBDQYIJ +AMxcts8OCFQAMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQDLEmxXy56A +UkZSg59BlPW1R2Fv9fBWiup4OoC1vBcSpPzbiBcD68h62T7hFMx935maBoYa4eLw +sADS2TkRCBEZzAhYkAMQi72jCtPfJwYUJewlQ+V2As3cygkErBm2Vvo3Om37GKil +uQaHvHlBSFGrC5IxeIxR2FOH1BeBD6MM9p7yRJ9yEt++jH2dLiGFYX1cmJ6m8aFr +09tfjTwzw5VclQBjjXaqhrzr33hjAEv0thpx0VQVngq+8WX6HQv/QS1xNJVq8bes +9GChW+MdNIx0ZH4Tb1hv8dafnSyHIVYzY8UuL4X/+LJDSPjyS8wtZWuj1k+cA9u2 +3TDt0F6MgNAH +-----END X509 CRL----- diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/crlnumber b/testing/hosts/winnetou/etc/openssl/rfc3779/crlnumber new file mode 100644 index 000000000..75016ea36 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/crlnumber @@ -0,0 +1 @@ +03 diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/crlnumber.old b/testing/hosts/winnetou/etc/openssl/rfc3779/crlnumber.old new file mode 100644 index 000000000..9e22bcb8e --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/crlnumber.old @@ -0,0 +1 @@ +02 diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt b/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt new file mode 100644 index 000000000..9adf263bf --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt @@ -0,0 +1,4 @@ +V 141222133356Z 01 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=moon.strongswan.org +V 141222133521Z 02 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=sun.strongswan.org +V 141222133612Z 03 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=carol@strongswan.org +V 141222133736Z 04 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=dave@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.attr b/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.attr new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.attr.old b/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.attr.old new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.old b/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.old new file mode 100644 index 000000000..be48eeee4 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/index.txt.old @@ -0,0 +1,3 @@ +V 141222133356Z 01 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=moon.strongswan.org +V 141222133521Z 02 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=sun.strongswan.org +V 141222133612Z 03 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=carol@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/01.pem b/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/01.pem new file mode 100644 index 000000000..7f5f8d703 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/01.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEuDCCA6CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzM1NloXDTE0 +MTIyMjEzMzM1NlowWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dh +bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTKaLLTmKX45Qm +RjIaBSxBwofzqqkZWtl1mu0cDp6rGWr//hC31OO9MbLeRZBX0UBtuKouceAjdrwG +aK7ChR0Ft+qlLZ6Z9BH2Dna4vTdESsB3Sn+uXuU4WNdwmmJuRBXfl/7h/Rt+34Cs +BP82/RtR4GVpS7u73iSLlN4RaeWdySTqhtYH4cKt1H9MiSbwwomwdLedQo3UoOeU +lkWPrzFKT3gzU4vHr1sgpbF54o/iBr5/YyJpUT9UVeDTffAEMxnAe8/Q/a3pgSLO +wJ3HnSvcSH0w8zuH1YXOtfmqsphkwVBJGiLzUHWlYxVIAoCKdrv4eoSJLqlL5b51 +vGkmL83RAgMBAAGjggGJMIIBhTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV +HQ4EFgQU5zzmRRlKa8+cm1g4RYg4lKNkQz4wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ +owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT +d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVghNtb29uLnN0cm9u +Z3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEEGA1UdHwQ6MDgwNqA0oDKG +MGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNy +bDBFBggrBgEFBQcBBwEB/wQ2MDQwEgQCAAEwDAMDAAoBAwUAwKgAATAeBAIAAjAY +AxEA/sAAAAAAAAAAAAAAAAAAAQMDAP7BMA0GCSqGSIb3DQEBCwUAA4IBAQBVFKeX +QIH5Zk0dp/7u/V0TKqu5vZ9x6ZrshAZ9nzbLgmSP+++yDXmlQe0D0i2Men4D095S +smFqw1nMWM5oEPpP58+jhCOHzn7InMp+SRRBkX2j06wT9qbynAHiIun/qcdq13w1 +Fs0PiKVQZbbz72mwl9J3Hkj/JkLtOX00wMPqIFU6veeagGiwOW7KkehFUVqoD9+O +vgkHnUti2XzgskEGcEWmE1EYv7Qo0OdZB15oNoUV5i8WelfmWO+nz9/QKciATNoC +kAUVcEV9XY9sSKjazdyG6QfEd3l6lQ+KAt8MnqA89i0yIQ1lg+3Jfe67SMvM1gy6 +Y0Y2hqCja6SsIjVc +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/02.pem b/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/02.pem new file mode 100644 index 000000000..9ccd47a2c --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/02.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEtjCCA56gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzUyMVoXDTE0 +MTIyMjEzMzUyMVowVzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxGzAZBgNVBAMTEnN1bi5zdHJvbmdzd2Fu +Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1HhvoVh/fM14RE +CTXr4to9ZEeGSqHLl5du+eYZl1fC7qLYaCtlaH+eLfDsCgYpe+XsDLHIxpTK9R6k +XgLP1Jraxz3rtv5qJKkV3aDTjQ2d+cFc0EgiZmn53VEmI/IlcJS/VZzHhNvEJk7H +k0YpoazpGPtNzFGaehV5mXUAeVPx4RH8fjcSiPbuPS3WC7cqtYvVwk97dj05VfEC +VnG+90+eFKztvawBzNGwGQ7xZV7kSiPHNyGAV0qrKvhXZ0VPnm/OEiGCAlIo8uno +Yb/4UMM/a5usCaA9Hgbf8+qqmrzavSUkFEa0y/p9bOBHaqfNP002xktbqBCCodRr +6QgmiysCAwEAAaOCAYgwggGEMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud +DgQWBBTaKhy7PH1ihWsD+3/bJQ3e3Isj+DCBjAYDVR0jBIGEMIGBgBQhf6frN9Cj +Cx+h3EIGHhFfPNIQFKFepFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4 +IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHjAcBgNVBAMTFXN0cm9uZ1N3 +YW4gUkZDMzc3OSBDQYIJAPKv5keyTotGMB0GA1UdEQQWMBSCEnN1bi5zdHJvbmdz +d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo +dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fcmZjMzc3OS5jcmww +RQYIKwYBBQUHAQcBAf8ENjA0MBIEAgABMAwDAwAKAgMFAMCoAAIwHgQCAAIwGAMR +AP7AAAAAAAAAAAAAAAAAAAIDAwD+wjANBgkqhkiG9w0BAQsFAAOCAQEAOqdCIldA +mPp2aAWVPBiKXNrk4VJoIGlwZaUtYNxGQ46wUqAro/taKwZd4B1yvwsX/cHX3Y6j +C1mQtiXw9onJm1qJM1a804U9yPcgdI+9RMiU0hA+aVmyMlS6WQsKFubU17qP2Ljd +4hOwVQ681Hi8zfQjJdYpaO1yLcpy2dkotreJS3wA24ssnskRBI/cuAN0dfbV6SDQ +TK91qz0emHoK3efgtvX4oEpsxI4NrwMstaZSVsHn4npKTGYu82dmPoK6WPblGEHZ +Iavl08lGcYBV5I2ZGuWOekWQzUuBSveV3AFjieeaDIG3Ue3AKaihn6dCLz6l+t7E +dXN+1axy9zQ34g== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/03.pem b/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/03.pem new file mode 100644 index 000000000..3243bc294 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/03.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEojCCA4qgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzYxMloXDTE0 +MTIyMjEzMzYxMlowWTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3 +YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD8OrNy0w+T2 +cru3RQgskGCGppwpvLH/QZVHD/UbumxjKVTrz4FskqN39sFxDFDSre1bps+F7jW/ +zmOFe7c7jmZhK1mPnbviYTS4LXdo1j02pPeBNBk4b6VAIKPaYmO3UIoZZ4SPnnVZ +P7Aj3mU1ztsTbUQqgRmTsdfqiPaBNZ0zylWYPDOkTS+1sbRQHkgdZvw4fYno+Rd+ +hDK1scggL4kRg4uGvFojYciSxo5lC53Am4r8T2zI0aI6L8g57j4cX1XYQwM3tkHM +2BiCRM/c1wQc+vn+xp1oh/GYM4qoSoZyLTD9A0gqmbnF9//wvSmwpDpSkDoHZ5O3 +Ur6HZ8mByQIDAQABo4IBcjCCAW4wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYD +VR0OBBYEFL9rU6QFDLvUOEIFNZROVYWN5v++MIGMBgNVHSMEgYQwgYGAFCF/p+s3 +0KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry +b25nc3dhbi5vcmcwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC5zdHJvbmdz +d2FuLm9yZy9zdHJvbmdzd2FuX3JmYzM3NzkuY3JsMEIGCCsGAQUFBwEHAQH/BDMw +MTAUBAIAATAOAwUACgMAAQMFAMCoAGQwGQQCAAIwEwMRAP7AAAAAAAAAAAAAAAAA +ABAwDQYJKoZIhvcNAQELBQADggEBAHhgG8qqLZX3uXDVX9uBZM8jErI78pyL9F8q +ibTW5UPp+rbbMDY7tphBbFkg5Q0pzJhOzB6I6Oy/QWVVEC20DE7lhOpMu7auS3Gn +z1t6DCIDR9NYXtKs6UXcMA0PSQ1r7iHQWvtZ0uD998k6UQfZCCOwBbonng2DAp/m +FKkaCYiZmJw2YBwf+oVNLQp2fHI61uoguiiRQ4AV5Htho0z6MDqpMyrg2F7Uf2cq +kQY/ZyvMe8VG5KuiaMJPIMdJPnRED2R4qiyHe8eDXgGYHsNhkt7VHRRgo3izqIdG +1oCv+CHQ2XSK+4dA42U0Vw7V/ExmcLy99bZfCEZwNWG6Y/5Qwww= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/04.pem b/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/04.pem new file mode 100644 index 000000000..dffbc67e9 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/newcerts/04.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEoDCCA4igAwIBAgIBBDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzczNloXDTE0 +MTIyMjEzMzczNlowWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dh +bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPLwvUPUNIZnbX +eyz8U0COp5RM7ZLFT2iJmSGxznZ30phUNHSy3WX9V8h2kQ2fBks2x0KYWEg8Lh2y +ggZipePRpuHRnZlcll5/HY/YOUgdV2GE6euNiWKcDB6uE51sxZ+on5KasI9EJMdp +hJpytYUFjx6pExsoqWMQLigrT6A4bYogkweOZHiUyHiqgtUQcHnmmKwxgeUAkZCb +00dk7CYnXNQZ1uHj/08TDwrS37SGXfWEIcBGEx/awqlF+s2HTI6zw7NC2HhQsiSp +Yo1nz8TBr/8XnO9KyYUg04TMkcQqBFDt/qiUswLRLapn9HSyd43BxaF+YuvJ1+ip +M4G05K1nAgMBAAGjggFxMIIBbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV +HQ4EFgQUJ/+79KP+Ea9vdAIMkUYx++cu6R0wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ +owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT +d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVgRNkYXZlQHN0cm9u +Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh +bi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNybDBCBggrBgEFBQcBBwEB/wQzMDEw +FAQCAAEwDgMFAAoDAAIDBQDAqADIMBkEAgACMBMDEQD+wAAAAAAAAAAAAAAAAAAg +MA0GCSqGSIb3DQEBCwUAA4IBAQBlOlqceKqgr0putV9fUf2vekg5QtZGDtHFUOTH +0gDIe2DJ60bWY5IXpjj2KtzRdoP448fpPaprrh8VEljWoVvAF8LaePKGggqwcG+D +Z7ioDYlnV1j+/NnbZGM/hPqa841dh5jesTuTAF2giMod6P6eMiiRcnl9X3ltgSWp +Ahk5C8CNYw+sISJcCHtFQHdKOM4QN7wAWksvpjMWkSDQgf/rnDUgW8DXAwX/9K4V +G2etJ6/8drpjB115p6h+GYz8xFG28/MSf9BqNX03dBs5oyko2+FgSrb3ACK+pAO4 +Cpi2NKZfUH+M7Loo4baI+f5iavpDjDfar8KTiV610DAp0W2S +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf new file mode 100644 index 000000000..133b2ea71 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf @@ -0,0 +1,214 @@ +# openssl.cnf - OpenSSL configuration file for the ZHW PKI +# Mario Strasser +# + +# This definitions were set by the ca_init script DO NOT change +# them manualy. +CAHOME = /etc/openssl/rfc3779 +RANDFILE = $CAHOME/.rand + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +[ new_oids ] +SmartcardLogin = 1.3.6.1.4.1.311.20.2 +ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 + +#################################################################### + +[ ca ] +default_ca = root_ca # The default ca section + +#################################################################### + +[ root_ca ] + +dir = $CAHOME +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/strongswanCert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +crlnumber = $dir/crlnumber # The current CRL serial number +private_key = $dir/strongswanKey.pem # The private key +RANDFILE = $dir/.rand # private random number file + +x509_extensions = host_ext # The extentions to add to the cert + +crl_extensions = crl_ext # The extentions to add to the CRL + +default_days = 1825 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha256 # which md to use. +preserve = no # keep passed DN ordering +email_in_dn = no # allow/forbid EMail in DN + +policy = policy_match # specifying how similar the request must look + +#################################################################### + +# the 'match' policy +[ policy_match ] +countryName = match +stateOrProvinceName = optional +localityName = optional +organizationName = match +organizationalUnitName = optional +userId = optional +serialNumber = optional +commonName = supplied +emailAddress = optional + +# the 'anything' policy +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### + +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = ca_ext # The extentions to add to the self signed cert +# req_extensions = v3_req # The extensions to add to a certificate request + + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +#################################################################### + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = CH +countryName_min = 2 +countryName_max = 2 + +#stateOrProvinceName = State or Province Name (full name) +#stateOrProvinceName_default = ZH + +#localityName = Locality Name (eg, city) +#localityName_default = Winterthur + +organizationName = Organization Name (eg, company) +organizationName_default = Linux strongSwan + +0.organizationalUnitName = Organizational Unit Name (eg, section) +0.organizationalUnitName_default = RFC3779 + +#1.organizationalUnitName = Type (eg, Staff) +#1.organizationalUnitName_default = Staff + +#userId = UID + +commonName = Common Name (eg, YOUR name) +commonName_default = $ENV::COMMON_NAME +commonName_max = 64 + +#0.emailAddress = Email Address (eg, foo@bar.com) +#0.emailAddress_min = 0 +#0.emailAddress_max = 40 + +#1.emailAddress = Second Email Address (eg, foo@bar.com) +#1.emailAddress_min = 0 +#1.emailAddress_max = 40 + +#################################################################### + +[ req_attributes ] + +#################################################################### + +[ host_ext ] + +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment, keyAgreement +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always +subjectAltName = DNS:$ENV::COMMON_NAME +#extendedKeyUsage = OCSPSigning +extendedKeyUsage = serverAuth +crlDistributionPoints = URI:http://crl.strongswan.org/strongswan_rfc3779.crl + +sbgp-ipAddrBlock = critical, @host-addr-section + +[host-addr-section] + +IPv4.0 = 192.168.0.2 +IPv4.1 = 10.2.0.0/16 +IPv6.0 = fec0::2 +IPv6.1 = fec2::/16 + +#################################################################### + +[ user_ext ] + +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment, keyAgreement +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always +subjectAltName = email:$ENV::COMMON_NAME +#authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880 +crlDistributionPoints = URI:http://crl.strongswan.org/strongswan_rfc3779.crl + +#sbgp-ipAddrBlock = critical, IPv4:192.168.0.0/24, IPv6:inherit + +sbgp-ipAddrBlock = critical, @user-addr-section + +[user-addr-section] + +IPv4.0 = 192.168.0.200 +IPv4.1 = 10.3.0.2 +IPv6.0 = fec0::20 + +#################################################################### + +[ ca_ext ] + +basicConstraints = critical, CA:TRUE, pathlen:1 +keyUsage = cRLSign, keyCertSign +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer:always + +sbgp-ipAddrBlock = critical, @ca-addr-section + +[ca-addr-section] + +IPv4.0 = 192.168.0.0/24 +IPv4.1 = 10.1.0.0/16 +IPv4.2 = 10.2.0.0/16 +IPv4.3 = 10.3.0.1 - 10.3.3.232 +IPv6.0 = fec0::/16 +IPv6.1 = fec1::/16 +IPv6.2 = fec2::/16 + +#################################################################### + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +#issuerAltName = issuer:copy +authorityKeyIdentifier = keyid:always, issuer:always + +# eof diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/serial b/testing/hosts/winnetou/etc/openssl/rfc3779/serial new file mode 100644 index 000000000..eeee65ec4 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/serial @@ -0,0 +1 @@ +05 diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/serial.old b/testing/hosts/winnetou/etc/openssl/rfc3779/serial.old new file mode 100644 index 000000000..64969239d --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/serial.old @@ -0,0 +1 @@ +04 diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/strongswanCert.pem b/testing/hosts/winnetou/etc/openssl/rfc3779/strongswanCert.pem new file mode 100644 index 000000000..8e872d89f --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz +Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz +MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ +Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr +b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y +GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF +Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU +EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB +ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM +BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3 +OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI +KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK +AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB +ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm +uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud +rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS +Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA +MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX +fN8iF5kHn7S+Nd9ZFlf3S1w= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/strongswanKey.pem b/testing/hosts/winnetou/etc/openssl/rfc3779/strongswanKey.pem new file mode 100644 index 000000000..95897a2fe --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/strongswanKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAzP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZf +bnECZqoK5obWPkQJCp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qR +w49IPs9k+Uf1OHVrb3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbL +TsbgiplImgi/ZG7YGE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ +78BA1IgMsNZs8cQFAvg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHS +pyBa/zzSDXsP01PUEKNZhloVQVt9NX3MCUItfQIDAQABAoIBAQC4iI1I/BmhVL8q +qNZV5xTor8HaFZWsk3gWCh4VzfLFNrYHPxehX/H9YU12wCLU4oIRIGtxVSjEUn+N +8lFjiEzfl2jVLxrU737mxAdzYGjJL0lOfWtCVBWBFUmcbf592JXiQL6ctOhz3a9+ +cCfkVtsXsAXM4YF0vWEEIpwPgeja/zKX9M0vRBgIfXdeh2cYQKDGxmEspbfMnTyW +XVGmTbgDHQGkvN88OyJEOPulYwmZ1BgsQ2buQgR6OlxzulUmH1VOO+Xm8O6rA0Qn +SjQRd6Q38KLPSEKXucHUIzpQemGdar3ziUoCgUiHJkl79h50W+WIIZTNv1LUR48u +u14aT5eBAoGBAPZDaOK7/w5639WBG84iqLDMiFIuzKADjxrQqmVJXXH3nf1wnS93 +Iy9iAelUmq/He6aruvLJf8GdkFfC/sj4vdnlbvtT1wHiFznLxO49craxgr1J0SXO +HLE5RvyrJrAArWQr33oy6YSOMob95imK58kwMwfpoQuWK3CZaVdMfbzFAoGBANUZ +Ebo/N8bl9Opo/81zYcFpkUlxBP3vJR8aJ5Bx/0fbXCSwvt1AEHqnYiLBStfMyUTC +N4MWCUoZ1H6yRyxqPg+QFnYFCqX/Y3DFhkV5d9kTRWvzxc+mumh81+bRsNU6AyxD +9VFWpAkSA+K8IWCjx5fQ+jeLc7GQ1EjYpSiaEClZAoGBALL6tS0ssyfD+BBFQH8l +w3KThHQuXTviukwj4eOxWX/uFl5PTX5k2Saj1X3OpoogsmalIz83YWnHaVPPfbt0 +xQ6raGizO22782NnDJ6V/Fx5UOrfzmjqjwHi/gu/HGQIafyGwmoevIdBjcl8mJ4S +vXkEVeJnU0uHfdTdOqlfB3d9AoGALimZGoSZW5/zF1iZmXMWSSTKUWOHVk8Y9oze +5z6as4FEi7oyDpHTQA7Ehozi3q7BJwD/r4j1iDTiQHP0UR3OxeZLx1M+REl3zDUt +6hzvJnozPrh3MI2IshvhVWI1cWt4xn0ORomDTWe2qcZhYKL6GNwvaBrwfBXItuMf +nBULzTkCgYAcK5LKu6dwUlnv9iro6Jff24qb3P32HdSC2uZTZMcaTXqqUBO/lST2 +elKAHqQxjGGxFf5buQwfFrOKfNlMhQRHppo2/gJLiiChZ7R3GaF49f/4I5YJOo2a +k/bv70YB3Zf/8p+ip9w9H6N65YAyvzu5yUfoFXgKQQNv0y0B5rtZsw== +-----END RSA PRIVATE KEY----- diff --git a/testing/hosts/winnetou/etc/openssl/serial b/testing/hosts/winnetou/etc/openssl/serial index b6a7d89c6..33c1ce6c7 100644 --- a/testing/hosts/winnetou/etc/openssl/serial +++ b/testing/hosts/winnetou/etc/openssl/serial @@ -1 +1 @@ -16 +1F diff --git a/testing/hosts/winnetou/etc/openssl/serial.old b/testing/hosts/winnetou/etc/openssl/serial.old index 60d3b2f4a..e28e17eb7 100644 --- a/testing/hosts/winnetou/etc/openssl/serial.old +++ b/testing/hosts/winnetou/etc/openssl/serial.old @@ -1 +1 @@ -15 +1E diff --git a/testing/hosts/winnetou/etc/openssl/strongswanCert.pem b/testing/hosts/winnetou/etc/openssl/strongswanCert.pem index 0de3b268d..0865ad22e 100644 --- a/testing/hosts/winnetou/etc/openssl/strongswanCert.pem +++ b/testing/hosts/winnetou/etc/openssl/strongswanCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMDE0NVoXDTE0MDkwODExMDE0NVowRTELMAkGA1UE +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f @@ -9,14 +9,14 @@ FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc 4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ 7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr -K+1LwdqRxo7HgMRiDw8CAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud -DwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0jBGYw -ZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD -VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg -Q0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAJrXTj5gWS37myHHhii9drYwkMFyDHS/ -lHU8rW/drcnHdus507+qUhNr9SiEAHg4Ywj895UDvT0a1sFaw44QyEa/94iKA8/n -+g5kS1IrKvWu3wu8UI3EgzChgHV3cncQlQWbK+FI9Y3Ax1O1np1r+wLptoWpKKKE -UxsYcxP9K4Nbyeon0AIHOajUheiL3t6aRc3m0o7VU7Do6S2r+He+1Zq/nRUfFeTy -0Atebkn8tmUpPSKWaXkmwpVNrjZ1Qu9umAU+dtJyhzL2zmnyhPC4VqpsKCOp7imy -gKZvUIKPm1zyf4T+yjwxwkiX2xVseoM3aKswb1EoZFelHwndU7u0GQ8= +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= -----END CERTIFICATE----- diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs index 30dfc00ef..4a561b857 100755 --- a/testing/scripts/build-umlrootfs +++ b/testing/scripts/build-umlrootfs @@ -141,6 +141,7 @@ fi if [ "$USE_EAP_AKA" = "yes" ] then echo -n " --enable-eap-aka" >> $INSTALLSHELL + echo -n " --enable-eap-aka-3gpp2" >> $INSTALLSHELL fi if [ "$USE_EAP_SIM" = "yes" ] diff --git a/testing/testing.conf b/testing/testing.conf index 1a62d7cac..e86f60ae2 100755 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -19,19 +19,19 @@ UMLTESTDIR=~/strongswan-testing # Bzipped kernel sources # (file extension .tar.bz2 required) -KERNEL=$UMLTESTDIR/linux-2.6.30.2.tar.bz2 +KERNEL=$UMLTESTDIR/linux-2.6.31.5.tar.bz2 # Extract kernel version KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'` # Kernel configuration file -KERNELCONFIG=$UMLTESTDIR/.config-2.6.30 +KERNELCONFIG=$UMLTESTDIR/.config-2.6.31 # Bzipped uml patch for kernel #UMLPATCH=$UMLTESTDIR/aead_init.patch.bz2 # Bzipped source of strongSwan -STRONGSWAN=$UMLTESTDIR/strongswan-4.3.4.tar.bz2 +STRONGSWAN=$UMLTESTDIR/strongswan-4.3.6.tar.bz2 # strongSwan compile options (use "yes" or "no") USE_LIBCURL="yes" diff --git a/testing/tests/gcrypt-ikev1/alg-camellia/description.txt b/testing/tests/gcrypt-ikev1/alg-camellia/description.txt new file mode 100644 index 000000000..a9633ee84 --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-camellia/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the cipher suite +CAMELLIA_CBC_128 / HMAC_SHA2_256 / MODP_2048 for the IKE protocol and +CAMELLIA_CBC_128 / HMAC_SHA2_256_128 for ESP packets. A ping from carol to +alice successfully checks the established tunnel. diff --git a/testing/tests/gcrypt-ikev1/alg-camellia/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-camellia/evaltest.dat new file mode 100644 index 000000000..93f82906e --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-camellia/evaltest.dat @@ -0,0 +1,11 @@ +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ipsec statusall::IKE proposal: CAMELLIA_CBC_128/HMAC_SHA2_256/MODP_2048::YES +moon::ipsec statusall::IKE proposal: CAMELLIA_CBC_128/HMAC_SHA2_256/MODP_2048::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: CAMELLIA_CBC_128/HMAC_SHA2_256::YES +moon::ipsec statusall::ESP proposal: CAMELLIA_CBC_128/HMAC_SHA2_256::YES +carol::ip xfrm state::enc cbc(camellia)::YES +moon::ip xfrm state::enc cbc(camellia)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/gcrypt-ikev1/alg-camellia/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-camellia/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..a24c69735 --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-camellia/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=camellia128-sha256-modp2048! + esp=camellia128-sha256! + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/gcrypt-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..afc3806b5 --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = pem pkcs1 x509 gcrypt hmac curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/gcrypt-ikev1/alg-camellia/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-camellia/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..a8e09f8ff --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-camellia/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=camellia128-sha256-modp2048! + esp=camellia128-sha256! + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + rightid=carol@strongswan.org + auto=add diff --git a/testing/tests/gcrypt-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..afc3806b5 --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = pem pkcs1 x509 gcrypt hmac curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/gcrypt-ikev1/alg-camellia/posttest.dat b/testing/tests/gcrypt-ikev1/alg-camellia/posttest.dat new file mode 100644 index 000000000..c6d6235f9 --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-camellia/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +carol::ipsec stop diff --git a/testing/tests/gcrypt-ikev1/alg-camellia/pretest.dat b/testing/tests/gcrypt-ikev1/alg-camellia/pretest.dat new file mode 100644 index 000000000..6d2eeb5f9 --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-camellia/pretest.dat @@ -0,0 +1,5 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +carol::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/gcrypt-ikev1/alg-camellia/test.conf b/testing/tests/gcrypt-ikev1/alg-camellia/test.conf new file mode 100644 index 000000000..fd33cfb57 --- /dev/null +++ b/testing/tests/gcrypt-ikev1/alg-camellia/test.conf @@ -0,0 +1,22 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" + diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/description.txt b/testing/tests/gcrypt-ikev1/alg-serpent/description.txt index 604fb45df..982efa5ea 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/description.txt +++ b/testing/tests/gcrypt-ikev1/alg-serpent/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the strong cipher suite SERPENT_CBC_256 / HMAC_SHA2_512 / MODP_4096 for the IKE protocol and -SERPENT_CBC_256 / HMAC_SHA2_256 for ESP packets. A ping from carol to +SERPENT_CBC_256 / HMAC_SHA2_512_256 for ESP packets. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat index 2be8f675f..d9964314b 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat +++ b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat @@ -2,9 +2,10 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES carol::ipsec statusall::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512/MODP_4096::YES moon::ipsec statusall::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_512::YES +moon::ipsec statusall::ESP proposal: SERPENT_CBC_256/HMAC_SHA2_512::YES carol::ip xfrm state::enc cbc(serpent)::YES moon::ip xfrm state::enc cbc(serpent)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf index b050f022a..0848c3696 100755 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=serpent256-sha2_512-modp4096! - esp=serpent256-sha2_256! + esp=serpent256-sha2_512! conn home left=PH_IP_CAROL diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf index 0c6fd2c9f..afc3806b5 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = gcrypt hmac pubkey curl + load = pem pkcs1 x509 gcrypt hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf index 75830f043..05edfc7d0 100755 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=serpent256-sha2_512-modp4096! - esp=serpent256-sha2_256! + esp=serpent256-sha2_512! conn rw left=PH_IP_MOON diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf index 0c6fd2c9f..afc3806b5 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = gcrypt hmac pubkey curl + load = pem pkcs1 x509 gcrypt hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf b/testing/tests/gcrypt-ikev1/alg-serpent/test.conf index a6c8f026c..fd33cfb57 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/test.conf +++ b/testing/tests/gcrypt-ikev1/alg-serpent/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/description.txt b/testing/tests/gcrypt-ikev1/alg-twofish/description.txt index b65ea7b8d..f3fc61fe6 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/description.txt +++ b/testing/tests/gcrypt-ikev1/alg-twofish/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the strong cipher suite TWOFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096 for the IKE protocol and -TWOFISH_CBC_256 / HMAC_SHA2_256 for ESP packets. A ping from carol to +TWOFISH_CBC_256 / HMAC_SHA2_512_256 for ESP packets. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat index 34c9d1c65..c69355b81 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat +++ b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat @@ -2,9 +2,10 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES carol::ipsec statusall::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES moon::ipsec statusall::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_512::YES +moon::ipsec statusall::ESP proposal: TWOFISH_CBC_256/HMAC_SHA2_512::YES carol::ip xfrm state::enc cbc(twofish)::YES moon::ip xfrm state::enc cbc(twofish)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf index 71ed47519..838291f80 100755 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=twofish256-sha2_512-modp4096! - esp=twofish256-sha2_256! + esp=twofish256-sha2_512! conn home left=PH_IP_CAROL diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf index 0c6fd2c9f..afc3806b5 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = gcrypt hmac pubkey curl + load = pem pkcs1 x509 gcrypt hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf index ba739f887..c2ef12853 100755 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=twofish256-sha2_512-modp4096! - esp=twofish256-sha2_256! + esp=twofish256-sha2_512! conn rw left=PH_IP_MOON diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf index 0c6fd2c9f..afc3806b5 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = gcrypt hmac pubkey curl + load = pem pkcs1 x509 gcrypt hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/test.conf b/testing/tests/gcrypt-ikev1/alg-twofish/test.conf index a6c8f026c..fd33cfb57 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/test.conf +++ b/testing/tests/gcrypt-ikev1/alg-twofish/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/gcrypt-ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/rw-cert/hosts/carol/etc/strongswan.conf index 9536a85be..77491cfd8 100644 --- a/testing/tests/gcrypt-ikev1/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = test-vectors gcrypt pubkey hmac curl + load = test-vectors pem pkcs1 x509 gcrypt hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/gcrypt-ikev1/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/rw-cert/hosts/dave/etc/strongswan.conf index 80952cb41..7d8cd1781 100644 --- a/testing/tests/gcrypt-ikev1/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = test-vectors aes des sha1 sha2 md5 gmp pubkey random hmac curl + load = test-vectors aes des sha1 sha2 md5 pem pkcs1 x509 gmp random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/gcrypt-ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/rw-cert/hosts/moon/etc/strongswan.conf index 9536a85be..77491cfd8 100644 --- a/testing/tests/gcrypt-ikev1/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev1/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = test-vectors gcrypt pubkey hmac curl + load = test-vectors pem pkcs1 x509 gcrypt hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat index aad3becc7..d77c4806e 100644 --- a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat +++ b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat @@ -2,8 +2,10 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES moon::ipsec statusall::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES carol::ipsec statusall::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES carol::ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES moon::ip xfrm state::enc cbc(camellia)::YES carol::ip xfrm state::enc cbc(camellia)::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf index 70c473005..586a3dc5e 100644 --- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl gcrypt x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf index 70c473005..586a3dc5e 100644 --- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl gcrypt x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/test.conf b/testing/tests/gcrypt-ikev2/alg-camellia/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/gcrypt-ikev2/alg-camellia/test.conf +++ b/testing/tests/gcrypt-ikev2/alg-camellia/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 6cf472ed3..b15a55fa5 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors gcrypt x509 pubkey hmac stroke kernel-netlink updown + load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf index b946aa004..ab6f08e2d 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf index 6cf472ed3..b15a55fa5 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors gcrypt x509 pubkey hmac stroke kernel-netlink updown + load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf index ac4b8d589..c2d2b14ac 100644 --- a/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf index 263978c99..6f4ec2510 100644 --- a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } libstrongswan { diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf index 147e381b1..ff3faf993 100644 --- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink } pluto { - load = curl test-vectors aes des sha1 sha2 md5 gmp random pubkey hmac + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 x509 gmp random hmac } libstrongswan { diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf index 8dcb265b7..cf4893014 100644 --- a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf @@ -1,9 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink } pluto { - load = curl aes des sha1 sha2 md5 gmp random pubkey hmac + load = curl aes des sha1 sha2 md5 pem pkcs1 x509 gmp random hmac } diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev1/alg-blowfish/description.txt b/testing/tests/ikev1/alg-blowfish/description.txt index 7d8f245ab..7b14287f7 100644 --- a/testing/tests/ikev1/alg-blowfish/description.txt +++ b/testing/tests/ikev1/alg-blowfish/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the strong cipher suite BLOWFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096 for the IKE protocol and -BLOWFISH_CBC_256 / HMAC_SHA2_256 for ESP packets. A ping from carol to +BLOWFISH_CBC_256 / HMAC_SHA2_512 for ESP packets. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-blowfish/evaltest.dat b/testing/tests/ikev1/alg-blowfish/evaltest.dat index fd46cdb9d..4ea613d3d 100644 --- a/testing/tests/ikev1/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev1/alg-blowfish/evaltest.dat @@ -2,9 +2,10 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES moon::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_512::YES +moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_512::YES carol::ip xfrm state::enc cbc(blowfish)::YES moon::ip xfrm state::enc cbc(blowfish)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf index 175349c41..3517077f9 100755 --- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=blowfish256-sha2_512-modp4096! - esp=blowfish256-sha2_256! + esp=blowfish256-sha2_512! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf index f5401f260..28dd532b3 100644 --- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des blowfish hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf index 89dbee0af..1b4cca222 100755 --- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=blowfish256-sha2_512-modp4096! - esp=blowfish256-sha2_256! + esp=blowfish256-sha2_512! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf index f5401f260..28dd532b3 100644 --- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des blowfish hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/alg-blowfish/pretest.dat b/testing/tests/ikev1/alg-blowfish/pretest.dat index 6d2eeb5f9..5e1e80e1d 100644 --- a/testing/tests/ikev1/alg-blowfish/pretest.dat +++ b/testing/tests/ikev1/alg-blowfish/pretest.dat @@ -3,3 +3,4 @@ carol::ipsec start moon::ipsec start carol::sleep 2 carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev1/alg-blowfish/test.conf b/testing/tests/ikev1/alg-blowfish/test.conf index a6c8f026c..fd33cfb57 100644 --- a/testing/tests/ikev1/alg-blowfish/test.conf +++ b/testing/tests/ikev1/alg-blowfish/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/alg-sha256-96/description.txt b/testing/tests/ikev1/alg-sha256-96/description.txt new file mode 100644 index 000000000..c5ab23e51 --- /dev/null +++ b/testing/tests/ikev1/alg-sha256-96/description.txt @@ -0,0 +1,5 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +AES_CBC_128 / HMAC_SHA2_256_96 with 96 bit instead of the standard 128 bit +truncation, allowing compatibility with Linux kernels older than 2.6.33 +by defining esp=aes128-sha256_96! in ipsec.conf. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-sha256-96/evaltest.dat b/testing/tests/ikev1/alg-sha256-96/evaltest.dat new file mode 100644 index 000000000..6e8715b1f --- /dev/null +++ b/testing/tests/ikev1/alg-sha256-96/evaltest.dat @@ -0,0 +1,12 @@ +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES +moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES +moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES +carol::ip xfrm state::auth hmac(sha256)::YES +moon::ip xfrm state::auth hmac(sha256)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES + diff --git a/testing/tests/ikev1/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256-96/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..2611115cd --- /dev/null +++ b/testing/tests/ikev1/alg-sha256-96/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=aes128-sha256-modp2048! + esp=aes128-sha256_96! + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256-96/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..758c7a29a --- /dev/null +++ b/testing/tests/ikev1/alg-sha256-96/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=aes128-sha256-modp2048! + esp=aes128-sha256_96! + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + rightid=carol@strongswan.org + auto=add diff --git a/testing/tests/ikev1/alg-sha256-96/posttest.dat b/testing/tests/ikev1/alg-sha256-96/posttest.dat new file mode 100644 index 000000000..c6d6235f9 --- /dev/null +++ b/testing/tests/ikev1/alg-sha256-96/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +carol::ipsec stop diff --git a/testing/tests/ikev1/alg-sha256-96/pretest.dat b/testing/tests/ikev1/alg-sha256-96/pretest.dat new file mode 100644 index 000000000..7d077c126 --- /dev/null +++ b/testing/tests/ikev1/alg-sha256-96/pretest.dat @@ -0,0 +1,5 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +carol::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/ikev1/alg-sha256-96/test.conf b/testing/tests/ikev1/alg-sha256-96/test.conf new file mode 100644 index 000000000..fd33cfb57 --- /dev/null +++ b/testing/tests/ikev1/alg-sha256-96/test.conf @@ -0,0 +1,22 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" + diff --git a/testing/tests/ikev1/alg-sha256/description.txt b/testing/tests/ikev1/alg-sha256/description.txt new file mode 100644 index 000000000..628101921 --- /dev/null +++ b/testing/tests/ikev1/alg-sha256/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the cipher suite +AES_CBC_128 / HMAC_SHA2_256 / MODP_2048 for the IKE protocol and +AES_CBC_128 / HMAC_SHA2_256 for ESP packets. A ping from carol to +alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-sha256/evaltest.dat b/testing/tests/ikev1/alg-sha256/evaltest.dat new file mode 100644 index 000000000..00fcb8862 --- /dev/null +++ b/testing/tests/ikev1/alg-sha256/evaltest.dat @@ -0,0 +1,12 @@ +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES +moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES +moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES +carol::ip xfrm state::auth hmac(sha256)::YES +moon::ip xfrm state::auth hmac(sha256)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES + diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..0e1db6fbe --- /dev/null +++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=aes128-sha256-modp2048! + esp=aes128-sha256! + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..584ffda19 --- /dev/null +++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=aes128-sha256-modp2048! + esp=aes128-sha256! + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + rightid=carol@strongswan.org + auto=add diff --git a/testing/tests/ikev1/alg-sha256/posttest.dat b/testing/tests/ikev1/alg-sha256/posttest.dat new file mode 100644 index 000000000..c6d6235f9 --- /dev/null +++ b/testing/tests/ikev1/alg-sha256/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +carol::ipsec stop diff --git a/testing/tests/ikev1/alg-sha256/pretest.dat b/testing/tests/ikev1/alg-sha256/pretest.dat new file mode 100644 index 000000000..7d077c126 --- /dev/null +++ b/testing/tests/ikev1/alg-sha256/pretest.dat @@ -0,0 +1,5 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +carol::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/ikev1/alg-sha256/test.conf b/testing/tests/ikev1/alg-sha256/test.conf new file mode 100644 index 000000000..fd33cfb57 --- /dev/null +++ b/testing/tests/ikev1/alg-sha256/test.conf @@ -0,0 +1,22 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" + diff --git a/testing/tests/ikev1/alg-sha2_256/description.txt b/testing/tests/ikev1/alg-sha2_256/description.txt deleted file mode 100644 index e0af2e2f7..000000000 --- a/testing/tests/ikev1/alg-sha2_256/description.txt +++ /dev/null @@ -1,4 +0,0 @@ -Roadwarrior carol proposes to gateway moon the rather strong cipher suite -AES_CBC_128 / HMAC_SHA2_256 / MODP_1536 for the IKE protocol and -AES_CBC_128 / HMAC_SHA2_256 for ESP packets. A ping from carol to -alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-sha2_256/evaltest.dat b/testing/tests/ikev1/alg-sha2_256/evaltest.dat deleted file mode 100644 index b8a83e0fb..000000000 --- a/testing/tests/ikev1/alg-sha2_256/evaltest.dat +++ /dev/null @@ -1,11 +0,0 @@ - -carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES -moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES -carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES -moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES -carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES -carol::ip xfrm state::auth hmac(sha256)::YES -moon::ip xfrm state::auth hmac(sha256)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - diff --git a/testing/tests/ikev1/alg-sha2_256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha2_256/hosts/carol/etc/ipsec.conf deleted file mode 100755 index 0c5980ed3..000000000 --- a/testing/tests/ikev1/alg-sha2_256/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutodebug="control crypt" - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - ike=aes128-sha2_256-modp1536! - esp=aes128-sha2_256! - -conn home - left=PH_IP_CAROL - leftcert=carolCert.pem - leftid=carol@strongswan.org - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add diff --git a/testing/tests/ikev1/alg-sha2_256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha2_256/hosts/moon/etc/ipsec.conf deleted file mode 100755 index 1770e5313..000000000 --- a/testing/tests/ikev1/alg-sha2_256/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutodebug="control crypt" - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - ike=aes128-sha2_256-modp1536! - esp=aes128-sha2_256! - -conn rw - left=PH_IP_MOON - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftsubnet=10.1.0.0/16 - right=%any - rightid=carol@strongswan.org - auto=add diff --git a/testing/tests/ikev1/alg-sha2_256/posttest.dat b/testing/tests/ikev1/alg-sha2_256/posttest.dat deleted file mode 100644 index c6d6235f9..000000000 --- a/testing/tests/ikev1/alg-sha2_256/posttest.dat +++ /dev/null @@ -1,2 +0,0 @@ -moon::ipsec stop -carol::ipsec stop diff --git a/testing/tests/ikev1/alg-sha2_256/pretest.dat b/testing/tests/ikev1/alg-sha2_256/pretest.dat deleted file mode 100644 index 7d077c126..000000000 --- a/testing/tests/ikev1/alg-sha2_256/pretest.dat +++ /dev/null @@ -1,5 +0,0 @@ -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -carol::ipsec start -moon::ipsec start -carol::sleep 2 -carol::ipsec up home diff --git a/testing/tests/ikev1/alg-sha2_256/test.conf b/testing/tests/ikev1/alg-sha2_256/test.conf deleted file mode 100644 index a6c8f026c..000000000 --- a/testing/tests/ikev1/alg-sha2_256/test.conf +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="moon carol winnetou" - -# Corresponding block diagram -# -DIAGRAM="m-c-w.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol" - diff --git a/testing/tests/ikev1/alg-sha384/description.txt b/testing/tests/ikev1/alg-sha384/description.txt new file mode 100644 index 000000000..251e2e6a2 --- /dev/null +++ b/testing/tests/ikev1/alg-sha384/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the cipher suite +AES_CBC_192 / HMAC_SHA2_384 / MODP_3072 for the IKE protocol and +AES_CBC_192 / HMAC_SHA2_384 for ESP packets. A ping from carol to +alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-sha384/evaltest.dat b/testing/tests/ikev1/alg-sha384/evaltest.dat new file mode 100644 index 000000000..4da5ec5e7 --- /dev/null +++ b/testing/tests/ikev1/alg-sha384/evaltest.dat @@ -0,0 +1,12 @@ +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_3072::YES +moon::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_3072::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_384::YES +moon::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_384::YES +carol::ip xfrm state::auth hmac(sha384)::YES +moon::ip xfrm state::auth hmac(sha384)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES + diff --git a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..c60c6615c --- /dev/null +++ b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=aes192-sha384-modp3072! + esp=aes192-sha384! + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..2d361b38a --- /dev/null +++ b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=aes192-sha384-modp3072! + esp=aes192-sha384! + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + rightid=carol@strongswan.org + auto=add diff --git a/testing/tests/ikev1/alg-sha384/posttest.dat b/testing/tests/ikev1/alg-sha384/posttest.dat new file mode 100644 index 000000000..c6d6235f9 --- /dev/null +++ b/testing/tests/ikev1/alg-sha384/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +carol::ipsec stop diff --git a/testing/tests/ikev1/alg-sha384/pretest.dat b/testing/tests/ikev1/alg-sha384/pretest.dat new file mode 100644 index 000000000..7d077c126 --- /dev/null +++ b/testing/tests/ikev1/alg-sha384/pretest.dat @@ -0,0 +1,5 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +carol::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/ikev1/alg-sha384/test.conf b/testing/tests/ikev1/alg-sha384/test.conf new file mode 100644 index 000000000..fd33cfb57 --- /dev/null +++ b/testing/tests/ikev1/alg-sha384/test.conf @@ -0,0 +1,22 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" + diff --git a/testing/tests/ikev1/alg-sha512/description.txt b/testing/tests/ikev1/alg-sha512/description.txt new file mode 100644 index 000000000..adfc548b8 --- /dev/null +++ b/testing/tests/ikev1/alg-sha512/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the cipher suite +AES_CBC_256 / HMAC_SHA2_512 / MODP_4096 for the IKE protocol and +AES_CBC_256 / HMAC_SHA2_512 for ESP packets. A ping from carol to +alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-sha512/evaltest.dat b/testing/tests/ikev1/alg-sha512/evaltest.dat new file mode 100644 index 000000000..7e928d30b --- /dev/null +++ b/testing/tests/ikev1/alg-sha512/evaltest.dat @@ -0,0 +1,12 @@ +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_4096::YES +moon::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_4096::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_512::YES +moon::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_512::YES +carol::ip xfrm state::auth hmac(sha512)::YES +moon::ip xfrm state::auth hmac(sha512)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES + diff --git a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..6bd3ac8c7 --- /dev/null +++ b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=aes256-sha512-modp4096! + esp=aes256-sha512! + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..a28269155 --- /dev/null +++ b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=aes256-sha512-modp4096! + esp=aes256-sha512! + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + rightid=carol@strongswan.org + auto=add diff --git a/testing/tests/ikev1/alg-sha512/posttest.dat b/testing/tests/ikev1/alg-sha512/posttest.dat new file mode 100644 index 000000000..c6d6235f9 --- /dev/null +++ b/testing/tests/ikev1/alg-sha512/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +carol::ipsec stop diff --git a/testing/tests/ikev1/alg-sha512/pretest.dat b/testing/tests/ikev1/alg-sha512/pretest.dat new file mode 100644 index 000000000..7d077c126 --- /dev/null +++ b/testing/tests/ikev1/alg-sha512/pretest.dat @@ -0,0 +1,5 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +carol::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/ikev1/alg-sha512/test.conf b/testing/tests/ikev1/alg-sha512/test.conf new file mode 100644 index 000000000..fd33cfb57 --- /dev/null +++ b/testing/tests/ikev1/alg-sha512/test.conf @@ -0,0 +1,22 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" + diff --git a/testing/tests/ikev1/attr-cert/evaltest.dat b/testing/tests/ikev1/attr-cert/evaltest.dat index 59f6eb76a..c6c3c66c3 100644 --- a/testing/tests/ikev1/attr-cert/evaltest.dat +++ b/testing/tests/ikev1/attr-cert/evaltest.dat @@ -1,12 +1,12 @@ carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES -moon::cat /var/log/auth.log::alice.*peer matches group 'Research'::YES +moon::cat /var/log/auth.log::alice.*peer with attributes .*Research.* is a member of the groups .*Research::YES moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO -moon::cat /var/log/auth.log::venus.*peer doesn't match any group::YES +moon::cat /var/log/auth.log::venus.*peer with attributes .*Research.* is not a member of the groups .*Accounting::YES moon::ipsec status::venus.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES -moon::cat /var/log/auth.log::venus.*peer matches group 'Accounting'::YES +moon::cat /var/log/auth.log::venus.*peer with attributes .*Accounting.* is a member of the groups .*Accounting::YES moon::ipsec status::venus.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::YES dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO -moon::cat /var/log/auth.log::alice.*peer doesn't match any group::YES +moon::cat /var/log/auth.log::alice.*peer with attributes .*Accounting.* is not a member of the groups .*Research::YES moon::ipsec status::alice.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::NO diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/carolCert.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/carolCert.pem index 8492fbd45..6c41df9c7 100644 --- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/carolCert.pem +++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBCjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDEwMTIxNDMxOFoXDTA5MTIzMTIxNDMxOFowWjELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBALgbhJIECOCGyNJ4060un/wBuJ6MQjthK5CAEPgX -T/lvZynoSxhfuW5geDCCxQes6dZPeb6wJS4F5fH3qJoLM+Z4n13rZlCEyyMBkcFl -vK0aNFY+ARs0m7arUX8B7Pfi9N6WHTYgO4XpeBHLJrZQz9AU0V3S0rce/WVuVjii -S/cJhrgSi7rl87Qo1jYOA9P06BZQLj0dFNcWWrGpKp/hXvBF1OSP9b15jsgMlCCW -LJqXmLVKDtKgDPLJZR19mILhgcHvaxxD7craL9GR4QmWLb0m84oAIIwaw+0npZJM -YDMMeYeOtcepCWCmRy+XmsqcWu4rtNCu05W1RsXjYZEKBjcCAwEAAaOCAQYwggEC -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRVNeym66J5uu+IfxhD -j9InsWdG0TBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL +AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx +6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ +Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V +Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G +I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov +x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5 +tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCxMEp+Zdclc0aI -U+jO3TmL81gcwea0BUucjZfDyvCSkDXcXidOez+l/vUueGC7Bqq1ukDF8cpVgGtM -2HPxM97ZSLPInMgWIeLq3uX8iTtIo05EYqRasJxBIAkY9o6ja6v6z0CZqjSbi2WE -HrHkFrkOTrRi7deGzbAAhWVjOnAfzSxBaujkdUxb6jGBc2F5qpAeVSbE+sAxzmSd -hRyF3tUUwl4yabBzmoedJzlQ4anqg0G14QScBxgXkq032gKuzNVVxWRp6OFannKG -C1INvsBWYtN62wjXlXXhM/M4sBFhmPpftVb+Amgr1jSspTX2dQsNqhI/WtNvLmfK -omBYfxqp +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul +GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7 +ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr +F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ +L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK +ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k +Rf5Z0GOR -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/daveCert.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/daveCert.pem index abd1554e5..f212e19cf 100644 --- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/daveCert.pem +++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/daveCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBCDANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIjCCAwqgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjY1MVoXDTA5MDkwOTExMjY1MVowWzELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwMzczOVoXDTE0MDgyNjEwMzczOVowWzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzARBgNVBAsTCkFjY291 bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDGbCmUY6inir71/6RWebegcLUTmDSxRqpRONDx -2IRUEuES5EKc7qsjRz45XoqjiywCQRjYW33fUEEY6r7fnHk70CyUnWeZyr7v4D/2 -LjBN3smDE6/ZZrzxPx+xphlUigYOF/vt4gUiW1dOZ5rcnxG9+eNrSL6gWNNg1iuE -RflSTbmHV6TVmGU2PGddKGZ6XfqWfdA+6iOi2+oyqw6aH4u4hfXhJyMROEOhLdAF -UvzU9UizEXSqsmEOSodS9vypVJRYTbZcx70e9Q7g2MghHvtQY6mVgBzAwakDBCt/ -98lAlKDeXXOQqPcqAZSc2VjG8gEmkr1dum8wsJw8C2liKGRFAgMBAAGjggEFMIIB -ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU3pC10RxsZDx0UNNq -+Ihsoxk4+3IwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx +DQEBAQUAA4IBDwAwggEKAoIBAQDAB/JTbwVY5oNF0+8Behdbc0NOeX+bl0SOcgpZ +ha6nbMBQO41jtOI5r5Xbg9sK9l+DYOnZQZEsEhIVZDoK8yGI/FIEE+gWRf+OLmI8 +k2K+G1dklTC/VP2tZWMQYQWs6UnX3iiVpHccI3CQqqJWe9fZsIsq0J9j9hu6h9dG +IEbon6RXDLPI5DIiIKc3r0jDHNDsIUDzcjuUdCxKFCMuHUCfa1PBiqpj5pP6XT0G +gI6UjbgnNWPTPb2axE7P1x5gQmVwiFiYs+VTh2fq9O9xNxnn/YmzLk4/YNly7xYX +Q31NuhSvRpH7jsJ1p4VSuunYqvccPUKsp5PvCtCeGvNT2qt1AgMBAAGjggEFMIIB +ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU7n842u6huBpBd394 +8mdL6EOdjg4wbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD ExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQAnotcnOE0tJDLy -8Vh1+naT2zrxx9UxfMIeFljwhDqRiHXSLDAbCOnAWoqj8C9riuZwW7UImIIQ9JT9 -Gdktt4bbIcG25rGMC3uqP71CfaAz/SwIZZ2vm8Jt2ZzzSMHsE5qbjDIRAZnq6giR -P2s6PVsMPSpvH34sRbE0UoWJSdtBZJP5bb+T4hc9gfmbyTewwMnjh09KkGJqVxKV -UC/1z1U9zb3X1Gc9y+zI67/D46wM6KdRINaqPdK26aYRFM+/DLoTfFk07dsyz7lt -0C+/ityQOvpfjVlZ/OepT92eWno4FuNRJuUP5/gYiHvSsjZbazqG02qGhJ6VgtGT -5qILUTmI +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAyAbxrpMtTARw3 +jvBwuapaHXnTppz+TkWyfXVpgTwtPlf3rbhPk4DjhT2ygyMTI1azoqProf2aBbDr +DldCSQPsZAcuzOdruKKMo2CQwgLuBFXL+JUX0hiIpFS1ZZHA2aDKyUw4OyADOvDU +8r1/WiwRb91TdYP9nEu9qP30k0vkUg8DCbCmPI1/MVaxVzh9LRAFyOHrnKSCXG7o +StmVFm2Yf3pE4HS1W6DtommyPs7aUD5XAaQdr3DYKI/TazoU6t5g2aEqigu+pj2M +qk5idJkx5VCFvUU1hlChyX6NNNjJNnV6u5YiuatcdYQhpCTBsxnBoM+w0BvNOCl+ +1PdgEy1K -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf index 343221385..53d719d9d 100644 --- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf @@ -1,9 +1,9 @@ pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } openac { - load = sha1 sha2 md5 gmp random x509 pubkey + load = sha1 sha2 md5 pem pkcs1 x509 gmp random x509 } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/crl-from-cache/evaltest.dat b/testing/tests/ikev1/crl-from-cache/evaltest.dat index dd200c8ef..bdceddb79 100644 --- a/testing/tests/ikev1/crl-from-cache/evaltest.dat +++ b/testing/tests/ikev1/crl-from-cache/evaltest.dat @@ -1,5 +1,5 @@ -moon::cat /var/log/auth.log::loaded crl file::YES -carol::cat /var/log/auth.log::loaded crl file::YES +moon::cat /var/log/auth.log::loaded crl from::YES +carol::cat /var/log/auth.log::loaded crl from::YES moon::cat /var/log/auth.log::X.509 certificate rejected::NO carol::cat /var/log/auth.log::X.509 certificate rejected::NO moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES diff --git a/testing/tests/ikev1/crl-ldap/evaltest.dat b/testing/tests/ikev1/crl-ldap/evaltest.dat index 730614c66..80a84e1ef 100644 --- a/testing/tests/ikev1/crl-ldap/evaltest.dat +++ b/testing/tests/ikev1/crl-ldap/evaltest.dat @@ -1,7 +1,7 @@ -moon::cat /var/log/auth.log::loaded crl file::YES -carol::cat /var/log/auth.log::loaded crl file::YES -moon::cat /var/log/auth.log::crl update is overdue::YES -carol::cat /var/log/auth.log::crl update is overdue::YES +moon::cat /var/log/auth.log::loaded crl from::YES +carol::cat /var/log/auth.log::loaded crl from::YES +moon::cat /var/log/auth.log::crl is stale::YES +carol::cat /var/log/auth.log::crl is stale::YES moon::cat /var/log/auth.log::X.509 certificate rejected::YES carol::cat /var/log/auth.log::X.509 certificate rejected::YES moon::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES diff --git a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf index b15cf2d3f..4d916ab36 100644 --- a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf index b15cf2d3f..4d916ab36 100644 --- a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem b/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem index 5b742fc9e..a92610c4f 100644 --- a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem +++ b/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBBzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIjCCAwqgAwIBAgIBGzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjU0OFoXDTA5MDkwOTExMjU0OFowWjELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwMzEwNloXDTE0MDgyNjEwMzEwNlowWjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAM5413q1B2EF3spcYD1u0ce9AtIHdxmU3+1E0hqV -mLqpIQtyp4SLbrRunxpoVUuEpHWXgLb3C/ljjlKCMWWmhw4wja1rBTjMNJLPj6Bo -5Qn4Oeuqm7/kLHPGbveQGtcSsJCk6iLqFTbq0wsji5Ogq7kmjWgQv0nM2jpofHLv -VOAtWVSj+x2b3OHdl/WpgTgTw1HHjYo7/NOkARdTcZ2/wxxM3z1Abp9iylc45GLN -IL/OzHkT8b5pdokdMvVijz8IslkkewJYXrVQaCNMZg/ydlXOOAEKz0YqnvXQaYs5 -K+s8XvQ2RFCr5oO0fRT2VbiI9TgHnbcnfUi25iHl6txsXg0CAwEAAaOCAQYwggEC -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTbA2TH3ca8tgCGkYy9 -OV/MqUTHAzBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL +AQEBBQADggEPADCCAQoCggEBAOHh/BBf9VwUbx3IU2ZvKJylwCUP2Gr40Velcexr +lR1PoK3nwZrJxxfhhxrxdx7Wnt/PDiF2eyzA9U4cOyS1zPpWuRt69PEOWfzQJZkD +e5C6bXZMHwJGaCM0h8EugnwI7/XgbEq8U/1PBwIeFh8xSyIwyn8NqyHWm+6haFZG +Urz7y0ZOAYcX5ZldP8vjm2SyAl0hPlod0ypk2K1igmO8w3cRRFqD27XhztgIJyoi ++BO3umc+BXcpPGoZ7IFaXvHcMVECrxbkrvRdpKiz/4+u8FakQJtBmYuqP2TLodRJ +TKSJ4UvIPXZ8DTEYC/Ja/wrm1hNfH4T3YjWGT++lVbYF7qECAwEAAaOCAQYwggEC +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQRnt9aYXsi/fgMXGVh +ZpTfg8kSYjBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQC9acuCUPEBOrWB -56vS8N9bksQwv/XcYIFYqV73kFBAzOPLX2a9igFGvBPdCxFu/t8JCswzE6to4LFM -2+6Z2QJf442CLPcJKxITahrjJXSxGbzMlmaDvZ5wFCJAlyin+yuInpTwl8rMZe/Q -O5JeJjzGDgWJtnGdkLUk/l2r6sZ/Cmk5rZpuO0hcUHVztMLQYPzqTpuMvC5p4JzL -LWGWhKRhJs53NmxXXodck/ZgaqiTWuQFYlbamJRvzVBfX7c1SWHRJvxSSOPKGIg3 -wphkO2naj/SQD+BNuWTRmZ9YCiLOQ64ybLpJzRZISETdqtLBPKsIqosUZwkxlR1N -9IcgYi5x +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCY2EMqkuhtAls/ +jkjXm+sI5YVglE62itSYgJxKZhxoFn3l4Afc6+XBeftK8Y1IjXdeyQUg8qHhkctl +nBiEzRCClporCOXl5hOzWi+ft2hyKgcx8mFB8Qw5ZE9z8dvY70jdPCB4cH5EVaiC +6ElGcI02iO073iCe38b3rmpwfnkIWZ0FVjSFSsTiNPLXWH6m6tt9Gux/PFuLff4a +cdGfEGs01DEp9t0bHqZd6ESf2rEUljT57i9wSBfT5ULj78VTgudw/WhB0CgiXD+f +q2dZC/19B8Xmk6XmEpRQjFK6wFmfBiQdelJo17/8M4LdT/RfvTHJOxr2OAtvCm2Z +0xafBd5x -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem b/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem index 8aefcc5a6..60e7fdfa9 100644 --- a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem +++ b/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAznjXerUHYQXeylxgPW7Rx70C0gd3GZTf7UTSGpWYuqkhC3Kn -hItutG6fGmhVS4SkdZeAtvcL+WOOUoIxZaaHDjCNrWsFOMw0ks+PoGjlCfg566qb -v+Qsc8Zu95Aa1xKwkKTqIuoVNurTCyOLk6CruSaNaBC/SczaOmh8cu9U4C1ZVKP7 -HZvc4d2X9amBOBPDUceNijv806QBF1Nxnb/DHEzfPUBun2LKVzjkYs0gv87MeRPx -vml2iR0y9WKPPwiyWSR7AlhetVBoI0xmD/J2Vc44AQrPRiqe9dBpizkr6zxe9DZE -UKvmg7R9FPZVuIj1OAedtyd9SLbmIeXq3GxeDQIDAQABAoIBAAUdyXko8z3cP2EU -WO4syNYCQQejV7gykDn48pvmCRrXBhKajLwkGGIwO5ET9MkiSFEBqBbgmFNdvDEf -OMokDkSzv08Ez+RQax0YN57p+oL8u7KzT5i5tsBHsog/8epSdD2hWIv08QGjYAdu -og7OdHLqGabyg0r44I+B91OBysCjU51rDdkhz59AmURdEIJV5xhuGojFM68jaNm2 -MUxDfDuCsRIydjAP0VTUTAUxD4/S5I+jt/GK9aRsEeRH9Q3011iTGMR9viAUBhq/ -khkWNltg9lkOqO7LpnNku4sSv3v4CWge7/T+4RR2vZgv1oSs4ox2UKYoqIqiYIfx -uUcnqQECgYEA+LPiRMoXvlssQWlaFc2k4xga0efs+mWeLglDdc3R3fBEibP/AU07 -a576AgvUJtkI50/WNGKT73O+VtxcXn/N646m/8OtqNXuVKKjsxxNOZEKdO8aOdbt -7lM5WepNiQeaKAFudUxpUiZQx8LCKSsNDiJZKWBu6xAG2O5X32VMZvUCgYEA1Ie+ -rNa490PSC1ym7WbmdAjvGmSOn2GOBfO7BECsPZstccU7D5pZl/89fTfn1TDKP49Y -ScVOuFz7f/u6UJpb/WzI71RXEQOdojLWmF2HDx5osRi3hXEJa20fbPq6DQXCJ8pf -IF37AEqAY4UNSNic0Cw+rGHdWPQhDNXhFWpdu7kCgYEAmv4oNmyoDXbuhrlsbggi -CXE9TbG3a3mm8dPOGf2yHBmf7R2i/6GtNW33Kw1KIwfBV77WpQEGZwWACsv8ONx3 -baUSiHTfpkfk5xQQ5w/tRMISfTuB4agD0jJFnLa7qXl2ZhY2S53aSVsdntDOhi+R -TEy1umah2Za8Xbd0RgHwcn0CgYEAl9Hgg9dfikMIaNVm6W/4cCtxoojy2Sf3LIlP -r1oDsH6JmBwsdJjuJ4ZNhoXJNqID2COuDgTEly7U+jf4gFvEGuT7JPw6tgy/Ln7i -jTVCpaozX08oykpVUEhDirYQ8fyLFaGbEqQQCcUusej59G/IlW0F2F6QoFrEwUaH -46R4EQECgYBEZ7edMkj3dmJH1wxQjp5GJNbrJkS8IKvzza0mDTJdz33CgEX9Oyva -o2iEkDVpvj2SEy28ewt22IRptWKH/3bQfxSCcRV6JFNt3+LongMshRYqq1leqrKa -9fnQVtfTIbIVXwjTZap6BL8R66OeFtexsSFRfDF/8P4n2oF4zmn4qA== +MIIEpQIBAAKCAQEA4eH8EF/1XBRvHchTZm8onKXAJQ/YavjRV6Vx7GuVHU+grefB +msnHF+GHGvF3Htae388OIXZ7LMD1Thw7JLXM+la5G3r08Q5Z/NAlmQN7kLptdkwf +AkZoIzSHwS6CfAjv9eBsSrxT/U8HAh4WHzFLIjDKfw2rIdab7qFoVkZSvPvLRk4B +hxflmV0/y+ObZLICXSE+Wh3TKmTYrWKCY7zDdxFEWoPbteHO2AgnKiL4E7e6Zz4F +dyk8ahnsgVpe8dwxUQKvFuSu9F2kqLP/j67wVqRAm0GZi6o/ZMuh1ElMpInhS8g9 +dnwNMRgL8lr/CubWE18fhPdiNYZP76VVtgXuoQIDAQABAoIBAQCbF5UAkUJgdM9O +fat128DgvZXOXLDV0f261igAkmWR+Ih0n3n5E64VoY4oW77Ud7wiI4KqSzWLpvlH +Jm8dZ45UHJOAYM4pbRcwVKJcC14eI0LhRKbN4xXBhmHnrE1/aIuKIQt5zRFGDarc +M1gxFqFl2mZPEk18MGRkVoLTKfnJMzdHI1m0IAMwg3Rl9cmuVdkhTS+IAoULVNnI +0iAOsFN8SdDaKBqRcPkypT5s4wjGH4s7zjW4PmEDwDhhfeHkVccCuH8n3un1bPT2 +oc73RSXdCYMgDTD3waXC+4cCQGPZmUCl6Mfq7YCECkUpUg6rHlaCYRSZZoQPf5vH +VsBUvjABAoGBAPHSnJOL6tcqJCCZ27E3zIsmZ+d6dX4B/YN1Xk3vKHhavN5Ks6Gx +ZCsaluMuB2qyBRrpKnSAz6lUQ1TOxzuphlVIX1EnLW+JvNgFyem9PARsP2SMsKqm +VaqnId6pprdbP53NpL9Z7AsbS/i/Ab6WpVPyYHdqVsimCdRGK9/JlOnBAoGBAO8g +I4a4dJKiwHBHyP6wkYrhWdYwmjTJlskNNjrvtn7bCJ/Lm0SaGFXKIHCExnenZji0 +bBp3XiFNPlPfjTaXG++3IH6fxYdHonsrkxbUHvGAVETmHVLzeFiAKuUBvrWuKecD +yoywVenugORQIPal3AcLwPsVRfDU89tTQhiFq3zhAoGBAIqmfy/54URM3Tnz/Yq2 +u4htFNYb2JHPAlQFT3TP0xxuqiuqGSR0WUJ9lFXdZlM+jr7HQZha4rXrok9V39XN +dUAgpsYY+GwjRSt25jYmUesXRaGZKRIvHJ8kBL9t9jDbGLaZ2gP8wuH7XKvamF12 +coSXS8gsKGYTDT+wnCdLpR4BAoGAFwuV4Ont8iPVP/zrFgCWRjgpnEba1bOH4KBx +VYS8pcUeM6g/soDXT41HSxDAv89WPqjEslhGrhbvps2oolY1zwhrDUkAlGUG96/f +YRfYU5X2iR1UPiZQttbDS4a7hm7egvEOmDh2TzE5IsfGJX8ekV9Ene4S637acYy4 +lfxr5oECgYEAzRuvh6aG7UmKwNTfatEKav7/gUH3QBGK+Pp3TPSmR5PKh/Pk4py6 +95bT4mHrKCBIfSv/8h+6baYZr9Ha1Oj++J94RXEi8wdjjl1w3LGQrM/X+0AVqn5P +b5w1nvRK7bMikIXbZmPJmivrfChcjD21gvWeF6Osq8McWF8jW2HzrZw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf index 52fd0c788..737117cc9 100644 --- a/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } scepclient { - load = sha1 sha2 md5 aes des hmac gmp pubkey random + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf index 52fd0c788..737117cc9 100644 --- a/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } scepclient { - load = sha1 sha2 md5 aes des hmac gmp pubkey random + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem index 8492fbd45..6c41df9c7 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBCjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDEwMTIxNDMxOFoXDTA5MTIzMTIxNDMxOFowWjELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBALgbhJIECOCGyNJ4060un/wBuJ6MQjthK5CAEPgX -T/lvZynoSxhfuW5geDCCxQes6dZPeb6wJS4F5fH3qJoLM+Z4n13rZlCEyyMBkcFl -vK0aNFY+ARs0m7arUX8B7Pfi9N6WHTYgO4XpeBHLJrZQz9AU0V3S0rce/WVuVjii -S/cJhrgSi7rl87Qo1jYOA9P06BZQLj0dFNcWWrGpKp/hXvBF1OSP9b15jsgMlCCW -LJqXmLVKDtKgDPLJZR19mILhgcHvaxxD7craL9GR4QmWLb0m84oAIIwaw+0npZJM -YDMMeYeOtcepCWCmRy+XmsqcWu4rtNCu05W1RsXjYZEKBjcCAwEAAaOCAQYwggEC -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRVNeym66J5uu+IfxhD -j9InsWdG0TBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL +AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx +6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ +Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V +Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G +I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov +x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5 +tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCxMEp+Zdclc0aI -U+jO3TmL81gcwea0BUucjZfDyvCSkDXcXidOez+l/vUueGC7Bqq1ukDF8cpVgGtM -2HPxM97ZSLPInMgWIeLq3uX8iTtIo05EYqRasJxBIAkY9o6ja6v6z0CZqjSbi2WE -HrHkFrkOTrRi7deGzbAAhWVjOnAfzSxBaujkdUxb6jGBc2F5qpAeVSbE+sAxzmSd -hRyF3tUUwl4yabBzmoedJzlQ4anqg0G14QScBxgXkq032gKuzNVVxWRp6OFannKG -C1INvsBWYtN62wjXlXXhM/M4sBFhmPpftVb+Amgr1jSspTX2dQsNqhI/WtNvLmfK -omBYfxqp +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul +GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7 +ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr +F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ +L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK +ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k +Rf5Z0GOR -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem index 5a41744f6..41a139954 100644 --- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,1E1991A43D0778B7 +DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429 -MAsd1YBlHz54KjvBvhpwDBewinBkxBo/NmdsMetLIcV8Ag87YcKtTXYju+fbW21y -DI12iPDQeS9tk17tS8qE5ubWmx/8n0fa5VCdLZ06JK6eeASXNoomXZh5rGsd42It -sj0irWAnbIA3nFFWQl+Uz5pGZMse7aDSNyk1zs3xtywFIaditYIBsRhrTVmJ/bCK -waVr++S2pwUHJ/phKoZQ8pwgF5KtYOZxdNtYIzfOZNMoplESR3+WYBYSuW8BKuOc -QAign/BL2JVJLD4OpHQ68D8Su2sbh6ZYA5jslZLDgG9O7eiMbkCE+N8DmKO6wNAr -zB5ILb4u5dIyTqun32tOENEhpZqDdMQtZZ34fRBze4IoMx9LrEOAHdZAQyyERP80 -iJCnH8BNf6FerA+XeDs4LVd1yrCklXKFINatqSRP/tNY3kruKw2Q7cAi2AFf+Rv6 -1lrvwK4MiLSHFtzcgEJuxm2bxeceIwXLJ2AVlfLBJvK/yJlq0MPedFbl6E6UwKfw -cMLokF3sa1XrfwpJ93enGLqdpJrkR3dTzrsshjIhjQqfc8lqLwRlbMGc9u+V0ZsK -OJ8e26wc/4l5D7CQ1vmgT/R/tuydBtUskgH96anhNJj1M95odkoh4Zicmm5iLgy2 -kluVYiEk0Fs7hc5Qtv8ZLN7ZoBRvZfJZWhXHDXmh71g1aoVYacIkFwiTMX4NoDy5 -QVq9tFUZ1TW4VrNIzfq++rLoz4XlgVy0Yz8jNWKuB0KRuHPNSsQUY2NHkDX+wOjq -MP1SfNDxqPoqrmCqbgMw/9DmeOj9gyiTyjZhPZTxFOp67FYEYzYtR6bLQKEhdgf6 -iOVROZyrFHMZdBiUgV8GECds1th6ZYWmNRGdvxYjSjExIYgkDrcWbowTqD0bFC9b -zClaSqrxR6GHUzbUVOBuCP+RmUx4j6gPvMRLUcIn5RmpbGtPE0ixeB5sFB0IuRRW -6u2YToCiuq3EG1iJRmxjnBa/zj1aBO6OlsE/aPc0Sx+Jhm+MUbDioxUAriX96bJ+ -DEB4zgDhC0vIvkkUVAzQMkWPX479nPDmiZLpMqUIfqUh75WDpHbCladyGMgSkEo0 -IKq96oAWHJC8WLH0UMxMNuf8Ut+TsSpIO6G0RPl/cx3+hQqSUC5oUB7R3ZAWYx+6 -mawjkNJEx72yeJmQtGiZYEfeMt0Svm10PypMXFu0+2JjiS2eRj2K1yqrUnuL6AnY -GYYmTmR74dnVAd35bRYJjY1XHGC9MyqBn4jLqKZm1BKO3sFsctGDy6vybnvAgPD7 -LioGQHPiOZmQe9Q5mMLedE9NAUCzlR8BHRbWtlnajQWcC0JcVu/mBQsjOt/KHh/V -CY4aFXE56lRH2OpqZQxFpBFOSFDcuVX+zcEBGmKfk65n2MFL4McAJUhVRZL561Zx -r9BvILv1Ld6/hECbodq0sUqvbDYHzv25zxAVKSIk1xy85mP5aNbk8xuGHmm860wg -YOqdePwBEcDHoio+ov/uFYB7+4gt40vV90EzSiyfdq8x9RFMViJU430IkIBcvByo -tFFcbN8ucBozxtl4AX495GVSRI7V0XXBtEdOIwJIzPBylZOHxCuTnA== +mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq +i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH +jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx +m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce +pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq +J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf +dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB +h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC +/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY +EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV +pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe +sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz +kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk +gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja +OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53 +D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM +bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo +BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx +7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB +UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs +H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB +y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA +zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty +AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6 +nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem index 8492fbd45..6c41df9c7 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBCjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDEwMTIxNDMxOFoXDTA5MTIzMTIxNDMxOFowWjELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBALgbhJIECOCGyNJ4060un/wBuJ6MQjthK5CAEPgX -T/lvZynoSxhfuW5geDCCxQes6dZPeb6wJS4F5fH3qJoLM+Z4n13rZlCEyyMBkcFl -vK0aNFY+ARs0m7arUX8B7Pfi9N6WHTYgO4XpeBHLJrZQz9AU0V3S0rce/WVuVjii -S/cJhrgSi7rl87Qo1jYOA9P06BZQLj0dFNcWWrGpKp/hXvBF1OSP9b15jsgMlCCW -LJqXmLVKDtKgDPLJZR19mILhgcHvaxxD7craL9GR4QmWLb0m84oAIIwaw+0npZJM -YDMMeYeOtcepCWCmRy+XmsqcWu4rtNCu05W1RsXjYZEKBjcCAwEAAaOCAQYwggEC -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRVNeym66J5uu+IfxhD -j9InsWdG0TBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL +AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx +6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ +Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V +Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G +I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov +x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5 +tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCxMEp+Zdclc0aI -U+jO3TmL81gcwea0BUucjZfDyvCSkDXcXidOez+l/vUueGC7Bqq1ukDF8cpVgGtM -2HPxM97ZSLPInMgWIeLq3uX8iTtIo05EYqRasJxBIAkY9o6ja6v6z0CZqjSbi2WE -HrHkFrkOTrRi7deGzbAAhWVjOnAfzSxBaujkdUxb6jGBc2F5qpAeVSbE+sAxzmSd -hRyF3tUUwl4yabBzmoedJzlQ4anqg0G14QScBxgXkq032gKuzNVVxWRp6OFannKG -C1INvsBWYtN62wjXlXXhM/M4sBFhmPpftVb+Amgr1jSspTX2dQsNqhI/WtNvLmfK -omBYfxqp +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul +GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7 +ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr +F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ +L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK +ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k +Rf5Z0GOR -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem index 5a41744f6..41a139954 100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,1E1991A43D0778B7 +DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429 -MAsd1YBlHz54KjvBvhpwDBewinBkxBo/NmdsMetLIcV8Ag87YcKtTXYju+fbW21y -DI12iPDQeS9tk17tS8qE5ubWmx/8n0fa5VCdLZ06JK6eeASXNoomXZh5rGsd42It -sj0irWAnbIA3nFFWQl+Uz5pGZMse7aDSNyk1zs3xtywFIaditYIBsRhrTVmJ/bCK -waVr++S2pwUHJ/phKoZQ8pwgF5KtYOZxdNtYIzfOZNMoplESR3+WYBYSuW8BKuOc -QAign/BL2JVJLD4OpHQ68D8Su2sbh6ZYA5jslZLDgG9O7eiMbkCE+N8DmKO6wNAr -zB5ILb4u5dIyTqun32tOENEhpZqDdMQtZZ34fRBze4IoMx9LrEOAHdZAQyyERP80 -iJCnH8BNf6FerA+XeDs4LVd1yrCklXKFINatqSRP/tNY3kruKw2Q7cAi2AFf+Rv6 -1lrvwK4MiLSHFtzcgEJuxm2bxeceIwXLJ2AVlfLBJvK/yJlq0MPedFbl6E6UwKfw -cMLokF3sa1XrfwpJ93enGLqdpJrkR3dTzrsshjIhjQqfc8lqLwRlbMGc9u+V0ZsK -OJ8e26wc/4l5D7CQ1vmgT/R/tuydBtUskgH96anhNJj1M95odkoh4Zicmm5iLgy2 -kluVYiEk0Fs7hc5Qtv8ZLN7ZoBRvZfJZWhXHDXmh71g1aoVYacIkFwiTMX4NoDy5 -QVq9tFUZ1TW4VrNIzfq++rLoz4XlgVy0Yz8jNWKuB0KRuHPNSsQUY2NHkDX+wOjq -MP1SfNDxqPoqrmCqbgMw/9DmeOj9gyiTyjZhPZTxFOp67FYEYzYtR6bLQKEhdgf6 -iOVROZyrFHMZdBiUgV8GECds1th6ZYWmNRGdvxYjSjExIYgkDrcWbowTqD0bFC9b -zClaSqrxR6GHUzbUVOBuCP+RmUx4j6gPvMRLUcIn5RmpbGtPE0ixeB5sFB0IuRRW -6u2YToCiuq3EG1iJRmxjnBa/zj1aBO6OlsE/aPc0Sx+Jhm+MUbDioxUAriX96bJ+ -DEB4zgDhC0vIvkkUVAzQMkWPX479nPDmiZLpMqUIfqUh75WDpHbCladyGMgSkEo0 -IKq96oAWHJC8WLH0UMxMNuf8Ut+TsSpIO6G0RPl/cx3+hQqSUC5oUB7R3ZAWYx+6 -mawjkNJEx72yeJmQtGiZYEfeMt0Svm10PypMXFu0+2JjiS2eRj2K1yqrUnuL6AnY -GYYmTmR74dnVAd35bRYJjY1XHGC9MyqBn4jLqKZm1BKO3sFsctGDy6vybnvAgPD7 -LioGQHPiOZmQe9Q5mMLedE9NAUCzlR8BHRbWtlnajQWcC0JcVu/mBQsjOt/KHh/V -CY4aFXE56lRH2OpqZQxFpBFOSFDcuVX+zcEBGmKfk65n2MFL4McAJUhVRZL561Zx -r9BvILv1Ld6/hECbodq0sUqvbDYHzv25zxAVKSIk1xy85mP5aNbk8xuGHmm860wg -YOqdePwBEcDHoio+ov/uFYB7+4gt40vV90EzSiyfdq8x9RFMViJU430IkIBcvByo -tFFcbN8ucBozxtl4AX495GVSRI7V0XXBtEdOIwJIzPBylZOHxCuTnA== +mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq +i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH +jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx +m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce +pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq +J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf +dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB +h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC +/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY +EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV +pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe +sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz +kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk +gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja +OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53 +D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM +bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo +BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx +7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB +UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs +H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB +y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA +zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty +AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6 +nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat index 27a5207a1..14d576909 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat @@ -1,5 +1,7 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::AES_CCM_12_128::YES carol::ipsec statusall::AES_CCM_12_128::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/test.conf b/testing/tests/ikev1/esp-alg-aes-ccm/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/test.conf +++ b/testing/tests/ikev1/esp-alg-aes-ccm/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat index 6f1cd4c49..c7992fbe4 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat @@ -1,7 +1,9 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::AES_CTR_256/AES_XCBC_96::YES carol::ipsec statusall::AES_CTR_256/AES_XCBC_96::YES moon::ip xfrm state::rfc3686(ctr(aes))::YES carol::ip xfrm state::rfc3686(ctr(aes))::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/test.conf b/testing/tests/ikev1/esp-alg-aes-ctr/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/test.conf +++ b/testing/tests/ikev1/esp-alg-aes-ctr/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat index d7d4666ed..e1fbe4653 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat @@ -1,5 +1,7 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::AES_GCM_16_256::YES carol::ipsec statusall::AES_GCM_16_256::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/test.conf b/testing/tests/ikev1/esp-alg-aes-gcm/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/test.conf +++ b/testing/tests/ikev1/esp-alg-aes-gcm/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat index 872962de4..5cee96b08 100644 --- a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat @@ -1,9 +1,10 @@ - carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES carol::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES moon::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES carol::ip xfrm state::auth xcbc(aes)::YES moon::ip xfrm state::auth xcbc(aes)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/test.conf b/testing/tests/ikev1/esp-alg-aesxcbc/test.conf index a6c8f026c..fd33cfb57 100644 --- a/testing/tests/ikev1/esp-alg-aesxcbc/test.conf +++ b/testing/tests/ikev1/esp-alg-aesxcbc/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-camellia/description.txt b/testing/tests/ikev1/esp-alg-camellia/description.txt deleted file mode 100644 index b679d03ec..000000000 --- a/testing/tests/ikev1/esp-alg-camellia/description.txt +++ /dev/null @@ -1,4 +0,0 @@ -Roadwarrior carol proposes to gateway moon the ESP cipher suite -CAMELLIA_CBC_192 / HMAC_SHA2_256 by defining esp=camellia192-sha2_256 -in ipsec.conf. A ping from carol to alice successfully checks -the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-camellia/evaltest.dat b/testing/tests/ikev1/esp-alg-camellia/evaltest.dat deleted file mode 100644 index 1b0f3a12b..000000000 --- a/testing/tests/ikev1/esp-alg-camellia/evaltest.dat +++ /dev/null @@ -1,8 +0,0 @@ -carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES -moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES -carol::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES -carol::ip xfrm state::enc cbc(camellia)::YES -moon::ip xfrm state::enc cbc(camellia)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - diff --git a/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf deleted file mode 100755 index 9af94a18e..000000000 --- a/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutodebug="control crypt" - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - ike=aes192-sha2_256-modp2048! - esp=camellia192-sha2_256! - -conn home - left=PH_IP_CAROL - leftcert=carolCert.pem - leftid=carol@strongswan.org - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add diff --git a/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf deleted file mode 100755 index 3501319a5..000000000 --- a/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutodebug="control crypt" - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - ike=aes192-sha2_256-modp2048! - esp=camellia192-sha2_256! - -conn rw - left=PH_IP_MOON - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftsubnet=10.1.0.0/16 - right=%any - rightid=carol@strongswan.org - auto=add diff --git a/testing/tests/ikev1/esp-alg-camellia/posttest.dat b/testing/tests/ikev1/esp-alg-camellia/posttest.dat deleted file mode 100644 index c6d6235f9..000000000 --- a/testing/tests/ikev1/esp-alg-camellia/posttest.dat +++ /dev/null @@ -1,2 +0,0 @@ -moon::ipsec stop -carol::ipsec stop diff --git a/testing/tests/ikev1/esp-alg-camellia/pretest.dat b/testing/tests/ikev1/esp-alg-camellia/pretest.dat deleted file mode 100644 index 7d077c126..000000000 --- a/testing/tests/ikev1/esp-alg-camellia/pretest.dat +++ /dev/null @@ -1,5 +0,0 @@ -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -carol::ipsec start -moon::ipsec start -carol::sleep 2 -carol::ipsec up home diff --git a/testing/tests/ikev1/esp-alg-camellia/test.conf b/testing/tests/ikev1/esp-alg-camellia/test.conf deleted file mode 100644 index a6c8f026c..000000000 --- a/testing/tests/ikev1/esp-alg-camellia/test.conf +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="moon carol winnetou" - -# Corresponding block diagram -# -DIAGRAM="m-c-w.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol" - diff --git a/testing/tests/ikev1/esp-alg-des/evaltest.dat b/testing/tests/ikev1/esp-alg-des/evaltest.dat index 57d09a488..8e42707a2 100644 --- a/testing/tests/ikev1/esp-alg-des/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-des/evaltest.dat @@ -1,8 +1,9 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES moon::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES carol::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES moon::ip xfrm state::enc cbc(des)::YES carol::ip xfrm state::enc cbc(des)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev1/esp-alg-des/test.conf b/testing/tests/ikev1/esp-alg-des/test.conf index a6c8f026c..fd33cfb57 100644 --- a/testing/tests/ikev1/esp-alg-des/test.conf +++ b/testing/tests/ikev1/esp-alg-des/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat index 8c748a54c..a259e6d09 100644 --- a/testing/tests/ikev1/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat @@ -1,7 +1,9 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES carol::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES moon::ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES diff --git a/testing/tests/ikev1/esp-alg-null/test.conf b/testing/tests/ikev1/esp-alg-null/test.conf index a6c8f026c..fd33cfb57 100644 --- a/testing/tests/ikev1/esp-alg-null/test.conf +++ b/testing/tests/ikev1/esp-alg-null/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/ike-alg-sha2_384/description.txt b/testing/tests/ikev1/ike-alg-sha2_384/description.txt deleted file mode 100644 index a0bda209c..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_384/description.txt +++ /dev/null @@ -1,4 +0,0 @@ -Roadwarrior carol proposes to gateway moon the strong cipher suite -AES_CBC_192 / HMAC_SHA2_384 / MODP4096 for the IKE protocol and -AES_CBC_192 /HMAC_SHA2_256 for ESP packets. A ping from carol to -alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat b/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat deleted file mode 100644 index a4cc39150..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat +++ /dev/null @@ -1,8 +0,0 @@ -carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES -moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES -moon::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_4096::YES -carol::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_4096::YES -moon::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_256::YES -carol::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_256::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - diff --git a/testing/tests/ikev1/ike-alg-sha2_384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-sha2_384/hosts/carol/etc/ipsec.conf deleted file mode 100755 index 52fc94b51..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_384/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,23 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutodebug="control crypt" - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - ike=aes192-sha2_384-modp4096! - esp=aes192-sha2_256! -conn home - left=PH_IP_CAROL - leftcert=carolCert.pem - leftid=carol@strongswan.org - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add diff --git a/testing/tests/ikev1/ike-alg-sha2_384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-sha2_384/hosts/moon/etc/ipsec.conf deleted file mode 100755 index 97e552a6a..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_384/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutodebug="control crypt" - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - ike=aes192-sha2_384-modp4096! - esp=aes192-sha2_256! - -conn rw - left=PH_IP_MOON - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftsubnet=10.1.0.0/16 - right=%any - rightid=carol@strongswan.org - auto=add diff --git a/testing/tests/ikev1/ike-alg-sha2_384/posttest.dat b/testing/tests/ikev1/ike-alg-sha2_384/posttest.dat deleted file mode 100644 index c6d6235f9..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_384/posttest.dat +++ /dev/null @@ -1,2 +0,0 @@ -moon::ipsec stop -carol::ipsec stop diff --git a/testing/tests/ikev1/ike-alg-sha2_384/pretest.dat b/testing/tests/ikev1/ike-alg-sha2_384/pretest.dat deleted file mode 100644 index 7d077c126..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_384/pretest.dat +++ /dev/null @@ -1,5 +0,0 @@ -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -carol::ipsec start -moon::ipsec start -carol::sleep 2 -carol::ipsec up home diff --git a/testing/tests/ikev1/ike-alg-sha2_384/test.conf b/testing/tests/ikev1/ike-alg-sha2_384/test.conf deleted file mode 100644 index a6c8f026c..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_384/test.conf +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="moon carol winnetou" - -# Corresponding block diagram -# -DIAGRAM="m-c-w.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol" - diff --git a/testing/tests/ikev1/ike-alg-sha2_512/description.txt b/testing/tests/ikev1/ike-alg-sha2_512/description.txt deleted file mode 100644 index 240b8f2b0..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_512/description.txt +++ /dev/null @@ -1,4 +0,0 @@ -Roadwarrior carol proposes to gateway moon the paranoid cipher suite -AES_CBC_256 / HMAC_SHA2_512 / MODP_8192 for the IKE protocol and -AES_CBC_256 / HMAC_SHA2_256 for ESP packets. A ping from carol to -alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat b/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat deleted file mode 100644 index 10929457f..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat +++ /dev/null @@ -1,8 +0,0 @@ -carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES -moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES -moon::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_8192::YES -carol::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_8192::YES -moon::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_256::YES -carol::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_256::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - diff --git a/testing/tests/ikev1/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf deleted file mode 100755 index cf9309223..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,23 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutodebug="control crypt" - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - ike=aes256-sha2_512-modp8192! - esp=aes256-sha2_256! -conn home - left=PH_IP_CAROL - leftcert=carolCert.pem - leftid=carol@strongswan.org - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add diff --git a/testing/tests/ikev1/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf deleted file mode 100755 index d47ad7696..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutodebug="control crypt" - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - ike=aes256-sha2_512-modp8192! - esp=aes256-sha2_256! - -conn rw - left=PH_IP_MOON - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftsubnet=10.1.0.0/16 - right=%any - rightid=carol@strongswan.org - auto=add diff --git a/testing/tests/ikev1/ike-alg-sha2_512/posttest.dat b/testing/tests/ikev1/ike-alg-sha2_512/posttest.dat deleted file mode 100644 index c6d6235f9..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_512/posttest.dat +++ /dev/null @@ -1,2 +0,0 @@ -moon::ipsec stop -carol::ipsec stop diff --git a/testing/tests/ikev1/ike-alg-sha2_512/pretest.dat b/testing/tests/ikev1/ike-alg-sha2_512/pretest.dat deleted file mode 100644 index 7d077c126..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_512/pretest.dat +++ /dev/null @@ -1,5 +0,0 @@ -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -carol::ipsec start -moon::ipsec start -carol::sleep 2 -carol::ipsec up home diff --git a/testing/tests/ikev1/ike-alg-sha2_512/test.conf b/testing/tests/ikev1/ike-alg-sha2_512/test.conf deleted file mode 100644 index a6c8f026c..000000000 --- a/testing/tests/ikev1/ike-alg-sha2_512/test.conf +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="moon carol winnetou" - -# Corresponding block diagram -# -DIAGRAM="m-c-w.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol" - diff --git a/testing/tests/ikev1/ip-pool-db-push/description.txt b/testing/tests/ikev1/ip-pool-db-push/description.txt new file mode 100644 index 000000000..dc510e21a --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/description.txt @@ -0,0 +1,4 @@ +The roadwarriors carol and dave set up a connection each to gateway moon. +Using Mode Config push mode (modeconfig=push) the gateway moon assigns virtual +IP addresses from a pool named bigpool that was created in an SQL database by the command +ipsec pool --name bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0. diff --git a/testing/tests/ikev1/ip-pool-db-push/evaltest.dat b/testing/tests/ikev1/ip-pool-db-push/evaltest.dat new file mode 100644 index 000000000..92ef9fc55 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/evaltest.dat @@ -0,0 +1,33 @@ +carol::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_WINNETOU::YES +carol::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_VENUS::YES +carol::cat /var/log/auth.log::received IPv4 NBNS server address PH_IP_VENUS::YES +carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES +carol::ip addr list dev eth0::PH_IP_CAROL1::YES +carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES +carol::ipsec status::home.*IPsec SA established::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_WINNETOU::YES +dave::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_VENUS::YES +dave::cat /var/log/auth.log::received IPv4 NBNS server address PH_IP_VENUS::YES +dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES +dave::ip addr list dev eth0::PH_IP_DAVE1::YES +dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave::ipsec status::home.*IPsec SA established::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::cat /var/log/auth.log::starting ModeCfg server in push mode::YES +moon::cat /var/log/auth.log::acquired new lease for address.*in pool.*bigpool::YES +moon::cat /var/log/auth.log::assigning virtual IP::YES +moon::ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES +moon::ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES +moon::ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.3.232.*static.*2::YES +moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES +moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES +moon::ipsec status::rw.*IPsec SA established::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..5e7cc89a7 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + modeconfig=push + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..d6460a291 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..e1c864e58 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + modeconfig=push + +conn home + left=PH_IP_DAVE + leftsourceip=%config + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..d6460a291 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..c365004bf --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + rekey=no + keyexchange=ikev1 + modeconfig=push + +conn rw + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + right=%any + rightsourceip=%bigpool + auto=add diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..5a444f19c --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf @@ -0,0 +1,17 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql +} + +libstrongswan { + plugins { + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } +} + +pool { + load = sqlite +} diff --git a/testing/tests/ikev1/ip-pool-db-push/posttest.dat b/testing/tests/ikev1/ip-pool-db-push/posttest.dat new file mode 100644 index 000000000..5022c6cf1 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/posttest.dat @@ -0,0 +1,12 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null +carol::ip addr del PH_IP_CAROL1/32 dev eth0 +dave::ip addr del PH_IP_DAVE1/32 dev eth0 +moon::ipsec pool --del bigpool 2> /dev/null +moon::ipsec pool --del dns 2> /dev/null +moon::ipsec pool --del nbns 2> /dev/null +moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev1/ip-pool-db-push/pretest.dat b/testing/tests/ikev1/ip-pool-db-push/pretest.dat new file mode 100644 index 000000000..332280acd --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/pretest.dat @@ -0,0 +1,16 @@ +moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql +moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +moon::ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0 2> /dev/null +moon::ipsec pool --add dns --server PH_IP_WINNETOU 2> /dev/null +moon::ipsec pool --add dns --server PH_IP_VENUS 2> /dev/null +moon::ipsec pool --add nbns --server PH_IP_VENUS 2> /dev/null +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +carol::ipsec start +dave::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home +dave::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev1/ip-pool-db-push/test.conf b/testing/tests/ikev1/ip-pool-db-push/test.conf new file mode 100644 index 000000000..1a8f2a4e0 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db-push/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon alice" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev1/ip-pool-db/description.txt b/testing/tests/ikev1/ip-pool-db/description.txt new file mode 100644 index 000000000..364b96cd7 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/description.txt @@ -0,0 +1,10 @@ +The roadwarriors carol and dave set up a connection each to gateway moon. +Both carol and dave request a virtual IP via the IKEv1 Mode Config payload +by using the leftsourceip=%config parameter. The gateway moon assigns virtual IP +addresses from a pool named bigpool that was created in an SQL database by the command +ipsec pool --name bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0. +

    +leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the +tunneled traffic. In order to test the tunnels, carol and dave then ping the client +alice behind the gateway moon. The source IP addresses of the two pings will be the +virtual IPs carol1 and dave1, respectively. diff --git a/testing/tests/ikev1/ip-pool-db/evaltest.dat b/testing/tests/ikev1/ip-pool-db/evaltest.dat new file mode 100644 index 000000000..357e01b2d --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/evaltest.dat @@ -0,0 +1,33 @@ +carol::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_WINNETOU::YES +carol::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_VENUS::YES +carol::cat /var/log/auth.log::received IPv4 NBNS server address PH_IP_VENUS::YES +carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES +carol::ip addr list dev eth0::PH_IP_CAROL1::YES +carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES +carol::ipsec status::home.*IPsec SA established::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_WINNETOU::YES +dave::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_VENUS::YES +dave::cat /var/log/auth.log::received IPv4 NBNS server address PH_IP_VENUS::YES +dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES +dave::ip addr list dev eth0::PH_IP_DAVE1::YES +dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave::ipsec status::home.*IPsec SA established::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::cat /var/log/auth.log::peer requested virtual IP %any::YES +moon::cat /var/log/auth.log::acquired new lease for address.*in pool.*bigpool::YES +moon::cat /var/log/auth.log::assigning virtual IP::YES +moon::ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES +moon::ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES +moon::ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.3.232.*static.*2::YES +moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES +moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES +moon::ipsec status::rw.*IPsec SA established::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..0c770de9f --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..d6460a291 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} diff --git a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..163c19516 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn home + left=PH_IP_DAVE + leftsourceip=%config + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..d6460a291 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..0cefb7ab0 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + rekey=no + keyexchange=ikev1 + +conn rw + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + right=%any + rightsourceip=%bigpool + auto=add diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..5a444f19c --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -0,0 +1,17 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql +} + +libstrongswan { + plugins { + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } +} + +pool { + load = sqlite +} diff --git a/testing/tests/ikev1/ip-pool-db/posttest.dat b/testing/tests/ikev1/ip-pool-db/posttest.dat new file mode 100644 index 000000000..5022c6cf1 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/posttest.dat @@ -0,0 +1,12 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null +carol::ip addr del PH_IP_CAROL1/32 dev eth0 +dave::ip addr del PH_IP_DAVE1/32 dev eth0 +moon::ipsec pool --del bigpool 2> /dev/null +moon::ipsec pool --del dns 2> /dev/null +moon::ipsec pool --del nbns 2> /dev/null +moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev1/ip-pool-db/pretest.dat b/testing/tests/ikev1/ip-pool-db/pretest.dat new file mode 100644 index 000000000..332280acd --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/pretest.dat @@ -0,0 +1,16 @@ +moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql +moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +moon::ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0 2> /dev/null +moon::ipsec pool --add dns --server PH_IP_WINNETOU 2> /dev/null +moon::ipsec pool --add dns --server PH_IP_VENUS 2> /dev/null +moon::ipsec pool --add nbns --server PH_IP_VENUS 2> /dev/null +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +carol::ipsec start +dave::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home +dave::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev1/ip-pool-db/test.conf b/testing/tests/ikev1/ip-pool-db/test.conf new file mode 100644 index 000000000..1a8f2a4e0 --- /dev/null +++ b/testing/tests/ikev1/ip-pool-db/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon alice" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev1/mode-config-multiple/description.txt b/testing/tests/ikev1/mode-config-multiple/description.txt new file mode 100644 index 000000000..6be00e744 --- /dev/null +++ b/testing/tests/ikev1/mode-config-multiple/description.txt @@ -0,0 +1,6 @@ +The roadwarriors carol and dave set up a connection each to gateway moon. +Both carol and dave request a virtual IP via the IKE Mode Config protocol +by using the leftsourceip=%modeconfig parameter. After setting up an IPsec SA to reach +the hosts alice and venus, respectively, both roadwarriors set up a second +IPsec SA to venus and alice, respectively, inheriting the virtual IP address +from the previous Mode Config negotiation. diff --git a/testing/tests/ikev1/mode-config-multiple/evaltest.dat b/testing/tests/ikev1/mode-config-multiple/evaltest.dat new file mode 100644 index 000000000..735345315 --- /dev/null +++ b/testing/tests/ikev1/mode-config-multiple/evaltest.dat @@ -0,0 +1,29 @@ +carol::cat /var/log/auth.log::alice.*setting virtual IP source address to PH_IP_CAROL1::YES +carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES +carol::cat /var/log/auth.log::venus.*inheriting virtual IP source address PH_IP_CAROL1 from ModeCfg::YES +carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +dave::cat /var/log/auth.log::venus.*setting virtual IP source address to PH_IP_DAVE1::YES +dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES +dave::cat /var/log/auth.log::alice.*inheriting virtual IP source address PH_IP_DAVE1 from ModeCfg::YES +dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES +dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::ipsec status::carol-alice.*STATE_QUICK_R2.*IPsec SA established::YES +moon::ipsec status::carol-venus.*STATE_QUICK_R2.*IPsec SA established::YES +moon::ipsec status::dave-venus.*STATE_QUICK_R2.*IPsec SA established::YES +moon::ipsec status::dave-alice.*STATE_QUICK_R2.*IPsec SA established::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES +venus::tcpdump::IP carol1.strongswan.org > venus.strongswan.org: ICMP echo request::YES +venus::tcpdump::IP venus.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES +venus::tcpdump::IP dave1.strongswan.org > venus.strongswan.org: ICMP echo request::YES +venus::tcpdump::IP venus.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES + diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/mode-config-multiple/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..f05916614 --- /dev/null +++ b/testing/tests/ikev1/mode-config-multiple/hosts/carol/etc/ipsec.conf @@ -0,0 +1,32 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn alice + also=home + rightsubnet=10.1.0.10/32 + auto=add + +conn venus + also=home + rightsubnet=10.1.0.20/32 + auto=add + +conn home + left=192.168.0.100 + leftsourceip=%modeconfig + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=192.168.0.1 + rightid=@moon.strongswan.org diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/mode-config-multiple/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..44644f2af --- /dev/null +++ b/testing/tests/ikev1/mode-config-multiple/hosts/dave/etc/ipsec.conf @@ -0,0 +1,32 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn alice + also=home + rightsubnet=10.1.0.10/32 + auto=add + +conn venus + also=home + rightsubnet=10.1.0.20/32 + auto=add + +conn home + left=PH_IP_DAVE + leftsourceip=%modeconfig + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..2f772cfdd --- /dev/null +++ b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/ipsec.conf @@ -0,0 +1,49 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + left=192.168.0.1 + leftsourceip=10.1.0.1 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + +conn carol-alice + also=carol + leftsubnet=10.1.0.10/32 + auto=add + +conn carol-venus + also=carol + leftsubnet=10.1.0.20/32 + auto=add + +conn carol + right=%any + rightid=carol@strongswan.org + rightsourceip=10.3.0.1 + +conn dave-alice + also=dave + leftsubnet=10.1.0.10/32 + auto=add + +conn dave-venus + also=dave + leftsubnet=10.1.0.20/32 + auto=add + +conn dave + right=%any + rightid=dave@strongswan.org + rightsourceip=10.3.0.2 + diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..83cdb0d28 --- /dev/null +++ b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl + dns1 = PH_IP_WINNETOU + dns2 = PH_IP6_VENUS +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/mode-config-multiple/posttest.dat b/testing/tests/ikev1/mode-config-multiple/posttest.dat new file mode 100644 index 000000000..42fa8359b --- /dev/null +++ b/testing/tests/ikev1/mode-config-multiple/posttest.dat @@ -0,0 +1,8 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null +carol::ip addr del PH_IP_CAROL1/32 dev eth0 +dave::ip addr del PH_IP_DAVE1/32 dev eth0 diff --git a/testing/tests/ikev1/mode-config-multiple/pretest.dat b/testing/tests/ikev1/mode-config-multiple/pretest.dat new file mode 100644 index 000000000..63f52e274 --- /dev/null +++ b/testing/tests/ikev1/mode-config-multiple/pretest.dat @@ -0,0 +1,12 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +carol::ipsec start +dave::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up alice +carol::ipsec up venus +dave::ipsec up venus +dave::ipsec up alice +carol::sleep 1 diff --git a/testing/tests/ikev1/mode-config-multiple/test.conf b/testing/tests/ikev1/mode-config-multiple/test.conf new file mode 100644 index 000000000..d8fa5162d --- /dev/null +++ b/testing/tests/ikev1/mode-config-multiple/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon alice venus" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf index 3e950c81d..83cdb0d28 100644 --- a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl dns1 = PH_IP_WINNETOU dns2 = PH_IP6_VENUS } diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf index b15cf2d3f..4d916ab36 100644 --- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf index b15cf2d3f..4d916ab36 100644 --- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf index b15cf2d3f..4d916ab36 100644 --- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl ldap + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/multi-level-ca-loop/evaltest.dat b/testing/tests/ikev1/multi-level-ca-loop/evaltest.dat index 781a7b4ac..524846109 100644 --- a/testing/tests/ikev1/multi-level-ca-loop/evaltest.dat +++ b/testing/tests/ikev1/multi-level-ca-loop/evaltest.dat @@ -1,3 +1,3 @@ -moon::cat /var/log/auth.log::maximum ca path length of 7 levels exceeded::YES +moon::cat /var/log/auth.log::maximum path length of 7 exceeded::YES carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/description.txt b/testing/tests/ikev1/multi-level-ca-pathlen/description.txt new file mode 100644 index 000000000..1852f7157 --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/description.txt @@ -0,0 +1,5 @@ +The strongSwan Root CA constrains the path length to one intermediate CA +but the Research CA creates a subsidiary Duck Research CA which in turn +issues an end entity certificate to roadwarrior carol so that the total +path length becomes two. This is detected by gateway moon which aborts +the negotiation. diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/evaltest.dat b/testing/tests/ikev1/multi-level-ca-pathlen/evaltest.dat new file mode 100644 index 000000000..235b7672e --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/evaltest.dat @@ -0,0 +1,4 @@ +moon::cat /var/log/auth.log::path length of 2 violates constraint of 1::YES +carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO +moon::ipsec status::duck.*STATE_QUICK_R2.*IPsec SA established::NO diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..1da39e483 --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftsendcert=ifasked + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add + diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem new file mode 100644 index 000000000..4e13b52d0 --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxGTAX +BgNVBAMTEER1Y2sgUmVzZWFyY2ggQ0EwHhcNMDkxMTA0MTYyMzM1WhcNMTQxMTAz +MTYyMzM1WjBfMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh +bjEWMBQGA1UECxMNRHVjayBSZXNlYXJjaDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25n +c3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LueCi67Y +IGRDKP5bkysGWZHrFrztq7elIFCPPSUxyIOYo4Upzr5WsvO0dIfcZY3agV2NcAI2 +30sATlfTUp+obedZMHbzE3VBvQuLjgK42ox2XIXDj23Vy496mVqlwUQulhBcAhMb +jnBb4T0aR7WCnJvfzyckEyWrTN0ajRyQhJEmTn+spYNQX/2lg6hEn/K1T/3Py7sG +veeF6BRenHR5L60NSK7qV7AU+hM4R0UIvgwYqzxSStgGS9G6Bwj9QTOWwSV1tuii +ABiRdZSBoON0uMMpRjgEzuVe0f4VbOCIEXO8MtdpCu7Rwa9tc8OwneLcGCYVomr5 +7KKRJdvC5As3AgMBAAGjgdYwgdMwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYD +VR0OBBYEFFSYDz2TYOMxfyrIx20NhPPHTCOIMHkGA1UdIwRyMHCAFHYqqKQxp8Zx +jzAlvAJmm8sXVI0goVWkUzBRMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXgg +c3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDASBgNVBAMTC1Jlc2VhcmNo +IENBggEFMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMA0GCSqGSIb3 +DQEBCwUAA4IBAQBIpl8SH4Nytgr6KvmXzns80u615WnDmP6oJrnwIZUkunVns8HH +TFUVjvDKoQ+8CvuaH9Ifo2dokGjtGObeO4Y38y0xBIkUO+JpwfTa3SeCEhdOZb3G +4e9WxHhV9IGfRyPsXQG+3JpAMaHYH+PNKiv7RBTq6rGaHzvgUEXRMTbv/bJI+Fs6 +Yfd/XxIur/ftVh4dZocyC74MUyXy5tyZJkHe1aBszOa0iT1852fq93lNUQPQqw0O +3q3Lg7CvbNSdWqeAMqUgeBqh6oQItY9Exrwh0tfuCsjZ0oWXUBghsuiV+GTmZ6ok +BiGmSmtX5OD4UtKcicuMRqnK2MYJHp1z1goE +-----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem new file mode 100644 index 000000000..48727ed9d --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAui7ngouu2CBkQyj+W5MrBlmR6xa87au3pSBQjz0lMciDmKOF +Kc6+VrLztHSH3GWN2oFdjXACNt9LAE5X01KfqG3nWTB28xN1Qb0Li44CuNqMdlyF +w49t1cuPeplapcFELpYQXAITG45wW+E9Gke1gpyb388nJBMlq0zdGo0ckISRJk5/ +rKWDUF/9pYOoRJ/ytU/9z8u7Br3nhegUXpx0eS+tDUiu6lewFPoTOEdFCL4MGKs8 +UkrYBkvRugcI/UEzlsEldbboogAYkXWUgaDjdLjDKUY4BM7lXtH+FWzgiBFzvDLX +aQru0cGvbXPDsJ3i3BgmFaJq+eyikSXbwuQLNwIDAQABAoIBAGK7cOXXsTbHpqO+ +33QsjQpnAWyLuFDJWS/l/RKYuFq4HKEbRgivrFxJtdciXNHRwPH43GWe2m3C6AEX +ipd0H1qwPZkcjFfHH81mtPKismrY6tfxpLXaH8LamhHHtTxlSwTxa2d/aiaY2JjA +zyhakrTa3AZJ0lXdGYLH1hC4eEdiPghIqwL8YNB0V2ldq+bMdtQ1i3dcmseV9TI2 +DEAKWzjc7oIcuY9HtfEEAIPzSSqwrM7wUWd9dk70o7b05eK9pnTF59Lnk5U1J1Ag +QnXBHBZfLVDnTYd+dFWM8wUIpO0n6ccUToINppwSejyOs726jUuWGZCthxLBsFZp +5Pj9B6ECgYEA3lRxGRJsAfMoyOc4kLfDmlDtrP88knRlqRW7mVYjclhMbVtrtaTP +44VqmxKIVNQt1p5hB/Gn4kbhC7OnUja/FVHdosEjFhYNh+QCisyaS2V7RNyEidJX +Q61V8v0Z7MxHxxDljVvWfSdAUDRrFwWYxRXZJWwStEmtdAbiZa6aydkCgYEA1mEV +2D+gaR+oBouqcZMiSAjV/qHbnfw4EC2XFCw84JMPerBwl4noWCgvgf0lRirbI+Ar +PDOfoclLnDQRgnqkK4okSIW0SddxttbKdDhhZ2c2CoyKxUqN7/NEyy/tZ2WZRcmX +LILTLXzi/9qq8lF9odjIl5KKsRpXhqMsf5b1w48CgYEAqDT8yDo+yw7b6Xu+OQc/ +Ds5xs3P7sNYtX8qYfz9DXCxfzlDfYbMKsZlr+V0BFiTddUWoJal4GeMEOqU2TyYq +VYf1hkBXOkt++zPPlJGNnsNtisDH6bng2cwXfdpttdEr8Pjgo5063r9GkifGacmL +Nnj8K6rjT9F6UJEw0jtS0qkCgYAi3RMSYfaSYgWPWvNTGRyAHn++s0/l93iemOty +6mbUFtZzm3IUEudoPtDLEQIY0StmQDSHy9VwGC5lrsoSMCO2uPaBnMzfHVxu4at3 +Dxw4Fr7hJE4FG8TNewB7EsZHBGzSvqAJKxVw1liMR2F5musVgQ3OKJTJjIEjcjHw +Zfp93QKBgQCPp6SH510qK9Rf+HjeWXJpOB2ByruC5rBgqrxE4rbIB3/fAl86a3Kq +Q1VqdGb+CW0FlkPshDmmdi3IoCliXywadSaXi/unPfPTel0pQAC8NM7WpPoaUfnS +QgL5iNXshicKoE8U6PRhYvn81zVpt4bFn3DZRgIlau2GQnijLkGvQw== +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..fac55d63b --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA carolKey.pem diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..8e41bb124 --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn duck + left=PH_IP_MOON + leftcert=moonCert.pem + leftsendcert=ifasked + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Duck Research CA" + auto=add diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem new file mode 100644 index 000000000..bb205a0fd --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0jCCArqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MTEwNDE2MTUwM1oXDTE1MTEwMzE2MTUw +M1owVjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAsTCFJlc2VhcmNoMRkwFwYDVQQDExBEdWNrIFJlc2VhcmNoIENBMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIBRSgHCxHhMjsVZo4PtFnENkHNu +MfyRDsc7m1KRDVt8N4h/EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwDYY0sX+qrpQKa +ub5AgsRa2fOOR9xfyf0Q7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFdXLNY3r60tBsO +UHOJAPZNoGPey5UL9ZjjsN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7ulsSkO9BrfqKD +h/pliP7uZANd0ZpPcrIc68WwrelpI1zu0kYGqu/y8HZpuPuAXtGqS2jctrjSieeY +i9wFLnS2tgV3ID4LzEEICSeqVqOvYgGKbarqLkARdxmdRKM9QYpu+5J+YQIDAQAB +o4GvMIGsMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBR2 +KqikMafGcY8wJbwCZpvLF1SNIDBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDzANBgkqhkiG9w0BAQsF +AAOCAQEAsHR1vDlz2sPQpD9xnt1PL4qX7XWSSM6d+QG3cjdiKCjH8t78ecEm1duv +YozLg6SYHGUF9qYuPz2SAZjQjmIWLlkQpBfQm8/orG+jbsQl5HkXFYX0UWAKZFGx +rjHnOzmQxnmIWHky4uMDT/UmhmWy6kuCmZbKeeOqkBR2gVxfLyzelTSbF4ntEm1C +1XqqtM4OfTOD5QUPD+6rZ5RoIPId9+2A8pJ2NyCUCf47FbkmYzU5+oiChhcGzsC5 +wDlgP32NA88kSiSJ2p2ZveYveRqcyZXZDAiTxRaIwJY0bt2Dk4wKicvy6vPdLA5v +DSlBqDpnqK8tEI9V9YeroihTcygrEg== +-----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem new file mode 100644 index 000000000..154cff654 --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh +cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD +FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU +zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO +/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0 +C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 ++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E +BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd +VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg +Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX +fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq +3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa +0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 +IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW +Tfcyi+M= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/posttest.dat b/testing/tests/ikev1/multi-level-ca-pathlen/posttest.dat new file mode 100644 index 000000000..f84b7e37b --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/posttest.dat @@ -0,0 +1,3 @@ +moon::ipsec stop +carol::ipsec stop +moon::rm /etc/ipsec.d/cacerts/* diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/pretest.dat b/testing/tests/ikev1/multi-level-ca-pathlen/pretest.dat new file mode 100644 index 000000000..9f0232a7b --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/pretest.dat @@ -0,0 +1,5 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +carol::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/test.conf b/testing/tests/ikev1/multi-level-ca-pathlen/test.conf new file mode 100644 index 000000000..b118cb7dc --- /dev/null +++ b/testing/tests/ikev1/multi-level-ca-pathlen/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice venus moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev1/nat-two-rw/evaltest.dat b/testing/tests/ikev1/nat-two-rw/evaltest.dat index b1a7d59ee..03c6d8ae6 100644 --- a/testing/tests/ikev1/nat-two-rw/evaltest.dat +++ b/testing/tests/ikev1/nat-two-rw/evaltest.dat @@ -2,7 +2,7 @@ alice::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES venus::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES sun::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES sun::ipsec status::nat-t.*alice@strongswan.org::YES -sun::ipsec status::nat-t.*@venus.strongswan.org::YES +sun::ipsec status::nat-t.*venus.strongswan.org::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf index a54482489..83d2b268a 100755 --- a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf @@ -1,7 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control + plutodebug="control parsing" nocrsend=yes charonstart=no @@ -15,6 +15,7 @@ conn net-net left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftcert=moonCert.asc + leftid=@#71270432cd763a18020ac988c0e75aed leftfirewall=yes right=PH_IP_SUN rightsubnet=10.2.0.0/16 diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..30c802be8 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf index 419adc2f2..d5b7c39fa 100755 --- a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf @@ -19,4 +19,5 @@ conn net-net right=PH_IP_MOON rightsubnet=10.1.0.0/16 rightcert=moonCert.asc + rightid=@#71270432cd763a18020ac988c0e75aed auto=add diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..30c802be8 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf index a54482489..bbd1f3a06 100755 --- a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf @@ -1,7 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control + plutodebug="control parsing" nocrsend=yes charonstart=no @@ -19,4 +19,5 @@ conn net-net right=PH_IP_SUN rightsubnet=10.2.0.0/16 rightcert=sunCert.asc + rightid=@#b42f31fec80ae3264a101c85977a04ac8d1638d3 auto=add diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..30c802be8 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf index 419adc2f2..abe91e6ee 100755 --- a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf @@ -15,6 +15,7 @@ conn net-net left=PH_IP_SUN leftsubnet=10.2.0.0/16 leftcert=sunCert.asc + leftid=@#b42f31fec80ae3264a101c85977a04ac8d1638d3 leftfirewall=yes right=PH_IP_MOON rightsubnet=10.1.0.0/16 diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..30c802be8 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..4bf0f97aa --- /dev/null +++ b/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac dnskey pkcs1 x509 gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..4bf0f97aa --- /dev/null +++ b/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac dnskey pkcs1 x509 gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/no-priv-key/evaltest.dat b/testing/tests/ikev1/no-priv-key/evaltest.dat index c2612167a..e5a8de0b9 100644 --- a/testing/tests/ikev1/no-priv-key/evaltest.dat +++ b/testing/tests/ikev1/no-priv-key/evaltest.dat @@ -1,4 +1,3 @@ carol::cat /var/log/auth.log::unable to locate my private key::YES -carol::cat /var/log/auth.log::empty ISAKMP SA proposal to send::YES moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO diff --git a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem b/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem index 5b742fc9e..a92610c4f 100644 --- a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem +++ b/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBBzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIjCCAwqgAwIBAgIBGzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjU0OFoXDTA5MDkwOTExMjU0OFowWjELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwMzEwNloXDTE0MDgyNjEwMzEwNlowWjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAM5413q1B2EF3spcYD1u0ce9AtIHdxmU3+1E0hqV -mLqpIQtyp4SLbrRunxpoVUuEpHWXgLb3C/ljjlKCMWWmhw4wja1rBTjMNJLPj6Bo -5Qn4Oeuqm7/kLHPGbveQGtcSsJCk6iLqFTbq0wsji5Ogq7kmjWgQv0nM2jpofHLv -VOAtWVSj+x2b3OHdl/WpgTgTw1HHjYo7/NOkARdTcZ2/wxxM3z1Abp9iylc45GLN -IL/OzHkT8b5pdokdMvVijz8IslkkewJYXrVQaCNMZg/ydlXOOAEKz0YqnvXQaYs5 -K+s8XvQ2RFCr5oO0fRT2VbiI9TgHnbcnfUi25iHl6txsXg0CAwEAAaOCAQYwggEC -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTbA2TH3ca8tgCGkYy9 -OV/MqUTHAzBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL +AQEBBQADggEPADCCAQoCggEBAOHh/BBf9VwUbx3IU2ZvKJylwCUP2Gr40Velcexr +lR1PoK3nwZrJxxfhhxrxdx7Wnt/PDiF2eyzA9U4cOyS1zPpWuRt69PEOWfzQJZkD +e5C6bXZMHwJGaCM0h8EugnwI7/XgbEq8U/1PBwIeFh8xSyIwyn8NqyHWm+6haFZG +Urz7y0ZOAYcX5ZldP8vjm2SyAl0hPlod0ypk2K1igmO8w3cRRFqD27XhztgIJyoi ++BO3umc+BXcpPGoZ7IFaXvHcMVECrxbkrvRdpKiz/4+u8FakQJtBmYuqP2TLodRJ +TKSJ4UvIPXZ8DTEYC/Ja/wrm1hNfH4T3YjWGT++lVbYF7qECAwEAAaOCAQYwggEC +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQRnt9aYXsi/fgMXGVh +ZpTfg8kSYjBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQC9acuCUPEBOrWB -56vS8N9bksQwv/XcYIFYqV73kFBAzOPLX2a9igFGvBPdCxFu/t8JCswzE6to4LFM -2+6Z2QJf442CLPcJKxITahrjJXSxGbzMlmaDvZ5wFCJAlyin+yuInpTwl8rMZe/Q -O5JeJjzGDgWJtnGdkLUk/l2r6sZ/Cmk5rZpuO0hcUHVztMLQYPzqTpuMvC5p4JzL -LWGWhKRhJs53NmxXXodck/ZgaqiTWuQFYlbamJRvzVBfX7c1SWHRJvxSSOPKGIg3 -wphkO2naj/SQD+BNuWTRmZ9YCiLOQ64ybLpJzRZISETdqtLBPKsIqosUZwkxlR1N -9IcgYi5x +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCY2EMqkuhtAls/ +jkjXm+sI5YVglE62itSYgJxKZhxoFn3l4Afc6+XBeftK8Y1IjXdeyQUg8qHhkctl +nBiEzRCClporCOXl5hOzWi+ft2hyKgcx8mFB8Qw5ZE9z8dvY70jdPCB4cH5EVaiC +6ElGcI02iO073iCe38b3rmpwfnkIWZ0FVjSFSsTiNPLXWH6m6tt9Gux/PFuLff4a +cdGfEGs01DEp9t0bHqZd6ESf2rEUljT57i9wSBfT5ULj78VTgudw/WhB0CgiXD+f +q2dZC/19B8Xmk6XmEpRQjFK6wFmfBiQdelJo17/8M4LdT/RfvTHJOxr2OAtvCm2Z +0xafBd5x -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem b/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem index 8aefcc5a6..60e7fdfa9 100644 --- a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem +++ b/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAznjXerUHYQXeylxgPW7Rx70C0gd3GZTf7UTSGpWYuqkhC3Kn -hItutG6fGmhVS4SkdZeAtvcL+WOOUoIxZaaHDjCNrWsFOMw0ks+PoGjlCfg566qb -v+Qsc8Zu95Aa1xKwkKTqIuoVNurTCyOLk6CruSaNaBC/SczaOmh8cu9U4C1ZVKP7 -HZvc4d2X9amBOBPDUceNijv806QBF1Nxnb/DHEzfPUBun2LKVzjkYs0gv87MeRPx -vml2iR0y9WKPPwiyWSR7AlhetVBoI0xmD/J2Vc44AQrPRiqe9dBpizkr6zxe9DZE -UKvmg7R9FPZVuIj1OAedtyd9SLbmIeXq3GxeDQIDAQABAoIBAAUdyXko8z3cP2EU -WO4syNYCQQejV7gykDn48pvmCRrXBhKajLwkGGIwO5ET9MkiSFEBqBbgmFNdvDEf -OMokDkSzv08Ez+RQax0YN57p+oL8u7KzT5i5tsBHsog/8epSdD2hWIv08QGjYAdu -og7OdHLqGabyg0r44I+B91OBysCjU51rDdkhz59AmURdEIJV5xhuGojFM68jaNm2 -MUxDfDuCsRIydjAP0VTUTAUxD4/S5I+jt/GK9aRsEeRH9Q3011iTGMR9viAUBhq/ -khkWNltg9lkOqO7LpnNku4sSv3v4CWge7/T+4RR2vZgv1oSs4ox2UKYoqIqiYIfx -uUcnqQECgYEA+LPiRMoXvlssQWlaFc2k4xga0efs+mWeLglDdc3R3fBEibP/AU07 -a576AgvUJtkI50/WNGKT73O+VtxcXn/N646m/8OtqNXuVKKjsxxNOZEKdO8aOdbt -7lM5WepNiQeaKAFudUxpUiZQx8LCKSsNDiJZKWBu6xAG2O5X32VMZvUCgYEA1Ie+ -rNa490PSC1ym7WbmdAjvGmSOn2GOBfO7BECsPZstccU7D5pZl/89fTfn1TDKP49Y -ScVOuFz7f/u6UJpb/WzI71RXEQOdojLWmF2HDx5osRi3hXEJa20fbPq6DQXCJ8pf -IF37AEqAY4UNSNic0Cw+rGHdWPQhDNXhFWpdu7kCgYEAmv4oNmyoDXbuhrlsbggi -CXE9TbG3a3mm8dPOGf2yHBmf7R2i/6GtNW33Kw1KIwfBV77WpQEGZwWACsv8ONx3 -baUSiHTfpkfk5xQQ5w/tRMISfTuB4agD0jJFnLa7qXl2ZhY2S53aSVsdntDOhi+R -TEy1umah2Za8Xbd0RgHwcn0CgYEAl9Hgg9dfikMIaNVm6W/4cCtxoojy2Sf3LIlP -r1oDsH6JmBwsdJjuJ4ZNhoXJNqID2COuDgTEly7U+jf4gFvEGuT7JPw6tgy/Ln7i -jTVCpaozX08oykpVUEhDirYQ8fyLFaGbEqQQCcUusej59G/IlW0F2F6QoFrEwUaH -46R4EQECgYBEZ7edMkj3dmJH1wxQjp5GJNbrJkS8IKvzza0mDTJdz33CgEX9Oyva -o2iEkDVpvj2SEy28ewt22IRptWKH/3bQfxSCcRV6JFNt3+LongMshRYqq1leqrKa -9fnQVtfTIbIVXwjTZap6BL8R66OeFtexsSFRfDF/8P4n2oF4zmn4qA== +MIIEpQIBAAKCAQEA4eH8EF/1XBRvHchTZm8onKXAJQ/YavjRV6Vx7GuVHU+grefB +msnHF+GHGvF3Htae388OIXZ7LMD1Thw7JLXM+la5G3r08Q5Z/NAlmQN7kLptdkwf +AkZoIzSHwS6CfAjv9eBsSrxT/U8HAh4WHzFLIjDKfw2rIdab7qFoVkZSvPvLRk4B +hxflmV0/y+ObZLICXSE+Wh3TKmTYrWKCY7zDdxFEWoPbteHO2AgnKiL4E7e6Zz4F +dyk8ahnsgVpe8dwxUQKvFuSu9F2kqLP/j67wVqRAm0GZi6o/ZMuh1ElMpInhS8g9 +dnwNMRgL8lr/CubWE18fhPdiNYZP76VVtgXuoQIDAQABAoIBAQCbF5UAkUJgdM9O +fat128DgvZXOXLDV0f261igAkmWR+Ih0n3n5E64VoY4oW77Ud7wiI4KqSzWLpvlH +Jm8dZ45UHJOAYM4pbRcwVKJcC14eI0LhRKbN4xXBhmHnrE1/aIuKIQt5zRFGDarc +M1gxFqFl2mZPEk18MGRkVoLTKfnJMzdHI1m0IAMwg3Rl9cmuVdkhTS+IAoULVNnI +0iAOsFN8SdDaKBqRcPkypT5s4wjGH4s7zjW4PmEDwDhhfeHkVccCuH8n3un1bPT2 +oc73RSXdCYMgDTD3waXC+4cCQGPZmUCl6Mfq7YCECkUpUg6rHlaCYRSZZoQPf5vH +VsBUvjABAoGBAPHSnJOL6tcqJCCZ27E3zIsmZ+d6dX4B/YN1Xk3vKHhavN5Ks6Gx +ZCsaluMuB2qyBRrpKnSAz6lUQ1TOxzuphlVIX1EnLW+JvNgFyem9PARsP2SMsKqm +VaqnId6pprdbP53NpL9Z7AsbS/i/Ab6WpVPyYHdqVsimCdRGK9/JlOnBAoGBAO8g +I4a4dJKiwHBHyP6wkYrhWdYwmjTJlskNNjrvtn7bCJ/Lm0SaGFXKIHCExnenZji0 +bBp3XiFNPlPfjTaXG++3IH6fxYdHonsrkxbUHvGAVETmHVLzeFiAKuUBvrWuKecD +yoywVenugORQIPal3AcLwPsVRfDU89tTQhiFq3zhAoGBAIqmfy/54URM3Tnz/Yq2 +u4htFNYb2JHPAlQFT3TP0xxuqiuqGSR0WUJ9lFXdZlM+jr7HQZha4rXrok9V39XN +dUAgpsYY+GwjRSt25jYmUesXRaGZKRIvHJ8kBL9t9jDbGLaZ2gP8wuH7XKvamF12 +coSXS8gsKGYTDT+wnCdLpR4BAoGAFwuV4Ont8iPVP/zrFgCWRjgpnEba1bOH4KBx +VYS8pcUeM6g/soDXT41HSxDAv89WPqjEslhGrhbvps2oolY1zwhrDUkAlGUG96/f +YRfYU5X2iR1UPiZQttbDS4a7hm7egvEOmDh2TzE5IsfGJX8ekV9Ene4S637acYy4 +lfxr5oECgYEAzRuvh6aG7UmKwNTfatEKav7/gUH3QBGK+Pp3TPSmR5PKh/Pk4py6 +95bT4mHrKCBIfSv/8h+6baYZr9Ha1Oj++J94RXEi8wdjjl1w3LGQrM/X+0AVqn5P +b5w1nvRK7bMikIXbZmPJmivrfChcjD21gvWeF6Osq8McWF8jW2HzrZw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf index 52fd0c788..737117cc9 100644 --- a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } scepclient { - load = sha1 sha2 md5 aes des hmac gmp pubkey random + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf index 52fd0c788..737117cc9 100644 --- a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } scepclient { - load = sha1 sha2 md5 aes des hmac gmp pubkey random + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf index ac4b8d589..c2d2b14ac 100644 --- a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf index ac4b8d589..3ec745baa 100644 --- a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 x509 gmp random curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf index 52fd0c788..737117cc9 100644 --- a/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } scepclient { - load = sha1 sha2 md5 aes des hmac gmp pubkey random + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf index 52fd0c788..737117cc9 100644 --- a/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf @@ -1,11 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp pubkey random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl } scepclient { - load = sha1 sha2 md5 aes des hmac gmp pubkey random + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/alg-3des-md5/description.txt b/testing/tests/ikev2/alg-3des-md5/description.txt new file mode 100644 index 000000000..4c39d0b04 --- /dev/null +++ b/testing/tests/ikev2/alg-3des-md5/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +3DES_CBC / HMAC_MD5_96 by defining esp=3des-md5-modp1024! +in ipsec.conf. The same cipher suite is used for IKE. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-3des-md5/evaltest.dat b/testing/tests/ikev2/alg-3des-md5/evaltest.dat new file mode 100644 index 000000000..6f598c6f3 --- /dev/null +++ b/testing/tests/ikev2/alg-3des-md5/evaltest.dat @@ -0,0 +1,13 @@ +moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec statusall::home.*INSTALLED::YES +moon::ipsec statusall::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES +carol::ipsec statusall::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::ipsec statusall::rw.*3DES_CBC/HMAC_MD5_96,::YES +carol::ipsec statusall::home.*3DES_CBC/HMAC_MD5_96,::YES +moon::ip xfrm state::enc cbc(des3_ede)::YES +carol::ip xfrm state::enc cbc(des3_ede)::YES +moon::ip xfrm state::auth hmac(md5)::YES +carol::ip xfrm state::auth hmac(md5)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..f2c71061d --- /dev/null +++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=3des-md5-modp1024! + esp=3des-md5-modp1024! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..06b1e9f48 --- /dev/null +++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..c4fd80fc0 --- /dev/null +++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=3des-md5-modp1024! + esp=3des-md5-modp1024! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..06b1e9f48 --- /dev/null +++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/alg-3des-md5/posttest.dat b/testing/tests/ikev2/alg-3des-md5/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/alg-3des-md5/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/alg-3des-md5/pretest.dat b/testing/tests/ikev2/alg-3des-md5/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/ikev2/alg-3des-md5/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev2/alg-3des-md5/test.conf b/testing/tests/ikev2/alg-3des-md5/test.conf new file mode 100644 index 000000000..acb73b06f --- /dev/null +++ b/testing/tests/ikev2/alg-3des-md5/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/alg-aes-xcbc/description.txt b/testing/tests/ikev2/alg-aes-xcbc/description.txt index cce0e1cd6..c71d7493f 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/description.txt +++ b/testing/tests/ikev2/alg-aes-xcbc/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the ESP cipher suite -AES_CBC_256 / AES_XCBC_96 by defining esp=aes256-aesxcbc-modp2048 -in ipsec.conf. The same cipher suite is used for IKE: ike=aes256-aesxcbc-modp2048. +AES_CBC_128 / AES_XCBC_96 by defining esp=aes128-aesxcbc-modp2048! +in ipsec.conf. The same cipher suite is used for IKE. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat index 5217c18df..24e36eb77 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat @@ -1,9 +1,12 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES -moon::ipsec statusall::rw.*AES_CBC_256/AES_XCBC_96,::YES -carol::ipsec statusall::home.*AES_CBC_256/AES_XCBC_96,::YES +moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES +carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES moon::ip xfrm state::auth xcbc(aes)::YES carol::ip xfrm state::auth xcbc(aes)::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES + diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf index edd0aaaf8..33e6a842b 100755 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! - esp=aes256-aesxcbc-modp2048! + ike=aes128-aesxcbc-modp2048! + esp=aes128-aesxcbc-modp2048! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf index 18618929f..208477deb 100755 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! - esp=aes256-aesxcbc-modp2048! + ike=aes128-aesxcbc-modp2048! + esp=aes128-aesxcbc-modp2048! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/alg-aes-xcbc/test.conf b/testing/tests/ikev2/alg-aes-xcbc/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/test.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev2/alg-blowfish/evaltest.dat b/testing/tests/ikev2/alg-blowfish/evaltest.dat index a1f9f6a8e..f1b33895b 100644 --- a/testing/tests/ikev2/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev2/alg-blowfish/evaltest.dat @@ -1,16 +1,16 @@ moon::ipsec statusall::rw.*ESTABLISHED::YES carol::ipsec statusall::home.*ESTABLISHED::YES -carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256::YES -carol::ipsec statusall::BLOWFISH_CBC_192.*,::YES +carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES dave::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128::YES -dave::ipsec statusall::BLOWFISH_CBC_128.*,::YES +dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES +dave::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ipsec statusall::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES -moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES -moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf index e9829d508..95ec73753 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 gmp curl random x509 pubkey hmac stroke kernel-netlink updown + load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf index e9829d508..95ec73753 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 gmp curl random x509 pubkey hmac stroke kernel-netlink updown + load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf index e9829d508..95ec73753 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 gmp curl random x509 pubkey hmac stroke kernel-netlink updown + load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/alg-sha256-96/description.txt b/testing/tests/ikev2/alg-sha256-96/description.txt new file mode 100644 index 000000000..e1d591625 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256-96/description.txt @@ -0,0 +1,5 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +AES_CBC_128 / HMAC_SHA2_256_96 which uses 96 bit instead of the +standard 128 bit truncation, allowing compatibility with Linux kernels older than 2.6.33 +by defining esp=aes128-sha256_96-modp2048! in ipsec.conf. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-sha256-96/evaltest.dat b/testing/tests/ikev2/alg-sha256-96/evaltest.dat new file mode 100644 index 000000000..7ec47aadf --- /dev/null +++ b/testing/tests/ikev2/alg-sha256-96/evaltest.dat @@ -0,0 +1,13 @@ +moon::cat /var/log/daemon.log::received strongSwan vendor id::YES +carol::cat /var/log/daemon.log::received strongSwan vendor id::YES +moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec statusall::home.*INSTALLED::YES +moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::ipsec statusall::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES +carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES +moon::ip xfrm state::auth hmac(sha256)::YES +carol::ip xfrm state::auth hmac(sha256)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..47cf1e12c --- /dev/null +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes128-sha256-modp2048! + esp=aes128-sha256_96-modp2048! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..4ae78cec5 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + send_vendor_id = yes +} diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..d340aaf70 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes128-sha256-modp2048! + esp=aes128-sha256_96-modp2048! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..4ae78cec5 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + send_vendor_id = yes +} diff --git a/testing/tests/ikev2/alg-sha256-96/posttest.dat b/testing/tests/ikev2/alg-sha256-96/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256-96/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/alg-sha256-96/pretest.dat b/testing/tests/ikev2/alg-sha256-96/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256-96/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev2/alg-sha256-96/test.conf b/testing/tests/ikev2/alg-sha256-96/test.conf new file mode 100644 index 000000000..acb73b06f --- /dev/null +++ b/testing/tests/ikev2/alg-sha256-96/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/alg-sha256/description.txt b/testing/tests/ikev2/alg-sha256/description.txt new file mode 100644 index 000000000..826a8f10b --- /dev/null +++ b/testing/tests/ikev2/alg-sha256/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +AES_CBC_128 / HMAC_SHA2_256_128 by defining esp=aes128-sha256-modp2048! +in ipsec.conf. The same cipher suite is used for IKE. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-sha256/evaltest.dat b/testing/tests/ikev2/alg-sha256/evaltest.dat new file mode 100644 index 000000000..2d1cc92bb --- /dev/null +++ b/testing/tests/ikev2/alg-sha256/evaltest.dat @@ -0,0 +1,11 @@ +moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec statusall::home.*INSTALLED::YES +moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::ipsec statusall::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES +carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES +moon::ip xfrm state::auth hmac(sha256)::YES +carol::ip xfrm state::auth hmac(sha256)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..d2b763a1b --- /dev/null +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes128-sha256-modp2048! + esp=aes128-sha256-modp2048! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..06b1e9f48 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..0e38bbb84 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes128-sha256-modp2048! + esp=aes128-sha256-modp2048! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..06b1e9f48 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/alg-sha256/posttest.dat b/testing/tests/ikev2/alg-sha256/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/alg-sha256/pretest.dat b/testing/tests/ikev2/alg-sha256/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/ikev2/alg-sha256/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev2/alg-sha256/test.conf b/testing/tests/ikev2/alg-sha256/test.conf new file mode 100644 index 000000000..acb73b06f --- /dev/null +++ b/testing/tests/ikev2/alg-sha256/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/alg-sha384/description.txt b/testing/tests/ikev2/alg-sha384/description.txt new file mode 100644 index 000000000..2255fe8fb --- /dev/null +++ b/testing/tests/ikev2/alg-sha384/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +AES_CBC_192 / HMAC_SHA2_384_192 by defining esp=aes192-sha384-modp3072! +in ipsec.conf. The same cipher suite is used for IKE. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-sha384/evaltest.dat b/testing/tests/ikev2/alg-sha384/evaltest.dat new file mode 100644 index 000000000..31bb64c5e --- /dev/null +++ b/testing/tests/ikev2/alg-sha384/evaltest.dat @@ -0,0 +1,11 @@ +moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec statusall::home.*INSTALLED::YES +moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +carol::ipsec statusall::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::ipsec statusall::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES +carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES +moon::ip xfrm state::auth hmac(sha384)::YES +carol::ip xfrm state::auth hmac(sha384)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..d38b7dfcf --- /dev/null +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes192-sha384-modp3072! + esp=aes192-sha384-modp3072! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..06b1e9f48 --- /dev/null +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..ea84cd8a4 --- /dev/null +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes192-sha384-modp3072! + esp=aes192-sha384-modp3072! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..06b1e9f48 --- /dev/null +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/alg-sha384/posttest.dat b/testing/tests/ikev2/alg-sha384/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/alg-sha384/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/alg-sha384/pretest.dat b/testing/tests/ikev2/alg-sha384/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/ikev2/alg-sha384/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev2/alg-sha384/test.conf b/testing/tests/ikev2/alg-sha384/test.conf new file mode 100644 index 000000000..acb73b06f --- /dev/null +++ b/testing/tests/ikev2/alg-sha384/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/alg-sha512/description.txt b/testing/tests/ikev2/alg-sha512/description.txt new file mode 100644 index 000000000..bf79a3bff --- /dev/null +++ b/testing/tests/ikev2/alg-sha512/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +AES_CBC_256 / HMAC_SHA2_512_256 by defining esp=aes256-sha512-modp4096! +in ipsec.conf. The same cipher suite is used for IKE. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev2/alg-sha512/evaltest.dat b/testing/tests/ikev2/alg-sha512/evaltest.dat new file mode 100644 index 000000000..e0f5fb7a3 --- /dev/null +++ b/testing/tests/ikev2/alg-sha512/evaltest.dat @@ -0,0 +1,11 @@ +moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec statusall::home.*INSTALLED::YES +moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES +carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::ipsec statusall::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES +carol::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES +moon::ip xfrm state::auth hmac(sha512)::YES +carol::ip xfrm state::auth hmac(sha512)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..583522d1b --- /dev/null +++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes256-sha512-modp4096! + esp=aes256-sha512-modp4096! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..06b1e9f48 --- /dev/null +++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..40fec93c0 --- /dev/null +++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes256-sha512-modp4096! + esp=aes256-sha512-modp4096! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..06b1e9f48 --- /dev/null +++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/alg-sha512/posttest.dat b/testing/tests/ikev2/alg-sha512/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/alg-sha512/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/alg-sha512/pretest.dat b/testing/tests/ikev2/alg-sha512/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/ikev2/alg-sha512/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev2/alg-sha512/test.conf b/testing/tests/ikev2/alg-sha512/test.conf new file mode 100644 index 000000000..acb73b06f --- /dev/null +++ b/testing/tests/ikev2/alg-sha512/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf index 66a6137cb..86a0257ad 100644 --- a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf index 66a6137cb..86a0257ad 100644 --- a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf index 66a6137cb..86a0257ad 100644 --- a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf index 66a6137cb..86a0257ad 100644 --- a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink multiple_authentication = no } diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/config-payload/evaltest.dat b/testing/tests/ikev2/config-payload/evaltest.dat index 40624e3ef..3451112cc 100644 --- a/testing/tests/ikev2/config-payload/evaltest.dat +++ b/testing/tests/ikev2/config-payload/evaltest.dat @@ -1,8 +1,8 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU::YES -carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS::YES +carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES +carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf index ae5e4f72b..ff38e227b 100644 --- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown resolv-conf + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf index ae5e4f72b..ff38e227b 100644 --- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown resolv-conf + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf index a6036a5da..51810734d 100644 --- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown attr + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown attr dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS } diff --git a/testing/tests/ikev2/crl-from-cache/evaltest.dat b/testing/tests/ikev2/crl-from-cache/evaltest.dat index f15196024..2f4cf7afa 100644 --- a/testing/tests/ikev2/crl-from-cache/evaltest.dat +++ b/testing/tests/ikev2/crl-from-cache/evaltest.dat @@ -1,8 +1,8 @@ -moon::cat /var/log/daemon.log::loaded crl file::YES +moon::cat /var/log/daemon.log::loaded crl from::YES moon::cat /var/log/daemon.log::crl is valid::YES moon::cat /var/log/daemon.log::certificate status is good::YES moon::ipsec listcrls:: ok::YES -carol::cat /var/log/daemon.log::loaded crl file::YES +carol::cat /var/log/daemon.log::loaded crl from::YES carol::cat /var/log/daemon.log::crl is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES carol::ipsec listcrls:: ok::YES diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/crl-ldap/evaltest.dat b/testing/tests/ikev2/crl-ldap/evaltest.dat index d98df8c7c..5ab094401 100644 --- a/testing/tests/ikev2/crl-ldap/evaltest.dat +++ b/testing/tests/ikev2/crl-ldap/evaltest.dat @@ -1,9 +1,9 @@ -moon::cat /var/log/daemon.log::loaded crl file::YES +moon::cat /var/log/daemon.log::loaded crl from::YES moon::cat /var/log/daemon.log::crl is stale::YES moon::cat /var/log/daemon.log::fetching crl from.*ldap::YES moon::cat /var/log/daemon.log::crl is valid::YES moon::cat /var/log/daemon.log::certificate status is good::YES -carol::cat /var/log/daemon.log::loaded crl file::YES +carol::cat /var/log/daemon.log::loaded crl from::YES carol::cat /var/log/daemon.log::crl is stale::YES carol::cat /var/log/daemon.log::fetching crl from.*ldap::YES carol::cat /var/log/daemon.log::crl is valid::YES diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf index 7ab4e2a42..c9e6722ae 100644 --- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf index 7ab4e2a42..c9e6722ae 100644 --- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem index 5b742fc9e..a92610c4f 100644 --- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem +++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBBzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEIjCCAwqgAwIBAgIBGzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjU0OFoXDTA5MDkwOTExMjU0OFowWjELMAkGA1UE +b290IENBMB4XDTA5MDgyNzEwMzEwNloXDTE0MDgyNjEwMzEwNlowWjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAM5413q1B2EF3spcYD1u0ce9AtIHdxmU3+1E0hqV -mLqpIQtyp4SLbrRunxpoVUuEpHWXgLb3C/ljjlKCMWWmhw4wja1rBTjMNJLPj6Bo -5Qn4Oeuqm7/kLHPGbveQGtcSsJCk6iLqFTbq0wsji5Ogq7kmjWgQv0nM2jpofHLv -VOAtWVSj+x2b3OHdl/WpgTgTw1HHjYo7/NOkARdTcZ2/wxxM3z1Abp9iylc45GLN -IL/OzHkT8b5pdokdMvVijz8IslkkewJYXrVQaCNMZg/ydlXOOAEKz0YqnvXQaYs5 -K+s8XvQ2RFCr5oO0fRT2VbiI9TgHnbcnfUi25iHl6txsXg0CAwEAAaOCAQYwggEC -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTbA2TH3ca8tgCGkYy9 -OV/MqUTHAzBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL +AQEBBQADggEPADCCAQoCggEBAOHh/BBf9VwUbx3IU2ZvKJylwCUP2Gr40Velcexr +lR1PoK3nwZrJxxfhhxrxdx7Wnt/PDiF2eyzA9U4cOyS1zPpWuRt69PEOWfzQJZkD +e5C6bXZMHwJGaCM0h8EugnwI7/XgbEq8U/1PBwIeFh8xSyIwyn8NqyHWm+6haFZG +Urz7y0ZOAYcX5ZldP8vjm2SyAl0hPlod0ypk2K1igmO8w3cRRFqD27XhztgIJyoi ++BO3umc+BXcpPGoZ7IFaXvHcMVECrxbkrvRdpKiz/4+u8FakQJtBmYuqP2TLodRJ +TKSJ4UvIPXZ8DTEYC/Ja/wrm1hNfH4T3YjWGT++lVbYF7qECAwEAAaOCAQYwggEC +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQRnt9aYXsi/fgMXGVh +ZpTfg8kSYjBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQC9acuCUPEBOrWB -56vS8N9bksQwv/XcYIFYqV73kFBAzOPLX2a9igFGvBPdCxFu/t8JCswzE6to4LFM -2+6Z2QJf442CLPcJKxITahrjJXSxGbzMlmaDvZ5wFCJAlyin+yuInpTwl8rMZe/Q -O5JeJjzGDgWJtnGdkLUk/l2r6sZ/Cmk5rZpuO0hcUHVztMLQYPzqTpuMvC5p4JzL -LWGWhKRhJs53NmxXXodck/ZgaqiTWuQFYlbamJRvzVBfX7c1SWHRJvxSSOPKGIg3 -wphkO2naj/SQD+BNuWTRmZ9YCiLOQ64ybLpJzRZISETdqtLBPKsIqosUZwkxlR1N -9IcgYi5x +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCY2EMqkuhtAls/ +jkjXm+sI5YVglE62itSYgJxKZhxoFn3l4Afc6+XBeftK8Y1IjXdeyQUg8qHhkctl +nBiEzRCClporCOXl5hOzWi+ft2hyKgcx8mFB8Qw5ZE9z8dvY70jdPCB4cH5EVaiC +6ElGcI02iO073iCe38b3rmpwfnkIWZ0FVjSFSsTiNPLXWH6m6tt9Gux/PFuLff4a +cdGfEGs01DEp9t0bHqZd6ESf2rEUljT57i9wSBfT5ULj78VTgudw/WhB0CgiXD+f +q2dZC/19B8Xmk6XmEpRQjFK6wFmfBiQdelJo17/8M4LdT/RfvTHJOxr2OAtvCm2Z +0xafBd5x -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem index 8aefcc5a6..60e7fdfa9 100644 --- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem +++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAznjXerUHYQXeylxgPW7Rx70C0gd3GZTf7UTSGpWYuqkhC3Kn -hItutG6fGmhVS4SkdZeAtvcL+WOOUoIxZaaHDjCNrWsFOMw0ks+PoGjlCfg566qb -v+Qsc8Zu95Aa1xKwkKTqIuoVNurTCyOLk6CruSaNaBC/SczaOmh8cu9U4C1ZVKP7 -HZvc4d2X9amBOBPDUceNijv806QBF1Nxnb/DHEzfPUBun2LKVzjkYs0gv87MeRPx -vml2iR0y9WKPPwiyWSR7AlhetVBoI0xmD/J2Vc44AQrPRiqe9dBpizkr6zxe9DZE -UKvmg7R9FPZVuIj1OAedtyd9SLbmIeXq3GxeDQIDAQABAoIBAAUdyXko8z3cP2EU -WO4syNYCQQejV7gykDn48pvmCRrXBhKajLwkGGIwO5ET9MkiSFEBqBbgmFNdvDEf -OMokDkSzv08Ez+RQax0YN57p+oL8u7KzT5i5tsBHsog/8epSdD2hWIv08QGjYAdu -og7OdHLqGabyg0r44I+B91OBysCjU51rDdkhz59AmURdEIJV5xhuGojFM68jaNm2 -MUxDfDuCsRIydjAP0VTUTAUxD4/S5I+jt/GK9aRsEeRH9Q3011iTGMR9viAUBhq/ -khkWNltg9lkOqO7LpnNku4sSv3v4CWge7/T+4RR2vZgv1oSs4ox2UKYoqIqiYIfx -uUcnqQECgYEA+LPiRMoXvlssQWlaFc2k4xga0efs+mWeLglDdc3R3fBEibP/AU07 -a576AgvUJtkI50/WNGKT73O+VtxcXn/N646m/8OtqNXuVKKjsxxNOZEKdO8aOdbt -7lM5WepNiQeaKAFudUxpUiZQx8LCKSsNDiJZKWBu6xAG2O5X32VMZvUCgYEA1Ie+ -rNa490PSC1ym7WbmdAjvGmSOn2GOBfO7BECsPZstccU7D5pZl/89fTfn1TDKP49Y -ScVOuFz7f/u6UJpb/WzI71RXEQOdojLWmF2HDx5osRi3hXEJa20fbPq6DQXCJ8pf -IF37AEqAY4UNSNic0Cw+rGHdWPQhDNXhFWpdu7kCgYEAmv4oNmyoDXbuhrlsbggi -CXE9TbG3a3mm8dPOGf2yHBmf7R2i/6GtNW33Kw1KIwfBV77WpQEGZwWACsv8ONx3 -baUSiHTfpkfk5xQQ5w/tRMISfTuB4agD0jJFnLa7qXl2ZhY2S53aSVsdntDOhi+R -TEy1umah2Za8Xbd0RgHwcn0CgYEAl9Hgg9dfikMIaNVm6W/4cCtxoojy2Sf3LIlP -r1oDsH6JmBwsdJjuJ4ZNhoXJNqID2COuDgTEly7U+jf4gFvEGuT7JPw6tgy/Ln7i -jTVCpaozX08oykpVUEhDirYQ8fyLFaGbEqQQCcUusej59G/IlW0F2F6QoFrEwUaH -46R4EQECgYBEZ7edMkj3dmJH1wxQjp5GJNbrJkS8IKvzza0mDTJdz33CgEX9Oyva -o2iEkDVpvj2SEy28ewt22IRptWKH/3bQfxSCcRV6JFNt3+LongMshRYqq1leqrKa -9fnQVtfTIbIVXwjTZap6BL8R66OeFtexsSFRfDF/8P4n2oF4zmn4qA== +MIIEpQIBAAKCAQEA4eH8EF/1XBRvHchTZm8onKXAJQ/YavjRV6Vx7GuVHU+grefB +msnHF+GHGvF3Htae388OIXZ7LMD1Thw7JLXM+la5G3r08Q5Z/NAlmQN7kLptdkwf +AkZoIzSHwS6CfAjv9eBsSrxT/U8HAh4WHzFLIjDKfw2rIdab7qFoVkZSvPvLRk4B +hxflmV0/y+ObZLICXSE+Wh3TKmTYrWKCY7zDdxFEWoPbteHO2AgnKiL4E7e6Zz4F +dyk8ahnsgVpe8dwxUQKvFuSu9F2kqLP/j67wVqRAm0GZi6o/ZMuh1ElMpInhS8g9 +dnwNMRgL8lr/CubWE18fhPdiNYZP76VVtgXuoQIDAQABAoIBAQCbF5UAkUJgdM9O +fat128DgvZXOXLDV0f261igAkmWR+Ih0n3n5E64VoY4oW77Ud7wiI4KqSzWLpvlH +Jm8dZ45UHJOAYM4pbRcwVKJcC14eI0LhRKbN4xXBhmHnrE1/aIuKIQt5zRFGDarc +M1gxFqFl2mZPEk18MGRkVoLTKfnJMzdHI1m0IAMwg3Rl9cmuVdkhTS+IAoULVNnI +0iAOsFN8SdDaKBqRcPkypT5s4wjGH4s7zjW4PmEDwDhhfeHkVccCuH8n3un1bPT2 +oc73RSXdCYMgDTD3waXC+4cCQGPZmUCl6Mfq7YCECkUpUg6rHlaCYRSZZoQPf5vH +VsBUvjABAoGBAPHSnJOL6tcqJCCZ27E3zIsmZ+d6dX4B/YN1Xk3vKHhavN5Ks6Gx +ZCsaluMuB2qyBRrpKnSAz6lUQ1TOxzuphlVIX1EnLW+JvNgFyem9PARsP2SMsKqm +VaqnId6pprdbP53NpL9Z7AsbS/i/Ab6WpVPyYHdqVsimCdRGK9/JlOnBAoGBAO8g +I4a4dJKiwHBHyP6wkYrhWdYwmjTJlskNNjrvtn7bCJ/Lm0SaGFXKIHCExnenZji0 +bBp3XiFNPlPfjTaXG++3IH6fxYdHonsrkxbUHvGAVETmHVLzeFiAKuUBvrWuKecD +yoywVenugORQIPal3AcLwPsVRfDU89tTQhiFq3zhAoGBAIqmfy/54URM3Tnz/Yq2 +u4htFNYb2JHPAlQFT3TP0xxuqiuqGSR0WUJ9lFXdZlM+jr7HQZha4rXrok9V39XN +dUAgpsYY+GwjRSt25jYmUesXRaGZKRIvHJ8kBL9t9jDbGLaZ2gP8wuH7XKvamF12 +coSXS8gsKGYTDT+wnCdLpR4BAoGAFwuV4Ont8iPVP/zrFgCWRjgpnEba1bOH4KBx +VYS8pcUeM6g/soDXT41HSxDAv89WPqjEslhGrhbvps2oolY1zwhrDUkAlGUG96/f +YRfYU5X2iR1UPiZQttbDS4a7hm7egvEOmDh2TzE5IsfGJX8ekV9Ene4S637acYy4 +lfxr5oECgYEAzRuvh6aG7UmKwNTfatEKav7/gUH3QBGK+Pp3TPSmR5PKh/Pk4py6 +95bT4mHrKCBIfSv/8h+6baYZr9Ha1Oj++J94RXEi8wdjjl1w3LGQrM/X+0AVqn5P +b5w1nvRK7bMikIXbZmPJmivrfChcjD21gvWeF6Osq8McWF8jW2HzrZw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf index 6cb8c1369..c466dc8cf 100644 --- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf @@ -1,9 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } scepclient { - load = sha1 sha2 md5 aes des hmac gmp pubkey random + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random } diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf index 6cb8c1369..c466dc8cf 100644 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf @@ -1,9 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } scepclient { - load = sha1 sha2 md5 aes des hmac gmp pubkey random + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random } diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat index 9a1c6b8e9..86ef872c0 100644 --- a/testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat @@ -1,5 +1,7 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::AES_CCM_12_128::YES carol::ipsec statusall::AES_CCM_12_128::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/test.conf b/testing/tests/ikev2/esp-alg-aes-ccm/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/ikev2/esp-alg-aes-ccm/test.conf +++ b/testing/tests/ikev2/esp-alg-aes-ccm/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-ctr/evaltest.dat index d5260da68..6b5d0ba0b 100644 --- a/testing/tests/ikev2/esp-alg-aes-ctr/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-aes-ctr/evaltest.dat @@ -1,7 +1,10 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::AES_CTR_128/AES_XCBC_96::YES carol::ipsec statusall::AES_CTR_128/AES_XCBC_96::YES moon::ip xfrm state::rfc3686(ctr(aes))::YES carol::ip xfrm state::rfc3686(ctr(aes))::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES + diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/test.conf b/testing/tests/ikev2/esp-alg-aes-ctr/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/ikev2/esp-alg-aes-ctr/test.conf +++ b/testing/tests/ikev2/esp-alg-aes-ctr/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat index 12a2dab3c..9805c654c 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat @@ -1,5 +1,7 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::AES_GCM_16_256::YES carol::ipsec statusall::AES_GCM_16_256::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/test.conf b/testing/tests/ikev2/esp-alg-aes-gcm/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/test.conf +++ b/testing/tests/ikev2/esp-alg-aes-gcm/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev2/esp-alg-camellia/description.txt b/testing/tests/ikev2/esp-alg-camellia/description.txt deleted file mode 100644 index e79bc4f87..000000000 --- a/testing/tests/ikev2/esp-alg-camellia/description.txt +++ /dev/null @@ -1,3 +0,0 @@ -Roadwarrior carol proposes to gateway moon the ESP cipher suite -CAMELLIA_CBC_192 / HMAC_SHA1_96 by defining esp=camellia192-sha1 in ipsec.conf. -A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev2/esp-alg-camellia/evaltest.dat b/testing/tests/ikev2/esp-alg-camellia/evaltest.dat deleted file mode 100644 index a8a78e25b..000000000 --- a/testing/tests/ikev2/esp-alg-camellia/evaltest.dat +++ /dev/null @@ -1,7 +0,0 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES -carol::ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES -moon::ip xfrm state::enc cbc(camellia)::YES -carol::ip xfrm state::enc cbc(camellia)::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES diff --git a/testing/tests/ikev2/esp-alg-camellia/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-camellia/hosts/carol/etc/ipsec.conf deleted file mode 100755 index 74562cd3c..000000000 --- a/testing/tests/ikev2/esp-alg-camellia/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,25 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - crlcheckinterval=180 - strictcrlpolicy=yes - plutostart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - ike=aes192-sha1-modp2048! - esp=camellia192-sha1! - -conn home - left=PH_IP_CAROL - leftfirewall=yes - leftcert=carolCert.pem - leftid=carol@strongswan.org - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add diff --git a/testing/tests/ikev2/esp-alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-camellia/hosts/carol/etc/strongswan.conf deleted file mode 100644 index 40eb84b8a..000000000 --- a/testing/tests/ikev2/esp-alg-camellia/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,5 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown -} diff --git a/testing/tests/ikev2/esp-alg-camellia/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-camellia/hosts/moon/etc/ipsec.conf deleted file mode 100755 index a9ce15802..000000000 --- a/testing/tests/ikev2/esp-alg-camellia/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - crlcheckinterval=180 - strictcrlpolicy=yes - plutostart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - ike=aes192-sha1-modp2048! - esp=camellia192-sha1! - -conn rw - left=PH_IP_MOON - leftfirewall=yes - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftsubnet=10.1.0.0/16 - right=%any - auto=add diff --git a/testing/tests/ikev2/esp-alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-camellia/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 40eb84b8a..000000000 --- a/testing/tests/ikev2/esp-alg-camellia/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,5 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown -} diff --git a/testing/tests/ikev2/esp-alg-camellia/posttest.dat b/testing/tests/ikev2/esp-alg-camellia/posttest.dat deleted file mode 100644 index 94a400606..000000000 --- a/testing/tests/ikev2/esp-alg-camellia/posttest.dat +++ /dev/null @@ -1,4 +0,0 @@ -moon::ipsec stop -carol::ipsec stop -moon::/etc/init.d/iptables stop 2> /dev/null -carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/esp-alg-camellia/pretest.dat b/testing/tests/ikev2/esp-alg-camellia/pretest.dat deleted file mode 100644 index 3c3df0196..000000000 --- a/testing/tests/ikev2/esp-alg-camellia/pretest.dat +++ /dev/null @@ -1,7 +0,0 @@ -moon::/etc/init.d/iptables start 2> /dev/null -carol::/etc/init.d/iptables start 2> /dev/null -moon::ipsec start -carol::ipsec start -carol::sleep 1 -carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/esp-alg-camellia/test.conf b/testing/tests/ikev2/esp-alg-camellia/test.conf deleted file mode 100644 index 2b240d895..000000000 --- a/testing/tests/ikev2/esp-alg-camellia/test.conf +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="moon carol winnetou" - -# Corresponding block diagram -# -DIAGRAM="m-c-w.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/esp-alg-null/evaltest.dat b/testing/tests/ikev2/esp-alg-null/evaltest.dat index dc50f11e0..bebca1f61 100644 --- a/testing/tests/ikev2/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-null/evaltest.dat @@ -1,7 +1,9 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::NULL/HMAC_SHA1_96::YES carol::ipsec statusall::NULL/HMAC_SHA1_96::YES moon::ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/esp-alg-null/pretest.dat b/testing/tests/ikev2/esp-alg-null/pretest.dat index f360351e1..3c3df0196 100644 --- a/testing/tests/ikev2/esp-alg-null/pretest.dat +++ b/testing/tests/ikev2/esp-alg-null/pretest.dat @@ -4,3 +4,4 @@ moon::ipsec start carol::ipsec start carol::sleep 1 carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/esp-alg-null/test.conf b/testing/tests/ikev2/esp-alg-null/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/ikev2/esp-alg-null/test.conf +++ b/testing/tests/ikev2/esp-alg-null/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf index 4731a81d2..9af403198 100644 --- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown multiple_authentication = no } diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf index 4731a81d2..9af403198 100644 --- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown multiple_authentication = no } diff --git a/testing/tests/ikev2/inactivity-timeout/description.txt b/testing/tests/ikev2/inactivity-timeout/description.txt new file mode 100644 index 000000000..df155b1c3 --- /dev/null +++ b/testing/tests/ikev2/inactivity-timeout/description.txt @@ -0,0 +1,3 @@ +Roadwarrior carol establishes an IPsec tunnel to gateway moon and sets +an inactivity timeout of 10 seconds. Thus after 10 seconds of inactivity the CHILD_SA +is automatically deleted by carol. diff --git a/testing/tests/ikev2/inactivity-timeout/evaltest.dat b/testing/tests/ikev2/inactivity-timeout/evaltest.dat new file mode 100644 index 000000000..a8975481f --- /dev/null +++ b/testing/tests/ikev2/inactivity-timeout/evaltest.dat @@ -0,0 +1,8 @@ +moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec statusall::home.*INSTALLED::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::sleep 15::NO +carol::cat /var/log/daemon.log::deleting CHILD_SA after 10 seconds of inactivity::YES +moon::ipsec statusall::rw.*INSTALLED::NO +carol::ipsec statusall::home.*INSTALLED::NO +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..5fbb99617 --- /dev/null +++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + inactivity=10 + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..06b1e9f48 --- /dev/null +++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..c3d417302 --- /dev/null +++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..06b1e9f48 --- /dev/null +++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ikev2/inactivity-timeout/posttest.dat b/testing/tests/ikev2/inactivity-timeout/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/inactivity-timeout/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/inactivity-timeout/pretest.dat b/testing/tests/ikev2/inactivity-timeout/pretest.dat new file mode 100644 index 000000000..3c3df0196 --- /dev/null +++ b/testing/tests/ikev2/inactivity-timeout/pretest.dat @@ -0,0 +1,7 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/inactivity-timeout/test.conf b/testing/tests/ikev2/inactivity-timeout/test.conf new file mode 100644 index 000000000..acb73b06f --- /dev/null +++ b/testing/tests/ikev2/inactivity-timeout/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/ip-pool-db/evaltest.dat b/testing/tests/ikev2/ip-pool-db/evaltest.dat index 9ce2c44a8..f9d0cbb37 100644 --- a/testing/tests/ikev2/ip-pool-db/evaltest.dat +++ b/testing/tests/ikev2/ip-pool-db/evaltest.dat @@ -1,9 +1,15 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES +carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES +carol::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES +carol::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES +dave::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES +dave::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES dave::ip addr list dev eth0::PH_IP_DAVE1::YES dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave::ipsec status::home.*INSTALLED::YES @@ -11,6 +17,8 @@ dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES moon::cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES moon::cat /var/log/daemon.log::assigning virtual IP::YES +moon::ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES +moon::ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES moon::ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.3.232.*static.*2::YES moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf index 40eb84b8a..ff38e227b 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf index 40eb84b8a..ff38e227b 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf index b77ff97fb..b7c598fca 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -1,12 +1,15 @@ # /etc/strongswan.conf - strongSwan configuration file charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown +} + +libstrongswan { plugins { - sql { - database = sqlite:///etc/ipsec.d/ipsec.db + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink sqlite sql updown } pool { diff --git a/testing/tests/ikev2/ip-pool-db/posttest.dat b/testing/tests/ikev2/ip-pool-db/posttest.dat index 1505a77ba..1c955057a 100644 --- a/testing/tests/ikev2/ip-pool-db/posttest.dat +++ b/testing/tests/ikev2/ip-pool-db/posttest.dat @@ -5,4 +5,6 @@ moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null moon::ipsec pool --del bigpool 2> /dev/null +moon::ipsec pool --del dns 2> /dev/null +moon::ipsec pool --del nbns 2> /dev/null moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev2/ip-pool-db/pretest.dat b/testing/tests/ikev2/ip-pool-db/pretest.dat index 1765538a3..332280acd 100644 --- a/testing/tests/ikev2/ip-pool-db/pretest.dat +++ b/testing/tests/ikev2/ip-pool-db/pretest.dat @@ -1,6 +1,9 @@ moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db moon::ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0 2> /dev/null +moon::ipsec pool --add dns --server PH_IP_WINNETOU 2> /dev/null +moon::ipsec pool --add dns --server PH_IP_VENUS 2> /dev/null +moon::ipsec pool --add nbns --server PH_IP_VENUS 2> /dev/null moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/iptables start 2> /dev/null diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf index b77ff97fb..b7c598fca 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf @@ -1,12 +1,15 @@ # /etc/strongswan.conf - strongSwan configuration file charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown +} + +libstrongswan { plugins { - sql { - database = sqlite:///etc/ipsec.d/ipsec.db + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink sqlite sql updown } pool { diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf index 1b5257ccc..1ce52a848 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf @@ -1,12 +1,15 @@ # /etc/strongswan.conf - strongSwan configuration file charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown +} + +libstrongswan { plugins { - sql { - database = sqlite:///etc/ipsec.d/ipsec.db + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke sqlite sql kernel-netlink updown } pool { diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf index 1b5257ccc..1ce52a848 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf @@ -1,12 +1,15 @@ # /etc/strongswan.conf - strongSwan configuration file charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown +} + +libstrongswan { plugins { - sql { - database = sqlite:///etc/ipsec.d/ipsec.db + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke sqlite sql kernel-netlink updown } pool { diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/mobike-nat/description.txt b/testing/tests/ikev2/mobike-nat/description.txt index ba8fc5bf0..428ac0883 100644 --- a/testing/tests/ikev2/mobike-nat/description.txt +++ b/testing/tests/ikev2/mobike-nat/description.txt @@ -1,5 +1,5 @@ The roadwarrior alice is sitting behind the NAT router moon but -at the outset of the scenariou is also directly connected to the 192.168.0.0/24 network +at the outset of the scenario is also directly connected to the 192.168.0.0/24 network via an additional eth1 interface. alice builds up a tunnel to gateway sun in order to reach bob in the subnet behind. When the eth1 interface goes away, alice switches to eth0 and signals the IP address change diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/init.d/iptables b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/init.d/iptables index db18182a3..cf0d65c58 100755 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/init.d/iptables +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/init.d/iptables @@ -17,6 +17,10 @@ start() { /sbin/iptables -P OUTPUT DROP /sbin/iptables -P FORWARD DROP + # allow IPsec tunnel traffic + iptables -A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT + iptables -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT + # allow esp iptables -A INPUT -i eth0 -p 50 -j ACCEPT iptables -A INPUT -i eth1 -p 50 -j ACCEPT diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf index 5c93d1462..ed670efb1 100755 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf @@ -17,7 +17,6 @@ conn mobike leftsourceip=%config leftcert=aliceCert.pem leftid=alice@strongswan.org - leftfirewall=yes right=PH_IP_SUN rightid=@sun.strongswan.org rightsubnet=10.2.0.0/16 diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf index 40eb84b8a..572cf39cb 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/init.d/iptables b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/init.d/iptables new file mode 100755 index 000000000..642c414d5 --- /dev/null +++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/init.d/iptables @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow IPsec tunnel traffic + iptables -A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT + iptables -A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT + + # allow NAT-T + iptables -A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf index d6121511e..ca4d84e16 100755 --- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf @@ -16,7 +16,6 @@ conn mobike left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org - leftfirewall=yes leftsubnet=10.2.0.0/16 right=%any rightsourceip=10.3.0.3 diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf index 40eb84b8a..572cf39cb 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/init.d/iptables b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/init.d/iptables index db18182a3..cf0d65c58 100755 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/init.d/iptables +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/init.d/iptables @@ -17,6 +17,10 @@ start() { /sbin/iptables -P OUTPUT DROP /sbin/iptables -P FORWARD DROP + # allow IPsec tunnel traffic + iptables -A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT + iptables -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT + # allow esp iptables -A INPUT -i eth0 -p 50 -j ACCEPT iptables -A INPUT -i eth1 -p 50 -j ACCEPT diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf index 5c93d1462..ed670efb1 100755 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf @@ -17,7 +17,6 @@ conn mobike leftsourceip=%config leftcert=aliceCert.pem leftid=alice@strongswan.org - leftfirewall=yes right=PH_IP_SUN rightid=@sun.strongswan.org rightsubnet=10.2.0.0/16 diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf index 40eb84b8a..572cf39cb 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/init.d/iptables b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/init.d/iptables new file mode 100755 index 000000000..642c414d5 --- /dev/null +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/init.d/iptables @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow IPsec tunnel traffic + iptables -A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT + iptables -A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT + + # allow NAT-T + iptables -A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf index 18a67cde0..1c8be1db4 100755 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf @@ -16,7 +16,6 @@ conn mobike left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org - leftfirewall=yes leftsubnet=10.2.0.0/16 right=PH_IP_ALICE1 rightsourceip=10.3.0.3 diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf index 40eb84b8a..572cf39cb 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf index 40eb84b8a..572cf39cb 100644 --- a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/init.d/iptables b/testing/tests/ikev2/mobike/hosts/sun/etc/init.d/iptables new file mode 100755 index 000000000..6934b1948 --- /dev/null +++ b/testing/tests/ikev2/mobike/hosts/sun/etc/init.d/iptables @@ -0,0 +1,90 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow IPsec tunnel traffic + iptables -A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT + iptables -A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A INPUT -i eth1 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A INPUT -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A INPUT -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf index 1367e784f..4806cd9c8 100755 --- a/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf @@ -16,7 +16,6 @@ conn mobike left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org - leftfirewall=yes leftsubnet=10.2.0.0/16 right=PH_IP_ALICE1 rightid=alice@strongswan.org diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf index 40eb84b8a..572cf39cb 100644 --- a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf index cc451fc8d..49f69ff0c 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file eapidentity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf index cc451fc8d..49f69ff0c 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file eapidentity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf index 10414b29a..9f3c6bfa3 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf @@ -1,10 +1,10 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius eapidentity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown plugins { - eap_radius { - secret = gv6URkSs + eap-radius { + secret = gv6URkSs server = PH_IP_ALICE } } diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf index c234f3a32..3db5e8aef 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf index c234f3a32..3db5e8aef 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf index 7ab4e2a42..c9e6722ae 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat b/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat index 0b7b02801..6b77a8161 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat @@ -1,4 +1,4 @@ -moon::cat /var/log/daemon.log::maximum ca path length of 7 levels reached::YES +moon::cat /var/log/daemon.log::maximum path length of 7 exceeded::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES carol::ipsec status::alice.*INSTALLED::NO moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::NO diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/description.txt b/testing/tests/ikev2/multi-level-ca-pathlen/description.txt new file mode 100644 index 000000000..1852f7157 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/description.txt @@ -0,0 +1,5 @@ +The strongSwan Root CA constrains the path length to one intermediate CA +but the Research CA creates a subsidiary Duck Research CA which in turn +issues an end entity certificate to roadwarrior carol so that the total +path length becomes two. This is detected by gateway moon which aborts +the negotiation. diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat b/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat new file mode 100644 index 000000000..266f0d0da --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat @@ -0,0 +1,4 @@ +moon::cat /var/log/daemon.log::path length of 2 violates constraint of 1::YES +carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES +carol::ipsec status::home.*INSTALLED::NO +moon::ipsec status::duck.*INSTALLED::NO diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..64539ccc2 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftsendcert=ifasked + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add + diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem new file mode 100644 index 000000000..4e13b52d0 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxGTAX +BgNVBAMTEER1Y2sgUmVzZWFyY2ggQ0EwHhcNMDkxMTA0MTYyMzM1WhcNMTQxMTAz +MTYyMzM1WjBfMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh +bjEWMBQGA1UECxMNRHVjayBSZXNlYXJjaDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25n +c3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LueCi67Y +IGRDKP5bkysGWZHrFrztq7elIFCPPSUxyIOYo4Upzr5WsvO0dIfcZY3agV2NcAI2 +30sATlfTUp+obedZMHbzE3VBvQuLjgK42ox2XIXDj23Vy496mVqlwUQulhBcAhMb +jnBb4T0aR7WCnJvfzyckEyWrTN0ajRyQhJEmTn+spYNQX/2lg6hEn/K1T/3Py7sG +veeF6BRenHR5L60NSK7qV7AU+hM4R0UIvgwYqzxSStgGS9G6Bwj9QTOWwSV1tuii +ABiRdZSBoON0uMMpRjgEzuVe0f4VbOCIEXO8MtdpCu7Rwa9tc8OwneLcGCYVomr5 +7KKRJdvC5As3AgMBAAGjgdYwgdMwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYD +VR0OBBYEFFSYDz2TYOMxfyrIx20NhPPHTCOIMHkGA1UdIwRyMHCAFHYqqKQxp8Zx +jzAlvAJmm8sXVI0goVWkUzBRMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXgg +c3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDASBgNVBAMTC1Jlc2VhcmNo +IENBggEFMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMA0GCSqGSIb3 +DQEBCwUAA4IBAQBIpl8SH4Nytgr6KvmXzns80u615WnDmP6oJrnwIZUkunVns8HH +TFUVjvDKoQ+8CvuaH9Ifo2dokGjtGObeO4Y38y0xBIkUO+JpwfTa3SeCEhdOZb3G +4e9WxHhV9IGfRyPsXQG+3JpAMaHYH+PNKiv7RBTq6rGaHzvgUEXRMTbv/bJI+Fs6 +Yfd/XxIur/ftVh4dZocyC74MUyXy5tyZJkHe1aBszOa0iT1852fq93lNUQPQqw0O +3q3Lg7CvbNSdWqeAMqUgeBqh6oQItY9Exrwh0tfuCsjZ0oWXUBghsuiV+GTmZ6ok +BiGmSmtX5OD4UtKcicuMRqnK2MYJHp1z1goE +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem new file mode 100644 index 000000000..48727ed9d --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAui7ngouu2CBkQyj+W5MrBlmR6xa87au3pSBQjz0lMciDmKOF +Kc6+VrLztHSH3GWN2oFdjXACNt9LAE5X01KfqG3nWTB28xN1Qb0Li44CuNqMdlyF +w49t1cuPeplapcFELpYQXAITG45wW+E9Gke1gpyb388nJBMlq0zdGo0ckISRJk5/ +rKWDUF/9pYOoRJ/ytU/9z8u7Br3nhegUXpx0eS+tDUiu6lewFPoTOEdFCL4MGKs8 +UkrYBkvRugcI/UEzlsEldbboogAYkXWUgaDjdLjDKUY4BM7lXtH+FWzgiBFzvDLX +aQru0cGvbXPDsJ3i3BgmFaJq+eyikSXbwuQLNwIDAQABAoIBAGK7cOXXsTbHpqO+ +33QsjQpnAWyLuFDJWS/l/RKYuFq4HKEbRgivrFxJtdciXNHRwPH43GWe2m3C6AEX +ipd0H1qwPZkcjFfHH81mtPKismrY6tfxpLXaH8LamhHHtTxlSwTxa2d/aiaY2JjA +zyhakrTa3AZJ0lXdGYLH1hC4eEdiPghIqwL8YNB0V2ldq+bMdtQ1i3dcmseV9TI2 +DEAKWzjc7oIcuY9HtfEEAIPzSSqwrM7wUWd9dk70o7b05eK9pnTF59Lnk5U1J1Ag +QnXBHBZfLVDnTYd+dFWM8wUIpO0n6ccUToINppwSejyOs726jUuWGZCthxLBsFZp +5Pj9B6ECgYEA3lRxGRJsAfMoyOc4kLfDmlDtrP88knRlqRW7mVYjclhMbVtrtaTP +44VqmxKIVNQt1p5hB/Gn4kbhC7OnUja/FVHdosEjFhYNh+QCisyaS2V7RNyEidJX +Q61V8v0Z7MxHxxDljVvWfSdAUDRrFwWYxRXZJWwStEmtdAbiZa6aydkCgYEA1mEV +2D+gaR+oBouqcZMiSAjV/qHbnfw4EC2XFCw84JMPerBwl4noWCgvgf0lRirbI+Ar +PDOfoclLnDQRgnqkK4okSIW0SddxttbKdDhhZ2c2CoyKxUqN7/NEyy/tZ2WZRcmX +LILTLXzi/9qq8lF9odjIl5KKsRpXhqMsf5b1w48CgYEAqDT8yDo+yw7b6Xu+OQc/ +Ds5xs3P7sNYtX8qYfz9DXCxfzlDfYbMKsZlr+V0BFiTddUWoJal4GeMEOqU2TyYq +VYf1hkBXOkt++zPPlJGNnsNtisDH6bng2cwXfdpttdEr8Pjgo5063r9GkifGacmL +Nnj8K6rjT9F6UJEw0jtS0qkCgYAi3RMSYfaSYgWPWvNTGRyAHn++s0/l93iemOty +6mbUFtZzm3IUEudoPtDLEQIY0StmQDSHy9VwGC5lrsoSMCO2uPaBnMzfHVxu4at3 +Dxw4Fr7hJE4FG8TNewB7EsZHBGzSvqAJKxVw1liMR2F5musVgQ3OKJTJjIEjcjHw +Zfp93QKBgQCPp6SH510qK9Rf+HjeWXJpOB2ByruC5rBgqrxE4rbIB3/fAl86a3Kq +Q1VqdGb+CW0FlkPshDmmdi3IoCliXywadSaXi/unPfPTel0pQAC8NM7WpPoaUfnS +QgL5iNXshicKoE8U6PRhYvn81zVpt4bFn3DZRgIlau2GQnijLkGvQw== +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..fac55d63b --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA carolKey.pem diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..572cf39cb --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink +} diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..528dda39b --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn duck + left=PH_IP_MOON + leftcert=moonCert.pem + leftsendcert=ifasked + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Duck Research CA" + auto=add diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem new file mode 100644 index 000000000..bb205a0fd --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0jCCArqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MTEwNDE2MTUwM1oXDTE1MTEwMzE2MTUw +M1owVjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAsTCFJlc2VhcmNoMRkwFwYDVQQDExBEdWNrIFJlc2VhcmNoIENBMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIBRSgHCxHhMjsVZo4PtFnENkHNu +MfyRDsc7m1KRDVt8N4h/EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwDYY0sX+qrpQKa +ub5AgsRa2fOOR9xfyf0Q7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFdXLNY3r60tBsO +UHOJAPZNoGPey5UL9ZjjsN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7ulsSkO9BrfqKD +h/pliP7uZANd0ZpPcrIc68WwrelpI1zu0kYGqu/y8HZpuPuAXtGqS2jctrjSieeY +i9wFLnS2tgV3ID4LzEEICSeqVqOvYgGKbarqLkARdxmdRKM9QYpu+5J+YQIDAQAB +o4GvMIGsMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBR2 +KqikMafGcY8wJbwCZpvLF1SNIDBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDzANBgkqhkiG9w0BAQsF +AAOCAQEAsHR1vDlz2sPQpD9xnt1PL4qX7XWSSM6d+QG3cjdiKCjH8t78ecEm1duv +YozLg6SYHGUF9qYuPz2SAZjQjmIWLlkQpBfQm8/orG+jbsQl5HkXFYX0UWAKZFGx +rjHnOzmQxnmIWHky4uMDT/UmhmWy6kuCmZbKeeOqkBR2gVxfLyzelTSbF4ntEm1C +1XqqtM4OfTOD5QUPD+6rZ5RoIPId9+2A8pJ2NyCUCf47FbkmYzU5+oiChhcGzsC5 +wDlgP32NA88kSiSJ2p2ZveYveRqcyZXZDAiTxRaIwJY0bt2Dk4wKicvy6vPdLA5v +DSlBqDpnqK8tEI9V9YeroihTcygrEg== +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem new file mode 100644 index 000000000..154cff654 --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh +cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD +FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU +zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO +/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0 +C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 ++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E +BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd +VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg +Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX +fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq +3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa +0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 +IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW +Tfcyi+M= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..572cf39cb --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink +} diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/posttest.dat b/testing/tests/ikev2/multi-level-ca-pathlen/posttest.dat new file mode 100644 index 000000000..f84b7e37b --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/posttest.dat @@ -0,0 +1,3 @@ +moon::ipsec stop +carol::ipsec stop +moon::rm /etc/ipsec.d/cacerts/* diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat b/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat new file mode 100644 index 000000000..9f0232a7b --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat @@ -0,0 +1,5 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +carol::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/test.conf b/testing/tests/ikev2/multi-level-ca-pathlen/test.conf new file mode 100644 index 000000000..b118cb7dc --- /dev/null +++ b/testing/tests/ikev2/multi-level-ca-pathlen/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice venus moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf index 8a6df98fa..77f09f216 100644 --- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { keep_alive = 1d - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf index 4731a81d2..9af403198 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf index 4731a81d2..9af403198 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-pgp-v3/description.txt b/testing/tests/ikev2/net2net-pgp-v3/description.txt new file mode 100644 index 000000000..bd680b57a --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/description.txt @@ -0,0 +1,6 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on OpenPGP V3 keys. Upon the successful +establishment of the IPsec tunnel, leftfirewall=yes automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client alice behind gateway moon +pings client bob located behind gateway sun. diff --git a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat new file mode 100644 index 000000000..1a3759e34 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat @@ -0,0 +1,5 @@ +moon::ipsec status::net-net.*INSTALLED::YES +sun::ipsec status::net-net.*INSTALLED::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..405cd06bf --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn net-net + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.asc + leftid=@#71270432cd763a18020ac988c0e75aed + leftfirewall=yes + right=PH_IP_SUN + rightsubnet=10.2.0.0/16 + rightcert=sunCert.asc + auto=add diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc new file mode 100644 index 000000000..135cfaec0 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc @@ -0,0 +1,15 @@ +Type Bits/KeyID Date User ID +pub 1024/613A3B61 2005/08/07 moon + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3i + +mQCNA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61 ++bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9 +RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR +tBptb29uIDxtb29uLnN0cm9uZ3N3YW4ub3JnPokAlQMFEEL2KI/1rAp5YTo7YQEB +vX4EAKtr0e6WMDIRlpE4VhhdQ7AgBgGyhgfqAdD9KDx8o4fG4nkmh7H1bG/PLJA1 +f+UfDGnOyIwPOrILNyNnwAbDHXjJaNylahM7poOP7i0VlbhZPLAC0cSQi02/Zrac +t5bED5tHSrNSjcA/CjuxRuu9lmR6s57IQnQnwt9I4LTM+CFP +=oaBj +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc new file mode 100644 index 000000000..32f204b10 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc @@ -0,0 +1,15 @@ +Type Bits/KeyID Date User ID +pub 1024/79949ADD 2005/08/07 sun + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3i + +mQCNA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ +rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7 +I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR +tBhzdW4gPHN1bi5zdHJvbmdzd2FuLm9yZz6JAJUDBRBC9ipvHSlWl3mUmt0BAUZR +A/43nuZbxADMSviu54Mj8pvQbYeGLQVabiWT6h7L0ZPX4MWpFH3dTixBfRrZRSsj +0AgiMMuZAMebfOe+Xf9uDQv7p1yumEiNg43tg85zyawkARWNTZZ04woxtvAqNwXn +lQotGz7YA6JMxry9RQo5yI4Y4dPnVZ/o8eDpP0+I88cOhQ== +=lLvB +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc new file mode 100644 index 000000000..6524773e0 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc @@ -0,0 +1,19 @@ +Type Bits/KeyID Date User ID +sec 1024/613A3B61 2005/08/07 moon + +-----BEGIN PGP SECRET KEY BLOCK----- +Version: 2.6.3i + +lQHYA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61 ++bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9 +RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR +AAP9Fj7OaaCfTL3Met8yuS8ZGMDL/fq+4f2bM+OdPSgD4N1Fiye0B1QMCVGWI1Xd +JXS0+9QI0A3iD12YAnYwsP50KmsLHA69AqchN7BuimoMfHDXqpTSRW57E9MCEzQ9 +FFN8mVPRiDxAUro8qCjdHmk1vmtdt/PXn1BuXHE36SzZmmMCANBA4WHaO6MJshM6 +7StRicSCxoMn/lPcj6rfJS4EaS+a0MwECxKQ3HKTpP3/+7kaWfLI/D65Xmi3cVK3 +0CPwUK8CAP2RYWoBZPSA8dBGFYwR7W6bdNYhdmGmsVCaM7v4sVr0FwHwMERadByN +8v0n5As3ZbrCURRp68wuE+JjfOM5mO8CAM3ZK7AVlBOqkoI3X3Ji3yviLlsr2ET7 +QrVKFQBq7eUhwYFo6mVemEqQb61tGirq+qL4Wfk/7+FffZPsUyLX1amfjLQabW9v +biA8bW9vbi5zdHJvbmdzd2FuLm9yZz4= +=YFQm +-----END PGP SECRET KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..afb1ff927 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.asc diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..39d7154e2 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown +} + diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..4460106de --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn net-net + left=PH_IP_SUN + leftsubnet=10.2.0.0/16 + leftcert=sunCert.asc + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightcert=moonCert.asc + rightid=@#71270432cd763a18020ac988c0e75aed + auto=add diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc new file mode 100644 index 000000000..135cfaec0 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc @@ -0,0 +1,15 @@ +Type Bits/KeyID Date User ID +pub 1024/613A3B61 2005/08/07 moon + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3i + +mQCNA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61 ++bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9 +RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR +tBptb29uIDxtb29uLnN0cm9uZ3N3YW4ub3JnPokAlQMFEEL2KI/1rAp5YTo7YQEB +vX4EAKtr0e6WMDIRlpE4VhhdQ7AgBgGyhgfqAdD9KDx8o4fG4nkmh7H1bG/PLJA1 +f+UfDGnOyIwPOrILNyNnwAbDHXjJaNylahM7poOP7i0VlbhZPLAC0cSQi02/Zrac +t5bED5tHSrNSjcA/CjuxRuu9lmR6s57IQnQnwt9I4LTM+CFP +=oaBj +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc new file mode 100644 index 000000000..32f204b10 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc @@ -0,0 +1,15 @@ +Type Bits/KeyID Date User ID +pub 1024/79949ADD 2005/08/07 sun + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3i + +mQCNA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ +rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7 +I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR +tBhzdW4gPHN1bi5zdHJvbmdzd2FuLm9yZz6JAJUDBRBC9ipvHSlWl3mUmt0BAUZR +A/43nuZbxADMSviu54Mj8pvQbYeGLQVabiWT6h7L0ZPX4MWpFH3dTixBfRrZRSsj +0AgiMMuZAMebfOe+Xf9uDQv7p1yumEiNg43tg85zyawkARWNTZZ04woxtvAqNwXn +lQotGz7YA6JMxry9RQo5yI4Y4dPnVZ/o8eDpP0+I88cOhQ== +=lLvB +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc new file mode 100644 index 000000000..de2393649 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc @@ -0,0 +1,19 @@ +Type Bits/KeyID Date User ID +sec 1024/79949ADD 2005/08/07 sun + +-----BEGIN PGP SECRET KEY BLOCK----- +Version: 2.6.3i + +lQHYA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ +rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7 +I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR +AAP8DHxBOQ7UeiO6cutdGSLfy6nxGf/eRR8d3dNLFKpRfy9IQxPN/yQHb8pzSQUI +Pqi3V4PcJUJQJIMNqzzgyTyey/OdTc+IFngywRGKQowyD7vY+urVbcEDHe+sRTL1 +GvrsQGMZoXNDimABHn5NbT6Pc06xQ9rNvpCSyHMyzcylpk0CANqf96aEaryGJozg +vSN5GlS77rPJ9Y9mU2EJs1+0BlMcb7Sy4HN2RRc/V56ZmlW2m3UbGwPqG8R9XQQ2 +LO03bTcCAPiJbTcRdA/YnZExbZPgEnV5nq8tVXTc7bz1Sw7ZWRef0iZyIQEXbwLn +2Z2EJik9bQpkcVJSBV17cH7Av/VdIosCAKJPVoBETiVzWejIpGHHqbnmZC8P9rUs +xAXZbNukbL3YElLeopNMyddTi6kf45/m0sb7fr7rzW/OJ7WP8mDrGPec4rQYc3Vu +IDxzdW4uc3Ryb25nc3dhbi5vcmc+ +=DwEu +-----END PGP SECRET KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets new file mode 100644 index 000000000..ee98b1611 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA sunKey.asc diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..39d7154e2 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown +} + diff --git a/testing/tests/ikev2/net2net-pgp-v3/posttest.dat b/testing/tests/ikev2/net2net-pgp-v3/posttest.dat new file mode 100644 index 000000000..fafcde975 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/posttest.dat @@ -0,0 +1,8 @@ +moon::ipsec stop +sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null +moon::rm /etc/ipsec.d/certs/* +moon::rm /etc/ipsec.d/private/* +sun::rm /etc/ipsec.d/certs/* +sun::rm /etc/ipsec.d/private/* diff --git a/testing/tests/ikev2/net2net-pgp-v3/pretest.dat b/testing/tests/ikev2/net2net-pgp-v3/pretest.dat new file mode 100644 index 000000000..9e40684ab --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/pretest.dat @@ -0,0 +1,8 @@ +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +moon::rm /etc/ipsec.d/cacerts/* +sun::rm /etc/ipsec.d/cacerts/* +moon::ipsec start +sun::ipsec start +moon::sleep 2 +moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-pgp-v3/test.conf b/testing/tests/ikev2/net2net-pgp-v3/test.conf new file mode 100644 index 000000000..f74d0f7d6 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v3/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev2/net2net-pgp-v4/description.txt b/testing/tests/ikev2/net2net-pgp-v4/description.txt new file mode 100644 index 000000000..c82eec9ba --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/description.txt @@ -0,0 +1,6 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on OpenPGP V4 keys. Upon the successful +establishment of the IPsec tunnel, leftfirewall=yes automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client alice behind gateway moon +pings client bob located behind gateway sun. diff --git a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat new file mode 100644 index 000000000..1a3759e34 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat @@ -0,0 +1,5 @@ +moon::ipsec status::net-net.*INSTALLED::YES +sun::ipsec status::net-net.*INSTALLED::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..d059cb1da --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn net-net + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.asc + leftfirewall=yes + right=PH_IP_SUN + rightsubnet=10.2.0.0/16 + rightcert=sunCert.asc + rightid=@#b42f31fec80ae3264a101c85977a04ac8d1638d3 + auto=add diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc new file mode 100644 index 000000000..a512f8f52 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc @@ -0,0 +1,24 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQENBEpg0UQBCADWgUvdhUfaNdmWZkvECCcDRE+qlbJnVtIbBNkfsfTL1B20g2Mf +UhWJORD0ka01pc6Tc5BF/379npNu48lj0g6OdgG5ivvhAAK/6tdGNW/xZQEhTB+A +nmOu/9HbxtsXjZ5peX6F2k8OlG9hSJgTdGamhmkNaja0FrzSOz5jGhrEc2oCQVnd +6BXRz4eq7W+VwlC6cxlgi7f5pUFfSqKYVwPLf+VkPVUHo+vSzuidJSL/jaEr9my/ +I0c/fUsVVWa3Z/KyGNY4Ej1DB21PnWYBo9H5SK7YC7auiHGwekdybWoI/6IPOP3f +JqKbhO3ZbTw9bEZv+Lt52GeN4tNaWsOIbpVDABEBAAG0E21vb24uc3Ryb25nc3dh +bi5vcmeJATcEEwECACEFAkpg0UQCGwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AA +CgkQ9djQiWs7dNHHNQf/UiwJPioLef7dgGG2E+kwVQUK3LK+wXLrCVlRdTpSbw8K +N2yl6/L8djIdox0jw3yCYhCWxf94N4Yqw4zUjaA4wt+U37ZPqlx/kdfNZwn2383K +1niLPYmJf5sMWXPAmetT6tNEHNhkmE7CsmDqikX1GUvJ4NmoHp/2DQLKR4/Olb1Y +D4HulHK0nfMxf1gVmFhRFtGpzrGS26G3HzV0ZDs4fYEkVFfTBkCyGzE667O8W9Gk +/EoRdO7hDOAEk80Gp23bDX6ygnvsAqUeWNwYYctkiJKb/YMiAR/bOtFHtgN43atv +1I5GZ96wAo+s+KZAXaHlxFvq7r6OMzxgEWTtyNTtG4kBHAQQAQIABgUCSmDShgAK +CRCXegSsjRY401hVB/9HlBSdkal26U8HmVSjblOpMhaEKWjAZG1VnhcA5/GstzHc +ql7CuciAzOfRY9kcUvvonjLLBEb6P8H7mNaosE0XtqBI+Il8w6FIsfqXG+w2lISt +21/OoS3uXmUD43xdGkJACgoQP3eAqscRnoiNq/Wrg4GFvMmhK3pu3UR0joFrxwoX +mIbpJ1CZFrYDhLRFWUMV+93rzde7UfIeSuPwuE96yTJFgc4QKKFKT+msELTko9Fb +G5N0Q//Rfy+mbqQlk7JVd2WqUMfSx6Fw9X8z88uQamdcgx2/6HzFSL1QiBNyF/3D +spAwu2H5T4gSZH3FywlmRp+JJzNy+aci+M/eTvDz +=j2hu +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc new file mode 100644 index 000000000..5117cbb04 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc @@ -0,0 +1,24 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQENBEpg0bgBCADIozng/tZLr8mEcHvXe4S4zRE31EngymiBFytJ0r2sky43lJXB +QdW2h/elDDO2drrKVt9iwR/WS25r7Er1ibDn1cje9dERDU/IWyS7UaCewUG7WTZM +/aWrt1cnq11FhpdckQfdalh+au0rnsJJP+mwZBti6KtX9LFi0kKvVoDt+jlNJMlV +CLRgQ30BmgApiqEDxbVURmHf8UPDNy6GDcQYnJ1AmliIavzjpDl/l68TadBCf8WP +B2hBe/AoB9ODgc9GnBRMN6RGSvpXGBugKhleFUtCtUR0h3NZtpcD8479XuqSjbyN +4mUEAeXJIIkT/hLHmmbQK0DTrHPaTtXGfeOjABEBAAG0EnN1bi5zdHJvbmdzd2Fu +Lm9yZ4kBNwQTAQIAIQUCSmDRuAIbAwcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAK +CRCXegSsjRY407LCCACqHrnT1xqsQRAIL9GQtI6AkaLJLtJXbALtSKg1Ik1DQA9g +0P+Scnu84xj1o5bRWX2WyPYZUgDY6fB3bSQuX/Z0lIUtl16xRL53jKroGDzg3JZ0 +eNYmehGoIes4JfQm08UM7roywGaaWAfTK2gDFdjsetU4FkpbziVp8cOeAzUMU5/D +RLu5rvCB6m5u62RncmppraAYuQWRjZALIxugFW9IBe+hItY3eBa0rnrCPUb2ywSG +6XXcCnBr/34g/bQXWRxBhbf91ewVaDxgLeoFzQl34h8MxxxBAzG/1023wkN+K97j +vnvvZKUwbd/TRFJkorkhkRpA1wSrJ0tAsvODgc8biQEcBBABAgAGBQJKYNK9AAoJ +EPXY0IlrO3TR8X4H/2eabptQ49q6SX5bwZ+13QoGZdarAvFxVGbbhaRrOrbsYNbg +Wd8k6R/Uwz1qkH3RJBmANm2wcDYhXsztprUrQ3a5jIgZfc+ZH/0cZiFUWk004m7t +mXdvWsGkbxye0kUChQOP9/VJBgpOBnK4MngX7d3nwSIO75r4ugey2Aud/eOvrm5m +t5MJBANTGAnBGwqXtsDm7v0L9VQY6PuLIgPwftB+vwy/Ea8vU5AmFKVkfAR/pVIT +gELY5mDHaqLxgvfMVJ+PFkvb5HF7QdpIcxUjo3SNgyOyYpN+pfQQbVLkPoOs1xqf +lIbIyjzMp02KM3iRElcuU/EBEfsp0/voJ/iyd+o= +=tAh4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc new file mode 100644 index 000000000..59de821d6 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc @@ -0,0 +1,32 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +lQOYBEpg0UQBCADWgUvdhUfaNdmWZkvECCcDRE+qlbJnVtIbBNkfsfTL1B20g2Mf +UhWJORD0ka01pc6Tc5BF/379npNu48lj0g6OdgG5ivvhAAK/6tdGNW/xZQEhTB+A +nmOu/9HbxtsXjZ5peX6F2k8OlG9hSJgTdGamhmkNaja0FrzSOz5jGhrEc2oCQVnd +6BXRz4eq7W+VwlC6cxlgi7f5pUFfSqKYVwPLf+VkPVUHo+vSzuidJSL/jaEr9my/ +I0c/fUsVVWa3Z/KyGNY4Ej1DB21PnWYBo9H5SK7YC7auiHGwekdybWoI/6IPOP3f +JqKbhO3ZbTw9bEZv+Lt52GeN4tNaWsOIbpVDABEBAAEAB/42Vsa7NTpAgwe92+gx +nscTQsjTs9xf5VSQV6gRKWmUAQYNZoNDue2Ot5AeBJFWV8x++fWAZfrrkLJUkwu/ +Z8UcPbSuJhEsrG4F5B3owTy8cBPbNYd9c6JZAKFPBY8W5l9M5OQyUF1amiuk/1jX +BNPEN6SBK3j0IhZvQ2bIgCJrxUH9igvOig2HmfOYv11UMzOErSA/eGRSA+TrM+QK +BDCG1ae3dLe/pXtIuh1/jkLo7Byk0ofgv2+Ty/LSwBCj0vtUjtMHHRNZFRYFrNiN +S6FyrS7+Q9BJolNkuXT83i4dm208+6bKQBPxV3ZaLgf2y19/g5av8f745ercygQI +MdGBBADaWGKpev55Oom2gNV4jaQFaAc4K4OqW1IbsXk8QSl1iaoHmt9VlGP+A+8O +GG+h0cfIlUHnAC29Hs5lDnlByqdTnG9zTyOrnzZEY1+jFGGgs+O/ehS3riGI5dB8 +mwReZfY/aqp7naLkkymHuIAizmxkYORPZtTugyi99Zha4m8j4QQA+39fTOthVIYi +RXMzGknEjh9fMLvCkx33ghapCtc4ftJRACfaatQJVBG2li7LHbPg9fboIyG/x/Ey +iyGtPxwBLo7MJige6xpzVB4Qk+zLDCKouca29uY1rGQzZ0FTmMMtu3Rm+dKh9lLv +vg7ZJNTfhxldC+R/L/gOIBWEzy/iXaMD/2A+wQuKDLDRb9/sOiq/6z7Ryl6FPbTC +AvvNU3hJtRImfmHodob//zzYYgOY7exY/qubC6FsDW4AN+2iHesCdIzCrAG7v9X3 +Rn1WPq96FfY2y5b6qEl8Tx+a71TZi5RJRtoWPe3IolausE0T3IjRbWI4XgMu/T5o +Rmv/f5gyc5OxPpG0E21vb24uc3Ryb25nc3dhbi5vcmeJATcEEwECACEFAkpg0UQC +GwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AACgkQ9djQiWs7dNHHNQf/UiwJPioL +ef7dgGG2E+kwVQUK3LK+wXLrCVlRdTpSbw8KN2yl6/L8djIdox0jw3yCYhCWxf94 +N4Yqw4zUjaA4wt+U37ZPqlx/kdfNZwn2383K1niLPYmJf5sMWXPAmetT6tNEHNhk +mE7CsmDqikX1GUvJ4NmoHp/2DQLKR4/Olb1YD4HulHK0nfMxf1gVmFhRFtGpzrGS +26G3HzV0ZDs4fYEkVFfTBkCyGzE667O8W9Gk/EoRdO7hDOAEk80Gp23bDX6ygnvs +AqUeWNwYYctkiJKb/YMiAR/bOtFHtgN43atv1I5GZ96wAo+s+KZAXaHlxFvq7r6O +MzxgEWTtyNTtGw== +=Vb4y +-----END PGP PRIVATE KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..afb1ff927 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.asc diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..39d7154e2 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown +} + diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..198f2a8a8 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn net-net + left=PH_IP_SUN + leftsubnet=10.2.0.0/16 + leftcert=sunCert.asc + leftid=@#b42f31fec80ae3264a101c85977a04ac8d1638d3 + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightcert=moonCert.asc + auto=add diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc new file mode 100644 index 000000000..a512f8f52 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc @@ -0,0 +1,24 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQENBEpg0UQBCADWgUvdhUfaNdmWZkvECCcDRE+qlbJnVtIbBNkfsfTL1B20g2Mf +UhWJORD0ka01pc6Tc5BF/379npNu48lj0g6OdgG5ivvhAAK/6tdGNW/xZQEhTB+A +nmOu/9HbxtsXjZ5peX6F2k8OlG9hSJgTdGamhmkNaja0FrzSOz5jGhrEc2oCQVnd +6BXRz4eq7W+VwlC6cxlgi7f5pUFfSqKYVwPLf+VkPVUHo+vSzuidJSL/jaEr9my/ +I0c/fUsVVWa3Z/KyGNY4Ej1DB21PnWYBo9H5SK7YC7auiHGwekdybWoI/6IPOP3f +JqKbhO3ZbTw9bEZv+Lt52GeN4tNaWsOIbpVDABEBAAG0E21vb24uc3Ryb25nc3dh +bi5vcmeJATcEEwECACEFAkpg0UQCGwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AA +CgkQ9djQiWs7dNHHNQf/UiwJPioLef7dgGG2E+kwVQUK3LK+wXLrCVlRdTpSbw8K +N2yl6/L8djIdox0jw3yCYhCWxf94N4Yqw4zUjaA4wt+U37ZPqlx/kdfNZwn2383K +1niLPYmJf5sMWXPAmetT6tNEHNhkmE7CsmDqikX1GUvJ4NmoHp/2DQLKR4/Olb1Y +D4HulHK0nfMxf1gVmFhRFtGpzrGS26G3HzV0ZDs4fYEkVFfTBkCyGzE667O8W9Gk +/EoRdO7hDOAEk80Gp23bDX6ygnvsAqUeWNwYYctkiJKb/YMiAR/bOtFHtgN43atv +1I5GZ96wAo+s+KZAXaHlxFvq7r6OMzxgEWTtyNTtG4kBHAQQAQIABgUCSmDShgAK +CRCXegSsjRY401hVB/9HlBSdkal26U8HmVSjblOpMhaEKWjAZG1VnhcA5/GstzHc +ql7CuciAzOfRY9kcUvvonjLLBEb6P8H7mNaosE0XtqBI+Il8w6FIsfqXG+w2lISt +21/OoS3uXmUD43xdGkJACgoQP3eAqscRnoiNq/Wrg4GFvMmhK3pu3UR0joFrxwoX +mIbpJ1CZFrYDhLRFWUMV+93rzde7UfIeSuPwuE96yTJFgc4QKKFKT+msELTko9Fb +G5N0Q//Rfy+mbqQlk7JVd2WqUMfSx6Fw9X8z88uQamdcgx2/6HzFSL1QiBNyF/3D +spAwu2H5T4gSZH3FywlmRp+JJzNy+aci+M/eTvDz +=j2hu +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc new file mode 100644 index 000000000..5117cbb04 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc @@ -0,0 +1,24 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQENBEpg0bgBCADIozng/tZLr8mEcHvXe4S4zRE31EngymiBFytJ0r2sky43lJXB +QdW2h/elDDO2drrKVt9iwR/WS25r7Er1ibDn1cje9dERDU/IWyS7UaCewUG7WTZM +/aWrt1cnq11FhpdckQfdalh+au0rnsJJP+mwZBti6KtX9LFi0kKvVoDt+jlNJMlV +CLRgQ30BmgApiqEDxbVURmHf8UPDNy6GDcQYnJ1AmliIavzjpDl/l68TadBCf8WP +B2hBe/AoB9ODgc9GnBRMN6RGSvpXGBugKhleFUtCtUR0h3NZtpcD8479XuqSjbyN +4mUEAeXJIIkT/hLHmmbQK0DTrHPaTtXGfeOjABEBAAG0EnN1bi5zdHJvbmdzd2Fu +Lm9yZ4kBNwQTAQIAIQUCSmDRuAIbAwcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAK +CRCXegSsjRY407LCCACqHrnT1xqsQRAIL9GQtI6AkaLJLtJXbALtSKg1Ik1DQA9g +0P+Scnu84xj1o5bRWX2WyPYZUgDY6fB3bSQuX/Z0lIUtl16xRL53jKroGDzg3JZ0 +eNYmehGoIes4JfQm08UM7roywGaaWAfTK2gDFdjsetU4FkpbziVp8cOeAzUMU5/D +RLu5rvCB6m5u62RncmppraAYuQWRjZALIxugFW9IBe+hItY3eBa0rnrCPUb2ywSG +6XXcCnBr/34g/bQXWRxBhbf91ewVaDxgLeoFzQl34h8MxxxBAzG/1023wkN+K97j +vnvvZKUwbd/TRFJkorkhkRpA1wSrJ0tAsvODgc8biQEcBBABAgAGBQJKYNK9AAoJ +EPXY0IlrO3TR8X4H/2eabptQ49q6SX5bwZ+13QoGZdarAvFxVGbbhaRrOrbsYNbg +Wd8k6R/Uwz1qkH3RJBmANm2wcDYhXsztprUrQ3a5jIgZfc+ZH/0cZiFUWk004m7t +mXdvWsGkbxye0kUChQOP9/VJBgpOBnK4MngX7d3nwSIO75r4ugey2Aud/eOvrm5m +t5MJBANTGAnBGwqXtsDm7v0L9VQY6PuLIgPwftB+vwy/Ea8vU5AmFKVkfAR/pVIT +gELY5mDHaqLxgvfMVJ+PFkvb5HF7QdpIcxUjo3SNgyOyYpN+pfQQbVLkPoOs1xqf +lIbIyjzMp02KM3iRElcuU/EBEfsp0/voJ/iyd+o= +=tAh4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc new file mode 100644 index 000000000..68899ae37 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc @@ -0,0 +1,32 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +lQOYBEpg0bgBCADIozng/tZLr8mEcHvXe4S4zRE31EngymiBFytJ0r2sky43lJXB +QdW2h/elDDO2drrKVt9iwR/WS25r7Er1ibDn1cje9dERDU/IWyS7UaCewUG7WTZM +/aWrt1cnq11FhpdckQfdalh+au0rnsJJP+mwZBti6KtX9LFi0kKvVoDt+jlNJMlV +CLRgQ30BmgApiqEDxbVURmHf8UPDNy6GDcQYnJ1AmliIavzjpDl/l68TadBCf8WP +B2hBe/AoB9ODgc9GnBRMN6RGSvpXGBugKhleFUtCtUR0h3NZtpcD8479XuqSjbyN +4mUEAeXJIIkT/hLHmmbQK0DTrHPaTtXGfeOjABEBAAEAB/0XU57hkU9R6mSoALnt +Qh+aqsDjOEvEllPTGmH+icFipJP9g0lr+B8EQ0egCUyj3Kb36mS7Yw+0Bv4WDxlh +9bm7Iohhn7vIWz9Y4HvjSWi+vGJLiWI+TkkqLz0zUAGemTjU2snKzNfwDrd3WFRn +VsZxKxpiBAITzk+nWSHGp+yCfl3NVaA/MYAI+FgiQlq/qTCRreEsexAJ09weDLGN +P95V4E6LACRy+wiy7X0lRzS1047UUtTcZUF6c5ERfgAGT5NKT/ZA4THZy5pPrSOw +bRIHbozSlWbnrZNz8DNa4iyHsEw/42IvjU/LflmGWL2hvVxA40ezlxGVi5ea5gFV +5q9dBADWGXToEaHMqie/HAC4+1/VCTmAvqIKcegNWHCL1PGYBBfRonF/TDcbkawy +0ATlk+rkyTaRvkapb1LdqE1qThGQWC6iLb3v8E2UEizCM1VFo2EqcKxbCoJdsEtR +mrK/zIqZ/h/4iEu/ekLPeDwdIWWdBlfYTtTwdMH40eoPOLyo/QQA7+dSOQcAUp8H +1NuNpyK+9M3/mkpXRF3cqdiY7AnHIf4WWDtgDUHugtO8HlAkq4cL27QYBojVHCqB +P+NLJo6A35nNbt2IPqAotCgk8NlgtsA+oJ9tvWGarOLMnIt0eBv80blqa5PGeoFt +EuYxYO2bRAE2cQtMXPMLKpl3VKSRMR8EAKINBJ81zq2twDG1qvRg40XAz2LOKkFd +B+fNAd0JSC8+qx4MMdn0iL6WaCIN6t1wzI7l1whLUc7f3MPF2dwrsrB9j3MgHppr +GBLl0A3a1tIkWPAejMcpSgFR63ooQQgoX+XH0woST3wgHTZT6fF+zFn3eaGJ3wqv +JNcE4vcbJf1COoi0EnN1bi5zdHJvbmdzd2FuLm9yZ4kBNwQTAQIAIQUCSmDRuAIb +AwcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAKCRCXegSsjRY407LCCACqHrnT1xqs +QRAIL9GQtI6AkaLJLtJXbALtSKg1Ik1DQA9g0P+Scnu84xj1o5bRWX2WyPYZUgDY +6fB3bSQuX/Z0lIUtl16xRL53jKroGDzg3JZ0eNYmehGoIes4JfQm08UM7roywGaa +WAfTK2gDFdjsetU4FkpbziVp8cOeAzUMU5/DRLu5rvCB6m5u62RncmppraAYuQWR +jZALIxugFW9IBe+hItY3eBa0rnrCPUb2ywSG6XXcCnBr/34g/bQXWRxBhbf91ewV +aDxgLeoFzQl34h8MxxxBAzG/1023wkN+K97jvnvvZKUwbd/TRFJkorkhkRpA1wSr +J0tAsvODgc8b +=QOF4 +-----END PGP PRIVATE KEY BLOCK----- diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets new file mode 100644 index 000000000..ee98b1611 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA sunKey.asc diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..39d7154e2 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown +} + diff --git a/testing/tests/ikev2/net2net-pgp-v4/posttest.dat b/testing/tests/ikev2/net2net-pgp-v4/posttest.dat new file mode 100644 index 000000000..fafcde975 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/posttest.dat @@ -0,0 +1,8 @@ +moon::ipsec stop +sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null +moon::rm /etc/ipsec.d/certs/* +moon::rm /etc/ipsec.d/private/* +sun::rm /etc/ipsec.d/certs/* +sun::rm /etc/ipsec.d/private/* diff --git a/testing/tests/ikev2/net2net-pgp-v4/pretest.dat b/testing/tests/ikev2/net2net-pgp-v4/pretest.dat new file mode 100644 index 000000000..9e40684ab --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/pretest.dat @@ -0,0 +1,8 @@ +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +moon::rm /etc/ipsec.d/cacerts/* +sun::rm /etc/ipsec.d/cacerts/* +moon::ipsec start +sun::ipsec start +moon::sleep 2 +moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-pgp-v4/test.conf b/testing/tests/ikev2/net2net-pgp-v4/test.conf new file mode 100644 index 000000000..f74d0f7d6 --- /dev/null +++ b/testing/tests/ikev2/net2net-pgp-v4/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf index 454aed12c..87fa5b2e9 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf index 454aed12c..87fa5b2e9 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-rfc3779/description.txt b/testing/tests/ikev2/net2net-rfc3779/description.txt new file mode 100644 index 000000000..1e56ce687 --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/description.txt @@ -0,0 +1,11 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on X.509 certificates containing RFC 3779 IP address +block constraints. Both moon and sun set rightsubnet=0.0.0.0/0 thus +allowing the peers to narrow down the address range to their actual subnets 10.1.0.0/16 +and 10.2.0.0/16, respectively. These unilaterally proposed traffic selectors must be +validated by corresponding IP address block constraints. +

    +Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client alice behind gateway moon +pings client bob located behind gateway sun. diff --git a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat new file mode 100644 index 000000000..149cf727a --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat @@ -0,0 +1,15 @@ +moon::ipsec statusall::net-net.*ESTABLISHED::YES +sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon::cat /var/log/daemon.log::subject address block 10.2.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES +moon::cat /var/log/daemon.log::subject address block 192.168.0.2/32 is contained in issuer address block 192.168.0.0/24::YES +moon::cat /var/log/daemon.log::subject address block fec0:\:2/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +moon::cat /var/log/daemon.log::subject address block fec2:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +sun::cat /var/log/daemon.log::subject address block 10.1.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES +sun::cat /var/log/daemon.log::subject address block 192.168.0.1/32 is contained in issuer address block 192.168.0.0/24::YES +sun::cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +sun::cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +moon::cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES +sun::cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..ce59d849c --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + charondebug="cfg 2" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=0.0.0.0/0 + auto=add diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..8e872d89f --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz +Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz +MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ +Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr +b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y +GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF +Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU +EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB +ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM +BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3 +OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI +KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK +AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB +ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm +uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud +rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS +Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA +MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX +fN8iF5kHn7S+Nd9ZFlf3S1w= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/certs/moonCert.pem new file mode 100644 index 000000000..7f5f8d703 --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEuDCCA6CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzM1NloXDTE0 +MTIyMjEzMzM1NlowWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dh +bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTKaLLTmKX45Qm +RjIaBSxBwofzqqkZWtl1mu0cDp6rGWr//hC31OO9MbLeRZBX0UBtuKouceAjdrwG +aK7ChR0Ft+qlLZ6Z9BH2Dna4vTdESsB3Sn+uXuU4WNdwmmJuRBXfl/7h/Rt+34Cs +BP82/RtR4GVpS7u73iSLlN4RaeWdySTqhtYH4cKt1H9MiSbwwomwdLedQo3UoOeU +lkWPrzFKT3gzU4vHr1sgpbF54o/iBr5/YyJpUT9UVeDTffAEMxnAe8/Q/a3pgSLO +wJ3HnSvcSH0w8zuH1YXOtfmqsphkwVBJGiLzUHWlYxVIAoCKdrv4eoSJLqlL5b51 +vGkmL83RAgMBAAGjggGJMIIBhTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV +HQ4EFgQU5zzmRRlKa8+cm1g4RYg4lKNkQz4wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ +owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT +d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVghNtb29uLnN0cm9u +Z3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEEGA1UdHwQ6MDgwNqA0oDKG +MGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNy +bDBFBggrBgEFBQcBBwEB/wQ2MDQwEgQCAAEwDAMDAAoBAwUAwKgAATAeBAIAAjAY +AxEA/sAAAAAAAAAAAAAAAAAAAQMDAP7BMA0GCSqGSIb3DQEBCwUAA4IBAQBVFKeX +QIH5Zk0dp/7u/V0TKqu5vZ9x6ZrshAZ9nzbLgmSP+++yDXmlQe0D0i2Men4D095S +smFqw1nMWM5oEPpP58+jhCOHzn7InMp+SRRBkX2j06wT9qbynAHiIun/qcdq13w1 +Fs0PiKVQZbbz72mwl9J3Hkj/JkLtOX00wMPqIFU6veeagGiwOW7KkehFUVqoD9+O +vgkHnUti2XzgskEGcEWmE1EYv7Qo0OdZB15oNoUV5i8WelfmWO+nz9/QKciATNoC +kAUVcEV9XY9sSKjazdyG6QfEd3l6lQ+KAt8MnqA89i0yIQ1lg+3Jfe67SMvM1gy6 +Y0Y2hqCja6SsIjVc +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/private/moonKey.pem new file mode 100644 index 000000000..8295f97c1 --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0ymiy05il+OUJkYyGgUsQcKH86qpGVrZdZrtHA6eqxlq//4Q +t9TjvTGy3kWQV9FAbbiqLnHgI3a8BmiuwoUdBbfqpS2emfQR9g52uL03RErAd0p/ +rl7lOFjXcJpibkQV35f+4f0bft+ArAT/Nv0bUeBlaUu7u94ki5TeEWnlnckk6obW +B+HCrdR/TIkm8MKJsHS3nUKN1KDnlJZFj68xSk94M1OLx69bIKWxeeKP4ga+f2Mi +aVE/VFXg033wBDMZwHvP0P2t6YEizsCdx50r3Eh9MPM7h9WFzrX5qrKYZMFQSRoi +81B1pWMVSAKAina7+HqEiS6pS+W+dbxpJi/N0QIDAQABAoIBAQCSHbx1XB8jJSot +teMTWEMAmgCDHrN2RQQ2ueaaxI8MrED7NK4S1rBkCVDRN2ejLLudcOvpyYikYZPI +B4XuOjgT7ejjNYcK1vXawrVqLhxhGCzIHvftC+MnM2qYk2vLCzfriXyomgD9sOCT +p72GKmxOIq1pyCr228eEApYLjLCDlhso3PrCo7recUq7f56rLjvb4gfcfor6mJUd +yIppZUnDFJnsRXup1G4L9Y9RNYtlkcDqem/Q49d5+AHCYH6R8YI0Iz3JnzZjalsq ++IA6RJqHBTeOpiyCmHlUmVE/3YUm8n7w7RRngMOLjKdiTKHT+8EcHmyUorqW3Yea +zCIe5C6FAoGBAO23egrSbamyWXcIOqx1GX9gzYmQ2nSKYUtRhsE8eNErw0zp4FKv +AA7CAmoWEzjDJPSkUzDAajoZiH8+DIZ4IkwKbYjtq0vr1yCbx/PBKVN/JHGZ/Ao/ +dc/lQrNseza34NBrREN/gUytjefFMJ4YStSZCMuy3gP1Fqk6YCy/dObbAoGBAONn +UqjmZYqoK0+jnGWdPOtXZ4bu8UoHc8/1MaVn3pq8bYh3PayFKpDKtcD1ZeXHCxL2 +1Y+Eid/DoZ2/RZbxT2mhi2mVZZCWc0xuML3Vz0B9bqi3ZfRLVP2u87fn//mGrD+9 +yy9PeIBv8UvjOhev6hZDBhPAVMsyjiw+wSX6kW/DAoGBAMBcrbSeLcGZok3xadFu +fPCXvBtrDWwrIqpZUauDLN1PBZ5yz2T5WhmXI28HaAyR1ZDmfK9BtXRIfy1AX9Bc +3JweAB9C/E/Wi+JGTVrR34hCpZIMImmEiuhtxDj/OwG/cHwXoUjhoBcVhnScHEiC +reM152k21/Pp26mbpIHxeD7rAoGAaRy4S5P7uaTUKEKzJxEQOKQ1GVzXMWXSdXyb +zx38+j9AzgR4AIepTjY03xVPXW+swb5Qpr8Xz9Oon7bq3sN59pSSUWKaCMRSVTDV +3Nm4q9GO1fO377zmc0BsLUTSwC8s7WW4Ro0QYSXdPjuw/YP1ywZ+B6EuUKJ0ryTu +uLRih2sCgYBm15N97b7Rp+aAti045iBla9/KH8z7szczIndpFWR4wjaI9tt0i9GR +OZs7LFq0MYdg8JiXITyVcuqsUbdAP3TvsXGDHdatbDcrXM/DYuP6dPqMuGBKdnEn +gIFT1z8mhv4Im3JKpuckMrIQ5vWhljcRZgiEJYZfEAkLJo7ePG2VzA== +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..9af403198 --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + multiple_authentication = no +} diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..afc2e399e --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + charondebug="cfg 2" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=0.0.0.0/0 + auto=add diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..8e872d89f --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz +Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz +MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ +Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr +b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y +GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF +Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU +EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB +ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM +BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3 +OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI +KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK +AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB +ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm +uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud +rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS +Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA +MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX +fN8iF5kHn7S+Nd9ZFlf3S1w= +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/certs/sunCert.pem new file mode 100644 index 000000000..9ccd47a2c --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/certs/sunCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEtjCCA56gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzUyMVoXDTE0 +MTIyMjEzMzUyMVowVzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxGzAZBgNVBAMTEnN1bi5zdHJvbmdzd2Fu +Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1HhvoVh/fM14RE +CTXr4to9ZEeGSqHLl5du+eYZl1fC7qLYaCtlaH+eLfDsCgYpe+XsDLHIxpTK9R6k +XgLP1Jraxz3rtv5qJKkV3aDTjQ2d+cFc0EgiZmn53VEmI/IlcJS/VZzHhNvEJk7H +k0YpoazpGPtNzFGaehV5mXUAeVPx4RH8fjcSiPbuPS3WC7cqtYvVwk97dj05VfEC +VnG+90+eFKztvawBzNGwGQ7xZV7kSiPHNyGAV0qrKvhXZ0VPnm/OEiGCAlIo8uno +Yb/4UMM/a5usCaA9Hgbf8+qqmrzavSUkFEa0y/p9bOBHaqfNP002xktbqBCCodRr +6QgmiysCAwEAAaOCAYgwggGEMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud +DgQWBBTaKhy7PH1ihWsD+3/bJQ3e3Isj+DCBjAYDVR0jBIGEMIGBgBQhf6frN9Cj +Cx+h3EIGHhFfPNIQFKFepFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4 +IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHjAcBgNVBAMTFXN0cm9uZ1N3 +YW4gUkZDMzc3OSBDQYIJAPKv5keyTotGMB0GA1UdEQQWMBSCEnN1bi5zdHJvbmdz +d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo +dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fcmZjMzc3OS5jcmww +RQYIKwYBBQUHAQcBAf8ENjA0MBIEAgABMAwDAwAKAgMFAMCoAAIwHgQCAAIwGAMR +AP7AAAAAAAAAAAAAAAAAAAIDAwD+wjANBgkqhkiG9w0BAQsFAAOCAQEAOqdCIldA +mPp2aAWVPBiKXNrk4VJoIGlwZaUtYNxGQ46wUqAro/taKwZd4B1yvwsX/cHX3Y6j +C1mQtiXw9onJm1qJM1a804U9yPcgdI+9RMiU0hA+aVmyMlS6WQsKFubU17qP2Ljd +4hOwVQ681Hi8zfQjJdYpaO1yLcpy2dkotreJS3wA24ssnskRBI/cuAN0dfbV6SDQ +TK91qz0emHoK3efgtvX4oEpsxI4NrwMstaZSVsHn4npKTGYu82dmPoK6WPblGEHZ +Iavl08lGcYBV5I2ZGuWOekWQzUuBSveV3AFjieeaDIG3Ue3AKaihn6dCLz6l+t7E +dXN+1axy9zQ34g== +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/private/sunKey.pem b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/private/sunKey.pem new file mode 100644 index 000000000..6e047af69 --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.d/private/sunKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEArUeG+hWH98zXhEQJNevi2j1kR4ZKocuXl2755hmXV8Luotho +K2Vof54t8OwKBil75ewMscjGlMr1HqReAs/UmtrHPeu2/mokqRXdoNONDZ35wVzQ +SCJmafndUSYj8iVwlL9VnMeE28QmTseTRimhrOkY+03MUZp6FXmZdQB5U/HhEfx+ +NxKI9u49LdYLtyq1i9XCT3t2PTlV8QJWcb73T54UrO29rAHM0bAZDvFlXuRKI8c3 +IYBXSqsq+FdnRU+eb84SIYICUijy6ehhv/hQwz9rm6wJoD0eBt/z6qqavNq9JSQU +RrTL+n1s4Edqp80/TTbGS1uoEIKh1GvpCCaLKwIDAQABAoIBAHKb86/nm9YPu6B1 +K65phdMZdgFE1oorUenMcid6V7qpaRN2lXfWjAaUxggq5vpqZ9OMjFzu0kHJ99S7 +nJ65fgKqn8vZ42BlLjhUCRH9urb9/Rqi2/RKJHkF1hd9ZZscnlkUMHkRElQVac0D +feqTUKdASdC2BWUYCpW3pwNXO+iD5bA9/wB2J/RYYmm6Qo7UZQU8C0lken/8EOEL +/ch0ID7C5PC0vWvLT0fM9j2JKDq8T6NRhF1MluISGDOp4pW7tEbkHo5I6zD0aPO2 +K9leN3aSUYsOVJk39VXkThwgJ4lqNEXI2xRbtW8sAf7TL1YDxLR2JN3UGvy/By5B +UblJUnECgYEA2nO+iXScKd3qqmHrdXcxf2ExZQr8QgTAsZOkb6LQ9kGQll0lBcFc +T2HlobzOaQktpF44C41zf2QpGDllbpyNT8VyQkI+CJ4pntjtKPkoPkxUeVlciFsm +7THqCGe0zQBWDnXFVfTKR12aRwkhjG+QCQyyaAaV8YztEsDI5SRCjykCgYEAyxAb +t/NTh9DBDrfJCkT21Rm9Ow70vhDaAyQLq3nJMF+BTXYDrnVMmFHCIHd+nbNP0CLs +cV/fWAF6626ko5B6ewPFQ4wXRvtNAiDNZSfeaZgvxCrvoDgVrHWhfwHSXWFqny0o +WHwIJJQvdkLW9BHwbpAQRoD1c2sy7pWIVTEyljMCgYEA0zZXwkUp/FzhWG2moANn +qzZI8N4nOpmnycnrkjiE+6Q27PsQIblrzCDmSnPnyqyiIasrWxgf1Mr95LsR9FmP +U9Ke/6tWmTR7H2e0HgqRO3LHtjCNhBVF1M6O7iN/Lzqk+gQqkUpGDaxVz1rnwgXX +6LgLAwNjFJJiYeBeHRbq98kCgYAwBdg4UbBgf0sY+vftmM+zKAorjGbvCDc25PBp +ljyxVvTSZ+WI/a6mmzdIzFnCW+S1OX0ndt/wBTGXuivvjryYmRSu29OpcscMiMtq +b9pWqKorP2g6QOlHRu5xhfHFKcO4b0qKWpLma7Epy7bgM9njm+htdBQYPrLl37FF +TIRFJwKBgGnZR5rm5iCrcIoAUMlH4/5ye5BPjHDn1NNv7Q7PZR9jhaEuoiBgvk6v +h+YVi9A9nhbaqS4/rumsNPlObeIw78713pendaWCjC4hA0urrJ4fElfuaIyZMyKE +FD64V78iaYVlmwKMJxZUnS1EFzb0XQZM7wxhB/i0wwjh+48rBHbd +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..9af403198 --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + multiple_authentication = no +} diff --git a/testing/tests/ikev2/net2net-rfc3779/posttest.dat b/testing/tests/ikev2/net2net-rfc3779/posttest.dat new file mode 100644 index 000000000..a4c96e10f --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null + diff --git a/testing/tests/ikev2/net2net-rfc3779/pretest.dat b/testing/tests/ikev2/net2net-rfc3779/pretest.dat new file mode 100644 index 000000000..545a3690e --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/pretest.dat @@ -0,0 +1,7 @@ +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +sun::ipsec start +moon::sleep 1 +moon::ipsec up net-net +moon::sleep 1 diff --git a/testing/tests/ikev2/net2net-rfc3779/test.conf b/testing/tests/ikev2/net2net-rfc3779/test.conf new file mode 100644 index 000000000..d9a61590f --- /dev/null +++ b/testing/tests/ikev2/net2net-rfc3779/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf index 4731a81d2..9af403198 100644 --- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf index 4731a81d2..9af403198 100644 --- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf index 4731a81d2..9af403198 100644 --- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf index 4731a81d2..9af403198 100644 --- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown multiple_authentication = no } diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf index 0425d7cf4..0d7cf5928 100755 --- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf @@ -17,7 +17,7 @@ conn %default rekeymargin=3m keyingtries=1 left=PH_IP_CAROL - leftcert=carolCert-revoked.pem + leftcert=carolRevokedCert.pem leftid=carol@strongswan.org conn home diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolCert-revoked.pem b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolCert-revoked.pem deleted file mode 100644 index 5b742fc9e..000000000 --- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolCert-revoked.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBBzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjU0OFoXDTA5MDkwOTExMjU0OFowWjELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh -cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAM5413q1B2EF3spcYD1u0ce9AtIHdxmU3+1E0hqV -mLqpIQtyp4SLbrRunxpoVUuEpHWXgLb3C/ljjlKCMWWmhw4wja1rBTjMNJLPj6Bo -5Qn4Oeuqm7/kLHPGbveQGtcSsJCk6iLqFTbq0wsji5Ogq7kmjWgQv0nM2jpofHLv -VOAtWVSj+x2b3OHdl/WpgTgTw1HHjYo7/NOkARdTcZ2/wxxM3z1Abp9iylc45GLN -IL/OzHkT8b5pdokdMvVijz8IslkkewJYXrVQaCNMZg/ydlXOOAEKz0YqnvXQaYs5 -K+s8XvQ2RFCr5oO0fRT2VbiI9TgHnbcnfUi25iHl6txsXg0CAwEAAaOCAQYwggEC -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTbA2TH3ca8tgCGkYy9 -OV/MqUTHAzBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL -MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz -d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQC9acuCUPEBOrWB -56vS8N9bksQwv/XcYIFYqV73kFBAzOPLX2a9igFGvBPdCxFu/t8JCswzE6to4LFM -2+6Z2QJf442CLPcJKxITahrjJXSxGbzMlmaDvZ5wFCJAlyin+yuInpTwl8rMZe/Q -O5JeJjzGDgWJtnGdkLUk/l2r6sZ/Cmk5rZpuO0hcUHVztMLQYPzqTpuMvC5p4JzL -LWGWhKRhJs53NmxXXodck/ZgaqiTWuQFYlbamJRvzVBfX7c1SWHRJvxSSOPKGIg3 -wphkO2naj/SQD+BNuWTRmZ9YCiLOQ64ybLpJzRZISETdqtLBPKsIqosUZwkxlR1N -9IcgYi5x ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem new file mode 100644 index 000000000..a92610c4f --- /dev/null +++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIjCCAwqgAwIBAgIBGzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwMzEwNloXDTE0MDgyNjEwMzEwNlowWjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh +cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAOHh/BBf9VwUbx3IU2ZvKJylwCUP2Gr40Velcexr +lR1PoK3nwZrJxxfhhxrxdx7Wnt/PDiF2eyzA9U4cOyS1zPpWuRt69PEOWfzQJZkD +e5C6bXZMHwJGaCM0h8EugnwI7/XgbEq8U/1PBwIeFh8xSyIwyn8NqyHWm+6haFZG +Urz7y0ZOAYcX5ZldP8vjm2SyAl0hPlod0ypk2K1igmO8w3cRRFqD27XhztgIJyoi ++BO3umc+BXcpPGoZ7IFaXvHcMVECrxbkrvRdpKiz/4+u8FakQJtBmYuqP2TLodRJ +TKSJ4UvIPXZ8DTEYC/Ja/wrm1hNfH4T3YjWGT++lVbYF7qECAwEAAaOCAQYwggEC +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQRnt9aYXsi/fgMXGVh +ZpTfg8kSYjBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL +MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz +d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCY2EMqkuhtAls/ +jkjXm+sI5YVglE62itSYgJxKZhxoFn3l4Afc6+XBeftK8Y1IjXdeyQUg8qHhkctl +nBiEzRCClporCOXl5hOzWi+ft2hyKgcx8mFB8Qw5ZE9z8dvY70jdPCB4cH5EVaiC +6ElGcI02iO073iCe38b3rmpwfnkIWZ0FVjSFSsTiNPLXWH6m6tt9Gux/PFuLff4a +cdGfEGs01DEp9t0bHqZd6ESf2rEUljT57i9wSBfT5ULj78VTgudw/WhB0CgiXD+f +q2dZC/19B8Xmk6XmEpRQjFK6wFmfBiQdelJo17/8M4LdT/RfvTHJOxr2OAtvCm2Z +0xafBd5x +-----END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolKey-revoked.pem b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolKey-revoked.pem deleted file mode 100644 index 8aefcc5a6..000000000 --- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolKey-revoked.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAznjXerUHYQXeylxgPW7Rx70C0gd3GZTf7UTSGpWYuqkhC3Kn -hItutG6fGmhVS4SkdZeAtvcL+WOOUoIxZaaHDjCNrWsFOMw0ks+PoGjlCfg566qb -v+Qsc8Zu95Aa1xKwkKTqIuoVNurTCyOLk6CruSaNaBC/SczaOmh8cu9U4C1ZVKP7 -HZvc4d2X9amBOBPDUceNijv806QBF1Nxnb/DHEzfPUBun2LKVzjkYs0gv87MeRPx -vml2iR0y9WKPPwiyWSR7AlhetVBoI0xmD/J2Vc44AQrPRiqe9dBpizkr6zxe9DZE -UKvmg7R9FPZVuIj1OAedtyd9SLbmIeXq3GxeDQIDAQABAoIBAAUdyXko8z3cP2EU -WO4syNYCQQejV7gykDn48pvmCRrXBhKajLwkGGIwO5ET9MkiSFEBqBbgmFNdvDEf -OMokDkSzv08Ez+RQax0YN57p+oL8u7KzT5i5tsBHsog/8epSdD2hWIv08QGjYAdu -og7OdHLqGabyg0r44I+B91OBysCjU51rDdkhz59AmURdEIJV5xhuGojFM68jaNm2 -MUxDfDuCsRIydjAP0VTUTAUxD4/S5I+jt/GK9aRsEeRH9Q3011iTGMR9viAUBhq/ -khkWNltg9lkOqO7LpnNku4sSv3v4CWge7/T+4RR2vZgv1oSs4ox2UKYoqIqiYIfx -uUcnqQECgYEA+LPiRMoXvlssQWlaFc2k4xga0efs+mWeLglDdc3R3fBEibP/AU07 -a576AgvUJtkI50/WNGKT73O+VtxcXn/N646m/8OtqNXuVKKjsxxNOZEKdO8aOdbt -7lM5WepNiQeaKAFudUxpUiZQx8LCKSsNDiJZKWBu6xAG2O5X32VMZvUCgYEA1Ie+ -rNa490PSC1ym7WbmdAjvGmSOn2GOBfO7BECsPZstccU7D5pZl/89fTfn1TDKP49Y -ScVOuFz7f/u6UJpb/WzI71RXEQOdojLWmF2HDx5osRi3hXEJa20fbPq6DQXCJ8pf -IF37AEqAY4UNSNic0Cw+rGHdWPQhDNXhFWpdu7kCgYEAmv4oNmyoDXbuhrlsbggi -CXE9TbG3a3mm8dPOGf2yHBmf7R2i/6GtNW33Kw1KIwfBV77WpQEGZwWACsv8ONx3 -baUSiHTfpkfk5xQQ5w/tRMISfTuB4agD0jJFnLa7qXl2ZhY2S53aSVsdntDOhi+R -TEy1umah2Za8Xbd0RgHwcn0CgYEAl9Hgg9dfikMIaNVm6W/4cCtxoojy2Sf3LIlP -r1oDsH6JmBwsdJjuJ4ZNhoXJNqID2COuDgTEly7U+jf4gFvEGuT7JPw6tgy/Ln7i -jTVCpaozX08oykpVUEhDirYQ8fyLFaGbEqQQCcUusej59G/IlW0F2F6QoFrEwUaH -46R4EQECgYBEZ7edMkj3dmJH1wxQjp5GJNbrJkS8IKvzza0mDTJdz33CgEX9Oyva -o2iEkDVpvj2SEy28ewt22IRptWKH/3bQfxSCcRV6JFNt3+LongMshRYqq1leqrKa -9fnQVtfTIbIVXwjTZap6BL8R66OeFtexsSFRfDF/8P4n2oF4zmn4qA== ------END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem new file mode 100644 index 000000000..60e7fdfa9 --- /dev/null +++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA4eH8EF/1XBRvHchTZm8onKXAJQ/YavjRV6Vx7GuVHU+grefB +msnHF+GHGvF3Htae388OIXZ7LMD1Thw7JLXM+la5G3r08Q5Z/NAlmQN7kLptdkwf +AkZoIzSHwS6CfAjv9eBsSrxT/U8HAh4WHzFLIjDKfw2rIdab7qFoVkZSvPvLRk4B +hxflmV0/y+ObZLICXSE+Wh3TKmTYrWKCY7zDdxFEWoPbteHO2AgnKiL4E7e6Zz4F +dyk8ahnsgVpe8dwxUQKvFuSu9F2kqLP/j67wVqRAm0GZi6o/ZMuh1ElMpInhS8g9 +dnwNMRgL8lr/CubWE18fhPdiNYZP76VVtgXuoQIDAQABAoIBAQCbF5UAkUJgdM9O +fat128DgvZXOXLDV0f261igAkmWR+Ih0n3n5E64VoY4oW77Ud7wiI4KqSzWLpvlH +Jm8dZ45UHJOAYM4pbRcwVKJcC14eI0LhRKbN4xXBhmHnrE1/aIuKIQt5zRFGDarc +M1gxFqFl2mZPEk18MGRkVoLTKfnJMzdHI1m0IAMwg3Rl9cmuVdkhTS+IAoULVNnI +0iAOsFN8SdDaKBqRcPkypT5s4wjGH4s7zjW4PmEDwDhhfeHkVccCuH8n3un1bPT2 +oc73RSXdCYMgDTD3waXC+4cCQGPZmUCl6Mfq7YCECkUpUg6rHlaCYRSZZoQPf5vH +VsBUvjABAoGBAPHSnJOL6tcqJCCZ27E3zIsmZ+d6dX4B/YN1Xk3vKHhavN5Ks6Gx +ZCsaluMuB2qyBRrpKnSAz6lUQ1TOxzuphlVIX1EnLW+JvNgFyem9PARsP2SMsKqm +VaqnId6pprdbP53NpL9Z7AsbS/i/Ab6WpVPyYHdqVsimCdRGK9/JlOnBAoGBAO8g +I4a4dJKiwHBHyP6wkYrhWdYwmjTJlskNNjrvtn7bCJ/Lm0SaGFXKIHCExnenZji0 +bBp3XiFNPlPfjTaXG++3IH6fxYdHonsrkxbUHvGAVETmHVLzeFiAKuUBvrWuKecD +yoywVenugORQIPal3AcLwPsVRfDU89tTQhiFq3zhAoGBAIqmfy/54URM3Tnz/Yq2 +u4htFNYb2JHPAlQFT3TP0xxuqiuqGSR0WUJ9lFXdZlM+jr7HQZha4rXrok9V39XN +dUAgpsYY+GwjRSt25jYmUesXRaGZKRIvHJ8kBL9t9jDbGLaZ2gP8wuH7XKvamF12 +coSXS8gsKGYTDT+wnCdLpR4BAoGAFwuV4Ont8iPVP/zrFgCWRjgpnEba1bOH4KBx +VYS8pcUeM6g/soDXT41HSxDAv89WPqjEslhGrhbvps2oolY1zwhrDUkAlGUG96/f +YRfYU5X2iR1UPiZQttbDS4a7hm7egvEOmDh2TzE5IsfGJX8ekV9Ene4S637acYy4 +lfxr5oECgYEAzRuvh6aG7UmKwNTfatEKav7/gUH3QBGK+Pp3TPSmR5PKh/Pk4py6 +95bT4mHrKCBIfSv/8h+6baYZr9Ha1Oj++J94RXEi8wdjjl1w3LGQrM/X+0AVqn5P +b5w1nvRK7bMikIXbZmPJmivrfChcjD21gvWeF6Osq8McWF8jW2HzrZw= +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.secrets index 22f06e662..8e31be4cb 100644 --- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.secrets @@ -1,3 +1,3 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -: RSA carolKey-revoked.pem +: RSA carolRevokedKey.pem diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index da8d70ed7..3361ca6a4 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index da8d70ed7..3361ca6a4 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index da8d70ed7..3361ca6a4 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf index 831d9e663..5e93e0fe7 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapaka eapidentity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf index 831d9e663..5e93e0fe7 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapaka eapidentity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat index e12643ef7..3064f02a6 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat @@ -2,7 +2,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA carol::cat /var/log/daemon.log::server requested EAP_AKA authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eapaka.*ESTABLISHED::YES +moon::ipsec statusall::rw-eap-aka.*ESTABLISHED::YES carol::ipsec statusall::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf index 42619b3ee..cc2bb91d2 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapaka updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 updown } diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf index 459414516..3a1fd98d3 100755 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keyingtries=1 keyexchange=ikev2 -conn rw-eapaka +conn rw-eap-aka left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf index 42619b3ee..cc2bb91d2 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapaka updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 updown } diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf index b856adc9e..6922ecc15 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmd5 eapidentity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf index 10414b29a..9f3c6bfa3 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf @@ -1,10 +1,10 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius eapidentity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown plugins { - eap_radius { - secret = gv6URkSs + eap-radius { + secret = gv6URkSs server = PH_IP_ALICE } } diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf index a53e44f50..6495d6f6a 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmd5 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf index cae56a7f6..af2bc1675 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf @@ -1,9 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown plugins { - eap_radius { + eap-radius { secret = gv6URkSs server = PH_IP_ALICE } diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf index a53e44f50..6495d6f6a 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmd5 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf index a53e44f50..6495d6f6a 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmd5 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf index 26ccc84ce..921db4c51 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md4 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmschapv2 eapidentity updown + load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf index 26ccc84ce..921db4c51 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md4 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmschapv2 eapidentity updown + load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat index 2a750029f..c167ba940 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat @@ -1,3 +1,3 @@ -232420100000015,30000000000000000000000000000000,30112233,305566778899AABB -232420100000015,31000000000000000000000000000000,31112233,315566778899AABB -232420100000015,32000000000000000000000000000000,32112233,325566778899AABB +228060123456001,30000000000000000000000000000000,30112233,305566778899AABB +228060123456001,31000000000000000000000000000000,31112233,315566778899AABB +228060123456001,32000000000000000000000000000000,32112233,325566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf index cc451fc8d..49f69ff0c 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file eapidentity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf index 10414b29a..9f3c6bfa3 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf @@ -1,10 +1,10 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius eapidentity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown plugins { - eap_radius { - secret = gv6URkSs + eap-radius { + secret = gv6URkSs server = PH_IP_ALICE } } diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/description.txt b/testing/tests/ikev2/rw-eap-sim-only-radius/description.txt new file mode 100644 index 000000000..d50175664 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/description.txt @@ -0,0 +1,14 @@ +The roadwarrior carol sets up a connection to gateway moon. +The gateway moon does not send an AUTH payload thus signalling +a mutual EAP-only authentication. +carol then uses the Extensible Authentication Protocol +in association with a GSM Subscriber Identity Module +(EAP-SIM) to authenticate against the gateway moon. +In this scenario, triplets from the file /etc/ipsec.d/triplets.dat +are used instead of a physical SIM card on the client carol. +The gateway forwards all EAP messages to the RADIUS server alice +which also uses a static triplets file. +

    +The roadwarrior dave sends wrong EAP-SIM triplets. As a consequence +the radius server alice returns an Access-Reject message +and the gateway moon sends back an EAP_FAILURE. diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat new file mode 100644 index 000000000..ff3e67459 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat @@ -0,0 +1,15 @@ +carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES +carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::cat /var/log/daemon.log::received Access-Reject from RADIUS server::YES +moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES +moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO +dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +dave::ipsec statusall::home.*ESTABLISHED::NO +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/clients.conf new file mode 100644 index 000000000..f4e179aa4 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/clients.conf @@ -0,0 +1,4 @@ +client PH_IP_MOON1 { + secret = gv6URkSs + shortname = moon +} diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/eap.conf new file mode 100644 index 000000000..a2020424e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/eap.conf @@ -0,0 +1,5 @@ +eap { + default_eap_type = sim + sim { + } +} diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/proxy.conf new file mode 100644 index 000000000..23cba8d11 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/proxy.conf @@ -0,0 +1,5 @@ +realm strongswan.org { + type = radius + authhost = LOCAL + accthost = LOCAL +} diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/radiusd.conf new file mode 100644 index 000000000..d77b818fe --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/radiusd.conf @@ -0,0 +1,123 @@ +# radiusd.conf -- FreeRADIUS server configuration file. + +prefix = /usr +exec_prefix = ${prefix} +sysconfdir = /etc +localstatedir = /var +sbindir = ${exec_prefix}/sbin +logdir = ${localstatedir}/log/radius +raddbdir = ${sysconfdir}/raddb +radacctdir = ${logdir}/radacct + +# name of the running server. See also the "-n" command-line option. +name = radiusd + +# Location of config and logfiles. +confdir = ${raddbdir} +run_dir = ${localstatedir}/run/radiusd + +# Should likely be ${localstatedir}/lib/radiusd +db_dir = ${raddbdir} + +# libdir: Where to find the rlm_* modules. +libdir = ${exec_prefix}/lib + +# pidfile: Where to place the PID of the RADIUS server. +pidfile = ${run_dir}/${name}.pid + +# max_request_time: The maximum time (in seconds) to handle a request. +max_request_time = 30 + +# cleanup_delay: The time to wait (in seconds) before cleaning up +cleanup_delay = 5 + +# max_requests: The maximum number of requests which the server keeps +max_requests = 1024 + +# listen: Make the server listen on a particular IP address, and send +listen { + type = auth + ipaddr = PH_IP_ALICE + port = 0 +} + +# This second "listen" section is for listening on the accounting +# port, too. +# +listen { + type = acct + ipaddr = PH_IP_ALICE + port = 0 +} + +# hostname_lookups: Log the names of clients or just their IP addresses +hostname_lookups = no + +# Core dumps are a bad thing. This should only be set to 'yes' +allow_core_dumps = no + +# Regular expressions +regular_expressions = yes +extended_expressions = yes + +# Logging section. The various "log_*" configuration items +log { + destination = files + file = ${logdir}/radius.log + syslog_facility = daemon + stripped_names = no + auth = yes + auth_badpass = yes + auth_goodpass = yes +} + +# The program to execute to do concurrency checks. +checkrad = ${sbindir}/checkrad + +# Security considerations +security { + max_attributes = 200 + reject_delay = 1 + status_server = yes +} + +# PROXY CONFIGURATION +proxy_requests = yes +$INCLUDE proxy.conf + +# CLIENTS CONFIGURATION +$INCLUDE clients.conf + +# THREAD POOL CONFIGURATION +thread pool { + start_servers = 5 + max_servers = 32 + min_spare_servers = 3 + max_spare_servers = 10 + max_requests_per_server = 0 +} + +# MODULE CONFIGURATION +modules { + $INCLUDE ${confdir}/modules/ + $INCLUDE eap.conf + $INCLUDE sql.conf + $INCLUDE sql/mysql/counter.conf + sim_files { + simtriplets = "/etc/raddb/triplets.dat" + } +} + +# Instantiation +instantiate { + exec + expr + expiration + logintime +} + +# Policies +$INCLUDE policy.conf + +# Include all enabled virtual hosts +$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/sites-available/default new file mode 100644 index 000000000..dfceb037d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/sites-available/default @@ -0,0 +1,62 @@ +authorize { + preprocess + chap + mschap + sim_files + suffix + eap { + ok = return + } + unix + files + expiration + logintime + pap +} + +authenticate { + Auth-Type PAP { + pap + } + Auth-Type CHAP { + chap + } + Auth-Type MS-CHAP { + mschap + } + unix + eap +} + +preacct { + preprocess + acct_unique + suffix + files +} + +accounting { + detail + unix + radutmp + attr_filter.accounting_response +} + +session { + radutmp +} + +post-auth { + exec + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} + diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/triplets.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/triplets.dat new file mode 100644 index 000000000..fd0eb19b9 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/triplets.dat @@ -0,0 +1,7 @@ +carol@strongswan.org,30000000000000000000000000000000,30112233,305566778899AABB +carol@strongswan.org,31000000000000000000000000000000,31112233,315566778899AABB +carol@strongswan.org,32000000000000000000000000000000,32112233,325566778899AABB +dave@strongswan.org,33000000000000000000000000000000,33112233,335566778899AABB +dave@strongswan.org,34000000000000000000000000000000,34112233,345566778899AABB +dave@strongswan.org,35000000000000000000000000000000,35112233,355566778899AABB + diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/users new file mode 100644 index 000000000..e69de29bb diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..11b9f0d71 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf @@ -0,0 +1,21 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftid=carol@strongswan.org + leftfirewall=yes + leftauth=eap + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.d/triplets.dat new file mode 100644 index 000000000..83906807f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.d/triplets.dat @@ -0,0 +1,3 @@ +carol@strongswan.org,30000000000000000000000000000000,30112233,305566778899AABB +carol@strongswan.org,31000000000000000000000000000000,31112233,315566778899AABB +carol@strongswan.org,32000000000000000000000000000000,32112233,325566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..ddd495699 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.secrets @@ -0,0 +1 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..fa662875d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown + send_vendor_id = yes +} diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..dca65c09f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.conf @@ -0,0 +1,21 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_DAVE + leftid=dave@strongswan.org + leftfirewall=yes + leftauth=eap + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.d/triplets.dat new file mode 100644 index 000000000..a02a42c0d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.d/triplets.dat @@ -0,0 +1,3 @@ +dave@strongswan.org,33000000000000000000000000000000,33112244,335566778899AABB +dave@strongswan.org,34000000000000000000000000000000,34112244,345566778899AABB +dave@strongswan.org,35000000000000000000000000000000,35112244,355566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.secrets new file mode 100644 index 000000000..ddd495699 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.secrets @@ -0,0 +1 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..fa662875d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown + send_vendor_id = yes +} diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..56587b2e8 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/init.d/iptables @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow RADIUS protocol with alice + iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..e3f4694bd --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-eap + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftid=@moon.strongswan.org + leftcert=moonCert.pem + leftauth=eap + leftfirewall=yes + rightid=*@strongswan.org + rightsendcert=never + rightauth=eap-radius + right=%any + auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..ddd495699 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.secrets @@ -0,0 +1 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..ac8f98b70 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf @@ -0,0 +1,12 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown + send_vendor_id = yes + plugins { + eap-radius { + secret = gv6URkSs + server = PH_IP_ALICE + } + } +} diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/posttest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/posttest.dat new file mode 100644 index 000000000..dbe56013a --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/posttest.dat @@ -0,0 +1,7 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +alice::/etc/init.d/radiusd stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat new file mode 100644 index 000000000..6a30756b7 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat @@ -0,0 +1,18 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +moon::rm /etc/ipsec.d/cacerts/* +carol::rm /etc/ipsec.d/cacerts/* +dave::rm /etc/ipsec.d/cacerts/* +alice::cat /etc/raddb/clients.conf +alice::cat /etc/raddb/eap.conf +alice::cat /etc/raddb/proxy.conf +alice::cat /etc/raddb/triplets.dat +alice::/etc/init.d/radiusd start +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home +dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/test.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/test.conf new file mode 100644 index 000000000..70416826e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf index e2388268c..fcb1cf201 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf index e2388268c..fcb1cf201 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf index cae56a7f6..af2bc1675 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf @@ -1,9 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown plugins { - eap_radius { + eap-radius { secret = gv6URkSs server = PH_IP_ALICE } diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat index 194434a1e..53c7e71ce 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat @@ -1,7 +1,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eapsim.*ESTABLISHED::YES +moon::ipsec statusall::rw-eap-sim.*ESTABLISHED::YES carol::ipsec statusall::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.d/triplets.dat index 759585439..83906807f 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.d/triplets.dat +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.d/triplets.dat @@ -1,3 +1,3 @@ -moon.strongswan.org,100,210,310 -moon.strongswan.org,200,220,320 -moon.strongswan.org,300,230,330 +carol@strongswan.org,30000000000000000000000000000000,30112233,305566778899AABB +carol@strongswan.org,31000000000000000000000000000000,31112233,315566778899AABB +carol@strongswan.org,32000000000000000000000000000000,32112233,325566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf index e2388268c..fcb1cf201 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf index 53ecb4d70..ea62749be 100755 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf @@ -11,7 +11,7 @@ conn %default keyingtries=1 keyexchange=ikev2 -conn rw-eapsim +conn rw-eap-sim left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.d/triplets.dat index b15a1dd72..83906807f 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.d/triplets.dat +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.d/triplets.dat @@ -1,3 +1,3 @@ -carol@strongswan.org,100,210,310 -carol@strongswan.org,200,220,320 -carol@strongswan.org,300,230,330 +carol@strongswan.org,30000000000000000000000000000000,30112233,305566778899AABB +carol@strongswan.org,31000000000000000000000000000000,31112233,315566778899AABB +carol@strongswan.org,32000000000000000000000000000000,32112233,325566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf index e2388268c..fcb1cf201 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf index 8451ac81a..4732113fa 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf index 8451ac81a..4732113fa 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf index 8451ac81a..4732113fa 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf index ef63f7262..572cf39cb 100644 --- a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink } diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/init.d/iptables index 25074a0f1..b3509f8df 100755 --- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/init.d/iptables +++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf index ccc8037b5..930ae5785 100755 --- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup crlcheckinterval=180 plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.strongswan.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf index 40eb84b8a..4732113fa 100644 --- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/init.d/iptables b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/init.d/iptables index 25074a0f1..b3509f8df 100755 --- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/init.d/iptables +++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf index 1ec8b49d6..d7653f1c3 100755 --- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup crlcheckinterval=180 plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.strongswan.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf index 40eb84b8a..4732113fa 100644 --- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/host2host-ikev2/pretest.dat b/testing/tests/ipv6/host2host-ikev2/pretest.dat index 3536fd886..7e97e7783 100644 --- a/testing/tests/ipv6/host2host-ikev2/pretest.dat +++ b/testing/tests/ipv6/host2host-ikev2/pretest.dat @@ -4,3 +4,4 @@ moon::ipsec start sun::ipsec start moon::sleep 2 moon::ipsec up host-host +moon::sleep 1 diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/init.d/iptables index 25074a0f1..b3509f8df 100755 --- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/init.d/iptables +++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf index 651e17e90..155cf1d4c 100755 --- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup crlcheckinterval=180 plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.strongswan.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf index 40eb84b8a..4732113fa 100644 --- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/init.d/iptables b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/init.d/iptables index 25074a0f1..b3509f8df 100755 --- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/init.d/iptables +++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf index 4ba0bcbc0..09abc7b02 100755 --- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup crlcheckinterval=180 plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.strongswan.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf index 40eb84b8a..4732113fa 100644 --- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/net2net-ikev2/pretest.dat b/testing/tests/ipv6/net2net-ikev2/pretest.dat index e360bfbaa..8a8af2ccb 100644 --- a/testing/tests/ipv6/net2net-ikev2/pretest.dat +++ b/testing/tests/ipv6/net2net-ikev2/pretest.dat @@ -8,3 +8,4 @@ moon::ipsec start sun::ipsec start moon::sleep 2 moon::ipsec up net-net +moon::sleep 1 diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/description.txt b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/description.txt new file mode 100644 index 000000000..62fff0b30 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/description.txt @@ -0,0 +1,4 @@ +An IPv6 ESP tunnel connection between the gateways moon and sun is successfully set up. +It connects the two IPv4 subnets hiding behind their respective gateways. The authentication is based on +X.509 certificates. In order to test the IPv4-over-IPv6 ESP tunnel, client alice behind moon +sends an IPv4 ICMP request to client bob behind sun using the ping command. diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat new file mode 100644 index 000000000..077899e36 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat @@ -0,0 +1,5 @@ +moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES +sun::ipsec status::net.net.*STATE_QUICK_R2.*IPsec SA established::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES +sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..25074a0f1 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/init.d/iptables @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + /sbin/ip6tables -P INPUT DROP + /sbin/ip6tables -P OUTPUT DROP + /sbin/ip6tables -P FORWARD DROP + + # allow esp + ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow last UDP fragment + ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT + + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + ip6tables -A INPUT -j LOG --log-prefix " IN: " + ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/ip6tables -t filter -P INPUT ACCEPT + /sbin/ip6tables -t filter -P FORWARD ACCEPT + /sbin/ip6tables -t filter -P OUTPUT ACCEPT + + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..1781313cc --- /dev/null +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf @@ -0,0 +1,28 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + crlcheckinterval=180 + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + mobike=no + +conn net-net + also=host-host + leftsubnet=10.1.0.0/16 + rightsubnet=10.2.0.0/16 + +conn host-host + left=PH_IP6_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + right=PH_IP6_SUN + rightid=@sun.strongswan.org + auto=add diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/init.d/iptables b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/init.d/iptables new file mode 100755 index 000000000..25074a0f1 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/init.d/iptables @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + /sbin/ip6tables -P INPUT DROP + /sbin/ip6tables -P OUTPUT DROP + /sbin/ip6tables -P FORWARD DROP + + # allow esp + ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow last UDP fragment + ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT + + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + ip6tables -A INPUT -j LOG --log-prefix " IN: " + ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/ip6tables -t filter -P INPUT ACCEPT + /sbin/ip6tables -t filter -P FORWARD ACCEPT + /sbin/ip6tables -t filter -P OUTPUT ACCEPT + + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..2caf09104 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf @@ -0,0 +1,28 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + crlcheckinterval=180 + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + mobike=no + +conn net-net + also=host-host + leftsubnet=10.2.0.0/16 + rightsubnet=10.1.0.0/16 + +conn host-host + left=PH_IP6_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + right=PH_IP6_MOON + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat new file mode 100644 index 000000000..dff181797 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +sun::ipsec stop diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat new file mode 100644 index 000000000..a96b719bf --- /dev/null +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat @@ -0,0 +1,7 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +sun::echo 1 > /proc/sys/net/ipv4/ip_forward +moon::ipsec start +sun::ipsec start +moon::sleep 2 +moon::ipsec up net-net +moon::sleep 2 diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf new file mode 100644 index 000000000..cab801a1c --- /dev/null +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b-ip4-in-ip6.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/init.d/iptables index 25074a0f1..b3509f8df 100755 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/init.d/iptables +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf index ddc965c01..c47ff8059 100755 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup crlcheckinterval=180 plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.strongswan.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m @@ -22,6 +28,7 @@ conn host-host left=PH_IP6_MOON leftcert=moonCert.pem leftid=@moon.strongswan.org + leftfirewall=yes right=PH_IP6_SUN rightid=@sun.strongswan.org auto=add diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf index ef63f7262..4732113fa 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/init.d/iptables b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/init.d/iptables index 25074a0f1..b3509f8df 100755 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/init.d/iptables +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf index b02136ffe..c1041bd87 100755 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup crlcheckinterval=180 plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m @@ -22,6 +28,7 @@ conn host-host left=PH_IP6_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org + leftfirewall=yes right=PH_IP6_MOON rightid=@moon.strongswan.org auto=add diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf index ef63f7262..4732113fa 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat index dff181797..5a9150bc8 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat @@ -1,2 +1,4 @@ moon::ipsec stop sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat index 071827b66..a88456d52 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat @@ -1,6 +1,7 @@ -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -sun::echo 1 > /proc/sys/net/ipv4/ip_forward +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null moon::ipsec start sun::ipsec start moon::sleep 2 moon::ipsec up net-net +moon::sleep 2 diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt new file mode 100644 index 000000000..5952ecc2d --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt @@ -0,0 +1,6 @@ +An IPv6 ESP tunnel connection between the gateways moon and sun is successfully set up. +It connects the two subnets hiding behind their respective gateways. The authentication is based on +X.509 certificates. Upon the successful establishment of the IPsec tunnel, leftfirewall=yes +automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic. +In order to test both the net-to-net tunnel and the firewall rules, client alice behind moon +sends an IPv6 ICMP request to client bob behind sun using the ping6 command. diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat new file mode 100644 index 000000000..2f73ef7d8 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat @@ -0,0 +1,5 @@ +moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES +sun::ipsec status::net.net.*STATE_QUICK_R2.*IPsec SA established::YES +alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..25074a0f1 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/init.d/iptables @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + /sbin/ip6tables -P INPUT DROP + /sbin/ip6tables -P OUTPUT DROP + /sbin/ip6tables -P FORWARD DROP + + # allow esp + ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow last UDP fragment + ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT + + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + ip6tables -A INPUT -j LOG --log-prefix " IN: " + ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/ip6tables -t filter -P INPUT ACCEPT + /sbin/ip6tables -t filter -P FORWARD ACCEPT + /sbin/ip6tables -t filter -P OUTPUT ACCEPT + + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..773d2ed48 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + crlcheckinterval=180 + plutodebug=control + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn net-net + left=PH_IP_MOON + leftnexthop=%direct + leftsubnet=fec1::0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + right=PH_IP_SUN + rightsubnet=fec2::0/16 + rightid=@sun.strongswan.org + auto=add diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..4e73b5292 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = curl aes des sha1 sha2 md5 pem pkcs1 x509 gmp random hmac +} diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/init.d/iptables b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/init.d/iptables new file mode 100755 index 000000000..25074a0f1 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/init.d/iptables @@ -0,0 +1,107 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + /sbin/ip6tables -P INPUT DROP + /sbin/ip6tables -P OUTPUT DROP + /sbin/ip6tables -P FORWARD DROP + + # allow esp + ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow last UDP fragment + ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT + + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + ip6tables -A INPUT -j LOG --log-prefix " IN: " + ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/ip6tables -t filter -P INPUT ACCEPT + /sbin/ip6tables -t filter -P FORWARD ACCEPT + /sbin/ip6tables -t filter -P OUTPUT ACCEPT + + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..bb3f4f765 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + crlcheckinterval=180 + plutodebug=control + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn net-net + left=PH_IP_SUN + leftnexthop=%direct + leftsubnet=fec2::0/16 + leftcert=sunCert.pem + leftid=@sun.strongswan.org + right=PH_IP_MOON + rightsubnet=fec1::0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..825ae1264 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = curl aes des sha1 sha2 md5 pem pkcs1 x509 gmp random hmac +} diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat new file mode 100644 index 000000000..7a8af32bc --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat @@ -0,0 +1,6 @@ +moon::ipsec stop +sun::ipsec stop +alice::"ip route del fec2:\:/16 via fec1:\:1" +moon::"ip route del fec2:\:/16 via fec0:\:2" +sun::"ip route del fec1:\:/16 via fec0:\:1" +bob::"ip route del fec1:\:/16 via fec2:\:1" diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat new file mode 100644 index 000000000..130058a40 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat @@ -0,0 +1,11 @@ +moon::echo 1 > /proc/sys/net/ipv6/conf/all/forwarding +sun::echo 1 > /proc/sys/net/ipv6/conf/all/forwarding +alice::"ip route add fec2:\:/16 via fec1:\:1" +moon::"ip route add fec2:\:/16 via fec0:\:2" +sun::"ip route add fec1:\:/16 via fec0:\:1" +bob::"ip route add fec1:\:/16 via fec2:\:1" +moon::ipsec start +sun::ipsec start +moon::sleep 2 +moon::ipsec up net-net +moon::sleep 1 diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf new file mode 100644 index 000000000..d5d55c749 --- /dev/null +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b-ip6-in-ip4.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/init.d/iptables index 25074a0f1..d556762b7 100755 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/init.d/iptables +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/init.d/iptables @@ -26,27 +26,16 @@ start() { /sbin/ip6tables -P FORWARD DROP # allow esp - ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT - ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT # allow IKE - ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT - ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT # allow MobIKE - ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT - ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - - # allow ICMPv6 neighbor-solicitations - ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT - ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT - - # allow ICMPv6 neighbor-advertisements - ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT # allow crl fetch from winnetou iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT @@ -56,6 +45,14 @@ start() { iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + # log dropped packets ip6tables -A INPUT -j LOG --log-prefix " IN: " ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf index 468322544..a452c7a35 100755 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf @@ -18,6 +18,7 @@ conn net-net leftsubnet=fec1::0/16 leftcert=moonCert.pem leftid=@moon.strongswan.org + leftfirewall=yes right=PH_IP_SUN rightsubnet=fec2::0/16 rightid=@sun.strongswan.org diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf index 9aedf04b9..c77902caa 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown install_routes = no } diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/init.d/iptables b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/init.d/iptables index 25074a0f1..21ff88d0d 100755 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/init.d/iptables +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/init.d/iptables @@ -26,27 +26,16 @@ start() { /sbin/ip6tables -P FORWARD DROP # allow esp - ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT - ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT # allow IKE - ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT - ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT # allow MobIKE - ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT - ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - - # allow ICMPv6 neighbor-solicitations - ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT - ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT - - # allow ICMPv6 neighbor-advertisements - ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT # allow crl fetch from winnetou iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT @@ -56,6 +45,18 @@ start() { iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # log dropped packets ip6tables -A INPUT -j LOG --log-prefix " IN: " ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf index 03b7bc680..448cccbb7 100755 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf @@ -18,6 +18,7 @@ conn net-net leftsubnet=fec2::0/16 leftcert=sunCert.pem leftid=@sun.strongswan.org + leftfirewall=yes right=PH_IP_MOON rightsubnet=fec1::0/16 rightid=@moon.strongswan.org diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf index d6774b266..6e9280e41 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown install_routes=no } diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat index 7a8af32bc..c78d884ee 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat @@ -4,3 +4,5 @@ alice::"ip route del fec2:\:/16 via fec1:\:1" moon::"ip route del fec2:\:/16 via fec0:\:2" sun::"ip route del fec1:\:/16 via fec0:\:1" bob::"ip route del fec1:\:/16 via fec2:\:1" +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat index ae300697e..7781f9b9f 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat @@ -1,5 +1,5 @@ -moon::echo 1 > /proc/sys/net/ipv6/conf/all/forwarding -sun::echo 1 > /proc/sys/net/ipv6/conf/all/forwarding +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null alice::"ip route add fec2:\:/16 via fec1:\:1" moon::"ip route add fec2:\:/16 via fec0:\:2" sun::"ip route add fec1:\:/16 via fec0:\:1" @@ -8,3 +8,4 @@ moon::ipsec start sun::ipsec start moon::sleep 2 moon::ipsec up net-net +moon::sleep 1 diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt b/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt new file mode 100644 index 000000000..ebcc00724 --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt @@ -0,0 +1,11 @@ +An IPv6 ESP tunnel connection between the gateways moon and sun is successfully set up. +It connects the two subnets hiding behind their respective gateways. The authentication is based on +X.509 certificates containing RFC 3779 IP address block constraints. +Both moon and sun set rightsubnet=::/0 thus allowing the peers to narrow down +the address range to their actual subnets fec1::/16 and fec2::/16, respectively. +These unilaterally proposed traffic selectors must be validated by corresponding IP address block constraints. +

    +Upon the successful establishment of the IPsec tunnel, leftfirewall=yes +automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic. +In order to test both the net-to-net tunnel and the firewall rules, client alice behind moon +sends an IPv6 ICMP request to client bob behind sun using the ping6 command. diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat new file mode 100644 index 000000000..a311992b7 --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat @@ -0,0 +1,7 @@ +moon::ipsec status::net-net.*INSTALLED::YES +sun::ipsec status::net.net.*INSTALLED::YES +moon::cat /var/log/daemon.log::TS fec2:\:/16 is contained in address block constraint fec2:\:/16::YES +sun::cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES +alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES +sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES +sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..b3509f8df --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/init.d/iptables @@ -0,0 +1,104 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + /sbin/ip6tables -P INPUT DROP + /sbin/ip6tables -P OUTPUT DROP + /sbin/ip6tables -P FORWARD DROP + + # allow esp + ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + ip6tables -A INPUT -j LOG --log-prefix " IN: " + ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/ip6tables -t filter -P INPUT ACCEPT + /sbin/ip6tables -t filter -P FORWARD ACCEPT + /sbin/ip6tables -t filter -P OUTPUT ACCEPT + + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..846a3f794 --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf @@ -0,0 +1,34 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + crlcheckinterval=180 + plutostart=no + +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/ + crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl + auto=add + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + also=host-host + leftsubnet=fec1::0/16 + rightsubnet=0::0/0 + +conn host-host + left=PH_IP6_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + right=PH_IP6_SUN + rightid=@sun.strongswan.org + auto=add diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..8e872d89f --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz +Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz +MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ +Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr +b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y +GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF +Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU +EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB +ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM +BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3 +OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI +KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK +AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB +ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm +uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud +rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS +Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA +MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX +fN8iF5kHn7S+Nd9ZFlf3S1w= +-----END CERTIFICATE----- diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem new file mode 100644 index 000000000..7f5f8d703 --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEuDCCA6CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzM1NloXDTE0 +MTIyMjEzMzM1NlowWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dh +bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTKaLLTmKX45Qm +RjIaBSxBwofzqqkZWtl1mu0cDp6rGWr//hC31OO9MbLeRZBX0UBtuKouceAjdrwG +aK7ChR0Ft+qlLZ6Z9BH2Dna4vTdESsB3Sn+uXuU4WNdwmmJuRBXfl/7h/Rt+34Cs +BP82/RtR4GVpS7u73iSLlN4RaeWdySTqhtYH4cKt1H9MiSbwwomwdLedQo3UoOeU +lkWPrzFKT3gzU4vHr1sgpbF54o/iBr5/YyJpUT9UVeDTffAEMxnAe8/Q/a3pgSLO +wJ3HnSvcSH0w8zuH1YXOtfmqsphkwVBJGiLzUHWlYxVIAoCKdrv4eoSJLqlL5b51 +vGkmL83RAgMBAAGjggGJMIIBhTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV +HQ4EFgQU5zzmRRlKa8+cm1g4RYg4lKNkQz4wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ +owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT +d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVghNtb29uLnN0cm9u +Z3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEEGA1UdHwQ6MDgwNqA0oDKG +MGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNy +bDBFBggrBgEFBQcBBwEB/wQ2MDQwEgQCAAEwDAMDAAoBAwUAwKgAATAeBAIAAjAY +AxEA/sAAAAAAAAAAAAAAAAAAAQMDAP7BMA0GCSqGSIb3DQEBCwUAA4IBAQBVFKeX +QIH5Zk0dp/7u/V0TKqu5vZ9x6ZrshAZ9nzbLgmSP+++yDXmlQe0D0i2Men4D095S +smFqw1nMWM5oEPpP58+jhCOHzn7InMp+SRRBkX2j06wT9qbynAHiIun/qcdq13w1 +Fs0PiKVQZbbz72mwl9J3Hkj/JkLtOX00wMPqIFU6veeagGiwOW7KkehFUVqoD9+O +vgkHnUti2XzgskEGcEWmE1EYv7Qo0OdZB15oNoUV5i8WelfmWO+nz9/QKciATNoC +kAUVcEV9XY9sSKjazdyG6QfEd3l6lQ+KAt8MnqA89i0yIQ1lg+3Jfe67SMvM1gy6 +Y0Y2hqCja6SsIjVc +-----END CERTIFICATE----- diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem new file mode 100644 index 000000000..8295f97c1 --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0ymiy05il+OUJkYyGgUsQcKH86qpGVrZdZrtHA6eqxlq//4Q +t9TjvTGy3kWQV9FAbbiqLnHgI3a8BmiuwoUdBbfqpS2emfQR9g52uL03RErAd0p/ +rl7lOFjXcJpibkQV35f+4f0bft+ArAT/Nv0bUeBlaUu7u94ki5TeEWnlnckk6obW +B+HCrdR/TIkm8MKJsHS3nUKN1KDnlJZFj68xSk94M1OLx69bIKWxeeKP4ga+f2Mi +aVE/VFXg033wBDMZwHvP0P2t6YEizsCdx50r3Eh9MPM7h9WFzrX5qrKYZMFQSRoi +81B1pWMVSAKAina7+HqEiS6pS+W+dbxpJi/N0QIDAQABAoIBAQCSHbx1XB8jJSot +teMTWEMAmgCDHrN2RQQ2ueaaxI8MrED7NK4S1rBkCVDRN2ejLLudcOvpyYikYZPI +B4XuOjgT7ejjNYcK1vXawrVqLhxhGCzIHvftC+MnM2qYk2vLCzfriXyomgD9sOCT +p72GKmxOIq1pyCr228eEApYLjLCDlhso3PrCo7recUq7f56rLjvb4gfcfor6mJUd +yIppZUnDFJnsRXup1G4L9Y9RNYtlkcDqem/Q49d5+AHCYH6R8YI0Iz3JnzZjalsq ++IA6RJqHBTeOpiyCmHlUmVE/3YUm8n7w7RRngMOLjKdiTKHT+8EcHmyUorqW3Yea +zCIe5C6FAoGBAO23egrSbamyWXcIOqx1GX9gzYmQ2nSKYUtRhsE8eNErw0zp4FKv +AA7CAmoWEzjDJPSkUzDAajoZiH8+DIZ4IkwKbYjtq0vr1yCbx/PBKVN/JHGZ/Ao/ +dc/lQrNseza34NBrREN/gUytjefFMJ4YStSZCMuy3gP1Fqk6YCy/dObbAoGBAONn +UqjmZYqoK0+jnGWdPOtXZ4bu8UoHc8/1MaVn3pq8bYh3PayFKpDKtcD1ZeXHCxL2 +1Y+Eid/DoZ2/RZbxT2mhi2mVZZCWc0xuML3Vz0B9bqi3ZfRLVP2u87fn//mGrD+9 +yy9PeIBv8UvjOhev6hZDBhPAVMsyjiw+wSX6kW/DAoGBAMBcrbSeLcGZok3xadFu +fPCXvBtrDWwrIqpZUauDLN1PBZ5yz2T5WhmXI28HaAyR1ZDmfK9BtXRIfy1AX9Bc +3JweAB9C/E/Wi+JGTVrR34hCpZIMImmEiuhtxDj/OwG/cHwXoUjhoBcVhnScHEiC +reM152k21/Pp26mbpIHxeD7rAoGAaRy4S5P7uaTUKEKzJxEQOKQ1GVzXMWXSdXyb +zx38+j9AzgR4AIepTjY03xVPXW+swb5Qpr8Xz9Oon7bq3sN59pSSUWKaCMRSVTDV +3Nm4q9GO1fO377zmc0BsLUTSwC8s7WW4Ro0QYSXdPjuw/YP1ywZ+B6EuUKJ0ryTu +uLRih2sCgYBm15N97b7Rp+aAti045iBla9/KH8z7szczIndpFWR4wjaI9tt0i9GR +OZs7LFq0MYdg8JiXITyVcuqsUbdAP3TvsXGDHdatbDcrXM/DYuP6dPqMuGBKdnEn +gIFT1z8mhv4Im3JKpuckMrIQ5vWhljcRZgiEJYZfEAkLJo7ePG2VzA== +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..4732113fa --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/init.d/iptables b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/init.d/iptables new file mode 100755 index 000000000..b3509f8df --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/init.d/iptables @@ -0,0 +1,104 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + /sbin/ip6tables -P INPUT DROP + /sbin/ip6tables -P OUTPUT DROP + /sbin/ip6tables -P FORWARD DROP + + # allow esp + ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + ip6tables -A INPUT -j LOG --log-prefix " IN: " + ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/ip6tables -t filter -P INPUT ACCEPT + /sbin/ip6tables -t filter -P FORWARD ACCEPT + /sbin/ip6tables -t filter -P OUTPUT ACCEPT + + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..adf411da5 --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf @@ -0,0 +1,34 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + crlcheckinterval=180 + plutostart=no + +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/ + crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl + auto=add + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + also=host-host + leftsubnet=fec2::0/16 + rightsubnet=0::0/0 + +conn host-host + left=PH_IP6_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftfirewall=yes + right=PH_IP6_MOON + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..8e872d89f --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz +Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz +MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ +Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr +b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y +GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF +Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU +EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB +ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM +BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3 +OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI +KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK +AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB +ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm +uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud +rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS +Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA +MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX +fN8iF5kHn7S+Nd9ZFlf3S1w= +-----END CERTIFICATE----- diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/certs/sunCert.pem new file mode 100644 index 000000000..9ccd47a2c --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/certs/sunCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEtjCCA56gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzUyMVoXDTE0 +MTIyMjEzMzUyMVowVzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxGzAZBgNVBAMTEnN1bi5zdHJvbmdzd2Fu +Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1HhvoVh/fM14RE +CTXr4to9ZEeGSqHLl5du+eYZl1fC7qLYaCtlaH+eLfDsCgYpe+XsDLHIxpTK9R6k +XgLP1Jraxz3rtv5qJKkV3aDTjQ2d+cFc0EgiZmn53VEmI/IlcJS/VZzHhNvEJk7H +k0YpoazpGPtNzFGaehV5mXUAeVPx4RH8fjcSiPbuPS3WC7cqtYvVwk97dj05VfEC +VnG+90+eFKztvawBzNGwGQ7xZV7kSiPHNyGAV0qrKvhXZ0VPnm/OEiGCAlIo8uno +Yb/4UMM/a5usCaA9Hgbf8+qqmrzavSUkFEa0y/p9bOBHaqfNP002xktbqBCCodRr +6QgmiysCAwEAAaOCAYgwggGEMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud +DgQWBBTaKhy7PH1ihWsD+3/bJQ3e3Isj+DCBjAYDVR0jBIGEMIGBgBQhf6frN9Cj +Cx+h3EIGHhFfPNIQFKFepFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4 +IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHjAcBgNVBAMTFXN0cm9uZ1N3 +YW4gUkZDMzc3OSBDQYIJAPKv5keyTotGMB0GA1UdEQQWMBSCEnN1bi5zdHJvbmdz +d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo +dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fcmZjMzc3OS5jcmww +RQYIKwYBBQUHAQcBAf8ENjA0MBIEAgABMAwDAwAKAgMFAMCoAAIwHgQCAAIwGAMR +AP7AAAAAAAAAAAAAAAAAAAIDAwD+wjANBgkqhkiG9w0BAQsFAAOCAQEAOqdCIldA +mPp2aAWVPBiKXNrk4VJoIGlwZaUtYNxGQ46wUqAro/taKwZd4B1yvwsX/cHX3Y6j +C1mQtiXw9onJm1qJM1a804U9yPcgdI+9RMiU0hA+aVmyMlS6WQsKFubU17qP2Ljd +4hOwVQ681Hi8zfQjJdYpaO1yLcpy2dkotreJS3wA24ssnskRBI/cuAN0dfbV6SDQ +TK91qz0emHoK3efgtvX4oEpsxI4NrwMstaZSVsHn4npKTGYu82dmPoK6WPblGEHZ +Iavl08lGcYBV5I2ZGuWOekWQzUuBSveV3AFjieeaDIG3Ue3AKaihn6dCLz6l+t7E +dXN+1axy9zQ34g== +-----END CERTIFICATE----- diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/private/sunKey.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/private/sunKey.pem new file mode 100644 index 000000000..6e047af69 --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/private/sunKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEArUeG+hWH98zXhEQJNevi2j1kR4ZKocuXl2755hmXV8Luotho +K2Vof54t8OwKBil75ewMscjGlMr1HqReAs/UmtrHPeu2/mokqRXdoNONDZ35wVzQ +SCJmafndUSYj8iVwlL9VnMeE28QmTseTRimhrOkY+03MUZp6FXmZdQB5U/HhEfx+ +NxKI9u49LdYLtyq1i9XCT3t2PTlV8QJWcb73T54UrO29rAHM0bAZDvFlXuRKI8c3 +IYBXSqsq+FdnRU+eb84SIYICUijy6ehhv/hQwz9rm6wJoD0eBt/z6qqavNq9JSQU +RrTL+n1s4Edqp80/TTbGS1uoEIKh1GvpCCaLKwIDAQABAoIBAHKb86/nm9YPu6B1 +K65phdMZdgFE1oorUenMcid6V7qpaRN2lXfWjAaUxggq5vpqZ9OMjFzu0kHJ99S7 +nJ65fgKqn8vZ42BlLjhUCRH9urb9/Rqi2/RKJHkF1hd9ZZscnlkUMHkRElQVac0D +feqTUKdASdC2BWUYCpW3pwNXO+iD5bA9/wB2J/RYYmm6Qo7UZQU8C0lken/8EOEL +/ch0ID7C5PC0vWvLT0fM9j2JKDq8T6NRhF1MluISGDOp4pW7tEbkHo5I6zD0aPO2 +K9leN3aSUYsOVJk39VXkThwgJ4lqNEXI2xRbtW8sAf7TL1YDxLR2JN3UGvy/By5B +UblJUnECgYEA2nO+iXScKd3qqmHrdXcxf2ExZQr8QgTAsZOkb6LQ9kGQll0lBcFc +T2HlobzOaQktpF44C41zf2QpGDllbpyNT8VyQkI+CJ4pntjtKPkoPkxUeVlciFsm +7THqCGe0zQBWDnXFVfTKR12aRwkhjG+QCQyyaAaV8YztEsDI5SRCjykCgYEAyxAb +t/NTh9DBDrfJCkT21Rm9Ow70vhDaAyQLq3nJMF+BTXYDrnVMmFHCIHd+nbNP0CLs +cV/fWAF6626ko5B6ewPFQ4wXRvtNAiDNZSfeaZgvxCrvoDgVrHWhfwHSXWFqny0o +WHwIJJQvdkLW9BHwbpAQRoD1c2sy7pWIVTEyljMCgYEA0zZXwkUp/FzhWG2moANn +qzZI8N4nOpmnycnrkjiE+6Q27PsQIblrzCDmSnPnyqyiIasrWxgf1Mr95LsR9FmP +U9Ke/6tWmTR7H2e0HgqRO3LHtjCNhBVF1M6O7iN/Lzqk+gQqkUpGDaxVz1rnwgXX +6LgLAwNjFJJiYeBeHRbq98kCgYAwBdg4UbBgf0sY+vftmM+zKAorjGbvCDc25PBp +ljyxVvTSZ+WI/a6mmzdIzFnCW+S1OX0ndt/wBTGXuivvjryYmRSu29OpcscMiMtq +b9pWqKorP2g6QOlHRu5xhfHFKcO4b0qKWpLma7Epy7bgM9njm+htdBQYPrLl37FF +TIRFJwKBgGnZR5rm5iCrcIoAUMlH4/5ye5BPjHDn1NNv7Q7PZR9jhaEuoiBgvk6v +h+YVi9A9nhbaqS4/rumsNPlObeIw78713pendaWCjC4hA0urrJ4fElfuaIyZMyKE +FD64V78iaYVlmwKMJxZUnS1EFzb0XQZM7wxhB/i0wwjh+48rBHbd +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..4732113fa --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat b/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat new file mode 100644 index 000000000..4c95e2afe --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat @@ -0,0 +1,8 @@ +moon::ipsec stop +sun::ipsec stop +alice::"ip route del fec2:\:/16 via fec1:\:1" +moon::"ip route del fec2:\:/16 via fec0:\:2" +sun::"ip route del fec1:\:/16 via fec0:\:1" +bob::"ip route del fec1:\:/16 via fec2:\:1" +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat b/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat new file mode 100644 index 000000000..8a8af2ccb --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat @@ -0,0 +1,11 @@ +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +alice::"ip route add fec2:\:/16 via fec1:\:1" +moon::"ip route add fec2:\:/16 via fec0:\:2" +sun::"ip route add fec1:\:/16 via fec0:\:1" +bob::"ip route add fec1:\:/16 via fec2:\:1" +moon::ipsec start +sun::ipsec start +moon::sleep 2 +moon::ipsec up net-net +moon::sleep 1 diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf new file mode 100644 index 000000000..991d884db --- /dev/null +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b-ip6.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/init.d/iptables b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/init.d/iptables index 25074a0f1..b3509f8df 100755 --- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/init.d/iptables +++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf index 92388586a..e544e948f 100755 --- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup strictcrlpolicy=no plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.strongswan.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf index 40eb84b8a..4732113fa 100644 --- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/init.d/iptables b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/init.d/iptables index 25074a0f1..b3509f8df 100755 --- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/init.d/iptables +++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf index ed1eb39ca..58bc25b0b 100755 --- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup strictcrlpolicy=no plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.strongswan.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf index 40eb84b8a..4732113fa 100644 --- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/init.d/iptables index 25074a0f1..b3509f8df 100755 --- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/init.d/iptables +++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf index f78ba45e0..378e7bfd7 100755 --- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup strictcrlpolicy=no plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.strongswan.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf index 40eb84b8a..4732113fa 100644 --- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/rw-ikev2/pretest.dat b/testing/tests/ipv6/rw-ikev2/pretest.dat index dea60a040..7da0c1028 100644 --- a/testing/tests/ipv6/rw-ikev2/pretest.dat +++ b/testing/tests/ipv6/rw-ikev2/pretest.dat @@ -10,3 +10,4 @@ dave::ipsec start carol::sleep 1 carol::ipsec up home dave::ipsec up home +dave::sleep 2 diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/init.d/iptables b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/init.d/iptables index 25074a0f1..6c437fe03 100755 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/init.d/iptables +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,10 +45,6 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/init.d/iptables b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/init.d/iptables index 25074a0f1..6c437fe03 100755 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/init.d/iptables +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,10 +45,6 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/init.d/iptables index 25074a0f1..6c437fe03 100755 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/init.d/iptables +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,10 +45,6 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf index 20c58007c..f82f32d1d 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/rw-psk-ikev2/pretest.dat b/testing/tests/ipv6/rw-psk-ikev2/pretest.dat index 07b0ebd7d..e3040d125 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/pretest.dat +++ b/testing/tests/ipv6/rw-psk-ikev2/pretest.dat @@ -13,3 +13,4 @@ dave::ipsec start carol::sleep 1 carol::ipsec up home dave::ipsec up home +dave::sleep 1 diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/description.txt b/testing/tests/ipv6/rw-rfc3779-ikev2/description.txt new file mode 100644 index 000000000..1c2492d78 --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/description.txt @@ -0,0 +1,12 @@ +The roadwarriors carol and dave set up an IPv6 connection each +to gateway moon. The authentication is based on X.509 certificates +containing RFC 3779 IP address block constraints. All three hosts set +rightsubnet=::/0 thus allowing the peers to narrow down the address range to +their actual subnets or IP addresses. These unilaterally proposed traffic selectors +must be validated by corresponding IP address block constraints. +

    +Upon the successful establishment of the IPv6 ESP tunnels, leftfirewall=yes +automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both carol and dave send +an IPv6 ICMP request to the client alice behind the gateway moon +using the ping6 command. diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat b/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat new file mode 100644 index 000000000..4ed973ca4 --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat @@ -0,0 +1,14 @@ +moon::ipsec statusall::rw.*ESTABLISHED::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +dave::ipsec statusall::home.*ESTABLISHED::YES +moon::cat /var/log/daemon.log::TS fec0:\:10/128 is contained in address block constraint fec0:\:10/128::YES +moon::cat /var/log/daemon.log::TS fec0:\:20/128 is contained in address block constraint fec0:\:20/128::YES +carol::cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES +dave::cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES +carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES +dave::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES +moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES +moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES +moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES +moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES + diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/init.d/iptables b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/init.d/iptables new file mode 100755 index 000000000..b3509f8df --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/init.d/iptables @@ -0,0 +1,104 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + /sbin/ip6tables -P INPUT DROP + /sbin/ip6tables -P OUTPUT DROP + /sbin/ip6tables -P FORWARD DROP + + # allow esp + ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + ip6tables -A INPUT -j LOG --log-prefix " IN: " + ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/ip6tables -t filter -P INPUT ACCEPT + /sbin/ip6tables -t filter -P FORWARD ACCEPT + /sbin/ip6tables -t filter -P OUTPUT ACCEPT + + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..b4138be8d --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf @@ -0,0 +1,29 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/ + crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl + auto=add + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn home + left=PH_IP6_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP6_MOON + rightid=@moon.strongswan.org + rightsubnet=0::0/0 + keyexchange=ikev2 + auto=add diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..8e872d89f --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz +Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz +MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ +Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr +b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y +GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF +Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU +EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB +ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM +BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3 +OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI +KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK +AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB +ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm +uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud +rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS +Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA +MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX +fN8iF5kHn7S+Nd9ZFlf3S1w= +-----END CERTIFICATE----- diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem new file mode 100644 index 000000000..3243bc294 --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEojCCA4qgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzYxMloXDTE0 +MTIyMjEzMzYxMlowWTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3 +YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD8OrNy0w+T2 +cru3RQgskGCGppwpvLH/QZVHD/UbumxjKVTrz4FskqN39sFxDFDSre1bps+F7jW/ +zmOFe7c7jmZhK1mPnbviYTS4LXdo1j02pPeBNBk4b6VAIKPaYmO3UIoZZ4SPnnVZ +P7Aj3mU1ztsTbUQqgRmTsdfqiPaBNZ0zylWYPDOkTS+1sbRQHkgdZvw4fYno+Rd+ +hDK1scggL4kRg4uGvFojYciSxo5lC53Am4r8T2zI0aI6L8g57j4cX1XYQwM3tkHM +2BiCRM/c1wQc+vn+xp1oh/GYM4qoSoZyLTD9A0gqmbnF9//wvSmwpDpSkDoHZ5O3 +Ur6HZ8mByQIDAQABo4IBcjCCAW4wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYD +VR0OBBYEFL9rU6QFDLvUOEIFNZROVYWN5v++MIGMBgNVHSMEgYQwgYGAFCF/p+s3 +0KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry +b25nc3dhbi5vcmcwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC5zdHJvbmdz +d2FuLm9yZy9zdHJvbmdzd2FuX3JmYzM3NzkuY3JsMEIGCCsGAQUFBwEHAQH/BDMw +MTAUBAIAATAOAwUACgMAAQMFAMCoAGQwGQQCAAIwEwMRAP7AAAAAAAAAAAAAAAAA +ABAwDQYJKoZIhvcNAQELBQADggEBAHhgG8qqLZX3uXDVX9uBZM8jErI78pyL9F8q +ibTW5UPp+rbbMDY7tphBbFkg5Q0pzJhOzB6I6Oy/QWVVEC20DE7lhOpMu7auS3Gn +z1t6DCIDR9NYXtKs6UXcMA0PSQ1r7iHQWvtZ0uD998k6UQfZCCOwBbonng2DAp/m +FKkaCYiZmJw2YBwf+oVNLQp2fHI61uoguiiRQ4AV5Htho0z6MDqpMyrg2F7Uf2cq +kQY/ZyvMe8VG5KuiaMJPIMdJPnRED2R4qiyHe8eDXgGYHsNhkt7VHRRgo3izqIdG +1oCv+CHQ2XSK+4dA42U0Vw7V/ExmcLy99bZfCEZwNWG6Y/5Qwww= +-----END CERTIFICATE----- diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem new file mode 100644 index 000000000..275162721 --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEArD8OrNy0w+T2cru3RQgskGCGppwpvLH/QZVHD/UbumxjKVTr +z4FskqN39sFxDFDSre1bps+F7jW/zmOFe7c7jmZhK1mPnbviYTS4LXdo1j02pPeB +NBk4b6VAIKPaYmO3UIoZZ4SPnnVZP7Aj3mU1ztsTbUQqgRmTsdfqiPaBNZ0zylWY +PDOkTS+1sbRQHkgdZvw4fYno+Rd+hDK1scggL4kRg4uGvFojYciSxo5lC53Am4r8 +T2zI0aI6L8g57j4cX1XYQwM3tkHM2BiCRM/c1wQc+vn+xp1oh/GYM4qoSoZyLTD9 +A0gqmbnF9//wvSmwpDpSkDoHZ5O3Ur6HZ8mByQIDAQABAoIBAQCSb+WlFtpjtPPF +JUwxVzqz4Cx510gwkU+GzUemDGdvfZhsWjNEri7FGE70LQ9UPh5vGd2SmtmtZGrW +J4wjWus6LFYuCa1sl4BlzfFLTjqF8XLUm0twJITzfhVf6o3OmiIOSepBNNT5DaE7 +4R8NgxRU8bG5cnuEWF9VklBl8tR04/VHIfTHltt1p69aQ6UoECBLd+/8RBIj+L/P +TzXbgLJn7dT8DrOA9rv1p0G1reADwvclKfag4S/xyC54anRsmMNWQLE0D+QzKL29 +nXqU1wjIHBtgY7uM0svtyrMXiNi0XEBWqDdOMwCZ66TU6eGIzDDevG+q8PXmuW6v +NGxoipcRAoGBANJy4uNj2SnMTdIyoe0wFjmjntKb7DX2Ie0aZr3kygQ7VJUH6w7Z +mZXNhRf8CpaD20lnyqRjhgq1gwOrLZWpAajNPJ6uCHUVSI8+qwdMVdPSZyxRlal9 +gshsGofkiqEGa/5BW4+yDgi1C4BV+lmN8jn4ilKe4JvFGuz+F31ntDXlAoGBANGH +WKCq4u9MCxM2R2ESKkLM+vlTxRB4meMt6iPn9e0yJ1BVXTILRp7hfUwKc4ivI/SO +rc4UA3I5i6QR7TVPOVreqw/CDEmjQLhTSOWY3lHbNz1q53p8Yh6JdytaA4YYgm+I +pFL+Hh/UpPEAY1ZzsSP7KhBd7ViKblz7/Act614VAoGAXTkFJqNpZGmbI3zIXBBM +GBZR2Yu2dCTm3GgwkPfTQVKi4i2Sw45Cyagzx+8fJZOdRQQUMQPhMcc8FRjz5XLr +SEI6EzSWjH70GHgzPNVkw6NVjr1JJb5ye6PfkMj9W91DY2rCS4IdU2AXiy8K6jbF +0UY2x+iXKImEpuzbrPKOUr0CgYB1lHdGyj7JPKomYNpTfecbT34zdi/rG1J4Kybu +eVgHgJKRQSYoVC2QMUen6WGGPYp2za55K7/3VJWpP6oWtVuhQ71I/YL5u9Qw3APX +XB6+Xr80Bw7ZLH2/VzL5r+y0ToK75jkYnaP4BtN8rtQQCqJIZ8TmJF9xxVVDduCq +grlHNQKBgF06eOplOy8W7euuhvEfoxv05ZVjcFv3bFzlYPb0fBfq4Ziw97SzidH9 +Wbq3gujut9gJCKZT6BJfZtqrPeVhWp+S2SD3bDCsjNZLRBEdzdyRB5CpmDE5OQBH +EtzpR4nQa/2RJ7wRP/306PE1sQPtTpNvGIgBIUxWvt5gzyVhO1sG +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.secrets b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..fac55d63b --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA carolKey.pem diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..4732113fa --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/init.d/iptables b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/init.d/iptables new file mode 100755 index 000000000..b3509f8df --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/init.d/iptables @@ -0,0 +1,104 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + /sbin/ip6tables -P INPUT DROP + /sbin/ip6tables -P OUTPUT DROP + /sbin/ip6tables -P FORWARD DROP + + # allow esp + ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + ip6tables -A INPUT -j LOG --log-prefix " IN: " + ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/ip6tables -t filter -P INPUT ACCEPT + /sbin/ip6tables -t filter -P FORWARD ACCEPT + /sbin/ip6tables -t filter -P OUTPUT ACCEPT + + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..cc7e09b4e --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf @@ -0,0 +1,29 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/ + crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl + auto=add + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn home + left=PH_IP6_DAVE + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP6_MOON + rightid=@moon.strongswan.org + rightsubnet=0::0/0 + keyexchange=ikev2 + auto=add diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..8e872d89f --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz +Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz +MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ +Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr +b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y +GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF +Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU +EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB +ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM +BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3 +OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI +KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK +AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB +ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm +uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud +rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS +Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA +MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX +fN8iF5kHn7S+Nd9ZFlf3S1w= +-----END CERTIFICATE----- diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem new file mode 100644 index 000000000..dffbc67e9 --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEoDCCA4igAwIBAgIBBDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzczNloXDTE0 +MTIyMjEzMzczNlowWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dh +bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPLwvUPUNIZnbX +eyz8U0COp5RM7ZLFT2iJmSGxznZ30phUNHSy3WX9V8h2kQ2fBks2x0KYWEg8Lh2y +ggZipePRpuHRnZlcll5/HY/YOUgdV2GE6euNiWKcDB6uE51sxZ+on5KasI9EJMdp +hJpytYUFjx6pExsoqWMQLigrT6A4bYogkweOZHiUyHiqgtUQcHnmmKwxgeUAkZCb +00dk7CYnXNQZ1uHj/08TDwrS37SGXfWEIcBGEx/awqlF+s2HTI6zw7NC2HhQsiSp +Yo1nz8TBr/8XnO9KyYUg04TMkcQqBFDt/qiUswLRLapn9HSyd43BxaF+YuvJ1+ip +M4G05K1nAgMBAAGjggFxMIIBbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV +HQ4EFgQUJ/+79KP+Ea9vdAIMkUYx++cu6R0wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ +owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT +d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVgRNkYXZlQHN0cm9u +Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh +bi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNybDBCBggrBgEFBQcBBwEB/wQzMDEw +FAQCAAEwDgMFAAoDAAIDBQDAqADIMBkEAgACMBMDEQD+wAAAAAAAAAAAAAAAAAAg +MA0GCSqGSIb3DQEBCwUAA4IBAQBlOlqceKqgr0putV9fUf2vekg5QtZGDtHFUOTH +0gDIe2DJ60bWY5IXpjj2KtzRdoP448fpPaprrh8VEljWoVvAF8LaePKGggqwcG+D +Z7ioDYlnV1j+/NnbZGM/hPqa841dh5jesTuTAF2giMod6P6eMiiRcnl9X3ltgSWp +Ahk5C8CNYw+sISJcCHtFQHdKOM4QN7wAWksvpjMWkSDQgf/rnDUgW8DXAwX/9K4V +G2etJ6/8drpjB115p6h+GYz8xFG28/MSf9BqNX03dBs5oyko2+FgSrb3ACK+pAO4 +Cpi2NKZfUH+M7Loo4baI+f5iavpDjDfar8KTiV610DAp0W2S +-----END CERTIFICATE----- diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem new file mode 100644 index 000000000..e79cbdd9f --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAzy8L1D1DSGZ213ss/FNAjqeUTO2SxU9oiZkhsc52d9KYVDR0 +st1l/VfIdpENnwZLNsdCmFhIPC4dsoIGYqXj0abh0Z2ZXJZefx2P2DlIHVdhhOnr +jYlinAwerhOdbMWfqJ+SmrCPRCTHaYSacrWFBY8eqRMbKKljEC4oK0+gOG2KIJMH +jmR4lMh4qoLVEHB55pisMYHlAJGQm9NHZOwmJ1zUGdbh4/9PEw8K0t+0hl31hCHA +RhMf2sKpRfrNh0yOs8OzQth4ULIkqWKNZ8/Ewa//F5zvSsmFINOEzJHEKgRQ7f6o +lLMC0S2qZ/R0sneNwcWhfmLrydfoqTOBtOStZwIDAQABAoIBAQCW49qnnl6MMiPH +V6wxsKhJvP6i8Dt+fBDUdbQ2fPmG1teeK/357ojC89XJlGbpNHo+0OxNa65gNe3m +/g+MdOjw3auFMFRrPBBiX7NNdJpy1Brv5DVrhW1N3P3TJfH3MA7RjjYFdyVAKdEZ +pjud41mX7N4VoRacjJDbTeJveLRlowB2gPcxhNZlF6gPP1ZaHwR/b1+0qOTcsxj3 +hqC7zdmMM8UGQ38S3ba7dldlCVAvJgylRX+LPTx5x32wMntaSmBy0cdRqfHtznij +MZQnJiUuAvlQyjCbt0j7jycBZrMfgS+hESHaUG7wdJUraL40hlX2L4RfIyMtriwB +9Xe5fVABAoGBAP3Bphf6k/QxbCrVyyw3Q13MMug63bj3mqhjwOJUoEu+3O4+5Qcw +bIKEOxDFy82lwVHEnYU2tyxVcLBoXP0kMVkrWQIuDSPrneSQxIO1npBZTvBIvWSr +Yh3kJa15zlF4JxljwXfjLskInRlL45gBiG8FbSuDtXTxPJBtlrIHE0lnAoGBANED +/Ct5cocPPTYDGq7FxkGEOFoZM1OTsnL68NmcOhp69uWOAgNCIZEifYBz/SSx1ISJ +QjDdie3BQ0zp2CZe5Fujtz0oT4VPsrJUcND6fZnG79aA2P2S4tXOdVbElB4fOWuT +Sd1WOmgOFAn+B907PsP2BEh2BPO2/eqy3hN38PwBAoGAZzAJ9JJG+/PlAn4xwmcu +k8Pnp5vYcdDuKS93ThIPpP2WJaOZypSca26N/kIQoC2ZMUD8tSEM15Be5L1rotzG +3HXOGh7T5Rl4+WsNHmoKcrR+byOFMJyop3MRBzwS8/oiHCb+k1vkuIcyKwk7IaLt +8geI3zsN3OIEOM73iqlp5F0CgYBbSWFGX4l8oVQ7lcl+kZRQIv41o5H+K6ChhSXR +9OCPlirlAUuxvp1IdQbZJk9mSmCl7gjBrNBDzcel/O/RelpEB9HM3SE1+SPzrNuE ++hIHKpKvXaDnxtJZTQ2EcuC58ysx56c4CyQBNDzeTFuE7Q4xqe4e86SgCMkHS02g +tR7EAQKBgQCRoTsOFcCK2jXBhfcuwcrnrTJmf6LFxW08Mfl9qxKUjz20bx6jgv7f +TrRUHavmVrrGkAc6eTtoa+2cC5ffSBWHeCD48omb+DZGPF54UbEYyRUb5umKbfI3 +M3WiHTTpeTOx2MmPwiAHhPuaWMV9jWkRG01+wIX4HybGYeEAVHE9lg== +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..4732113fa --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..b3509f8df --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/init.d/iptables @@ -0,0 +1,104 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + /sbin/ip6tables -P INPUT DROP + /sbin/ip6tables -P OUTPUT DROP + /sbin/ip6tables -P FORWARD DROP + + # allow esp + ip6tables -A INPUT -i eth0 -p 50 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + ip6tables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow ICMPv6 neighbor-solicitations + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT + + # allow ICMPv6 neighbor-advertisements + ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT + + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + ip6tables -A INPUT -j LOG --log-prefix " IN: " + ip6tables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/ip6tables -t filter -P INPUT ACCEPT + /sbin/ip6tables -t filter -P FORWARD ACCEPT + /sbin/ip6tables -t filter -P OUTPUT ACCEPT + + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/ip6tables -F -t $a + /sbin/ip6tables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..4832bb89f --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf @@ -0,0 +1,28 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/ + crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl + auto=add + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn rw + left=PH_IP6_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=fec1::/16 + leftfirewall=yes + right=%any + keyexchange=ikev2 + auto=add diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem new file mode 100644 index 000000000..8e872d89f --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz +Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz +MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu +dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n +U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ +Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr +b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y +GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF +Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU +EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB +ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM +BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG +EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3 +OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI +KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK +AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB +ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm +uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud +rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS +Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA +MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX +fN8iF5kHn7S+Nd9ZFlf3S1w= +-----END CERTIFICATE----- diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem new file mode 100644 index 000000000..7f5f8d703 --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEuDCCA6CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG +A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzM1NloXDTE0 +MTIyMjEzMzM1NlowWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u +Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dh +bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTKaLLTmKX45Qm +RjIaBSxBwofzqqkZWtl1mu0cDp6rGWr//hC31OO9MbLeRZBX0UBtuKouceAjdrwG +aK7ChR0Ft+qlLZ6Z9BH2Dna4vTdESsB3Sn+uXuU4WNdwmmJuRBXfl/7h/Rt+34Cs +BP82/RtR4GVpS7u73iSLlN4RaeWdySTqhtYH4cKt1H9MiSbwwomwdLedQo3UoOeU +lkWPrzFKT3gzU4vHr1sgpbF54o/iBr5/YyJpUT9UVeDTffAEMxnAe8/Q/a3pgSLO +wJ3HnSvcSH0w8zuH1YXOtfmqsphkwVBJGiLzUHWlYxVIAoCKdrv4eoSJLqlL5b51 +vGkmL83RAgMBAAGjggGJMIIBhTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV +HQ4EFgQU5zzmRRlKa8+cm1g4RYg4lKNkQz4wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ +owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51 +eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT +d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVghNtb29uLnN0cm9u +Z3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEEGA1UdHwQ6MDgwNqA0oDKG +MGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNy +bDBFBggrBgEFBQcBBwEB/wQ2MDQwEgQCAAEwDAMDAAoBAwUAwKgAATAeBAIAAjAY +AxEA/sAAAAAAAAAAAAAAAAAAAQMDAP7BMA0GCSqGSIb3DQEBCwUAA4IBAQBVFKeX +QIH5Zk0dp/7u/V0TKqu5vZ9x6ZrshAZ9nzbLgmSP+++yDXmlQe0D0i2Men4D095S +smFqw1nMWM5oEPpP58+jhCOHzn7InMp+SRRBkX2j06wT9qbynAHiIun/qcdq13w1 +Fs0PiKVQZbbz72mwl9J3Hkj/JkLtOX00wMPqIFU6veeagGiwOW7KkehFUVqoD9+O +vgkHnUti2XzgskEGcEWmE1EYv7Qo0OdZB15oNoUV5i8WelfmWO+nz9/QKciATNoC +kAUVcEV9XY9sSKjazdyG6QfEd3l6lQ+KAt8MnqA89i0yIQ1lg+3Jfe67SMvM1gy6 +Y0Y2hqCja6SsIjVc +-----END CERTIFICATE----- diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem new file mode 100644 index 000000000..8295f97c1 --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0ymiy05il+OUJkYyGgUsQcKH86qpGVrZdZrtHA6eqxlq//4Q +t9TjvTGy3kWQV9FAbbiqLnHgI3a8BmiuwoUdBbfqpS2emfQR9g52uL03RErAd0p/ +rl7lOFjXcJpibkQV35f+4f0bft+ArAT/Nv0bUeBlaUu7u94ki5TeEWnlnckk6obW +B+HCrdR/TIkm8MKJsHS3nUKN1KDnlJZFj68xSk94M1OLx69bIKWxeeKP4ga+f2Mi +aVE/VFXg033wBDMZwHvP0P2t6YEizsCdx50r3Eh9MPM7h9WFzrX5qrKYZMFQSRoi +81B1pWMVSAKAina7+HqEiS6pS+W+dbxpJi/N0QIDAQABAoIBAQCSHbx1XB8jJSot +teMTWEMAmgCDHrN2RQQ2ueaaxI8MrED7NK4S1rBkCVDRN2ejLLudcOvpyYikYZPI +B4XuOjgT7ejjNYcK1vXawrVqLhxhGCzIHvftC+MnM2qYk2vLCzfriXyomgD9sOCT +p72GKmxOIq1pyCr228eEApYLjLCDlhso3PrCo7recUq7f56rLjvb4gfcfor6mJUd +yIppZUnDFJnsRXup1G4L9Y9RNYtlkcDqem/Q49d5+AHCYH6R8YI0Iz3JnzZjalsq ++IA6RJqHBTeOpiyCmHlUmVE/3YUm8n7w7RRngMOLjKdiTKHT+8EcHmyUorqW3Yea +zCIe5C6FAoGBAO23egrSbamyWXcIOqx1GX9gzYmQ2nSKYUtRhsE8eNErw0zp4FKv +AA7CAmoWEzjDJPSkUzDAajoZiH8+DIZ4IkwKbYjtq0vr1yCbx/PBKVN/JHGZ/Ao/ +dc/lQrNseza34NBrREN/gUytjefFMJ4YStSZCMuy3gP1Fqk6YCy/dObbAoGBAONn +UqjmZYqoK0+jnGWdPOtXZ4bu8UoHc8/1MaVn3pq8bYh3PayFKpDKtcD1ZeXHCxL2 +1Y+Eid/DoZ2/RZbxT2mhi2mVZZCWc0xuML3Vz0B9bqi3ZfRLVP2u87fn//mGrD+9 +yy9PeIBv8UvjOhev6hZDBhPAVMsyjiw+wSX6kW/DAoGBAMBcrbSeLcGZok3xadFu +fPCXvBtrDWwrIqpZUauDLN1PBZ5yz2T5WhmXI28HaAyR1ZDmfK9BtXRIfy1AX9Bc +3JweAB9C/E/Wi+JGTVrR34hCpZIMImmEiuhtxDj/OwG/cHwXoUjhoBcVhnScHEiC +reM152k21/Pp26mbpIHxeD7rAoGAaRy4S5P7uaTUKEKzJxEQOKQ1GVzXMWXSdXyb +zx38+j9AzgR4AIepTjY03xVPXW+swb5Qpr8Xz9Oon7bq3sN59pSSUWKaCMRSVTDV +3Nm4q9GO1fO377zmc0BsLUTSwC8s7WW4Ro0QYSXdPjuw/YP1ywZ+B6EuUKJ0ryTu +uLRih2sCgYBm15N97b7Rp+aAti045iBla9/KH8z7szczIndpFWR4wjaI9tt0i9GR +OZs7LFq0MYdg8JiXITyVcuqsUbdAP3TvsXGDHdatbDcrXM/DYuP6dPqMuGBKdnEn +gIFT1z8mhv4Im3JKpuckMrIQ5vWhljcRZgiEJYZfEAkLJo7ePG2VzA== +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..4732113fa --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown +} diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat b/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat new file mode 100644 index 000000000..07e89d7da --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat @@ -0,0 +1,9 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null +alice::"ip route del fec0:\:/16 via fec1:\:1" +carol::"ip route del fec1:\:/16 via fec0:\:1" +dave::"ip route del fec1:\:/16 via fec0:\:1" diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat b/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat new file mode 100644 index 000000000..7da0c1028 --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat @@ -0,0 +1,13 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +alice::"ip route add fec0:\:/16 via fec1:\:1" +carol::"ip route add fec1:\:/16 via fec0:\:1" +dave::"ip route add fec1:\:/16 via fec0:\:1" +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home +dave::sleep 2 diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf new file mode 100644 index 000000000..80cf5e3a1 --- /dev/null +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d-ip6.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/init.d/iptables b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/init.d/iptables index 25074a0f1..b1e7073af 100755 --- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/init.d/iptables +++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certficate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf index 7df72bd4f..0d9e275b7 100755 --- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup crlcheckinterval=180 plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.strongswan.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf index 40eb84b8a..4732113fa 100644 --- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/init.d/iptables b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/init.d/iptables index 25074a0f1..b3509f8df 100755 --- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/init.d/iptables +++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/init.d/iptables @@ -37,9 +37,6 @@ start() { ip6tables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT ip6tables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - # allow last UDP fragment - ip6tables -A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT - # allow ICMPv6 neighbor-solicitations ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT @@ -48,9 +45,9 @@ start() { ip6tables -A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT ip6tables -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT - # allow crl fetch from winnetou - iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT - iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + # allow crl and certificate fetch from winnetou + ip6tables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP6_WINNETOU -j ACCEPT + ip6tables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP6_WINNETOU -j ACCEPT # allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf index b306ec666..26949985e 100755 --- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf @@ -5,6 +5,12 @@ config setup crlcheckinterval=180 plutostart=no +ca strongswan + cacert=strongswanCert.pem + certuribase=http://ip6-winnetou.strongswan.org/certs/ + crluri=http://ip6-winnetou.strongswan.org/strongswan.crl + auto=add + conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf index 40eb84b8a..4732113fa 100644 --- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf @@ -1,5 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + hash_and_url = yes + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/ipv6/transport-ikev2/pretest.dat b/testing/tests/ipv6/transport-ikev2/pretest.dat index 3536fd886..7e97e7783 100644 --- a/testing/tests/ipv6/transport-ikev2/pretest.dat +++ b/testing/tests/ipv6/transport-ikev2/pretest.dat @@ -4,3 +4,4 @@ moon::ipsec start sun::ipsec start moon::sleep 2 moon::ipsec up host-host +moon::sleep 1 diff --git a/testing/tests/openssl-ikev1/alg-camellia/description.txt b/testing/tests/openssl-ikev1/alg-camellia/description.txt new file mode 100644 index 000000000..915e6c211 --- /dev/null +++ b/testing/tests/openssl-ikev1/alg-camellia/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the cipher suite +CAMELLIA_CBC_192 / HMAC_SHA2_384 / MODP_3072 for the IKE protocol and +CAMELLIA_CBC_192 / HMAC_SHA2_384_192 for ESP packets. A ping from carol to +alice successfully checks the established tunnel. diff --git a/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat b/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat new file mode 100644 index 000000000..a3360e5a5 --- /dev/null +++ b/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat @@ -0,0 +1,11 @@ +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ipsec statusall::IKE proposal: CAMELLIA_CBC_192/HMAC_SHA2_384/MODP_3072::YES +moon::ipsec statusall::IKE proposal: CAMELLIA_CBC_192/HMAC_SHA2_384/MODP_3072::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_384::YES +moon::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_384::YES +carol::ip xfrm state::enc cbc(camellia)::YES +moon::ip xfrm state::enc cbc(camellia)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..c226d97d0 --- /dev/null +++ b/testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=camellia192-sha384-modp3072! + esp=camellia192-sha384! + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..85684b1c9 --- /dev/null +++ b/testing/tests/openssl-ikev1/alg-camellia/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = pem pkcs1 x509 openssl random hmac curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..e26d972f0 --- /dev/null +++ b/testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug="control crypt" + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + ike=camellia192-sha384-modp3072! + esp=camellia192-sha384! + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + rightid=carol@strongswan.org + auto=add diff --git a/testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..85684b1c9 --- /dev/null +++ b/testing/tests/openssl-ikev1/alg-camellia/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = pem pkcs1 x509 openssl random hmac curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/openssl-ikev1/alg-camellia/posttest.dat b/testing/tests/openssl-ikev1/alg-camellia/posttest.dat new file mode 100644 index 000000000..c6d6235f9 --- /dev/null +++ b/testing/tests/openssl-ikev1/alg-camellia/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +carol::ipsec stop diff --git a/testing/tests/openssl-ikev1/alg-camellia/pretest.dat b/testing/tests/openssl-ikev1/alg-camellia/pretest.dat new file mode 100644 index 000000000..6d2eeb5f9 --- /dev/null +++ b/testing/tests/openssl-ikev1/alg-camellia/pretest.dat @@ -0,0 +1,5 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +carol::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/openssl-ikev1/alg-camellia/test.conf b/testing/tests/openssl-ikev1/alg-camellia/test.conf new file mode 100644 index 000000000..fd33cfb57 --- /dev/null +++ b/testing/tests/openssl-ikev1/alg-camellia/test.conf @@ -0,0 +1,22 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" + diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf index 9836736c3..85684b1c9 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = openssl pubkey random hmac curl + load = pem pkcs1 x509 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf index c4211619b..3562ddc67 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl + load = aes des sha1 sha2 md5 pem pkcs1 x509 gmp pem pkcs1 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf index 9836736c3..85684b1c9 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = openssl pubkey random hmac curl + load = pem pkcs1 x509 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf index 668998653..2247496db 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = openssl pubkey random hmac curl + load = pem pkcs1 x509 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf index c4211619b..3562ddc67 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl + load = aes des sha1 sha2 md5 pem pkcs1 x509 gmp pem pkcs1 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf index 668998653..2247496db 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = openssl pubkey random hmac curl + load = pem pkcs1 x509 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf index 9836736c3..85684b1c9 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = openssl pubkey random hmac curl + load = pem pkcs1 x509 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf index c4211619b..3562ddc67 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl + load = aes des sha1 sha2 md5 pem pkcs1 x509 gmp pem pkcs1 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf index 9836736c3..85684b1c9 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = openssl pubkey random hmac curl + load = pem pkcs1 x509 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/rw-cert/hosts/carol/etc/strongswan.conf index ef1b92f3c..e4d41df39 100644 --- a/testing/tests/openssl-ikev1/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = test-vectors openssl pubkey random hmac curl + load = test-vectors pem pkcs1 x509 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/rw-cert/hosts/dave/etc/strongswan.conf index 825f6fee8..2da706ef7 100644 --- a/testing/tests/openssl-ikev1/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = test-vectors aes des sha1 sha2 md5 gmp pubkey random hmac curl + load = test-vectors aes des sha1 sha2 md5 pem pkcs1 x509 gmp random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/rw-cert/hosts/moon/etc/strongswan.conf index a3ad70a45..1531d9933 100644 --- a/testing/tests/openssl-ikev1/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev1/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = test-vectors openssl pubkey random hmac curl + load = test-vectors pem pkcs1 x509 openssl random hmac curl } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat b/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat index a1f9f6a8e..f1b33895b 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat @@ -1,16 +1,16 @@ moon::ipsec statusall::rw.*ESTABLISHED::YES carol::ipsec statusall::home.*ESTABLISHED::YES -carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256::YES -carol::ipsec statusall::BLOWFISH_CBC_192.*,::YES +carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES dave::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128::YES -dave::ipsec statusall::BLOWFISH_CBC_128.*,::YES +dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES +dave::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ipsec statusall::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES -moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES -moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf index e10230384..97526cf99 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf index e10230384..97526cf99 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf index e10230384..97526cf99 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } diff --git a/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat b/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat index aad3becc7..d77c4806e 100644 --- a/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat @@ -2,8 +2,10 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES moon::ipsec statusall::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES carol::ipsec statusall::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES carol::ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES moon::ip xfrm state::enc cbc(camellia)::YES carol::ip xfrm state::enc cbc(camellia)::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf index c110dd516..dd817a963 100644 --- a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf index c110dd516..dd817a963 100644 --- a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/openssl-ikev2/alg-camellia/test.conf b/testing/tests/openssl-ikev2/alg-camellia/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/openssl-ikev2/alg-camellia/test.conf +++ b/testing/tests/openssl-ikev2/alg-camellia/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf index 81dfac334..52a4e0d52 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf index eb0ba532d..20d891cdc 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf index 81dfac334..52a4e0d52 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf index 81dfac334..52a4e0d52 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf index eb0ba532d..20d891cdc 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf index 81dfac334..52a4e0d52 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf index e10230384..97526cf99 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf index e10230384..97526cf99 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf index e10230384..97526cf99 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 4e8a1219d..06480bae6 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf index b946aa004..ab6f08e2d 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf index ebecace94..dbb64dbb4 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors openssl random x509 pubkey hmac stroke kernel-netlink updown + load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown } libstrongswan { diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf index 40eb84b8a..06b1e9f48 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown } diff --git a/testing/tests/pfkey/alg-aes-xcbc/description.txt b/testing/tests/pfkey/alg-aes-xcbc/description.txt index cce0e1cd6..c71d7493f 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/description.txt +++ b/testing/tests/pfkey/alg-aes-xcbc/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the ESP cipher suite -AES_CBC_256 / AES_XCBC_96 by defining esp=aes256-aesxcbc-modp2048 -in ipsec.conf. The same cipher suite is used for IKE: ike=aes256-aesxcbc-modp2048. +AES_CBC_128 / AES_XCBC_96 by defining esp=aes128-aesxcbc-modp2048! +in ipsec.conf. The same cipher suite is used for IKE. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat index 5217c18df..24e36eb77 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat @@ -1,9 +1,12 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES -moon::ipsec statusall::rw.*AES_CBC_256/AES_XCBC_96,::YES -carol::ipsec statusall::home.*AES_CBC_256/AES_XCBC_96,::YES +moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES +carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES moon::ip xfrm state::auth xcbc(aes)::YES carol::ip xfrm state::auth xcbc(aes)::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES + diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf index edd0aaaf8..33e6a842b 100755 --- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! - esp=aes256-aesxcbc-modp2048! + ike=aes128-aesxcbc-modp2048! + esp=aes128-aesxcbc-modp2048! conn home left=PH_IP_CAROL diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf index 18618929f..208477deb 100755 --- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - ike=aes256-aesxcbc-modp2048! - esp=aes256-aesxcbc-modp2048! + ike=aes128-aesxcbc-modp2048! + esp=aes128-aesxcbc-modp2048! conn rw left=PH_IP_MOON diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/alg-aes-xcbc/test.conf b/testing/tests/pfkey/alg-aes-xcbc/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/test.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/pfkey/alg-sha384/description.txt b/testing/tests/pfkey/alg-sha384/description.txt new file mode 100644 index 000000000..2255fe8fb --- /dev/null +++ b/testing/tests/pfkey/alg-sha384/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +AES_CBC_192 / HMAC_SHA2_384_192 by defining esp=aes192-sha384-modp3072! +in ipsec.conf. The same cipher suite is used for IKE. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/pfkey/alg-sha384/evaltest.dat b/testing/tests/pfkey/alg-sha384/evaltest.dat new file mode 100644 index 000000000..31bb64c5e --- /dev/null +++ b/testing/tests/pfkey/alg-sha384/evaltest.dat @@ -0,0 +1,11 @@ +moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec statusall::home.*INSTALLED::YES +moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +carol::ipsec statusall::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::ipsec statusall::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES +carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES +moon::ip xfrm state::auth hmac(sha384)::YES +carol::ip xfrm state::auth hmac(sha384)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..d38b7dfcf --- /dev/null +++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes192-sha384-modp3072! + esp=aes192-sha384-modp3072! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..0768c2bb5 --- /dev/null +++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown +} diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..ea84cd8a4 --- /dev/null +++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes192-sha384-modp3072! + esp=aes192-sha384-modp3072! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..0768c2bb5 --- /dev/null +++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown +} diff --git a/testing/tests/pfkey/alg-sha384/posttest.dat b/testing/tests/pfkey/alg-sha384/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/pfkey/alg-sha384/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/pfkey/alg-sha384/pretest.dat b/testing/tests/pfkey/alg-sha384/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/pfkey/alg-sha384/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/pfkey/alg-sha384/test.conf b/testing/tests/pfkey/alg-sha384/test.conf new file mode 100644 index 000000000..acb73b06f --- /dev/null +++ b/testing/tests/pfkey/alg-sha384/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/pfkey/alg-sha512/description.txt b/testing/tests/pfkey/alg-sha512/description.txt new file mode 100644 index 000000000..bf79a3bff --- /dev/null +++ b/testing/tests/pfkey/alg-sha512/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +AES_CBC_256 / HMAC_SHA2_512_256 by defining esp=aes256-sha512-modp4096! +in ipsec.conf. The same cipher suite is used for IKE. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/pfkey/alg-sha512/evaltest.dat b/testing/tests/pfkey/alg-sha512/evaltest.dat new file mode 100644 index 000000000..e0f5fb7a3 --- /dev/null +++ b/testing/tests/pfkey/alg-sha512/evaltest.dat @@ -0,0 +1,11 @@ +moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec statusall::home.*INSTALLED::YES +moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES +carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::ipsec statusall::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES +carol::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES +moon::ip xfrm state::auth hmac(sha512)::YES +carol::ip xfrm state::auth hmac(sha512)::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..583522d1b --- /dev/null +++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes256-sha512-modp4096! + esp=aes256-sha512-modp4096! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..0768c2bb5 --- /dev/null +++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown +} diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..40fec93c0 --- /dev/null +++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes256-sha512-modp4096! + esp=aes256-sha512-modp4096! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..0768c2bb5 --- /dev/null +++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown +} diff --git a/testing/tests/pfkey/alg-sha512/posttest.dat b/testing/tests/pfkey/alg-sha512/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/pfkey/alg-sha512/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/pfkey/alg-sha512/pretest.dat b/testing/tests/pfkey/alg-sha512/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/pfkey/alg-sha512/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/pfkey/alg-sha512/test.conf b/testing/tests/pfkey/alg-sha512/test.conf new file mode 100644 index 000000000..acb73b06f --- /dev/null +++ b/testing/tests/pfkey/alg-sha512/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/pfkey/esp-alg-null/evaltest.dat b/testing/tests/pfkey/esp-alg-null/evaltest.dat index dc50f11e0..d5c0a64c4 100644 --- a/testing/tests/pfkey/esp-alg-null/evaltest.dat +++ b/testing/tests/pfkey/esp-alg-null/evaltest.dat @@ -1,7 +1,9 @@ moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*INSTALLED::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::NULL/HMAC_SHA1_96::YES carol::ipsec statusall::NULL/HMAC_SHA1_96::YES moon::ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length::YES diff --git a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/esp-alg-null/test.conf b/testing/tests/pfkey/esp-alg-null/test.conf index 2b240d895..acb73b06f 100644 --- a/testing/tests/pfkey/esp-alg-null/test.conf +++ b/testing/tests/pfkey/esp-alg-null/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf +++ b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf +++ b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf index db6fa7486..0768c2bb5 100644 --- a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf index 8ee0ad955..867d256bb 100644 --- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } libstrongswan { diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf index 8ee0ad955..867d256bb 100644 --- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } libstrongswan { diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf index 8ee0ad955..867d256bb 100644 --- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown } libstrongswan { diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/ipsec.d/data.sql index ca813d44f..9afa1b15d 100644 --- a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 202, X'985c23660cd9b9a7554da6a4aa31ea02230fd482' + 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol@strongswan.org */ - 1, 1, X'308204223082030aa00302010202010a300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3035303130313231343331385a170d3039313233313231343331385a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604145535eca6eba279baef887f18438fd227b16746d1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010405000382010100b1304a7e65d72573468853e8cedd398bf3581cc1e6b4054b9c8d97c3caf0929035dc5e274e7b3fa5fef52e7860bb06aab5ba40c5f1ca55806b4cd873f133ded948b3c89cc81621e2eadee5fc893b48a34e4462a45ab09c41200918f68ea36babfacf4099aa349b8b65841eb1e416b90e4eb462edd786cdb0008565633a701fcd2c416ae8e4754c5bea3181736179aa901e5526c4fac031ce649d851c85ded514c25e3269b0739a879d273950e1a9ea8341b5e1049c07181792ad37da02aeccd555c56469e8e15a9e72860b520dbec05662d37adb08d79575e133f338b0116198fa5fb556fe02682bd634aca535f6750b0daa123f5ad36f2e67caa260587f1aa9' + 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad510203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604141fa1a988d9648cb5a0a2546439b4f23d745d6e7c306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b05000382010100bca6a5f72ab4b329eba519dcf2740578846c180775a2074da82769e1e4c241bbb2742a7e08564bcb507492661491c71e79b5065f758aad5d54bb66ec86fbaad5eec6f9f794884707e42c07636efbf4c99225e31c7c8f9d0adf2311fbd6975b535218f1246fc06305432b1769231933aaa26a3c388cf2237ebdcfd909aed1219d2dfb9c771da5ec190b5c077167c9eb077dc319b3d9d5579a05502f60635ddfc17292c56880b887b8cc5d0e455118e753b2bdc526b84fc3e947a16b42139c218057029f781a233c26a98a641194a5e3feddccb88b70d5d7c2b2afae10e17665ce164294d138dec80caa25fcf1d737ce7a43cd3ed3e758fe77ef6445fe59d06391' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 1, X'308204a30201000282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a063702030100010282010100a7870abc1f85c061858dd7baae24f61947abaa41f0e6bd85f9c83f28b175e980d0bc168f76cf6c199f18def3afbc4b40c0edb2d7accb3834cfc7bd57234d3c5de4b707ac737ea3478144255079761581f9cbdc41ff72809ad90ba069ad2ae7cf7057e29ee4f7a4e40c890c75de826c8768da16e9072af0bd1db6282902ade34cb1b9c3fdd00a8f0330328e18d477009ac5a43952fe05b7257b8b4e7f8f5288e858ef56ea3a031980d38b879e6327d949a8f3c19bf379c1297b3defc0a374a6ea6f1c0e8124247c33392ae446081f486f58bb41cbcba25915d37eefe0828408f7f679841588424ef59b6dee30805b926fa80e7ff57cb4817167ca72bf51c8cf9102818100da567b0cbbc426e4455ffdd1b8013644d9f47785b05b163a0155c81d57c0cd84fe73aa75125caf116de50b7adc369707ed91127db7d4422bb08cff5ddf91f4a0e5fb264e098fe6fe62f8a2ab933eeac41893f365d8165f79143855b5a5b7dc31c9b34a9d453ee7c8d7b24f89e3ed51bfeadc2e1102308a967b241dfb44c8ad6902818100d7dd78437c533a15fd1dd6b0634334e79c31d215017f5a8869e42cbada3fb09167585e087e72f91575441f7cca9a64246df57f0e45f1ae86a289a4307586aa1cc3cd069c65057cc3b0baac3634064e53179bde9af2531a5af2770a1d7ccbdc263f18299ad2ec0d224b718002633a546af74c7cac72ccdf253ab4370137bf829f02818063b2f5c15cc43716296fa9d167fa75b37eeb18e0dd24dac365f4abca6a55ca031ec5e6624b1e337afbf9890273282253267206458df9c8b5768b0bd8ebcc142e9c95d069f607d5ecf7789d9f473f85a841a8dd8df5dc518052715f01f14841ae22725271fa3abd5082de135fddca7277f660d05047f5ae73048bfb7ccf6deb7102818028b2b4ade48ebc70d0dc03521624e1a0992e3b71826ac462dbb40d4add430cc31d3ce7ddaa197b24b48b37748bae381b363006d8660f7edc1b60dff7d2f0a4b9efa0841290694c7088ad69327ef48167e1179e0c908b6278ab260e5e28dd36906f6cdacb39e10f48dbf8762dfd0f4e432c84db2c98285019f0cb7163656351f902818042a7d7d7f9416b3f3b50cf5815dfbc249cd3572e494c76d1ae99dc1e8bc63fbb32e5c18d5c4f90681e9046999cdcf0826f904350b9d67227f606382d9c7b3b1332d22744b2cefa691ab82dbec8e976a406b0902d0f4889392f80d39e2581ac42feed9085964650485e34811b04fa1f34c47cde5cbdd1d20f30111851a3c187ca' + 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad51020301000102820101008a86f560a12fd9b2c6b5646395b757db116b7108c1ebe399f3a43275f213d0f4b743a5fa9e1a0dee1823f6b30f984b3ecf0b20330e8aa7515d1adf7fe6915d1a0e17e6a0911cf4823ef5fe6adb8c6f3a86da86d9579f1b6dc622bd4320e79fc411e1a72360e4e1023ce8d60df2aa5cf3a420361ba5bc9b34f6d8e578fc8067aef457ff2a5a91f7c7c8a4f242cc46ab1cff18d6d1a4d8b82b5791df1f18a04b8cb2da235c3a795900fa7ffbbcb4b1d079a504673794eeca5e75c8c16ad2558965453515f57180b8dc518710aa874cd3bcdeddf109d5b553c27a351437f9c1bcdf8940f3ff8632dd59f6c8e01107b4bbf49c6c5409b6e9ecb29eada333800fa5d102818100f5537045d067df4d786df67e1cfea01ce3ca6de3f06be48efd8b4dc48c1ec19a711003875ee202343c851c8f970d2160a2e4d1108da6437af6bccfae803f61fc450582a89aa0906cba65fc7033aa584c1a2a17e96b2f368951aedaa5261f6e1c14999cfa7f4c4091890eff281cb4e6f37209f4b6d5778607caeca0a15137746d02818100d96e379ba5b4ed604d84a7ed71678a1f23391b749a697289bd3bee5d17985af89264f5ec35d3e37b1e44d6fdafec8a78ae199e0bb680f59f9800bb894ba5b31ee964f3ddc142f361835cf49a1edb75330f44f33c26c56e0752ae3fe0df760838b6437b99a131cb544d64da996baf3bc3f5709cc75f134b048cdebbf8bed1a5f502818017e2d8e2a34909cff432d8b62cc289fa661f7695a3fa0d55f2cfd67195a704f8b19b7a8c7aab8cc563431ea5c87249d6abe595898411352ecac9557b4b1760c5fc3e6e1b567addb5086d17a8210fabeb34fcf6390eeb98e6c3e23f7da6f99671fb7b7d725264ad40be548c796e5a1ac6874afaddb6691dceb26e59b17b43e7fd02818100ac90cb559f089fb56510b9eebba8bf78c30dd9fa8b6ad15afc738a551c1af1688357d9cea5520c2374fc91dd3a38f4159fa7f945b68d576458d18c0605a1f72dbb734211680768fea5b1aaf87f31122d7a1af12976640f55848b836b482f778afb2d47f5c077b2b6afce31a8be4c8f949141d54c6eeaf309237ccb973a6b4dd902818025ec4178c7f7c017c46a93fbdb72e2e3b199ae33c9fa6834f81b75b481cd6756124c744c821b126b07ea9852dc58de40cc87f160209d8af3b4bac4862778d3e21cbfdfcdbbfaad8911500f43a43041b88eefb27c66adfffeb9c8add95d1a4ed05f0bd81a4eda79fd4a0885a4a3bad0dcddecf83401c19df721d6cc7163c4125e' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/ipsec.d/data.sql index 5233806c7..425c180a1 100644 --- a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 202, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25' + 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave@strongswan.org */ - 1, 1, X'308204223082030aa003020102020108300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131323635315a170d3039303930393131323635315a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414de90b5d11c6c643c7450d36af8886ca31938fb72306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d0101040500038201010027a2d727384d2d2432f2f15875fa7693db3af1c7d5317cc21e1658f0843a918875d22c301b08e9c05a8aa3f02f6b8ae6705bb508988210f494fd19d92db786db21c1b6e6b18c0b7baa3fbd427da033fd2c08659daf9bc26dd99cf348c1ec139a9b8c32110199eaea08913f6b3a3d5b0c3d2a6f1f7e2c45b13452858949db416493f96dbf93e2173d81f99bc937b0c0c9e3874f4a90626a571295502ff5cf553dcdbdd7d4673dcbecc8ebbfc3e3ac0ce8a75120d6aa3dd2b6e9a61114cfbf0cba137c5934eddb32cfb96dd02fbf8adc903afa5f8d5959fce7a94fdd9e5a7a3816e35126e50fe7f818887bd2b2365b6b3a86d36a86849e9582d193e6a20b513988' + 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414ee7f38daeea1b81a41777f78f2674be8439d8e0e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101003201bc6ba4cb53011c378ef070b9aa5a1d79d3a69cfe4e45b27d7569813c2d3e57f7adb84f9380e3853db28323132356b3a2a3eba1fd9a05b0eb0e57424903ec64072ecce76bb8a28ca36090c202ee0455cbf89517d21888a454b56591c0d9a0cac94c383b20033af0d4f2bd7f5a2c116fdd537583fd9c4bbda8fdf4934be4520f0309b0a63c8d7f3156b157387d2d1005c8e1eb9ca4825c6ee84ad995166d987f7a44e074b55ba0eda269b23eceda503e5701a41daf70d8288fd36b3a14eade60d9a12a8a0bbea63d8caa4e62749931e55085bd45358650a1c97e8d34d8c936757abb9622b9ab5c758421a424c1b319c1a0cfb0d01bcd38297ed4f760132d4a' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 1, X'308204a40201000282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b696228644502030100010282010100903fb9caa2d8cd5454974a0e12bfd1fad5750e95ac58e462954194c4fcfed690130844e1186d7a04df9a20e2d62f26d20ba17f8a6a990b6bb0a788a0d2b7527b654fc38adaf2372eaffc7b036178c4639e63a84042f02993c8ac25ddf6b43ad34413b396b0a5c2e05c8c274db1ee025bf5fa9ad7fb9d5e75ed044606974835c7fbc39ae84b80acaae9e9624e6fe8ac0ca318ad8a7d1c6ed3a79261464e6ebdb9c02ef20cb1c206c58718d542ed9cb1428c5c3cebbd58dc25598bbdd9924c75fdfeac881949e5f10a7dd4dc25800bdb4bd479ca0bfb706f25847361b2d2565a412813273691b4a3a5a814dce52cdbe25d626e6c9e000ecd6a75cac275187e265102818100e596d3ee25cd98563b12bf718c0ce7e7a823ae8c84f1021552b6b0bf220b7e012861510ab49d612fe7ba05a202edf4927201af0f33f4137481811f884fc46723f94db8ed69b283376f3141ad7e6f0f52afee60e537111c5bd94642564981a822e54edb6797521fb5870c772993ff517ea9c24adcd9dc502f1364d26a3f05ec4f02818100dd3f81e8a4f463488db2b048f2ef208c1c98ee136636b6449cbd3424c93ab25916908823a1ef3a23b4798c77f92a3e29b9469f8014c6b862e23ab5fe6000f9552de01f72c0a1fcc731b0867a3bf1d27596fc9da6ecd74931ce120b1687d2a67b4e4fb32b7fb750b46645aa38ab011a4d5fedd53d20e5ae3a4a5551b6cc5f5d2b02818100ba744b9954ca2bb59c341596398f21a7593de13bed9b6d7db3b6fac3befa6652ba608e588b6664cf6afa00291b07f5601986948d5c3c14b0c19c03e7c82051433dec890b06941b4ca1d8f6e5d7908a7934b7fba92b9791d86614513b9266e20db4fcdde2bb59ceb6b5fec1a7dab1b7958e786424082a8c542f03ea7eaec038b1028180055e2312b7ddce02d69d3d35a7df3154f4e4a8f2038ad44539e0454197383b5779faabb2e19ce236378cb361bdc3ce9a488a74183168d8d45d54bb519e96a775ef94fe6e544a19cde360bb02802dcfc356946e66bc5c44c456918d7f507045e5bbf2a710291b13742cff07b03445e49377fe572c127e4009ddffcfe9b56fa2dd02818040d41f525d885c951dca35924f46e4e7f4e43f4ea2e670230deb674884f5b8599a368b1647dd87523c4fdb62661f6543edecc9ce48d4a7b8b2a29de21fd438a9cf4823b92c85180b390c4f8dfbc196628d349fed1edd32cba5c063e2739d2153d3677d4815e55b8b4e9d0989b32cf0060de2ded4cd59edf6a4364cb55aff9276' + 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001028201010081e2de1d60f294f715c39d5e03f9b8e2ba4bc44099f77b917b67d76845eba48302714256982239021ba99918ce87d3ad3707ce248d1ccc5a4cb0fb61e7161c90b35a2637f0bb600d42f64cabfc64c58168d337b609344b81851a4471db8ce11e794c62d714af1bf13caa1d40408ef3a8e2a8bf04ed4a87a4a9be47f5becf3777d7254cf6ab0ff4f3e109235334796b030a1e03951a0ae64e224b3226a8e99174825eaa877efbc5cde0cd075687a9086f645654bda547f8927433f8eecd9ecfcb9b30ed6ff66bb4e5b7341f9626095798e279338e554045d0ae3ee94a1f10644ad88f10e7e7199923d45d5f8df2283859c3f4c41262426e654a04e895a21bb40102818100ea2e632ed6d314655c64eb6a18d4f492fea379ca091426bd7f381f1cbd7f1f79b73d694b9538ec693b245992f6a2a1b292279db9698eac40e43df3aa83b682ca5ab60ed07d02692e16c65cba91ee9aa9f768db2be9a1e0a213a93651a6886dcd35aa3f116ea73287a39a830cc2779bc02b9c8566c4cf8cd25ce99fa030ab965502818100d1ec351dafa33fff13a64c4a980a6f697735e705c1dc2a410b738210f4c059cd058579e4324d46e5bb0c1e6df4476d1a00206f66cf1be23645db193c69cbd04539f87e2b3f4617046031a1575a16a8e71b998844df2601d9d67958421f75c19943f53857b56a08583320b48a85def15b75c9ac5e4a232363824ab666b60ca0a102818100879dbf8083960fccb75a165f05ec658aaefe7aec3e9fb5e3adc611767263291632c0d4b699bf3261aa875d7c576a4d5bfd7a05c4375611792ef495a4dccc182819aa2f201c15065653882271454bb9b3ce7ca1d8675f80983bec95716990be8dc593471cd048f1614da4905a1650701934e85af4edeb083156ef50aad324bb5502818100814232ca9eb5a4d8499f2266e40bb8e275f708d3b0b502879ea777353d9f9b2bf4f46543affd896437b294a21bc24759b52e43aa4868e0f78e3804e80034f17f4edcc5c397686f0fd0b37ea72cdfbb0ce31fbc9abbd4c95afb0728e33e3fe1ff9faac510acb2278537a631c501fd6f1c6400d45412ce642207be3d662d3ec54102818055a928e09d9801f683ebb625e6ed97396ac1cd55b358d7aa06c8801759c2a51d517de1f88c537f532fea6cf563766d7818dc1de70b48d31c0102cad3562b7bf03a310b631428c22eabdc5555a90a5fc5310660a795d916ba1b57c09587f697d09dc092ac469e71f0e42fc6153c35ffe177898ea1e92aa6f28d3b86bfe30ad58c' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/ipsec.d/data.sql index 83c2353f6..8f5a5ece8 100644 --- a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); INSERT INTO identities ( @@ -59,7 +59,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */ - 1, 1, X'3082040d308202f5a003020102020103300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313732355a170d3039303930393131313732355a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414e5e410876c2ac4bead854942a6de7658303a9fc1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d010104050003820101002f2f2921667aa576bb0c71b601dfa5b358a93e84e8a1af9754ddfbfc67879cb6c6b7833c5749e7c30b11a87b3549e105dda5d371c459f7d40fabd60c4ac8623924be84c96cfa638eb6ce9f6513b9d61080b895d270c405eacc310c709a613b6f61029c94f535ac5836b890be402ad2c52f01f7fd4bff8c0cc0cbea9720ef21c0bb41fb0726852a3c38563d917fdcca186dede6fbc83febd9edf0541382464ee378f7b8c9684df0d2402b07eb11dd4a886ab5e7299d99ea2686994746c2d9c00d95b02b2950d67f7978c6db5b379c4a3170239c414cf743bab866005366809690073a150e73c6866b9b335616acdbd3a8e651596dedb686b5d8d3eeb12df9d729' + 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001a382011a3082011630090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604146a9c74d1f8897989f65a94e989f1fac3649d292e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730130603551d25040c300a06082b0601050507030130390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101009cb57836c5e328cda4d58e204bd4ff0c63db841f926d53411c790d516c8e7fdaf191767102343f68003639bda99a684d8c76ad9087fbe55e730ba378a2e442e3b1095875361939c30e75c5145d8bdb6c55f5730a64061c819751f6e4aa6d1dc810fc79dc78aa7790ebaac183988e0c1e3d7ba5729597c7413642d40215041914fc8459e349c47d28825839dd03d77c763d236fc6ba48f95746f3a7b304d06b3c29d9d87666db0eacd080fb2d6bdebf9be1e8265b2b545fb81aa8a18fa056301436c9b8cf599746de81fddb9704f2feb4472f7c0f467fb7281b014167879a0ebda7fae36a5a5607376a803bec8f14f94663102c484a8887ba5b58ed04ee7cec0f' ); INSERT INTO certificate_identity ( @@ -91,7 +91,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf index a747a6cb1..e377047a4 100644 --- a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf @@ -6,7 +6,15 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql +} + +libstrongswan { + plugins { + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } } pool { diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/ipsec.d/data.sql index ca813d44f..9afa1b15d 100644 --- a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 202, X'985c23660cd9b9a7554da6a4aa31ea02230fd482' + 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol@strongswan.org */ - 1, 1, X'308204223082030aa00302010202010a300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3035303130313231343331385a170d3039313233313231343331385a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604145535eca6eba279baef887f18438fd227b16746d1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010405000382010100b1304a7e65d72573468853e8cedd398bf3581cc1e6b4054b9c8d97c3caf0929035dc5e274e7b3fa5fef52e7860bb06aab5ba40c5f1ca55806b4cd873f133ded948b3c89cc81621e2eadee5fc893b48a34e4462a45ab09c41200918f68ea36babfacf4099aa349b8b65841eb1e416b90e4eb462edd786cdb0008565633a701fcd2c416ae8e4754c5bea3181736179aa901e5526c4fac031ce649d851c85ded514c25e3269b0739a879d273950e1a9ea8341b5e1049c07181792ad37da02aeccd555c56469e8e15a9e72860b520dbec05662d37adb08d79575e133f338b0116198fa5fb556fe02682bd634aca535f6750b0daa123f5ad36f2e67caa260587f1aa9' + 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad510203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604141fa1a988d9648cb5a0a2546439b4f23d745d6e7c306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b05000382010100bca6a5f72ab4b329eba519dcf2740578846c180775a2074da82769e1e4c241bbb2742a7e08564bcb507492661491c71e79b5065f758aad5d54bb66ec86fbaad5eec6f9f794884707e42c07636efbf4c99225e31c7c8f9d0adf2311fbd6975b535218f1246fc06305432b1769231933aaa26a3c388cf2237ebdcfd909aed1219d2dfb9c771da5ec190b5c077167c9eb077dc319b3d9d5579a05502f60635ddfc17292c56880b887b8cc5d0e455118e753b2bdc526b84fc3e947a16b42139c218057029f781a233c26a98a641194a5e3feddccb88b70d5d7c2b2afae10e17665ce164294d138dec80caa25fcf1d737ce7a43cd3ed3e758fe77ef6445fe59d06391' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 1, X'308204a30201000282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a063702030100010282010100a7870abc1f85c061858dd7baae24f61947abaa41f0e6bd85f9c83f28b175e980d0bc168f76cf6c199f18def3afbc4b40c0edb2d7accb3834cfc7bd57234d3c5de4b707ac737ea3478144255079761581f9cbdc41ff72809ad90ba069ad2ae7cf7057e29ee4f7a4e40c890c75de826c8768da16e9072af0bd1db6282902ade34cb1b9c3fdd00a8f0330328e18d477009ac5a43952fe05b7257b8b4e7f8f5288e858ef56ea3a031980d38b879e6327d949a8f3c19bf379c1297b3defc0a374a6ea6f1c0e8124247c33392ae446081f486f58bb41cbcba25915d37eefe0828408f7f679841588424ef59b6dee30805b926fa80e7ff57cb4817167ca72bf51c8cf9102818100da567b0cbbc426e4455ffdd1b8013644d9f47785b05b163a0155c81d57c0cd84fe73aa75125caf116de50b7adc369707ed91127db7d4422bb08cff5ddf91f4a0e5fb264e098fe6fe62f8a2ab933eeac41893f365d8165f79143855b5a5b7dc31c9b34a9d453ee7c8d7b24f89e3ed51bfeadc2e1102308a967b241dfb44c8ad6902818100d7dd78437c533a15fd1dd6b0634334e79c31d215017f5a8869e42cbada3fb09167585e087e72f91575441f7cca9a64246df57f0e45f1ae86a289a4307586aa1cc3cd069c65057cc3b0baac3634064e53179bde9af2531a5af2770a1d7ccbdc263f18299ad2ec0d224b718002633a546af74c7cac72ccdf253ab4370137bf829f02818063b2f5c15cc43716296fa9d167fa75b37eeb18e0dd24dac365f4abca6a55ca031ec5e6624b1e337afbf9890273282253267206458df9c8b5768b0bd8ebcc142e9c95d069f607d5ecf7789d9f473f85a841a8dd8df5dc518052715f01f14841ae22725271fa3abd5082de135fddca7277f660d05047f5ae73048bfb7ccf6deb7102818028b2b4ade48ebc70d0dc03521624e1a0992e3b71826ac462dbb40d4add430cc31d3ce7ddaa197b24b48b37748bae381b363006d8660f7edc1b60dff7d2f0a4b9efa0841290694c7088ad69327ef48167e1179e0c908b6278ab260e5e28dd36906f6cdacb39e10f48dbf8762dfd0f4e432c84db2c98285019f0cb7163656351f902818042a7d7d7f9416b3f3b50cf5815dfbc249cd3572e494c76d1ae99dc1e8bc63fbb32e5c18d5c4f90681e9046999cdcf0826f904350b9d67227f606382d9c7b3b1332d22744b2cefa691ab82dbec8e976a406b0902d0f4889392f80d39e2581ac42feed9085964650485e34811b04fa1f34c47cde5cbdd1d20f30111851a3c187ca' + 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad51020301000102820101008a86f560a12fd9b2c6b5646395b757db116b7108c1ebe399f3a43275f213d0f4b743a5fa9e1a0dee1823f6b30f984b3ecf0b20330e8aa7515d1adf7fe6915d1a0e17e6a0911cf4823ef5fe6adb8c6f3a86da86d9579f1b6dc622bd4320e79fc411e1a72360e4e1023ce8d60df2aa5cf3a420361ba5bc9b34f6d8e578fc8067aef457ff2a5a91f7c7c8a4f242cc46ab1cff18d6d1a4d8b82b5791df1f18a04b8cb2da235c3a795900fa7ffbbcb4b1d079a504673794eeca5e75c8c16ad2558965453515f57180b8dc518710aa874cd3bcdeddf109d5b553c27a351437f9c1bcdf8940f3ff8632dd59f6c8e01107b4bbf49c6c5409b6e9ecb29eada333800fa5d102818100f5537045d067df4d786df67e1cfea01ce3ca6de3f06be48efd8b4dc48c1ec19a711003875ee202343c851c8f970d2160a2e4d1108da6437af6bccfae803f61fc450582a89aa0906cba65fc7033aa584c1a2a17e96b2f368951aedaa5261f6e1c14999cfa7f4c4091890eff281cb4e6f37209f4b6d5778607caeca0a15137746d02818100d96e379ba5b4ed604d84a7ed71678a1f23391b749a697289bd3bee5d17985af89264f5ec35d3e37b1e44d6fdafec8a78ae199e0bb680f59f9800bb894ba5b31ee964f3ddc142f361835cf49a1edb75330f44f33c26c56e0752ae3fe0df760838b6437b99a131cb544d64da996baf3bc3f5709cc75f134b048cdebbf8bed1a5f502818017e2d8e2a34909cff432d8b62cc289fa661f7695a3fa0d55f2cfd67195a704f8b19b7a8c7aab8cc563431ea5c87249d6abe595898411352ecac9557b4b1760c5fc3e6e1b567addb5086d17a8210fabeb34fcf6390eeb98e6c3e23f7da6f99671fb7b7d725264ad40be548c796e5a1ac6874afaddb6691dceb26e59b17b43e7fd02818100ac90cb559f089fb56510b9eebba8bf78c30dd9fa8b6ad15afc738a551c1af1688357d9cea5520c2374fc91dd3a38f4159fa7f945b68d576458d18c0605a1f72dbb734211680768fea5b1aaf87f31122d7a1af12976640f55848b836b482f778afb2d47f5c077b2b6afce31a8be4c8f949141d54c6eeaf309237ccb973a6b4dd902818025ec4178c7f7c017c46a93fbdb72e2e3b199ae33c9fa6834f81b75b481cd6756124c744c821b126b07ea9852dc58de40cc87f160209d8af3b4bac4862778d3e21cbfdfcdbbfaad8911500f43a43041b88eefb27c66adfffeb9c8add95d1a4ed05f0bd81a4eda79fd4a0885a4a3bad0dcddecf83401c19df721d6cc7163c4125e' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/ipsec.d/data.sql index 5233806c7..425c180a1 100644 --- a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 202, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25' + 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave@strongswan.org */ - 1, 1, X'308204223082030aa003020102020108300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131323635315a170d3039303930393131323635315a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414de90b5d11c6c643c7450d36af8886ca31938fb72306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d0101040500038201010027a2d727384d2d2432f2f15875fa7693db3af1c7d5317cc21e1658f0843a918875d22c301b08e9c05a8aa3f02f6b8ae6705bb508988210f494fd19d92db786db21c1b6e6b18c0b7baa3fbd427da033fd2c08659daf9bc26dd99cf348c1ec139a9b8c32110199eaea08913f6b3a3d5b0c3d2a6f1f7e2c45b13452858949db416493f96dbf93e2173d81f99bc937b0c0c9e3874f4a90626a571295502ff5cf553dcdbdd7d4673dcbecc8ebbfc3e3ac0ce8a75120d6aa3dd2b6e9a61114cfbf0cba137c5934eddb32cfb96dd02fbf8adc903afa5f8d5959fce7a94fdd9e5a7a3816e35126e50fe7f818887bd2b2365b6b3a86d36a86849e9582d193e6a20b513988' + 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414ee7f38daeea1b81a41777f78f2674be8439d8e0e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101003201bc6ba4cb53011c378ef070b9aa5a1d79d3a69cfe4e45b27d7569813c2d3e57f7adb84f9380e3853db28323132356b3a2a3eba1fd9a05b0eb0e57424903ec64072ecce76bb8a28ca36090c202ee0455cbf89517d21888a454b56591c0d9a0cac94c383b20033af0d4f2bd7f5a2c116fdd537583fd9c4bbda8fdf4934be4520f0309b0a63c8d7f3156b157387d2d1005c8e1eb9ca4825c6ee84ad995166d987f7a44e074b55ba0eda269b23eceda503e5701a41daf70d8288fd36b3a14eade60d9a12a8a0bbea63d8caa4e62749931e55085bd45358650a1c97e8d34d8c936757abb9622b9ab5c758421a424c1b319c1a0cfb0d01bcd38297ed4f760132d4a' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 1, X'308204a40201000282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b696228644502030100010282010100903fb9caa2d8cd5454974a0e12bfd1fad5750e95ac58e462954194c4fcfed690130844e1186d7a04df9a20e2d62f26d20ba17f8a6a990b6bb0a788a0d2b7527b654fc38adaf2372eaffc7b036178c4639e63a84042f02993c8ac25ddf6b43ad34413b396b0a5c2e05c8c274db1ee025bf5fa9ad7fb9d5e75ed044606974835c7fbc39ae84b80acaae9e9624e6fe8ac0ca318ad8a7d1c6ed3a79261464e6ebdb9c02ef20cb1c206c58718d542ed9cb1428c5c3cebbd58dc25598bbdd9924c75fdfeac881949e5f10a7dd4dc25800bdb4bd479ca0bfb706f25847361b2d2565a412813273691b4a3a5a814dce52cdbe25d626e6c9e000ecd6a75cac275187e265102818100e596d3ee25cd98563b12bf718c0ce7e7a823ae8c84f1021552b6b0bf220b7e012861510ab49d612fe7ba05a202edf4927201af0f33f4137481811f884fc46723f94db8ed69b283376f3141ad7e6f0f52afee60e537111c5bd94642564981a822e54edb6797521fb5870c772993ff517ea9c24adcd9dc502f1364d26a3f05ec4f02818100dd3f81e8a4f463488db2b048f2ef208c1c98ee136636b6449cbd3424c93ab25916908823a1ef3a23b4798c77f92a3e29b9469f8014c6b862e23ab5fe6000f9552de01f72c0a1fcc731b0867a3bf1d27596fc9da6ecd74931ce120b1687d2a67b4e4fb32b7fb750b46645aa38ab011a4d5fedd53d20e5ae3a4a5551b6cc5f5d2b02818100ba744b9954ca2bb59c341596398f21a7593de13bed9b6d7db3b6fac3befa6652ba608e588b6664cf6afa00291b07f5601986948d5c3c14b0c19c03e7c82051433dec890b06941b4ca1d8f6e5d7908a7934b7fba92b9791d86614513b9266e20db4fcdde2bb59ceb6b5fec1a7dab1b7958e786424082a8c542f03ea7eaec038b1028180055e2312b7ddce02d69d3d35a7df3154f4e4a8f2038ad44539e0454197383b5779faabb2e19ce236378cb361bdc3ce9a488a74183168d8d45d54bb519e96a775ef94fe6e544a19cde360bb02802dcfc356946e66bc5c44c456918d7f507045e5bbf2a710291b13742cff07b03445e49377fe572c127e4009ddffcfe9b56fa2dd02818040d41f525d885c951dca35924f46e4e7f4e43f4ea2e670230deb674884f5b8599a368b1647dd87523c4fdb62661f6543edecc9ce48d4a7b8b2a29de21fd438a9cf4823b92c85180b390c4f8dfbc196628d349fed1edd32cba5c063e2739d2153d3677d4815e55b8b4e9d0989b32cf0060de2ded4cd59edf6a4364cb55aff9276' + 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001028201010081e2de1d60f294f715c39d5e03f9b8e2ba4bc44099f77b917b67d76845eba48302714256982239021ba99918ce87d3ad3707ce248d1ccc5a4cb0fb61e7161c90b35a2637f0bb600d42f64cabfc64c58168d337b609344b81851a4471db8ce11e794c62d714af1bf13caa1d40408ef3a8e2a8bf04ed4a87a4a9be47f5becf3777d7254cf6ab0ff4f3e109235334796b030a1e03951a0ae64e224b3226a8e99174825eaa877efbc5cde0cd075687a9086f645654bda547f8927433f8eecd9ecfcb9b30ed6ff66bb4e5b7341f9626095798e279338e554045d0ae3ee94a1f10644ad88f10e7e7199923d45d5f8df2283859c3f4c41262426e654a04e895a21bb40102818100ea2e632ed6d314655c64eb6a18d4f492fea379ca091426bd7f381f1cbd7f1f79b73d694b9538ec693b245992f6a2a1b292279db9698eac40e43df3aa83b682ca5ab60ed07d02692e16c65cba91ee9aa9f768db2be9a1e0a213a93651a6886dcd35aa3f116ea73287a39a830cc2779bc02b9c8566c4cf8cd25ce99fa030ab965502818100d1ec351dafa33fff13a64c4a980a6f697735e705c1dc2a410b738210f4c059cd058579e4324d46e5bb0c1e6df4476d1a00206f66cf1be23645db193c69cbd04539f87e2b3f4617046031a1575a16a8e71b998844df2601d9d67958421f75c19943f53857b56a08583320b48a85def15b75c9ac5e4a232363824ab666b60ca0a102818100879dbf8083960fccb75a165f05ec658aaefe7aec3e9fb5e3adc611767263291632c0d4b699bf3261aa875d7c576a4d5bfd7a05c4375611792ef495a4dccc182819aa2f201c15065653882271454bb9b3ce7ca1d8675f80983bec95716990be8dc593471cd048f1614da4905a1650701934e85af4edeb083156ef50aad324bb5502818100814232ca9eb5a4d8499f2266e40bb8e275f708d3b0b502879ea777353d9f9b2bf4f46543affd896437b294a21bc24759b52e43aa4868e0f78e3804e80034f17f4edcc5c397686f0fd0b37ea72cdfbb0ce31fbc9abbd4c95afb0728e33e3fe1ff9faac510acb2278537a631c501fd6f1c6400d45412ce642207be3d662d3ec54102818055a928e09d9801f683ebb625e6ed97396ac1cd55b358d7aa06c8801759c2a51d517de1f88c537f532fea6cf563766d7818dc1de70b48d31c0102cad3562b7bf03a310b631428c22eabdc5555a90a5fc5310660a795d916ba1b57c09587f697d09dc092ac469e71f0e42fc6153c35ffe177898ea1e92aa6f28d3b86bfe30ad58c' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/ipsec.d/data.sql index a55e82501..8e11c6a20 100644 --- a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); INSERT INTO identities ( @@ -53,7 +53,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */ - 1, 1, X'3082040d308202f5a003020102020103300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313732355a170d3039303930393131313732355a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414e5e410876c2ac4bead854942a6de7658303a9fc1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d010104050003820101002f2f2921667aa576bb0c71b601dfa5b358a93e84e8a1af9754ddfbfc67879cb6c6b7833c5749e7c30b11a87b3549e105dda5d371c459f7d40fabd60c4ac8623924be84c96cfa638eb6ce9f6513b9d61080b895d270c405eacc310c709a613b6f61029c94f535ac5836b890be402ad2c52f01f7fd4bff8c0cc0cbea9720ef21c0bb41fb0726852a3c38563d917fdcca186dede6fbc83febd9edf0541382464ee378f7b8c9684df0d2402b07eb11dd4a886ab5e7299d99ea2686994746c2d9c00d95b02b2950d67f7978c6db5b379c4a3170239c414cf743bab866005366809690073a150e73c6866b9b335616acdbd3a8e651596dedb686b5d8d3eeb12df9d729' + 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001a382011a3082011630090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604146a9c74d1f8897989f65a94e989f1fac3649d292e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730130603551d25040c300a06082b0601050507030130390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101009cb57836c5e328cda4d58e204bd4ff0c63db841f926d53411c790d516c8e7fdaf191767102343f68003639bda99a684d8c76ad9087fbe55e730ba378a2e442e3b1095875361939c30e75c5145d8bdb6c55f5730a64061c819751f6e4aa6d1dc810fc79dc78aa7790ebaac183988e0c1e3d7ba5729597c7413642d40215041914fc8459e349c47d28825839dd03d77c763d236fc6ba48f95746f3a7b304d06b3c29d9d87666db0eacd080fb2d6bdebf9be1e8265b2b545fb81aa8a18fa056301436c9b8cf599746de81fddb9704f2feb4472f7c0f467fb7281b014167879a0ebda7fae36a5a5607376a803bec8f14f94663102c484a8887ba5b58ed04ee7cec0f' ); INSERT INTO certificate_identity ( @@ -85,7 +85,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf index a747a6cb1..e377047a4 100644 --- a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf @@ -6,7 +6,15 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql +} + +libstrongswan { + plugins { + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } } pool { diff --git a/testing/tests/sql/ip-pool-db/evaltest.dat b/testing/tests/sql/ip-pool-db/evaltest.dat index 49051ed22..11be09d38 100644 --- a/testing/tests/sql/ip-pool-db/evaltest.dat +++ b/testing/tests/sql/ip-pool-db/evaltest.dat @@ -1,9 +1,18 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES +carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES +carol::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES +carol::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES +carol::cat /var/log/daemon.log::handling APPLICATION_VERSION attribute failed::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES +dave::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES +dave::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES +dave::cat /var/log/daemon.log::handling APPLICATION_VERSION attribute failed::YES dave::ip addr list dev eth0::PH_IP_DAVE1::YES dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave::ipsec status::home.*INSTALLED::YES @@ -11,6 +20,8 @@ dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES moon::cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES moon::cat /var/log/daemon.log::assigning virtual IP::YES +moon::ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES +moon::ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES moon::ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.0.6.*static.*2::YES moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES diff --git a/testing/tests/sql/ip-pool-db/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db/hosts/carol/etc/ipsec.d/data.sql index ca813d44f..5dc82a942 100644 --- a/testing/tests/sql/ip-pool-db/hosts/carol/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-pool-db/hosts/carol/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'ae096b87b44886d3b820978623dabd0eae22ebbc' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 202, X'985c23660cd9b9a7554da6a4aa31ea02230fd482' + 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol@strongswan.org */ - 1, 1, X'308204223082030aa00302010202010a300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3035303130313231343331385a170d3039313233313231343331385a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604145535eca6eba279baef887f18438fd227b16746d1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010405000382010100b1304a7e65d72573468853e8cedd398bf3581cc1e6b4054b9c8d97c3caf0929035dc5e274e7b3fa5fef52e7860bb06aab5ba40c5f1ca55806b4cd873f133ded948b3c89cc81621e2eadee5fc893b48a34e4462a45ab09c41200918f68ea36babfacf4099aa349b8b65841eb1e416b90e4eb462edd786cdb0008565633a701fcd2c416ae8e4754c5bea3181736179aa901e5526c4fac031ce649d851c85ded514c25e3269b0739a879d273950e1a9ea8341b5e1049c07181792ad37da02aeccd555c56469e8e15a9e72860b520dbec05662d37adb08d79575e133f338b0116198fa5fb556fe02682bd634aca535f6750b0daa123f5ad36f2e67caa260587f1aa9' + 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad510203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604141fa1a988d9648cb5a0a2546439b4f23d745d6e7c306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b05000382010100bca6a5f72ab4b329eba519dcf2740578846c180775a2074da82769e1e4c241bbb2742a7e08564bcb507492661491c71e79b5065f758aad5d54bb66ec86fbaad5eec6f9f794884707e42c07636efbf4c99225e31c7c8f9d0adf2311fbd6975b535218f1246fc06305432b1769231933aaa26a3c388cf2237ebdcfd909aed1219d2dfb9c771da5ec190b5c077167c9eb077dc319b3d9d5579a05502f60635ddfc17292c56880b887b8cc5d0e455118e753b2bdc526b84fc3e947a16b42139c218057029f781a233c26a98a641194a5e3feddccb88b70d5d7c2b2afae10e17665ce164294d138dec80caa25fcf1d737ce7a43cd3ed3e758fe77ef6445fe59d06391' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 1, X'308204a30201000282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a063702030100010282010100a7870abc1f85c061858dd7baae24f61947abaa41f0e6bd85f9c83f28b175e980d0bc168f76cf6c199f18def3afbc4b40c0edb2d7accb3834cfc7bd57234d3c5de4b707ac737ea3478144255079761581f9cbdc41ff72809ad90ba069ad2ae7cf7057e29ee4f7a4e40c890c75de826c8768da16e9072af0bd1db6282902ade34cb1b9c3fdd00a8f0330328e18d477009ac5a43952fe05b7257b8b4e7f8f5288e858ef56ea3a031980d38b879e6327d949a8f3c19bf379c1297b3defc0a374a6ea6f1c0e8124247c33392ae446081f486f58bb41cbcba25915d37eefe0828408f7f679841588424ef59b6dee30805b926fa80e7ff57cb4817167ca72bf51c8cf9102818100da567b0cbbc426e4455ffdd1b8013644d9f47785b05b163a0155c81d57c0cd84fe73aa75125caf116de50b7adc369707ed91127db7d4422bb08cff5ddf91f4a0e5fb264e098fe6fe62f8a2ab933eeac41893f365d8165f79143855b5a5b7dc31c9b34a9d453ee7c8d7b24f89e3ed51bfeadc2e1102308a967b241dfb44c8ad6902818100d7dd78437c533a15fd1dd6b0634334e79c31d215017f5a8869e42cbada3fb09167585e087e72f91575441f7cca9a64246df57f0e45f1ae86a289a4307586aa1cc3cd069c65057cc3b0baac3634064e53179bde9af2531a5af2770a1d7ccbdc263f18299ad2ec0d224b718002633a546af74c7cac72ccdf253ab4370137bf829f02818063b2f5c15cc43716296fa9d167fa75b37eeb18e0dd24dac365f4abca6a55ca031ec5e6624b1e337afbf9890273282253267206458df9c8b5768b0bd8ebcc142e9c95d069f607d5ecf7789d9f473f85a841a8dd8df5dc518052715f01f14841ae22725271fa3abd5082de135fddca7277f660d05047f5ae73048bfb7ccf6deb7102818028b2b4ade48ebc70d0dc03521624e1a0992e3b71826ac462dbb40d4add430cc31d3ce7ddaa197b24b48b37748bae381b363006d8660f7edc1b60dff7d2f0a4b9efa0841290694c7088ad69327ef48167e1179e0c908b6278ab260e5e28dd36906f6cdacb39e10f48dbf8762dfd0f4e432c84db2c98285019f0cb7163656351f902818042a7d7d7f9416b3f3b50cf5815dfbc249cd3572e494c76d1ae99dc1e8bc63fbb32e5c18d5c4f90681e9046999cdcf0826f904350b9d67227f606382d9c7b3b1332d22744b2cefa691ab82dbec8e976a406b0902d0f4889392f80d39e2581ac42feed9085964650485e34811b04fa1f34c47cde5cbdd1d20f30111851a3c187ca' + 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad51020301000102820101008a86f560a12fd9b2c6b5646395b757db116b7108c1ebe399f3a43275f213d0f4b743a5fa9e1a0dee1823f6b30f984b3ecf0b20330e8aa7515d1adf7fe6915d1a0e17e6a0911cf4823ef5fe6adb8c6f3a86da86d9579f1b6dc622bd4320e79fc411e1a72360e4e1023ce8d60df2aa5cf3a420361ba5bc9b34f6d8e578fc8067aef457ff2a5a91f7c7c8a4f242cc46ab1cff18d6d1a4d8b82b5791df1f18a04b8cb2da235c3a795900fa7ffbbcb4b1d079a504673794eeca5e75c8c16ad2558965453515f57180b8dc518710aa874cd3bcdeddf109d5b553c27a351437f9c1bcdf8940f3ff8632dd59f6c8e01107b4bbf49c6c5409b6e9ecb29eada333800fa5d102818100f5537045d067df4d786df67e1cfea01ce3ca6de3f06be48efd8b4dc48c1ec19a711003875ee202343c851c8f970d2160a2e4d1108da6437af6bccfae803f61fc450582a89aa0906cba65fc7033aa584c1a2a17e96b2f368951aedaa5261f6e1c14999cfa7f4c4091890eff281cb4e6f37209f4b6d5778607caeca0a15137746d02818100d96e379ba5b4ed604d84a7ed71678a1f23391b749a697289bd3bee5d17985af89264f5ec35d3e37b1e44d6fdafec8a78ae199e0bb680f59f9800bb894ba5b31ee964f3ddc142f361835cf49a1edb75330f44f33c26c56e0752ae3fe0df760838b6437b99a131cb544d64da996baf3bc3f5709cc75f134b048cdebbf8bed1a5f502818017e2d8e2a34909cff432d8b62cc289fa661f7695a3fa0d55f2cfd67195a704f8b19b7a8c7aab8cc563431ea5c87249d6abe595898411352ecac9557b4b1760c5fc3e6e1b567addb5086d17a8210fabeb34fcf6390eeb98e6c3e23f7da6f99671fb7b7d725264ad40be548c796e5a1ac6874afaddb6691dceb26e59b17b43e7fd02818100ac90cb559f089fb56510b9eebba8bf78c30dd9fa8b6ad15afc738a551c1af1688357d9cea5520c2374fc91dd3a38f4159fa7f945b68d576458d18c0605a1f72dbb734211680768fea5b1aaf87f31122d7a1af12976640f55848b836b482f778afb2d47f5c077b2b6afce31a8be4c8f949141d54c6eeaf309237ccb973a6b4dd902818025ec4178c7f7c017c46a93fbdb72e2e3b199ae33c9fa6834f81b75b481cd6756124c744c821b126b07ea9852dc58de40cc87f160209d8af3b4bac4862778d3e21cbfdfcdbbfaad8911500f43a43041b88eefb27c66adfffeb9c8add95d1a4ed05f0bd81a4eda79fd4a0885a4a3bad0dcddecf83401c19df721d6cc7163c4125e' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf index 29e2395e8..9df154ee2 100644 --- a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql resolve } diff --git a/testing/tests/sql/ip-pool-db/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db/hosts/dave/etc/ipsec.d/data.sql index 5233806c7..329cac53b 100644 --- a/testing/tests/sql/ip-pool-db/hosts/dave/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-pool-db/hosts/dave/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'ae096b87b44886d3b820978623dabd0eae22ebbc' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 202, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25' + 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave@strongswan.org */ - 1, 1, X'308204223082030aa003020102020108300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131323635315a170d3039303930393131323635315a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414de90b5d11c6c643c7450d36af8886ca31938fb72306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d0101040500038201010027a2d727384d2d2432f2f15875fa7693db3af1c7d5317cc21e1658f0843a918875d22c301b08e9c05a8aa3f02f6b8ae6705bb508988210f494fd19d92db786db21c1b6e6b18c0b7baa3fbd427da033fd2c08659daf9bc26dd99cf348c1ec139a9b8c32110199eaea08913f6b3a3d5b0c3d2a6f1f7e2c45b13452858949db416493f96dbf93e2173d81f99bc937b0c0c9e3874f4a90626a571295502ff5cf553dcdbdd7d4673dcbecc8ebbfc3e3ac0ce8a75120d6aa3dd2b6e9a61114cfbf0cba137c5934eddb32cfb96dd02fbf8adc903afa5f8d5959fce7a94fdd9e5a7a3816e35126e50fe7f818887bd2b2365b6b3a86d36a86849e9582d193e6a20b513988' + 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414ee7f38daeea1b81a41777f78f2674be8439d8e0e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101003201bc6ba4cb53011c378ef070b9aa5a1d79d3a69cfe4e45b27d7569813c2d3e57f7adb84f9380e3853db28323132356b3a2a3eba1fd9a05b0eb0e57424903ec64072ecce76bb8a28ca36090c202ee0455cbf89517d21888a454b56591c0d9a0cac94c383b20033af0d4f2bd7f5a2c116fdd537583fd9c4bbda8fdf4934be4520f0309b0a63c8d7f3156b157387d2d1005c8e1eb9ca4825c6ee84ad995166d987f7a44e074b55ba0eda269b23eceda503e5701a41daf70d8288fd36b3a14eade60d9a12a8a0bbea63d8caa4e62749931e55085bd45358650a1c97e8d34d8c936757abb9622b9ab5c758421a424c1b319c1a0cfb0d01bcd38297ed4f760132d4a' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 1, X'308204a40201000282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b696228644502030100010282010100903fb9caa2d8cd5454974a0e12bfd1fad5750e95ac58e462954194c4fcfed690130844e1186d7a04df9a20e2d62f26d20ba17f8a6a990b6bb0a788a0d2b7527b654fc38adaf2372eaffc7b036178c4639e63a84042f02993c8ac25ddf6b43ad34413b396b0a5c2e05c8c274db1ee025bf5fa9ad7fb9d5e75ed044606974835c7fbc39ae84b80acaae9e9624e6fe8ac0ca318ad8a7d1c6ed3a79261464e6ebdb9c02ef20cb1c206c58718d542ed9cb1428c5c3cebbd58dc25598bbdd9924c75fdfeac881949e5f10a7dd4dc25800bdb4bd479ca0bfb706f25847361b2d2565a412813273691b4a3a5a814dce52cdbe25d626e6c9e000ecd6a75cac275187e265102818100e596d3ee25cd98563b12bf718c0ce7e7a823ae8c84f1021552b6b0bf220b7e012861510ab49d612fe7ba05a202edf4927201af0f33f4137481811f884fc46723f94db8ed69b283376f3141ad7e6f0f52afee60e537111c5bd94642564981a822e54edb6797521fb5870c772993ff517ea9c24adcd9dc502f1364d26a3f05ec4f02818100dd3f81e8a4f463488db2b048f2ef208c1c98ee136636b6449cbd3424c93ab25916908823a1ef3a23b4798c77f92a3e29b9469f8014c6b862e23ab5fe6000f9552de01f72c0a1fcc731b0867a3bf1d27596fc9da6ecd74931ce120b1687d2a67b4e4fb32b7fb750b46645aa38ab011a4d5fedd53d20e5ae3a4a5551b6cc5f5d2b02818100ba744b9954ca2bb59c341596398f21a7593de13bed9b6d7db3b6fac3befa6652ba608e588b6664cf6afa00291b07f5601986948d5c3c14b0c19c03e7c82051433dec890b06941b4ca1d8f6e5d7908a7934b7fba92b9791d86614513b9266e20db4fcdde2bb59ceb6b5fec1a7dab1b7958e786424082a8c542f03ea7eaec038b1028180055e2312b7ddce02d69d3d35a7df3154f4e4a8f2038ad44539e0454197383b5779faabb2e19ce236378cb361bdc3ce9a488a74183168d8d45d54bb519e96a775ef94fe6e544a19cde360bb02802dcfc356946e66bc5c44c456918d7f507045e5bbf2a710291b13742cff07b03445e49377fe572c127e4009ddffcfe9b56fa2dd02818040d41f525d885c951dca35924f46e4e7f4e43f4ea2e670230deb674884f5b8599a368b1647dd87523c4fdb62661f6543edecc9ce48d4a7b8b2a29de21fd438a9cf4823b92c85180b390c4f8dfbc196628d349fed1edd32cba5c063e2739d2153d3677d4815e55b8b4e9d0989b32cf0060de2ded4cd59edf6a4364cb55aff9276' + 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001028201010081e2de1d60f294f715c39d5e03f9b8e2ba4bc44099f77b917b67d76845eba48302714256982239021ba99918ce87d3ad3707ce248d1ccc5a4cb0fb61e7161c90b35a2637f0bb600d42f64cabfc64c58168d337b609344b81851a4471db8ce11e794c62d714af1bf13caa1d40408ef3a8e2a8bf04ed4a87a4a9be47f5becf3777d7254cf6ab0ff4f3e109235334796b030a1e03951a0ae64e224b3226a8e99174825eaa877efbc5cde0cd075687a9086f645654bda547f8927433f8eecd9ecfcb9b30ed6ff66bb4e5b7341f9626095798e279338e554045d0ae3ee94a1f10644ad88f10e7e7199923d45d5f8df2283859c3f4c41262426e654a04e895a21bb40102818100ea2e632ed6d314655c64eb6a18d4f492fea379ca091426bd7f381f1cbd7f1f79b73d694b9538ec693b245992f6a2a1b292279db9698eac40e43df3aa83b682ca5ab60ed07d02692e16c65cba91ee9aa9f768db2be9a1e0a213a93651a6886dcd35aa3f116ea73287a39a830cc2779bc02b9c8566c4cf8cd25ce99fa030ab965502818100d1ec351dafa33fff13a64c4a980a6f697735e705c1dc2a410b738210f4c059cd058579e4324d46e5bb0c1e6df4476d1a00206f66cf1be23645db193c69cbd04539f87e2b3f4617046031a1575a16a8e71b998844df2601d9d67958421f75c19943f53857b56a08583320b48a85def15b75c9ac5e4a232363824ab666b60ca0a102818100879dbf8083960fccb75a165f05ec658aaefe7aec3e9fb5e3adc611767263291632c0d4b699bf3261aa875d7c576a4d5bfd7a05c4375611792ef495a4dccc182819aa2f201c15065653882271454bb9b3ce7ca1d8675f80983bec95716990be8dc593471cd048f1614da4905a1650701934e85af4edeb083156ef50aad324bb5502818100814232ca9eb5a4d8499f2266e40bb8e275f708d3b0b502879ea777353d9f9b2bf4f46543affd896437b294a21bc24759b52e43aa4868e0f78e3804e80034f17f4edcc5c397686f0fd0b37ea72cdfbb0ce31fbc9abbd4c95afb0728e33e3fe1ff9faac510acb2278537a631c501fd6f1c6400d45412ce642207be3d662d3ec54102818055a928e09d9801f683ebb625e6ed97396ac1cd55b358d7aa06c8801759c2a51d517de1f88c537f532fea6cf563766d7818dc1de70b48d31c0102cad3562b7bf03a310b631428c22eabdc5555a90a5fc5310660a795d916ba1b57c09587f697d09dc092ac469e71f0e42fc6153c35ffe177898ea1e92aa6f28d3b86bfe30ad58c' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf index 29e2395e8..9df154ee2 100644 --- a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql resolve } diff --git a/testing/tests/sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql index 0d9399b5a..82a9e43fe 100644 --- a/testing/tests/sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'ae096b87b44886d3b820978623dabd0eae22ebbc' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */ - 1, 1, X'3082040d308202f5a003020102020103300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313732355a170d3039303930393131313732355a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414e5e410876c2ac4bead854942a6de7658303a9fc1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d010104050003820101002f2f2921667aa576bb0c71b601dfa5b358a93e84e8a1af9754ddfbfc67879cb6c6b7833c5749e7c30b11a87b3549e105dda5d371c459f7d40fabd60c4ac8623924be84c96cfa638eb6ce9f6513b9d61080b895d270c405eacc310c709a613b6f61029c94f535ac5836b890be402ad2c52f01f7fd4bff8c0cc0cbea9720ef21c0bb41fb0726852a3c38563d917fdcca186dede6fbc83febd9edf0541382464ee378f7b8c9684df0d2402b07eb11dd4a886ab5e7299d99ea2686994746c2d9c00d95b02b2950d67f7978c6db5b379c4a3170239c414cf743bab866005366809690073a150e73c6866b9b335616acdbd3a8e651596dedb686b5d8d3eeb12df9d729' + 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001a382011a3082011630090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604146a9c74d1f8897989f65a94e989f1fac3649d292e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730130603551d25040c300a06082b0601050507030130390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101009cb57836c5e328cda4d58e204bd4ff0c63db841f926d53411c790d516c8e7fdaf191767102343f68003639bda99a684d8c76ad9087fbe55e730ba378a2e442e3b1095875361939c30e75c5145d8bdb6c55f5730a64061c819751f6e4aa6d1dc810fc79dc78aa7790ebaac183988e0c1e3d7ba5729597c7413642d40215041914fc8459e349c47d28825839dd03d77c763d236fc6ba48f95746f3a7b304d06b3c29d9d87666db0eacd080fb2d6bdebf9be1e8265b2b545fb81aa8a18fa056301436c9b8cf599746de81fddb9704f2feb4472f7c0f467fb7281b014167879a0ebda7fae36a5a5607376a803bec8f14f94663102c484a8887ba5b58ed04ee7cec0f' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( @@ -181,3 +181,28 @@ INSERT INTO addresses ( ) VALUES ( 1, X'0a030006' ); + +INSERT INTO attributes ( + type, value +) VALUES ( + 3, X'c0a80096' +); + +INSERT INTO attributes ( + type, value +) VALUES ( + 3, X'0a010014' +); + +INSERT INTO attributes ( + type, value +) VALUES ( + 4, X'0a010014' +); + +INSERT INTO attributes ( + type, value +) VALUES ( + 7, X'7374726f6e675377616e20342e332e36' +); + diff --git a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf index a747a6cb1..e377047a4 100644 --- a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -6,7 +6,15 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql +} + +libstrongswan { + plugins { + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } } pool { diff --git a/testing/tests/sql/ip-pool-db/pretest.dat b/testing/tests/sql/ip-pool-db/pretest.dat index 76316f33d..a5d786b3f 100644 --- a/testing/tests/sql/ip-pool-db/pretest.dat +++ b/testing/tests/sql/ip-pool-db/pretest.dat @@ -16,3 +16,4 @@ dave::ipsec start carol::sleep 1 carol::ipsec up home dave::ipsec up home +dave::sleep 1 diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/ipsec.d/data.sql index ca813d44f..9afa1b15d 100644 --- a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 202, X'985c23660cd9b9a7554da6a4aa31ea02230fd482' + 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol@strongswan.org */ - 1, 1, X'308204223082030aa00302010202010a300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3035303130313231343331385a170d3039313233313231343331385a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604145535eca6eba279baef887f18438fd227b16746d1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010405000382010100b1304a7e65d72573468853e8cedd398bf3581cc1e6b4054b9c8d97c3caf0929035dc5e274e7b3fa5fef52e7860bb06aab5ba40c5f1ca55806b4cd873f133ded948b3c89cc81621e2eadee5fc893b48a34e4462a45ab09c41200918f68ea36babfacf4099aa349b8b65841eb1e416b90e4eb462edd786cdb0008565633a701fcd2c416ae8e4754c5bea3181736179aa901e5526c4fac031ce649d851c85ded514c25e3269b0739a879d273950e1a9ea8341b5e1049c07181792ad37da02aeccd555c56469e8e15a9e72860b520dbec05662d37adb08d79575e133f338b0116198fa5fb556fe02682bd634aca535f6750b0daa123f5ad36f2e67caa260587f1aa9' + 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad510203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604141fa1a988d9648cb5a0a2546439b4f23d745d6e7c306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b05000382010100bca6a5f72ab4b329eba519dcf2740578846c180775a2074da82769e1e4c241bbb2742a7e08564bcb507492661491c71e79b5065f758aad5d54bb66ec86fbaad5eec6f9f794884707e42c07636efbf4c99225e31c7c8f9d0adf2311fbd6975b535218f1246fc06305432b1769231933aaa26a3c388cf2237ebdcfd909aed1219d2dfb9c771da5ec190b5c077167c9eb077dc319b3d9d5579a05502f60635ddfc17292c56880b887b8cc5d0e455118e753b2bdc526b84fc3e947a16b42139c218057029f781a233c26a98a641194a5e3feddccb88b70d5d7c2b2afae10e17665ce164294d138dec80caa25fcf1d737ce7a43cd3ed3e758fe77ef6445fe59d06391' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 1, X'308204a30201000282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a063702030100010282010100a7870abc1f85c061858dd7baae24f61947abaa41f0e6bd85f9c83f28b175e980d0bc168f76cf6c199f18def3afbc4b40c0edb2d7accb3834cfc7bd57234d3c5de4b707ac737ea3478144255079761581f9cbdc41ff72809ad90ba069ad2ae7cf7057e29ee4f7a4e40c890c75de826c8768da16e9072af0bd1db6282902ade34cb1b9c3fdd00a8f0330328e18d477009ac5a43952fe05b7257b8b4e7f8f5288e858ef56ea3a031980d38b879e6327d949a8f3c19bf379c1297b3defc0a374a6ea6f1c0e8124247c33392ae446081f486f58bb41cbcba25915d37eefe0828408f7f679841588424ef59b6dee30805b926fa80e7ff57cb4817167ca72bf51c8cf9102818100da567b0cbbc426e4455ffdd1b8013644d9f47785b05b163a0155c81d57c0cd84fe73aa75125caf116de50b7adc369707ed91127db7d4422bb08cff5ddf91f4a0e5fb264e098fe6fe62f8a2ab933eeac41893f365d8165f79143855b5a5b7dc31c9b34a9d453ee7c8d7b24f89e3ed51bfeadc2e1102308a967b241dfb44c8ad6902818100d7dd78437c533a15fd1dd6b0634334e79c31d215017f5a8869e42cbada3fb09167585e087e72f91575441f7cca9a64246df57f0e45f1ae86a289a4307586aa1cc3cd069c65057cc3b0baac3634064e53179bde9af2531a5af2770a1d7ccbdc263f18299ad2ec0d224b718002633a546af74c7cac72ccdf253ab4370137bf829f02818063b2f5c15cc43716296fa9d167fa75b37eeb18e0dd24dac365f4abca6a55ca031ec5e6624b1e337afbf9890273282253267206458df9c8b5768b0bd8ebcc142e9c95d069f607d5ecf7789d9f473f85a841a8dd8df5dc518052715f01f14841ae22725271fa3abd5082de135fddca7277f660d05047f5ae73048bfb7ccf6deb7102818028b2b4ade48ebc70d0dc03521624e1a0992e3b71826ac462dbb40d4add430cc31d3ce7ddaa197b24b48b37748bae381b363006d8660f7edc1b60dff7d2f0a4b9efa0841290694c7088ad69327ef48167e1179e0c908b6278ab260e5e28dd36906f6cdacb39e10f48dbf8762dfd0f4e432c84db2c98285019f0cb7163656351f902818042a7d7d7f9416b3f3b50cf5815dfbc249cd3572e494c76d1ae99dc1e8bc63fbb32e5c18d5c4f90681e9046999cdcf0826f904350b9d67227f606382d9c7b3b1332d22744b2cefa691ab82dbec8e976a406b0902d0f4889392f80d39e2581ac42feed9085964650485e34811b04fa1f34c47cde5cbdd1d20f30111851a3c187ca' + 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad51020301000102820101008a86f560a12fd9b2c6b5646395b757db116b7108c1ebe399f3a43275f213d0f4b743a5fa9e1a0dee1823f6b30f984b3ecf0b20330e8aa7515d1adf7fe6915d1a0e17e6a0911cf4823ef5fe6adb8c6f3a86da86d9579f1b6dc622bd4320e79fc411e1a72360e4e1023ce8d60df2aa5cf3a420361ba5bc9b34f6d8e578fc8067aef457ff2a5a91f7c7c8a4f242cc46ab1cff18d6d1a4d8b82b5791df1f18a04b8cb2da235c3a795900fa7ffbbcb4b1d079a504673794eeca5e75c8c16ad2558965453515f57180b8dc518710aa874cd3bcdeddf109d5b553c27a351437f9c1bcdf8940f3ff8632dd59f6c8e01107b4bbf49c6c5409b6e9ecb29eada333800fa5d102818100f5537045d067df4d786df67e1cfea01ce3ca6de3f06be48efd8b4dc48c1ec19a711003875ee202343c851c8f970d2160a2e4d1108da6437af6bccfae803f61fc450582a89aa0906cba65fc7033aa584c1a2a17e96b2f368951aedaa5261f6e1c14999cfa7f4c4091890eff281cb4e6f37209f4b6d5778607caeca0a15137746d02818100d96e379ba5b4ed604d84a7ed71678a1f23391b749a697289bd3bee5d17985af89264f5ec35d3e37b1e44d6fdafec8a78ae199e0bb680f59f9800bb894ba5b31ee964f3ddc142f361835cf49a1edb75330f44f33c26c56e0752ae3fe0df760838b6437b99a131cb544d64da996baf3bc3f5709cc75f134b048cdebbf8bed1a5f502818017e2d8e2a34909cff432d8b62cc289fa661f7695a3fa0d55f2cfd67195a704f8b19b7a8c7aab8cc563431ea5c87249d6abe595898411352ecac9557b4b1760c5fc3e6e1b567addb5086d17a8210fabeb34fcf6390eeb98e6c3e23f7da6f99671fb7b7d725264ad40be548c796e5a1ac6874afaddb6691dceb26e59b17b43e7fd02818100ac90cb559f089fb56510b9eebba8bf78c30dd9fa8b6ad15afc738a551c1af1688357d9cea5520c2374fc91dd3a38f4159fa7f945b68d576458d18c0605a1f72dbb734211680768fea5b1aaf87f31122d7a1af12976640f55848b836b482f778afb2d47f5c077b2b6afce31a8be4c8f949141d54c6eeaf309237ccb973a6b4dd902818025ec4178c7f7c017c46a93fbdb72e2e3b199ae33c9fa6834f81b75b481cd6756124c744c821b126b07ea9852dc58de40cc87f160209d8af3b4bac4862778d3e21cbfdfcdbbfaad8911500f43a43041b88eefb27c66adfffeb9c8add95d1a4ed05f0bd81a4eda79fd4a0885a4a3bad0dcddecf83401c19df721d6cc7163c4125e' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/ipsec.d/data.sql index 5233806c7..425c180a1 100644 --- a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 202, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25' + 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave@strongswan.org */ - 1, 1, X'308204223082030aa003020102020108300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131323635315a170d3039303930393131323635315a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414de90b5d11c6c643c7450d36af8886ca31938fb72306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d0101040500038201010027a2d727384d2d2432f2f15875fa7693db3af1c7d5317cc21e1658f0843a918875d22c301b08e9c05a8aa3f02f6b8ae6705bb508988210f494fd19d92db786db21c1b6e6b18c0b7baa3fbd427da033fd2c08659daf9bc26dd99cf348c1ec139a9b8c32110199eaea08913f6b3a3d5b0c3d2a6f1f7e2c45b13452858949db416493f96dbf93e2173d81f99bc937b0c0c9e3874f4a90626a571295502ff5cf553dcdbdd7d4673dcbecc8ebbfc3e3ac0ce8a75120d6aa3dd2b6e9a61114cfbf0cba137c5934eddb32cfb96dd02fbf8adc903afa5f8d5959fce7a94fdd9e5a7a3816e35126e50fe7f818887bd2b2365b6b3a86d36a86849e9582d193e6a20b513988' + 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414ee7f38daeea1b81a41777f78f2674be8439d8e0e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101003201bc6ba4cb53011c378ef070b9aa5a1d79d3a69cfe4e45b27d7569813c2d3e57f7adb84f9380e3853db28323132356b3a2a3eba1fd9a05b0eb0e57424903ec64072ecce76bb8a28ca36090c202ee0455cbf89517d21888a454b56591c0d9a0cac94c383b20033af0d4f2bd7f5a2c116fdd537583fd9c4bbda8fdf4934be4520f0309b0a63c8d7f3156b157387d2d1005c8e1eb9ca4825c6ee84ad995166d987f7a44e074b55ba0eda269b23eceda503e5701a41daf70d8288fd36b3a14eade60d9a12a8a0bbea63d8caa4e62749931e55085bd45358650a1c97e8d34d8c936757abb9622b9ab5c758421a424c1b319c1a0cfb0d01bcd38297ed4f760132d4a' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 1, X'308204a40201000282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b696228644502030100010282010100903fb9caa2d8cd5454974a0e12bfd1fad5750e95ac58e462954194c4fcfed690130844e1186d7a04df9a20e2d62f26d20ba17f8a6a990b6bb0a788a0d2b7527b654fc38adaf2372eaffc7b036178c4639e63a84042f02993c8ac25ddf6b43ad34413b396b0a5c2e05c8c274db1ee025bf5fa9ad7fb9d5e75ed044606974835c7fbc39ae84b80acaae9e9624e6fe8ac0ca318ad8a7d1c6ed3a79261464e6ebdb9c02ef20cb1c206c58718d542ed9cb1428c5c3cebbd58dc25598bbdd9924c75fdfeac881949e5f10a7dd4dc25800bdb4bd479ca0bfb706f25847361b2d2565a412813273691b4a3a5a814dce52cdbe25d626e6c9e000ecd6a75cac275187e265102818100e596d3ee25cd98563b12bf718c0ce7e7a823ae8c84f1021552b6b0bf220b7e012861510ab49d612fe7ba05a202edf4927201af0f33f4137481811f884fc46723f94db8ed69b283376f3141ad7e6f0f52afee60e537111c5bd94642564981a822e54edb6797521fb5870c772993ff517ea9c24adcd9dc502f1364d26a3f05ec4f02818100dd3f81e8a4f463488db2b048f2ef208c1c98ee136636b6449cbd3424c93ab25916908823a1ef3a23b4798c77f92a3e29b9469f8014c6b862e23ab5fe6000f9552de01f72c0a1fcc731b0867a3bf1d27596fc9da6ecd74931ce120b1687d2a67b4e4fb32b7fb750b46645aa38ab011a4d5fedd53d20e5ae3a4a5551b6cc5f5d2b02818100ba744b9954ca2bb59c341596398f21a7593de13bed9b6d7db3b6fac3befa6652ba608e588b6664cf6afa00291b07f5601986948d5c3c14b0c19c03e7c82051433dec890b06941b4ca1d8f6e5d7908a7934b7fba92b9791d86614513b9266e20db4fcdde2bb59ceb6b5fec1a7dab1b7958e786424082a8c542f03ea7eaec038b1028180055e2312b7ddce02d69d3d35a7df3154f4e4a8f2038ad44539e0454197383b5779faabb2e19ce236378cb361bdc3ce9a488a74183168d8d45d54bb519e96a775ef94fe6e544a19cde360bb02802dcfc356946e66bc5c44c456918d7f507045e5bbf2a710291b13742cff07b03445e49377fe572c127e4009ddffcfe9b56fa2dd02818040d41f525d885c951dca35924f46e4e7f4e43f4ea2e670230deb674884f5b8599a368b1647dd87523c4fdb62661f6543edecc9ce48d4a7b8b2a29de21fd438a9cf4823b92c85180b390c4f8dfbc196628d349fed1edd32cba5c063e2739d2153d3677d4815e55b8b4e9d0989b32cf0060de2ded4cd59edf6a4364cb55aff9276' + 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001028201010081e2de1d60f294f715c39d5e03f9b8e2ba4bc44099f77b917b67d76845eba48302714256982239021ba99918ce87d3ad3707ce248d1ccc5a4cb0fb61e7161c90b35a2637f0bb600d42f64cabfc64c58168d337b609344b81851a4471db8ce11e794c62d714af1bf13caa1d40408ef3a8e2a8bf04ed4a87a4a9be47f5becf3777d7254cf6ab0ff4f3e109235334796b030a1e03951a0ae64e224b3226a8e99174825eaa877efbc5cde0cd075687a9086f645654bda547f8927433f8eecd9ecfcb9b30ed6ff66bb4e5b7341f9626095798e279338e554045d0ae3ee94a1f10644ad88f10e7e7199923d45d5f8df2283859c3f4c41262426e654a04e895a21bb40102818100ea2e632ed6d314655c64eb6a18d4f492fea379ca091426bd7f381f1cbd7f1f79b73d694b9538ec693b245992f6a2a1b292279db9698eac40e43df3aa83b682ca5ab60ed07d02692e16c65cba91ee9aa9f768db2be9a1e0a213a93651a6886dcd35aa3f116ea73287a39a830cc2779bc02b9c8566c4cf8cd25ce99fa030ab965502818100d1ec351dafa33fff13a64c4a980a6f697735e705c1dc2a410b738210f4c059cd058579e4324d46e5bb0c1e6df4476d1a00206f66cf1be23645db193c69cbd04539f87e2b3f4617046031a1575a16a8e71b998844df2601d9d67958421f75c19943f53857b56a08583320b48a85def15b75c9ac5e4a232363824ab666b60ca0a102818100879dbf8083960fccb75a165f05ec658aaefe7aec3e9fb5e3adc611767263291632c0d4b699bf3261aa875d7c576a4d5bfd7a05c4375611792ef495a4dccc182819aa2f201c15065653882271454bb9b3ce7ca1d8675f80983bec95716990be8dc593471cd048f1614da4905a1650701934e85af4edeb083156ef50aad324bb5502818100814232ca9eb5a4d8499f2266e40bb8e275f708d3b0b502879ea777353d9f9b2bf4f46543affd896437b294a21bc24759b52e43aa4868e0f78e3804e80034f17f4edcc5c397686f0fd0b37ea72cdfbb0ce31fbc9abbd4c95afb0728e33e3fe1ff9faac510acb2278537a631c501fd6f1c6400d45412ce642207be3d662d3ec54102818055a928e09d9801f683ebb625e6ed97396ac1cd55b358d7aa06c8801759c2a51d517de1f88c537f532fea6cf563766d7818dc1de70b48d31c0102cad3562b7bf03a310b631428c22eabdc5555a90a5fc5310660a795d916ba1b57c09587f697d09dc092ac469e71f0e42fc6153c35ffe177898ea1e92aa6f28d3b86bfe30ad58c' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/ipsec.d/data.sql index 2170e41af..ac776f39d 100644 --- a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); INSERT INTO identities ( @@ -53,7 +53,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */ - 1, 1, X'3082040d308202f5a003020102020103300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313732355a170d3039303930393131313732355a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414e5e410876c2ac4bead854942a6de7658303a9fc1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d010104050003820101002f2f2921667aa576bb0c71b601dfa5b358a93e84e8a1af9754ddfbfc67879cb6c6b7833c5749e7c30b11a87b3549e105dda5d371c459f7d40fabd60c4ac8623924be84c96cfa638eb6ce9f6513b9d61080b895d270c405eacc310c709a613b6f61029c94f535ac5836b890be402ad2c52f01f7fd4bff8c0cc0cbea9720ef21c0bb41fb0726852a3c38563d917fdcca186dede6fbc83febd9edf0541382464ee378f7b8c9684df0d2402b07eb11dd4a886ab5e7299d99ea2686994746c2d9c00d95b02b2950d67f7978c6db5b379c4a3170239c414cf743bab866005366809690073a150e73c6866b9b335616acdbd3a8e651596dedb686b5d8d3eeb12df9d729' + 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001a382011a3082011630090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604146a9c74d1f8897989f65a94e989f1fac3649d292e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730130603551d25040c300a06082b0601050507030130390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101009cb57836c5e328cda4d58e204bd4ff0c63db841f926d53411c790d516c8e7fdaf191767102343f68003639bda99a684d8c76ad9087fbe55e730ba378a2e442e3b1095875361939c30e75c5145d8bdb6c55f5730a64061c819751f6e4aa6d1dc810fc79dc78aa7790ebaac183988e0c1e3d7ba5729597c7413642d40215041914fc8459e349c47d28825839dd03d77c763d236fc6ba48f95746f3a7b304d06b3c29d9d87666db0eacd080fb2d6bdebf9be1e8265b2b545fb81aa8a18fa056301436c9b8cf599746de81fddb9704f2feb4472f7c0f467fb7281b014167879a0ebda7fae36a5a5607376a803bec8f14f94663102c484a8887ba5b58ed04ee7cec0f' ); INSERT INTO certificate_identity ( @@ -85,7 +85,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf index a747a6cb1..e377047a4 100644 --- a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf @@ -6,7 +6,15 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql +} + +libstrongswan { + plugins { + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } } pool { diff --git a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/ipsec.d/data.sql index ca813d44f..9afa1b15d 100644 --- a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 202, X'985c23660cd9b9a7554da6a4aa31ea02230fd482' + 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol@strongswan.org */ - 1, 1, X'308204223082030aa00302010202010a300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3035303130313231343331385a170d3039313233313231343331385a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604145535eca6eba279baef887f18438fd227b16746d1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010405000382010100b1304a7e65d72573468853e8cedd398bf3581cc1e6b4054b9c8d97c3caf0929035dc5e274e7b3fa5fef52e7860bb06aab5ba40c5f1ca55806b4cd873f133ded948b3c89cc81621e2eadee5fc893b48a34e4462a45ab09c41200918f68ea36babfacf4099aa349b8b65841eb1e416b90e4eb462edd786cdb0008565633a701fcd2c416ae8e4754c5bea3181736179aa901e5526c4fac031ce649d851c85ded514c25e3269b0739a879d273950e1a9ea8341b5e1049c07181792ad37da02aeccd555c56469e8e15a9e72860b520dbec05662d37adb08d79575e133f338b0116198fa5fb556fe02682bd634aca535f6750b0daa123f5ad36f2e67caa260587f1aa9' + 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad510203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604141fa1a988d9648cb5a0a2546439b4f23d745d6e7c306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b05000382010100bca6a5f72ab4b329eba519dcf2740578846c180775a2074da82769e1e4c241bbb2742a7e08564bcb507492661491c71e79b5065f758aad5d54bb66ec86fbaad5eec6f9f794884707e42c07636efbf4c99225e31c7c8f9d0adf2311fbd6975b535218f1246fc06305432b1769231933aaa26a3c388cf2237ebdcfd909aed1219d2dfb9c771da5ec190b5c077167c9eb077dc319b3d9d5579a05502f60635ddfc17292c56880b887b8cc5d0e455118e753b2bdc526b84fc3e947a16b42139c218057029f781a233c26a98a641194a5e3feddccb88b70d5d7c2b2afae10e17665ce164294d138dec80caa25fcf1d737ce7a43cd3ed3e758fe77ef6445fe59d06391' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 1, X'308204a30201000282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a063702030100010282010100a7870abc1f85c061858dd7baae24f61947abaa41f0e6bd85f9c83f28b175e980d0bc168f76cf6c199f18def3afbc4b40c0edb2d7accb3834cfc7bd57234d3c5de4b707ac737ea3478144255079761581f9cbdc41ff72809ad90ba069ad2ae7cf7057e29ee4f7a4e40c890c75de826c8768da16e9072af0bd1db6282902ade34cb1b9c3fdd00a8f0330328e18d477009ac5a43952fe05b7257b8b4e7f8f5288e858ef56ea3a031980d38b879e6327d949a8f3c19bf379c1297b3defc0a374a6ea6f1c0e8124247c33392ae446081f486f58bb41cbcba25915d37eefe0828408f7f679841588424ef59b6dee30805b926fa80e7ff57cb4817167ca72bf51c8cf9102818100da567b0cbbc426e4455ffdd1b8013644d9f47785b05b163a0155c81d57c0cd84fe73aa75125caf116de50b7adc369707ed91127db7d4422bb08cff5ddf91f4a0e5fb264e098fe6fe62f8a2ab933eeac41893f365d8165f79143855b5a5b7dc31c9b34a9d453ee7c8d7b24f89e3ed51bfeadc2e1102308a967b241dfb44c8ad6902818100d7dd78437c533a15fd1dd6b0634334e79c31d215017f5a8869e42cbada3fb09167585e087e72f91575441f7cca9a64246df57f0e45f1ae86a289a4307586aa1cc3cd069c65057cc3b0baac3634064e53179bde9af2531a5af2770a1d7ccbdc263f18299ad2ec0d224b718002633a546af74c7cac72ccdf253ab4370137bf829f02818063b2f5c15cc43716296fa9d167fa75b37eeb18e0dd24dac365f4abca6a55ca031ec5e6624b1e337afbf9890273282253267206458df9c8b5768b0bd8ebcc142e9c95d069f607d5ecf7789d9f473f85a841a8dd8df5dc518052715f01f14841ae22725271fa3abd5082de135fddca7277f660d05047f5ae73048bfb7ccf6deb7102818028b2b4ade48ebc70d0dc03521624e1a0992e3b71826ac462dbb40d4add430cc31d3ce7ddaa197b24b48b37748bae381b363006d8660f7edc1b60dff7d2f0a4b9efa0841290694c7088ad69327ef48167e1179e0c908b6278ab260e5e28dd36906f6cdacb39e10f48dbf8762dfd0f4e432c84db2c98285019f0cb7163656351f902818042a7d7d7f9416b3f3b50cf5815dfbc249cd3572e494c76d1ae99dc1e8bc63fbb32e5c18d5c4f90681e9046999cdcf0826f904350b9d67227f606382d9c7b3b1332d22744b2cefa691ab82dbec8e976a406b0902d0f4889392f80d39e2581ac42feed9085964650485e34811b04fa1f34c47cde5cbdd1d20f30111851a3c187ca' + 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad51020301000102820101008a86f560a12fd9b2c6b5646395b757db116b7108c1ebe399f3a43275f213d0f4b743a5fa9e1a0dee1823f6b30f984b3ecf0b20330e8aa7515d1adf7fe6915d1a0e17e6a0911cf4823ef5fe6adb8c6f3a86da86d9579f1b6dc622bd4320e79fc411e1a72360e4e1023ce8d60df2aa5cf3a420361ba5bc9b34f6d8e578fc8067aef457ff2a5a91f7c7c8a4f242cc46ab1cff18d6d1a4d8b82b5791df1f18a04b8cb2da235c3a795900fa7ffbbcb4b1d079a504673794eeca5e75c8c16ad2558965453515f57180b8dc518710aa874cd3bcdeddf109d5b553c27a351437f9c1bcdf8940f3ff8632dd59f6c8e01107b4bbf49c6c5409b6e9ecb29eada333800fa5d102818100f5537045d067df4d786df67e1cfea01ce3ca6de3f06be48efd8b4dc48c1ec19a711003875ee202343c851c8f970d2160a2e4d1108da6437af6bccfae803f61fc450582a89aa0906cba65fc7033aa584c1a2a17e96b2f368951aedaa5261f6e1c14999cfa7f4c4091890eff281cb4e6f37209f4b6d5778607caeca0a15137746d02818100d96e379ba5b4ed604d84a7ed71678a1f23391b749a697289bd3bee5d17985af89264f5ec35d3e37b1e44d6fdafec8a78ae199e0bb680f59f9800bb894ba5b31ee964f3ddc142f361835cf49a1edb75330f44f33c26c56e0752ae3fe0df760838b6437b99a131cb544d64da996baf3bc3f5709cc75f134b048cdebbf8bed1a5f502818017e2d8e2a34909cff432d8b62cc289fa661f7695a3fa0d55f2cfd67195a704f8b19b7a8c7aab8cc563431ea5c87249d6abe595898411352ecac9557b4b1760c5fc3e6e1b567addb5086d17a8210fabeb34fcf6390eeb98e6c3e23f7da6f99671fb7b7d725264ad40be548c796e5a1ac6874afaddb6691dceb26e59b17b43e7fd02818100ac90cb559f089fb56510b9eebba8bf78c30dd9fa8b6ad15afc738a551c1af1688357d9cea5520c2374fc91dd3a38f4159fa7f945b68d576458d18c0605a1f72dbb734211680768fea5b1aaf87f31122d7a1af12976640f55848b836b482f778afb2d47f5c077b2b6afce31a8be4c8f949141d54c6eeaf309237ccb973a6b4dd902818025ec4178c7f7c017c46a93fbdb72e2e3b199ae33c9fa6834f81b75b481cd6756124c744c821b126b07ea9852dc58de40cc87f160209d8af3b4bac4862778d3e21cbfdfcdbbfaad8911500f43a43041b88eefb27c66adfffeb9c8add95d1a4ed05f0bd81a4eda79fd4a0885a4a3bad0dcddecf83401c19df721d6cc7163c4125e' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/ipsec.d/data.sql index 5233806c7..425c180a1 100644 --- a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 202, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25' + 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave@strongswan.org */ - 1, 1, X'308204223082030aa003020102020108300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131323635315a170d3039303930393131323635315a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414de90b5d11c6c643c7450d36af8886ca31938fb72306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d0101040500038201010027a2d727384d2d2432f2f15875fa7693db3af1c7d5317cc21e1658f0843a918875d22c301b08e9c05a8aa3f02f6b8ae6705bb508988210f494fd19d92db786db21c1b6e6b18c0b7baa3fbd427da033fd2c08659daf9bc26dd99cf348c1ec139a9b8c32110199eaea08913f6b3a3d5b0c3d2a6f1f7e2c45b13452858949db416493f96dbf93e2173d81f99bc937b0c0c9e3874f4a90626a571295502ff5cf553dcdbdd7d4673dcbecc8ebbfc3e3ac0ce8a75120d6aa3dd2b6e9a61114cfbf0cba137c5934eddb32cfb96dd02fbf8adc903afa5f8d5959fce7a94fdd9e5a7a3816e35126e50fe7f818887bd2b2365b6b3a86d36a86849e9582d193e6a20b513988' + 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414ee7f38daeea1b81a41777f78f2674be8439d8e0e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101003201bc6ba4cb53011c378ef070b9aa5a1d79d3a69cfe4e45b27d7569813c2d3e57f7adb84f9380e3853db28323132356b3a2a3eba1fd9a05b0eb0e57424903ec64072ecce76bb8a28ca36090c202ee0455cbf89517d21888a454b56591c0d9a0cac94c383b20033af0d4f2bd7f5a2c116fdd537583fd9c4bbda8fdf4934be4520f0309b0a63c8d7f3156b157387d2d1005c8e1eb9ca4825c6ee84ad995166d987f7a44e074b55ba0eda269b23eceda503e5701a41daf70d8288fd36b3a14eade60d9a12a8a0bbea63d8caa4e62749931e55085bd45358650a1c97e8d34d8c936757abb9622b9ab5c758421a424c1b319c1a0cfb0d01bcd38297ed4f760132d4a' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 1, X'308204a40201000282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b696228644502030100010282010100903fb9caa2d8cd5454974a0e12bfd1fad5750e95ac58e462954194c4fcfed690130844e1186d7a04df9a20e2d62f26d20ba17f8a6a990b6bb0a788a0d2b7527b654fc38adaf2372eaffc7b036178c4639e63a84042f02993c8ac25ddf6b43ad34413b396b0a5c2e05c8c274db1ee025bf5fa9ad7fb9d5e75ed044606974835c7fbc39ae84b80acaae9e9624e6fe8ac0ca318ad8a7d1c6ed3a79261464e6ebdb9c02ef20cb1c206c58718d542ed9cb1428c5c3cebbd58dc25598bbdd9924c75fdfeac881949e5f10a7dd4dc25800bdb4bd479ca0bfb706f25847361b2d2565a412813273691b4a3a5a814dce52cdbe25d626e6c9e000ecd6a75cac275187e265102818100e596d3ee25cd98563b12bf718c0ce7e7a823ae8c84f1021552b6b0bf220b7e012861510ab49d612fe7ba05a202edf4927201af0f33f4137481811f884fc46723f94db8ed69b283376f3141ad7e6f0f52afee60e537111c5bd94642564981a822e54edb6797521fb5870c772993ff517ea9c24adcd9dc502f1364d26a3f05ec4f02818100dd3f81e8a4f463488db2b048f2ef208c1c98ee136636b6449cbd3424c93ab25916908823a1ef3a23b4798c77f92a3e29b9469f8014c6b862e23ab5fe6000f9552de01f72c0a1fcc731b0867a3bf1d27596fc9da6ecd74931ce120b1687d2a67b4e4fb32b7fb750b46645aa38ab011a4d5fedd53d20e5ae3a4a5551b6cc5f5d2b02818100ba744b9954ca2bb59c341596398f21a7593de13bed9b6d7db3b6fac3befa6652ba608e588b6664cf6afa00291b07f5601986948d5c3c14b0c19c03e7c82051433dec890b06941b4ca1d8f6e5d7908a7934b7fba92b9791d86614513b9266e20db4fcdde2bb59ceb6b5fec1a7dab1b7958e786424082a8c542f03ea7eaec038b1028180055e2312b7ddce02d69d3d35a7df3154f4e4a8f2038ad44539e0454197383b5779faabb2e19ce236378cb361bdc3ce9a488a74183168d8d45d54bb519e96a775ef94fe6e544a19cde360bb02802dcfc356946e66bc5c44c456918d7f507045e5bbf2a710291b13742cff07b03445e49377fe572c127e4009ddffcfe9b56fa2dd02818040d41f525d885c951dca35924f46e4e7f4e43f4ea2e670230deb674884f5b8599a368b1647dd87523c4fdb62661f6543edecc9ce48d4a7b8b2a29de21fd438a9cf4823b92c85180b390c4f8dfbc196628d349fed1edd32cba5c063e2739d2153d3677d4815e55b8b4e9d0989b32cf0060de2ded4cd59edf6a4364cb55aff9276' + 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001028201010081e2de1d60f294f715c39d5e03f9b8e2ba4bc44099f77b917b67d76845eba48302714256982239021ba99918ce87d3ad3707ce248d1ccc5a4cb0fb61e7161c90b35a2637f0bb600d42f64cabfc64c58168d337b609344b81851a4471db8ce11e794c62d714af1bf13caa1d40408ef3a8e2a8bf04ed4a87a4a9be47f5becf3777d7254cf6ab0ff4f3e109235334796b030a1e03951a0ae64e224b3226a8e99174825eaa877efbc5cde0cd075687a9086f645654bda547f8927433f8eecd9ecfcb9b30ed6ff66bb4e5b7341f9626095798e279338e554045d0ae3ee94a1f10644ad88f10e7e7199923d45d5f8df2283859c3f4c41262426e654a04e895a21bb40102818100ea2e632ed6d314655c64eb6a18d4f492fea379ca091426bd7f381f1cbd7f1f79b73d694b9538ec693b245992f6a2a1b292279db9698eac40e43df3aa83b682ca5ab60ed07d02692e16c65cba91ee9aa9f768db2be9a1e0a213a93651a6886dcd35aa3f116ea73287a39a830cc2779bc02b9c8566c4cf8cd25ce99fa030ab965502818100d1ec351dafa33fff13a64c4a980a6f697735e705c1dc2a410b738210f4c059cd058579e4324d46e5bb0c1e6df4476d1a00206f66cf1be23645db193c69cbd04539f87e2b3f4617046031a1575a16a8e71b998844df2601d9d67958421f75c19943f53857b56a08583320b48a85def15b75c9ac5e4a232363824ab666b60ca0a102818100879dbf8083960fccb75a165f05ec658aaefe7aec3e9fb5e3adc611767263291632c0d4b699bf3261aa875d7c576a4d5bfd7a05c4375611792ef495a4dccc182819aa2f201c15065653882271454bb9b3ce7ca1d8675f80983bec95716990be8dc593471cd048f1614da4905a1650701934e85af4edeb083156ef50aad324bb5502818100814232ca9eb5a4d8499f2266e40bb8e275f708d3b0b502879ea777353d9f9b2bf4f46543affd896437b294a21bc24759b52e43aa4868e0f78e3804e80034f17f4edcc5c397686f0fd0b37ea72cdfbb0ce31fbc9abbd4c95afb0728e33e3fe1ff9faac510acb2278537a631c501fd6f1c6400d45412ce642207be3d662d3ec54102818055a928e09d9801f683ebb625e6ed97396ac1cd55b358d7aa06c8801759c2a51d517de1f88c537f532fea6cf563766d7818dc1de70b48d31c0102cad3562b7bf03a310b631428c22eabdc5555a90a5fc5310660a795d916ba1b57c09587f697d09dc092ac469e71f0e42fc6153c35ffe177898ea1e92aa6f28d3b86bfe30ad58c' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/ipsec.d/data.sql index 51704fc98..a062ac167 100644 --- a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */ - 1, 1, X'3082040d308202f5a003020102020103300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313732355a170d3039303930393131313732355a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414e5e410876c2ac4bead854942a6de7658303a9fc1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d010104050003820101002f2f2921667aa576bb0c71b601dfa5b358a93e84e8a1af9754ddfbfc67879cb6c6b7833c5749e7c30b11a87b3549e105dda5d371c459f7d40fabd60c4ac8623924be84c96cfa638eb6ce9f6513b9d61080b895d270c405eacc310c709a613b6f61029c94f535ac5836b890be402ad2c52f01f7fd4bff8c0cc0cbea9720ef21c0bb41fb0726852a3c38563d917fdcca186dede6fbc83febd9edf0541382464ee378f7b8c9684df0d2402b07eb11dd4a886ab5e7299d99ea2686994746c2d9c00d95b02b2950d67f7978c6db5b379c4a3170239c414cf743bab866005366809690073a150e73c6866b9b335616acdbd3a8e651596dedb686b5d8d3eeb12df9d729' + 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001a382011a3082011630090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604146a9c74d1f8897989f65a94e989f1fac3649d292e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730130603551d25040c300a06082b0601050507030130390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101009cb57836c5e328cda4d58e204bd4ff0c63db841f926d53411c790d516c8e7fdaf191767102343f68003639bda99a684d8c76ad9087fbe55e730ba378a2e442e3b1095875361939c30e75c5145d8bdb6c55f5730a64061c819751f6e4aa6d1dc810fc79dc78aa7790ebaac183988e0c1e3d7ba5729597c7413642d40215041914fc8459e349c47d28825839dd03d77c763d236fc6ba48f95746f3a7b304d06b3c29d9d87666db0eacd080fb2d6bdebf9be1e8265b2b545fb81aa8a18fa056301436c9b8cf599746de81fddb9704f2feb4472f7c0f467fb7281b014167879a0ebda7fae36a5a5607376a803bec8f14f94663102c484a8887ba5b58ed04ee7cec0f' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf index a747a6cb1..e377047a4 100644 --- a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf @@ -6,7 +6,15 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql +} + +libstrongswan { + plugins { + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } } pool { diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql index a5e0afcd7..c4424bd89 100644 --- a/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -27,7 +27,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); /* Certificates */ @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */ - 1, 1, X'3082040d308202f5a003020102020103300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313732355a170d3039303930393131313732355a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414e5e410876c2ac4bead854942a6de7658303a9fc1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d010104050003820101002f2f2921667aa576bb0c71b601dfa5b358a93e84e8a1af9754ddfbfc67879cb6c6b7833c5749e7c30b11a87b3549e105dda5d371c459f7d40fabd60c4ac8623924be84c96cfa638eb6ce9f6513b9d61080b895d270c405eacc310c709a613b6f61029c94f535ac5836b890be402ad2c52f01f7fd4bff8c0cc0cbea9720ef21c0bb41fb0726852a3c38563d917fdcca186dede6fbc83febd9edf0541382464ee378f7b8c9684df0d2402b07eb11dd4a886ab5e7299d99ea2686994746c2d9c00d95b02b2950d67f7978c6db5b379c4a3170239c414cf743bab866005366809690073a150e73c6866b9b335616acdbd3a8e651596dedb686b5d8d3eeb12df9d729' + 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001a382011a3082011630090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604146a9c74d1f8897989f65a94e989f1fac3649d292e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730130603551d25040c300a06082b0601050507030130390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101009cb57836c5e328cda4d58e204bd4ff0c63db841f926d53411c790d516c8e7fdaf191767102343f68003639bda99a684d8c76ad9087fbe55e730ba378a2e442e3b1095875361939c30e75c5145d8bdb6c55f5730a64061c819751f6e4aa6d1dc810fc79dc78aa7790ebaac183988e0c1e3d7ba5729597c7413642d40215041914fc8459e349c47d28825839dd03d77c763d236fc6ba48f95746f3a7b304d06b3c29d9d87666db0eacd080fb2d6bdebf9be1e8265b2b545fb81aa8a18fa056301436c9b8cf599746de81fddb9704f2feb4472f7c0f467fb7281b014167879a0ebda7fae36a5a5607376a803bec8f14f94663102c484a8887ba5b58ed04ee7cec0f' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql index 0d772ef10..d70481715 100644 --- a/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql +++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -27,7 +27,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=sun.strongswan.org' */ - 202, X'da9c6fa72dc33363ac09b99af29085bedd48dc27' + 11, X'56d69e2fdaa8a1cd195c2353e7c5b67096e30bfb' ); /* Certificates */ @@ -41,7 +41,8 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=sun.strongswan.org */ - 1, 1, X'3082040b308202f3a003020102020102300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313535335a170d3039303930393131313535335a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b30190603550403131273756e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100e43c7e807d879059f76800e499104c936ea05e85033a2af751a1ed3a36eff83be29d35f92527b126817cf98d7c6a786af752130cb6756300ffbba3d036def0c10ab2c373b69d0942e6e9dacee7f26aeb40b1aca81e98012d3d97be570e34b7caa4c202d1f5903e33025fe3fc0c9e401b8b4780b2244982feba83dff6bea6be3609a963b85060051a424d4a54e2696c95949eceff70bbad4fc131716fc5439411d477f9709174e12a0537b848564712da8694a57441a68934e6c77d24fd76ce305da71ce6c41ede4463db9644619b8fcd5945688d93474db5ba677941effcdbdd58b739f7533c70418441d596d974d56cbd8637aeeaf217731a022f6fb4093cc70203010001a38201043082010030090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604143dc4b9320816f242645eb74bef575160eb3e6ad8306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301d0603551d1104163014821273756e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d0101040500038201010019042ba2201ad12c30849a6b19dece33eadf0490066ec6b70cfcc509f1d7d51ee26720ecf5aa61d432be22051adfbec4bf553ba01d0495da663a8249ba00a3b4d2dfa56dedd515c11112ff41fa4edbe54f5addd27d9d0eab8f238aa0753152cc6513c22026444234f8b09dc762ce59bae72ebe8c5e331deb4381f152d1ed303dd2e4934cc05162397023c88cab4e56fb62e4494d3e6113e466b3c1944395e7b7bcca67bc9fa122c5cf2d3f70b14f750bc4240ef0f1cace0c26690e010a547572516bb2b753b8e8ddf27547c3727289a10f475879b7c426c37b1e4c1d39ef9b59644adc7bd4218ced313a54fcb4dbc525ad2c3426a130095c2cb5e8b670ccf080'); + 1, 1, X'3082042030820308a003020102020116300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373039353930345a170d3134303832363039353930345a3045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b30190603550403131273756e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100df95548a67e90e63694fff10dea9e80e5c49f51f8412b49856b695a145661fd8d21eba017aaaad0dd7f75ee1ed836c4a4ebca28c18f61f48de03b1ee135506c26bd958dd602f9bd2ae4d4e16b4f7f0399a29affe9ad88faa34c9ac31a0f8e80ecf5887b0fb29ff85f1f920934b2d9472595fae89edd36b1576e0d7106577e129e4eaf615b119f50594a51413ba176936dff8f58bb1439f437a663d2116f0b2b2821c7d261ab26c0dda9e6f46a9fbc42f4971e30add5fafd30d29668014040b2902387b475ad67b4f08440b784f37dfe34d441806b9f9342aa193dde017aabc5af401085099d570f7b141da94323714a5715bf1637345607c1208770432ba16c10203010001a38201193082011530090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e0416041456d69e2fdaa8a1cd195c2353e7c5b67096e30bfb306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301d0603551d1104163014821273756e2e7374726f6e677377616e2e6f726730130603551d25040c300a06082b0601050507030130390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b05000382010100a37ecb613f40c31d0c2bf9c0159a4f26a52bd04cbe3b952472c771ee7774d12966a6241163c2a6b915c20509c312074bb2d777b254234f4a49120585d29cf1c9b9c8e9e3b360084b7e16abb7e5f58544623466d78e0826dace08e7e2b7d9b54890d12a96c62777fe85f68a3964d3b4fde4d3aee2d97e435eff372104629efd9ecc69c57095859609b32d055e0ad5de5d19c45182943d5a2bc39666ad361f7096c7034a04869371c991bc67abaf7954def351b0d6014bd65a15796c80e394047fc724fd029a88c62c95551ba57d8ac4ed4d391dbb7a1a002ba0028ba7aa89ba9f7e4f14002928ca23027485feceb98c90f1366d5474bb00e866f93ff91bf8c618' +); INSERT INTO certificate_identity ( certificate, identity @@ -72,7 +73,8 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=sun.strongswan.org' */ - 1, X'308204a30201000282010100e43c7e807d879059f76800e499104c936ea05e85033a2af751a1ed3a36eff83be29d35f92527b126817cf98d7c6a786af752130cb6756300ffbba3d036def0c10ab2c373b69d0942e6e9dacee7f26aeb40b1aca81e98012d3d97be570e34b7caa4c202d1f5903e33025fe3fc0c9e401b8b4780b2244982feba83dff6bea6be3609a963b85060051a424d4a54e2696c95949eceff70bbad4fc131716fc5439411d477f9709174e12a0537b848564712da8694a57441a68934e6c77d24fd76ce305da71ce6c41ede4463db9644619b8fcd5945688d93474db5ba677941effcdbdd58b739f7533c70418441d596d974d56cbd8637aeeaf217731a022f6fb4093cc702030100010282010023a787a38ef8a486496e07e5ae3bab9ac4876cfc9e7a71c7dd0accc2715e9f8acb65ffce820d67513a9d4966deeecb0cfac1e993ecd4fdb8643aede6530c14d43355a5cee7d234662d288f340f6c0163eae156b594c1ee3d2108198604041c4a1ddee90ddfacbeeabd0e39d1602f40988cf388994bade836def0470686d609949ff93a8f7e32e2a5240f915fcc684591e9330d2e786d11b08e14c0ed70543c072c74da083dc8a1a2480b5f071d03c97a2c11ac938f0737b3be09839d878c5bea84389ac80f103de90c8328411a6da9c3d0eb2d6a25a88cfc3f12bdd5f6653166fdb8768e51af726e6c586f157520d1aaaf6bd180a2e0a950cc0d60380cab31e102818100f5d01511e82f46b166e15ea10bd080c324ba7e23aac7f974c5ddf9e17bf857abd1ea7eab2b00c592ff7a038b0c1fe99d35fe8cc3314508d5bdcd957b9e8108bc0c8f01cee333bb7f1e6b79338d438837b4449a562847509448f6a9df05a9c6386150c41ff4dd721c08be8587943dacca45bb7a8b1e098e66604a103780a2c23f02818100edb1efa9d6b3d92a06f65ca3f0ccfb5ed8636192de6b12aeedca6a3f96eacee45291516f89bd162a825fc2c7b0ccee610879dff32303dd6a78029d856283765df57f8d0c87be5a4c964c6ff9b537f7f1cba2c761cca6ce26caeef646c109a0111c05626afdcedc97d5dbf1be73047a9cf08d8dc4ec21caad12950eee439f53790281800a60d9b2e2d9b42363539a9a34147e8b3eaebd0aa67840f9042da6123618bb22deff06901585b7d1c8058fc6bc2150ccb96de0e590dbf84e85effb22b8037ca9ebe1d1d2b95702d090293b79c8ba14333de2339df59f65308d901485fd0838fd426695913fd665adf7548bf0b87a8e241023a53de06bc8de5bac64d8e30e7c2302818100b4ba4445d88faaa0ffe6360e18bb62ad7cce23946e34ef61be3fd7853e148ef69fa90a484a6c50fc4560d652cb252662f4f4e5c892690fe332189af89e2ce2c51232c7662d9818447f4ae320f41ef8110b0a5b9b0ae6117d0173ac21a408d381eed251409476c2d757ae02231284e74d88c1b877702b49554af9b6fe86c00fd10281807709b9327a76fefb7af5b730564f463147db9a6291ee343d69922e00ade4f576e4344bd941b4a4ebadbb26cdf5b8902b9bf7efbff7183ede38bf9a7311ce0e35a699f784156d18949d6851bfcff0d96ab129c7bd4a08a9adb82664d74bf5f38e0c501457f3a34735ff524b746eabe422d35b11ead44848389b28c1396b0b35ff'); + 1, X'308204a40201000282010100df95548a67e90e63694fff10dea9e80e5c49f51f8412b49856b695a145661fd8d21eba017aaaad0dd7f75ee1ed836c4a4ebca28c18f61f48de03b1ee135506c26bd958dd602f9bd2ae4d4e16b4f7f0399a29affe9ad88faa34c9ac31a0f8e80ecf5887b0fb29ff85f1f920934b2d9472595fae89edd36b1576e0d7106577e129e4eaf615b119f50594a51413ba176936dff8f58bb1439f437a663d2116f0b2b2821c7d261ab26c0dda9e6f46a9fbc42f4971e30add5fafd30d29668014040b2902387b475ad67b4f08440b784f37dfe34d441806b9f9342aa193dde017aabc5af401085099d570f7b141da94323714a5715bf1637345607c1208770432ba16c102030100010282010031f9d618cddb393d1d5825426713016cdc5227b970b321acff8cf66b42f0ede3702c30158e8ec1f9db314f031f2d0632a1e0e6507c6fdf545153f01cb0338c3c3f11291cea9819b381048494ecc492ecbd39de3e01ecb048325e75dfee045512a2643e885fcbe672d140877885105e2325390ef183b883321c0d6be51d592b79dfd0f3b522a29509f6c5d3d98c59cc4f4fe9aef978340ffc667e78fd27560eae7245d2d66fa10ad55ef2277ebcec65d1d63cc6b60cbb4d7ba77142554d8817ed174fd539fa8160fc60043f45f4f40dd5989b85874a049bf7f356f250591f6cb2de183e94d8287d712f4df0643b94325b7d4b22bd2d095eb384921c63d33168a502818100f6c92d6977e13cb7b41028dd79010eab910ab83ac2be248a08eb8057804348eb1dc3afb92d67d855bfe891ef0def494bdd109b95c8f5a4e296522d8efd2a4425d0d176e8b0da033d717b77fdb0a14931c2e13b08c7137f0dbf4e1a0ef6919e2c458e40bbecf20004180705e1156bb1d7de09939a8ad096e5346f49e5032a643702818100e7ee610601d43043bea5d304e6502249ce4f70d4de8e903a8fe3a2902878fc7157cb70bf74bc7e0acd7e7a0c3ae1cf2255a22f344a3b9fb13d2347b75ea6a73d15e1327051acffb7f4e56c58f999d7c2e2d878bce0ac09ca2f18d759775c93aa698a45c0c554b99a7147475f1b993fe46c13fed12499006094e806de6db350c702818100e26dd577d6a1579769e405caa7329c26388f3057e1c49a3bf85133d19502a74dea6258c1bbf272e0c292fe0aebab28822dd4061cd964e123712ef75421defce601819eeb8310953674000829413dcaad9894151949a70ec52b48dac9eddbcfd7e8fdcb5161e6ecb2d4e4e4b50f755f98a3c5ffa325489b9ab39084a9564d37e302818047f5087b21a42099541404a55783732fece76ebd4c9374a206b47c62377c59ee1c6c0cfe098cd59a2a695c1a61465fca6a41185e23cddddcd27818af0699b3f75acb74a7ae5f7b332ab2e76baf7d1098f162720b3fb580900f0ea8f9a3f3c008b617e54e4aaadfaed0086a5752abb84bf95036d5d281f9c0fd5203978cf77e4f028181009b29e83640d4b6aa13c81bd79aa890d13aec66c5bff4eddece05cb60320c55bca86a5bd856e364b2809e7d7f2cf94231416927dc39d7f88242b211ac15a38e7fabaca6210537ed1e2f178096f59dc27da21bc09a7b2dc1d5cc7d3bb28fc736c66e6ba19609208b254e4c782462673936445892f4a21a2cfe2066776fe255ce89' +); INSERT INTO private_key_identity ( private_key, identity diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf index 0595de2f9..4d7891f5c 100644 --- a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf index 0595de2f9..4d7891f5c 100644 --- a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql index ef9c228e1..983f1bf35 100644 --- a/testing/tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-cert/hosts/carol/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 202, X'985c23660cd9b9a7554da6a4aa31ea02230fd482' + 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=carol@strongswan.org */ - 1, 1, X'308204223082030aa00302010202010a300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3035303130313231343331385a170d3039313233313231343331385a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604145535eca6eba279baef887f18438fd227b16746d1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010405000382010100b1304a7e65d72573468853e8cedd398bf3581cc1e6b4054b9c8d97c3caf0929035dc5e274e7b3fa5fef52e7860bb06aab5ba40c5f1ca55806b4cd873f133ded948b3c89cc81621e2eadee5fc893b48a34e4462a45ab09c41200918f68ea36babfacf4099aa349b8b65841eb1e416b90e4eb462edd786cdb0008565633a701fcd2c416ae8e4754c5bea3181736179aa901e5526c4fac031ce649d851c85ded514c25e3269b0739a879d273950e1a9ea8341b5e1049c07181792ad37da02aeccd555c56469e8e15a9e72860b520dbec05662d37adb08d79575e133f338b0116198fa5fb556fe02682bd634aca535f6750b0daa123f5ad36f2e67caa260587f1aa9' + 1, 1, X'308204223082030aa00302010202011d300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130343435315a170d3134303832363130343435315a305a310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e3111300f060355040b13085265736561726368311d301b060355040314146361726f6c407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad510203010001a38201063082010230090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604141fa1a988d9648cb5a0a2546439b4f23d745d6e7c306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301f0603551d110418301681146361726f6c407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b05000382010100bca6a5f72ab4b329eba519dcf2740578846c180775a2074da82769e1e4c241bbb2742a7e08564bcb507492661491c71e79b5065f758aad5d54bb66ec86fbaad5eec6f9f794884707e42c07636efbf4c99225e31c7c8f9d0adf2311fbd6975b535218f1246fc06305432b1769231933aaa26a3c388cf2237ebdcfd909aed1219d2dfb9c771da5ec190b5c077167c9eb077dc319b3d9d5579a05502f60635ddfc17292c56880b887b8cc5d0e455118e753b2bdc526b84fc3e947a16b42139c218057029f781a233c26a98a641194a5e3feddccb88b70d5d7c2b2afae10e17665ce164294d138dec80caa25fcf1d737ce7a43cd3ed3e758fe77ef6445fe59d06391' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=carol@strongswan.org' */ - 1, X'308204a30201000282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a063702030100010282010100a7870abc1f85c061858dd7baae24f61947abaa41f0e6bd85f9c83f28b175e980d0bc168f76cf6c199f18def3afbc4b40c0edb2d7accb3834cfc7bd57234d3c5de4b707ac737ea3478144255079761581f9cbdc41ff72809ad90ba069ad2ae7cf7057e29ee4f7a4e40c890c75de826c8768da16e9072af0bd1db6282902ade34cb1b9c3fdd00a8f0330328e18d477009ac5a43952fe05b7257b8b4e7f8f5288e858ef56ea3a031980d38b879e6327d949a8f3c19bf379c1297b3defc0a374a6ea6f1c0e8124247c33392ae446081f486f58bb41cbcba25915d37eefe0828408f7f679841588424ef59b6dee30805b926fa80e7ff57cb4817167ca72bf51c8cf9102818100da567b0cbbc426e4455ffdd1b8013644d9f47785b05b163a0155c81d57c0cd84fe73aa75125caf116de50b7adc369707ed91127db7d4422bb08cff5ddf91f4a0e5fb264e098fe6fe62f8a2ab933eeac41893f365d8165f79143855b5a5b7dc31c9b34a9d453ee7c8d7b24f89e3ed51bfeadc2e1102308a967b241dfb44c8ad6902818100d7dd78437c533a15fd1dd6b0634334e79c31d215017f5a8869e42cbada3fb09167585e087e72f91575441f7cca9a64246df57f0e45f1ae86a289a4307586aa1cc3cd069c65057cc3b0baac3634064e53179bde9af2531a5af2770a1d7ccbdc263f18299ad2ec0d224b718002633a546af74c7cac72ccdf253ab4370137bf829f02818063b2f5c15cc43716296fa9d167fa75b37eeb18e0dd24dac365f4abca6a55ca031ec5e6624b1e337afbf9890273282253267206458df9c8b5768b0bd8ebcc142e9c95d069f607d5ecf7789d9f473f85a841a8dd8df5dc518052715f01f14841ae22725271fa3abd5082de135fddca7277f660d05047f5ae73048bfb7ccf6deb7102818028b2b4ade48ebc70d0dc03521624e1a0992e3b71826ac462dbb40d4add430cc31d3ce7ddaa197b24b48b37748bae381b363006d8660f7edc1b60dff7d2f0a4b9efa0841290694c7088ad69327ef48167e1179e0c908b6278ab260e5e28dd36906f6cdacb39e10f48dbf8762dfd0f4e432c84db2c98285019f0cb7163656351f902818042a7d7d7f9416b3f3b50cf5815dfbc249cd3572e494c76d1ae99dc1e8bc63fbb32e5c18d5c4f90681e9046999cdcf0826f904350b9d67227f606382d9c7b3b1332d22744b2cefa691ab82dbec8e976a406b0902d0f4889392f80d39e2581ac42feed9085964650485e34811b04fa1f34c47cde5cbdd1d20f30111851a3c187ca' + 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad51020301000102820101008a86f560a12fd9b2c6b5646395b757db116b7108c1ebe399f3a43275f213d0f4b743a5fa9e1a0dee1823f6b30f984b3ecf0b20330e8aa7515d1adf7fe6915d1a0e17e6a0911cf4823ef5fe6adb8c6f3a86da86d9579f1b6dc622bd4320e79fc411e1a72360e4e1023ce8d60df2aa5cf3a420361ba5bc9b34f6d8e578fc8067aef457ff2a5a91f7c7c8a4f242cc46ab1cff18d6d1a4d8b82b5791df1f18a04b8cb2da235c3a795900fa7ffbbcb4b1d079a504673794eeca5e75c8c16ad2558965453515f57180b8dc518710aa874cd3bcdeddf109d5b553c27a351437f9c1bcdf8940f3ff8632dd59f6c8e01107b4bbf49c6c5409b6e9ecb29eada333800fa5d102818100f5537045d067df4d786df67e1cfea01ce3ca6de3f06be48efd8b4dc48c1ec19a711003875ee202343c851c8f970d2160a2e4d1108da6437af6bccfae803f61fc450582a89aa0906cba65fc7033aa584c1a2a17e96b2f368951aedaa5261f6e1c14999cfa7f4c4091890eff281cb4e6f37209f4b6d5778607caeca0a15137746d02818100d96e379ba5b4ed604d84a7ed71678a1f23391b749a697289bd3bee5d17985af89264f5ec35d3e37b1e44d6fdafec8a78ae199e0bb680f59f9800bb894ba5b31ee964f3ddc142f361835cf49a1edb75330f44f33c26c56e0752ae3fe0df760838b6437b99a131cb544d64da996baf3bc3f5709cc75f134b048cdebbf8bed1a5f502818017e2d8e2a34909cff432d8b62cc289fa661f7695a3fa0d55f2cfd67195a704f8b19b7a8c7aab8cc563431ea5c87249d6abe595898411352ecac9557b4b1760c5fc3e6e1b567addb5086d17a8210fabeb34fcf6390eeb98e6c3e23f7da6f99671fb7b7d725264ad40be548c796e5a1ac6874afaddb6691dceb26e59b17b43e7fd02818100ac90cb559f089fb56510b9eebba8bf78c30dd9fa8b6ad15afc738a551c1af1688357d9cea5520c2374fc91dd3a38f4159fa7f945b68d576458d18c0605a1f72dbb734211680768fea5b1aaf87f31122d7a1af12976640f55848b836b482f778afb2d47f5c077b2b6afce31a8be4c8f949141d54c6eeaf309237ccb973a6b4dd902818025ec4178c7f7c017c46a93fbdb72e2e3b199ae33c9fa6834f81b75b481cd6756124c744c821b126b07ea9852dc58de40cc87f160209d8af3b4bac4862778d3e21cbfdfcdbbfaad8911500f43a43041b88eefb27c66adfffeb9c8add95d1a4ed05f0bd81a4eda79fd4a0885a4a3bad0dcddecf83401c19df721d6cc7163c4125e' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf index afbc20ab0..66be5fab4 100644 --- a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf @@ -6,7 +6,7 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } libstrongswan { diff --git a/testing/tests/sql/rw-cert/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/rw-cert/hosts/dave/etc/ipsec.d/data.sql index 5a4bbd5c0..9ccee6ce8 100644 --- a/testing/tests/sql/rw-cert/hosts/dave/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-cert/hosts/dave/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 202, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25' + 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=dave@strongswan.org */ - 1, 1, X'308204223082030aa003020102020108300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131323635315a170d3039303930393131323635315a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414de90b5d11c6c643c7450d36af8886ca31938fb72306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d0101040500038201010027a2d727384d2d2432f2f15875fa7693db3af1c7d5317cc21e1658f0843a918875d22c301b08e9c05a8aa3f02f6b8ae6705bb508988210f494fd19d92db786db21c1b6e6b18c0b7baa3fbd427da033fd2c08659daf9bc26dd99cf348c1ec139a9b8c32110199eaea08913f6b3a3d5b0c3d2a6f1f7e2c45b13452858949db416493f96dbf93e2173d81f99bc937b0c0c9e3874f4a90626a571295502ff5cf553dcdbdd7d4673dcbecc8ebbfc3e3ac0ce8a75120d6aa3dd2b6e9a61114cfbf0cba137c5934eddb32cfb96dd02fbf8adc903afa5f8d5959fce7a94fdd9e5a7a3816e35126e50fe7f818887bd2b2365b6b3a86d36a86849e9582d193e6a20b513988' + 1, 1, X'308204223082030aa00302010202011c300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130333733395a170d3134303832363130333733395a305b310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e31133011060355040b130a4163636f756e74696e67311c301a0603550403141364617665407374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414ee7f38daeea1b81a41777f78f2674be8439d8e0e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d1104173015811364617665407374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101003201bc6ba4cb53011c378ef070b9aa5a1d79d3a69cfe4e45b27d7569813c2d3e57f7adb84f9380e3853db28323132356b3a2a3eba1fd9a05b0eb0e57424903ec64072ecce76bb8a28ca36090c202ee0455cbf89517d21888a454b56591c0d9a0cac94c383b20033af0d4f2bd7f5a2c116fdd537583fd9c4bbda8fdf4934be4520f0309b0a63c8d7f3156b157387d2d1005c8e1eb9ca4825c6ee84ad995166d987f7a44e074b55ba0eda269b23eceda503e5701a41daf70d8288fd36b3a14eade60d9a12a8a0bbea63d8caa4e62749931e55085bd45358650a1c97e8d34d8c936757abb9622b9ab5c758421a424c1b319c1a0cfb0d01bcd38297ed4f760132d4a' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=dave@strongswan.org' */ - 1, X'308204a40201000282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b696228644502030100010282010100903fb9caa2d8cd5454974a0e12bfd1fad5750e95ac58e462954194c4fcfed690130844e1186d7a04df9a20e2d62f26d20ba17f8a6a990b6bb0a788a0d2b7527b654fc38adaf2372eaffc7b036178c4639e63a84042f02993c8ac25ddf6b43ad34413b396b0a5c2e05c8c274db1ee025bf5fa9ad7fb9d5e75ed044606974835c7fbc39ae84b80acaae9e9624e6fe8ac0ca318ad8a7d1c6ed3a79261464e6ebdb9c02ef20cb1c206c58718d542ed9cb1428c5c3cebbd58dc25598bbdd9924c75fdfeac881949e5f10a7dd4dc25800bdb4bd479ca0bfb706f25847361b2d2565a412813273691b4a3a5a814dce52cdbe25d626e6c9e000ecd6a75cac275187e265102818100e596d3ee25cd98563b12bf718c0ce7e7a823ae8c84f1021552b6b0bf220b7e012861510ab49d612fe7ba05a202edf4927201af0f33f4137481811f884fc46723f94db8ed69b283376f3141ad7e6f0f52afee60e537111c5bd94642564981a822e54edb6797521fb5870c772993ff517ea9c24adcd9dc502f1364d26a3f05ec4f02818100dd3f81e8a4f463488db2b048f2ef208c1c98ee136636b6449cbd3424c93ab25916908823a1ef3a23b4798c77f92a3e29b9469f8014c6b862e23ab5fe6000f9552de01f72c0a1fcc731b0867a3bf1d27596fc9da6ecd74931ce120b1687d2a67b4e4fb32b7fb750b46645aa38ab011a4d5fedd53d20e5ae3a4a5551b6cc5f5d2b02818100ba744b9954ca2bb59c341596398f21a7593de13bed9b6d7db3b6fac3befa6652ba608e588b6664cf6afa00291b07f5601986948d5c3c14b0c19c03e7c82051433dec890b06941b4ca1d8f6e5d7908a7934b7fba92b9791d86614513b9266e20db4fcdde2bb59ceb6b5fec1a7dab1b7958e786424082a8c542f03ea7eaec038b1028180055e2312b7ddce02d69d3d35a7df3154f4e4a8f2038ad44539e0454197383b5779faabb2e19ce236378cb361bdc3ce9a488a74183168d8d45d54bb519e96a775ef94fe6e544a19cde360bb02802dcfc356946e66bc5c44c456918d7f507045e5bbf2a710291b13742cff07b03445e49377fe572c127e4009ddffcfe9b56fa2dd02818040d41f525d885c951dca35924f46e4e7f4e43f4ea2e670230deb674884f5b8599a368b1647dd87523c4fdb62661f6543edecc9ce48d4a7b8b2a29de21fd438a9cf4823b92c85180b390c4f8dfbc196628d349fed1edd32cba5c063e2739d2153d3677d4815e55b8b4e9d0989b32cf0060de2ded4cd59edf6a4364cb55aff9276' + 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001028201010081e2de1d60f294f715c39d5e03f9b8e2ba4bc44099f77b917b67d76845eba48302714256982239021ba99918ce87d3ad3707ce248d1ccc5a4cb0fb61e7161c90b35a2637f0bb600d42f64cabfc64c58168d337b609344b81851a4471db8ce11e794c62d714af1bf13caa1d40408ef3a8e2a8bf04ed4a87a4a9be47f5becf3777d7254cf6ab0ff4f3e109235334796b030a1e03951a0ae64e224b3226a8e99174825eaa877efbc5cde0cd075687a9086f645654bda547f8927433f8eecd9ecfcb9b30ed6ff66bb4e5b7341f9626095798e279338e554045d0ae3ee94a1f10644ad88f10e7e7199923d45d5f8df2283859c3f4c41262426e654a04e895a21bb40102818100ea2e632ed6d314655c64eb6a18d4f492fea379ca091426bd7f381f1cbd7f1f79b73d694b9538ec693b245992f6a2a1b292279db9698eac40e43df3aa83b682ca5ab60ed07d02692e16c65cba91ee9aa9f768db2be9a1e0a213a93651a6886dcd35aa3f116ea73287a39a830cc2779bc02b9c8566c4cf8cd25ce99fa030ab965502818100d1ec351dafa33fff13a64c4a980a6f697735e705c1dc2a410b738210f4c059cd058579e4324d46e5bb0c1e6df4476d1a00206f66cf1be23645db193c69cbd04539f87e2b3f4617046031a1575a16a8e71b998844df2601d9d67958421f75c19943f53857b56a08583320b48a85def15b75c9ac5e4a232363824ab666b60ca0a102818100879dbf8083960fccb75a165f05ec658aaefe7aec3e9fb5e3adc611767263291632c0d4b699bf3261aa875d7c576a4d5bfd7a05c4375611792ef495a4dccc182819aa2f201c15065653882271454bb9b3ce7ca1d8675f80983bec95716990be8dc593471cd048f1614da4905a1650701934e85af4edeb083156ef50aad324bb5502818100814232ca9eb5a4d8499f2266e40bb8e275f708d3b0b502879ea777353d9f9b2bf4f46543affd896437b294a21bc24759b52e43aa4868e0f78e3804e80034f17f4edcc5c397686f0fd0b37ea72cdfbb0ce31fbc9abbd4c95afb0728e33e3fe1ff9faac510acb2278537a631c501fd6f1c6400d45412ce642207be3d662d3ec54102818055a928e09d9801f683ebb625e6ed97396ac1cd55b358d7aa06c8801759c2a51d517de1f88c537f532fea6cf563766d7818dc1de70b48d31c0102cad3562b7bf03a310b631428c22eabdc5555a90a5fc5310660a795d916ba1b57c09587f697d09dc092ac469e71f0e42fc6153c35ffe177898ea1e92aa6f28d3b86bfe30ad58c' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf index afbc20ab0..66be5fab4 100644 --- a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf @@ -6,7 +6,7 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } libstrongswan { diff --git a/testing/tests/sql/rw-cert/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-cert/hosts/moon/etc/ipsec.d/data.sql index 67570add2..b239402e4 100644 --- a/testing/tests/sql/rw-cert/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-cert/hosts/moon/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); INSERT INTO identities ( @@ -41,7 +41,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */ - 1, 1, X'3082040d308202f5a003020102020103300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313732355a170d3039303930393131313732355a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414e5e410876c2ac4bead854942a6de7658303a9fc1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d010104050003820101002f2f2921667aa576bb0c71b601dfa5b358a93e84e8a1af9754ddfbfc67879cb6c6b7833c5749e7c30b11a87b3549e105dda5d371c459f7d40fabd60c4ac8623924be84c96cfa638eb6ce9f6513b9d61080b895d270c405eacc310c709a613b6f61029c94f535ac5836b890be402ad2c52f01f7fd4bff8c0cc0cbea9720ef21c0bb41fb0726852a3c38563d917fdcca186dede6fbc83febd9edf0541382464ee378f7b8c9684df0d2402b07eb11dd4a886ab5e7299d99ea2686994746c2d9c00d95b02b2950d67f7978c6db5b379c4a3170239c414cf743bab866005366809690073a150e73c6866b9b335616acdbd3a8e651596dedb686b5d8d3eeb12df9d729' + 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001a382011a3082011630090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604146a9c74d1f8897989f65a94e989f1fac3649d292e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730130603551d25040c300a06082b0601050507030130390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101009cb57836c5e328cda4d58e204bd4ff0c63db841f926d53411c790d516c8e7fdaf191767102343f68003639bda99a684d8c76ad9087fbe55e730ba378a2e442e3b1095875361939c30e75c5145d8bdb6c55f5730a64061c819751f6e4aa6d1dc810fc79dc78aa7790ebaac183988e0c1e3d7ba5729597c7413642d40215041914fc8459e349c47d28825839dd03d77c763d236fc6ba48f95746f3a7b304d06b3c29d9d87666db0eacd080fb2d6bdebf9be1e8265b2b545fb81aa8a18fa056301436c9b8cf599746de81fddb9704f2feb4472f7c0f467fb7281b014167879a0ebda7fae36a5a5607376a803bec8f14f94663102c484a8887ba5b58ed04ee7cec0f' ); INSERT INTO certificate_identity ( @@ -73,7 +73,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf index afbc20ab0..66be5fab4 100644 --- a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf @@ -6,7 +6,7 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } libstrongswan { diff --git a/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat b/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat index 5de841c03..aca7b045b 100644 --- a/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat +++ b/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat @@ -1,7 +1,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eapaka.*ESTABLISHED::YES +moon::ipsec statusall::rw-eap-aka.*ESTABLISHED::YES carol::ipsec statusall::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/ipsec.d/data.sql index 2ea4f598f..d574e380a 100644 --- a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf index d0bbaf726..c45b3ebd8 100644 --- a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf @@ -3,8 +3,8 @@ charon { plugins { sql { - database = sqlite:///etc/ipsec.d/ipsec.db + database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 fips-prf gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql eapaka + load = curl aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql eap-aka eap-aka-3gpp2 } diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/ipsec.d/data.sql index 5d262877f..2cd45fbf0 100644 --- a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); INSERT INTO identities ( @@ -47,7 +47,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */ - 1, 1, X'3082040d308202f5a003020102020103300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313732355a170d3039303930393131313732355a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414e5e410876c2ac4bead854942a6de7658303a9fc1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d010104050003820101002f2f2921667aa576bb0c71b601dfa5b358a93e84e8a1af9754ddfbfc67879cb6c6b7833c5749e7c30b11a87b3549e105dda5d371c459f7d40fabd60c4ac8623924be84c96cfa638eb6ce9f6513b9d61080b895d270c405eacc310c709a613b6f61029c94f535ac5836b890be402ad2c52f01f7fd4bff8c0cc0cbea9720ef21c0bb41fb0726852a3c38563d917fdcca186dede6fbc83febd9edf0541382464ee378f7b8c9684df0d2402b07eb11dd4a886ab5e7299d99ea2686994746c2d9c00d95b02b2950d67f7978c6db5b379c4a3170239c414cf743bab866005366809690073a150e73c6866b9b335616acdbd3a8e651596dedb686b5d8d3eeb12df9d729' + 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001a382011a3082011630090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604146a9c74d1f8897989f65a94e989f1fac3649d292e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730130603551d25040c300a06082b0601050507030130390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101009cb57836c5e328cda4d58e204bd4ff0c63db841f926d53411c790d516c8e7fdaf191767102343f68003639bda99a684d8c76ad9087fbe55e730ba378a2e442e3b1095875361939c30e75c5145d8bdb6c55f5730a64061c819751f6e4aa6d1dc810fc79dc78aa7790ebaac183988e0c1e3d7ba5729597c7413642d40215041914fc8459e349c47d28825839dd03d77c763d236fc6ba48f95746f3a7b304d06b3c29d9d87666db0eacd080fb2d6bdebf9be1e8265b2b545fb81aa8a18fa056301436c9b8cf599746de81fddb9704f2feb4472f7c0f467fb7281b014167879a0ebda7fae36a5a5607376a803bec8f14f94663102c484a8887ba5b58ed04ee7cec0f' ); INSERT INTO certificate_identity ( @@ -79,7 +79,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( @@ -98,20 +98,20 @@ INSERT INTO private_key_identity ( INSERT INTO shared_secrets ( type, data -) VALUES ( +) VALUES ( 2, X'4172336574546e703031716c704f6762' ); INSERT INTO shared_secret_identity ( shared_secret, identity ) VALUES ( - 1, 3 + 1, 3 ); INSERT INTO shared_secret_identity ( shared_secret, identity ) VALUES ( - 1, 6 + 1, 6 ); /* Configurations */ @@ -125,13 +125,13 @@ INSERT INTO ike_configs ( INSERT INTO peer_configs ( name, ike_cfg, local_id, remote_id, eap_type ) VALUES ( - 'rw-eapaka', 1, 3, 5, 23 + 'rw-eap-aka', 1, 3, 5, 23 ); INSERT INTO child_configs ( name, updown ) VALUES ( - 'rw-eapaka', 'ipsec _updown iptables' + 'rw-eap-aka', 'ipsec _updown iptables' ); INSERT INTO peer_config_child_config ( diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf index 32e183aa8..d892e54ad 100644 --- a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf @@ -3,8 +3,8 @@ charon { plugins { sql { - database = sqlite:///etc/ipsec.d/ipsec.db + database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 fips-prf gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql eapaka + load = aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql eap-aka eap-aka-3gpp2 } diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index 0595de2f9..4d7891f5c 100644 --- a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index 0595de2f9..4d7891f5c 100644 --- a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index 0595de2f9..4d7891f5c 100644 --- a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf index 0595de2f9..4d7891f5c 100644 --- a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf index 0595de2f9..4d7891f5c 100644 --- a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf index 0595de2f9..4d7891f5c 100644 --- a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/ipsec.d/data.sql index 31c6bf81f..bb6a9ec80 100644 --- a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/ipsec.d/data.sql index e12ca449d..42082f400 100644 --- a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/ipsec.d/data.sql index 4f66841fa..35598e97d 100644 --- a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/ipsec.d/data.sql @@ -9,7 +9,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=strongSwan Root CA' */ - 202, X'ae096b87b44886d3b820978623dabd0eae22ebbc' + 11, X'5da7dd700651327ee7b66db3b5e5e060ea2e4def' ); INSERT INTO identities ( @@ -21,7 +21,7 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); INSERT INTO identities ( @@ -53,7 +53,7 @@ INSERT INTO certificates ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* C=CH, O=Linux strongSwan, CN=moon.strongswan.org */ - 1, 1, X'3082040d308202f5a003020102020103300d06092a864886f70d01010405003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3034303931303131313732355a170d3039303930393131313732355a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001a38201053082010130090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e04160414e5e410876c2ac4bead854942a6de7658303a9fc1306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d010104050003820101002f2f2921667aa576bb0c71b601dfa5b358a93e84e8a1af9754ddfbfc67879cb6c6b7833c5749e7c30b11a87b3549e105dda5d371c459f7d40fabd60c4ac8623924be84c96cfa638eb6ce9f6513b9d61080b895d270c405eacc310c709a613b6f61029c94f535ac5836b890be402ad2c52f01f7fd4bff8c0cc0cbea9720ef21c0bb41fb0726852a3c38563d917fdcca186dede6fbc83febd9edf0541382464ee378f7b8c9684df0d2402b07eb11dd4a886ab5e7299d99ea2686994746c2d9c00d95b02b2950d67f7978c6db5b379c4a3170239c414cf743bab866005366809690073a150e73c6866b9b335616acdbd3a8e651596dedb686b5d8d3eeb12df9d729' + 1, 1, X'308204223082030aa003020102020117300d06092a864886f70d01010b05003045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341301e170d3039303832373130303333325a170d3134303832363130303333325a3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001a382011a3082011630090603551d1304023000300b0603551d0f0404030203a8301d0603551d0e041604146a9c74d1f8897989f65a94e989f1fac3649d292e306d0603551d230466306480145da7dd700651327ee7b66db3b5e5e060ea2e4defa149a4473045310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311b3019060355040313127374726f6e675377616e20526f6f74204341820100301e0603551d110417301582136d6f6f6e2e7374726f6e677377616e2e6f726730130603551d25040c300a06082b0601050507030130390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e7374726f6e677377616e2e6f72672f7374726f6e677377616e2e63726c300d06092a864886f70d01010b050003820101009cb57836c5e328cda4d58e204bd4ff0c63db841f926d53411c790d516c8e7fdaf191767102343f68003639bda99a684d8c76ad9087fbe55e730ba378a2e442e3b1095875361939c30e75c5145d8bdb6c55f5730a64061c819751f6e4aa6d1dc810fc79dc78aa7790ebaac183988e0c1e3d7ba5729597c7413642d40215041914fc8459e349c47d28825839dd03d77c763d236fc6ba48f95746f3a7b304d06b3c29d9d87666db0eacd080fb2d6bdebf9be1e8265b2b545fb81aa8a18fa056301436c9b8cf599746de81fddb9704f2feb4472f7c0f467fb7281b014167879a0ebda7fae36a5a5607376a803bec8f14f94663102c484a8887ba5b58ed04ee7cec0f' ); INSERT INTO certificate_identity ( @@ -85,7 +85,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf index 29e2395e8..f66e8ba8a 100644 --- a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa-keyid/evaltest.dat b/testing/tests/sql/rw-rsa-keyid/evaltest.dat index ff52c91d9..941df6ac9 100644 --- a/testing/tests/sql/rw-rsa-keyid/evaltest.dat +++ b/testing/tests/sql/rw-rsa-keyid/evaltest.dat @@ -1,7 +1,7 @@ -moon::ipsec statusall::rw.*ESTABLISHED.*d7:0d:.*:ca:95.*98:5c:.*:d4:82::YES -moon::ipsec statusall::rw.*ESTABLISHED.*d7:0d:.*:ca:95.*f6:51:.*:ea:25::YES -carol::ipsec statusall::home.*ESTABLISHED.*98:5c:.*:d4:82.*d7:0d:.*:ca:95::YES -dave::ipsec statusall::home.*ESTABLISHED.*f6:51:.*:ea:25.*d7:0d:.*:ca:95::YES +moon::ipsec statusall::rw.*ESTABLISHED.*6a:9c:.*:29:2e.*1f:a1:.*:6e:7c::YES +moon::ipsec statusall::rw.*ESTABLISHED.*6a:9c:.*:29:2e.*ee:7f:.*:8e:0e::YES +carol::ipsec statusall::home.*ESTABLISHED.*1f:a1:.*:6e:7c.*6a:9c:.*:29:2e::YES +dave::ipsec statusall::home.*ESTABLISHED.*ee:7f:.*:8e:0e.*6a:9c:.*:29:2e::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.d/data.sql index bdb963542..f5d06eaba 100644 --- a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/ipsec.d/data.sql @@ -15,13 +15,13 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of carol@strongswan.org */ - 11, X'985c23660cd9b9a7554da6a4aa31ea02230fd482' + 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c' ); INSERT INTO identities ( type, data ) VALUES ( /* keyid of moon.strongswan.org */ - 11, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); /* Certificates */ @@ -29,13 +29,13 @@ INSERT INTO identities ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* carol@strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad510203010001' ); INSERT INTO certificates ( type, keytype, data ) VALUES ( /* moon.strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001' ); INSERT INTO certificate_identity ( @@ -67,7 +67,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of carol@strongswan.org' */ - 1, X'308204a30201000282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a063702030100010282010100a7870abc1f85c061858dd7baae24f61947abaa41f0e6bd85f9c83f28b175e980d0bc168f76cf6c199f18def3afbc4b40c0edb2d7accb3834cfc7bd57234d3c5de4b707ac737ea3478144255079761581f9cbdc41ff72809ad90ba069ad2ae7cf7057e29ee4f7a4e40c890c75de826c8768da16e9072af0bd1db6282902ade34cb1b9c3fdd00a8f0330328e18d477009ac5a43952fe05b7257b8b4e7f8f5288e858ef56ea3a031980d38b879e6327d949a8f3c19bf379c1297b3defc0a374a6ea6f1c0e8124247c33392ae446081f486f58bb41cbcba25915d37eefe0828408f7f679841588424ef59b6dee30805b926fa80e7ff57cb4817167ca72bf51c8cf9102818100da567b0cbbc426e4455ffdd1b8013644d9f47785b05b163a0155c81d57c0cd84fe73aa75125caf116de50b7adc369707ed91127db7d4422bb08cff5ddf91f4a0e5fb264e098fe6fe62f8a2ab933eeac41893f365d8165f79143855b5a5b7dc31c9b34a9d453ee7c8d7b24f89e3ed51bfeadc2e1102308a967b241dfb44c8ad6902818100d7dd78437c533a15fd1dd6b0634334e79c31d215017f5a8869e42cbada3fb09167585e087e72f91575441f7cca9a64246df57f0e45f1ae86a289a4307586aa1cc3cd069c65057cc3b0baac3634064e53179bde9af2531a5af2770a1d7ccbdc263f18299ad2ec0d224b718002633a546af74c7cac72ccdf253ab4370137bf829f02818063b2f5c15cc43716296fa9d167fa75b37eeb18e0dd24dac365f4abca6a55ca031ec5e6624b1e337afbf9890273282253267206458df9c8b5768b0bd8ebcc142e9c95d069f607d5ecf7789d9f473f85a841a8dd8df5dc518052715f01f14841ae22725271fa3abd5082de135fddca7277f660d05047f5ae73048bfb7ccf6deb7102818028b2b4ade48ebc70d0dc03521624e1a0992e3b71826ac462dbb40d4add430cc31d3ce7ddaa197b24b48b37748bae381b363006d8660f7edc1b60dff7d2f0a4b9efa0841290694c7088ad69327ef48167e1179e0c908b6278ab260e5e28dd36906f6cdacb39e10f48dbf8762dfd0f4e432c84db2c98285019f0cb7163656351f902818042a7d7d7f9416b3f3b50cf5815dfbc249cd3572e494c76d1ae99dc1e8bc63fbb32e5c18d5c4f90681e9046999cdcf0826f904350b9d67227f606382d9c7b3b1332d22744b2cefa691ab82dbec8e976a406b0902d0f4889392f80d39e2581ac42feed9085964650485e34811b04fa1f34c47cde5cbdd1d20f30111851a3c187ca' + 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad51020301000102820101008a86f560a12fd9b2c6b5646395b757db116b7108c1ebe399f3a43275f213d0f4b743a5fa9e1a0dee1823f6b30f984b3ecf0b20330e8aa7515d1adf7fe6915d1a0e17e6a0911cf4823ef5fe6adb8c6f3a86da86d9579f1b6dc622bd4320e79fc411e1a72360e4e1023ce8d60df2aa5cf3a420361ba5bc9b34f6d8e578fc8067aef457ff2a5a91f7c7c8a4f242cc46ab1cff18d6d1a4d8b82b5791df1f18a04b8cb2da235c3a795900fa7ffbbcb4b1d079a504673794eeca5e75c8c16ad2558965453515f57180b8dc518710aa874cd3bcdeddf109d5b553c27a351437f9c1bcdf8940f3ff8632dd59f6c8e01107b4bbf49c6c5409b6e9ecb29eada333800fa5d102818100f5537045d067df4d786df67e1cfea01ce3ca6de3f06be48efd8b4dc48c1ec19a711003875ee202343c851c8f970d2160a2e4d1108da6437af6bccfae803f61fc450582a89aa0906cba65fc7033aa584c1a2a17e96b2f368951aedaa5261f6e1c14999cfa7f4c4091890eff281cb4e6f37209f4b6d5778607caeca0a15137746d02818100d96e379ba5b4ed604d84a7ed71678a1f23391b749a697289bd3bee5d17985af89264f5ec35d3e37b1e44d6fdafec8a78ae199e0bb680f59f9800bb894ba5b31ee964f3ddc142f361835cf49a1edb75330f44f33c26c56e0752ae3fe0df760838b6437b99a131cb544d64da996baf3bc3f5709cc75f134b048cdebbf8bed1a5f502818017e2d8e2a34909cff432d8b62cc289fa661f7695a3fa0d55f2cfd67195a704f8b19b7a8c7aab8cc563431ea5c87249d6abe595898411352ecac9557b4b1760c5fc3e6e1b567addb5086d17a8210fabeb34fcf6390eeb98e6c3e23f7da6f99671fb7b7d725264ad40be548c796e5a1ac6874afaddb6691dceb26e59b17b43e7fd02818100ac90cb559f089fb56510b9eebba8bf78c30dd9fa8b6ad15afc738a551c1af1688357d9cea5520c2374fc91dd3a38f4159fa7f945b68d576458d18c0605a1f72dbb734211680768fea5b1aaf87f31122d7a1af12976640f55848b836b482f778afb2d47f5c077b2b6afce31a8be4c8f949141d54c6eeaf309237ccb973a6b4dd902818025ec4178c7f7c017c46a93fbdb72e2e3b199ae33c9fa6834f81b75b481cd6756124c744c821b126b07ea9852dc58de40cc87f160209d8af3b4bac4862778d3e21cbfdfcdbbfaad8911500f43a43041b88eefb27c66adfffeb9c8add95d1a4ed05f0bd81a4eda79fd4a0885a4a3bad0dcddecf83401c19df721d6cc7163c4125e' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf index 29e2395e8..ab0431b00 100644 --- a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.d/data.sql index fc7af4dec..2e9acf5f6 100644 --- a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/ipsec.d/data.sql @@ -15,13 +15,13 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of dave@strongswan.org */ - 11, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25' + 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e' ); INSERT INTO identities ( type, data ) VALUES ( /* keyid of moon.strongswan.org */ - 11, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); /* Certificates */ @@ -29,13 +29,13 @@ INSERT INTO identities ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* dave@strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001' ); INSERT INTO certificates ( type, keytype, data ) VALUES ( /* moon.strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001' ); INSERT INTO certificate_identity ( @@ -43,7 +43,8 @@ INSERT INTO certificate_identity ( ) VALUES ( 1, 1 ); -$INSERT INTO certificate_identity ( + +INSERT INTO certificate_identity ( certificate, identity ) VALUES ( 1, 3 @@ -66,7 +67,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of dave@strongswan.org */ - 1, X'308204a40201000282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b696228644502030100010282010100903fb9caa2d8cd5454974a0e12bfd1fad5750e95ac58e462954194c4fcfed690130844e1186d7a04df9a20e2d62f26d20ba17f8a6a990b6bb0a788a0d2b7527b654fc38adaf2372eaffc7b036178c4639e63a84042f02993c8ac25ddf6b43ad34413b396b0a5c2e05c8c274db1ee025bf5fa9ad7fb9d5e75ed044606974835c7fbc39ae84b80acaae9e9624e6fe8ac0ca318ad8a7d1c6ed3a79261464e6ebdb9c02ef20cb1c206c58718d542ed9cb1428c5c3cebbd58dc25598bbdd9924c75fdfeac881949e5f10a7dd4dc25800bdb4bd479ca0bfb706f25847361b2d2565a412813273691b4a3a5a814dce52cdbe25d626e6c9e000ecd6a75cac275187e265102818100e596d3ee25cd98563b12bf718c0ce7e7a823ae8c84f1021552b6b0bf220b7e012861510ab49d612fe7ba05a202edf4927201af0f33f4137481811f884fc46723f94db8ed69b283376f3141ad7e6f0f52afee60e537111c5bd94642564981a822e54edb6797521fb5870c772993ff517ea9c24adcd9dc502f1364d26a3f05ec4f02818100dd3f81e8a4f463488db2b048f2ef208c1c98ee136636b6449cbd3424c93ab25916908823a1ef3a23b4798c77f92a3e29b9469f8014c6b862e23ab5fe6000f9552de01f72c0a1fcc731b0867a3bf1d27596fc9da6ecd74931ce120b1687d2a67b4e4fb32b7fb750b46645aa38ab011a4d5fedd53d20e5ae3a4a5551b6cc5f5d2b02818100ba744b9954ca2bb59c341596398f21a7593de13bed9b6d7db3b6fac3befa6652ba608e588b6664cf6afa00291b07f5601986948d5c3c14b0c19c03e7c82051433dec890b06941b4ca1d8f6e5d7908a7934b7fba92b9791d86614513b9266e20db4fcdde2bb59ceb6b5fec1a7dab1b7958e786424082a8c542f03ea7eaec038b1028180055e2312b7ddce02d69d3d35a7df3154f4e4a8f2038ad44539e0454197383b5779faabb2e19ce236378cb361bdc3ce9a488a74183168d8d45d54bb519e96a775ef94fe6e544a19cde360bb02802dcfc356946e66bc5c44c456918d7f507045e5bbf2a710291b13742cff07b03445e49377fe572c127e4009ddffcfe9b56fa2dd02818040d41f525d885c951dca35924f46e4e7f4e43f4ea2e670230deb674884f5b8599a368b1647dd87523c4fdb62661f6543edecc9ce48d4a7b8b2a29de21fd438a9cf4823b92c85180b390c4f8dfbc196628d349fed1edd32cba5c063e2739d2153d3677d4815e55b8b4e9d0989b32cf0060de2ded4cd59edf6a4364cb55aff9276' + 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001028201010081e2de1d60f294f715c39d5e03f9b8e2ba4bc44099f77b917b67d76845eba48302714256982239021ba99918ce87d3ad3707ce248d1ccc5a4cb0fb61e7161c90b35a2637f0bb600d42f64cabfc64c58168d337b609344b81851a4471db8ce11e794c62d714af1bf13caa1d40408ef3a8e2a8bf04ed4a87a4a9be47f5becf3777d7254cf6ab0ff4f3e109235334796b030a1e03951a0ae64e224b3226a8e99174825eaa877efbc5cde0cd075687a9086f645654bda547f8927433f8eecd9ecfcb9b30ed6ff66bb4e5b7341f9626095798e279338e554045d0ae3ee94a1f10644ad88f10e7e7199923d45d5f8df2283859c3f4c41262426e654a04e895a21bb40102818100ea2e632ed6d314655c64eb6a18d4f492fea379ca091426bd7f381f1cbd7f1f79b73d694b9538ec693b245992f6a2a1b292279db9698eac40e43df3aa83b682ca5ab60ed07d02692e16c65cba91ee9aa9f768db2be9a1e0a213a93651a6886dcd35aa3f116ea73287a39a830cc2779bc02b9c8566c4cf8cd25ce99fa030ab965502818100d1ec351dafa33fff13a64c4a980a6f697735e705c1dc2a410b738210f4c059cd058579e4324d46e5bb0c1e6df4476d1a00206f66cf1be23645db193c69cbd04539f87e2b3f4617046031a1575a16a8e71b998844df2601d9d67958421f75c19943f53857b56a08583320b48a85def15b75c9ac5e4a232363824ab666b60ca0a102818100879dbf8083960fccb75a165f05ec658aaefe7aec3e9fb5e3adc611767263291632c0d4b699bf3261aa875d7c576a4d5bfd7a05c4375611792ef495a4dccc182819aa2f201c15065653882271454bb9b3ce7ca1d8675f80983bec95716990be8dc593471cd048f1614da4905a1650701934e85af4edeb083156ef50aad324bb5502818100814232ca9eb5a4d8499f2266e40bb8e275f708d3b0b502879ea777353d9f9b2bf4f46543affd896437b294a21bc24759b52e43aa4868e0f78e3804e80034f17f4edcc5c397686f0fd0b37ea72cdfbb0ce31fbc9abbd4c95afb0728e33e3fe1ff9faac510acb2278537a631c501fd6f1c6400d45412ce642207be3d662d3ec54102818055a928e09d9801f683ebb625e6ed97396ac1cd55b358d7aa06c8801759c2a51d517de1f88c537f532fea6cf563766d7818dc1de70b48d31c0102cad3562b7bf03a310b631428c22eabdc5555a90a5fc5310660a795d916ba1b57c09587f697d09dc092ac469e71f0e42fc6153c35ffe177898ea1e92aa6f28d3b86bfe30ad58c' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf index 29e2395e8..ab0431b00 100644 --- a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.d/data.sql index bb82bdac2..ee7586925 100644 --- a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/ipsec.d/data.sql @@ -27,19 +27,19 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of moon.strongswan.org */ - 11, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); INSERT INTO identities ( type, data ) VALUES ( /* keyid of carol@strongswan.org */ - 11, X'985c23660cd9b9a7554da6a4aa31ea02230fd482' + 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c' ); INSERT INTO identities ( type, data ) VALUES ( /* keyid of dave@strongswan.org */ - 11, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25' + 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e' ); /* Raw RSA public keys */ @@ -47,19 +47,19 @@ INSERT INTO identities ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* moon.strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001' ); INSERT INTO certificates ( type, keytype, data ) VALUES ( /* carol@strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad510203010001' ); INSERT INTO certificates ( type, keytype, data ) VALUES ( /* dave@strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001' ); INSERT INTO certificate_identity ( @@ -103,7 +103,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf index 29e2395e8..ab0431b00 100644 --- a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.d/data.sql index 7c7e5e095..bf086ad42 100644 --- a/testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-rsa/hosts/carol/etc/ipsec.d/data.sql @@ -15,13 +15,13 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of carol@strongswan.org */ - 202, X'985c23660cd9b9a7554da6a4aa31ea02230fd482' + 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c' ); INSERT INTO identities ( type, data ) VALUES ( /* keyid of moon.strongswan.org */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); /* Certificates */ @@ -29,13 +29,13 @@ INSERT INTO identities ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* carol@strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad510203010001' ); INSERT INTO certificates ( type, keytype, data ) VALUES ( /* moon.strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001' ); INSERT INTO certificate_identity ( @@ -67,7 +67,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of carol@strongswan.org' */ - 1, X'308204a30201000282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a063702030100010282010100a7870abc1f85c061858dd7baae24f61947abaa41f0e6bd85f9c83f28b175e980d0bc168f76cf6c199f18def3afbc4b40c0edb2d7accb3834cfc7bd57234d3c5de4b707ac737ea3478144255079761581f9cbdc41ff72809ad90ba069ad2ae7cf7057e29ee4f7a4e40c890c75de826c8768da16e9072af0bd1db6282902ade34cb1b9c3fdd00a8f0330328e18d477009ac5a43952fe05b7257b8b4e7f8f5288e858ef56ea3a031980d38b879e6327d949a8f3c19bf379c1297b3defc0a374a6ea6f1c0e8124247c33392ae446081f486f58bb41cbcba25915d37eefe0828408f7f679841588424ef59b6dee30805b926fa80e7ff57cb4817167ca72bf51c8cf9102818100da567b0cbbc426e4455ffdd1b8013644d9f47785b05b163a0155c81d57c0cd84fe73aa75125caf116de50b7adc369707ed91127db7d4422bb08cff5ddf91f4a0e5fb264e098fe6fe62f8a2ab933eeac41893f365d8165f79143855b5a5b7dc31c9b34a9d453ee7c8d7b24f89e3ed51bfeadc2e1102308a967b241dfb44c8ad6902818100d7dd78437c533a15fd1dd6b0634334e79c31d215017f5a8869e42cbada3fb09167585e087e72f91575441f7cca9a64246df57f0e45f1ae86a289a4307586aa1cc3cd069c65057cc3b0baac3634064e53179bde9af2531a5af2770a1d7ccbdc263f18299ad2ec0d224b718002633a546af74c7cac72ccdf253ab4370137bf829f02818063b2f5c15cc43716296fa9d167fa75b37eeb18e0dd24dac365f4abca6a55ca031ec5e6624b1e337afbf9890273282253267206458df9c8b5768b0bd8ebcc142e9c95d069f607d5ecf7789d9f473f85a841a8dd8df5dc518052715f01f14841ae22725271fa3abd5082de135fddca7277f660d05047f5ae73048bfb7ccf6deb7102818028b2b4ade48ebc70d0dc03521624e1a0992e3b71826ac462dbb40d4add430cc31d3ce7ddaa197b24b48b37748bae381b363006d8660f7edc1b60dff7d2f0a4b9efa0841290694c7088ad69327ef48167e1179e0c908b6278ab260e5e28dd36906f6cdacb39e10f48dbf8762dfd0f4e432c84db2c98285019f0cb7163656351f902818042a7d7d7f9416b3f3b50cf5815dfbc249cd3572e494c76d1ae99dc1e8bc63fbb32e5c18d5c4f90681e9046999cdcf0826f904350b9d67227f606382d9c7b3b1332d22744b2cefa691ab82dbec8e976a406b0902d0f4889392f80d39e2581ac42feed9085964650485e34811b04fa1f34c47cde5cbdd1d20f30111851a3c187ca' + 1, X'308204a40201000282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad51020301000102820101008a86f560a12fd9b2c6b5646395b757db116b7108c1ebe399f3a43275f213d0f4b743a5fa9e1a0dee1823f6b30f984b3ecf0b20330e8aa7515d1adf7fe6915d1a0e17e6a0911cf4823ef5fe6adb8c6f3a86da86d9579f1b6dc622bd4320e79fc411e1a72360e4e1023ce8d60df2aa5cf3a420361ba5bc9b34f6d8e578fc8067aef457ff2a5a91f7c7c8a4f242cc46ab1cff18d6d1a4d8b82b5791df1f18a04b8cb2da235c3a795900fa7ffbbcb4b1d079a504673794eeca5e75c8c16ad2558965453515f57180b8dc518710aa874cd3bcdeddf109d5b553c27a351437f9c1bcdf8940f3ff8632dd59f6c8e01107b4bbf49c6c5409b6e9ecb29eada333800fa5d102818100f5537045d067df4d786df67e1cfea01ce3ca6de3f06be48efd8b4dc48c1ec19a711003875ee202343c851c8f970d2160a2e4d1108da6437af6bccfae803f61fc450582a89aa0906cba65fc7033aa584c1a2a17e96b2f368951aedaa5261f6e1c14999cfa7f4c4091890eff281cb4e6f37209f4b6d5778607caeca0a15137746d02818100d96e379ba5b4ed604d84a7ed71678a1f23391b749a697289bd3bee5d17985af89264f5ec35d3e37b1e44d6fdafec8a78ae199e0bb680f59f9800bb894ba5b31ee964f3ddc142f361835cf49a1edb75330f44f33c26c56e0752ae3fe0df760838b6437b99a131cb544d64da996baf3bc3f5709cc75f134b048cdebbf8bed1a5f502818017e2d8e2a34909cff432d8b62cc289fa661f7695a3fa0d55f2cfd67195a704f8b19b7a8c7aab8cc563431ea5c87249d6abe595898411352ecac9557b4b1760c5fc3e6e1b567addb5086d17a8210fabeb34fcf6390eeb98e6c3e23f7da6f99671fb7b7d725264ad40be548c796e5a1ac6874afaddb6691dceb26e59b17b43e7fd02818100ac90cb559f089fb56510b9eebba8bf78c30dd9fa8b6ad15afc738a551c1af1688357d9cea5520c2374fc91dd3a38f4159fa7f945b68d576458d18c0605a1f72dbb734211680768fea5b1aaf87f31122d7a1af12976640f55848b836b482f778afb2d47f5c077b2b6afce31a8be4c8f949141d54c6eeaf309237ccb973a6b4dd902818025ec4178c7f7c017c46a93fbdb72e2e3b199ae33c9fa6834f81b75b481cd6756124c744c821b126b07ea9852dc58de40cc87f160209d8af3b4bac4862778d3e21cbfdfcdbbfaad8911500f43a43041b88eefb27c66adfffeb9c8add95d1a4ed05f0bd81a4eda79fd4a0885a4a3bad0dcddecf83401c19df721d6cc7163c4125e' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf index 29e2395e8..ab0431b00 100644 --- a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.d/data.sql index 9e7d6d5a3..cbd2ae2e0 100644 --- a/testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-rsa/hosts/dave/etc/ipsec.d/data.sql @@ -15,13 +15,13 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of dave@strongswan.org */ - 202, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25' + 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e' ); INSERT INTO identities ( type, data ) VALUES ( /* keyid of moon.strongswan.org */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); /* Certificates */ @@ -29,13 +29,13 @@ INSERT INTO identities ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* dave@strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001' ); INSERT INTO certificates ( type, keytype, data ) VALUES ( /* moon.strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001' ); INSERT INTO certificate_identity ( @@ -66,7 +66,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of dave@strongswan.org */ - 1, X'308204a40201000282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b696228644502030100010282010100903fb9caa2d8cd5454974a0e12bfd1fad5750e95ac58e462954194c4fcfed690130844e1186d7a04df9a20e2d62f26d20ba17f8a6a990b6bb0a788a0d2b7527b654fc38adaf2372eaffc7b036178c4639e63a84042f02993c8ac25ddf6b43ad34413b396b0a5c2e05c8c274db1ee025bf5fa9ad7fb9d5e75ed044606974835c7fbc39ae84b80acaae9e9624e6fe8ac0ca318ad8a7d1c6ed3a79261464e6ebdb9c02ef20cb1c206c58718d542ed9cb1428c5c3cebbd58dc25598bbdd9924c75fdfeac881949e5f10a7dd4dc25800bdb4bd479ca0bfb706f25847361b2d2565a412813273691b4a3a5a814dce52cdbe25d626e6c9e000ecd6a75cac275187e265102818100e596d3ee25cd98563b12bf718c0ce7e7a823ae8c84f1021552b6b0bf220b7e012861510ab49d612fe7ba05a202edf4927201af0f33f4137481811f884fc46723f94db8ed69b283376f3141ad7e6f0f52afee60e537111c5bd94642564981a822e54edb6797521fb5870c772993ff517ea9c24adcd9dc502f1364d26a3f05ec4f02818100dd3f81e8a4f463488db2b048f2ef208c1c98ee136636b6449cbd3424c93ab25916908823a1ef3a23b4798c77f92a3e29b9469f8014c6b862e23ab5fe6000f9552de01f72c0a1fcc731b0867a3bf1d27596fc9da6ecd74931ce120b1687d2a67b4e4fb32b7fb750b46645aa38ab011a4d5fedd53d20e5ae3a4a5551b6cc5f5d2b02818100ba744b9954ca2bb59c341596398f21a7593de13bed9b6d7db3b6fac3befa6652ba608e588b6664cf6afa00291b07f5601986948d5c3c14b0c19c03e7c82051433dec890b06941b4ca1d8f6e5d7908a7934b7fba92b9791d86614513b9266e20db4fcdde2bb59ceb6b5fec1a7dab1b7958e786424082a8c542f03ea7eaec038b1028180055e2312b7ddce02d69d3d35a7df3154f4e4a8f2038ad44539e0454197383b5779faabb2e19ce236378cb361bdc3ce9a488a74183168d8d45d54bb519e96a775ef94fe6e544a19cde360bb02802dcfc356946e66bc5c44c456918d7f507045e5bbf2a710291b13742cff07b03445e49377fe572c127e4009ddffcfe9b56fa2dd02818040d41f525d885c951dca35924f46e4e7f4e43f4ea2e670230deb674884f5b8599a368b1647dd87523c4fdb62661f6543edecc9ce48d4a7b8b2a29de21fd438a9cf4823b92c85180b390c4f8dfbc196628d349fed1edd32cba5c063e2739d2153d3677d4815e55b8b4e9d0989b32cf0060de2ded4cd59edf6a4364cb55aff9276' + 1, X'308204a50201000282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001028201010081e2de1d60f294f715c39d5e03f9b8e2ba4bc44099f77b917b67d76845eba48302714256982239021ba99918ce87d3ad3707ce248d1ccc5a4cb0fb61e7161c90b35a2637f0bb600d42f64cabfc64c58168d337b609344b81851a4471db8ce11e794c62d714af1bf13caa1d40408ef3a8e2a8bf04ed4a87a4a9be47f5becf3777d7254cf6ab0ff4f3e109235334796b030a1e03951a0ae64e224b3226a8e99174825eaa877efbc5cde0cd075687a9086f645654bda547f8927433f8eecd9ecfcb9b30ed6ff66bb4e5b7341f9626095798e279338e554045d0ae3ee94a1f10644ad88f10e7e7199923d45d5f8df2283859c3f4c41262426e654a04e895a21bb40102818100ea2e632ed6d314655c64eb6a18d4f492fea379ca091426bd7f381f1cbd7f1f79b73d694b9538ec693b245992f6a2a1b292279db9698eac40e43df3aa83b682ca5ab60ed07d02692e16c65cba91ee9aa9f768db2be9a1e0a213a93651a6886dcd35aa3f116ea73287a39a830cc2779bc02b9c8566c4cf8cd25ce99fa030ab965502818100d1ec351dafa33fff13a64c4a980a6f697735e705c1dc2a410b738210f4c059cd058579e4324d46e5bb0c1e6df4476d1a00206f66cf1be23645db193c69cbd04539f87e2b3f4617046031a1575a16a8e71b998844df2601d9d67958421f75c19943f53857b56a08583320b48a85def15b75c9ac5e4a232363824ab666b60ca0a102818100879dbf8083960fccb75a165f05ec658aaefe7aec3e9fb5e3adc611767263291632c0d4b699bf3261aa875d7c576a4d5bfd7a05c4375611792ef495a4dccc182819aa2f201c15065653882271454bb9b3ce7ca1d8675f80983bec95716990be8dc593471cd048f1614da4905a1650701934e85af4edeb083156ef50aad324bb5502818100814232ca9eb5a4d8499f2266e40bb8e275f708d3b0b502879ea777353d9f9b2bf4f46543affd896437b294a21bc24759b52e43aa4868e0f78e3804e80034f17f4edcc5c397686f0fd0b37ea72cdfbb0ce31fbc9abbd4c95afb0728e33e3fe1ff9faac510acb2278537a631c501fd6f1c6400d45412ce642207be3d662d3ec54102818055a928e09d9801f683ebb625e6ed97396ac1cd55b358d7aa06c8801759c2a51d517de1f88c537f532fea6cf563766d7818dc1de70b48d31c0102cad3562b7bf03a310b631428c22eabdc5555a90a5fc5310660a795d916ba1b57c09587f697d09dc092ac469e71f0e42fc6153c35ffe177898ea1e92aa6f28d3b86bfe30ad58c' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf index 29e2395e8..ab0431b00 100644 --- a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.d/data.sql index 95dbc6e3d..545708e67 100644 --- a/testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/rw-rsa/hosts/moon/etc/ipsec.d/data.sql @@ -27,19 +27,19 @@ INSERT INTO identities ( INSERT INTO identities ( type, data ) VALUES ( /* keyid of moon.strongswan.org */ - 202, X'd70dbd46d5133519064f12f100525ead0802ca95' + 11, X'6a9c74d1f8897989f65a94e989f1fac3649d292e' ); INSERT INTO identities ( type, data ) VALUES ( /* keyid of carol@strongswan.org */ - 202, X'985c23660cd9b9a7554da6a4aa31ea02230fd482' + 11, X'1fa1a988d9648cb5a0a2546439b4f23d745d6e7c' ); INSERT INTO identities ( type, data ) VALUES ( /* keyid of dave@strongswan.org */ - 202, X'f651b7ea33148cc5a76a622f1c1eb16c6bbdea25' + 11, X'ee7f38daeea1b81a41777f78f2674be8439d8e0e' ); /* Raw RSA public keys */ @@ -47,19 +47,19 @@ INSERT INTO identities ( INSERT INTO certificates ( type, keytype, data ) VALUES ( /* moon.strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c2870203010001' ); INSERT INTO certificates ( type, keytype, data ) VALUES ( /* carol@strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100b81b84920408e086c8d278d3ad2e9ffc01b89e8c423b612b908010f8174ff96f6729e84b185fb96e60783082c507ace9d64f79beb0252e05e5f1f7a89a0b33e6789f5deb665084cb230191c165bcad1a34563e011b349bb6ab517f01ecf7e2f4de961d36203b85e97811cb26b650cfd014d15dd2d2b71efd656e5638a24bf70986b8128bbae5f3b428d6360e03d3f4e816502e3d1d14d7165ab1a92a9fe15ef045d4e48ff5bd798ec80c9420962c9a9798b54a0ed2a00cf2c9651d7d9882e181c1ef6b1c43edcada2fd191e109962dbd26f38a00208c1ac3ed27a5924c60330c79878eb5c7a90960a6472f979aca9c5aee2bb4d0aed395b546c5e361910a06370203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100d05d594f8117bc78972a3ec479ebe1400e53cf72410b93e6f74fa17cf1ea444fb23600bae92d81747e49a2e4407c3f6118033d22a3e67ce69a53907ffad646bfbc3b6abe0bdd9a5080a690dbd919a9a8e70d9694e319e93e5d9361eff9033ac53fc6cd6c95af574c62effbb72c03d41c3b696fc7aa4444483bbaabde555aef8bce0e9797108d11ecf462c66b37f7c2e812f6ab3280a8c05b207156f0e3a787e9c4638205e40ce466716bc35d8623bd99f3cda9c3dee5c8ac19852cff18c405049c7eae735dc393f5209c13946e4f51da030ad7bf31caf58a203eccea2fc79e71d46a06c5dba85d65397a0adfd4cb5a9517fd3dcf17af8ab7584293026b19ad510203010001' ); INSERT INTO certificates ( type, keytype, data ) VALUES ( /* dave@strongswan.org */ - 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c66c299463a8a78abef5ffa45679b7a070b5139834b146aa5138d0f1d8845412e112e4429ceeab23473e395e8aa38b2c024118d85b7ddf504118eabedf9c793bd02c949d6799cabeefe03ff62e304ddec98313afd966bcf13f1fb1a619548a060e17fbede205225b574e679adc9f11bdf9e36b48bea058d360d62b8445f9524db98757a4d59865363c675d28667a5dfa967dd03eea23a2dbea32ab0e9a1f8bb885f5e12723113843a12dd00552fcd4f548b31174aab2610e4a8752f6fca95494584db65cc7bd1ef50ee0d8c8211efb5063a995801cc0c1a903042b7ff7c94094a0de5d7390a8f72a01949cd958c6f2012692bd5dba6f30b09c3c0b69622864450203010001' + 6, 1, X'30820122300d06092a864886f70d01010105000382010f003082010a0282010100c007f2536f0558e68345d3ef017a175b73434e797f9b97448e720a5985aea76cc0503b8d63b4e239af95db83db0af65f8360e9d941912c121215643a0af32188fc520413e81645ff8e2e623c9362be1b57649530bf54fdad6563106105ace949d7de2895a4771c237090aaa2567bd7d9b08b2ad09f63f61bba87d7462046e89fa4570cb3c8e4322220a737af48c31cd0ec2140f3723b94742c4a14232e1d409f6b53c18aaa63e693fa5d3d06808e948db8273563d33dbd9ac44ecfd71e60426570885898b3e5538767eaf4ef713719e7fd89b32e4e3f60d972ef1617437d4dba14af4691fb8ec275a78552bae9d8aaf71c3d42aca793ef0ad09e1af353daab750203010001' ); INSERT INTO certificate_identity ( @@ -103,7 +103,7 @@ INSERT INTO certificate_identity ( INSERT INTO private_keys ( type, data ) VALUES ( /* key of CN=moon.strongswan.org' */ - 1, X'308204a30201000282010100afae2e109ac0a71b437b6f1a9e5194d085c999fe2c8de11b261f016c88e734eb1a6767b15bc7d8338bf3acc14e8a18bf857fd3dfbce637e9b0d3654f15d9068bdf4450517cf72651be8d4c8ff738ea961b2f5584bf7089afaa0a37b94910d18083bf649a7d395a41f04e68f14494d10ffc7d984a2c81e97f3421c1ec38c629b2456a3d8f3bf3915e86317ea71bb24422bef475e677e8967670b4f6ee2a80a45adcbd086a6537ab5fc12bf69f9072b620020de1880cec6cdea47543d1fec4c5ff547ac2447a1e210d9c128dc3337726eb63d5c1c731aa2c63ce175dbc8ebfb9c1e5198815be473781c3f82c2b59d23deb9739dda53c98d31a3fba57760aeaa89b0203010001028201004080550d67a42036945a377ab072078f5fef9b0885573a34fb941ab3bcb816e7d2f3f050600049d2f3296e5e32f5e50c3c79a852d74a377127a915e329845b30f3b26342e7fcde26d92d8bd4b7d23fdf08f02217f129e2838a8ce1d4b78ce33eaa2095515b74b93cc87c216fa3dc77bdc4d86017ababaf0d3318c9d86f27e29aa3301f6d7990f6f7f71db9de23ac66800ba0db4f42bbe82932ca56e08ba730c63febaf2779198cee387ee0934b32a2610ab990a4b908951bb1db2345cf1905f11aeaa6d1b368b7f82b1345ad14544e11d47d6981fc4be083326050cb950363dad1b28dbc16db42ec0fa973312c7306063bc9f308a6b0bcc965e5cb7e0b323ca102818100e71fffd9c9a528bdcb6e9ad1a5f4b354e3ea337392784aac790b4fba7f46b3b58d55965573f6493b686375cf6a0c68da9379434b055b625f01d64a9f1934cb075b25db5ef568325039674d577590b5ec54284842e04c27c97103a151805c9b620a3df84181e3a0c10752a7da6cac9629471a2bc85b32c3a160f3a8adf2d783d302818100c2968f5baf0d246bb9671b1dcfadab3a23cd6f9f1cba8c4b0d9b09d6c30a24eec174f22a4d9d2818d760b79a61c9cdd1381487723a99773a629b58171a6e28706bf083700f35037a0cb0649c9359987ccf77b44b4b3d94c614c74537c7025b503dc9967095411ecaec4b4427bc39dd5dfccbb8bab5d92e9465ab11e5e05d7319028181008b306e388e837461b89dc786f256c7991c18f31b6ade1eba77bb242cc071a7d0726954bbe9b62cac26559fa165d04b6536e3146f9dae4733c83b717d1705003051e81e90b56226cac18740c0a7009b4ed3efde74c7f7950e6f8d2c1d951c30477ebb8b428822b9b105e3f54a49a0365e6d7f895683f5b273019c3bbd663dfc190281807f5def6e12b1a682407405a2c8ba2356c5f2853a7fa2778bf4d6e364c87b4e5b5d138023427438b7b1da63b35088b808570dd0ee6afee2b4bbb074c382905235ebe11d176f4cc2fed3696e21b2ad358b947d04ed37cd9220e99ed966be0383e38cddf373b3ae514a7fca704d15fe46306bf4a8f0c570e7f5486ae6273269d89902818031055903f23c7db8da8951aad134c83a7ca951c48c9a7b994f36d9815bc82c80527b6da8e4beff9fee67b1fde5064719a40448bd6d70d9da8910122402835a328e74cfd34e8b568c29fae6ff831ef824fc825e609547a06052a4113ec09f00649bb7b7d195a773f11711c88f152b10a1b4ae58bb6d8bfc176e39f96c7c0de5c8' + 1, X'308204a30201000282010100ca2f633dd4bbba0586215b15a0312f73f533124f0b339b9ae13bb648b02b4c468e0f01e630fbef92197b7708f5dbffea7e496286966d75acf13bd5e4377a1821d82de102eadf9963b489041a0b0f9f76b79e2150aa39020e3fa52a677dbb879c986291e4f1542fe2f0494e9c5c954d4faa75a17aa7b56652f1b16efbdcb46697f7d0b7f520bc990205365938d2cd31f2beed30e761a56c02d9dc82f0cdefc9d43447b6a98f7628aed2ac127a4a9504838f66e7517e5e0b0672c8165474bce689f73a6fc6e3c72b2c45498ddbbc0b17b04915606fe94f256cc777c42c534560ffbbe5aacdd944cc8db4d2abaf8a294af55b03a6a01a54d78430ab78389753c287020301000102820100204507f5ea6a3bfa7db9fd2baa71af3d36b97c0699a71702d5480e83f37a35a65d2e10038975ec7ac90e67a54a785e9432abcbc9e7607913ad3cfb9a7d304381c35b2f3aa3fa242541bf4ca44b77a6dfefd69142aaa886a777890907938dc6cb3b971fea068a854a1747dc0020d6c38c1f8cbec530d747099e01cfd0eb1ceff2b077bd07aaef4989b75594614b16a778891a2e490369d2a9571ddf5cd165331638a8a3c96184a8259eb588caab3bbfab9c0f77b66c830ecf0f294dc1b67a5f36b75e3e095e247864f19ab212fdbf34e0925316ca13c342b4ba464ecf93d2a8e39eee24dd63dddd938101a9f4b8f0de90765e1c1fda5c62e161cc712794aeaea102818100f85d60a6990447926da1ab9db7f094a5d435b11f70c5fef9541a89e05898001190cfdc651b8a23ccbfe8e7bdacd225776f01699d06be5ae5abc4690fe99b81fd9f369e973437fbcba2efdbe1dc6f8389fb2be78e3847f4f05323b2c7b6b6a4c85ca0aa72642747434f4358f0baf10ab173f9c3f24e9674570179dde23c6c248d02818100d06693eb5c92b6d516f630b79b1b98ea3910cbc4c442a4779ce16f5b09825c858ea4dfcc4d33eeb3e4de971a7fa5d2a153e9a83e65f7527ca77b93efc257960eadd8ce5b57e590d9189e542652ae3677c623343a39c1d16dbef3069406eaa4913eeba06e0a3af3c8539dbd4be7d9caf3ccd654ae397ae7faa72ba823e4b0206302818100ef2bc4f249f28415ef7b3bafd33d5b7861e61e9e7f543c18d0340a4840288810625ab90ba8bc9b8305dffca27c75965cf049f4f1a157d862c9c987bf2a2075cacdf2a44049aa0bd16b23fea3ff4a67ea8d351774aea024b0f5ef2fb00134db749336a94d254369edd8bbab3f8f56a60c82f9a807844480de746e6e0cfa50cdd50281807b32d8e93fadc00612eff176e96c14270b1b41cb0dd6f3d17e5dcaedbf9e6041d844e1c4ae33303f0ae307e2f3693d2e8023d68124d863dc2b4aa3f70e25a7210066f5ff0be43b900bbcb5b47e165d3ecb544e70c96a29fbbdf17f870cdbb3f3e585782ef53f4a94b7d1bd715d1be49de20f26ba6462a3370b928470cba5cf4f028180324ffacf705e6746f741d24ff6aa0bb14aad55cba41eb7758e6cc0d51f40feac6b4a459ce374af424287f602b0614520079b436b8e90cde0ddff679304e9efdd74a2ffbfe6e4e1bd1236c360413f2d2656e00b3e3cb217567671bf73a722a222e5e85d109fe2c77caf5951f5b9f4171c744afa717fe7e9306488e6ab87341298' ); INSERT INTO private_key_identity ( diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf index 29e2395e8..ab0431b00 100644 --- a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql } -- cgit v1.2.3